Mercurial > hg
view tests/test-patchbomb-tls.t @ 46326:3e23794b9e1c
run-tests: work around the Windows firewall popup for server processes
Windows doesn't have a `python3` executable, so cc0b332ab9fc attempted to work
around the issue by copying the current python to `python3.exe`. That put it in
`_tmpbindir` because of failures in `test-run-tests.t` when using `_bindir`,
which looked like a process was trying to open it to write out a copy while it
was in use. (Interestingly, I couldn't reproduce this running the test by
itself in a loop for a couple of hours, but it happens constantly when running
all tests.) The problem with using `_tmpbindir` is that it is the randomly
generated path for the test run, and instead of Windows Firewall remembering the
executable signature or image hash when allowing the process to open a server
port, it apparently remembers the image path. That means every run will trigger
a popup to allow it, which is bad for firing off a test run and walking away.
I tried to symlink to the python executable, but that currently requires admin
priviledges[1]. This will prompt the first time if the underlying python binary
has never opened a server port, but appears to avoid it on subsequent runs.
[1] https://bugs.python.org/issue40687
Differential Revision: https://phab.mercurial-scm.org/D9815
author | Matt Harbison <matt_harbison@yahoo.com> |
---|---|
date | Mon, 18 Jan 2021 00:50:01 -0500 |
parents | 8f50dc096cf4 |
children | 5644f6286618 |
line wrap: on
line source
#require serve ssl Set up SMTP server: $ CERTSDIR="$TESTDIR/sslcerts" $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem $ "$PYTHON" "$TESTDIR/dummysmtpd.py" -p $HGPORT --pid-file a.pid -d \ > --tls smtps --certificate `pwd`/server.pem listening at localhost:$HGPORT (?) $ cat a.pid >> $DAEMON_PIDS Set up repository: $ hg init t $ cd t $ cat <<EOF >> .hg/hgrc > [extensions] > patchbomb = > [email] > method = smtp > [smtp] > host = localhost > port = $HGPORT > tls = smtps > EOF $ echo a > a $ hg commit -Ama -d '1 0' adding a Utility functions: $ DISABLECACERTS= $ try () { > hg email $DISABLECACERTS -f quux -t foo -c bar -r tip "$@" > } Our test cert is not signed by a trusted CA. It should fail to verify if we are able to load CA certs: #if no-defaultcacertsloaded $ try this patch series consists of 1 patches. (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) (?i)abort: .*?certificate.verify.failed.* (re) [255] #endif #if defaultcacertsloaded $ try this patch series consists of 1 patches. (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) (?i)abort: .*?certificate.verify.failed.* (re) [255] #endif $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true" Without certificates: $ try --debug this patch series consists of 1 patches. (using smtps) sending mail: smtp host localhost, port * (glob) (verifying remote certificate) abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) [150] With global certificates: $ try --debug --config web.cacerts="$CERTSDIR/pub.pem" this patch series consists of 1 patches. (using smtps) sending mail: smtp host localhost, port * (glob) (verifying remote certificate) sending [PATCH] a ... With invalid certificates: $ try --config web.cacerts="$CERTSDIR/pub-other.pem" this patch series consists of 1 patches. (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) (?i)abort: .*?certificate.verify.failed.* (re) [255] $ cd ..