HowTo configure Redmine for advanced Mercurial integration » History » Version 1
Jason Newton, 2009-10-15 00:55
| 1 | 1 | Jason Newton | h1. Howto advanced mercurial integration |
|---|---|---|---|
| 2 | |||
| 3 | This is mostly taken from the authors blog: http://yasdb.blogspot.com/2009/10/configuring-redmine-to-be-your-alll-in.html |
||
| 4 | |||
| 5 | This howto assumes you're on linux and followed the tutorial on advanced subversion integration up to and including the mysql nss/pam integration. You should also know that this howto resorts to 2 entries in /etc/sudoers for accompanying scripts which could be a security vulnerability. They were crafted such that this should not be possible but if you find a problem, please report and try to suggest a fix! |
||
| 6 | |||
| 7 | The attached and should be put in /usr/local/bin/. |
||
| 8 | |||
| 9 | You will want to run redmine and the webserver as it's own user, this howto assumes you choose a redmine unix user. You might consider making this https only depending on your security needs. |
||
| 10 | Lets configure and take a look at the environment. |
||
| 11 | |||
| 12 | Perform the following actions as root after you've created the redmine user. |
||
| 13 | |||
| 14 | <pre> |
||
| 15 | mkdir /home/redmineusers |
||
| 16 | chown -R root:root /home/redmineusers |
||
| 17 | cd /home/redmineusers |
||
| 18 | mkdir bin projects |
||
| 19 | chown -R root:root bin |
||
| 20 | chown -R redmine:root projects |
||
| 21 | </pre> |
||
| 22 | |||
| 23 | |||
| 24 | After following the above tutorial, make a change to the shell_column property: |
||
| 25 | users.homedir_column = "/home/redmineusers/"; |
||
| 26 | users.shell_column = "/bin/rbash"; |
||
| 27 | |||
| 28 | Also create the following file: |
||
| 29 | |||
| 30 | /home/redmineusers/.profile |
||
| 31 | <pre> |
||
| 32 | umask 0007 |
||
| 33 | export PATH=$HOME/bin/ |
||
| 34 | </pre> |
||
| 35 | Symlink this file to .bashrc and .bash_login. This seemed necessary for ssh to work ok with the environment. |
||
| 36 | |||
| 37 | Make a symbolic link in /home/redmineusers/bin/hg -> /usr/local/bin/hg.wrapper |
||
| 38 | |||
| 39 | And now two additions to to your /etc/sudoers: |
||
| 40 | <pre> |
||
| 41 | redmine ALL = NOPASSWD: /usr/local/bin/createrepo |
||
| 42 | ALL ALL = NOPASSWD: /usr/local/bin/fixrepoperms |
||
| 43 | </pre> |
||
| 44 | |||
| 45 | And now you apply the attached patch. Its dirtyish code but it works ok and is much cleaner than things I've seen in the past for this stuff - for instance when you create your project, you won't have to wait x minutes for the repo to show up! |
||
| 46 | |||
| 47 | |||
| 48 | Index: app/controllers/projects_controller.rb |
||
| 49 | =================================================================== |
||
| 50 | --- app/controllers/projects_controller.rb (revision 2924) |
||
| 51 | +++ app/controllers/projects_controller.rb (working copy) |
||
| 52 | @@ -74,6 +74,13 @@ |
||
| 53 | @project.enabled_module_names = Redmine::AccessControl.available_project_modules |
||
| 54 | else |
||
| 55 | @project.enabled_module_names = params[:enabled_modules] |
||
| 56 | + r = Repository.factory("Mercurial",:root_url => "/home/redmineusers/projects/#{@project.identifier}", |
||
| 57 | + :url => "/home/redmineusers/projects/#{@project.identifier}") |
||
| 58 | + @project.repository = r |
||
| 59 | + g = Group.new({ "lastname" => @project.identifier} ) #blidly create a new accompanying group |
||
| 60 | + gr = Role.givable.find_by_name("Developer") |
||
| 61 | + gm = Member.new(:principal => g, :roles => [gr], :project => @project) |
||
| 62 | + @project.members << m =" Member.new(:user"> User.current, :roles => [r]) |
||
| 63 | @project.members << controller =""> 'projects', :action => 'settings', :id => @project |
||
| 64 | end |
||
| 65 | end |
||
| 66 | + |
||
| 67 | + |
||
| 68 | end |
||
| 69 | |||
| 70 | def copy |
||
| 71 | Index: extra/svn/create_views.sql |
||
| 72 | =================================================================== |
||
| 73 | --- extra/svn/create_views.sql (revision 2924) |
||
| 74 | +++ extra/svn/create_views.sql (working copy) |
||
| 75 | @@ -13,7 +13,7 @@ |
||
| 76 | from projects; |
||
| 77 | |||
| 78 | CREATE OR REPLACE VIEW nss_users AS |
||
| 79 | -select login AS username, CONCAT_WS(' ', firstname, lastname) as realname, (id + 5000) AS uid, 'x' AS password |
||
| 80 | +select login AS username, CONCAT_WS(' ', firstname, lastname) as realname, (id + 5000) AS uid, 'x' AS password, |
||
| 81 | from users |
||
| 82 | where status = 1; |
||
| 83 | |||
| 84 | Make sure you rerun the create_views.sql script after you apply the patch. It should rerun just fine and now users have to be active rather than just exist. |
||
| 85 | |||
| 86 | |||
| 87 | If you've completed the above, congratulations. You now have a secure, private sandboxed environment for every project (in which you're protected by good old unix permissions) that is tied to your redmine user/group database. Each project gets it's own group on creation and you must add developers to this group to get sourcecode management access. You also have a secured / restricted environment for users to ssh into - but really only as a gateway to hg serve. You should be able to configure this to your needs for your flavor of SCM. Redmine should also have your repository entered upon project creation (it seems you must make a commit though before it looks like it works, this is understandable). |