How to clone a mercurial repository over an ssh connection initiated by fabric when http authorization is required?

StackOverflow https://stackoverflow.com/questions/3024520

  •  26-09-2019
  •  | 
  •  

Question

I'm attempting to use fabric for the first time and I really like it so far, but at a certain point in my deployment script I want to clone a mercurial repository. When I get to that point I get an error:

err: abort: http authorization required

My repository requires http authorization and fabric doesn't prompt me for the user and password. I can get around this by changing my repository address from:

https://hostname/repository

to:

https://user:password@hostname/repository

But for various reasons I would prefer not to go this route. Are there any other ways in which I could bypass this problem?

Was it helpful?

Solution

Here are four options with various security trade-offs and requiring various amounts of sys admin mojo:

With newer mercurial's you could put the password in the [auth] section of the local user's .hgrc file. The password will still be on disk in plaintext, but at least not in the URL

Or

You could locally set up a HTTP proxy that presents as no-auth locally and does the auth for you when communicating with remote.

Or

Of you're able to alter configuration on the hosting server you could set it (Apache?) to not require a user/pass when accessed from localhost, and then use a SSH tunnel to make the local machine look like it's coming from localhost when it access the server:

ssh -L 8080:localhost:80 user@hostname # run in background and leave running

and then have fabric connect to http://localhost:8080/repository

Or

Newer mercurial's support client side certificates for authentication, so you could configure your Apache to honor those as authorization/authentcation and then tweak your local hg to provide the certificate.

OTHER TIPS

Depending on your fabfile, you might be able to reframe the problem. Instead of doing a hg clone on the remote system you could do your mercurial commands on your local system, and then ship the artifact you've constructed across with fabric.

Specifically, you could clone the mercurial repository by using fabric's local() commands, and run a 'hg archive' command to prepare a tarball. Then you can use fabrics put() to upload that tarball, and fabrics run() to unpack it in the correct location.

A code snippet for the clone, pack, put might look a bit like the following:

from fabric.api import local

def task():
    local("hg clone ssh://hg@host/repo tmpdir")
    with lcd("tmpdir"):
        local("hg archive ../repo.tgz")
    local("rm tmpdir")
    put("repo.tgz")
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top