How can I disallow push to Mercurial repository published by shared disk method?

Question

We're using mercurial in my company's intranet and cannot publish for the time being through other methods but shared disk due to firewall restrictions. I know this is not the ideal or the recommended method, however, it will do for now (I'm setting up RhodeCode if I eventually get a server).

We found that we could really easily share our changes by just sharing our repo folder through Windows using our Active Directory accounts (right click on folder, share with specific people), however I'd like to completely block out the possibility of having someone to push to a repository.

I'm 99% sure that HTTP is not being used, so traditional methods shouldn't work. I'm looking even for a workaround as I don't think there is anyway to restrict this directly from Mercurial config.

Answer 1

Everyone can share their repo (read-only) and ask other people – including the maintainer of the official repo – to pull from it.

Answer 2

As long as you're sure people are using push and pull to get the changes to from the shared directories (Which is the only safe way!) you can still use hooks in those repositories to block pushing. Something like this in the repository's .hg/hgrc file will prevent pushing:

[hooks]
pretxnchangegroup.denyall = /bin/false

where /bin/false is whatever executable on windows always returns false/non-zero.

Also, consider making the shared repositories bare repositories by doing hg update null in them. That removes all the files from the working dir so no one's tempted to edit in there.