that’s whacked

Mercurialicious and Subversionastic

Tuesday, Oct 10. 2006  –  Category: OpenSolaris

sch, garypen and i have spent the last week or so tearing through our SCM scripts/environment trying to finalise them to put Subversion support into production. We’re also preparing for the Mercurial beta support, which should include the ON read-only mirrour I’ve been blogging about for months. Here’s a very high-level, brief, and scatter-brained overview of how our SCM hosting environment is done:

We have our production webapp which powers opensolaris.org. Gary wrote an ‘SCM Management’ sibling webapp which handles SCM related tasks. Basically the leaders of a project can grant committer access to people affiliated with a project, add and delete repositories, and make repositories accessible for anonymous checkout. These actions all change values in the MySQL database we use to back opensolaris.org.

Every user on opensolaris.org can add SSH keys (either RSA2 or DSA) to their user-profile. These are synchronised onto our NFS server (which backs each user’s home directories). When the user tries to do an SCM operation (either svn+ssh:// for SVN, or ssh:// for Hg), their private key gets authenticated against the authorized_keys. A mini chroot is setup in their home directory, and project repositories are loopback mounted from their original NFS mounts on the app server. This all happens via some auto-mount map wizardry put together by Stephen. The nice thing is the auto-mount maps check the userid against the MySQL tables to determine what to loopback-mount, and what not to. This is a cheap way of doing ACL access. We may have something more sophisticated when we deploy a Mercurial version with the ACL extension. And thus you get happy happy SVN/Hg repositories available to you to checkout via your opensolaris.org user account.

I’ve also been rewhacking my Teamware->Mercurial bridge/conversion, and I’m pretty happy with its state. I’ve modularised some of the Teamware and SCCS functions into proper Perl modules, and have tried to extricate the code which is independent of ON so that it can be used by other folks. My code was dependent on diffs that Danek built for each putback on ON, so I’ve been writing code to walk through the Teamware history file and build diffs for arbitrary repositories. It’s still a work in progress at the moment, but I’m hopeful..

And on a totally random note, I’ve found a good tour to the DMZ to go on while I’m in Seoul run by the USO… so I’m psyched