Mercurial > hg
view tests/test-hgweb-bundle.t @ 34987:846942fd6d15 stable
subrepo: disable git and svn subrepos by default (BC) (SEC)
We have a security issue with git subrepos. I'm not sure if svn subrepo is
vulnerable, but it seems not 100% safe to allow writing arbitrary data into
a metadata directory. So for now, only hg subrepo is enabled by default.
Maybe we should improve the help to describe why git/svn subrepos are
disabled.
author | Yuya Nishihara <yuya@tcha.org> |
---|---|
date | Sun, 05 Nov 2017 21:51:42 +0900 |
parents | 4d2b9b304ad0 |
children | 4441705b7111 |
line wrap: on
line source
#require serve $ hg init server $ cd server $ cat >> .hg/hgrc << EOF > [extensions] > strip= > EOF $ echo 1 > foo $ hg commit -A -m 'first' adding foo $ echo 2 > bar $ hg commit -A -m 'second' adding bar Produce a bundle to use $ hg strip -r 1 0 files updated, 0 files merged, 1 files removed, 0 files unresolved saved backup bundle to $TESTTMP/server/.hg/strip-backup/ed602e697e0f-cc9fff6a-backup.hg (glob) Serve from a bundle file $ hg serve -R .hg/strip-backup/ed602e697e0f-cc9fff6a-backup.hg -d -p $HGPORT --pid-file=hg.pid $ cat hg.pid >> $DAEMON_PIDS Ensure we're serving from the bundle $ (get-with-headers.py localhost:$HGPORT 'file/tip/?style=raw') 200 Script output follows -rw-r--r-- 2 bar -rw-r--r-- 2 foo