0

I'm currently working to migrate an existing project of ours from svn to mercurial.
I need to find a solution to the following use case:
A build server currently exists that grabs an svn repository via "svn export" over http (locally on the LAN). This obviously doesn't require user/password to be supplied.
Then the project is built, packaged, and copied as binary to a designated storage, while the unversioned copy is discarded.

All I could find in Mercurial as equivalent is "hg archive" which requires me to clone the repository first and thus supply credentials.

Is there any way to get an unversioned copy of a repository without supplying credentials?

Thanks for your help.

EDIT: Forgot to mention, server unfortunately runs a windows machine.

shayst
  • 267
  • 4
  • 14

3 Answers3

0

You need to revise your method. Doing the equivalent of an export, or even cloning the repo over and over again is not necessary with mercurial, and is a waste of time.

Instead, clone once, and only pull and update when triggering a build. The whole repository remains in your workspace, and pulling ensures you get the latest revision in your repo. Once your repo is up-to-date, you can update to any revision you want. With the update, it is also possible to clean your folder, if you want to replicate the old behavior. While cleaning up your workspace is not mandatory, it might be a good practice to do so for your build server.

If this solves your password issue, then you don't need to look any further. If you still need some information on how to provide credentials during pull, however, read this question/answer.

EDIT: So you still need read-only access for the build server, and in that case, you will need to resort to a different server for you mercurial repo. Rhodecode offers some option for this, read this.

Community
  • 1
  • 1
Vince
  • 3,497
  • 2
  • 19
  • 15
  • Thanks, but what I'm asking is not "Can I set automatic credential". I don't want the server to have any write access to the repository. I don't think saving any password for automatic operation is a good security practice, and this server must not commit/push to the repository (be it local or remote). Is there a way to do that? – shayst May 04 '14 at 05:54
  • Are you not in control of your build server? Why would you have less secure access to your build server than on your repo? – Vince May 04 '14 at 11:52
  • To access the server I have to enter credentials manually, or access a web interface for read only info. I don't wish to have the password stored somewhere. Since this is a windows machine, my options are quite limited. – shayst May 04 '14 at 12:58
  • Thanks, but it's not code I can post on an online server. I need to find a way to tweak our internal mercurial server. – shayst May 04 '14 at 14:08
  • Rhodecode is not a hosting service, it's a downloadable server application. – Vince May 04 '14 at 14:16
  • Thanks, I checked it out, I don't think I can persuade my manager to accept such an expense over a SW for this purpose. – shayst May 13 '14 at 14:17
0

"svn export" over http... This obviously doesn't require user/password to be supplied.

WTF?! "Obviously"??? RLLY?! You can export only because anonymous RO-access to SVN-repo was specially enabled

Is there any way to get an unversioned copy of a repository without supplying credentials?

Yes. But it must be configured on the source Mercurial-repository side, if you don't manage it (or can't request changes) - you FAIL

Preface

  • You can svn export URL without authentication just because some operations in repo (or in some it's parts) was enabled for anonymous users
  • Subversion is CVCS, Mercurial is DVCS (thus - you can perform with remote URLs only minimal set of commands, hg archive isn't in this list)

Face

  • In any case, you must clone repository into local mirror before performing archiving
  • It can be one-time action (less overhead on later syncs) or performed every time
  • Anonymous read-only access have to be configured at source repository side. In case of using hgweb+Apache for http-repositories read "3.6.3.2. Restrict pushing to known users" from "Publishing Mercurial Repositories" wiki-page
  • Even (special) authenticated user isn't big problem: with ACL extension user will get read access to (part of) repository without write access, user's credentials may be stored in (local) clone inside hgrc file
Lazy Badger
  • 94,711
  • 9
  • 78
  • 110
  • Thanks for your comment. Allow me to clarify: When I say "obviously", I'm referring to the context of my question, i.e. why would I ask a "no password" access if currently I am using a password. Can you give some more info on how to setup anonymous RO access? I'm checking your links, if you can focus it a little more it would be great, Thx – shayst May 04 '14 at 11:36
  • @shayst - in case of Apache ` Require valid-user ` do the trick - all operations except clone|pull must be executed by known user, clone|pull will not require authorization (I don't know, how this directive can be translated into IIS) – Lazy Badger May 04 '14 at 11:51
  • I'll check which server we're running. Mercurial itself runs on a centos machine, so there's hope :D – shayst May 04 '14 at 13:00
  • Heh no luck, I don't have access to change the http server config :( – shayst May 10 '14 at 15:53
0

In a terminal on the Mercurial server type hg serve this will start the mercurial server and inform you of the url that is being served from.

You can then fetch a zip of the files that you have in the current repository from the_url/archive/tip.zip and proceed accordingly.

You could also seriously consider giving the build server read access to the repo and just cloning the repository then doing a pull. You can also look at using post commit hooks to send a message to the build server to start the build.

Assuming that you have a username of BUILD_SERVER for the process that does your builds you can simply set in the repositories configuration, (.hg/hgrc), that that user has no write permissions with:

[acl.deny]
# This list is checked first. If a match is found, acl.allow is not
# checked. All users are granted access if acl.deny is not present.
# Format for both lists: glob pattern = user, ..., @group, ...
** = BUILD_SERVER

You can then have the build server use hg pull and hg up -C to get your code, including specific revisions with hg up -r, with no risk of your build machine doing commits. See here for more details on acl.

Steve Barnes
  • 27,618
  • 6
  • 63
  • 73
  • Interesting, I will try it. Just out of curiosity, is there a way to get the zip of a specific revision? – shayst May 10 '14 at 15:54
  • If you click on Graph then on a specific revision you will find that the zip tab points to a different .zip file, named for the change set ID. – Steve Barnes May 10 '14 at 16:50
  • Thanks for your answer. Unfortunately hg serve is not suited for my needs. For example it will require me to have this command active 24/7 which is not recommended from what I read, and will also require me to do for every repository I want the auto builder to access (there are quite a few) etc... – shayst May 13 '14 at 14:14
  • @shayst I have added details of using the acl extension to restrict write access from the build server. – Steve Barnes May 14 '14 at 07:33
  • Thanks, seems promising. I'll get back to this task soon and I'll check your suggestion. – shayst Jun 26 '14 at 10:15