py3: make hgext/fetch.py use absolute_import

tests: test-check-py3-compat.t output updated The test output was not updated as the lower section of the test updates with python3.5, so it might be the case that people have updated the modules but the test was left as it was. So this patch updates the test output.

revset: factor out public optimize() function from recursion New optimize() hides internal arguments and return values. This makes it easy to add more parameters and return values to _optimize().

revset: introduce temporary variables in optimize() where they look better

revset: construct arguments of only() against matched tree Since _isonly() knows the structure of 'revs' and 'bases', it should be slightly easier to understand than destructuring 'ta' and 'tb'.

revset: unnest isonly() closure from optimize() There were no variables to be captured.

sslutil: stop checking for web.cacerts=! (BC) The previous patch stopped setting web.cacerts=! to indicate --insecure. That left user configs as the only source that could introduce web.cacerts=!. The practical impact of this patch is we no longer honor web.cacerts=! in configs. Instead, we always treat web.cacerts as a path. The patch is therefore technically BC. However, since I don't believe web.cacerts=! is documented, it should be safe to remove. a939f08fae9c (which introduced --insecure) has no indication that web.cacerts=! is anything but an implementation detail, reinforcing my belief it can be removed without major debate.

dispatch: stop setting web.cacerts=! to indicate --insecure Consumers needing to know if --insecure was used have already transitioned to using ui.insecureconnections. The previous patch removed the last meaningful consumer looking for web.cacerts=!.

sslutil: use CA loaded state to drive validation logic Until now, sslkwargs may set web.cacerts=! to indicate that system certs could not be found. This is really obtuse because sslkwargs effectively sets state on a global object which bypasses wrapsocket() and is later consulted by validator.__call__. This is madness. This patch introduces an attribute on the wrapped socket instance indicating whether system CAs were loaded. We can set this directly inside wrapsocket() because that function knows everything that sslkwargs() does - and more. With this attribute set on the socket, we refactor validator.__call__ to use it. Since we no longer have a need for setting web.cacerts=! in sslkwargs, we remove that. I think the new logic is much easier to understand and will enable behavior to be changed more easily.

sslutil: handle ui.insecureconnections in validator Right now, web.cacerts=! means one of two things: 1) Use of --insecure 2) No CAs could be found and were loaded (see sslkwargs) This isn't very obvious and makes changing behavior of these different scenarios independent of the other impossible. This patch changes the validator code to explicit handle the case of --insecure being used. As the inline comment indicates, there is room to possibly change messaging and logic here. For now, we are backwards compatible.

sslutil: check for ui.insecureconnections in sslkwargs The end result of this function is the same. We now have a more explicit return branch. We still keep the old code looking at web.cacerts=! a few lines below because we're still setting web.cacerts=! and need to react to the variable. This will be removed in an upcoming patch.

dispatch: set ui.insecureconnections when --insecure is used

ui: add an instance flag to hold --insecure bit Currently, when --insecure is used we set web.cacerts=! and socket validation takes this value into account. web.cacerts=! is not documented AFAICT and is purely an internal implementation detail. Let's be more explicit about what is going on by introducing a dedicated variable outside of the config values to track that --insecure is used.

sslutil: make sslkwargs code even more explicit The ways in which this code can interact with socket wrapping and validation later are mind numbing. This patch helps make it even more clear. The end behavior should be identical.

sslutil: move code examining _canloaddefaultcerts out of _defaultcacerts Before, the return of _defaultcacerts() was 1 of 3 types. This was difficult to read. Make it return a path or None. We had to update hghave.py in the same patch because it was also looking at this internal function. I wasted dozens of minutes trying to figure out why tests were failing until I found the code in hghave.py...

sslutil: further refactor sslkwargs The logic here and what happens with web.cacerts is mind numbing. Make the code even more explicit.

sslutil: document and slightly refactor sslkwargs This will help me and any reviewers keep sane as this code is refactored.

localrepo: remove a couple of local type aliases The local aliases are unused now, and were confusing mypy's type checker.

cmdutil: typo fix in comment

tests: add globs for Windows

chgserver: add [alias] to confighash The [alias] config section affects a global state: commands.table. It's hard to trace whether an alias is added by a config option or an extension, and add/remove aliases in a safe way per chg request. It will hurt performance a bit if we clean the table and parse aliases every time. Therefore let's just add it to confighash. This will make chg pass test-pager.t.

devel: use the 'config' argument for the dirstate normalisation develwarn

devel: use the new 'config' argument for the update develwarn

devel: use the new 'config' argument for the revset develwarn

devel: use the new 'config' argument for the dirstate develwarn

devel: use the new 'config' argument of the develwarn in deprecwarn Controling all deprecation warnings with the same config seems sensible. This mirror a fix (about missing gating) submitted for stable but with the new API.

develwarn: move config gating inside the develwarn function The config gating is almost always the same and contributor tend to forget it. We move the logic inside the function. Call site will be updated in later changeset. We might make the sub config mandatory in the future (once all old call sites are gone).

help: fix the display for `hg help internals.revlogs` (issue5227) It previously aborted saying the help section wasn't found. Credit to Yuya for figuring out the fix.

builddeb: add distroseries to tagged versions This is needed so that launchpad and friends have a unique version number for each distroseries (trusty, wily, xenial, etc). It was discovered when trying to upload 3.8 to launchpad.

debian: forgot to make debian/rules executable in 6b95a623ec90