Mercurial > hg
view tests/test-trusted.py @ 42377:0546ead39a7e stable
manifest: avoid corruption by dropping removed files with pure (issue5801)
Previously, removed files would simply be marked by overwriting the first byte
with NUL and dropping their entry in `self.position`. But no effort was made to
ignore them when compacting the dictionary into text form. This allowed them to
slip into the manifest revision, since the code seems to be trying to minimize
the string operations by copying as large a chunk as possible. As part of this,
compact() walks the existing text based on entries in the `positions` list, and
consumed everything up to the next position entry. This typically resulted in
a ValueError complaining about unsorted manifest entries.
Sometimes it seems that files do get dropped in large repos- it seems to
correspond to there being a new entry that would take the same slot. A much
more trivial problem is that if the only changes were removals, `_compact()`
didn't even run because `__delitem__` doesn't add anything to `self.extradata`.
Now there's an explicit variable to flag this, both to allow `_compact()` to
run, and to avoid searching the manifest in cases where there are no removals.
In practice, this behavior was mostly obscured by the check in fastdelta() which
takes a different path that explicitly drops removed files if there are fewer
than 1000 changes. However, timeless has a repo where after rebasing tens of
commits, a totally different path[1] is taken that bypasses the change count
check and hits this problem.
[1] https://www.mercurial-scm.org/repo/hg/file/2338bdea4474/mercurial/manifest.py#l1511
| author | Matt Harbison <matt_harbison@yahoo.com> |
|---|---|
| date | Thu, 23 May 2019 21:54:24 -0400 |
| parents | 3028b4073be1 |
| children | 2372284d9457 |
line wrap: on
line source
# Since it's not easy to write a test that portably deals # with files from different users/groups, we cheat a bit by # monkey-patching some functions in the util module from __future__ import absolute_import, print_function import os import sys from mercurial import ( error, pycompat, ui as uimod, util, ) from mercurial.utils import stringutil hgrc = os.environ['HGRCPATH'] f = open(hgrc, 'rb') basehgrc = f.read() f.close() def _maybesysstr(v): if isinstance(v, bytes): return pycompat.sysstr(v) return pycompat.sysstr(stringutil.pprint(v)) def bprint(*args, **kwargs): print(*[_maybesysstr(a) for a in args], **{k: _maybesysstr(v) for k, v in kwargs.items()}) # avoid awkward interleaving with ui object's output sys.stdout.flush() def testui(user=b'foo', group=b'bar', tusers=(), tgroups=(), cuser=b'foo', cgroup=b'bar', debug=False, silent=False, report=True): # user, group => owners of the file # tusers, tgroups => trusted users/groups # cuser, cgroup => user/group of the current process # write a global hgrc with the list of trusted users/groups and # some setting so that we can be sure it was read f = open(hgrc, 'wb') f.write(basehgrc) f.write(b'\n[paths]\n') f.write(b'global = /some/path\n\n') if tusers or tgroups: f.write(b'[trusted]\n') if tusers: f.write(b'users = %s\n' % b', '.join(tusers)) if tgroups: f.write(b'groups = %s\n' % b', '.join(tgroups)) f.close() # override the functions that give names to uids and gids def username(uid=None): if uid is None: return cuser return user util.username = username def groupname(gid=None): if gid is None: return b'bar' return group util.groupname = groupname def isowner(st): return user == cuser util.isowner = isowner # try to read everything #print '# File belongs to user %s, group %s' % (user, group) #print '# trusted users = %s; trusted groups = %s' % (tusers, tgroups) kind = (b'different', b'same') who = (b'', b'user', b'group', b'user and the group') trusted = who[(user in tusers) + 2*(group in tgroups)] if trusted: trusted = b', but we trust the ' + trusted bprint(b'# %s user, %s group%s' % (kind[user == cuser], kind[group == cgroup], trusted)) u = uimod.ui.load() # disable the configuration registration warning # # the purpose of this test is to check the old behavior, not to validate the # behavior from registered item. so we silent warning related to unregisted # config. u.setconfig(b'devel', b'warn-config-unknown', False, b'test') u.setconfig(b'devel', b'all-warnings', False, b'test') u.setconfig(b'ui', b'debug', pycompat.bytestr(bool(debug))) u.setconfig(b'ui', b'report_untrusted', pycompat.bytestr(bool(report))) u.readconfig(b'.hg/hgrc') if silent: return u bprint(b'trusted') for name, path in u.configitems(b'paths'): bprint(b' ', name, b'=', util.pconvert(path)) bprint(b'untrusted') for name, path in u.configitems(b'paths', untrusted=True): bprint(b'.', end=b' ') u.config(b'paths', name) # warning with debug=True bprint(b'.', end=b' ') u.config(b'paths', name, untrusted=True) # no warnings bprint(name, b'=', util.pconvert(path)) print() return u os.mkdir(b'repo') os.chdir(b'repo') os.mkdir(b'.hg') f = open(b'.hg/hgrc', 'wb') f.write(b'[paths]\n') f.write(b'local = /another/path\n\n') f.close() #print '# Everything is run by user foo, group bar\n' # same user, same group testui() # same user, different group testui(group=b'def') # different user, same group testui(user=b'abc') # ... but we trust the group testui(user=b'abc', tgroups=[b'bar']) # different user, different group testui(user=b'abc', group=b'def') # ... but we trust the user testui(user=b'abc', group=b'def', tusers=[b'abc']) # ... but we trust the group testui(user=b'abc', group=b'def', tgroups=[b'def']) # ... but we trust the user and the group testui(user=b'abc', group=b'def', tusers=[b'abc'], tgroups=[b'def']) # ... but we trust all users bprint(b'# we trust all users') testui(user=b'abc', group=b'def', tusers=[b'*']) # ... but we trust all groups bprint(b'# we trust all groups') testui(user=b'abc', group=b'def', tgroups=[b'*']) # ... but we trust the whole universe bprint(b'# we trust all users and groups') testui(user=b'abc', group=b'def', tusers=[b'*'], tgroups=[b'*']) # ... check that users and groups are in different namespaces bprint(b"# we don't get confused by users and groups with the same name") testui(user=b'abc', group=b'def', tusers=[b'def'], tgroups=[b'abc']) # ... lists of user names work bprint(b"# list of user names") testui(user=b'abc', group=b'def', tusers=[b'foo', b'xyz', b'abc', b'bleh'], tgroups=[b'bar', b'baz', b'qux']) # ... lists of group names work bprint(b"# list of group names") testui(user=b'abc', group=b'def', tusers=[b'foo', b'xyz', b'bleh'], tgroups=[b'bar', b'def', b'baz', b'qux']) bprint(b"# Can't figure out the name of the user running this process") testui(user=b'abc', group=b'def', cuser=None) bprint(b"# prints debug warnings") u = testui(user=b'abc', group=b'def', cuser=b'foo', debug=True) bprint(b"# report_untrusted enabled without debug hides warnings") u = testui(user=b'abc', group=b'def', cuser=b'foo', report=False) bprint(b"# report_untrusted enabled with debug shows warnings") u = testui(user=b'abc', group=b'def', cuser=b'foo', debug=True, report=False) bprint(b"# ui.readconfig sections") filename = b'foobar' f = open(filename, 'wb') f.write(b'[foobar]\n') f.write(b'baz = quux\n') f.close() u.readconfig(filename, sections=[b'foobar']) bprint(u.config(b'foobar', b'baz')) print() bprint(b"# read trusted, untrusted, new ui, trusted") u = uimod.ui.load() # disable the configuration registration warning # # the purpose of this test is to check the old behavior, not to validate the # behavior from registered item. so we silent warning related to unregisted # config. u.setconfig(b'devel', b'warn-config-unknown', False, b'test') u.setconfig(b'devel', b'all-warnings', False, b'test') u.setconfig(b'ui', b'debug', b'on') u.readconfig(filename) u2 = u.copy() def username(uid=None): return b'foo' util.username = username u2.readconfig(b'.hg/hgrc') bprint(b'trusted:') bprint(u2.config(b'foobar', b'baz')) bprint(b'untrusted:') bprint(u2.config(b'foobar', b'baz', untrusted=True)) print() bprint(b"# error handling") def assertraises(f, exc=error.Abort): try: f() except exc as inst: bprint(b'raised', inst.__class__.__name__) else: bprint(b'no exception?!') bprint(b"# file doesn't exist") os.unlink(b'.hg/hgrc') assert not os.path.exists(b'.hg/hgrc') testui(debug=True, silent=True) testui(user=b'abc', group=b'def', debug=True, silent=True) print() bprint(b"# parse error") f = open(b'.hg/hgrc', 'wb') f.write(b'foo') f.close() # This is a hack to remove b'' prefixes from ParseError.__bytes__ on # Python 3. def normalizeparseerror(e): if pycompat.ispy3: args = [a.decode('utf-8') for a in e.args] else: args = e.args return error.ParseError(*args) try: testui(user=b'abc', group=b'def', silent=True) except error.ParseError as inst: bprint(normalizeparseerror(inst)) try: testui(debug=True, silent=True) except error.ParseError as inst: bprint(normalizeparseerror(inst)) print() bprint(b'# access typed information') with open(b'.hg/hgrc', 'wb') as f: f.write(b'''\ [foo] sub=main sub:one=one sub:two=two path=monty/python bool=true int=42 bytes=81mb list=spam,ham,eggs ''') u = testui(user=b'abc', group=b'def', cuser=b'foo', silent=True) def configpath(section, name, default=None, untrusted=False): path = u.configpath(section, name, default, untrusted) if path is None: return None return util.pconvert(path) bprint(b'# suboptions, trusted and untrusted') trusted = u.configsuboptions(b'foo', b'sub') untrusted = u.configsuboptions(b'foo', b'sub', untrusted=True) bprint( (trusted[0], sorted(trusted[1].items())), (untrusted[0], sorted(untrusted[1].items()))) bprint(b'# path, trusted and untrusted') bprint(configpath(b'foo', b'path'), configpath(b'foo', b'path', untrusted=True)) bprint(b'# bool, trusted and untrusted') bprint(u.configbool(b'foo', b'bool'), u.configbool(b'foo', b'bool', untrusted=True)) bprint(b'# int, trusted and untrusted') bprint( u.configint(b'foo', b'int', 0), u.configint(b'foo', b'int', 0, untrusted=True)) bprint(b'# bytes, trusted and untrusted') bprint( u.configbytes(b'foo', b'bytes', 0), u.configbytes(b'foo', b'bytes', 0, untrusted=True)) bprint(b'# list, trusted and untrusted') bprint( u.configlist(b'foo', b'list', []), u.configlist(b'foo', b'list', [], untrusted=True))