在历史上水银认证信息 [英] Mercurial authentication info in history
问题描述
我有一个中央Mercurial库,其配置为使用HTTPS和要求身份验证克隆-推挽变化。开发者对他们的计算机上自己的资料库。他们配置其本地设置自如,例如添加部分像
I have a "central" Mercurial repository, which configured to use HTTPS and requires authentication to clone-pull-push changes. Developers has their own repositories on their computers. They configure their local settings freely, and for example add section like
[ui]
username = anyname
他们的地方mercurial.ini文件。
to their local mercurial.ini file.
当用户试图改变他推到中央资料库,他认证,但认证信息不会存储在水银。水银存储在本地配置的用户名作为中央存储库版本作家。所以我找不到谁真正在做中央存储库的变化,但我强烈希望这样做。水银开发商不关心它,并认为这种行为是正确的。
When a user try to push his changes to the "central" repository, he authenticates, but authentication info is not stored in Mercurial. Mercurial store locally configured username as revisions author in central repository. So I cannot find who really made changes in central repository, but I strongly wish to do it. Mercurial developers does not care about it and consider this behavior to be correct.
不过,我想保持接近变更认证信息。我想做到这一点的最好办法是增加一个额外的多场修订说明,如推id和存储有认证数据。
But I want to keep authentication info near changesets. I think the best way to do it is add one more additional field in revision description, like "pusher id" and store there authentication data.
扩展,我发现没有实现类似的功能。你能给我一些第三方扩展,挂钩信息,或者只是code模板或想法怎么办呢? (我是绝对新的Python)
Extensions I found do not implement similar functionality. Can you give me info about some third-party extensions, hooks, or just code templates or ideas how to do it? (I'm absolutly new in Python)
推荐答案
这使水银开发商(像我一样)拒绝这是变更为一成不变的根本问题。这是不可能的服务器,以他们的当推额外的信息添加到的变更。
The fundamental problem that makes Mercurial developers (like myself) reject this is that changesets are immutable. It is impossible for a server to add extra information to the changesets when they are pushed.
更具体地说:一个是变更确定的是变更的散的。该散列是基于变更包含的所有信息,例如用户名,日期,提交消息,并且变更自身计算的。你不能改变这个任何部分,也没有改变changset哈希 - 否则存储库的完整性被破坏。
More concretely: a changeset is identified by it's changeset hash. This hash is computed based on all the information the changeset contains, such as username, date, commit message, and the change itself. You cannot change any part of this, without also changing the changset hash — otherwise the integrity of the repository is destroyed.
这让你的安全以防止意外的服务器上所做的更改(或恶意的!):如果Alice和Bob谈变更X,那么他们可以确信他们真正的意思是一样的。如果服务器(或其他人)可以改变一个变更的内容,而不会影响ID,然后Alice和Bob不会保证X的真正含义相同
在这两个仓库的东西。这个属性当然也同步资料库时,水银的工作方式的基础。
This gives you security against accidental (or malicious!) changes made on the server: if Alice and Bob talk about "changeset X", then they can be sure they really mean the same thing. If the server (or someone else) could change the content of a changeset without affecting the ID, then Alice and Bob would not be guaranteed that "X" really means the same thing in both their repositories. This property is of course also fundamental to the way Mercurial works when synchronizing repositories.
您有两个选项:
-
您可以让服务器的拒绝推如果爱丽丝试图推动与鲍勃在名字的变更。这也可以使用服务器上的
pretxnchangegroup钩来完成。它会检查HG_SOURCE环境变量,并验证列出的用户也有所有的提交者HG_NODE之间被推变更和提示。
You can let the server reject a push if Alice tries to push a changeset with Bob's name in it. This is can be done with a
pretxnchangegrouphook on the server. It will inspect theHG_SOURCEenvironment variable and verify that the user listed there is also the committer of all pushed changesets betweenHG_NODEandtip.
您可以让服务器的登录推进。这被称为pushlog。 Mozilla项目使用一个和源的似乎是这里。在那里,你做对谁推你的服务器存储的信息。这是在登录一个小数据库中的必要信息的 changegroup 挂钩完成。
You can let the server log the pusher. This is called a "pushlog". The Mozilla project uses one and the source appears to be here. There you make your server store information about who pushed what. This is done in a changegroup hook that logs the necessary information in a small database.
如果你想有一个推日志,然后看看的 卡利塞 的,它内置了这个功能。卡里地亚是一般举办的Mercurial库的好方法!它比更多的功能正常 hgweb CGI脚本。
If you want a push log, then take a look at Kallithea, which has this functionality built in. Kallithea is in general a great way to host Mercurial repositories! It has much more functionality than the normal hgweb CGI script.
这篇关于在历史上水银认证信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
