Mercurial - How to disable push

2019-07-18 18:35发布

问题:

I am trying to find if there is an easy way to make a mercurial repository read-only. The user should be able to clone, but no pushes should be allowed. I need to do this for all my repositories which is more than 100.

回答1:

You can do this like this in .hg/hgrc:

[hooks]
prechangegroup = false


回答2:

This depends on how you're publishing your repositories but here's a few things you can try, depending on this:

  1. If you're publishing your repositories on network shares or mounted volumes, simply set access rights on the mercurial folder in such a way that they only have read access to the folder and its files
  2. If you're publishing your repositories using any of the available http server options, like hg serve or any of the 3rd party websites you can install, make sure you set up users that doesn't have write/push access
  3. If you're publishing your repositories using any of the online cloud-based solutions, like bitbucket, kiln, etc. then simply don't hand out push access to anyone that shouldn't have it, again you can set up users and access specifically


回答3:

Make them available over http only (hg serve, kallithea,...) and don't give them login credentials.



回答4:

You have a lot of repos, their URLs are known and have already been used to clone them, and you just decided you want to turn off push access to them. Is this about right?

If the repos are accessed over ssh, you can do it by simply reassigning ownership of the repo files to a new account, with free read access but no write access by other users. The file locations stay the same, the current access credentials remain valid, but pushing to the repos is no longer possible.

If you're on a unix system, you can probably do everything in bash with a for loop and chown -R. If you're not... good luck. Give us more information about your configuration, and one of the approaches proposed in the answers will fit best.



回答5:

For disabling push over http or https, you can try one of the following in your hgrc file. Note, this doesn't disable pushing over the filesystem.

allow_push

Whether to allow pushing to the repository. If empty or not set, push is not allowed. If the special value * is used, any remote user can push, including unauthenticated users. Otherwise, the remote user must have been authenticated, and the authenticated user name must be present in this list (separated by whitespace or ","). The contents of the allow_push list are examined after the deny_push list.

[web]
allow_push =

deny_push

Whether to deny pushing to the repository. If empty or not set, push is not denied. If the special value *, all remote users are denied push. Otherwise, unauthenticated users are all denied, and any authenticated user name present in this list (separated by whitespace or ",") is also denied. The contents of the deny_push list are examined before the allow_push list.

[web]
deny_push = *