Mercurial > hg
view tests/test-hgweb-csp.t @ 32697:19b9fc40cc51
revlog: skeleton support for version 2 revlogs
There are a number of improvements we want to make to revlogs
that will require a new version - version 2. It is unclear what the
full set of improvements will be or when we'll be done with them.
What I do know is that the process will likely take longer than a
single release, will require input from various stakeholders to
evaluate changes, and will have many contentious debates and
bikeshedding.
It is unrealistic to develop revlog version 2 up front: there
are just too many uncertainties that we won't know until things
are implemented and experiments are run. Some changes will also
be invasive and prone to bit rot, so sitting on dozens of patches
is not practical.
This commit introduces skeleton support for version 2 revlogs in
a way that is flexible and not bound by backwards compatibility
concerns.
An experimental repo requirement for denoting revlog v2 has been
added. The requirement string has a sub-version component to it.
This will allow us to declare multiple requirements in the course
of developing revlog v2. Whenever we change the in-development
revlog v2 format, we can tweak the string, creating a new
requirement and locking out old clients. This will allow us to
make as many backwards incompatible changes and experiments to
revlog v2 as we want. In other words, we can land code and make
meaningful progress towards revlog v2 while still maintaining
extreme format flexibility up until the point we freeze the
format and remove the experimental labels.
To enable the new repo requirement, you must supply an experimental
and undocumented config option. But not just any boolean flag
will do: you need to explicitly use a value that no sane person
should ever type. This is an additional guard against enabling
revlog v2 on an installation it shouldn't be enabled on. The
specific scenario I'm trying to prevent is say a user with a
4.4 client with a frozen format enabling the option but then
downgrading to 4.3 and accidentally creating repos with an
outdated and unsupported repo format. Requiring a "challenge"
string should prevent this.
Because the format is not yet finalized and I don't want to take
any chances, revlog v2's version is currently 0xDEAD. I figure
squatting on a value we're likely never to use as an actual revlog
version to mean "internal testing only" is acceptable. And
"dead" is easily recognized as something meaningful.
There is a bunch of cleanup that is needed before work on revlog
v2 begins in earnest. I plan on doing that work once this patch
is accepted and we're comfortable with the idea of starting down
this path.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Fri, 19 May 2017 20:29:11 -0700 |
parents | d7bf7d2bd5ab |
children | a6d95a8b7243 |
line wrap: on
line source
#require serve $ cat > web.conf << EOF > [paths] > / = $TESTTMP/* > EOF $ hg init repo1 $ cd repo1 $ touch foo $ hg -q commit -A -m initial $ cd .. $ hg serve -p $HGPORT -d --pid-file=hg.pid --web-conf web.conf $ cat hg.pid >> $DAEMON_PIDS repo index should not send Content-Security-Policy header by default $ get-with-headers.py --headeronly localhost:$HGPORT '' content-security-policy etag 200 Script output follows static page should not send CSP by default $ get-with-headers.py --headeronly localhost:$HGPORT static/mercurial.js content-security-policy etag 200 Script output follows repo page should not send CSP by default, should send ETag $ get-with-headers.py --headeronly localhost:$HGPORT repo1 content-security-policy etag 200 Script output follows etag: W/"*" (glob) $ killdaemons.py Configure CSP without nonce $ cat >> web.conf << EOF > [web] > csp = script-src https://example.com/ 'unsafe-inline' > EOF $ hg serve -p $HGPORT -d --pid-file=hg.pid --web-conf web.conf $ cat hg.pid > $DAEMON_PIDS repo index should send Content-Security-Policy header when enabled $ get-with-headers.py --headeronly localhost:$HGPORT '' content-security-policy etag 200 Script output follows content-security-policy: script-src https://example.com/ 'unsafe-inline' static page should send CSP when enabled $ get-with-headers.py --headeronly localhost:$HGPORT static/mercurial.js content-security-policy etag 200 Script output follows content-security-policy: script-src https://example.com/ 'unsafe-inline' repo page should send CSP by default, include etag w/o nonce $ get-with-headers.py --headeronly localhost:$HGPORT repo1 content-security-policy etag 200 Script output follows content-security-policy: script-src https://example.com/ 'unsafe-inline' etag: W/"*" (glob) nonce should not be added to html if CSP doesn't use it $ get-with-headers.py localhost:$HGPORT repo1/graph/tip | egrep 'content-security-policy|<script' <script type="text/javascript" src="/repo1/static/mercurial.js"></script> <!--[if IE]><script type="text/javascript" src="/repo1/static/excanvas.js"></script><![endif]--> <script type="text/javascript"> <script type="text/javascript"> Configure CSP with nonce $ killdaemons.py $ cat >> web.conf << EOF > csp = image-src 'self'; script-src https://example.com/ 'nonce-%nonce%' > EOF $ hg serve -p $HGPORT -d --pid-file=hg.pid --web-conf web.conf $ cat hg.pid > $DAEMON_PIDS nonce should be substituted in CSP header $ get-with-headers.py --headeronly localhost:$HGPORT '' content-security-policy etag 200 Script output follows content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob) nonce should be included in CSP for static pages $ get-with-headers.py --headeronly localhost:$HGPORT static/mercurial.js content-security-policy etag 200 Script output follows content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob) repo page should have nonce, no ETag $ get-with-headers.py --headeronly localhost:$HGPORT repo1 content-security-policy etag 200 Script output follows content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob) nonce should be added to html when used $ get-with-headers.py localhost:$HGPORT repo1/graph/tip content-security-policy | egrep 'content-security-policy|<script' content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob) <script type="text/javascript" src="/repo1/static/mercurial.js"></script> <!--[if IE]><script type="text/javascript" src="/repo1/static/excanvas.js"></script><![endif]--> <script type="text/javascript" nonce="*"> (glob) <script type="text/javascript" nonce="*"> (glob) hgweb_mod w/o hgwebdir works as expected $ killdaemons.py $ hg -R repo1 serve -p $HGPORT -d --pid-file=hg.pid --config "web.csp=image-src 'self'; script-src https://example.com/ 'nonce-%nonce%'" $ cat hg.pid > $DAEMON_PIDS static page sends CSP $ get-with-headers.py --headeronly localhost:$HGPORT static/mercurial.js content-security-policy etag 200 Script output follows content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob) nonce included in <script> and headers $ get-with-headers.py localhost:$HGPORT graph/tip content-security-policy | egrep 'content-security-policy|<script' content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob) <script type="text/javascript" src="/static/mercurial.js"></script> <!--[if IE]><script type="text/javascript" src="/static/excanvas.js"></script><![endif]--> <script type="text/javascript" nonce="*"> (glob) <script type="text/javascript" nonce="*"> (glob)