User Tools

Site Tools


This is an old revision of the document!

Hg Gateway

  • Install apache
  • Install mercurial

Repository Setup

mkdir path/to/rep
hg init


push_ssl = false
allow_push = *


#!/usr/bin/env python
# An example CGI script to use hgweb, edit as necessary
# adjust python path if not a system-wide install:
#import sys
#sys.path.insert(0, "/path/to/python/lib")
# enable importing on demand to reduce startup time
from mercurial import demandimport; demandimport.enable()
# send python tracebacks to the browser if an error occurs:
import cgitb
# If you'd like to serve pages with UTF-8 instead of your default
# locale charset, you can do so by uncommenting the following lines.
# Note that this will cause your .hgrc files to be interpreted in
# UTF-8 and all your repo files to be displayed using UTF-8.
#import os
#os.environ["HGENCODING"] = "UTF-8"
from mercurial.hgweb.hgweb_mod import hgweb
from mercurial.hgweb.request import wsgiapplication
import mercurial.hgweb.wsgicgi as wsgicgi
def make_web_app():
    return hgweb("/path/to/rep", "rep name")


AuthType Basic
AuthName "Repository"
AuthUserFile /etc/apache2/hg.passwd
Require user some-user

Mercurial Pushing to Server with Self Signed Certs

  • In recent versions of Mercurial SSL verification will fail for self signed SSL/HTTPS certs. There are two ways to fix the issue.
  • In the past the cacerts or web.cacerts would work around this problem, but it no longer works

Add the host fingerprint to hgrc

  1. To find the host fingerprint run the following
     openssl s_client -connect <FQDN>:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin
  2. You should get something like SHA1 Fingerprint=9E:FD:0A:7B:C0:40:3D:A9:CF:BD:FE:DA:5E:D3:A8:EB:04:DB:2D:33 take the hexidecimal value and use it the next step
  3. Add the following to your hgrc file
    <FQDN from step 1> = <HEXVALUE from step 2>

Disable SSL verification

  • It goes without saying the this is not a very good idea, but if all else fails this will get mercrial to talk to a self signed https server
  1. Add the following to your hgrc file:
    push = push --insecure
web_services/hg_gateway.1449515594.txt.gz · Last modified: 2015/12/07 13:13 by tschulz