tests/dumbhttp.py
author Gregory Szorc <gregory.szorc@gmail.com>
Thu, 09 Mar 2017 20:33:29 -0800
changeset 31299 f819aa9dbbf9
parent 31024 d05fefbb5ab3
child 34925 8b95e420e248
permissions -rwxr-xr-x
sslutil: issue warning when [hostfingerprint] is used Mercurial 3.9 added the [hostsecurity] section, which is better than [hostfingerprints] in every way. One of the ways that [hostsecurity] is better is that it supports SHA-256 and SHA-512 fingerprints, not just SHA-1 fingerprints. The world is moving away from SHA-1 because it is borderline secure. Mercurial should be part of that movement. This patch adds a warning when a valid SHA-1 fingerprint from the [hostfingerprints] section is being used. The warning informs users to switch to [hostsecurity]. It even prints the config option they should set. It uses the SHA-256 fingerprint because recommending a SHA-1 fingerprint in 2017 would be ill-advised. The warning will print itself on every connection to a server until it is fixed. There is no way to suppress the warning. I admit this is annoying. But given the security implications of sticking with SHA-1, I think this is justified. If this patch is accepted, I'll likely send a follow-up to start warning on SHA-1 certificates in [hostsecurity] as well. Then sometime down the road, we can drop support for SHA-1 fingerprints. Credit for this idea comes from timeless in issue 5466.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
22959
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
     1
#!/usr/bin/env python
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
     2
27282
0bb8c405a7c7 tests/dumbhttp: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents: 23136
diff changeset
     3
from __future__ import absolute_import
0bb8c405a7c7 tests/dumbhttp: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents: 23136
diff changeset
     4
22959
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
     5
"""
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
     6
Small and dumb HTTP server for use in tests.
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
     7
"""
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
     8
27282
0bb8c405a7c7 tests/dumbhttp: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents: 23136
diff changeset
     9
import optparse
31024
d05fefbb5ab3 dumbhttp: use IPv6 if HGIPV6 is set to 1
Jun Wu <quark@fb.com>
parents: 30515
diff changeset
    10
import os
27282
0bb8c405a7c7 tests/dumbhttp: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents: 23136
diff changeset
    11
import signal
31024
d05fefbb5ab3 dumbhttp: use IPv6 if HGIPV6 is set to 1
Jun Wu <quark@fb.com>
parents: 30515
diff changeset
    12
import socket
27282
0bb8c405a7c7 tests/dumbhttp: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents: 23136
diff changeset
    13
import sys
22959
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    14
27282
0bb8c405a7c7 tests/dumbhttp: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents: 23136
diff changeset
    15
from mercurial import (
30515
d9d8d78e6bc9 server: move cmdutil.service() to new module (API)
Yuya Nishihara <yuya@tcha.org>
parents: 29566
diff changeset
    16
    server,
29566
075146e85bb6 py3: conditionalize BaseHTTPServer, SimpleHTTPServer and CGIHTTPServer import
Pulkit Goyal <7895pulkit@gmail.com>
parents: 28771
diff changeset
    17
    util,
27282
0bb8c405a7c7 tests/dumbhttp: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents: 23136
diff changeset
    18
)
0bb8c405a7c7 tests/dumbhttp: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents: 23136
diff changeset
    19
29566
075146e85bb6 py3: conditionalize BaseHTTPServer, SimpleHTTPServer and CGIHTTPServer import
Pulkit Goyal <7895pulkit@gmail.com>
parents: 28771
diff changeset
    20
httpserver = util.httpserver
27282
0bb8c405a7c7 tests/dumbhttp: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents: 23136
diff changeset
    21
OptionParser = optparse.OptionParser
22959
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    22
31024
d05fefbb5ab3 dumbhttp: use IPv6 if HGIPV6 is set to 1
Jun Wu <quark@fb.com>
parents: 30515
diff changeset
    23
if os.environ.get('HGIPV6', '0') == '1':
d05fefbb5ab3 dumbhttp: use IPv6 if HGIPV6 is set to 1
Jun Wu <quark@fb.com>
parents: 30515
diff changeset
    24
    class simplehttpserver(httpserver.httpserver):
d05fefbb5ab3 dumbhttp: use IPv6 if HGIPV6 is set to 1
Jun Wu <quark@fb.com>
parents: 30515
diff changeset
    25
        address_family = socket.AF_INET6
d05fefbb5ab3 dumbhttp: use IPv6 if HGIPV6 is set to 1
Jun Wu <quark@fb.com>
parents: 30515
diff changeset
    26
else:
d05fefbb5ab3 dumbhttp: use IPv6 if HGIPV6 is set to 1
Jun Wu <quark@fb.com>
parents: 30515
diff changeset
    27
    simplehttpserver = httpserver.httpserver
d05fefbb5ab3 dumbhttp: use IPv6 if HGIPV6 is set to 1
Jun Wu <quark@fb.com>
parents: 30515
diff changeset
    28
23136
6eab50a34fed tests: have dumbhttp.py use cmdutil.service() to wait for child to listen()
Yuya Nishihara <yuya@tcha.org>
parents: 22959
diff changeset
    29
class simplehttpservice(object):
6eab50a34fed tests: have dumbhttp.py use cmdutil.service() to wait for child to listen()
Yuya Nishihara <yuya@tcha.org>
parents: 22959
diff changeset
    30
    def __init__(self, host, port):
6eab50a34fed tests: have dumbhttp.py use cmdutil.service() to wait for child to listen()
Yuya Nishihara <yuya@tcha.org>
parents: 22959
diff changeset
    31
        self.address = (host, port)
6eab50a34fed tests: have dumbhttp.py use cmdutil.service() to wait for child to listen()
Yuya Nishihara <yuya@tcha.org>
parents: 22959
diff changeset
    32
    def init(self):
31024
d05fefbb5ab3 dumbhttp: use IPv6 if HGIPV6 is set to 1
Jun Wu <quark@fb.com>
parents: 30515
diff changeset
    33
        self.httpd = simplehttpserver(
29566
075146e85bb6 py3: conditionalize BaseHTTPServer, SimpleHTTPServer and CGIHTTPServer import
Pulkit Goyal <7895pulkit@gmail.com>
parents: 28771
diff changeset
    34
            self.address, httpserver.simplehttprequesthandler)
23136
6eab50a34fed tests: have dumbhttp.py use cmdutil.service() to wait for child to listen()
Yuya Nishihara <yuya@tcha.org>
parents: 22959
diff changeset
    35
    def run(self):
6eab50a34fed tests: have dumbhttp.py use cmdutil.service() to wait for child to listen()
Yuya Nishihara <yuya@tcha.org>
parents: 22959
diff changeset
    36
        self.httpd.serve_forever()
22959
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    37
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    38
if __name__ == '__main__':
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    39
    parser = OptionParser()
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    40
    parser.add_option('-p', '--port', dest='port', type='int', default=8000,
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    41
        help='TCP port to listen on', metavar='PORT')
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    42
    parser.add_option('-H', '--host', dest='host', default='localhost',
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    43
        help='hostname or IP to listen on', metavar='HOST')
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    44
    parser.add_option('--pid', dest='pid',
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    45
        help='file name where the PID of the server is stored')
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    46
    parser.add_option('-f', '--foreground', dest='foreground',
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    47
        action='store_true',
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    48
        help='do not start the HTTP server in the background')
28451
c90cfe76e024 serve: accept multiple values for --daemon-postexec
Jun Wu <quark@fb.com>
parents: 28194
diff changeset
    49
    parser.add_option('--daemon-postexec', action='append')
22959
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    50
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    51
    (options, args) = parser.parse_args()
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    52
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    53
    signal.signal(signal.SIGTERM, lambda x, y: sys.exit(0))
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    54
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    55
    if options.foreground and options.pid:
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    56
        parser.error("options --pid and --foreground are mutually exclusive")
10116463b0b1 tests: pull common http server setup out of individual tests
Mike Hommey <mh@glandium.org>
parents:
diff changeset
    57
23136
6eab50a34fed tests: have dumbhttp.py use cmdutil.service() to wait for child to listen()
Yuya Nishihara <yuya@tcha.org>
parents: 22959
diff changeset
    58
    opts = {'pid_file': options.pid,
6eab50a34fed tests: have dumbhttp.py use cmdutil.service() to wait for child to listen()
Yuya Nishihara <yuya@tcha.org>
parents: 22959
diff changeset
    59
            'daemon': not options.foreground,
28194
7623ba92af72 serve: rename --daemon-pipefds to --daemon-postexec (BC)
Jun Wu <quark@fb.com>
parents: 27282
diff changeset
    60
            'daemon_postexec': options.daemon_postexec}
23136
6eab50a34fed tests: have dumbhttp.py use cmdutil.service() to wait for child to listen()
Yuya Nishihara <yuya@tcha.org>
parents: 22959
diff changeset
    61
    service = simplehttpservice(options.host, options.port)
30515
d9d8d78e6bc9 server: move cmdutil.service() to new module (API)
Yuya Nishihara <yuya@tcha.org>
parents: 29566
diff changeset
    62
    server.runservice(opts, initfn=service.init, runfn=service.run,
d9d8d78e6bc9 server: move cmdutil.service() to new module (API)
Yuya Nishihara <yuya@tcha.org>
parents: 29566
diff changeset
    63
                      runargs=[sys.executable, __file__] + sys.argv[1:])