Files @ ba444b73e01a
Branch filter:

Location: kallithea/init.d/kallithea-upstart.conf

ba444b73e01a 740 B text/plain Show Annotation Show as Raw Download as Raw
Mads Kiilerich
hg: make protocol access control more explicit

Enumerate all currently known commands, and default to require 'push' access
for all unknown commands.

This change mitigates some privilege escalation problems like CVE-2018-1000132
which was fixed in Mercurial 4.5.1 and currently is described on
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29 .
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# kallithea - run the kallithea daemon as an upstart job
# Change variables/paths as necessary and place file /etc/init/kallithea.conf
# start/stop/restart as normal upstart job (ie: $ start kallithea)

description	"Kallithea Mercurial Server"
author		"Matt Zuba <matt.zuba@goodwillaz.org"

start on (local-filesystems and runlevel [2345])
stop on runlevel [!2345]

respawn

umask 0022

env PIDFILE=/var/hg/kallithea/kallithea.pid
env LOGFILE=/var/hg/kallithea/log/kallithea.log
env APPINI=/var/hg/kallithea/production.ini
env HOME=/var/hg
env USER=hg
env GROUP=hg

exec /var/hg/.virtualenvs/kallithea/bin/paster serve --user=$USER --group=$GROUP --pid-file=$PIDFILE --log-file=$LOGFILE $APPINI

post-stop script
	rm -f $PIDFILE
end script
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.