Tryton - Issues



Title Replace mercurial-server by hg-ssh
Priority urgent Status chatting
Superseder Nosy List ced
Type feature request Components
Assigned To Keywords

Created on 2020-03-15.11:57:57 by ced, last changed by ced.

msg59883 (view) Author: [hidden] (ced) (Tryton committer) (Tryton translator) Date: 2020-08-30.00:33:05
Indeed I think the best option would be to make openssh listen on another port and to use an iptable rule to redirect port 22 to the default hgkeeper port.
This is because very few people have an real ssh access to the machine and developers will not have to change their setup.
msg59758 (view) Author: [hidden] (ced) (Tryton committer) (Tryton translator) Date: 2020-08-16.22:42:34
hgkeeper has its own ssh service. So this means it must listen to another port than the standard 22 if we still want to have ssh access to the server.
Indeed I think the best option would be to have a second IP address on the server. Unfortunately the kimsufi service does not allow to add extra IP addresses. Anyway, we need to change the service because it is old, it does not have raid so we could get a VPS at OVH which allow to have multiple IPs.
msg58781 (view) Author: [hidden] (ced) (Tryton committer) (Tryton translator) Date: 2020-06-18.11:41:55
This may be an alternative:
msg56271 (view) Author: [hidden] (ced) (Tryton committer) (Tryton translator) Date: 2020-03-15.11:57:55
mercurial-server does not seem to be maintained anymore and it has no support for Python3 (it will be masked on Gentoo in 30 days). I think it will be better to use hg-ssh. For that we need:

* update tryton-tools/ to generate a proper .ssh/authorized_keys for user hg.
* patch (and propose upstream) to set HGUSER environment per key like I did for mercurial-server [1] to support acl.

Date User Action Args
2020-08-30 00:33:06cedsetmessages: + msg59883
2020-08-16 22:42:34cedsetmessages: + msg59758
2020-06-18 11:41:56cedsetstatus: unread -> chatting
messages: + msg58781
2020-03-15 11:57:57cedcreate

Showing 10 items. Show all history (warning: this could be VERY long)