Command Reference

HGKeeper has a number of sub commands, but serve is the most useful one.

setup

The setup command is used to bootstrap HGKeeper. It will create the directory for the repositories as well as the hgkeeper administration repository.

After initial setup, please make sure to read the README.md in the hgkeeper admin repository that was created as it details how access control works.

serve

The serve command is the main mode of operation which is to provide access to the repositories.

You can optionally disable either one of the HGWeb or SSH servers to limit resource usage or just disable the portions you don't need. However, the HTTP server will always be active as it contains a health endpoint at /hgk/health and could be used for integration with OpenSSH Server via the --external-hostname argument.

For example, say you don't need public access or the HGWeb interface at all, you can disable it by passing --disable-hgweb to the serve command or by setting the HGK_DISABLE_HGWEB environment variable to true.

Likewise, if you just want to serve up read only repositories over HTTP you can disable the SSH server by passing --disable-ssh to the serve command or by setting the HGK_DISABLE_SSH environment variable to true.

The --disable-hgweb and disable-ssh options are mutually exclusive and passing both will stop HGKeeper from starting.

The serve command also has options to tell HGKeeper how it can be accessed externally. This is useful when integrating with OpenSSH Server. These options are --external-hostname and --external-port.

--external-hostname can be a hostname or IP address, but it needs to be an address that your OpenSSH Server can connect to. Likewise, --external-port is the external port that the OpenSSH Server can reach to connect to HGKeeper's SSH server. It has a default value of 22222.

authorized-keys

The authorized-keys command is used when integrating with OpenSSH server in the on demand mode of operation. It takes a single argument as the SHA256 fingerprint of the SSH public key that OpenSSH will provide. If HGKeeper knows that key, it will output an authorized_keys(8) text that OpenSSH Server can use to continue the HG operation.

once

The once command is used in conjunction with the above mentioned authorized-keys command for on demand operation. It is the command that HGKeeper tells OpenSSH Server to run to continue the SSH operations and is not useful in any other way.