Mercurial > hg
view tests/sslcerts/README @ 44717:3dc6a70779f2
phabricator: add an option to fold several commits into one review (issue6244)
Now that all of the pieces are in place, alter the user facing command to allow
it. This is the default behavior when using `arc`, but I much prefer the 1:1
approach, and I'm tempted to mark this advanced to limit its abuse. I started
out calling this `--no-stack` like the feature request suggested, but I found it
less obvious (especially when writing the code), so I went with the `hg fold`
analogue.
This will populate the `Commits` tab in the web UI with the hash of each commit
folded into the review. From experimentation, it seems to list them in the
order they are received from the extension instead of the actual parent/child
relationship. The extension sends them in sorted order, thanks to
`templatefilters.json()`. Since there's enough info there for them to put
things in the right order, JSON is unordered aside from lists (IIUC), and there
doesn't seem to be any harmful side effects, I guess we write this off as their
bug. It is simple enough to workaround by putting a check for `util.sortdict`
into `templatefilters.json()`, and don't resort in that case.
There are a handful of restrictions that are documented in the code, which
somebody could probably fix if they're interested. Notably, this requires the
(default) `--amend` option, because there's not an easy way to apply a local tag
across several commits. This also doesn't do preflight checking to ensure that
all previous commits that were part of a single review are selected when
updating. That seems expensive. What happens is the excluded commit is dropped
from the review, but it keeps the Differential Revision line in the commit
message. Not everything can be edited, so it doesn't seem worth making the code
even more complicated to handle this edge case.
There are a couple of "obsolete feature not enabled but X markers found!"
messages that appeared on Windows but not macOS. I have no idea what's going on
here, but that's an unrelated issue, so I conditionalized those lines.
Differential Revision: https://phab.mercurial-scm.org/D8314
author | Matt Harbison <matt_harbison@yahoo.com> |
---|---|
date | Wed, 08 Apr 2020 17:30:10 -0400 |
parents | 43f3c0df2fab |
children |
line wrap: on
line source
Generate a private key (priv.pem): $ openssl genrsa -out priv.pem 2048 Generate 2 self-signed certificates from this key (pub.pem, pub-other.pem): $ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \ -out pub.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/' $ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \ -out pub-other.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/' Now generate an expired certificate by turning back the system time: $ faketime 2016-01-01T00:00:00Z \ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \ -out pub-expired.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/' Generate a certificate not yet active by advancing the system time: $ faketime 2030-01-1T00:00:00Z \ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \ -out pub-not-yet.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/' Generate a passphrase protected client certificate private key: $ openssl genrsa -aes256 -passout pass:1234 -out client-key.pem 2048 Create a copy of the private key without a passphrase: $ openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem Create a CSR and sign the key using the server keypair: $ printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' | \ openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem $ openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \ -set_serial 01 -out client-cert.pem When replacing the certificates, references to certificate fingerprints will need to be updated in test files. Fingerprints for certs can be obtained by running: $ openssl x509 -in pub.pem -noout -sha1 -fingerprint $ openssl x509 -in pub.pem -noout -sha256 -fingerprint