Jun Wu <quark@fb.com> [Mon, 13 Jun 2016 13:16:17 +0100] rev 29343
tests: move chg pager test to test-pager.t
The test is valid for both hg and chg. Since we are adding another chg-related
pager test, let's put them together.
Augie Fackler <raf@durin42.com> [Fri, 10 Jun 2016 00:13:23 -0400] rev 29342
util: drop local aliases for md5, sha1, sha256, and sha512
This used to be needed to paper over hashlib not being in all Pythons
we support, but that's not a problem anymore, so we can simplify
things a little bit.
Augie Fackler <raf@durin42.com> [Fri, 10 Jun 2016 00:12:33 -0400] rev 29341
cleanup: replace uses of util.(md5|sha1|sha256|sha512) with hashlib.\1
All versions of Python we support or hope to support make the hash
functions available in the same way under the same name, so we may as
well drop the util forwards.
Augie Fackler <raf@durin42.com> [Fri, 10 Jun 2016 00:25:07 -0400] rev 29340
pathencode: use hashlib.sha1 directly instead of indirecting through util
Augie Fackler <raf@durin42.com> [Fri, 10 Jun 2016 00:10:34 -0400] rev 29339
revlog: use hashlib.sha1 directly instead of through util
Also remove module-local _sha alias, which was barely used.
Augie Fackler <raf@durin42.com> [Fri, 10 Jun 2016 00:10:06 -0400] rev 29338
store: use hashlib.sha1 directly instead of through util
Also remove module-local alias to _sha, since it's not used that much.
Augie Fackler <raf@durin42.com> [Fri, 10 Jun 2016 00:14:43 -0400] rev 29337
similar: delete extra newline at EOF
Spotted by my emacs config that cleans up extra whitespace.
Augie Fackler <raf@durin42.com> [Fri, 10 Jun 2016 00:14:10 -0400] rev 29336
scmutil: delete extra newline at EOF
Spotted by my emacs config that cleans up extra whitespace.
Martijn Pieters <mjpieters@fb.com> [Wed, 08 Jun 2016 16:18:43 +0100] rev 29335
graphmod: avoid sorting when already sorted
This is somewhat redundant now, but allows us to add a toposort that should not
be re-sorted either.
Gregory Szorc <gregory.szorc@gmail.com> [Tue, 07 Jun 2016 20:29:54 -0700] rev 29334
sslutil: per-host config option to define certificates
Recent work has introduced the [hostsecurity] config section for
defining per-host security settings. This patch builds on top
of this foundation and implements the ability to define a per-host
path to a file containing certificates used for verifying the server
certificate. It is logically a per-host web.cacerts setting.
This patch also introduces a warning when both per-host
certificates and fingerprints are defined. These are mutually
exclusive for host verification and I think the user should be
alerted when security settings are ambiguous because, well,
security is important.
Tests validating the new behavior have been added.
I decided against putting "ca" in the option name because a
non-CA certificate can be specified and used to validate the server
certificate (commonly this will be the exact public certificate
used by the server). It's worth noting that the underlying
Python API used is load_verify_locations(cafile=X) and it calls
into OpenSSL's SSL_CTX_load_verify_locations(). Even OpenSSL's
documentation seems to omit that the file can contain a non-CA
certificate if it matches the server's certificate exactly. I
thought a CA certificate was a special kind of x509 certificate.
Perhaps I'm wrong and any x509 certificate can be used as a
CA certificate [as far as OpenSSL is concerned]. In any case,
I thought it best to drop "ca" from the name because this reflects
reality.
Yuya Nishihara <yuya@tcha.org> [Fri, 27 May 2016 23:18:38 +0900] rev 29333
tests: add basic tests for SMTP over SSL
SSL handling in mail.py wasn't covered by our test suite, therefore it was
sometimes broken. This patch introduces pretty minimal tests that only cover
the default path. We can extend it later.
Tested with python 2.6.9 and 2.7.11 on Debian sid.
Yuya Nishihara <yuya@tcha.org> [Fri, 27 May 2016 22:43:47 +0900] rev 29332
tests: add dummy SMTP daemon for SSL tests
Currently it only supports SMTP over SSL since SMTPS should be simpler than
handling StartTLS.
Since we don't need asynchronous server for our tests, it does TLS handshake
in blocking way. But asyncore is required by Python smtpd module.
Yuya Nishihara <yuya@tcha.org> [Fri, 27 May 2016 22:40:09 +0900] rev 29331
tests: extract SSL certificates from test-https.t
They can be reused in SMTPS tests.
Yuya Nishihara <yuya@tcha.org> [Tue, 31 May 2016 21:49:49 +0900] rev 29330
check-code: make 'ls' pattern less invasive
I got false positive at "--tls smtps --certificate ...".
Henrik Stuart <henriks@unity3d.com> [Tue, 07 Jun 2016 08:32:33 +0200] rev 29329
largefiles: fix support for local largefiles while using share extension
Prior to revision 2a3f24786d09, largefiles were saved in the local repository,
even if it was using the share extension. After that change, all largefiles are
now stored in the shared repository. However, the backward compatibility for
existing largefiles already placed in the local repository was never tested,
and has been broken since.
Matt Mackall <mpm@selenic.com> [Thu, 09 Jun 2016 13:47:42 -0500] rev 29328
merge with stable
Denis Laxalde <denis.laxalde@logilab.fr> [Tue, 07 Jun 2016 11:57:11 +0200] rev 29327
crecord: drop unused "operation" parameter from filterpatch function
Denis Laxalde <denis.laxalde@logilab.fr> [Tue, 07 Jun 2016 10:37:19 +0200] rev 29326
patch: define full messages for interactive record/revert
Followup 14eee72c8d52 to provide complete context for proper localization.
Also update cmdutil.recordfilter docstring to remove recommendation that
"operation" argument should be translated. Indeed, for record/revert, we
either go to patch.filterpatch or crecord.filterpatch (in curses mode) ; the
former now build the full ui message from the operation parameter and the
latter does not use this parameter (removing in a followup patch). For shelve,
operation is not specified and this thus falls back to "record".
Denis Laxalde <denis.laxalde@logilab.fr> [Wed, 01 Jun 2016 15:16:38 +0200] rev 29325
hgweb: remove unused code in annotate web command
Pulkit Goyal <7895pulkit@gmail.com> [Sat, 04 Jun 2016 14:38:00 +0530] rev 29324
py3: conditionalize cPickle import by adding in util
The cPickle is renamed to _pickle in python3 and this C extension is available
in pickle which was not included in earlier versions. So imports are conditionalized
to import cPickle in py2 and pickle in py3. Moreover the use of pickle in py2 is
switched to cPickle as the C extension is faster. The hack is added in util.py and
the modules import util.pickle
Matt Mackall <mpm@selenic.com> [Thu, 02 Jun 2016 17:11:32 -0500] rev 29323
bdiff: remove effectively dead code
Now that we extend matches backwards in the inner loop, the final
adjustment has no effect.
(A similar extension for the forward direction is trickier and has
less benefit.)
Matt Mackall <mpm@selenic.com> [Thu, 02 Jun 2016 17:09:06 -0500] rev 29322
bdiff: extend matches across popular lines
For very large diffs that have large numbers of identical lines (JSON
dumps) that also have large blocks of identical text, bdiff could become
confused about which block matches which because it can only match
very limited regions. The result is very large diffs for small sets of edits.
The earlier recursion rebalancing fix made this behavior more frequent because
it's now more prone to match block 1 to block 2. One frequent user of
large JSON files reported being unable to pass the resulting diffs
through their code review system.
Prior to this change, bdiff would calculate the length of a match at
(i, j) as 1 + length found at (i-1, j-1). With large number of popular
(ignored) lines, this often meant matches couldn't be extended
backwards at all and thus all matching regions were very small.
Disabling the popularity threshold is not an option because it brings
back quadratic behavior.
Instead, we extend a match backwards until we either found a previously
discovered match or we find a mismatching line. This thus successfully
bridges over any popular lines inside and before a matching region.
The larger regions then significant reduce the probability of confusion.
Yuya Nishihara <yuya@tcha.org> [Fri, 03 Jun 2016 21:49:26 +0900] rev 29321
test-revset: fix test vector for ordering issue of matching()
592e0beee8b0 fixed matching() to preserve the order of the input set, but
the test was incorrect. Given "A and B", "A" should be the input set to "B".
But thanks to our optimizer, the test expression was rewritten as
"(2 or 3 or 1) and matching(1 or 2 or 3)", therefore it was working well.
Since I'm going to fix the overall ordering issue, the test needs to be
adjusted to do the right thing.
liscju <piotr.listkiewicz@gmail.com> [Fri, 20 May 2016 01:42:04 +0200] rev 29320
largefiles: rename match_ to matchmod import in lfutil
liscju <piotr.listkiewicz@gmail.com> [Thu, 12 May 2016 11:49:23 +0200] rev 29319
largefiles: rename match_ to matchmod import in reposetup
liscju <piotr.listkiewicz@gmail.com> [Thu, 12 May 2016 11:48:39 +0200] rev 29318
largefiles: rename match_ to matchmod import in overrides
liscju <piotr.listkiewicz@gmail.com> [Thu, 12 May 2016 11:36:51 +0200] rev 29317
largefiles: rename match_ to matchmod import in lfcommands
liscju <piotr.listkiewicz@gmail.com> [Tue, 10 May 2016 15:20:04 +0200] rev 29316
py3: make largefiles/wirestore.py use absolute_import
liscju <piotr.listkiewicz@gmail.com> [Tue, 10 May 2016 15:14:41 +0200] rev 29315
py3: make largefiles/uisetup.py use absolute_import
liscju <piotr.listkiewicz@gmail.com> [Tue, 10 May 2016 15:04:22 +0200] rev 29314
py3: make largefiles/reposetup.py use absolute_import
liscju <piotr.listkiewicz@gmail.com> [Tue, 10 May 2016 15:00:22 +0200] rev 29313
py3: make largefiles/remotestore.py use absolute_import
liscju <piotr.listkiewicz@gmail.com> [Tue, 10 May 2016 14:41:58 +0200] rev 29312
py3: make largefiles/proto.py use absolute_import
liscju <piotr.listkiewicz@gmail.com> [Tue, 10 May 2016 14:26:36 +0200] rev 29311
py3: make largefiles/overrides.py use absolute_import
liscju <piotr.listkiewicz@gmail.com> [Tue, 10 May 2016 14:20:51 +0200] rev 29310
py3: make largefiles/localstore.py use absolute_import
liscju <piotr.listkiewicz@gmail.com> [Tue, 10 May 2016 15:09:22 +0200] rev 29309
py3: make largefiles/lfutil.py use absolute_import
liscju <piotr.listkiewicz@gmail.com> [Sat, 07 May 2016 15:44:46 +0200] rev 29308
py3: make largefiles/lfcommands.py use absolute_import
liscju <piotr.listkiewicz@gmail.com> [Fri, 06 May 2016 14:30:23 +0200] rev 29307
py3: make largefiles/basestore.py use absolute_import
liscju <piotr.listkiewicz@gmail.com> [Fri, 06 May 2016 14:28:32 +0200] rev 29306
py3: make largefiles/__init__.py use absolute_import
liscju <piotr.listkiewicz@gmail.com> [Sat, 04 Jun 2016 16:53:44 +0200] rev 29305
largefiles: move basestore._openstore into new module to remove cycle
Kostia Balytskyi <ikostia@fb.com> [Thu, 02 Jun 2016 22:39:01 +0100] rev 29304
revset: make filteredset.__nonzero__ respect the order of the filteredset
This fix allows __nonzero__ to respect the direction of iteration of the
whole filteredset. Here's the case when it matters. Imagine that we have a
very large repository and we want to execute a command like:
$ hg log --rev '(tip:0) and user(ikostia)' --limit 1
(we want to get the latest commit by me).
Mercurial will evaluate a filteredset lazy data structure, an
instance of the filteredset class, which will know that it has to iterate
in a descending order (isdescending() will return True if called). This
means that when some code iterates over the instance of this filteredset,
the 'and user(ikostia)' condition will be first checked on the latest
revision, then on the second latest and so on, allowing Mercurial to
print matches as it founds them. However, cmdutil.getgraphlogrevs
contains the following code:
revs = _logrevs(repo, opts)
if not revs:
return revset.baseset(), None, None
The "not revs" expression is evaluated by calling filteredset.__nonzero__,
which in its current implementation will try to iterate the filteredset
in ascending order until it finds a revision that matches the 'and user(..'
condition. If the condition is only true on late revisions, a lot of
useless iterations will be done. These iterations could be avoided if
__nonzero__ followed the order of the filteredset, which in my opinion
is a sensible thing to do here.
The problem gets even worse when instead of 'user(ikostia)' some more
expensive check is performed, like grepping the commit diff.
I tested this fix on a very large repo where tip is my commit and my very
first commit comes fairly late in the revision history. Results of timing
of the above command on that very large repo.
-with my fix:
real 0m1.795s
user 0m1.657s
sys 0m0.135s
-without my fix:
real 1m29.245s
user 1m28.223s
sys 0m0.929s
I understand that this is a very specific kind of problem that presents
itself very rarely, only on very big repositories and with expensive
checks and so on. But I don't see any disadvantages to this kind of fix
either.
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Fri, 03 Jun 2016 00:44:20 +0900] rev 29303
phases: make writing phaseroots file out avoid ambiguity of file stat
Cached attribute repo._phasecache uses stat of '.hg/phaseroots' file
to examine validity of cached contents. If writing '.hg/phaseroots'
file out keeps ctime, mtime and size of it, change is overlooked, and
old contents cached before change isn't invalidated as expected.
To avoid ambiguity of file stat, this patch writes '.hg/phaseroots'
file out with checkambig=True.
This patch is a part of "Exact Cache Validation Plan":
https://www.mercurial-scm.org/wiki/ExactCacheValidationPlan
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Fri, 03 Jun 2016 00:44:20 +0900] rev 29302
dirstate: make writing branch file out avoid ambiguity of file stat
Cached attribute dirstate._branch uses stat of '.hg/branch' file to
examine validity of cached contents. If writing '.hg/branch' file out
keeps ctime, mtime and size of it, change is overlooked, and old
contents cached before change isn't invalidated as expected.
To avoid ambiguity of file stat, this patch writes '.hg/branch' file
out with checkambig=True.
This patch is a part of "Exact Cache Validation Plan":
https://www.mercurial-scm.org/wiki/ExactCacheValidationPlan
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Fri, 03 Jun 2016 00:44:20 +0900] rev 29301
dirstate: make writing dirstate file out avoid ambiguity of file stat
Cached attribute repo.dirstate uses stat of '.hg/dirstate' file to
examine validity of cached contents. If writing '.hg/dirstate' file
out keeps ctime, mtime and size of it, change is overlooked, and old
contents cached before change isn't invalidated as expected.
To avoid ambiguity of file stat, this patch writes '.hg/dirstate' file
out with checkambig=True.
The former diff hunk changes the code path for "dirstate.write()", and
the latter changes the code path for "dirstate.savebackup()".
This patch is a part of "Exact Cache Validation Plan":
https://www.mercurial-scm.org/wiki/ExactCacheValidationPlan
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Fri, 03 Jun 2016 00:44:20 +0900] rev 29300
bookmarks: make writing files out avoid ambiguity of file stat
Cached attribute repo._bookmarks uses stat of '.hg/bookmarks' and
'.hg/bookmarks.current' files to examine validity of cached
contents. If writing these files out keeps ctime, mtime and size of
them, change is overlooked, and old contents cached before change
isn't invalidated as expected.
To avoid ambiguity of file stat, this patch writes '.hg/bookmarks' and
'.hg/bookmarks.current' files out with checkambig=True.
This patch is a part of "Exact Cache Validation Plan":
https://www.mercurial-scm.org/wiki/ExactCacheValidationPlan
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Fri, 03 Jun 2016 00:44:20 +0900] rev 29299
transaction: avoid ambiguity of file stat at closing transaction
Files below, which might be changed at closing transaction, are used
to examine validity of cached properties. If changing keeps ctime,
mtime and size of a file, change is overlooked, and old contents
cached before change isn't invalidated as expected.
- .hg/bookmarks
- .hg/dirstate
- .hg/phaseroots
To avoid ambiguity of file stat, this patch writes files out with
checkambig=True at closing transaction.
checkambig becomes True only at closing (= 'not suffix'), because stat
information of '.pending' file isn't used to examine validity of
cached properties.
This patch is a part of "Exact Cache Validation Plan":
https://www.mercurial-scm.org/wiki/ExactCacheValidationPlan
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Fri, 03 Jun 2016 00:44:20 +0900] rev 29298
util: add __ne__ to filestat class for consistency
This is follow up for ca4065028e00, which introduced filestat class.
Pierre-Yves David <pierre-yves.david@ens-lyon.org> [Sat, 16 Apr 2016 16:01:24 -0700] rev 29297
style: remove namespace class
For better or worse, our coding do not use use class for pure namespacing. We
remove the class introduced in a5009789960c.
Pierre-Yves David <pierre-yves.david@ens-lyon.org> [Sat, 16 Apr 2016 15:59:30 -0700] rev 29296
style: don't use capital letter for constant
For better or worse, our coding do not use all caps for constants. We rename
constant name introduced in a5009789960c.
Danek Duvall <danek.duvall@oracle.com> [Thu, 02 Jun 2016 16:18:44 -0700] rev 29295
tests-subrepo-git: use "f" to dump pwned.txt, for portability
Rather than sometimes using a complicated shell construct to dump pwned.txt
(if it wasn't expected to exist, but might, if something were broken) or
just cat (if it was expected to exist), just use the "f" utility, which
will be consistent in its behavior across different platforms.
Also make sure that *something* gets put into pwned.txt, even if we ended
up typoing the message variable.
Mads Kiilerich <madski@unity3d.com> [Wed, 01 Jun 2016 21:40:52 +0200] rev 29294
bundle2: don't assume ordering of heads checked after push
Usually, the heads will have the same ordering in handlecheckheads. Insisting
on the same ordering is however an unnecessary constraint that in some custom
cases can cause pushes to fail even though the actual heads didn't change. This
caused production issues for us in combination with the current version of
https://bitbucket.org/Unity-Technologies/hgwebcachingproxy/ .
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 04 Jun 2016 11:16:08 -0700] rev 29293
sslutil: print the fingerprint from the last hash used
Before, we would always print the unprefixed SHA-1 fingerprint when
fingerprint comparison failed. Now, we print the fingerprint of the
last hash used, including the prefix if necessary. This helps ensure
that the printed hash type matches what is in the user configuration.
There are still some cases where this can print a mismatched hash type.
e.g. if there are both SHA-1 and SHA-256 fingerprints in the config,
we could print a SHA-1 hash if it comes after the SHA-256 hash. But
I'm inclined to ignore this edge case.
While I was here, the "section" variable assignment has been moved to
just above where it is used because it is now only needed for this
error message and it makes the code easier to read.
Gregory Szorc <gregory.szorc@gmail.com> [Tue, 31 May 2016 19:21:08 -0700] rev 29292
sslutil: make cert fingerprints messages more actionable
The previous warning and abort messages were difficult to understand.
This patch makes them slightly better.
I think there is still room to tweak the messaging. And as we adopt
new security defaults, these messages will certainly change again.
But at least this takes us a step in the right direction.
References to "section" have been removed because if no fingerprint
is defined, "section" can never be "hostfingerprints." So just print
"hostsecurity" every time.
Gregory Szorc <gregory.szorc@gmail.com> [Mon, 30 May 2016 15:43:03 -0700] rev 29291
sslutil: refactor code for fingerprint matching
We didn't need to use a temporary variable to indicate success because
we just return anyway.
This refactor makes the code simpler. While we're here, we also call
into formatfingerprint() to ensure the fingerprint from the proper
hashing algorithm is logged.
Gregory Szorc <gregory.szorc@gmail.com> [Mon, 30 May 2016 15:42:39 -0700] rev 29290
sslutil: print SHA-256 fingerprint by default
The world is starting to move on from SHA-1. A few commits ago, we
gained the ability to define certificate fingerprints using SHA-256
and SHA-512.
Let's start printing the SHA-256 fingerprint instead of the SHA-1
fingerprint to encourage people to pin with a more secure hashing
algorithm.
There is still a bit of work to be done around the fingerprint
messaging. This will be addressed in subsequent commits.
Gregory Szorc <gregory.szorc@gmail.com> [Mon, 30 May 2016 13:15:53 -0700] rev 29289
sslutil: move and change warning when cert verification is disabled
A short time ago, validatesocket() didn't know the reasons why
cert verification was disabled. Multiple code paths could lead
to cert verification being disabled. e.g. --insecure and lack
of loaded CAs.
With the recent refactorings to sslutil.py, we now know the reasons
behind security settings. This means we can recognize when the user
requested security be disabled (as opposed to being unable to provide
certificate verification due to lack of CAs).
This patch moves the check for certificate verification being disabled
and changes the wording to distinguish it from other states. The
warning message is purposefully more dangerous sounding in order
to help discourage people from disabling security outright.
We may want to add a URL or hint to this message. I'm going to wait
until additional changes to security defaults before committing to
something.
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 01 Jun 2016 19:57:20 -0700] rev 29288
sslutil: add devel.disableloaddefaultcerts to disable CA loading
There are various tests for behavior when CA certs aren't loaded.
Previously, we would pass --insecure to disable loading of CA
certs. This has worked up to this point because the error message
for --insecure and no CAs loaded is the same. Upcoming commits will
change the error message for --insecure and will change behavior
when CAs aren't loaded.
This commit introduces the ability to disable loading of CA certs
by setting devel.disableloaddefaultcerts. This allows a testing
backdoor to disable loading of CA certs even if system/default
CA certs are available. The flag is purposefully not exposed to
end-users because there should not be a need for this in the wild:
certificate pinning and --insecure provide workarounds to disable
cert loading/validation.
Tests have been updated to use the new method. The variable used
to disable CA certs has been renamed because the method is not
OS X specific.
Gregory Szorc <gregory.szorc@gmail.com> [Mon, 30 May 2016 11:20:31 -0700] rev 29287
sslutil: store flag for whether cert verification is disabled
This patch effectively moves the ui.insecureconnections check to
_hostsettings(). After this patch, validatesocket() no longer uses the
ui instance for anything except writing messages.
This patch also enables us to introduce a per-host config option
for disabling certificate verification.
Gregory Szorc <gregory.szorc@gmail.com> [Mon, 30 May 2016 11:19:43 -0700] rev 29286
sslutil: remove "strict" argument from validatesocket()
It was only used by mail.py as part of processing smtp.verifycert,
which was just removed.
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 04 Jun 2016 11:13:28 -0700] rev 29285
mail: unsupport smtp.verifycert (BC)
smtp.verifycert was accidentally broken by cca59ef27e60. And,
I believe the "loose" value has been broken for longer than that.
The current code refuses to talk to a remote server unless the
CA is trusted or the fingerprint is validated. In other words,
we lost the ability for smtp.verifycert to lower/disable security.
There are special considerations for smtp.verifycert in
sslutil.validatesocket() (the "strict" argument). This violates
the direction sslutil is evolving towards, which has all security
options determined at wrapsocket() time and a unified code path and
configs for determining security options.
Since smtp.verifycert is broken and since we'll soon have new
security defaults and new mechanisms for controlling host security,
this patch formally deprecates smtp.verifycert. With this patch,
the socket security code in mail.py now effectively mirrors code
in url.py and other places we're doing socket security.
For the record, removing smtp.verifycert because it was accidentally
broken is a poor excuse to remove it. However, I would have done this
anyway because smtp.verifycert is a one-off likely used by few people
(users of the patchbomb extension) and I don't think the existence
of this seldom-used one-off in security code can be justified,
especially when you consider that better mechanisms are right around
the corner.
liscju <piotr.listkiewicz@gmail.com> [Tue, 05 Apr 2016 07:30:01 +0200] rev 29284
update: fix bare --clean to work on new branch (issue5003) (BC)
Before this commit bare update --clean on newly created branch
updates to the parent commit, even if there are later commits
on the parent commit's branch. Update to the latest head on the
parent commit's branch instead.
This seems reasonable as clean should discard uncommited changes,
branch is one of them.
Denis Laxalde <denis.laxalde@logilab.fr> [Fri, 03 Jun 2016 15:55:07 +0200] rev 29283
revert: use "discard"/"revert" verb when reverting interactively (issue5143)
Instead of "record this change to 'FILE'?" now prompt with:
* "discard this change to 'FILE'?" when reverting to the parent of working
directory, and,
* "revert this change to 'FILE'?" otherwise.
timeless <timeless@mozdev.org> [Tue, 05 Apr 2016 01:35:58 +0000] rev 29282
run-tests: add support for RTUNICODEPEDANTRY environment variable
based on 73e4a02e6d23
timeless <timeless@mozdev.org> [Fri, 27 May 2016 05:24:45 +0000] rev 29281
obsolete: fix grammar
timeless <timeless@mozdev.org> [Sun, 03 Apr 2016 20:49:30 +0000] rev 29280
tests: add run-test .testtimes basic testing
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 31 May 2016 21:02:30 +0900] rev 29279
check-code: make repquote distinguish more characters for exact detection
This patch makes repquote() distinguish more characters below, as a
preparation for exact detection in subsequent patch.
- "%" as "%"
- "\\" as "b"(ackslash)
- "*" as "A"(sterisk)
- "+" as "P"(lus)
- "-" as "M"(inus)
Characters other than "%" don't use itself as replacement, because
they are treated as special ones in regexp.
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 31 May 2016 21:02:30 +0900] rev 29278
check-code: centralize rules depending on implementation of repquote
This decreases the cost of checking which regexp should be adjusted at
change of repquote().
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 31 May 2016 21:02:30 +0900] rev 29277
check-code: use fixedmap for replacement of space characters
This can centralize management of fixed replacement into fixedmap.
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 31 May 2016 20:58:10 +0900] rev 29276
check-code: replace quoted characters correctly
169cb9e47f8e tried to detect '.. note::' more exactly. But
implementation of it seems not correct, because:
- fromc.find(c) returns -1 for other than "." and ":"
- tochr[-1] returns "q" for such characters, but
- expected result for them is "o"
This patch uses dict to manage replacement instead of replacing
str.find() by str.index(), for improvement/refactoring in subsequent
patches. Examination by fixedmap is placed just after examination for
' ' and '\n', because subsequent patch will integrate the latter into
the former.
This patch also changes regexp for 'string join across lines with no
space' rule, and adds detailed test for it, because 169cb9e47f8e did:
- make repquote() distinguish "." (as "p") and ":" (as "q") from
others (as "o"), but
- not change this regexp without any reason (in commit log, at
least), even though this regexp depends on what "o" means
This patch doesn't focuses on deciding whether "." and/or ":" should
be followed by whitespace or not in translatable messages.
Yuya Nishihara <yuya@tcha.org> [Sat, 21 May 2016 21:43:29 +0900] rev 29275
test-chg: add basic tests for server lifecycle
I'm going to move around the codes in AutoExitMixIn. This test should catch
a subtle bug of unlinking sockets which I made in draft patches.
Yuya Nishihara <yuya@tcha.org> [Sun, 20 Mar 2016 14:59:03 -0700] rev 29274
test-chg: run only with chg
It doesn't make sense to run test-chg.t without chg, so ignore it with vanilla
hg, and specify chg executable explicitly.
test-chg.t can host chg-specific tests.
Mateusz Kwapich <mitrandir@fb.com> [Thu, 26 May 2016 17:36:44 -0700] rev 29273
distate: add assertions to backup functions
Those assertions will prevent the backup functions from overwriting
the dirstate file in case both: suffix and prefix are empty.
(foozy suggested making that change and I agree with him)
Matt Mackall <mpm@selenic.com> [Wed, 01 Jun 2016 15:48:38 -0500] rev 29272
Added signature for changeset a9764ab80e11
Matt Mackall <mpm@selenic.com> [Wed, 01 Jun 2016 15:48:30 -0500] rev 29271
Added tag 3.8.3 for changeset a9764ab80e11
Mateusz Kwapich <mitrandir@fb.com> [Tue, 24 May 2016 13:29:53 -0700] rev 29270
shelve: use backup functions instead of manually copying dirstate
This increases encapsulation of dirstate: the dirstate file is private
to the dirstate module and shouldn't be touched by extensions directly.
Mateusz Kwapich <mitrandir@fb.com> [Wed, 25 May 2016 16:36:16 -0700] rev 29269
dirstate: don't use actualfilename to name the backup file
The issue with using actualfilename is that dirstate saved during transaction
with "pending" in filename will be impossible to recover from outside of the
transaction because the recover method will be looking for the name without
"pending".
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 28 May 2016 12:58:46 -0700] rev 29268
sslutil: reference appropriate config section in messaging
Error messages reference the config section defining the host
fingerprint. Now that we have multiple sections where this config
setting could live, we need to point the user at the appropriate
one.
We default to the new "hostsecurity" section. But we will still
refer them to the "hostfingerprint" section if a value is defined
there.
There are some corner cases where the messaging might be off. e.g.
they could define a SHA-1 fingerprint in both sections. IMO the
messaging needs a massive overhaul. I plan to do this as part
of future refactoring to security settings.
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 28 May 2016 12:37:36 -0700] rev 29267
sslutil: allow fingerprints to be specified in [hostsecurity]
We introduce the [hostsecurity] config section. It holds per-host
security settings.
Currently, the section only contains a "fingerprints" option,
which behaves like [hostfingerprints] but supports specifying the
hashing algorithm.
There is still some follow-up work, such as changing some error
messages.
timeless <timeless@mozdev.org> [Wed, 09 Mar 2016 19:55:45 +0000] rev 29266
debuginstall: expose modulepolicy
With this, you can check for pure easily:
$ HGMODULEPOLICY=py ./hg debuginstall -T "{hgmodulepolicy}"
py
Yuya Nishihara <yuya@tcha.org> [Sat, 14 May 2016 19:52:00 +0900] rev 29265
revset: define table of sort() key functions
This should be more readable than big "if" branch.
Yuya Nishihara <yuya@tcha.org> [Sat, 14 May 2016 19:46:18 +0900] rev 29264
revset: factor out reverse flag of sort() key
Prepares for making a table of sort keys. This assumes 'k' has at least one
character, which should be guaranteed by keys.split().
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 28 May 2016 12:29:59 -0700] rev 29263
tests: don't save host fingerprints in hgrc
Previously, the test saved the host fingerprints in hgrc. Many tests
override the fingerprint at run-time. This was a bit dangerous and
was too magical for my liking. It will also interfere with a future
patch that adds a new source for obtaining fingerprints.
So change the test to require the fingerprint on every command
invocation.
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 28 May 2016 11:58:28 -0700] rev 29262
sslutil: calculate host fingerprints from additional algorithms
Currently, we only support defining host fingerprints with SHA-1.
A future patch will introduce support for defining fingerprints
using other hashing algorithms. In preparation for that, we
rewrite the fingerprint verification code to support multiple
fingerprints, namely SHA-256 and SHA-512 fingerprints.
We still only display the SHA-1 fingerprint. We'll have to revisit
this code once we support defining fingerprints with other hash
functions.
As part of this, I snuck in a change to use range() instead of
xrange() because xrange() isn't necessary for such small values.
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 28 May 2016 12:57:28 -0700] rev 29261
util: add sha256
Upcoming patches will teach host fingerprint checking to verify
non-SHA1 fingerprints.
Many x509 certificates these days are SHA-256. And modern browsers
often display the SHA-256 fingerprint for certificates. Since
SHA-256 fingerprints are highly visible and easy to obtain, we
want to support them for fingerprint pinning. So add SHA-256
support to util.
I did not add SHA-256 to DIGESTS and DIGESTS_BY_STRENGTH because
this will advertise the algorithm on the wire protocol. I wasn't
sure if that would be appropriate. I'm playing it safe by leaving
it out for now.
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 28 May 2016 12:53:33 -0700] rev 29260
sslutil: move CA file processing into _hostsettings()
The CA file processing code has been moved from _determinecertoptions
into _hostsettings(). As part of the move, the logic has been changed
slightly and the "cacerts" variable has been renamed to "cafile" to
match the argument used by SSLContext.load_verify_locations().
Since _determinecertoptions() no longer contains any meaningful
code, it has been removed.
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 28 May 2016 11:41:21 -0700] rev 29259
sslutil: move SSLContext.verify_mode value into _hostsettings
_determinecertoptions() and _hostsettings() are redundant with each
other. _hostsettings() is used the flexible API we want.
We start the process of removing _determinecertoptions() by moving
some of the logic for the verify_mode value into _hostsettings().
As part of this, _determinecertoptions() now takes a settings dict
as its argument. This is technically API incompatible. But since
_determinecertoptions() came into existence a few days ago as part
of this release, I'm not flagging it as such.
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 28 May 2016 11:12:02 -0700] rev 29258
sslutil: introduce a function for determining host-specific settings
This patch marks the beginning of a series that introduces a new,
more configurable, per-host security settings mechanism. Currently,
we have global settings (like web.cacerts and the --insecure argument).
We also have per-host settings via [hostfingerprints].
Global security settings are good for defaults, but they don't
provide the amount of control often wanted. For example, an
organization may want to require a particular CA is used for a
particular hostname.
[hostfingerprints] is nice. But it currently assumes SHA-1.
Furthermore, there is no obvious place to put additional per-host
settings.
Subsequent patches will be introducing new mechanisms for defining
security settings, some on a per-host basis. This commits starts
the transition to that world by introducing the _hostsettings
function. It takes a ui and hostname and returns a dict of security
settings. Currently, it limits itself to returning host fingerprint
info.
We foreshadow the future support of non-SHA1 hashing algorithms
for verifying the host fingerprint by making the "certfingerprints"
key a list of tuples instead of a list of hashes.
We add this dict to the hgstate property on the socket and use it
during socket validation for checking fingerprints. There should be
no change in behavior.
Danek Duvall <danek.duvall@oracle.com> [Fri, 27 May 2016 15:20:03 -0700] rev 29257
tests-subrepo-git: emit a different "pwned" message based on the test
Having a single "pwned" message which may or may not be emitted during the
tests for CVE-2016-3068 leads to extra confusion. Allow each test to emit
a more detailed message based on what the expectations are.
In both cases, we expect a version of git which has had the vulnerability
plugged, as well as a version of mercurial which also knows about
GIT_ALLOW_PROTOCOL. For the first test, we make sure GIT_ALLOW_PROTOCOL is
unset, meaning that the ext-protocol subrepo should be ignored; if it
isn't, there's either a problem with mercurial or the installed copy of
git.
For the second test, we explicitly allow ext-protocol subrepos, which means
that the subrepo will be accessed and a message emitted confirming that
this was, in fact, our intention.
Danek Duvall <danek.duvall@oracle.com> [Fri, 27 May 2016 15:10:38 -0700] rev 29256
tests-subrepo-git: make the "pwned" message output in a stable order
The "pwned" message from this test gets gets sent to stderr, and so may get
emitted in different places from run to run in the rest of mercurial's
output. This patch forces the message to go to a specific file instead,
whose existence and contents we can examine at a stable point in the test's
execution.
Danek Duvall <danek.duvall@oracle.com> [Fri, 27 May 2016 11:14:29 -0700] rev 29255
test-cache-abuse: correct for different hunk headers between Solaris and GNU
When diffing against an empty file, Solaris diff uses 1 to designate the
first line of the empty file (either -1,0 on the left or +1,0 on the right)
while GNU diff uses 0 (-0,0 and +0,0). We use a glob here to make sure the
test passes with either toolchain.
I've not added tests to check-code because there are scads of places in the
tests where the GNU format is used due to that being the format that "hg
diff" and "hg export" use, and changing those to use globs seems wrong.
Javi Merino <merino.jav@gmail.com> [Fri, 27 May 2016 21:24:05 +0200] rev 29254
lazymanifest: fix typo s/typles/tuples/
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:57:31 -0700] rev 29253
sslutil: remove sslkwargs() (API)
It is now unused.
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:57:02 -0700] rev 29252
url: remove use of sslkwargs
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:56:20 -0700] rev 29251
mail: remove use of sslkwargs
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:54:06 -0700] rev 29250
httpconnection: remove use of sslkwargs
It now does nothing.
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:52:02 -0700] rev 29249
sslutil: move sslkwargs logic into internal function (API)
As the previous commit documented, sslkwargs() doesn't add any
value since its return is treated as a black box and proxied
to wrapsocket().
We formalize its uselessness by moving its logic into a
new, internal function and make sslkwargs() return an empty
dict.
The certificate arguments that sslkwargs specified have been
removed from wrapsocket() because they should no longer be
set.
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:43:22 -0700] rev 29248
sslutil: remove ui from sslkwargs (API)
Arguments to sslutil.wrapsocket() are partially determined by
calling sslutil.sslkwargs(). This function receives a ui and
a hostname and determines what settings, if any, need to be
applied when the socket is wrapped.
Both the ui and hostname are passed into wrapsocket(). The
other arguments to wrapsocket() provided by sslkwargs() (ca_certs
and cert_reqs) are not looked at or modified anywhere outside
of sslutil.py. So, sslkwargs() doesn't need to exist as a
separate public API called before wrapsocket().
This commit starts the process of removing external consumers of
sslkwargs() by removing the "ui" key/argument from its return.
All callers now pass the ui argument explicitly.