Mercurial > hg

view mercurial/dummycert.pem @ 29304:5e32852fa4bd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
revset: make filteredset.__nonzero__ respect the order of the filteredset This fix allows __nonzero__ to respect the direction of iteration of the whole filteredset. Here's the case when it matters. Imagine that we have a very large repository and we want to execute a command like: $ hg log --rev '(tip:0) and user(ikostia)' --limit 1 (we want to get the latest commit by me). Mercurial will evaluate a filteredset lazy data structure, an instance of the filteredset class, which will know that it has to iterate in a descending order (isdescending() will return True if called). This means that when some code iterates over the instance of this filteredset, the 'and user(ikostia)' condition will be first checked on the latest revision, then on the second latest and so on, allowing Mercurial to print matches as it founds them. However, cmdutil.getgraphlogrevs contains the following code: revs = _logrevs(repo, opts) if not revs: return revset.baseset(), None, None The "not revs" expression is evaluated by calling filteredset.__nonzero__, which in its current implementation will try to iterate the filteredset in ascending order until it finds a revision that matches the 'and user(..' condition. If the condition is only true on late revisions, a lot of useless iterations will be done. These iterations could be avoided if __nonzero__ followed the order of the filteredset, which in my opinion is a sensible thing to do here. The problem gets even worse when instead of 'user(ikostia)' some more expensive check is performed, like grepping the commit diff. I tested this fix on a very large repo where tip is my commit and my very first commit comes fairly late in the revision history. Results of timing of the above command on that very large repo. -with my fix: real 0m1.795s user 0m1.657s sys 0m0.135s -without my fix: real 1m29.245s user 1m28.223s sys 0m0.929s I understand that this is a very specific kind of problem that presents itself very rarely, only on very big repositories and with expensive checks and so on. But I don't see any disadvantages to this kind of fix either.
author Kostia Balytskyi <ikostia@fb.com>
date Thu, 02 Jun 2016 22:39:01 +0100
parents d7f7f1860f00
children
line wrap: on
line source

A dummy certificate that will make OS X 10.6+ Python use the system CA
certificate store:

-----BEGIN CERTIFICATE-----
MIIBIzCBzgIJANjmj39sb3FmMA0GCSqGSIb3DQEBBQUAMBkxFzAVBgNVBAMTDmhn
LmV4YW1wbGUuY29tMB4XDTE0MDgzMDA4NDU1OVoXDTE0MDgyOTA4NDU1OVowGTEX
MBUGA1UEAxMOaGcuZXhhbXBsZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
mh/ZySGlcq0ALNLmA1gZqt61HruywPrRk6WyrLJRgt+X7OP9FFlEfl2tzHfzqvmK
CtSQoPINWOdAJMekBYFgKQIDAQABMA0GCSqGSIb3DQEBBQUAA0EAF9h49LkSqJ6a
IlpogZuUHtihXeKZBsiktVIDlDccYsNy0RSh9XxUfhk+XMLw8jBlYvcltSXdJ7We
aKdQRekuMQ==
-----END CERTIFICATE-----

This certificate was generated to be syntactically valid but never be usable;
it expired before it became valid.

Created as:

  $ cat > cn.conf << EOT
  > [req]
  > distinguished_name = req_distinguished_name
  > [req_distinguished_name]
  > commonName = Common Name
  > commonName_default = no.example.com
  > EOT
  $ openssl req -nodes -new -x509 -keyout /dev/null \
  >   -out dummycert.pem -days -1 -config cn.conf -subj '/CN=hg.example.com'

To verify the content of this certificate:

  $ openssl x509 -in dummycert.pem -noout -text
  Certificate:
      Data:
          Version: 1 (0x0)
          Serial Number: 15629337334278746470 (0xd8e68f7f6c6f7166)
      Signature Algorithm: sha1WithRSAEncryption
          Issuer: CN=hg.example.com
          Validity
              Not Before: Aug 30 08:45:59 2014 GMT
              Not After : Aug 29 08:45:59 2014 GMT
          Subject: CN=hg.example.com
          Subject Public Key Info:
              Public Key Algorithm: rsaEncryption
                  Public-Key: (512 bit)
                  Modulus:
                      00:9a:1f:d9:c9:21:a5:72:ad:00:2c:d2:e6:03:58:
                      19:aa:de:b5:1e:bb:b2:c0:fa:d1:93:a5:b2:ac:b2:
                      51:82:df:97:ec:e3:fd:14:59:44:7e:5d:ad:cc:77:
                      f3:aa:f9:8a:0a:d4:90:a0:f2:0d:58:e7:40:24:c7:
                      a4:05:81:60:29
                  Exponent: 65537 (0x10001)
      Signature Algorithm: sha1WithRSAEncryption
           17:d8:78:f4:b9:12:a8:9e:9a:22:5a:68:81:9b:94:1e:d8:a1:
           5d:e2:99:06:c8:a4:b5:52:03:94:37:1c:62:c3:72:d1:14:a1:
           f5:7c:54:7e:19:3e:5c:c2:f0:f2:30:65:62:f7:25:b5:25:dd:
           27:b5:9e:68:a7:50:45:e9:2e:31