Mercurial > hg
view mercurial/server.py @ 35884:197d10e157ce
httppeer: remove support for connecting to <0.9.1 servers (BC)
Previously, HTTP wire protocol clients would attempt a
"capabilities" wire protocol command. If that failed, they would
fall back to issuing a "between" command.
The "capabilities" command was added in Mercurial 0.9.1 (released
July 2006). The "between" command has been present for as long as
the wire protocol has existed. So if the "between" command failed,
it was safe to assume that the remote could not speak any version
of the Mercurial wire protocol.
The "between" fallback was added in 395a84f78736 in 2011. Before that
changeset, Mercurial would *always* issue the "between" command and
would issue "capabilities" if capabilities were requested. At that time,
many connections would issue "capabilities" eventually, so it was
decided to issue "capabilities" by default and fall back to "between"
if that failed. This saved a round trip when connecting to modern
servers while still preserving compatibility with legacy servers.
Fast forward ~7 years. Mercurial servers supporting "capabilities"
have been around for over a decade. If modern clients are
connecting to <0.9.1 servers, they are getting a bad experience.
They may even be getting bad data (an old server is vulnerable to
numerous security issues and could have been p0wned, leading to a
Mercurial repository serving backdoors or other badness).
In addition, the fallback can harm experience for modern servers.
If a client experiences an intermittent HTTP request failure (due to
bad network, etc) and falls back to a "between" that works, it would
assume an empty capability set and would attempt to communicate with
the repository using a very ancient wire protocol. Auditing HTTP logs
for hg.mozilla.org, I did find a handful of requests for the
null range of the "between" command. However, requests can be days
apart. And when I do see requests, they come in batches. Those
batches seem to correlate to spikes of HTTP 500 or other
server/network events. So I think these requests are fallbacks from
failed "capabilities" requests and not from old clients.
If you need even more evidence to discontinue support, apparently
we have no test coverage for communicating with servers not
supporting "capabilities." I know this because all tests pass
with the "between" fallback removed.
Finally, server-side support for <0.9.1 pushing (the "addchangegroup"
wire protocol command along with locking-related commands) was dropped
from the HTTP client in fda0867cfe03 in 2017 and the SSH client in
9f6e0e7ef828 in 2015.
I think this all adds up to enough justification for removing client
support for communicating with servers not supporting "capabilities."
So this commit removes that fallback.
Differential Revision: https://phab.mercurial-scm.org/D2001
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Fri, 02 Feb 2018 13:13:46 -0800 |
| parents | bfcd0d227972 |
| children | d4a2e0d5d042 |
line wrap: on
line source
# server.py - utility and factory of server # # Copyright 2005-2007 Matt Mackall <mpm@selenic.com> # # This software may be used and distributed according to the terms of the # GNU General Public License version 2 or any later version. from __future__ import absolute_import import os import tempfile from .i18n import _ from . import ( chgserver, cmdutil, commandserver, error, hgweb, pycompat, util, ) def runservice(opts, parentfn=None, initfn=None, runfn=None, logfile=None, runargs=None, appendpid=False): '''Run a command as a service.''' def writepid(pid): if opts['pid_file']: if appendpid: mode = 'ab' else: mode = 'wb' fp = open(opts['pid_file'], mode) fp.write('%d\n' % pid) fp.close() if opts['daemon'] and not opts['daemon_postexec']: # Signal child process startup with file removal lockfd, lockpath = tempfile.mkstemp(prefix='hg-service-') os.close(lockfd) try: if not runargs: runargs = util.hgcmd() + pycompat.sysargv[1:] runargs.append('--daemon-postexec=unlink:%s' % lockpath) # Don't pass --cwd to the child process, because we've already # changed directory. for i in xrange(1, len(runargs)): if runargs[i].startswith('--cwd='): del runargs[i] break elif runargs[i].startswith('--cwd'): del runargs[i:i + 2] break def condfn(): return not os.path.exists(lockpath) pid = util.rundetached(runargs, condfn) if pid < 0: raise error.Abort(_('child process failed to start')) writepid(pid) finally: util.tryunlink(lockpath) if parentfn: return parentfn(pid) else: return if initfn: initfn() if not opts['daemon']: writepid(util.getpid()) if opts['daemon_postexec']: try: os.setsid() except AttributeError: pass for inst in opts['daemon_postexec']: if inst.startswith('unlink:'): lockpath = inst[7:] os.unlink(lockpath) elif inst.startswith('chdir:'): os.chdir(inst[6:]) elif inst != 'none': raise error.Abort(_('invalid value for --daemon-postexec: %s') % inst) util.hidewindow() util.stdout.flush() util.stderr.flush() nullfd = os.open(os.devnull, os.O_RDWR) logfilefd = nullfd if logfile: logfilefd = os.open(logfile, os.O_RDWR | os.O_CREAT | os.O_APPEND, 0o666) os.dup2(nullfd, 0) os.dup2(logfilefd, 1) os.dup2(logfilefd, 2) if nullfd not in (0, 1, 2): os.close(nullfd) if logfile and logfilefd not in (0, 1, 2): os.close(logfilefd) if runfn: return runfn() _cmdservicemap = { 'chgunix': chgserver.chgunixservice, 'pipe': commandserver.pipeservice, 'unix': commandserver.unixforkingservice, } def _createcmdservice(ui, repo, opts): mode = opts['cmdserver'] try: return _cmdservicemap[mode](ui, repo, opts) except KeyError: raise error.Abort(_('unknown mode %s') % mode) def _createhgwebservice(ui, repo, opts): # this way we can check if something was given in the command-line if opts.get('port'): opts['port'] = util.getport(opts.get('port')) alluis = {ui} if repo: baseui = repo.baseui alluis.update([repo.baseui, repo.ui]) else: baseui = ui webconf = opts.get('web_conf') or opts.get('webdir_conf') if webconf: if opts.get('subrepos'): raise error.Abort(_('--web-conf cannot be used with --subrepos')) # load server settings (e.g. web.port) to "copied" ui, which allows # hgwebdir to reload webconf cleanly servui = ui.copy() servui.readconfig(webconf, sections=['web']) alluis.add(servui) elif opts.get('subrepos'): servui = ui # If repo is None, hgweb.createapp() already raises a proper abort # message as long as webconf is None. if repo: webconf = dict() cmdutil.addwebdirpath(repo, "", webconf) else: servui = ui optlist = ("name templates style address port prefix ipv6" " accesslog errorlog certificate encoding") for o in optlist.split(): val = opts.get(o, '') if val in (None, ''): # should check against default options instead continue for u in alluis: u.setconfig("web", o, val, 'serve') app = hgweb.createapp(baseui, repo, webconf) return hgweb.httpservice(servui, app, opts) def createservice(ui, repo, opts): if opts["cmdserver"]: return _createcmdservice(ui, repo, opts) else: return _createhgwebservice(ui, repo, opts)