py2exe: add workaround to allow bundling of hgext3rd.* extensions
py2exe doesn't know how to handle namespace packages *at all*, so it treats
them like normal packages. As a result, if we try and bundle hgext3rd.evolve
in a py2exe build, it won't work if we install evolve into the virtualenv. In
order to work around this, tortoisehg installs hgext3rd.evolve etc into its
staged hg directory, since it doesn't use a virtualenv. As a workaround for us,
we'll just allow any extra packages users want bundled are part of hg during
the pseudo-install phase that py2exe uses. I'm not happy about this, but it
*works*.
As a sample of how you'd make an MSI with evolve bundled:
import os
import shutil
import subprocess
import tempfile
def stage_evolve(version):
"""Stage evolve for inclusion in py2exe binary."""
with tempfile.TemporaryDirectory() as temp:
evolve = os.path.join(temp, "evolve")
subprocess.check_call([
"hg.exe",
"clone",
"https://www.mercurial-scm.org/repo/evolve/",
"--update",
version,
evolve,
])
dest = os.path.join('..', 'hgext3rd', 'evolve')
if os.path.exists(dest):
shutil.rmtree(dest)
shutil.copytree(os.path.join(evolve, "hgext3rd", "evolve"), dest)
def main():
stage_evolve('tip')
print("\0")
print("hgext3rd")
print("hgext3rd.evolve")
print("hgext3rd.evolve.hack")
print("hgext3rd.evolve.thirdparty")
if __name__ == "__main__":
main()
is a script you can pass to the wix/build.py as --extra-packages-script,
and the resulting .msi will have an hg binary with evolve baked in. users
will still need to enable evolve in their hgrc, so you'd probably also
want to bundle configs in your msi for an enterprise environment, but that's
already easy to do with the support for extra features and wxs files in the
wix build process.
Differential Revision: https://phab.mercurial-scm.org/D6189
#require serve ssl
Set up SMTP server:
$ CERTSDIR="$TESTDIR/sslcerts"
$ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem
$ "$PYTHON" "$TESTDIR/dummysmtpd.py" -p $HGPORT --pid-file a.pid -d \
> --tls smtps --certificate `pwd`/server.pem
listening at localhost:$HGPORT (?)
$ cat a.pid >> $DAEMON_PIDS
Set up repository:
$ hg init t
$ cd t
$ cat <<EOF >> .hg/hgrc
> [extensions]
> patchbomb =
> [email]
> method = smtp
> [smtp]
> host = localhost
> port = $HGPORT
> tls = smtps
> EOF
$ echo a > a
$ hg commit -Ama -d '1 0'
adding a
Utility functions:
$ DISABLECACERTS=
$ try () {
> hg email $DISABLECACERTS -f quux -t foo -c bar -r tip "$@"
> }
Our test cert is not signed by a trusted CA. It should fail to verify if
we are able to load CA certs:
#if sslcontext defaultcacerts no-defaultcacertsloaded
$ try
this patch series consists of 1 patches.
(an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
(?i)abort: .*?certificate.verify.failed.* (re)
[255]
#endif
#if no-sslcontext defaultcacerts
$ try
this patch series consists of 1 patches.
warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
(using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
(?i)abort: .*?certificate.verify.failed.* (re)
[255]
#endif
#if defaultcacertsloaded
$ try
this patch series consists of 1 patches.
warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
(using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
(the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
(?i)abort: .*?certificate.verify.failed.* (re)
[255]
#endif
#if no-defaultcacerts
$ try
this patch series consists of 1 patches.
(unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
abort: localhost certificate error: no certificate received
(set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 config setting or use --insecure to connect insecurely)
[255]
#endif
$ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
Without certificates:
$ try --debug
this patch series consists of 1 patches.
(using smtps)
sending mail: smtp host localhost, port * (glob)
warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
(verifying remote certificate)
abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
(see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
[255]
With global certificates:
$ try --debug --config web.cacerts="$CERTSDIR/pub.pem"
this patch series consists of 1 patches.
(using smtps)
sending mail: smtp host localhost, port * (glob)
warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
(verifying remote certificate)
sending [PATCH] a ...
With invalid certificates:
$ try --config web.cacerts="$CERTSDIR/pub-other.pem"
this patch series consists of 1 patches.
warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
(the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
(?i)abort: .*?certificate.verify.failed.* (re)
[255]
$ cd ..