osx: delay version computation on macOS builds Before this patch, HGVER would be evaluated at the beginning of the make execution, and would be unset because build/mercurial/ doesn't exist yet at that point. Now we compute the version after the `make install` run has completed. This is backported to stable from 8626b44516c1, but that revision had an error in the shell invocation syntax.

branchmap: revert c34532365b38 for Python 2.7 compatibility Old versions of python 2.7 don't like that the second argument to struct.unpack_from is a bytearray, so the change removing the util.buffer around that argument in branchmap broke running on older versions of python 2.7. Differential Revision: https://phab.mercurial-scm.org/D330

Added signature for changeset 3fee7f7d2da0

Added tag 4.3.1 for changeset 3fee7f7d2da0

ssh: unban the use of pipe character in user@host:port string This vulnerability was fixed by the previous patch and there were more ways to exploit than using '|shellcmd'. So it doesn't make sense to reject only pipe character. Test cases are updated to actually try to exploit the bug. As the SSH bridge of git/svn subrepos are not managed by our code, the tests for non-hg subrepos are just removed. This may be folded into the original patches.

ssh: quote parameters using shellquote (SEC) This patch uses shellquote to quote ssh parameters more strictly to avoid shell injection.

subrepo: add tests for git rogue ssh urls (SEC) 'ssh://' has an exploit that will pass the url blindly to the ssh command, allowing a malicious person to have a subrepo with '-oProxyCommand' which could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' is able to execute arbitrary commands. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.

subrepo: add tests for svn rogue ssh urls (SEC) 'ssh://' has an exploit that will pass the url blindly to the ssh command, allowing a malicious person to have a subrepo with '-oProxyCommand' which could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' is able to execute arbitrary commands. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.

subrepo: add tests for hg rogue ssh urls (SEC) 'ssh://' has an exploit that will pass the url blindly to the ssh command, allowing a malicious person to have a subrepo with '-oProxyCommand' which could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' is able to execute arbitrary commands. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.

push: add tests for unsafe ssh url (SEC)

pull: add tests for unsafe ssh url (SEC)

clone: add tests for unsafe ssh url (SEC)

sshpeer: check for safe ssh url (SEC) Checking in the sshpeer for a rogue ssh:// urls seems like the right place to do it (instead of whack-a-mole with pull, clone, push, etc).

ssh: ban any username@host or host that starts with - (SEC) This paranoia probably isn't required, but it can't hurt either.

util: add utility method to check for bad ssh urls (SEC) Our use of SSH has an exploit that will parse the first part of an url blindly as a hostname. Prior to this set of security patches, a url with '-oProxyCommand' could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' can be abused to execute arbitrary commands in a similar fashion. We defend against this by checking ssh:// URLs and looking for a hostname that starts with a - or contains a |. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.

pathauditor: disable cache of audited paths by default (issue5628) The initial attempt was to discard cache when appropriate, but it appears to be error prone. We had to carefully inspect all places where audit() is called e.g. without actually updating filesystem, before removing files and directories, etc. So, this patch disables the cache of audited paths by default, and enables it only for the following cases: - short-lived auditor objects - repo.vfs, repo.svfs, and repo.cachevfs, which are managed directories and considered sort of append-only (a file/directory would never be replaced with a symlink) There would be more cacheable vfs objects (e.g. mq.queue.opener), but I decided not to inspect all of them in this patch. We can make them cached later. Benchmark result: - using old clone of http://selenic.com/repo/linux-2.6/ (38319 files) - on tmpfs - run HGRCPATH=/dev/null hg up -q --time tip && hg up -q null - try 4 times and take the last three results original: real 7.480 secs (user 1.140+22.760 sys 0.150+1.690) real 8.010 secs (user 1.070+22.280 sys 0.170+2.120) real 7.470 secs (user 1.120+22.390 sys 0.120+1.910) clearcache (the other series): real 7.680 secs (user 1.120+23.420 sys 0.140+1.970) real 7.670 secs (user 1.110+23.620 sys 0.130+1.810) real 7.740 secs (user 1.090+23.510 sys 0.160+1.940) enable cache only for vfs and svfs (this series): real 8.730 secs (user 1.500+25.190 sys 0.260+2.260) real 8.750 secs (user 1.490+25.170 sys 0.250+2.340) real 9.010 secs (user 1.680+25.340 sys 0.280+2.540) remove cache function at all (for reference): real 9.620 secs (user 1.440+27.120 sys 0.250+2.980) real 9.420 secs (user 1.400+26.940 sys 0.320+3.130) real 9.760 secs (user 1.530+27.270 sys 0.250+2.970)

tests: show cache of audited paths is never invalidated

stable: merge heads

Added signature for changeset 943c91326b23

Added tag 4.2.3 for changeset 943c91326b23

ssh: unban the use of pipe character in user@host:port string This vulnerability was fixed by the previous patch and there were more ways to exploit than using '|shellcmd'. So it doesn't make sense to reject only pipe character. Test cases are updated to actually try to exploit the bug. As the SSH bridge of git/svn subrepos are not managed by our code, the tests for non-hg subrepos are just removed. This may be folded into the original patches.

ssh: quote parameters using shellquote (SEC) This patch uses shellquote to quote ssh parameters more strictly to avoid shell injection.

subrepo: add tests for git rogue ssh urls (SEC) 'ssh://' has an exploit that will pass the url blindly to the ssh command, allowing a malicious person to have a subrepo with '-oProxyCommand' which could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' is able to execute arbitrary commands. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.

subrepo: add tests for svn rogue ssh urls (SEC) 'ssh://' has an exploit that will pass the url blindly to the ssh command, allowing a malicious person to have a subrepo with '-oProxyCommand' which could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' is able to execute arbitrary commands. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.

subrepo: add tests for hg rogue ssh urls (SEC) 'ssh://' has an exploit that will pass the url blindly to the ssh command, allowing a malicious person to have a subrepo with '-oProxyCommand' which could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' is able to execute arbitrary commands. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.

push: add tests for unsafe ssh url (SEC)

pull: add tests for unsafe ssh url (SEC)

clone: add tests for unsafe ssh url (SEC)

sshpeer: check for safe ssh url (SEC) Checking in the sshpeer for a rogue ssh:// urls seems like the right place to do it (instead of whack-a-mole with pull, clone, push, etc).

ssh: ban any username@host or host that starts with - (SEC) This paranoia probably isn't required, but it can't hurt either.

util: add utility method to check for bad ssh urls (SEC) Our use of SSH has an exploit that will parse the first part of an url blindly as a hostname. Prior to this set of security patches, a url with '-oProxyCommand' could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' can be abused to execute arbitrary commands in a similar fashion. We defend against this by checking ssh:// URLs and looking for a hostname that starts with a - or contains a |. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.

pathauditor: disable cache of audited paths by default (issue5628) The initial attempt was to discard cache when appropriate, but it appears to be error prone. We had to carefully inspect all places where audit() is called e.g. without actually updating filesystem, before removing files and directories, etc. So, this patch disables the cache of audited paths by default, and enables it only for the following cases: - short-lived auditor objects - repo.vfs, repo.svfs, and repo.cachevfs, which are managed directories and considered sort of append-only (a file/directory would never be replaced with a symlink) There would be more cacheable vfs objects (e.g. mq.queue.opener), but I decided not to inspect all of them in this patch. We can make them cached later. Benchmark result: - using old clone of http://selenic.com/repo/linux-2.6/ (38319 files) - on tmpfs - run HGRCPATH=/dev/null hg up -q --time tip && hg up -q null - try 4 times and take the last three results original: real 7.480 secs (user 1.140+22.760 sys 0.150+1.690) real 8.010 secs (user 1.070+22.280 sys 0.170+2.120) real 7.470 secs (user 1.120+22.390 sys 0.120+1.910) clearcache (the other series): real 7.680 secs (user 1.120+23.420 sys 0.140+1.970) real 7.670 secs (user 1.110+23.620 sys 0.130+1.810) real 7.740 secs (user 1.090+23.510 sys 0.160+1.940) enable cache only for vfs and svfs (this series): real 8.730 secs (user 1.500+25.190 sys 0.260+2.260) real 8.750 secs (user 1.490+25.170 sys 0.250+2.340) real 9.010 secs (user 1.680+25.340 sys 0.280+2.540) remove cache function at all (for reference): real 9.620 secs (user 1.440+27.120 sys 0.250+2.980) real 9.420 secs (user 1.400+26.940 sys 0.320+3.130) real 9.760 secs (user 1.530+27.270 sys 0.250+2.970)

tests: show cache of audited paths is never invalidated

Added signature for changeset 5544af862286

Added tag 4.3 for changeset 5544af862286

chg: define _GNU_SOURCE to allow CentOS 5 compilation Without this flag, compilation fails with: hgclient.c: In function 'hgc_open': hgclient.c:466: error: 'O_DIRECTORY' undeclared (first use in this function) hgclient.c:466: error: (Each undeclared identifier is reported only once hgclient.c:466: error: for each function it appears in.) Differential Revision: https://phab.mercurial-scm.org/D260

centos5: use vault urls CentOS 5 has reached end-of-life. A working build for it is still possible using 'vault.centos.org'. Differential Revision: https://phab.mercurial-scm.org/D261

ui: make sure buffer is flushed before waiting for user input (issue5587) Without this patch on Windows 'hg ci -i' hangs waiting for user input and "examine changes to 'file'? [Ynesfdaq?]" is never displayed (at least if the diff is sufficiently small). When Ctrl+C is pressed, this prompt becomes visible, which suggests that the buffer just wasn't flushed. I've never seen this happening on Linux, but this looks harmless enough to not platform-gate it.

util: fix sortdict.update() to call __setitem__() on PyPy (issue5639) It appears that overriding __setitem__() doesn't work as documented on PyPy. Let's patch it as before bd0fd3ff9916. https://docs.python.org/2/library/collections.html#ordereddict-examples-and-recipes The issue was ui.configitems() wasn't ordered correctly, so the pull command was wrapped in different order.

test-revlog-raw: close file handles explicitly (issue5644)

tests: clear __pycache__ for PyPy compatibility (issue5638) (issue5642)

test-extension: glob module name in error message for PyPy

rebase: sort collapsed revisions in commit message (issue5643) This fixes the test instability.

i18n: use actual filename, in which function is defined, for hg.pot Before this patch, source filename for msgid in hg.pot file becomes incorrect, if a function is defined in file A, but detected in dict in file B, For example, almost all debug* commands are defined in debugcommands.py, but hggettext detects them in "table" of commands.py. Therefore, docstring fragments of debug* commands are marked as "defined in commands.py" in hg.pot file. This is serious problem for translation, because the cost to find out original location of texts increases very much.

ui: enable pager always for explicit --pager=on (issue5580) Before this patch, explicit --pager=on is unintentionally ignored by any disabling factor, even if priority of it is less than --pager=on (e.g. "[ui] paginate = off").

README: make paragraphs before example code end with "::" for reST syntax After this patch, README as reST text can be rendered into HTML more appropriately. This is useful for hosting servers, which render README file as a part of index HTML of its directory (for example, Bitbucket).

commit: don't let failed commit with --addremove update dirstate (issue5645) Differential Revision: https://phab.mercurial-scm.org/D204

tests: demonstrate that failed "hg ci -A" updates dirstate (issue5645) Differential Revision: https://phab.mercurial-scm.org/D203

tests: fix test-flagprocessor.t flakiness The test for duplicate flag processors depended on the timestamps being set in the dirstate to work. If the time between the the previous failed commit (which would set the timestamp, due to bug 5645) and the attempted commit with the duplicate flag processors was small enough, it would fail. The failure was caused by a call to commands.status() early in the commit process. If the dirstate did not have the timestamp set, it would need to fetch the file content to compare with. Since two flag processors had been registered, it would attempted to base64 decode the contents twice, which would of course fail. This patch adds a "hg debugrebuilddirstate" to make it deterministic and also replaces the test case's "hg commit" by simply "hg status", since that will trigger reading of the contents and thereby use of the flag processors as noted above. Differential Revision: https://phab.mercurial-scm.org/D202

tests: clarify that duplicate flag processors is not an error The flag processors test for duplicate processors for a single flag was misleading because the file from the previous test case caused it to fail (making the "echo 'this should fail' > file" part irrelevant). Let's remove the leftover from the previous test case to make it clear that duplicate flag processors results only in a warning. Note that duplicate flag processors would have resulted in a failure (not just a warning) until ea1c2eb7abd3 (extensions: catch uisetup and extsetup failures and don't let them break hg, 2017-06-06). I remember expressing my concern about ending up with half-loaded extensions. It would be pretty unfortunate to have double-encoded revlog content enter a repo, so maybe we should reconsider? Differential Revision: https://phab.mercurial-scm.org/D201

tests: avoid unexpected result at invocation of *.py file on Windows Invocation of "diff tool.py" in test-extdiff.t tests whether shellquote() is applied on specified command as expected. But direct invocation of "*.py" file might cause unexpected result on Windows according to suffix binding. For example, starting IDE, showing dialog to choose program to be used, and so on. In such case, running test-extdiff.t is easily timed out. This patch uses intermediate *.bat file on Windows, to avoid such unexpected result. Naming that intermediate file as "diff tool.bat" is enough to test applying shellquote().

tests: use pdiff instead of diff for portability "diff" command might cause redundant message, "No differences encountered" on Solaris for example. But suppressing option like "-q" isn't portable, because POSIX specification doesn't define it. pdiff script was introduced by b59ef0c21405 to stabilize output of standard diff command on each platforms.

tests: make pdiff return appropriate exit code at comparison of files Before this patch, pdiff script returns 0, even if diff is detected. This issue doesn't cause failure of tests using it, if it is invoked via extdiff extension, because extdiff itself examines changes between specified revisions and decides exit code. BTW, this patch ignores recursive comparison case, because: - there is no portable way for current while-read based implementation to return 1 at detecting changes - it isn't yet needed to replace direct "diff -r" invocation by pdiff for portability

tests: make test-profile.t pass if statprof didn't collect samples We had the first 3 tests in test-profile.t fail because the output didn't match. I have not yet confirmed that this was because no samples were collected, but we shouldn't require samples to be collected for the test to pass either way. Differential Revision: https://phab.mercurial-scm.org/D199

pypy: fix failing test-devel-warnings.t with Pypy5.6.0 In Pypy 5.6.0, traceback exception classes are not displayed with their full qualified name. Instead of displaying mercurial.error.ProgrammingError, Pypy displays ProgrammingError. Update the test to support both version.

pypy: fix failing test files with Pypy5.6.0 Pypy 5.6.0 saves cached bytecode files in __pycache__ directory, clean them in tests to fix loading old test extensions code. Doing so should also helps for Python3.x migration.

commitextras: make sure keys are not empty Thanks to Yuya for catching this.

make: add new directory 'hgdemandimport' to cleanbutpackages rule This fixes the build process for ppa (at least in my simple check). Perhaps we should loop through all directory that aren't 'packages'?

statichttprepo: implement wlock() (issue5613) statichttprepo inherits from localrepository. In doing so, it obtains default implementations of various methods, like wlock(). Before this change, tags cache writing would call repo.wlock(). This failed on statichttprepo due to localrepository's wlock() looking for an instance attribute that doesn't exist on statichttprepo (statichttprepo doesn't call localrepository.__init__). We /could/ define missing attributes until the base wlock() works. However, a statichttprepo is remote and read-only and can't be locked. The class already has a lock() that short circuits. So it makes sense to implement a short-circuited wlock() as well. That is what this patch does. LockError is expected to be raised when locking fails. The constructor takes a number of arguments that are local repository centric. Rather than rework LockError to not require them (which would not be appropriate for stable), this commit populates dummy values. I don't believe they'll ever be seen by the user, as lock failures on static http repos should be limited to well-defined (and tested) scenarios. We can and should revisit the LockError type to improve this.

test: add tests for branches and tags with static http repo (issue5613) Mercurial currently fails to clone by revision on static http repos with tags. The added tests demonstrate this.

commitextras: make sure keys contains ascii letters, numbers, '_' and '-' only

phabricator: convert unicode to binary when writing patches This is a quick fix to make `hg phabread D189` work. It seems we might want to replace all `r''` to `u''`, and add more `encoding.*to*` to be more explicit when interacting with `json` module. Differential Revision: https://phab.mercurial-scm.org/D192

setup: silence warning of unknown option python_requires on distutils /usr/lib/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'python_requires'

setup: forcibly include cext/pure packages in py2exe (issue5625) Since these modules are implicitly imported by policy.importmod(), py2exe can't track them statically. cffi modules are excluded for now because they wouldn't be useful in frozen (i.e. CPython) environment.

setup: do not select hg executable that prints unexpected warnings Otherwise the subsequent hg.run() would fail. This factors out the filtering function so the same rule should apply.

docker: pass proxy arguments to docker process Building in Docker when behind a proxy requires passing the proxy variables. Differential Revision: https://phab.mercurial-scm.org/D190

makefile: build on CentOS 6 with a Python 2.7 Differential Revision: https://phab.mercurial-scm.org/D189

osx: wire up genosxversion script The only version strings that are changed are the ones baked into the .pkg - hg's self-reported version string doesn't change, so users will still see our mostly-pip-compatible version strings. For reference, the part of our versioning setup that's not PEP440 compatible is the RC releases - those should be .rc0 insted of -rc. It's too late to change that for the 4.3 cycle, so I'll worry about fixing that during the 4.4 cycle.

osx: new script for generating OS X package versions If you're shipping prerelease or rc packages using Munki, you'll eventually discover that Munki's version comparison logic is not as good as pip's. In theory we should be able to fix Munki, but it seems entirely reasonable to produce version strings that sort reasonably under these conditions. Since the requried logic not brief, add a new script and some tests of that logic. A followup change will wire this into the Makefile.

tests: update mac packaging test expectations Some more files are included these days.

tests: add support in run-tests.py for an environment variable to stop color I don't like the color output, so this gives me a way to easily never see it while still having pygments on my machine.

setup: fix mistake that prevented Python 3 from being excluded My intent was to only allow Python 3 if the right environment variable is set (for when people want to use `pip install .` on hg locally). This fixes the bug in my previous change. I verified that `python3.6 run-tests.py` still passes the tests that passed before, and that all tests pass on 2.7 (including our virtualenv-using installation test). Differential Revision: https://phab.mercurial-scm.org/D185

rebase: move bookmark to destination for commits becoming empty (issue5627) When rebasing a changeset X and that changeset becomes empty, we should move the bookmark on X to rebase destination. This is a regression caused by the scmutil.cleanupnodes refactoring for rebase. The `adjustdest` function calculates the destination of bookmark movement. It was back-ported from https://phab.mercurial-scm.org/D21. It might be slightly more powerful than the minimal requirement to solve this issue. For example, it's impossible for a merge changeset to become empty while any of its ancestors does not become empty, but the code could handle that case. Since the code is reasonably short and clean, and helps the upcoming D21 series, I'd like to check-in `adjustdest` now. Thanks Martin von Zweigbergk for spotting corner cases (-k and descendant with bookmarks) in this area!

setup: drop use of set literal so parsable on Python 2.6 Otherwise friendly error wouldn't be displayed.

setup: add extra logic to try and recommend a new pip on bad Python Modern pip can detect supported Python versions (which we now declare), and pull down a reasonable release. This trick was suggested in http://bit.ly/pycon2017-build-bridges, and seems like a good defensive maneuver so that when we want to move to Python 3 it's less risky for existing users. This moves the version-check logic after defining our printf function so we can print more informative messages.

setup: explicitly declare supported Python versions I think we should probably backport this to 4.2 as well, and do one more release there that explicitly declares 2.6 support. That way anyone stuck on Python 2.6 will end up getting the right hg if they use a modern pip to install. Users can still use `python setup.py` incantations to attempt installing Mercurial on unsupported Pythons, including 3.5 and 3.6. A followup change will switch to only doing our own Python-version-check logic if we're not being installed by a reasonable pip.

contrib: remove one test from the python 3 whitelist 439b4d005b4a introduced a use of 'hg revert --no-backup' which is currently broken. Rather than try and do a fix on the (complicated) revert code during the freeze, let's just give up on this test under Python 3 until later. Once we do fix things, the test ratchet script will re-enable it.

ui: fix configbytes isinstance check to look for bytes and not str Fixes configbytes on Python 3.

patch: update copying of dict keys and values to work on Python 3

phabricator: include the suggested arc config in the repo Test Plan: I uploaded this revision with `arc diff` Differential Revision: https://phab.mercurial-scm.org/D171

match: override visitdir() in nevermatcher to return False When we changed basematcher.visitdir() in cf15c3cc304c (match: make base matcher return True for visitdir, 2017-07-14), we forgot to add an override in nevermatcher. This led to tests failing in narrowhg. As Durham pointed out, it's high time to add unit tests for the matcher, so this patch also adds a first unit test. Differential Revision: https://phab.mercurial-scm.org/D151

wix: update list of necessary pyd files

run-tests: pre instantiate pygments objects This speeds up run-tests.py diff output by 10x, which affects developer experience significantly. As demonstrated by the following test: ``` #require pygments $ for i in `seq 1 200`; do > echo ' $ echo '$i >> test-a.t > echo ' wrong' >> test-a.t > done $ cat > walltime.py <<EOF > from __future__ import absolute_import, print_function > import os, sys, time > t1 = time.time() > os.system(' '.join(sys.argv[1:]) + ' >/dev/null 2>/dev/null') > t2 = time.time() > print('%0.2f' % (t2 - t1)) > EOF $ $PYTHON walltime.py $TESTDIR/run-tests.py -l --color=never $TESTTMP/test-a.t 0.24 Before this patch: $ $PYTHON walltime.py $TESTDIR/run-tests.py -l --color=always $TESTTMP/test-a.t 2.46 After this patch: $ $PYTHON walltime.py $TESTDIR/run-tests.py -l --color=always $TESTTMP/test-a.t 0.25 ```

contrib: drop Python 2.6 from manylinux1 wheel script

contrib: make build-linux-wheels.sh executable

test-dirstate-race: hide irrelevant hg status output See the explanation for more. Differential Revision: https://phab.mercurial-scm.org/D153

test-commit: stabilize for filesystems without symlink support

test-https: properly conditionalize Windows vs non-Windows output There's a bug in the (feature !) annotation, and this needs to be resolved before fixing it. Once fixed, the glob '*/missing' will match the output '/missing' on non-Windows platforms, consuming the output line and leaving nothing for the no-windows required line. I probably should have made (foo !) match only the 'foo' feature, and be ignored otherwise instead of optional. (re) didn't work here, because the parenthesis need to be escaped too.

Added signature for changeset 857876ebaed4

Added tag 4.3-rc for changeset 857876ebaed4

merge default into stable for code freeze

releasenotes: add custom admonitions support for release notes By default, the extension has default sections like fix, feature, perf etc.. This patch allow user to add support for custom admonition. In order to add a custom admonition, one needs to have a .hgreleasenotes file inside the repository. All the custom directive with name specified under the tag [sections] will be usable by the extension. One important thing to keep in mind is if there exists any custom admonitions with same key as default then they will override the default ones.

check-config: mention the file and line of the error I used this to more quickly track down a failing test-check-config.t issue in another repo. I thought it might be useful more generally, so I'm sending it out in case others think it's a worthwhile change.

rebase: add config to move rebase into a single transaction This was previously landed as cf8ad0e6c0e4 but backed out in a5abaa81fa because it broke hook mid rebase and caused conflict resolution data loss in the event of unexpected exceptions. This new version adds the behavior back but behind a config flag, since the performance improvement is notable in large repositories. The next patch adds a test covering this config. The old commit message was: Previously, rebasing would open several transaction over the course of rebasing several commits. Opening a transaction can have notable overhead (like copying the dirstate) which can add up when rebasing many commits. This patch adds a single large transaction around the actual commit rebase operation, with a catch for intervention which serializes the current state if we need to drop back to the terminal for user intervention. Amazingly, almost all the tests seem to pass. On large repos with large working copies, this can speed up rebasing 7 commits by 25%. I'd expect the percentage to be a bit larger for rebasing even more commits. There are minor test changes because we're rolling back the entire transaction during unexpected exceptions instead of just stopping mid-rebase, so there's no more backup bundle. It also leave an unknown file in the working copy, since our clean up 'hg update' doesn't delete unknown files. (grafted from cca36c7f35261b0e31beb226bf361067ef0e06ab) (grafted from dc497d8705b71503e32e07bd33925c1e42cf9c9a) Differential Revision: https://phab.mercurial-scm.org/D134

run-tests: remove unnecessary 'with_color' variable Its value is always the same as that of 'pygmentspresent'. Differential Revision: https://phab.mercurial-scm.org/D118

run-tests: warn if --color=always and no pygments installed Differential Revision: https://phab.mercurial-scm.org/D117

run-tests: drop unnecessary check for pygmentspresent 2893face0af5 (run-tests: check if stream is a tty before using color, 2017-07-18) made the check redundant but forgot to remove it. Differential Revision: https://phab.mercurial-scm.org/D116

run-tests: pass color option via test case object , not global var At first I updated the color field of the 'options' object (from the CLI parser), but then I decided to put it directly on the test case object itself to avoid mutating the shared object (even though all tests would have the same value). Differential Revision: https://phab.mercurial-scm.org/D114

phabricator: sanity check Differential Revision from commit message Previously, we trust Differential Revision in commit message blindly. This patch adds sanity check so a host name change will be detected and the commit message will be ignored. Differential Revision: https://phab.mercurial-scm.org/D35

test-phases-exchange: properly conditionalize output I forgot to invert the conditions, and the test runner didn't catch it[1]. But since only '&&' is supported in the per-line feature tests, this won't work anyway. [1] https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-July/101941.html

commitextras: mark the extension as ADVANCED

run-tests: check if stream is a tty before using color Previous implementation (e80041832eec) checked only if sys.stderr was a tty which was less general. Also makes sure that colors is never used if pygments is not available, irrespective of --color flag value.

tests: rewrite test-rebase-detach.t using drawdag This makes it much clearer because each test case can have exactly the graph it wants (no extra cruft just because other tests want it). Differential Revision: https://phab.mercurial-scm.org/D94

tests: simplify config in test-rebase-detach.t Differential Revision: https://phab.mercurial-scm.org/D93

drawdag: include files from both parents in merge commits Consider a graph like this: D |\ B C |/ A drawdag will add a file called A in commit A, file B in B, file C in C. That's fine and expected. In merge commits like D, I would expect the files and their contents to be taken from the parent commits, so commit D in this example would have files A, B, and C. However, drawdag will instead add the file D compared to the first parent. Depending on whether B or C got a smaller nodeid, the contents of D would be {A, B, D} or {A, C, D}. This patch changes it to to be {A, B, C}. Differential Revision: https://phab.mercurial-scm.org/D92

gitweb: preserve whitespace in description Without this, multiple spaces or tabs in the commit message aren't preserved and things like tables don't align properly. As part of adding the CSS rule, we had to cuddle the content with the <div> to not introduce leading and trailing whitespace. The "addbreaks" filter was also removed because it would insert an additional newline, effectively double spacing content. Differential Revision: https://phab.mercurial-scm.org/D113

sparse: add a requirement when a repository uses sparse (BC) The presence of a sparse checkout can confuse legacy clients or clients without sparse enabled for reasons that should be obvious. This commit introduces a new repository requirement that tracks whether sparse is enabled. The requirement is added when a sparse config is activated and removed when the sparse config is reset. The localrepository constructor has been taught to not open repos with this requirement unless the sparse feature is enabled. It yields a more actionable error message than what you would get if the lockout were handled strictly at the requirements verification phase. Old clients that aren't sparse aware will see the generic "repository requires features unknown to this Mercurial" error, however. The new requirement has "exp" in its name to reflect the experimental nature of sparse. There's a chance that the eventual non-experimental feature won't change significantly and we could have squatted on the "sparse" requirement without ill effect. If that happens, we can teach new clients to still recognize the old name. But I suspect we'll sneak in some BC and we'll want a new requirement to convey new meaning. Differential Revision: https://phab.mercurial-scm.org/D110

sparse: consolidate common code for writing sparse config In 3 functions we were writing the sparse config and updating the working directory. In two of them we had a transaction-like process for restoring the sparse config in case of wdir update fail. Because the pattern is common, we've already made mistakes, and the complexity will increase in the near future, let's consolidate the code into a reusable function. As part of this refactor, we end up reading the "sparse" file twice when updating it. This is a bit sub-optimal. But I don't think it is worth the code complexity to pass around the variables to avoid the redundancy. Differential Revision: https://phab.mercurial-scm.org/D109

revset: pass repo when passing ui The repo instance is currently only used to provide a changeset lookup function as part of parsing revsets. I /think/ this allows node fragments to resolve. I'm not sure why we wouldn't want this to always "just work" if parsing a revset string. Plus, an upcoming commit will introduce a new consumer that needs a handle on the repo. So passing it more often will make that code work more. Passing a repo instance in all callers of revset.match* results in a bunch of test changes. Notably, branch and tags caches get populated as part of evaluating revsets. I'm not sure if this is desirable. So this patch takes the conservative approach and only passes the repo if we're passing a ui instance. Differential Revision: https://phab.mercurial-scm.org/D97

win32: copy-edit debugssl messages to match prevailing style

run-tests: make sure to check if pygments is installed before using it e80041832e introduced support to color the output of tests but used pygments without checking whether it's installed or not. That breaks test-run-tests.t for machines which don't have pygments installed. This patch conditionalize the color test in test-run-tests.t and also add a check to make sure pygments is installed before using that.

sparse: require [section] in sparse config files (BC) Previously, [include] was implicit and pattern lines before a [section] were added to includes. Because the format may change in the future and explicit behavior, well, more explicit, this commit changes the config parser to reject pattern lines that don't occur in a [section]. Differential Revision: https://phab.mercurial-scm.org/D96

sparse: use set for capturing profiles Order doesn't need to be preserved. A set is acceptable. Differential Revision: https://phab.mercurial-scm.org/D95

util: remove dead code which used to be for old python2 versions Differential Revision: https://phab.mercurial-scm.org/D107

status: add a flag to terse the output (issue4119) This adds an experimental flag -t/--terse which will terse the output. The terse flag will respect other flags which filters the output. The flag takes a string whose value can be a subsequence of "marduic" (the order does not matter here.) Ignored files are not considered while tersing unless -i flag is passed or 'i' is there is the terse flag value. The flag is experimental for testing as there may be cases which will produce strange results with the flag. We can set the terse on by default by simply passing 'u' to the cmdutil.tersestatus(). This patch also adds a test file with tests covering the new feature.

commitextras: check the format of the arguments and no internal key is used This patch adds check to make the arguments are passed as KEY=VALUE and no key which is used internally is passed. This patch also adds test for the extension.

commitextras: move fb extension to core which add extras to a commit This patch moves the Facebook extension to add extra fields to a commit to a in-core extension.

archive: add an experimental config to control the metadata file template Experimental because given the possible complexity, it may be worth figuring out how to load this from a file, similar to the style files for the log command, instead of trying to stuff it on the command line.

archive: use a templater to build the metadata file There are no visible changes here. I'm starting to wonder if adding the '+' to the 'node' line instead of a separate key line in 3047167733dc was the right thing to do. The '{node}' keyword never includes '+' elsewhere, and the way setup.py works, it would truncate it anyway. Additionally, the file is missing '{p2node}' when 'wdir()' merges are archived. I thought about adding an 'identify' line that would correspond to `hg id -n`. But the other nodes are the full 40 characters, and the output most useful for versioning is the short form. All of this cries out for customization via templating. (Although maybe having the short identify line by default is still a good idea.)

commandserver: do not handle EINTR for selector.select selectors2 library handles EINTR transparently so we don't need to handle select.error ourselves.