
Remove the explicit write access of admins to the hgkeeper repo.

package hg
import (
func createHgrc(writeable bool) (string, error) {
tmpfile, err := ioutil.TempFile("", "hgkeeper-*.hgrc")
if err != nil {
return "", err
hgrc := ini.Empty()
if !writeable {
hooks, err := hgrc.NewSection("hooks")
if err != nil {
return "", err
hooks.NewKey("pretxnchangegroup", "/bin/false")
if err := hgrc.SaveTo(tmpfile.Name()); err != nil {
return "", err
return tmpfile.Name(), nil
func findHgrcsForRepo(repoName string) []string {
ret := []string{}
adminPath := access.AdminRepoPath()
for {
ret = append(ret, filepath.Join(adminPath, "config", repoName, "hgrc"))
if repoName == "." || repoName == "" || repoName == "/" {
repoName = filepath.Dir(repoName)
// we're assuming that the order of hgrc files is last wins, so we need to
// reverse the list so that the repository specific hgrc wins. If the list
// has an odd number of items, the middle is skipped as it's already in the
// correct location.
for i, j := 0, len(ret)-1; i < j; i, j = i+1, j-1 {
ret[i], ret[j] = ret[j], ret[i]
return ret