how to enable extension for hgweb?

[Alexis S. L. Carvalho]

Thus spake Christian Ebert:
> Hi all,
> 
> Scenario:
> 
> I want to enable my keyword extension for the web (changelog in
> browser, archive download).
> 
> With my local server I can do that eg. by writing the according
> configuration in /etc/mercurial/hgrc or, better, by
> $ chown www:www repo/.hg/hgrc
> 
> Unfortunately, for my public repos, I have not access to /etc/
> and not the permissions to change the owner of repo/.hg/hgrc

Mercurial refuses to load extensions from hgrc files from users/groups
it doesn't trust.  This is a basic security check to avoid running
arbitrary code.  It sounds like, in your setup, the cgi script is run by
user "www", which won't trust your user by default.

> Does anybody happen to have an idea how to circumvent this from
> within mercurial, in this case installed in
> $HOME/lib/python/{mercurial,hgext} ?

Can you change the cgi script?  In this case, add something like this to
it:

import os
os.environ['HGRCPATH'] = '/path/to/a/hgrc'

And then put this in /path/to/a/hgrc:

[trusted]
users = my-username

The HGRCPATH environment variable points to the global hgrc files, which
are always trusted (note that hg won't read other files like
/etc/mercurial/hgrc or ~/.hgrc when this variable is set).  You use this
file to tell hg what users to trust (I guess you could just load the
extension directly, too...).

If you can't change the cgi script, you can try to change e.g. the
util.os_rcpath function to read some specific hgrc file: just add a
path.append('/path/to/a/hgrc') somewhere there.

Alexis