internals: document CBOR utilization
I spoke with some people at Mozilla about CBOR and they advised me
that we should be careful about the subset of CBOR we use in order
to mitigate security, performance, and compatibility concerns.
This commit establishes a document that attempts to formalize our
use of CBOR.
Its main limitations are on what types are allowed. It explicitly
enumerates which types are supported. Notable missing features
include:
* Indefinite-length arrays and maps
* Text strings (bytes all the way)
* Floats
* Date/time types
* Big integers
* Use of indefinite-length byte strings for map keys, values in
containers.
If we have a need for any of these, we can have a discussion about
them when the time comes.
Differential Revision: https://phab.mercurial-scm.org/D4412
Dummy extension simulating unsafe long running command
$ cat > sleepext.py <<EOF
> import itertools
> import time
>
> from mercurial.i18n import _
> from mercurial import registrar
>
> cmdtable = {}
> command = registrar.command(cmdtable)
>
> @command(b'sleep', [], _(b'TIME'), norepo=True)
> def sleep(ui, sleeptime=b"1", **opts):
> with ui.uninterruptable():
> for _i in itertools.repeat(None, int(sleeptime)):
> time.sleep(1)
> ui.warn(b"end of unsafe operation\n")
> ui.warn(b"%s second(s) passed\n" % sleeptime)
> EOF
Kludge to emulate timeout(1) which is not generally available.
$ cat > timeout.py <<EOF
> from __future__ import print_function
> import argparse
> import signal
> import subprocess
> import sys
> import time
>
> ap = argparse.ArgumentParser()
> ap.add_argument('-s', nargs=1, default='SIGTERM')
> ap.add_argument('duration', nargs=1, type=int)
> ap.add_argument('argv', nargs='*')
> opts = ap.parse_args()
> try:
> sig = int(opts.s[0])
> except ValueError:
> sname = opts.s[0]
> if not sname.startswith('SIG'):
> sname = 'SIG' + sname
> sig = getattr(signal, sname)
> proc = subprocess.Popen(opts.argv)
> time.sleep(opts.duration[0])
> proc.poll()
> if proc.returncode is None:
> proc.send_signal(sig)
> proc.wait()
> sys.exit(124)
> EOF
Set up repository
$ hg init repo
$ cd repo
$ cat >> $HGRCPATH << EOF
> [extensions]
> sleepext = ../sleepext.py
> EOF
Test ctrl-c
$ python $TESTTMP/timeout.py -s INT 1 hg sleep 2
interrupted!
[124]
$ cat >> $HGRCPATH << EOF
> [experimental]
> nointerrupt = yes
> EOF
$ python $TESTTMP/timeout.py -s INT 1 hg sleep 2
interrupted!
[124]
$ cat >> $HGRCPATH << EOF
> [experimental]
> nointerrupt-interactiveonly = False
> EOF
$ python $TESTTMP/timeout.py -s INT 1 hg sleep 2
shutting down cleanly
press ^C again to terminate immediately (dangerous)
end of unsafe operation
interrupted!
[124]