We do both for onnv-clone.
Although technically it is {REPO}/.hg/store that Mercurial looks
at for creating new files in the store (it uses that as a kind of umask).
But its best to make sure everything in and including .hg can't be
written to by group or other. But with default umask of 022 that
should be what you have anyway. Anybody can pull from your
repo but only you can push.
For the hook you are better attaching to "prechangegroup".
"pretxnchangegroup" will let the change in, then run the hook,
then rollback the change. Opening you up to somebody doing
an `hg pull` before it gets rolled back. "prechangegroup" on
the other hand will reject before even looking at the cset(s)
they are trying to push.
The reason we do both is that the permission check gives
an incomplete and non-intuitive message about aborting.
So if a user does trust our hooks they get something more sensible
explaining what they did wrong. If not they still can't push.
-dvd
Tushar Desai wrote:
> Dan Mick wrote:
>
>> Tushar Desai wrote:
>>
>>> Dan Mick wrote:
>>>
>>>> I want to make a repo be pull-from-only (readonly, in essence). Is
>>>> the best/most-complete way to make .hg/ nonwritable?
>>>>
>>>>
>>> The below is what we did to accomplish what you want to get done
>>>
>>> add the below in .hgrc
>>>
>> But doesn't this require the user to opt in by trusting the hgrc?
>>
> yes
>
>
>> It's my understanding that hooks are useless without optin.
>>
>>
>>> [hooks]
>>> pretxnchangegroup.deny.lock = path to the lock script (say
>>> /pathto/foo_lock)
>>>
>>>
>>>
>>> foo_lock would look like below
>>> #!/bin/ksh -p
>>> if [[ -n $READ_ONLY ]] then
>>> print "You do not have write access." 1>&2
>>> exit 1
>>> fi
>>> exit 0
>>>
>>> Thanks
>>> Tushar
>>>
>>>> _______________________________________________
>>>> scm-migration-dev mailing list
>>>> scm-migration-dev at opensolaris.org
>>>> http://mail.opensolaris.org/mailman/listinfo/scm-migration-dev
>>>>
>>>>
>
> _______________________________________________
> scm-migration-dev mailing list
> scm-migration-dev at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/scm-migration-dev
>
