subrepo: make "_sanitize()" work "_sanitize()" was introduced by 224e96078708 on "stable" branch, but it has done nothing for sanitizing since 224e96078708. "_sanitize()" assumes "Visitor" design pattern: "os.walk()" should invoke specified function ("v" in this case) for each directory elements under specified path but "os.walk()" assumes "Iterator" design pattern: callers of it should drive loop to scan each directory elements under specified path by themselves with the returned generator object Because of this mismatching, "_sanitize()" just discards the generator object returned by "os.walk()" and does nothing for sanitizing. This patch makes "_sanitize()" work. This patch also changes the format of warning message to show each unlinked files, for multiple appearances of "potentially hostile .hg/hgrc".

  $ hg init
  $ echo a > a
  $ hg ci -Am0
  adding a

  $ hg -q clone . foo

  $ touch .hg/store/journal

  $ echo foo > a
  $ hg ci -Am0
  abort: abandoned transaction found - run hg recover!
  [255]

  $ hg recover
  rolling back interrupted transaction
  checking changesets
  checking manifests
  crosschecking files in changesets and manifests
  checking files
  1 files, 1 changesets, 1 total revisions

Check that zero-size journals are correctly aborted:

#if unix-permissions no-root
  $ hg bundle -qa repo.hg
  $ chmod -w foo/.hg/store/00changelog.i

  $ hg -R foo unbundle repo.hg
  adding changesets
  abort: Permission denied: $TESTTMP/foo/.hg/store/.00changelog.i-* (glob)
  [255]

  $ if test -f foo/.hg/store/journal; then echo 'journal exists :-('; fi
#endif