FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 31 May 2016 21:02:30 +0900] rev 29279
check-code: make repquote distinguish more characters for exact detection
This patch makes repquote() distinguish more characters below, as a
preparation for exact detection in subsequent patch.
- "%" as "%"
- "\\" as "b"(ackslash)
- "*" as "A"(sterisk)
- "+" as "P"(lus)
- "-" as "M"(inus)
Characters other than "%" don't use itself as replacement, because
they are treated as special ones in regexp.
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 31 May 2016 21:02:30 +0900] rev 29278
check-code: centralize rules depending on implementation of repquote
This decreases the cost of checking which regexp should be adjusted at
change of repquote().
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 31 May 2016 21:02:30 +0900] rev 29277
check-code: use fixedmap for replacement of space characters
This can centralize management of fixed replacement into fixedmap.
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 31 May 2016 20:58:10 +0900] rev 29276
check-code: replace quoted characters correctly
169cb9e47f8e tried to detect '.. note::' more exactly. But
implementation of it seems not correct, because:
- fromc.find(c) returns -1 for other than "." and ":"
- tochr[-1] returns "q" for such characters, but
- expected result for them is "o"
This patch uses dict to manage replacement instead of replacing
str.find() by str.index(), for improvement/refactoring in subsequent
patches. Examination by fixedmap is placed just after examination for
' ' and '\n', because subsequent patch will integrate the latter into
the former.
This patch also changes regexp for 'string join across lines with no
space' rule, and adds detailed test for it, because 169cb9e47f8e did:
- make repquote() distinguish "." (as "p") and ":" (as "q") from
others (as "o"), but
- not change this regexp without any reason (in commit log, at
least), even though this regexp depends on what "o" means
This patch doesn't focuses on deciding whether "." and/or ":" should
be followed by whitespace or not in translatable messages.
Yuya Nishihara <yuya@tcha.org> [Sat, 21 May 2016 21:43:29 +0900] rev 29275
test-chg: add basic tests for server lifecycle
I'm going to move around the codes in AutoExitMixIn. This test should catch
a subtle bug of unlinking sockets which I made in draft patches.
Yuya Nishihara <yuya@tcha.org> [Sun, 20 Mar 2016 14:59:03 -0700] rev 29274
test-chg: run only with chg
It doesn't make sense to run test-chg.t without chg, so ignore it with vanilla
hg, and specify chg executable explicitly.
test-chg.t can host chg-specific tests.
Mateusz Kwapich <mitrandir@fb.com> [Thu, 26 May 2016 17:36:44 -0700] rev 29273
distate: add assertions to backup functions
Those assertions will prevent the backup functions from overwriting
the dirstate file in case both: suffix and prefix are empty.
(foozy suggested making that change and I agree with him)
Matt Mackall <mpm@selenic.com> [Wed, 01 Jun 2016 15:48:38 -0500] rev 29272
Added signature for changeset a9764ab80e11
Matt Mackall <mpm@selenic.com> [Wed, 01 Jun 2016 15:48:30 -0500] rev 29271
Added tag 3.8.3 for changeset a9764ab80e11
Mateusz Kwapich <mitrandir@fb.com> [Tue, 24 May 2016 13:29:53 -0700] rev 29270
shelve: use backup functions instead of manually copying dirstate
This increases encapsulation of dirstate: the dirstate file is private
to the dirstate module and shouldn't be touched by extensions directly.
Mateusz Kwapich <mitrandir@fb.com> [Wed, 25 May 2016 16:36:16 -0700] rev 29269
dirstate: don't use actualfilename to name the backup file
The issue with using actualfilename is that dirstate saved during transaction
with "pending" in filename will be impossible to recover from outside of the
transaction because the recover method will be looking for the name without
"pending".
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 28 May 2016 12:58:46 -0700] rev 29268
sslutil: reference appropriate config section in messaging
Error messages reference the config section defining the host
fingerprint. Now that we have multiple sections where this config
setting could live, we need to point the user at the appropriate
one.
We default to the new "hostsecurity" section. But we will still
refer them to the "hostfingerprint" section if a value is defined
there.
There are some corner cases where the messaging might be off. e.g.
they could define a SHA-1 fingerprint in both sections. IMO the
messaging needs a massive overhaul. I plan to do this as part
of future refactoring to security settings.
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 28 May 2016 12:37:36 -0700] rev 29267
sslutil: allow fingerprints to be specified in [hostsecurity]
We introduce the [hostsecurity] config section. It holds per-host
security settings.
Currently, the section only contains a "fingerprints" option,
which behaves like [hostfingerprints] but supports specifying the
hashing algorithm.
There is still some follow-up work, such as changing some error
messages.
timeless <timeless@mozdev.org> [Wed, 09 Mar 2016 19:55:45 +0000] rev 29266
debuginstall: expose modulepolicy
With this, you can check for pure easily:
$ HGMODULEPOLICY=py ./hg debuginstall -T "{hgmodulepolicy}"
py
Yuya Nishihara <yuya@tcha.org> [Sat, 14 May 2016 19:52:00 +0900] rev 29265
revset: define table of sort() key functions
This should be more readable than big "if" branch.
Yuya Nishihara <yuya@tcha.org> [Sat, 14 May 2016 19:46:18 +0900] rev 29264
revset: factor out reverse flag of sort() key
Prepares for making a table of sort keys. This assumes 'k' has at least one
character, which should be guaranteed by keys.split().
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 28 May 2016 12:29:59 -0700] rev 29263
tests: don't save host fingerprints in hgrc
Previously, the test saved the host fingerprints in hgrc. Many tests
override the fingerprint at run-time. This was a bit dangerous and
was too magical for my liking. It will also interfere with a future
patch that adds a new source for obtaining fingerprints.
So change the test to require the fingerprint on every command
invocation.
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 28 May 2016 11:58:28 -0700] rev 29262
sslutil: calculate host fingerprints from additional algorithms
Currently, we only support defining host fingerprints with SHA-1.
A future patch will introduce support for defining fingerprints
using other hashing algorithms. In preparation for that, we
rewrite the fingerprint verification code to support multiple
fingerprints, namely SHA-256 and SHA-512 fingerprints.
We still only display the SHA-1 fingerprint. We'll have to revisit
this code once we support defining fingerprints with other hash
functions.
As part of this, I snuck in a change to use range() instead of
xrange() because xrange() isn't necessary for such small values.
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 28 May 2016 12:57:28 -0700] rev 29261
util: add sha256
Upcoming patches will teach host fingerprint checking to verify
non-SHA1 fingerprints.
Many x509 certificates these days are SHA-256. And modern browsers
often display the SHA-256 fingerprint for certificates. Since
SHA-256 fingerprints are highly visible and easy to obtain, we
want to support them for fingerprint pinning. So add SHA-256
support to util.
I did not add SHA-256 to DIGESTS and DIGESTS_BY_STRENGTH because
this will advertise the algorithm on the wire protocol. I wasn't
sure if that would be appropriate. I'm playing it safe by leaving
it out for now.
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 28 May 2016 12:53:33 -0700] rev 29260
sslutil: move CA file processing into _hostsettings()
The CA file processing code has been moved from _determinecertoptions
into _hostsettings(). As part of the move, the logic has been changed
slightly and the "cacerts" variable has been renamed to "cafile" to
match the argument used by SSLContext.load_verify_locations().
Since _determinecertoptions() no longer contains any meaningful
code, it has been removed.
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 28 May 2016 11:41:21 -0700] rev 29259
sslutil: move SSLContext.verify_mode value into _hostsettings
_determinecertoptions() and _hostsettings() are redundant with each
other. _hostsettings() is used the flexible API we want.
We start the process of removing _determinecertoptions() by moving
some of the logic for the verify_mode value into _hostsettings().
As part of this, _determinecertoptions() now takes a settings dict
as its argument. This is technically API incompatible. But since
_determinecertoptions() came into existence a few days ago as part
of this release, I'm not flagging it as such.
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 28 May 2016 11:12:02 -0700] rev 29258
sslutil: introduce a function for determining host-specific settings
This patch marks the beginning of a series that introduces a new,
more configurable, per-host security settings mechanism. Currently,
we have global settings (like web.cacerts and the --insecure argument).
We also have per-host settings via [hostfingerprints].
Global security settings are good for defaults, but they don't
provide the amount of control often wanted. For example, an
organization may want to require a particular CA is used for a
particular hostname.
[hostfingerprints] is nice. But it currently assumes SHA-1.
Furthermore, there is no obvious place to put additional per-host
settings.
Subsequent patches will be introducing new mechanisms for defining
security settings, some on a per-host basis. This commits starts
the transition to that world by introducing the _hostsettings
function. It takes a ui and hostname and returns a dict of security
settings. Currently, it limits itself to returning host fingerprint
info.
We foreshadow the future support of non-SHA1 hashing algorithms
for verifying the host fingerprint by making the "certfingerprints"
key a list of tuples instead of a list of hashes.
We add this dict to the hgstate property on the socket and use it
during socket validation for checking fingerprints. There should be
no change in behavior.
Danek Duvall <danek.duvall@oracle.com> [Fri, 27 May 2016 15:20:03 -0700] rev 29257
tests-subrepo-git: emit a different "pwned" message based on the test
Having a single "pwned" message which may or may not be emitted during the
tests for CVE-2016-3068 leads to extra confusion. Allow each test to emit
a more detailed message based on what the expectations are.
In both cases, we expect a version of git which has had the vulnerability
plugged, as well as a version of mercurial which also knows about
GIT_ALLOW_PROTOCOL. For the first test, we make sure GIT_ALLOW_PROTOCOL is
unset, meaning that the ext-protocol subrepo should be ignored; if it
isn't, there's either a problem with mercurial or the installed copy of
git.
For the second test, we explicitly allow ext-protocol subrepos, which means
that the subrepo will be accessed and a message emitted confirming that
this was, in fact, our intention.
Danek Duvall <danek.duvall@oracle.com> [Fri, 27 May 2016 15:10:38 -0700] rev 29256
tests-subrepo-git: make the "pwned" message output in a stable order
The "pwned" message from this test gets gets sent to stderr, and so may get
emitted in different places from run to run in the rest of mercurial's
output. This patch forces the message to go to a specific file instead,
whose existence and contents we can examine at a stable point in the test's
execution.
Danek Duvall <danek.duvall@oracle.com> [Fri, 27 May 2016 11:14:29 -0700] rev 29255
test-cache-abuse: correct for different hunk headers between Solaris and GNU
When diffing against an empty file, Solaris diff uses 1 to designate the
first line of the empty file (either -1,0 on the left or +1,0 on the right)
while GNU diff uses 0 (-0,0 and +0,0). We use a glob here to make sure the
test passes with either toolchain.
I've not added tests to check-code because there are scads of places in the
tests where the GNU format is used due to that being the format that "hg
diff" and "hg export" use, and changing those to use globs seems wrong.
Javi Merino <merino.jav@gmail.com> [Fri, 27 May 2016 21:24:05 +0200] rev 29254
lazymanifest: fix typo s/typles/tuples/
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:57:31 -0700] rev 29253
sslutil: remove sslkwargs() (API)
It is now unused.
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:57:02 -0700] rev 29252
url: remove use of sslkwargs
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:56:20 -0700] rev 29251
mail: remove use of sslkwargs
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:54:06 -0700] rev 29250
httpconnection: remove use of sslkwargs
It now does nothing.
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:52:02 -0700] rev 29249
sslutil: move sslkwargs logic into internal function (API)
As the previous commit documented, sslkwargs() doesn't add any
value since its return is treated as a black box and proxied
to wrapsocket().
We formalize its uselessness by moving its logic into a
new, internal function and make sslkwargs() return an empty
dict.
The certificate arguments that sslkwargs specified have been
removed from wrapsocket() because they should no longer be
set.
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:43:22 -0700] rev 29248
sslutil: remove ui from sslkwargs (API)
Arguments to sslutil.wrapsocket() are partially determined by
calling sslutil.sslkwargs(). This function receives a ui and
a hostname and determines what settings, if any, need to be
applied when the socket is wrapped.
Both the ui and hostname are passed into wrapsocket(). The
other arguments to wrapsocket() provided by sslkwargs() (ca_certs
and cert_reqs) are not looked at or modified anywhere outside
of sslutil.py. So, sslkwargs() doesn't need to exist as a
separate public API called before wrapsocket().
This commit starts the process of removing external consumers of
sslkwargs() by removing the "ui" key/argument from its return.
All callers now pass the ui argument explicitly.
Mateusz Kwapich <mitrandir@fb.com> [Wed, 25 May 2016 16:09:07 -0700] rev 29247
dirstate: remove file from copymap on drop
As the copymap is short-lived object regenerated from dirstate on each
read this didn't affect us in any serious way. But since I've started working
on permanent storage of copymap in my experiments with sqldirstate[1] I've seen
this bug leaving the copy information in copymap after reverting the file
moves and copies.
[1] https://www.mercurial-scm.org/wiki/SQLDirstatePlan
timeless <timeless@mozdev.org> [Thu, 26 May 2016 02:35:44 +0000] rev 29246
run-tests: use json.dumps(separators=)
Followup to daff05dcd184 per Martijn Pieters
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Thu, 26 May 2016 01:57:34 +0900] rev 29245
debugignore: make messages translatable
These messages have been overlooked by check-code, because they start
with non-alphabet character ('%' or '(').
Making these messages translatable seems reasonable, because messages
for ui.note(), ui.status(), ui.progress() and descriptive messages for
ui.write() in "debug" commands are already translatable in many cases.
This is also a part of preparation for making "missing _() in ui
message" detection of check-code more exact.
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Thu, 26 May 2016 01:57:34 +0900] rev 29244
grep: make a message translatable
This message has been overlooked by check-code, because it starts with
non-alphabet character (' ').
This is also a part of preparation for making "missing _() in ui
message" detection of check-code more exact.
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Thu, 26 May 2016 01:57:34 +0900] rev 29243
subrepo: make a message translatable
This message has been overlooked by check-code, because it starts with
non-alphabet character ('%').
This is also a part of preparation for making "missing _() in ui
message" detection of check-code more exact.
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Thu, 26 May 2016 01:57:34 +0900] rev 29242
merge: make messages translatable
These messages have been overlooked by check-code, because they start
with non-alphabet character (' ').
Making these messages translatable seems reasonable, because all other
'ui.note()'-ed messages in calculateupdates() are already
translatable.
This is also a part of preparation for making "missing _() in ui
message" detection of check-code more exact.
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Thu, 26 May 2016 01:57:34 +0900] rev 29241
httppeer: make a message translatable
This message has been overlooked by check-code, because it starts with
non-alphabet character ('(').
Making this message translatable seems reasonable, because exception
message below in same function is already translatable
- 'cannot create new http repository'
This is also a part of preparation for making "missing _() in ui
message" detection of check-code more exact.
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Thu, 26 May 2016 01:57:34 +0900] rev 29240
notify: make a message translatable
This message has been overlooked by check-code, because it starts with
non-alphabet character ('\').
Making this message translatable seems reasonable, because messages
below in same function are already translatable
- '\ndiffs (truncated from %d to %d lines):\n\n'
- '\ndiffs (%d lines):\n\n'
This is also a part of preparation for making "missing _() in ui
message" detection of check-code more exact.
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Thu, 26 May 2016 01:57:34 +0900] rev 29239
gpg: make a message translatable
This message has been overlooked by check-code, because it starts with
non-alphabet character ('%').
This is also a part of preparation for making "missing _() in ui
message" detection of check-code more exact.
Martijn Pieters <mjpieters@fb.com> [Mon, 23 May 2016 14:09:50 -0700] rev 29238
revset: use getargsdict for sort()
This makes it possible to use keyword arguments to specify per-sort options.
For example, a hypothetical 'first' option for the user sort could sort certain
users first with:
sort(all(), user, user.first=mpm@selenic.com)
Matt Mackall <mpm@selenic.com> [Wed, 25 May 2016 15:32:35 -0500] rev 29237
merge with stable
Augie Fackler <augie@google.com> [Thu, 12 May 2016 22:29:05 -0400] rev 29236
changegroup: extract method that sorts nodes to send
The current implementation of narrowhg needs to influence the order in
which nodes are sent to the client. adgar@ and I think this is
fixable, but it's going to require pretty substantial time investment,
so in the interim we'd like to extract this method.
I think it makes the group() code a little more obvious, as it took us
a couple of tries to isolate the exact behavior we were observing.
timeless <timeless@mozdev.org> [Wed, 11 May 2016 23:24:41 +0000] rev 29235
hg: disable demandimport for py3
Yuya Nishihara <yuya@tcha.org> [Sun, 15 May 2016 10:48:05 +0900] rev 29234
tests: enable import checker for all python files (including no .py files)
i18n/posplit is excluded as it couldn't be trivially fixed. That's the same
as 99a2bdad0fda.
Yuya Nishihara <yuya@tcha.org> [Sun, 15 May 2016 10:45:32 +0900] rev 29233
tests: make 'f' utility import hashlib unconditionally
It must exist on Python 2.5+.
Yuya Nishihara <yuya@tcha.org> [Sun, 15 May 2016 10:41:01 +0900] rev 29232
tests: fix typo of shebang prefix in test-check-pyflakes.t
Yuya Nishihara <yuya@tcha.org> [Sun, 15 May 2016 10:40:26 +0900] rev 29231
hghave: silence future pyflakes warning of unused import
Yuya Nishihara <yuya@tcha.org> [Sun, 15 May 2016 10:39:44 +0900] rev 29230
tests: remove unused import from 'f' utility
It should have been caught by pyflakes.
liscju <piotr.listkiewicz@gmail.com> [Tue, 24 May 2016 23:36:27 +0200] rev 29229
bookmarks: allow pushing active bookmark on new remote head (issue5236)
Before 'hg push -B .' on new remote head complained with:
abort: push creates new remote head ...
It was because _nowarnheads was not expanding active bookmark
name, so it didn't add active bookmark "proper" name to no
warn heads list.
Gregory Szorc <gregory.szorc@gmail.com> [Sun, 15 May 2016 11:50:49 -0700] rev 29228
sslutil: remove redundant check of sslsocket.cipher()
We are doing this check in both wrapsocket() and validatesocket().
The check was added to the validator in 4bb59919c905 and the commit
message justifies the redundancy with a "might." The check in
wrapsocket() was added in 0cc4ad757c77, which appears to be part of
the same series. I'm going to argue the redundancy isn't needed.
I choose to keep the check in wrapsocket() because it is working
around a bug in Python's wrap_socket() and I feel the check for
the bug should live next to the function call exhibiting the bug.
Gregory Szorc <gregory.szorc@gmail.com> [Sun, 15 May 2016 11:38:38 -0700] rev 29227
sslutil: convert socket validation from a class to a function (API)
Now that the socket validator doesn't have any instance state,
we can make it a generic function.
The "validator" class has been converted into the "validatesocket"
function and all consumers have been updated.
Gregory Szorc <gregory.szorc@gmail.com> [Sun, 15 May 2016 11:32:11 -0700] rev 29226
sslutil: store and use hostname and ui in socket instance
Currently, we pass a hostname and ui to sslutil.wrap_socket()
then create a separate sslutil.validator instance also from
a hostname and ui. There is a 1:1 mapping between a wrapped
socket and a validator instance. This commit lays the groundwork
for making the validation function generic by storing the
hostname and ui instance in the state dict attached to the
socket instance and then using these variables in the
validator function.
Since the arguments to sslutil.validator.__init__ are no longer
used, we make them optional and make __init__ a no-op.
Gregory Szorc <gregory.szorc@gmail.com> [Sun, 15 May 2016 11:25:07 -0700] rev 29225
sslutil: use a dict for hanging hg state off the wrapped socket
I plan on introducing more state on the socket instance. Instead
of using multiple variables, let's just use one to minimize risk
of name collision.
Gregory Szorc <gregory.szorc@gmail.com> [Thu, 05 May 2016 19:10:18 -0700] rev 29224
sslutil: require serverhostname argument (API)
All callers now specify it. So we can require it.
Requiring the argument means SNI will always work if supported
by Python.
The main reason for this change is to store state on the socket
instance to make the validation function generic. This will be
evident in subsequent commits.
Matt Mackall <mpm@selenic.com> [Wed, 18 May 2016 16:37:32 -0500] rev 29223
annotate: optimize line counting
We used len(text.splitlines()) to count lines. This allocates, copies, and
deallocates an object for every line in a file. Instead, we use
count("\n") to count newlines and adjust based on whether there's a
trailing newline.
This improves the speed of annotating localrepo.py from 4.2 to 4.0
seconds.
Gregory Szorc <gregory.szorc@gmail.com> [Mon, 16 May 2016 14:21:39 -0700] rev 29222
purge: use opts.get()
Most commands use opts.get() to retrieve values for options
that may not be explicitly passed. purge wasn't.
This makes it easier to call purge() from 3rd party extensions.
timeless <timeless@mozdev.org> [Wed, 11 May 2016 15:20:25 +0000] rev 29221
test-run-tests: clean up inuse server eagerly
timeless <timeless@mozdev.org> [Wed, 11 May 2016 16:40:16 +0000] rev 29220
tests: refactor run-tests helpers
test-run-tests-rev.t will need them
timeless <timeless@mozdev.org> [Wed, 11 May 2016 04:49:27 +0000] rev 29219
tests: silence test-repo obsolete warning
refactoring test-check-commit.t HGRCPATH bits as helpers-testrepo.sh
liscju <piotr.listkiewicz@gmail.com> [Mon, 09 May 2016 10:05:32 +0200] rev 29218
largefiles: send statlfile remote calls only for nonexisting locally files
Files that are already in local store should be checked locally. The problem
with this implementation is how difference in messages between local and remote
checks should look like. For now local errors for file missing and content
corrupted looks like this:
'changeset cset: filename references missing storepath\n'
'changeset cset: filename references corrupted storepath\n'
for remote it looks like:
'changeset cset: filename missing\n'
'changeset cset: filename: contents differ\n'
Contents differ error for remote calls is never raised currently - for now
statlfile implementation lacks checking file content.
timeless <timeless@mozdev.org> [Mon, 16 May 2016 21:18:59 +0000] rev 29217
check-code: reject .next(...)
timeless <timeless@mozdev.org> [Mon, 16 May 2016 21:30:53 +0000] rev 29216
py3: convert to next() function
next(..) was introduced in py2.6 and .next() is not available in py3
https://docs.python.org/2/library/functions.html#next