Mercurial > hg

view contrib/check-commit @ 33492:14af04391fb9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
win32: add a method to trigger the Crypto API to complete a certificate chain I started a thread[1] on the mailing list awhile ago, but the short version is that Windows doesn't ship with a full list of certificates[2]. Even if the server sends the whole chain, if Windows doesn't have the appropriate certificate pre-installed in its "Third-Party Root Certification Authorities" store, connections mysteriously fail with: abort: error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661) Windows expects the application to call the methods invoked here as part of the certificate verification, triggering a call out to Windows update if necessary, to complete the trust chain. The python bug to add this support[3] hasn't had any recent activity, and isn't targeting py27 anyway. The only work around that I could find (besides figuring out the certificate and walking through the import wizard) is to browse to the site in Internet Explorer. Opening the page with FireFox or Chrome didn't work. That's a pretty obscure way to fix a pretty obscure problem. We go to great lengths to demystify various SSL errors, but this case is clearly lacking. Let's try to make things easier to diagnose and fix. When I had trouble figuring out how to get ctypes to work with all of the API pointers, I found that there are other python projects[4] using this API to achieve the same thing. [1] https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-April/096501.html [2] https://support.microsoft.com/en-us/help/931125/how-to-get-a-root-certificate-update-for-windows [3] https://bugs.python.org/issue20916 [4] https://github.com/nvaccess/nvda/blob/3b86bce2066b1934df14b96f2e83369900860ecf/source/updateCheck.py#L511
author Matt Harbison <matt_harbison@yahoo.com>
date Wed, 29 Mar 2017 23:45:23 -0400
parents 2fb3ae89e4e1
children 47084b5ffd80
line wrap: on
line source

#!/usr/bin/env python
#
# Copyright 2014 Matt Mackall <mpm@selenic.com>
#
# A tool/hook to run basic sanity checks on commits/patches for
# submission to Mercurial. Install by adding the following to your
# .hg/hgrc:
#
# [hooks]
# pretxncommit = contrib/check-commit
#
# The hook can be temporarily bypassed with:
#
# $ BYPASS= hg commit
#
# See also: https://mercurial-scm.org/wiki/ContributingChanges

from __future__ import absolute_import, print_function

import os
import re
import sys

commitheader = r"^(?:# [^\n]*\n)*"
afterheader = commitheader + r"(?!#)"
beforepatch = afterheader + r"(?!\n(?!@@))"

errors = [
    (beforepatch + r".*[(]bc[)]", "(BC) needs to be uppercase"),
    (beforepatch + r".*[(]issue \d\d\d",
     "no space allowed between issue and number"),
    (beforepatch + r".*[(]bug(\d|\s)", "use (issueDDDD) instead of bug"),
    (commitheader + r"# User [^@\n]+\n", "username is not an email address"),
    (commitheader + r"(?!merge with )[^#]\S+[^:] ",
     "summary line doesn't start with 'topic: '"),
    (afterheader + r"[A-Z][a-z]\S+", "don't capitalize summary lines"),
    (afterheader + r"[^\n]*: *[A-Z][a-z]\S+", "don't capitalize summary lines"),
    (afterheader + r"\S*[^A-Za-z0-9-_]\S*: ",
     "summary keyword should be most user-relevant one-word command or topic"),
    (afterheader + r".*\.\s*\n", "don't add trailing period on summary line"),
    (afterheader + r".{79,}", "summary line too long (limit is 78)"),
    (r"\n\+\n( |\+)\n", "adds double empty line"),
    (r"\n \n\+\n", "adds double empty line"),
    # Forbid "_" in function name.
    #
    # We skip the check for cffi related functions. They use names mapping the
    # name of the C function. C function names may contain "_".
    (r"\n\+[ \t]+def (?!cffi)[a-z]+_[a-z]",
     "adds a function with foo_bar naming"),
]

word = re.compile('\S')
def nonempty(first, second):
    if word.search(first):
        return first
    return second

def checkcommit(commit, node=None):
    exitcode = 0
    printed = node is None
    hits = []
    signtag = (afterheader +
          r'Added (tag [^ ]+|signature) for changeset [a-f0-9]{12}')
    if re.search(signtag, commit):
        return 0
    for exp, msg in errors:
        for m in re.finditer(exp, commit):
            end = m.end()
            trailing = re.search(r'(\\n)+$', exp)
            if trailing:
                end -= len(trailing.group()) / 2
            hits.append((end, exp, msg))
    if hits:
        hits.sort()
        pos = 0
        last = ''
        for n, l in enumerate(commit.splitlines(True)):
            pos += len(l)
            while len(hits):
                end, exp, msg = hits[0]
                if pos < end:
                    break
                if not printed:
                    printed = True
                    print("node: %s" % node)
                print("%d: %s" % (n, msg))
                print(" %s" % nonempty(l, last)[:-1])
                if "BYPASS" not in os.environ:
                    exitcode = 1
                del hits[0]
            last = nonempty(l, last)

    return exitcode

def readcommit(node):
    return os.popen("hg export %s" % node).read()

if __name__ == "__main__":
    exitcode = 0
    node = os.environ.get("HG_NODE")

    if node:
        commit = readcommit(node)
        exitcode = checkcommit(commit)
    elif sys.argv[1:]:
        for node in sys.argv[1:]:
            exitcode |= checkcommit(readcommit(node), node)
    else:
        commit = sys.stdin.read()
        exitcode = checkcommit(commit)
    sys.exit(exitcode)