Mercurial > hg

view tests/test-gpg.t @ 29555:121d11814c62

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hgweb: use sslutil.wrapserversocket() This patch transitions the built-in HTTPS server to use sslutil for creating the server socket. As part of this transition, we implement developer-only config options to control CA loading and whether to require client certificates. This eliminates the need for the custom extension in test-https.t to define these. There is a slight change in behavior with regards to protocol selection. Before, we would always use the TLS 1.0 constant to define the protocol version. This would *only* use TLS 1.0. sslutil defaults to TLS 1.0+. So this patch improves the security of `hg serve` out of the box by allowing it to use TLS 1.1 and 1.2 (if available).
author Gregory Szorc <gregory.szorc@gmail.com>
date Tue, 12 Jul 2016 23:12:03 -0700
parents 4d2b9b304ad0
children 66e038fb3c0d
line wrap: on
line source

#require gpg

Test the GPG extension

  $ cat <<EOF >> $HGRCPATH
  > [extensions]
  > gpg=
  > 
  > [gpg]
  > cmd=gpg --no-permission-warning --no-secmem-warning --no-auto-check-trustdb --homedir "$TESTDIR/gpg"
  > EOF
  $ hg init r
  $ cd r
  $ echo foo > foo
  $ hg ci -Amfoo
  adding foo

  $ hg sigs

  $ HGEDITOR=cat hg sign -e 0
  signing 0:e63c23eaa88a
  Added signature for changeset e63c23eaa88a
  
  
  HG: Enter commit message.  Lines beginning with 'HG:' are removed.
  HG: Leave message empty to abort commit.
  HG: --
  HG: user: test
  HG: branch 'default'
  HG: added .hgsigs

  $ hg sigs
  hgtest                             0:e63c23eaa88ae77967edcf4ea194d31167c478b0

  $ hg sigcheck 0
  e63c23eaa88a is signed by:
   hgtest

verify that this test has not modified the trustdb.gpg file back in
the main hg working dir
  $ md5sum.py "$TESTDIR/gpg/trustdb.gpg"
  f6b9c78c65fa9536e7512bb2ceb338ae  */gpg/trustdb.gpg (glob)

don't leak any state to next test run
  $ rm -f "$TESTDIR/gpg/random_seed"

  $ cd ..