Mercurial > hg
view hgext/extdiff.py @ 29559:7dec5e441bf7
sslutil: config option to specify TLS protocol version
Currently, Mercurial will use TLS 1.0 or newer when connecting to
remote servers, selecting the highest TLS version supported by both
peers. On older Pythons, only TLS 1.0 is available. On newer Pythons,
TLS 1.1 and 1.2 should be available.
Security-minded people may want to not take any risks running
TLS 1.0 (or even TLS 1.1). This patch gives those people a config
option to explicitly control which TLS versions Mercurial should use.
By providing this option, one can require newer TLS versions
before they are formally deprecated by Mercurial/Python/OpenSSL/etc
and lower their security exposure. This option also provides an
easy mechanism to change protocol policies in Mercurial. If there
is a 0-day and TLS 1.0 is completely broken, we can act quickly
without changing much code.
Because setting the minimum TLS protocol is something you'll likely
want to do globally, this patch introduces a global config option under
[hostsecurity] for that purpose.
wrapserversocket() has been taught a hidden config option to define
the explicit protocol to use. This is queried in this function and
not passed as an argument because I don't want to expose this dangerous
option as part of the Python API. There is a risk someone could footgun
themselves. But the config option is a devel option, has a warning
comment, and I doubt most people are using `hg serve` to run a
production HTTPS server (I would have something not Mercurial/Python
handle TLS). If this is problematic, we can go back to using a
custom extension in tests to coerce the server into bad behavior.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Thu, 14 Jul 2016 20:47:22 -0700 |
parents | 4f86c3bed63b |
children | 67b180c0e263 |
line wrap: on
line source
# extdiff.py - external diff program support for mercurial # # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> # # This software may be used and distributed according to the terms of the # GNU General Public License version 2 or any later version. '''command to allow external programs to compare revisions The extdiff Mercurial extension allows you to use external programs to compare revisions, or revision with working directory. The external diff programs are called with a configurable set of options and two non-option arguments: paths to directories containing snapshots of files to compare. The extdiff extension also allows you to configure new diff commands, so you do not need to type :hg:`extdiff -p kdiff3` always. :: [extdiff] # add new command that runs GNU diff(1) in 'context diff' mode cdiff = gdiff -Nprc5 ## or the old way: #cmd.cdiff = gdiff #opts.cdiff = -Nprc5 # add new command called meld, runs meld (no need to name twice). If # the meld executable is not available, the meld tool in [merge-tools] # will be used, if available meld = # add new command called vimdiff, runs gvimdiff with DirDiff plugin # (see http://www.vim.org/scripts/script.php?script_id=102) Non # English user, be sure to put "let g:DirDiffDynamicDiffText = 1" in # your .vimrc vimdiff = gvim -f "+next" \\ "+execute 'DirDiff' fnameescape(argv(0)) fnameescape(argv(1))" Tool arguments can include variables that are expanded at runtime:: $parent1, $plabel1 - filename, descriptive label of first parent $child, $clabel - filename, descriptive label of child revision $parent2, $plabel2 - filename, descriptive label of second parent $root - repository root $parent is an alias for $parent1. The extdiff extension will look in your [diff-tools] and [merge-tools] sections for diff tool arguments, when none are specified in [extdiff]. :: [extdiff] kdiff3 = [diff-tools] kdiff3.diffargs=--L1 '$plabel1' --L2 '$clabel' $parent $child You can use -I/-X and list of file or directory names like normal :hg:`diff` command. The extdiff extension makes snapshots of only needed files, so running the external diff program will actually be pretty fast (at least faster than having to compare the entire tree). ''' from __future__ import absolute_import import os import re import shlex import shutil import tempfile from mercurial.i18n import _ from mercurial.node import ( nullid, short, ) from mercurial import ( archival, cmdutil, commands, encoding, error, filemerge, scmutil, util, ) cmdtable = {} command = cmdutil.command(cmdtable) # Note for extension authors: ONLY specify testedwith = 'internal' for # extensions which SHIP WITH MERCURIAL. Non-mainline extensions should # be specifying the version(s) of Mercurial they are tested with, or # leave the attribute unspecified. testedwith = 'internal' def snapshot(ui, repo, files, node, tmproot, listsubrepos): '''snapshot files as of some revision if not using snapshot, -I/-X does not work and recursive diff in tools like kdiff3 and meld displays too many files.''' dirname = os.path.basename(repo.root) if dirname == "": dirname = "root" if node is not None: dirname = '%s.%s' % (dirname, short(node)) base = os.path.join(tmproot, dirname) os.mkdir(base) fns_and_mtime = [] if node is not None: ui.note(_('making snapshot of %d files from rev %s\n') % (len(files), short(node))) else: ui.note(_('making snapshot of %d files from working directory\n') % (len(files))) if files: repo.ui.setconfig("ui", "archivemeta", False) archival.archive(repo, base, node, 'files', matchfn=scmutil.matchfiles(repo, files), subrepos=listsubrepos) for fn in sorted(files): wfn = util.pconvert(fn) ui.note(' %s\n' % wfn) if node is None: dest = os.path.join(base, wfn) fns_and_mtime.append((dest, repo.wjoin(fn), os.lstat(dest).st_mtime)) return dirname, fns_and_mtime def dodiff(ui, repo, cmdline, pats, opts): '''Do the actual diff: - copy to a temp structure if diffing 2 internal revisions - copy to a temp structure if diffing working revision with another one and more than 1 file is changed - just invoke the diff for a single file in the working dir ''' revs = opts.get('rev') change = opts.get('change') do3way = '$parent2' in cmdline if revs and change: msg = _('cannot specify --rev and --change at the same time') raise error.Abort(msg) elif change: node2 = scmutil.revsingle(repo, change, None).node() node1a, node1b = repo.changelog.parents(node2) else: node1a, node2 = scmutil.revpair(repo, revs) if not revs: node1b = repo.dirstate.p2() else: node1b = nullid # Disable 3-way merge if there is only one parent if do3way: if node1b == nullid: do3way = False subrepos=opts.get('subrepos') matcher = scmutil.match(repo[node2], pats, opts) if opts.get('patch'): if subrepos: raise error.Abort(_('--patch cannot be used with --subrepos')) if node2 is None: raise error.Abort(_('--patch requires two revisions')) else: mod_a, add_a, rem_a = map(set, repo.status(node1a, node2, matcher, listsubrepos=subrepos)[:3]) if do3way: mod_b, add_b, rem_b = map(set, repo.status(node1b, node2, matcher, listsubrepos=subrepos)[:3]) else: mod_b, add_b, rem_b = set(), set(), set() modadd = mod_a | add_a | mod_b | add_b common = modadd | rem_a | rem_b if not common: return 0 tmproot = tempfile.mkdtemp(prefix='extdiff.') try: if not opts.get('patch'): # Always make a copy of node1a (and node1b, if applicable) dir1a_files = mod_a | rem_a | ((mod_b | add_b) - add_a) dir1a = snapshot(ui, repo, dir1a_files, node1a, tmproot, subrepos)[0] rev1a = '@%d' % repo[node1a].rev() if do3way: dir1b_files = mod_b | rem_b | ((mod_a | add_a) - add_b) dir1b = snapshot(ui, repo, dir1b_files, node1b, tmproot, subrepos)[0] rev1b = '@%d' % repo[node1b].rev() else: dir1b = None rev1b = '' fns_and_mtime = [] # If node2 in not the wc or there is >1 change, copy it dir2root = '' rev2 = '' if node2: dir2 = snapshot(ui, repo, modadd, node2, tmproot, subrepos)[0] rev2 = '@%d' % repo[node2].rev() elif len(common) > 1: #we only actually need to get the files to copy back to #the working dir in this case (because the other cases #are: diffing 2 revisions or single file -- in which case #the file is already directly passed to the diff tool). dir2, fns_and_mtime = snapshot(ui, repo, modadd, None, tmproot, subrepos) else: # This lets the diff tool open the changed file directly dir2 = '' dir2root = repo.root label1a = rev1a label1b = rev1b label2 = rev2 # If only one change, diff the files instead of the directories # Handle bogus modifies correctly by checking if the files exist if len(common) == 1: common_file = util.localpath(common.pop()) dir1a = os.path.join(tmproot, dir1a, common_file) label1a = common_file + rev1a if not os.path.isfile(dir1a): dir1a = os.devnull if do3way: dir1b = os.path.join(tmproot, dir1b, common_file) label1b = common_file + rev1b if not os.path.isfile(dir1b): dir1b = os.devnull dir2 = os.path.join(dir2root, dir2, common_file) label2 = common_file + rev2 else: template = 'hg-%h.patch' cmdutil.export(repo, [repo[node1a].rev(), repo[node2].rev()], template=repo.vfs.reljoin(tmproot, template), match=matcher) label1a = cmdutil.makefilename(repo, template, node1a) label2 = cmdutil.makefilename(repo, template, node2) dir1a = repo.vfs.reljoin(tmproot, label1a) dir2 = repo.vfs.reljoin(tmproot, label2) dir1b = None label1b = None fns_and_mtime = [] # Function to quote file/dir names in the argument string. # When not operating in 3-way mode, an empty string is # returned for parent2 replace = {'parent': dir1a, 'parent1': dir1a, 'parent2': dir1b, 'plabel1': label1a, 'plabel2': label1b, 'clabel': label2, 'child': dir2, 'root': repo.root} def quote(match): pre = match.group(2) key = match.group(3) if not do3way and key == 'parent2': return pre return pre + util.shellquote(replace[key]) # Match parent2 first, so 'parent1?' will match both parent1 and parent regex = (r'''(['"]?)([^\s'"$]*)''' r'\$(parent2|parent1?|child|plabel1|plabel2|clabel|root)\1') if not do3way and not re.search(regex, cmdline): cmdline += ' $parent1 $child' cmdline = re.sub(regex, quote, cmdline) ui.debug('running %r in %s\n' % (cmdline, tmproot)) ui.system(cmdline, cwd=tmproot) for copy_fn, working_fn, mtime in fns_and_mtime: if os.lstat(copy_fn).st_mtime != mtime: ui.debug('file changed while diffing. ' 'Overwriting: %s (src: %s)\n' % (working_fn, copy_fn)) util.copyfile(copy_fn, working_fn) return 1 finally: ui.note(_('cleaning up temp directory\n')) shutil.rmtree(tmproot) extdiffopts = [ ('o', 'option', [], _('pass option to comparison program'), _('OPT')), ('r', 'rev', [], _('revision'), _('REV')), ('c', 'change', '', _('change made by revision'), _('REV')), ('', 'patch', None, _('compare patches for two revisions')) ] + commands.walkopts + commands.subrepoopts @command('extdiff', [('p', 'program', '', _('comparison program to run'), _('CMD')), ] + extdiffopts, _('hg extdiff [OPT]... [FILE]...'), inferrepo=True) def extdiff(ui, repo, *pats, **opts): '''use external program to diff repository (or selected files) Show differences between revisions for the specified files, using an external program. The default program used is diff, with default options "-Npru". To select a different program, use the -p/--program option. The program will be passed the names of two directories to compare. To pass additional options to the program, use -o/--option. These will be passed before the names of the directories to compare. When two revision arguments are given, then changes are shown between those revisions. If only one revision is specified then that revision is compared to the working directory, and, when no revisions are specified, the working directory files are compared to its parent.''' program = opts.get('program') option = opts.get('option') if not program: program = 'diff' option = option or ['-Npru'] cmdline = ' '.join(map(util.shellquote, [program] + option)) return dodiff(ui, repo, cmdline, pats, opts) def uisetup(ui): for cmd, path in ui.configitems('extdiff'): path = util.expandpath(path) if cmd.startswith('cmd.'): cmd = cmd[4:] if not path: path = util.findexe(cmd) if path is None: path = filemerge.findexternaltool(ui, cmd) or cmd diffopts = ui.config('extdiff', 'opts.' + cmd, '') cmdline = util.shellquote(path) if diffopts: cmdline += ' ' + diffopts elif cmd.startswith('opts.'): continue else: if path: # case "cmd = path opts" cmdline = path diffopts = len(shlex.split(cmdline)) > 1 else: # case "cmd =" path = util.findexe(cmd) if path is None: path = filemerge.findexternaltool(ui, cmd) or cmd cmdline = util.shellquote(path) diffopts = False # look for diff arguments in [diff-tools] then [merge-tools] if not diffopts: args = ui.config('diff-tools', cmd+'.diffargs') or \ ui.config('merge-tools', cmd+'.diffargs') if args: cmdline += ' ' + args def save(cmdline): '''use closure to save diff command to use''' def mydiff(ui, repo, *pats, **opts): options = ' '.join(map(util.shellquote, opts['option'])) if options: options = ' ' + options return dodiff(ui, repo, cmdline + options, pats, opts) doc = _('''\ use %(path)s to diff repository (or selected files) Show differences between revisions for the specified files, using the %(path)s program. When two revision arguments are given, then changes are shown between those revisions. If only one revision is specified then that revision is compared to the working directory, and, when no revisions are specified, the working directory files are compared to its parent.\ ''') % {'path': util.uirepr(path)} # We must translate the docstring right away since it is # used as a format string. The string will unfortunately # be translated again in commands.helpcmd and this will # fail when the docstring contains non-ASCII characters. # Decoding the string to a Unicode string here (using the # right encoding) prevents that. mydiff.__doc__ = doc.decode(encoding.encoding) return mydiff command(cmd, extdiffopts[:], _('hg %s [OPTION]... [FILE]...') % cmd, inferrepo=True)(save(cmdline))