Mercurial > hg
view mercurial/help/internals/censor.txt @ 31956:c13ff31818b0
ui: add special-purpose atexit functionality
In spite of its longstanding use, Python's built-in atexit code is
not suitable for Mercurial's purposes, for several reasons:
* Handlers run after application code has finished.
* Because of this, the code that runs handlers swallows exceptions
(since there's no possible stacktrace to associate errors with).
If we're lucky, we'll get something spat out to stderr (if stderr
still works), which of course isn't any use in a big deployment
where it's important that exceptions get logged and aggregated.
* Mercurial's current atexit handlers make unfortunate assumptions
about process state (specifically stdio) that, coupled with the
above problems, make it impossible to deal with certain categories
of error (try "hg status > /dev/full" on a Linux box).
* In Python 3, the atexit implementation is completely hidden, so
we can't hijack the platform's atexit code to run handlers at a
time of our choosing.
As a result, here's a perfectly cromulent atexit-like implementation
over which we have control. This lets us decide exactly when the
handlers run (after each request has completed), and control what
the process state is when that occurs (and afterwards).
| author | Bryan O'Sullivan <bryano@fb.com> |
|---|---|
| date | Tue, 11 Apr 2017 14:54:12 -0700 |
| parents | 1b699a208cee |
| children |
line wrap: on
line source
The censor system allows retroactively removing content from files. Actually censoring a node requires using the censor extension, but the functionality for handling censored nodes is partially in core. Censored nodes in a filelog have the flag ``REVIDX_ISCENSORED`` set, and the contents of the censored node are replaced with a censor tombstone. For historical reasons, the tombstone is packed in the filelog metadata field ``censored``. This allows censored nodes to be (mostly) safely transmitted through old formats like changegroup versions 1 and 2. When using changegroup formats older than 3, the receiver is required to re-add the ``REVIDX_ISCENSORED`` flag when storing the revision. This depends on the ``censored`` metadata key never being used for anything other than censoring revisions, which is true as of January 2017. Note that the revlog flag is the authoritative marker of a censored node: the tombstone should only be consulted when looking for a reason a node was censored or when revlog flags are unavailable as mentioned above. The tombstone data is a free-form string. It's expected that users of censor will want to record the reason for censoring a node in the tombstone. Censored nodes must be able to fit in the size of the content being censored.