Mercurial > hg-stable
annotate tests/test-narrow-acl.t @ 48879:6b10151b9621 stable 6.1.3
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Reviewer note: this was sent by the author as a simple bugfix, but can be
considered a security patch, since it allows users to access things outside
of the ACL, hence the (SEC) prefix.
However, this affects the `narrow` extention which is still marked as
experimental and has relatively few users aside from large companies with
their own security layers on top from what we can gather.
We feel (Alphare: or at least, I feel) like pinging the packaging list is
enough in this case.
| author | Sandu Turcan <idlsoft@gmail.com> |
|---|---|
| date | Tue, 03 May 2022 21:44:30 -0400 |
| parents | 5e6542143d40 |
| children |
| rev | line source |
|---|---|
|
36117
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
1 Make a narrow clone then archive it |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
2 $ . "$TESTDIR/narrow-library.sh" |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
3 |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
4 $ hg init master |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
5 $ cd master |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
6 |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
7 $ for x in `$TESTDIR/seq.py 3`; do |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
8 > echo $x > "f$x" |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
9 > hg add "f$x" |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
10 > hg commit -m "Add $x" |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
11 > done |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
12 $ cat >> .hg/hgrc << EOF |
|
42158
280f7a095df8
narrow: send specs as bundle2 data instead of param (issue5952) (issue6019)
Pulkit Goyal <pulkit@yandex-team.ru>
parents:
36127
diff
changeset
|
13 > [narrowacl] |
|
36117
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
14 > default.includes=f1 f2 |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
15 > EOF |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
16 $ hg serve -a localhost -p $HGPORT1 -d --pid-file=hg.pid |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
17 $ cat hg.pid >> "$DAEMON_PIDS" |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
18 |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
19 $ cd .. |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
20 $ hg clone http://localhost:$HGPORT1 narrowclone1 |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
21 requesting all changes |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
22 adding changesets |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
23 adding manifests |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
24 adding file changes |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
25 added 3 changesets with 2 changes to 2 files |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
26 new changesets * (glob) |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
27 updating to branch default |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
28 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
29 |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
30 The clone directory should only contain f1 and f2 |
|
44724
5c2a4f37eace
tests: deal with "ls" vs "ls -A" difference on 2BSD derived systems
Joerg Sonnenberger <joerg@bec.de>
parents:
42158
diff
changeset
|
31 $ ls -A -1 narrowclone1 | sort |
|
5c2a4f37eace
tests: deal with "ls" vs "ls -A" difference on 2BSD derived systems
Joerg Sonnenberger <joerg@bec.de>
parents:
42158
diff
changeset
|
32 .hg |
|
36117
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
33 f1 |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
34 f2 |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
35 |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
36 Requirements should contain narrowhg |
|
48503
5e6542143d40
test: use `hg debugrequires` instead of `cat` in some tests
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
44724
diff
changeset
|
37 $ hg debugrequires -R narrowclone1 | grep narrowhg |
|
36127
e14821b290eb
narrowrepo: make repo requirement include the string 'experimental'
Augie Fackler <augie@google.com>
parents:
36117
diff
changeset
|
38 narrowhg-experimental |
|
36117
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
39 |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
40 NarrowHG should track f1 and f2 |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
41 $ hg -R narrowclone1 tracked |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
42 I path:f1 |
|
a2a6e724d61a
narrow: import experimental extension from narrowhg revision cb51d673e9c5
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
43 I path:f2 |
|
48879
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
44 |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
45 Narrow should not be able to widen to include f3 |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
46 $ hg -R narrowclone1 tracked --addinclude f3 |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
47 comparing with http://localhost:$HGPORT1/ |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
48 searching for changes |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
49 abort: The following includes are not accessible for test: ['path:f3'] |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
50 [255] |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
51 $ ls -A -1 narrowclone1 | sort |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
52 .hg |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
53 f1 |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
54 f2 |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
55 $ hg -R narrowclone1 tracked |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
56 I path:f1 |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
57 I path:f2 |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
58 |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
59 Narrow should allow widen to include f2 |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
60 $ hg -R narrowclone1 tracked --removeinclude f2 > /dev/null |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
61 $ hg -R narrowclone1 tracked |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
62 I path:f1 |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
63 $ ls -A -1 narrowclone1 | sort |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
64 .hg |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
65 f1 |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
66 $ hg -R narrowclone1 tracked --addinclude f2 |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
67 comparing with http://localhost:$HGPORT1/ |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
68 searching for changes |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
69 adding changesets |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
70 adding manifests |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
71 adding file changes |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
72 added 0 changesets with 1 changes to 1 files |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
73 $ hg -R narrowclone1 tracked |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
74 I path:f1 |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
75 I path:f2 |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
76 $ ls -A -1 narrowclone1 | sort |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
77 .hg |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
78 f1 |
|
6b10151b9621
narrow_widen_acl: enforce narrowacl in narrow_widen (SEC)
Sandu Turcan <idlsoft@gmail.com>
parents:
48503
diff
changeset
|
79 f2 |