Mercurial > hg
comparison mercurial/wireproto.py @ 32744:33b7283a3828
streamclone: consider secret changesets (BC) (issue5589)
Previously, a repo containing secret changesets would be served via
stream clone, transferring those secret changesets. While secret
changesets aren't meant to imply strong security (if you really
want to keep them secret, others shouldn't have read access to the
repo), we should at least make an effort to protect secret changesets
when possible.
After this commit, we no longer serve stream clones for repos
containing secret changesets by default. This is backwards
incompatible behavior. In case anyone is relying on the behavior,
we provide a config option to opt into the old behavior.
Note that this defense is only beneficial for remote repos
accessed via the wire protocol: if a client has access to the
files backing a repo, they can get to the raw data and see secret
revisions.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Fri, 09 Jun 2017 10:41:13 -0700 |
parents | bd872f64a8ba |
children | 4c2a46f89f08 |
comparison
equal
deleted
inserted
replaced
32743:f924dd043974 | 32744:33b7283a3828 |
---|---|
752 - change done here will be propagated to both `capabilities` and `hello` | 752 - change done here will be propagated to both `capabilities` and `hello` |
753 command without any other action needed. | 753 command without any other action needed. |
754 """ | 754 """ |
755 # copy to prevent modification of the global list | 755 # copy to prevent modification of the global list |
756 caps = list(wireprotocaps) | 756 caps = list(wireprotocaps) |
757 if streamclone.allowservergeneration(repo.ui): | 757 if streamclone.allowservergeneration(repo): |
758 if repo.ui.configbool('server', 'preferuncompressed', False): | 758 if repo.ui.configbool('server', 'preferuncompressed', False): |
759 caps.append('stream-preferred') | 759 caps.append('stream-preferred') |
760 requiredformats = repo.requirements & repo.supportedformats | 760 requiredformats = repo.requirements & repo.supportedformats |
761 # if our local revlogs are just revlogv1, add 'stream' cap | 761 # if our local revlogs are just revlogv1, add 'stream' cap |
762 if not requiredformats - {'revlogv1'}: | 762 if not requiredformats - {'revlogv1'}: |
944 def stream(repo, proto): | 944 def stream(repo, proto): |
945 '''If the server supports streaming clone, it advertises the "stream" | 945 '''If the server supports streaming clone, it advertises the "stream" |
946 capability with a value representing the version and flags of the repo | 946 capability with a value representing the version and flags of the repo |
947 it is serving. Client checks to see if it understands the format. | 947 it is serving. Client checks to see if it understands the format. |
948 ''' | 948 ''' |
949 if not streamclone.allowservergeneration(repo.ui): | 949 if not streamclone.allowservergeneration(repo): |
950 return '1\n' | 950 return '1\n' |
951 | 951 |
952 def getstream(it): | 952 def getstream(it): |
953 yield '0\n' | 953 yield '0\n' |
954 for chunk in it: | 954 for chunk in it: |