Jun Wu <quark@fb.com> [Wed, 12 Jul 2017 15:24:47 -0700] rev 33495
patch: use devel.all-warnings to replace devel.all
It appears to be a misspell in patch.py.
Matt Harbison <matt_harbison@yahoo.com> [Wed, 12 Jul 2017 18:37:13 -0400] rev 33494
sslutil: inform the user about how to fix an incomplete certificate chain
This is a Windows only thing. Unfortunately, the socket is closed at this point
(so the certificate is unavailable to check the chain). That means it's printed
out when verification fails as a guess, on the assumption that 1) most of the
time verification won't fail, and 2) sites using expired or certs that are too
new will be rare. Maybe this is an argument for adding more functionality to
debugssl, to test for problems and print certificate info. Or maybe it's an
argument for bundling certificates with the Windows builds. That idea was set
aside when the enhanced SSL code went in last summer, and it looks like there
were issues with using certifi on Windows anyway[1].
This was tested by deleting the certificate out of certmgr.msc > "Third-Party
Root Certification Authorities" > "Certificates", seeing `hg pull` fail (with
the new message), trying this command, and then successfully performing the pull
command.
[1] https://www.mercurial-scm.org/pipermail/mercurial-devel/2016-October/089573.html
Matt Harbison <matt_harbison@yahoo.com> [Thu, 30 Mar 2017 00:27:46 -0400] rev 33493
debug: add a method to check the state of, and built an SSL cert chain
This is only useful on Windows, and avoids the need to use Internet Explorer to
build the certificate chain. I can see this being extended in the future to
print information about the certificate(s) to help debug issues on any platform.
Maybe even perform some of the python checks listed on the secure connections
wiki page. But for now, all I need is 1) a command that can be invoked in a
setup script to ensure the certificate is installed, and 2) a command that the
user can run if/when a certificate changes in the future.
It would have been nice to leverage the sslutil library to pick up host specific
settings, but attempting to use sslutil.wrapsocket() failed the
'not sslsocket.cipher()' check in it and aborted.
The output is a little more chatty than some commands, but I've seen the update
take 10+ seconds, and this is only a debug command.
Matt Harbison <matt_harbison@yahoo.com> [Wed, 29 Mar 2017 23:45:23 -0400] rev 33492
win32: add a method to trigger the Crypto API to complete a certificate chain
I started a thread[1] on the mailing list awhile ago, but the short version is
that Windows doesn't ship with a full list of certificates[2]. Even if the
server sends the whole chain, if Windows doesn't have the appropriate
certificate pre-installed in its "Third-Party Root Certification Authorities"
store, connections mysteriously fail with:
abort: error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
Windows expects the application to call the methods invoked here as part of the
certificate verification, triggering a call out to Windows update if necessary,
to complete the trust chain. The python bug to add this support[3] hasn't had
any recent activity, and isn't targeting py27 anyway.
The only work around that I could find (besides figuring out the certificate and
walking through the import wizard) is to browse to the site in Internet
Explorer. Opening the page with FireFox or Chrome didn't work. That's a pretty
obscure way to fix a pretty obscure problem. We go to great lengths to
demystify various SSL errors, but this case is clearly lacking. Let's try to
make things easier to diagnose and fix.
When I had trouble figuring out how to get ctypes to work with all of the API
pointers, I found that there are other python projects[4] using this API to
achieve the same thing.
[1] https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-April/096501.html
[2] https://support.microsoft.com/en-us/help/931125/how-to-get-a-root-certificate-update-for-windows
[3] https://bugs.python.org/issue20916
[4] https://github.com/nvaccess/nvda/blob/3b86bce2066b1934df14b96f2e83369900860ecf/source/updateCheck.py#L511
Boris Feld <boris.feld@octobus.net> [Mon, 10 Jul 2017 19:40:23 +0200] rev 33491
bookmarks: use 'applychanges' for bookmark update
There is still some use of 'deletedivergent' bookmark here. They will be taken
care of later. The 'deletedivergent' code needs some rework before fitting in
the new world.
Boris Feld <boris.feld@octobus.net> [Mon, 10 Jul 2017 17:46:47 +0200] rev 33490
bookmark: use 'applychanges' in 'repair.strip'
Boris Feld <boris.feld@octobus.net> [Mon, 10 Jul 2017 17:44:25 +0200] rev 33489
bookmark: use 'applychanges' in the mq extension
Boris Feld <boris.feld@octobus.net> [Mon, 10 Jul 2017 17:37:48 +0200] rev 33488
bookmark: use 'applychanges' when stripping
Boris Feld <boris.feld@octobus.net> [Mon, 10 Jul 2017 17:30:20 +0200] rev 33487
bookmark: use 'applychanges' in the convert extension
Boris Feld <boris.feld@octobus.net> [Mon, 10 Jul 2017 17:28:53 +0200] rev 33486
bookmark: use 'applychanges' when updating bookmark in histedit
Boris Feld <boris.feld@octobus.net> [Mon, 10 Jul 2017 17:24:28 +0200] rev 33485
bookmark: use 'applychanges' when updating a bookmark through pushkey
Boris Feld <boris.feld@octobus.net> [Mon, 10 Jul 2017 17:22:17 +0200] rev 33484
bookmark: use 'applychanges' when updating from a remote
Boris Feld <boris.feld@octobus.net> [Mon, 10 Jul 2017 17:10:56 +0200] rev 33483
bookmark: use 'applychanges' for adding new bookmark
Boris Feld <boris.feld@octobus.net> [Mon, 10 Jul 2017 17:08:20 +0200] rev 33482
bookmark: use 'applychanges' for bookmark renaming
Boris Feld <boris.feld@octobus.net> [Mon, 10 Jul 2017 17:04:16 +0200] rev 33481
bookmark: use 'applychanges' for bookmark deletion
Boris Feld <boris.feld@octobus.net> [Mon, 10 Jul 2017 17:01:34 +0200] rev 33480
bookmark: introduce a 'applychanges' function to gather bookmark movement
We want to track bookmark movement within a transaction. For this we need a
more centralized way to update bookmarks.
For this purpose we introduce a new 'applychanges' method that apply a list of
changes encoded as '(name, node)'. We'll cover all bookmark updating code to
this new method in later changesets and add bookmark move in the transaction
when all will be migrated.
Jun Wu <quark@fb.com> [Sat, 03 Jun 2017 21:56:23 -0700] rev 33479
obsstore: keep self._data updated with _addmarkers
This makes sure obsstore._data is still correct with added markers.
The '_data' propertycache was added in 17ce57b7873f.
Durham Goode <durham@fb.com> [Fri, 14 Jul 2017 10:57:36 -0700] rev 33478
match: make base matcher return True for visitdir
If a matcher doesn't implement visitdir, we should be returning True so that
tree traversals are not prematurely pruned. The old value of False would prevent
tree traversals when using any matcher that didn't implement visitdir.
Differential Revision: https://phab.mercurial-scm.org/D83
Martin von Zweigbergk <martinvonz@google.com> [Fri, 14 Jul 2017 10:48:08 -0700] rev 33477
tests: fix an incorrect description in test-ignore.t
Differential Revision: https://phab.mercurial-scm.org/D82
Yuya Nishihara <yuya@tcha.org> [Sat, 15 Jul 2017 00:38:57 +0900] rev 33476
templatekw: hide {peerpaths} keyword for 4.3
Thinking a bit further about list/dict subscript operation (proposed by
issue 5534), I noticed the current data structure, a dict of dicts, might
not be ideal.
For example, if there were "'[' index ']'" and "'.' key" operators,
"{parents[0]}" would return "{p1rev}:{p1node}", and we would probably want to
write "{parents[0].desc}" to get the first element of "{parents % "{desc}"}".
This will basically execute parents[0].makemap()['desc'] in Python.
Given the rule above, "{peerpaths.default.pushurl}" will be translated to
peerpaths['default'].makemap()['pushurl'], which means {peerpaths} should
be a single-level dict and sub-options should be makemap()-ed.
"{peerpaths % "{name} = {url}, {pushurl}, ..."}"
(Well, it could be peerpaths['default']['pushurl'], but in which case,
peerpaths['default'] should be a plain dict, not a hybrid object.)
So, let's mark the current implementation experimental and revisit it later.
Sune Foldager <cryo@cyanite.org> [Fri, 14 Jul 2017 13:48:17 +0200] rev 33475
parsers: fix invariant bug in find_deepest (issue5623)
find_deepest is used to find the "best" ancestors given a list. In the main
loop it keeps an invariant called 'ninteresting' which is supposed to contain
the number of non-zero entries in the 'interesting' array. This invariant is
incorrectly maintained, however, which leads the the algorithm returning an
empty result for certain graphs. This has been fixed.
Also, the 'interesting' array is supposed to fit 2^ancestors values, but is
incorrectly allocated to twice that size. This has been fixed as well.
The tests in test-ancestor.py compare the Python and C versions of the code,
and report the error correctly, since the Python version works correct. Even
so, I have added an additional test against the expected result, in the event
that both algorithms have an identical error in the future.
This fixes issue5623.
Boris Feld <boris.feld@octobus.net> [Fri, 30 Jun 2017 03:45:57 +0200] rev 33474
configitems: register the 'worker.backgroundclose' config
Boris Feld <boris.feld@octobus.net> [Fri, 30 Jun 2017 03:44:05 +0200] rev 33473
configitems: register the 'progress.width' config
Boris Feld <boris.feld@octobus.net> [Wed, 12 Jul 2017 23:36:28 +0200] rev 33472
configitems: register the 'color.pagermode' config
Boris Feld <boris.feld@octobus.net> [Wed, 12 Jul 2017 23:36:10 +0200] rev 33471
configitems: handle case were the default value is not static
In some case, the default of one value is derived from other value. We add a
way to register them anyway and an associated devel-warning.
The registration is very naive for the moment. We might be able to have a
better way for registering each of these cases but it could be done later.
Boris Feld <boris.feld@octobus.net> [Fri, 14 Jul 2017 16:17:37 +0200] rev 33470
bugzilla: move the default regexp for fix in the config declaration
This mimic the change requested by Yuya for '_default_bug_re'.
Boris Feld <boris.feld@octobus.net> [Fri, 07 Jul 2017 10:04:21 +0200] rev 33469
configitems: register the 'bugzilla.version' config
Boris Feld <boris.feld@octobus.net> [Fri, 07 Jul 2017 10:04:19 +0200] rev 33468
configitems: register the 'bugzilla.usermap' config
Boris Feld <boris.feld@octobus.net> [Fri, 07 Jul 2017 10:04:17 +0200] rev 33467
configitems: register the 'bugzilla.user' config
Boris Feld <boris.feld@octobus.net> [Fri, 07 Jul 2017 10:04:15 +0200] rev 33466
configitems: register the 'bugzilla.timeout' config
Boris Feld <boris.feld@octobus.net> [Fri, 07 Jul 2017 10:04:13 +0200] rev 33465
configitems: register the 'bugzilla.template' config
Boris Feld <boris.feld@octobus.net> [Fri, 07 Jul 2017 10:04:11 +0200] rev 33464
configitems: register the 'bugzilla.style' config