largefiles: rename match_ to matchmod import in lfutil

largefiles: rename match_ to matchmod import in reposetup

largefiles: rename match_ to matchmod import in overrides

largefiles: rename match_ to matchmod import in lfcommands

py3: make largefiles/wirestore.py use absolute_import

py3: make largefiles/uisetup.py use absolute_import

py3: make largefiles/reposetup.py use absolute_import

py3: make largefiles/remotestore.py use absolute_import

py3: make largefiles/proto.py use absolute_import

py3: make largefiles/overrides.py use absolute_import

py3: make largefiles/localstore.py use absolute_import

py3: make largefiles/lfutil.py use absolute_import

py3: make largefiles/lfcommands.py use absolute_import

py3: make largefiles/basestore.py use absolute_import

py3: make largefiles/__init__.py use absolute_import

largefiles: move basestore._openstore into new module to remove cycle

revset: make filteredset.__nonzero__ respect the order of the filteredset This fix allows __nonzero__ to respect the direction of iteration of the whole filteredset. Here's the case when it matters. Imagine that we have a very large repository and we want to execute a command like: $ hg log --rev '(tip:0) and user(ikostia)' --limit 1 (we want to get the latest commit by me). Mercurial will evaluate a filteredset lazy data structure, an instance of the filteredset class, which will know that it has to iterate in a descending order (isdescending() will return True if called). This means that when some code iterates over the instance of this filteredset, the 'and user(ikostia)' condition will be first checked on the latest revision, then on the second latest and so on, allowing Mercurial to print matches as it founds them. However, cmdutil.getgraphlogrevs contains the following code: revs = _logrevs(repo, opts) if not revs: return revset.baseset(), None, None The "not revs" expression is evaluated by calling filteredset.__nonzero__, which in its current implementation will try to iterate the filteredset in ascending order until it finds a revision that matches the 'and user(..' condition. If the condition is only true on late revisions, a lot of useless iterations will be done. These iterations could be avoided if __nonzero__ followed the order of the filteredset, which in my opinion is a sensible thing to do here. The problem gets even worse when instead of 'user(ikostia)' some more expensive check is performed, like grepping the commit diff. I tested this fix on a very large repo where tip is my commit and my very first commit comes fairly late in the revision history. Results of timing of the above command on that very large repo. -with my fix: real 0m1.795s user 0m1.657s sys 0m0.135s -without my fix: real 1m29.245s user 1m28.223s sys 0m0.929s I understand that this is a very specific kind of problem that presents itself very rarely, only on very big repositories and with expensive checks and so on. But I don't see any disadvantages to this kind of fix either.

phases: make writing phaseroots file out avoid ambiguity of file stat Cached attribute repo._phasecache uses stat of '.hg/phaseroots' file to examine validity of cached contents. If writing '.hg/phaseroots' file out keeps ctime, mtime and size of it, change is overlooked, and old contents cached before change isn't invalidated as expected. To avoid ambiguity of file stat, this patch writes '.hg/phaseroots' file out with checkambig=True. This patch is a part of "Exact Cache Validation Plan": https://www.mercurial-scm.org/wiki/ExactCacheValidationPlan

dirstate: make writing branch file out avoid ambiguity of file stat Cached attribute dirstate._branch uses stat of '.hg/branch' file to examine validity of cached contents. If writing '.hg/branch' file out keeps ctime, mtime and size of it, change is overlooked, and old contents cached before change isn't invalidated as expected. To avoid ambiguity of file stat, this patch writes '.hg/branch' file out with checkambig=True. This patch is a part of "Exact Cache Validation Plan": https://www.mercurial-scm.org/wiki/ExactCacheValidationPlan

dirstate: make writing dirstate file out avoid ambiguity of file stat Cached attribute repo.dirstate uses stat of '.hg/dirstate' file to examine validity of cached contents. If writing '.hg/dirstate' file out keeps ctime, mtime and size of it, change is overlooked, and old contents cached before change isn't invalidated as expected. To avoid ambiguity of file stat, this patch writes '.hg/dirstate' file out with checkambig=True. The former diff hunk changes the code path for "dirstate.write()", and the latter changes the code path for "dirstate.savebackup()". This patch is a part of "Exact Cache Validation Plan": https://www.mercurial-scm.org/wiki/ExactCacheValidationPlan

bookmarks: make writing files out avoid ambiguity of file stat Cached attribute repo._bookmarks uses stat of '.hg/bookmarks' and '.hg/bookmarks.current' files to examine validity of cached contents. If writing these files out keeps ctime, mtime and size of them, change is overlooked, and old contents cached before change isn't invalidated as expected. To avoid ambiguity of file stat, this patch writes '.hg/bookmarks' and '.hg/bookmarks.current' files out with checkambig=True. This patch is a part of "Exact Cache Validation Plan": https://www.mercurial-scm.org/wiki/ExactCacheValidationPlan

transaction: avoid ambiguity of file stat at closing transaction Files below, which might be changed at closing transaction, are used to examine validity of cached properties. If changing keeps ctime, mtime and size of a file, change is overlooked, and old contents cached before change isn't invalidated as expected. - .hg/bookmarks - .hg/dirstate - .hg/phaseroots To avoid ambiguity of file stat, this patch writes files out with checkambig=True at closing transaction. checkambig becomes True only at closing (= 'not suffix'), because stat information of '.pending' file isn't used to examine validity of cached properties. This patch is a part of "Exact Cache Validation Plan": https://www.mercurial-scm.org/wiki/ExactCacheValidationPlan

util: add __ne__ to filestat class for consistency This is follow up for ca4065028e00, which introduced filestat class.

style: remove namespace class For better or worse, our coding do not use use class for pure namespacing. We remove the class introduced in a5009789960c.

style: don't use capital letter for constant For better or worse, our coding do not use all caps for constants. We rename constant name introduced in a5009789960c.

tests-subrepo-git: use "f" to dump pwned.txt, for portability Rather than sometimes using a complicated shell construct to dump pwned.txt (if it wasn't expected to exist, but might, if something were broken) or just cat (if it was expected to exist), just use the "f" utility, which will be consistent in its behavior across different platforms. Also make sure that *something* gets put into pwned.txt, even if we ended up typoing the message variable.

bundle2: don't assume ordering of heads checked after push Usually, the heads will have the same ordering in handlecheckheads. Insisting on the same ordering is however an unnecessary constraint that in some custom cases can cause pushes to fail even though the actual heads didn't change. This caused production issues for us in combination with the current version of https://bitbucket.org/Unity-Technologies/hgwebcachingproxy/ .

sslutil: print the fingerprint from the last hash used Before, we would always print the unprefixed SHA-1 fingerprint when fingerprint comparison failed. Now, we print the fingerprint of the last hash used, including the prefix if necessary. This helps ensure that the printed hash type matches what is in the user configuration. There are still some cases where this can print a mismatched hash type. e.g. if there are both SHA-1 and SHA-256 fingerprints in the config, we could print a SHA-1 hash if it comes after the SHA-256 hash. But I'm inclined to ignore this edge case. While I was here, the "section" variable assignment has been moved to just above where it is used because it is now only needed for this error message and it makes the code easier to read.

sslutil: make cert fingerprints messages more actionable The previous warning and abort messages were difficult to understand. This patch makes them slightly better. I think there is still room to tweak the messaging. And as we adopt new security defaults, these messages will certainly change again. But at least this takes us a step in the right direction. References to "section" have been removed because if no fingerprint is defined, "section" can never be "hostfingerprints." So just print "hostsecurity" every time.

sslutil: refactor code for fingerprint matching We didn't need to use a temporary variable to indicate success because we just return anyway. This refactor makes the code simpler. While we're here, we also call into formatfingerprint() to ensure the fingerprint from the proper hashing algorithm is logged.

sslutil: print SHA-256 fingerprint by default The world is starting to move on from SHA-1. A few commits ago, we gained the ability to define certificate fingerprints using SHA-256 and SHA-512. Let's start printing the SHA-256 fingerprint instead of the SHA-1 fingerprint to encourage people to pin with a more secure hashing algorithm. There is still a bit of work to be done around the fingerprint messaging. This will be addressed in subsequent commits.

sslutil: move and change warning when cert verification is disabled A short time ago, validatesocket() didn't know the reasons why cert verification was disabled. Multiple code paths could lead to cert verification being disabled. e.g. --insecure and lack of loaded CAs. With the recent refactorings to sslutil.py, we now know the reasons behind security settings. This means we can recognize when the user requested security be disabled (as opposed to being unable to provide certificate verification due to lack of CAs). This patch moves the check for certificate verification being disabled and changes the wording to distinguish it from other states. The warning message is purposefully more dangerous sounding in order to help discourage people from disabling security outright. We may want to add a URL or hint to this message. I'm going to wait until additional changes to security defaults before committing to something.

sslutil: add devel.disableloaddefaultcerts to disable CA loading There are various tests for behavior when CA certs aren't loaded. Previously, we would pass --insecure to disable loading of CA certs. This has worked up to this point because the error message for --insecure and no CAs loaded is the same. Upcoming commits will change the error message for --insecure and will change behavior when CAs aren't loaded. This commit introduces the ability to disable loading of CA certs by setting devel.disableloaddefaultcerts. This allows a testing backdoor to disable loading of CA certs even if system/default CA certs are available. The flag is purposefully not exposed to end-users because there should not be a need for this in the wild: certificate pinning and --insecure provide workarounds to disable cert loading/validation. Tests have been updated to use the new method. The variable used to disable CA certs has been renamed because the method is not OS X specific.

sslutil: store flag for whether cert verification is disabled This patch effectively moves the ui.insecureconnections check to _hostsettings(). After this patch, validatesocket() no longer uses the ui instance for anything except writing messages. This patch also enables us to introduce a per-host config option for disabling certificate verification.

sslutil: remove "strict" argument from validatesocket() It was only used by mail.py as part of processing smtp.verifycert, which was just removed.

mail: unsupport smtp.verifycert (BC) smtp.verifycert was accidentally broken by cca59ef27e60. And, I believe the "loose" value has been broken for longer than that. The current code refuses to talk to a remote server unless the CA is trusted or the fingerprint is validated. In other words, we lost the ability for smtp.verifycert to lower/disable security. There are special considerations for smtp.verifycert in sslutil.validatesocket() (the "strict" argument). This violates the direction sslutil is evolving towards, which has all security options determined at wrapsocket() time and a unified code path and configs for determining security options. Since smtp.verifycert is broken and since we'll soon have new security defaults and new mechanisms for controlling host security, this patch formally deprecates smtp.verifycert. With this patch, the socket security code in mail.py now effectively mirrors code in url.py and other places we're doing socket security. For the record, removing smtp.verifycert because it was accidentally broken is a poor excuse to remove it. However, I would have done this anyway because smtp.verifycert is a one-off likely used by few people (users of the patchbomb extension) and I don't think the existence of this seldom-used one-off in security code can be justified, especially when you consider that better mechanisms are right around the corner.

update: fix bare --clean to work on new branch (issue5003) (BC) Before this commit bare update --clean on newly created branch updates to the parent commit, even if there are later commits on the parent commit's branch. Update to the latest head on the parent commit's branch instead. This seems reasonable as clean should discard uncommited changes, branch is one of them.

revert: use "discard"/"revert" verb when reverting interactively (issue5143) Instead of "record this change to 'FILE'?" now prompt with: * "discard this change to 'FILE'?" when reverting to the parent of working directory, and, * "revert this change to 'FILE'?" otherwise.

run-tests: add support for RTUNICODEPEDANTRY environment variable based on 73e4a02e6d23

obsolete: fix grammar

tests: add run-test .testtimes basic testing

check-code: make repquote distinguish more characters for exact detection This patch makes repquote() distinguish more characters below, as a preparation for exact detection in subsequent patch. - "%" as "%" - "\\" as "b"(ackslash) - "*" as "A"(sterisk) - "+" as "P"(lus) - "-" as "M"(inus) Characters other than "%" don't use itself as replacement, because they are treated as special ones in regexp.

check-code: centralize rules depending on implementation of repquote This decreases the cost of checking which regexp should be adjusted at change of repquote().

check-code: use fixedmap for replacement of space characters This can centralize management of fixed replacement into fixedmap.

check-code: replace quoted characters correctly 169cb9e47f8e tried to detect '.. note::' more exactly. But implementation of it seems not correct, because: - fromc.find(c) returns -1 for other than "." and ":" - tochr[-1] returns "q" for such characters, but - expected result for them is "o" This patch uses dict to manage replacement instead of replacing str.find() by str.index(), for improvement/refactoring in subsequent patches. Examination by fixedmap is placed just after examination for ' ' and '\n', because subsequent patch will integrate the latter into the former. This patch also changes regexp for 'string join across lines with no space' rule, and adds detailed test for it, because 169cb9e47f8e did: - make repquote() distinguish "." (as "p") and ":" (as "q") from others (as "o"), but - not change this regexp without any reason (in commit log, at least), even though this regexp depends on what "o" means This patch doesn't focuses on deciding whether "." and/or ":" should be followed by whitespace or not in translatable messages.

test-chg: add basic tests for server lifecycle I'm going to move around the codes in AutoExitMixIn. This test should catch a subtle bug of unlinking sockets which I made in draft patches.

test-chg: run only with chg It doesn't make sense to run test-chg.t without chg, so ignore it with vanilla hg, and specify chg executable explicitly. test-chg.t can host chg-specific tests.

distate: add assertions to backup functions Those assertions will prevent the backup functions from overwriting the dirstate file in case both: suffix and prefix are empty. (foozy suggested making that change and I agree with him)

Added signature for changeset a9764ab80e11

Added tag 3.8.3 for changeset a9764ab80e11

shelve: use backup functions instead of manually copying dirstate This increases encapsulation of dirstate: the dirstate file is private to the dirstate module and shouldn't be touched by extensions directly.

dirstate: don't use actualfilename to name the backup file The issue with using actualfilename is that dirstate saved during transaction with "pending" in filename will be impossible to recover from outside of the transaction because the recover method will be looking for the name without "pending".

sslutil: reference appropriate config section in messaging Error messages reference the config section defining the host fingerprint. Now that we have multiple sections where this config setting could live, we need to point the user at the appropriate one. We default to the new "hostsecurity" section. But we will still refer them to the "hostfingerprint" section if a value is defined there. There are some corner cases where the messaging might be off. e.g. they could define a SHA-1 fingerprint in both sections. IMO the messaging needs a massive overhaul. I plan to do this as part of future refactoring to security settings.

sslutil: allow fingerprints to be specified in [hostsecurity] We introduce the [hostsecurity] config section. It holds per-host security settings. Currently, the section only contains a "fingerprints" option, which behaves like [hostfingerprints] but supports specifying the hashing algorithm. There is still some follow-up work, such as changing some error messages.

debuginstall: expose modulepolicy With this, you can check for pure easily: $ HGMODULEPOLICY=py ./hg debuginstall -T "{hgmodulepolicy}" py

revset: define table of sort() key functions This should be more readable than big "if" branch.

revset: factor out reverse flag of sort() key Prepares for making a table of sort keys. This assumes 'k' has at least one character, which should be guaranteed by keys.split().

tests: don't save host fingerprints in hgrc Previously, the test saved the host fingerprints in hgrc. Many tests override the fingerprint at run-time. This was a bit dangerous and was too magical for my liking. It will also interfere with a future patch that adds a new source for obtaining fingerprints. So change the test to require the fingerprint on every command invocation.

sslutil: calculate host fingerprints from additional algorithms Currently, we only support defining host fingerprints with SHA-1. A future patch will introduce support for defining fingerprints using other hashing algorithms. In preparation for that, we rewrite the fingerprint verification code to support multiple fingerprints, namely SHA-256 and SHA-512 fingerprints. We still only display the SHA-1 fingerprint. We'll have to revisit this code once we support defining fingerprints with other hash functions. As part of this, I snuck in a change to use range() instead of xrange() because xrange() isn't necessary for such small values.

util: add sha256 Upcoming patches will teach host fingerprint checking to verify non-SHA1 fingerprints. Many x509 certificates these days are SHA-256. And modern browsers often display the SHA-256 fingerprint for certificates. Since SHA-256 fingerprints are highly visible and easy to obtain, we want to support them for fingerprint pinning. So add SHA-256 support to util. I did not add SHA-256 to DIGESTS and DIGESTS_BY_STRENGTH because this will advertise the algorithm on the wire protocol. I wasn't sure if that would be appropriate. I'm playing it safe by leaving it out for now.

sslutil: move CA file processing into _hostsettings() The CA file processing code has been moved from _determinecertoptions into _hostsettings(). As part of the move, the logic has been changed slightly and the "cacerts" variable has been renamed to "cafile" to match the argument used by SSLContext.load_verify_locations(). Since _determinecertoptions() no longer contains any meaningful code, it has been removed.

sslutil: move SSLContext.verify_mode value into _hostsettings _determinecertoptions() and _hostsettings() are redundant with each other. _hostsettings() is used the flexible API we want. We start the process of removing _determinecertoptions() by moving some of the logic for the verify_mode value into _hostsettings(). As part of this, _determinecertoptions() now takes a settings dict as its argument. This is technically API incompatible. But since _determinecertoptions() came into existence a few days ago as part of this release, I'm not flagging it as such.

sslutil: introduce a function for determining host-specific settings This patch marks the beginning of a series that introduces a new, more configurable, per-host security settings mechanism. Currently, we have global settings (like web.cacerts and the --insecure argument). We also have per-host settings via [hostfingerprints]. Global security settings are good for defaults, but they don't provide the amount of control often wanted. For example, an organization may want to require a particular CA is used for a particular hostname. [hostfingerprints] is nice. But it currently assumes SHA-1. Furthermore, there is no obvious place to put additional per-host settings. Subsequent patches will be introducing new mechanisms for defining security settings, some on a per-host basis. This commits starts the transition to that world by introducing the _hostsettings function. It takes a ui and hostname and returns a dict of security settings. Currently, it limits itself to returning host fingerprint info. We foreshadow the future support of non-SHA1 hashing algorithms for verifying the host fingerprint by making the "certfingerprints" key a list of tuples instead of a list of hashes. We add this dict to the hgstate property on the socket and use it during socket validation for checking fingerprints. There should be no change in behavior.

tests-subrepo-git: emit a different "pwned" message based on the test Having a single "pwned" message which may or may not be emitted during the tests for CVE-2016-3068 leads to extra confusion. Allow each test to emit a more detailed message based on what the expectations are. In both cases, we expect a version of git which has had the vulnerability plugged, as well as a version of mercurial which also knows about GIT_ALLOW_PROTOCOL. For the first test, we make sure GIT_ALLOW_PROTOCOL is unset, meaning that the ext-protocol subrepo should be ignored; if it isn't, there's either a problem with mercurial or the installed copy of git. For the second test, we explicitly allow ext-protocol subrepos, which means that the subrepo will be accessed and a message emitted confirming that this was, in fact, our intention.

tests-subrepo-git: make the "pwned" message output in a stable order The "pwned" message from this test gets gets sent to stderr, and so may get emitted in different places from run to run in the rest of mercurial's output. This patch forces the message to go to a specific file instead, whose existence and contents we can examine at a stable point in the test's execution.

test-cache-abuse: correct for different hunk headers between Solaris and GNU When diffing against an empty file, Solaris diff uses 1 to designate the first line of the empty file (either -1,0 on the left or +1,0 on the right) while GNU diff uses 0 (-0,0 and +0,0). We use a glob here to make sure the test passes with either toolchain. I've not added tests to check-code because there are scads of places in the tests where the GNU format is used due to that being the format that "hg diff" and "hg export" use, and changing those to use globs seems wrong.

lazymanifest: fix typo s/typles/tuples/

sslutil: remove sslkwargs() (API) It is now unused.

url: remove use of sslkwargs

mail: remove use of sslkwargs

httpconnection: remove use of sslkwargs It now does nothing.

sslutil: move sslkwargs logic into internal function (API) As the previous commit documented, sslkwargs() doesn't add any value since its return is treated as a black box and proxied to wrapsocket(). We formalize its uselessness by moving its logic into a new, internal function and make sslkwargs() return an empty dict. The certificate arguments that sslkwargs specified have been removed from wrapsocket() because they should no longer be set.

sslutil: remove ui from sslkwargs (API) Arguments to sslutil.wrapsocket() are partially determined by calling sslutil.sslkwargs(). This function receives a ui and a hostname and determines what settings, if any, need to be applied when the socket is wrapped. Both the ui and hostname are passed into wrapsocket(). The other arguments to wrapsocket() provided by sslkwargs() (ca_certs and cert_reqs) are not looked at or modified anywhere outside of sslutil.py. So, sslkwargs() doesn't need to exist as a separate public API called before wrapsocket(). This commit starts the process of removing external consumers of sslkwargs() by removing the "ui" key/argument from its return. All callers now pass the ui argument explicitly.

dirstate: remove file from copymap on drop As the copymap is short-lived object regenerated from dirstate on each read this didn't affect us in any serious way. But since I've started working on permanent storage of copymap in my experiments with sqldirstate[1] I've seen this bug leaving the copy information in copymap after reverting the file moves and copies. [1] https://www.mercurial-scm.org/wiki/SQLDirstatePlan

run-tests: use json.dumps(separators=) Followup to daff05dcd184 per Martijn Pieters

debugignore: make messages translatable These messages have been overlooked by check-code, because they start with non-alphabet character ('%' or '('). Making these messages translatable seems reasonable, because messages for ui.note(), ui.status(), ui.progress() and descriptive messages for ui.write() in "debug" commands are already translatable in many cases. This is also a part of preparation for making "missing _() in ui message" detection of check-code more exact.

grep: make a message translatable This message has been overlooked by check-code, because it starts with non-alphabet character (' '). This is also a part of preparation for making "missing _() in ui message" detection of check-code more exact.

subrepo: make a message translatable This message has been overlooked by check-code, because it starts with non-alphabet character ('%'). This is also a part of preparation for making "missing _() in ui message" detection of check-code more exact.

merge: make messages translatable These messages have been overlooked by check-code, because they start with non-alphabet character (' '). Making these messages translatable seems reasonable, because all other 'ui.note()'-ed messages in calculateupdates() are already translatable. This is also a part of preparation for making "missing _() in ui message" detection of check-code more exact.

httppeer: make a message translatable This message has been overlooked by check-code, because it starts with non-alphabet character ('('). Making this message translatable seems reasonable, because exception message below in same function is already translatable - 'cannot create new http repository' This is also a part of preparation for making "missing _() in ui message" detection of check-code more exact.

notify: make a message translatable This message has been overlooked by check-code, because it starts with non-alphabet character ('\'). Making this message translatable seems reasonable, because messages below in same function are already translatable - '\ndiffs (truncated from %d to %d lines):\n\n' - '\ndiffs (%d lines):\n\n' This is also a part of preparation for making "missing _() in ui message" detection of check-code more exact.

gpg: make a message translatable This message has been overlooked by check-code, because it starts with non-alphabet character ('%'). This is also a part of preparation for making "missing _() in ui message" detection of check-code more exact.

revset: use getargsdict for sort() This makes it possible to use keyword arguments to specify per-sort options. For example, a hypothetical 'first' option for the user sort could sort certain users first with: sort(all(), user, user.first=mpm@selenic.com)

merge with stable

changegroup: extract method that sorts nodes to send The current implementation of narrowhg needs to influence the order in which nodes are sent to the client. adgar@ and I think this is fixable, but it's going to require pretty substantial time investment, so in the interim we'd like to extract this method. I think it makes the group() code a little more obvious, as it took us a couple of tries to isolate the exact behavior we were observing.

hg: disable demandimport for py3

tests: enable import checker for all python files (including no .py files) i18n/posplit is excluded as it couldn't be trivially fixed. That's the same as 99a2bdad0fda.

tests: make 'f' utility import hashlib unconditionally It must exist on Python 2.5+.

tests: fix typo of shebang prefix in test-check-pyflakes.t

hghave: silence future pyflakes warning of unused import

tests: remove unused import from 'f' utility It should have been caught by pyflakes.

bookmarks: allow pushing active bookmark on new remote head (issue5236) Before 'hg push -B .' on new remote head complained with: abort: push creates new remote head ... It was because _nowarnheads was not expanding active bookmark name, so it didn't add active bookmark "proper" name to no warn heads list.

sslutil: remove redundant check of sslsocket.cipher() We are doing this check in both wrapsocket() and validatesocket(). The check was added to the validator in 4bb59919c905 and the commit message justifies the redundancy with a "might." The check in wrapsocket() was added in 0cc4ad757c77, which appears to be part of the same series. I'm going to argue the redundancy isn't needed. I choose to keep the check in wrapsocket() because it is working around a bug in Python's wrap_socket() and I feel the check for the bug should live next to the function call exhibiting the bug.

sslutil: convert socket validation from a class to a function (API) Now that the socket validator doesn't have any instance state, we can make it a generic function. The "validator" class has been converted into the "validatesocket" function and all consumers have been updated.

sslutil: store and use hostname and ui in socket instance Currently, we pass a hostname and ui to sslutil.wrap_socket() then create a separate sslutil.validator instance also from a hostname and ui. There is a 1:1 mapping between a wrapped socket and a validator instance. This commit lays the groundwork for making the validation function generic by storing the hostname and ui instance in the state dict attached to the socket instance and then using these variables in the validator function. Since the arguments to sslutil.validator.__init__ are no longer used, we make them optional and make __init__ a no-op.

sslutil: use a dict for hanging hg state off the wrapped socket I plan on introducing more state on the socket instance. Instead of using multiple variables, let's just use one to minimize risk of name collision.

sslutil: require serverhostname argument (API) All callers now specify it. So we can require it. Requiring the argument means SNI will always work if supported by Python. The main reason for this change is to store state on the socket instance to make the validation function generic. This will be evident in subsequent commits.

annotate: optimize line counting We used len(text.splitlines()) to count lines. This allocates, copies, and deallocates an object for every line in a file. Instead, we use count("\n") to count newlines and adjust based on whether there's a trailing newline. This improves the speed of annotating localrepo.py from 4.2 to 4.0 seconds.

purge: use opts.get() Most commands use opts.get() to retrieve values for options that may not be explicitly passed. purge wasn't. This makes it easier to call purge() from 3rd party extensions.

test-run-tests: clean up inuse server eagerly

tests: refactor run-tests helpers test-run-tests-rev.t will need them

tests: silence test-repo obsolete warning refactoring test-check-commit.t HGRCPATH bits as helpers-testrepo.sh

largefiles: send statlfile remote calls only for nonexisting locally files Files that are already in local store should be checked locally. The problem with this implementation is how difference in messages between local and remote checks should look like. For now local errors for file missing and content corrupted looks like this: 'changeset cset: filename references missing storepath\n' 'changeset cset: filename references corrupted storepath\n' for remote it looks like: 'changeset cset: filename missing\n' 'changeset cset: filename: contents differ\n' Contents differ error for remote calls is never raised currently - for now statlfile implementation lacks checking file content.

check-code: reject .next(...)

py3: convert to next() function next(..) was introduced in py2.6 and .next() is not available in py3 https://docs.python.org/2/library/functions.html#next

revset: rename variable to avoid shadowing with builtin next() function https://docs.python.org/2/library/functions.html#next

histedit: add experimental config for using the first word of the commit This allows users to start a commit with "verb! ..." so that when this is opened in histedit, the default action will be "verb". For example, "roll! foo" will default to the action "roll". Currently, we'll allow any known verb to be used but this is experimental.

histedit: add optional parameter for determining intial editor line A simple refactor to allow us to change the default verb for the initial editor display.

tests: enable import checker for all **.py files Several known-bad files are excluded as they couldn't be trivially fixed. That's the same as 99a2bdad0fda.

py3: make contrib/import-checker.py get along with itself Indent these imports to disable the rule of "not lexically sorted."

py3: make contrib/revsetbenchmarks.py not import symbols from stdlib modules

py3: make contrib/bdiff-torture.py conform to our import style

import-checker: extend check of symbol-import order to all local modules It doesn't make sense that (a) is allowed whereas (b) is disallowed. a) from mercurial import hg from mercurial.i18n import _ b) from . import hg from .i18n import _

import-checker: always build a list of imported symbols The next patch will rely on it.

import-checker: fix test to make a real package Otherwise "testpackage" wouldn't be counted as a package when building a list of imported symbols.

py3: move up symbol imports to enforce import-checker rules Since (b) is banned, we should do the same for (a) for consistency. a) from mercurial import hg from mercurial.i18n import _ b) from . import hg from .i18n import _

util: make copyfile avoid ambiguity of file stat if needed In some cases below, copying from backup is used to restore original contents of a file. If copying keeps ctime, mtime and size of a file, restoring is overlooked, and old contents cached before restoring isn't invalidated as expected. - failure of transaction before closing (from '.hg/journal.backup.*') - rollback of previous transaction (from '.hg/undo.backup.*') To avoid such problem, this patch makes copyfile() avoid ambiguity of file stat, if needed. Ambiguity check is executed, only if: - checkambig=True is specified (not all copying needs ambiguity check), and - destination file exists before copying This patch also adds 'not (copystat and checkambig)' assertion, because combination of copystat and checkambig is meaningless. This patch is a part of preparation for "Exact Cache Validation Plan": https://www.mercurial-scm.org/wiki/ExactCacheValidationPlan

vfs: make rename avoid ambiguity of file stat if needed In some cases below, renaming from backup is used to restore original contents of a file. If renaming keeps ctime, mtime and size of a file, restoring is overlooked, and old contents cached before restoring isn't invalidated as expected. - failure of transaction before closing (only from '.hg/journal.dirstate') - rollback of previous transaction (from '.hg/undo.*') - failure in dirstateguard scope (from '.hg/dirstate.SUFFIX') To avoid such problem, this patch makes vfs.rename() avoid ambiguity of file stat, if needed. Ambiguity check is executed, only if: - checkambig=True is specified (not all renaming needs ambiguity check), and - destination file exists before renaming This patch is a part of preparation for "Exact Cache Validation Plan": https://www.mercurial-scm.org/wiki/ExactCacheValidationPlan

vfs: make atomictempfile avoid ambiguity of file stat if needed This patch is a part of preparation for "Exact Cache Validation Plan": https://www.mercurial-scm.org/wiki/ExactCacheValidationPlan

util: make atomictempfile avoid ambiguity of file stat if needed Ambiguity check is executed at close(), only if: - atomictempfile is created with checkambig=True, and - target file exists before renaming This restriction avoids performance decrement by needless examination of file stat (for example, filelog doesn't need exact cache validation, even though it uses atomictempfile to write changes out). See description of filestat class for detail about why the logic in this patch works as expected. This patch is a part of preparation for "Exact Cache Validation Plan": https://www.mercurial-scm.org/wiki/ExactCacheValidationPlan

util: add filestat class to detect ambiguity of file stat Current posix.cachestat implementation might overlook change of a file, if changing keeps ctime, mtime and size of file. Comparison of inode number also overlooks changing in such situation, because inode number is rapidly reused. Contents of a file cached before changing isn't invalidated as expected, if change of a file is overlooked for this "ambiguity" of file stat. This patch adds filestat class to detect ambiguity of file stat. This patch is a part of preparation for "Exact Cache Validation Plan": https://www.mercurial-scm.org/wiki/ExactCacheValidationPlan

run-tests: handle json.dumps divergence In py2, json.dumps includes a trailing space after a comma at the end of lines. The py3 behavior which omits the trailing space is preferable, so we're going to strip it.

tests: use debuginstall to retrieve hg version

debuginstall: add mercurial version

strip: invalidate phase cache after stripping changeset (issue5235) When we remove a changeset from the changelog, the phase cache must be invalidated, otherwise it could refer to changesets that are no longer in the repo. To reproduce the failure, I created an extension querying the phase cache after the strip transaction is over. To do that, I stripped two commits with a bookmark on one of them to force another transaction (we open a transaction for moving bookmarks) after the strip transaction. Without the fix in this patch, the test leads to a stacktrace showing the issue: repair.strip(ui, repo, revs, backup) File "/Users/lcharignon/facebook-hg-rpms/hg-crew/mercurial/repair.py", line 205, in strip tr.close() File "/Users/lcharignon/facebook-hg-rpms/hg-crew/mercurial/transaction.py", line 44, in _active return func(self, *args, **kwds) File "/Users/lcharignon/facebook-hg-rpms/hg-crew/mercurial/transaction.py", line 490, in close self._postclosecallback[cat](self) File "$TESTTMP/crashstrip2.py", line 4, in test [repo.changelog.node(r) for r in repo.revs("not public()")] File "/Users/lcharignon/facebook-hg-rpms/hg-crew/mercurial/changelog.py", line 337, in node return super(changelog, self).node(rev) File "/Users/lcharignon/facebook-hg-rpms/hg-crew/mercurial/revlog.py", line 377, in node return self.index[rev][7] IndexError: revlog index out of range The situation was encountered in inhibit (evolve's repo) where we would crash following the volatile set invalidation submitted by Augie in e6f490e328635312ee214a12bc7fd3c7d46bf9ce. Before his patch the issue was masked as we were not accessing the phasecache after stripping a revision. This bug uncovered another but in histedit (see explanation in issue5235). I changed the histedit test accordingly to avoid fixing two things at once.

py3: make tests/svn-safe-append.py use absolute_import

py3: make tests/test-atomictempfile.py use absolute_import

py3: tests/test-check-py3-compat.t output updated The lower part of the tests runs with Python 3.5 so its remains unchanged with new commits.

py3: use setattr() to assign new class attribute The old method produces error 'object does not supports item assignment'. So setattr() is used to assign a new class attribute via __dict__ .

localrepo: use dirstate savebackup instead of handling dirstate file manually This is one step towards having dirstate manage its own storage. It will be useful for the implementation of sql dirstate [1]. This introduced a small test change: now we always write the dirstate before saving backup so in some cases where dirstate file didn't exist yet savebackup can create it. [1] https://www.mercurial-scm.org/wiki/SQLDirstatePlan

localrepo: use dirstate restorebackup instead of copying dirstate manually This is one step towards having dirstate manage its own storage. It will be useful for the implementation of sqldirstate [1]. I'm deleting two of the dirstate.invalidate() calls in localrepo because restorebackup method does that for us. [1] https://www.mercurial-scm.org/wiki/SQLDirstatePlan

dirstate: add prefix and suffix arguments to backup This would allow the code explicitly copying dirstate to use this method instead. Use of this method will increase encapsulation (the dirstate class will be sole owner of its on-disk storage).

tests: mark test-atomictempfile.py write as binary

tests: mark test-context.py write as binary

transaction: turn lack of locking into a hard failure (API) We have been warning about transactions without locks for about a year (and three releases), third party extensions had a fair grace period to fix their code, we are moving lack of locking to a hard failure in order to protect users against repository corruption.

test: extract develwarn transaction testing in its own command The lack of locking for a transation is about to change from a warning to an error. We first extract the test decidated to this warning to make the next changeset clearer.

graphmod: update edgemap in-place The edgemap update was not actually propagated to future asciiedge calls; update the edge state dictionary in-place instead.

tests: test-archive.t use mercurial.util for urllib compat

tests: test-archive.t use sys.stdout.buffer for binary output in py3

localrepo: prevent executable-bit only changes from being lost on amend If you have just executable-bit change and amend it twice it will vanish: * After the first amend the commit will have the proper executable bit set in manifest but it won't have the the file on the list of files in changelog. * The second amend will read the wrong list of files from changelog and it will copy the manifest entry from parent for this file. * Voila! The change is lost. This change repairs the bug in localrepo causing this and adds a test for it.

tests: escape bytes setting MSB in input of grep for portability GNU grep (2.21-2 or later) assumes that input is encoded in LC_CTYPE, and input is binary if it contains byte sequence not valid for that encoding. For example, if locale is configured as C, a byte setting most significant bit (MSB) makes such GNU grep show "Binary file <FILENAME> matches" message instead of matched lines unintentionally. This behavior is recognized as a bug, and fixed in GNU grep 2.25-1 or later. But some distributions are shipped with such buggy version (e.g. Ubuntu xenial, which is used by launchpad buildbot). http://debbugs.gnu.org/cgi/bugreport.cgi?bug=19230 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800670 http://packages.ubuntu.com/xenial/grep This causes failure of test-commit-interactive.t, which applies grep on CP932 byte sequence since 1111e84de635. But, explicit setting LC_CTYPE for CP932 might cause another problem, because it can't be assumed that all environment running Mercurial tests allows arbitrary locale setting. To resolve this issue, this patch escapes bytes setting MSB in input of grep. For this purpose: - str.encode('string-escape') isn't useful, because it escapes also control code (less than 0x20), and makes EOL handling complicated - "f --hexdump" isn't useful, because it isn't line-oriented - "sed -n" seems reasonable, but "sed" itself sometimes causes portability issue, too (e.g. 900767dfa80d or afb86ee925bf) This patch is posted with "stable" flag, because 1111e84de635 is on stable branch.

tests: test-archive.t use absolute_import This is a step to adding a mercurial dependency to simplify py3 compat

tests: test-archive.t use open() instead of file() for py3 compat

tests: test-archive.t use print_function

merge with stable

readlink: use print_function

tests: test-addremove-similar.t use print() for py3

tests: add coverage for run-tests.py --whitelist

hg: limit HGUNICODEPEDANTRY to py2 reload is not available in py3, and py3 is fatal anyway

py3: make i18n/hggettext use print_function

py3: make i18n/hggettext use absolute_import

py3: make doc/docchecker use print_function

py3: make doc/docchecker use absolute_import

py3: make contrib/undumprevlog use absolute_import

py3: make contrib/dumprevlog use print_function

py3: make contrib/dumprevlog use absolute_import

py3: make contrib/check-commit use print_function

py3: make contrib/check-commit use absolute_import

hgcia: remove hgcia (BC) As discussed at: https://www.mercurial-scm.org/pipermail/mercurial-devel/2016-March/081018.html, cia service is down for years. It also uses socket.setdefaulttimeout() which will break chg. This patch removes the extension.

py3: make tests/hghave use absolute_import

py3: make tests/f use absolute_import

py3: make tests/dummyssh use absolute_import

py3: make raise statement python3 compatible In python3 raise error, message has been changed to raise error(message) In additional to that nodes.SkipNode is changed to nodes.SkipNode() so that it creates an instance directly.

Added signature for changeset aaabed77791a

Added tag 3.8.2 for changeset aaabed77791a

help: search section of help topic by translated section name correctly Before this patch, "hg help topic.section" might show unexpected section of help topic in some encoding. It applies str.lower() instead of encoding.lower(str) on translated message to search section case-insensitively, but some encoding uses 0x41(A) - 0x5a(Z) as the second or later byte of multi-byte character (for example, ja_JP.cp932), and str.lower() causes unexpected result. To search section of help topic by translated section name correctly, this patch replaces str.lower() by encoding.lower(str) for both query string (in commands.help()) and translated help text (in minirst.getsections()).

patch: show lower-ed translated message correctly Before this patch, patch.filterpatch() shows meaningless translation of help message for chunk selection in some encoding. It applies str.lower() instead of encoding.lower(str) on translated message, but some encoding uses 0x41(A) - 0x5a(Z) as the second or later byte of multi-byte character (for example, ja_JP.cp932), and str.lower() causes unexpected result. To show lower-ed translated message correctly, this patch replaces str.lower() by encoding.lower(str).

py3: make i18n/posplit use print_function

py3: make i18n/posplit use absolute_import

wireproto: optimize handling of large batch responses Now that batch can be used by remotefilelog, the quadratic string copying this was doing was actually disastrous. In my local testing, fetching a 56 meg file used to take 3 minutes, and now takes only a few seconds.

cleanup: replace False identity testing with an explicit token object The recommended way to check default value (when None is not as option) is a token object. Identity testing to integer is less explicit and not guaranteed to work in all implementations.

devel: officially deprecate dirstate.write without transaction argument When we introduce the develwarning, we did not had an official deprecation API and infrastructure. We can now officially deprecate the old way with a version deadline.

devel: officially deprecate update without destination When we introduce the develwarning, we did not had an official deprecation API and infrastructure. We can now officially deprecate the old way with a version deadline.

devel: fix a typo in a deprecation warning Credit goes to Sean Farley for spotting it.

devel: officially deprecate old style revset When we introduce the develwarning, we did not had an official deprecation API and infrastructure. We can now officially deprecate the old way with a version deadline.

check-code: handle py3 open divergence open() really wants an encoding attribute

check-code: switch to opener

check-code: handle range/xrange divergence

check-code: fix py3 complaint about \NNN being invalid unicode

hghave: switch from iteritems to items With this, test-hghave.t passes on python 3. Four features fail because mercurial still is not py3 safe: absimport cacheable hardlink defaultcacerts But that will be resolved automatically eventually.

hghave: matchoutput needs to use bytes for regexp file output is bytes in py3, so we need each regexp to be bytes

revset: make dagrange preserve order of input set Unlike range, dagrange has no inverted range (such as '10:0'). So there should be no practical reason to keep dagrange as a function that forces its own ordering. No performance regression is spotted in contrib/base-revsets.txt.

tests: mark test-check-pyflakes.t as requiring hg1.0+ hg does not yet run with py3, so if you try: ./run-tests.py --local test-check-pyflakes.t ... it will try to run the local hg, which does not work and thus, hg locate will return no output to stdout (and stderr is sent to /dev/null). If you do: ./run-tests.py --with-hg=~/bin/hg test-check-pyflakes.t Then it should work, if your hg is new enough to have a locate command (hg0.6 does not have locate).

dirstate: make backup methods public They are called from outside of dirstate anyway and I want the localrepo to use them too.

check-code: add a rule banning `env -u`

subrepo: use unset instead of env -u to fix test on BSDs (issue5229)

graphmod: partial edge styling Allow for a style to only apply to the last N lines (for positive N) or everything but the first N lines (for negative N) of the section along the current node. This allows for more subtle grandparent styling. So from the default: $ hg log -G ... o Lorem ipsum dolor sit :\ amet, consectetur : : adipiscing elit, sed : : do eiusmod tempor : : o : incididunt ut labore | : et dolore magna | : aliqua. Ut enim ad | : minim veniam, quis |/ o nostrud exercitation : ullamco laboris nisi : ut aliquip ex ea : commodo consequat. : o Duis aute irure dolor | in reprehenderit in ~ voluptate velit esse cillum dolore eu to $ hg log -G --config "experimental.graphstyle.grandparent=2." ... o Lorem ipsum dolor sit |\ amet, consectetur | | adipiscing elit, sed . . do eiusmod tempor . . o | incididunt ut labore | | et dolore magna | | aliqua. Ut enim ad | | minim veniam, quis |/ o nostrud exercitation | ullamco laboris nisi | ut aliquip ex ea . commodo consequat. . o Duis aute irure dolor | in reprehenderit in ~ voluptate velit esse cillum dolore eu or $ hg log -G --config "experimental.graphstyle.grandparent=1:" ... o Lorem ipsum dolor sit |\ amet, consectetur | | adipiscing elit, sed | | do eiusmod tempor : : o | incididunt ut labore | | et dolore magna | | aliqua. Ut enim ad | | minim veniam, quis |/ o nostrud exercitation | ullamco laboris nisi | ut aliquip ex ea | commodo consequat. : o Duis aute irure dolor | in reprehenderit in ~ voluptate velit esse cillum dolore eu or $ hg log -G --config "experimental.graphstyle.grandparent=-2!" ... o Lorem ipsum dolor sit |\ amet, consectetur ! ! adipiscing elit, sed ! ! do eiusmod tempor ! ! o | incididunt ut labore | | et dolore magna | | aliqua. Ut enim ad | | minim veniam, quis |/ o nostrud exercitation | ullamco laboris nisi ! ut aliquip ex ea ! commodo consequat. ! o Duis aute irure dolor | in reprehenderit in ~ voluptate velit esse cillum dolore eu

pure: write a really lazy version of pure indexObject On PyPy this version performs reasonably well compared to C version. Example command is "hg id" which gets faster, depending on details of your operating system and hard drive (it's bottlenecked on stat mostly) There is potential for improvements by storing extra as a condensed struct too.

dispatch: always load extensions before running shell aliases (issue5230) Before this patch, we may or may not load extensions for shell aliases depending on whether the command is abbreviated or not. Loading extensions may have useful side effects to shell aliases. For example, the pager extension does not work for shell aliases. This patch removes the code checking shell aliases before loading extensions to give the user a more consistent experience. It may hurt performance for shell aliases a bit without chg but the correctness seems worth it. It will also make the behavior consistent with chg since chg will always load all extensions before running commands.

httpclient: update to upstream revision 2995635573d2 This is mostly Python 3 compat work thanks to timeless.

crecord: call prevsibling() and nextsibling() directly The 3 classes for items used in crecord (uiheader, uihunk, uihunkline) all have prevsibling() and nextsibling() methods. The two methods are used to get the previous/next item of the same type of the same parent element as the current one: when `a` is a uihunkline instance, a.nextsibling() returns the next line in this hunk (or None, if `a` is the last line). There are also two similar methods: previtem() and nextitem(). When called with constrainlevel=True (the default) they simply returned the result of prevsibling()/nextsibling(). Only when called with constrainlevel=False they did something different: they returned previous/next item regardless of its type (so if `a` is the last line in a hunk, a.nextitem(constrainlevel=False) could return the next hunk or the next file -- something that is not a line). Let's simplify this logic and make code call -sibling() methods when only siblings are needed and -item() methods when any item would do, and then remove the constrainlevel argument from previtem() and nextitem().

dispatch: add fail-* family of hooks The post-* family of hooks will not run in case a command fails (i.e. raises an exception). This makes it inconvenient to hook into events such as doing something in case of a failed push. We catch all exceptions to run the failure hook. I am not sure if this is too aggressive, but tests apparently pass.

py3: make hgext/rebase.py use absolute_import

py3: make hgext/mq.py use absolute_import

py3: make hgext/hisedit.py use absolute_import

py3: make hgext/hgk.py use absolute_import

py3: make hgext/gpg.py use absolute_import

py3: make hgext/graphlog.py use absolute_import

import-checker: recognize relative imports from parents of current package So far fromlocal recognizes relative imports of the form: from . import D from .. import E It wasn't prepared for recognizing relative imports like: from ..F import G The bug was not found so far because all relative imports starting from the parent was in the list of allowsymbolicimports like: from ..i18n import from ..node import

py3: make hgext/fetch.py use absolute_import

tests: test-check-py3-compat.t output updated The test output was not updated as the lower section of the test updates with python3.5, so it might be the case that people have updated the modules but the test was left as it was. So this patch updates the test output.

revset: factor out public optimize() function from recursion New optimize() hides internal arguments and return values. This makes it easy to add more parameters and return values to _optimize().

revset: introduce temporary variables in optimize() where they look better

revset: construct arguments of only() against matched tree Since _isonly() knows the structure of 'revs' and 'bases', it should be slightly easier to understand than destructuring 'ta' and 'tb'.

revset: unnest isonly() closure from optimize() There were no variables to be captured.

sslutil: stop checking for web.cacerts=! (BC) The previous patch stopped setting web.cacerts=! to indicate --insecure. That left user configs as the only source that could introduce web.cacerts=!. The practical impact of this patch is we no longer honor web.cacerts=! in configs. Instead, we always treat web.cacerts as a path. The patch is therefore technically BC. However, since I don't believe web.cacerts=! is documented, it should be safe to remove. a939f08fae9c (which introduced --insecure) has no indication that web.cacerts=! is anything but an implementation detail, reinforcing my belief it can be removed without major debate.

dispatch: stop setting web.cacerts=! to indicate --insecure Consumers needing to know if --insecure was used have already transitioned to using ui.insecureconnections. The previous patch removed the last meaningful consumer looking for web.cacerts=!.

sslutil: use CA loaded state to drive validation logic Until now, sslkwargs may set web.cacerts=! to indicate that system certs could not be found. This is really obtuse because sslkwargs effectively sets state on a global object which bypasses wrapsocket() and is later consulted by validator.__call__. This is madness. This patch introduces an attribute on the wrapped socket instance indicating whether system CAs were loaded. We can set this directly inside wrapsocket() because that function knows everything that sslkwargs() does - and more. With this attribute set on the socket, we refactor validator.__call__ to use it. Since we no longer have a need for setting web.cacerts=! in sslkwargs, we remove that. I think the new logic is much easier to understand and will enable behavior to be changed more easily.

sslutil: handle ui.insecureconnections in validator Right now, web.cacerts=! means one of two things: 1) Use of --insecure 2) No CAs could be found and were loaded (see sslkwargs) This isn't very obvious and makes changing behavior of these different scenarios independent of the other impossible. This patch changes the validator code to explicit handle the case of --insecure being used. As the inline comment indicates, there is room to possibly change messaging and logic here. For now, we are backwards compatible.

sslutil: check for ui.insecureconnections in sslkwargs The end result of this function is the same. We now have a more explicit return branch. We still keep the old code looking at web.cacerts=! a few lines below because we're still setting web.cacerts=! and need to react to the variable. This will be removed in an upcoming patch.

dispatch: set ui.insecureconnections when --insecure is used

ui: add an instance flag to hold --insecure bit Currently, when --insecure is used we set web.cacerts=! and socket validation takes this value into account. web.cacerts=! is not documented AFAICT and is purely an internal implementation detail. Let's be more explicit about what is going on by introducing a dedicated variable outside of the config values to track that --insecure is used.

sslutil: make sslkwargs code even more explicit The ways in which this code can interact with socket wrapping and validation later are mind numbing. This patch helps make it even more clear. The end behavior should be identical.

sslutil: move code examining _canloaddefaultcerts out of _defaultcacerts Before, the return of _defaultcacerts() was 1 of 3 types. This was difficult to read. Make it return a path or None. We had to update hghave.py in the same patch because it was also looking at this internal function. I wasted dozens of minutes trying to figure out why tests were failing until I found the code in hghave.py...

sslutil: further refactor sslkwargs The logic here and what happens with web.cacerts is mind numbing. Make the code even more explicit.

sslutil: document and slightly refactor sslkwargs This will help me and any reviewers keep sane as this code is refactored.

localrepo: remove a couple of local type aliases The local aliases are unused now, and were confusing mypy's type checker.

cmdutil: typo fix in comment

tests: add globs for Windows

chgserver: add [alias] to confighash The [alias] config section affects a global state: commands.table. It's hard to trace whether an alias is added by a config option or an extension, and add/remove aliases in a safe way per chg request. It will hurt performance a bit if we clean the table and parse aliases every time. Therefore let's just add it to confighash. This will make chg pass test-pager.t.

devel: use the 'config' argument for the dirstate normalisation develwarn

devel: use the new 'config' argument for the update develwarn

devel: use the new 'config' argument for the revset develwarn

devel: use the new 'config' argument for the dirstate develwarn

devel: use the new 'config' argument of the develwarn in deprecwarn Controling all deprecation warnings with the same config seems sensible. This mirror a fix (about missing gating) submitted for stable but with the new API.

develwarn: move config gating inside the develwarn function The config gating is almost always the same and contributor tend to forget it. We move the logic inside the function. Call site will be updated in later changeset. We might make the sub config mandatory in the future (once all old call sites are gone).

help: fix the display for `hg help internals.revlogs` (issue5227) It previously aborted saying the help section wasn't found. Credit to Yuya for figuring out the fix.

builddeb: add distroseries to tagged versions This is needed so that launchpad and friends have a unique version number for each distroseries (trusty, wily, xenial, etc). It was discovered when trying to upload 3.8 to launchpad.

debian: forgot to make debian/rules executable in 6b95a623ec90

debian: add wish to suggests Debian maintainers already have this and lintian warns us about not listing 'wish' as a dependency or suggestion so this patch does indeed just that. The issue, by the way, is that we are shipping hgk (which is written in tcl/tk) so we should be good citizens and list wish (a meta package for tcl/tk) as a dependency.

hg-ssh: copy doc string to man page This corrects a warning from lintian that we're shipping an executable without a man page. Since there is a doc string in the text, let's use that for the man page.

progress: stop excessive clearing (issue4801) The progress bar was being cleared on every write(), regardless of whether it was currently displayed. This could foul up the display of any writes that didn't include a linebreak. In particular, the win32 mode of the color extension was turning single prompt string writes into two writes, and the resulting clear/write/clear/write pattern was making the prompt invisible. We fix this by insisting that we have shown a progress bar and haven't just cleared it (setting lastprint to 0). Conveniently, the test suite already had instances of duplicate clears.. that are now cleared up.

chgserver: remove _clearenvaliases Since we expand environment variables in alias lazily, the _clearenvaliases hack is no longer necessary. This resolves an issue that a non-shell alias which has environment variables in its arguments and is set to use pager will not use pager running with chg.

dispatch: defer environment variable resolution in alias commands (BC) Before this patch, if there are environment variables in an alias command, they will be expanded immediately when we first see the alias. This will cause issues with chg, because environment variable updates will not propagate to expanded arguments. This patch makes "args" of "cmdalias" a property that will be calculated every time when accessed.

rollback: add a config knob for entirely disabling the command This is of pretty high value for organizations that used to use p4 (as an example), since `p4 rollback` is what we call `hg backout`.

templater: add separate() template function A pretty common pattern in templates is adding conditional separators like so: {node}{if(bookmarks, " {bookmarks}")}{if(tags, " {tags}")} With this patch, the above can be simplified to: {separate(" ", node, bookmarks, tags)} The function is similar to the already existing join(), but with a few differences: * separate() skips empty arguments * join() expects a single list argument, while separate() expects each item as a separate argument * separate() takes the separator first in order to allow a variable number of arguments after it

bookmarks: jettison bmstore's write() method per deprecation policy

merge with stable

deprecation: gate deprecation warning behind devel configuration Regular users are not supposed to be exposed to the API deprecation warnings. We now only issue them when the developper warnings are enabled.

crecord: update downarrowshiftevent() docstring, remove todo The phrasing is mostly taken from uparrowshiftevent().

crecord: remove things that don't happen in functions from their docstrings Scrolling screen is currently done in a different place. The things that had been described in the docstrings may still happen, but the functions touched by this patch don't do any scrolling, they only set self.currentselecteditem and nothing more.

crecord: remove skipfolded keyword argument from patchnode.previtem() It wasn't used, it wasn't implemented. Probably was a copy-paste bonus from patchnode.nextitem()

crecord: update a copy-pasted comment in downarrowshiftevent()

crecord: drop the version condition for amend The UI is now shipped in core, amend feature is always available.

crecord: add/remove blank lines (coding style)

localrepo: jettison parents() method per deprecation policy (API)

revset: define _parsealias() in _aliasrules class It's short. It doesn't make sense to define _parsealias() outside of the class.

revset: factor out common parsing function

revset: inline _tokenizealias() into _parsealias() This helps factoring out common part between _parsealias() and parse().

store: treat range as a generator instead of a list for py3 compat

ui: add new config option for help text width Before this patch, when printing help text using `hg help`, or `hg log -h`, the output will wrap at 78 chars even if the user has a bigger terminal width and there is no config option to change it, making the experience different from the commonly used `man` tool. This patch introduces a new config option `ui.textwidth`, which replaces the hardcoded number. It's set to 78 by default to maintain compatibility. When set to 0, `hg help` will behave more like `man`.

tests: test histedit base command plan help

largefiles: makes verify batching stat calls to remote Instead of sending stat calls for each files separately, it sends one batch call with stat invocations for all files.

largefiles: change basestore._verifyfile to take list of files to check Makes it easier to use batch stat calls in remotestore to decrease number of round trips.

bookmarks: properly invalidate volatile sets when writing bookmarks This corrects a regression introduced during the 3.7 cycle, but which went undetected due to the surviving-but-deprecated write() method on bmstore.

test-obsolete: update extension in test to actually work This hasn't been testing anything since partway through the 3.7 cycle due to unrelated refactoring. Sadly, the behavior it was trying to prevent reemerged in the codebase at that time. A fix is in the next patch, because proving that the fix was actually correct ended up being trickier than I expected.