Mercurial > hg
view contrib/hg-ssh @ 23702:c48924787eaa
filectx.parents: enforce changeid of parent to be in own changectx ancestors
Because of the way filenodes are computed, you can have multiple changesets
"introducing" the same file revision. For example, in the changeset graph
below, changeset 2 and 3 both change a file -to- and -from- the same content.
o 3: content = new
|
| o 2: content = new
|/
o 1: content = old
In such cases, the file revision is create once, when 2 is added, and just reused
for 3. So the file change in '3' (from "old" to "new)" has no linkrev pointing
to it). We'll call this situation "linkrev-shadowing". As the linkrev is used for
optimization purposes when walking a file history, the linkrev-shadowing
results in an unexpected jump to another branch during such a walk.. This leads to
multiple bugs with log, annotate and rename detection.
One element to fix such bugs is to ensure that walking the file history sticks on
the same topology as the changeset's history. For this purpose, we extend the
logic in 'basefilectx.parents' so that it always defines the proper changeset
to associate the parent file revision with. This "proper" changeset has to be an
ancestor of the changeset associated with the child file revision.
This logic is performed in the '_adjustlinkrev' function. This function is
given the starting changeset and all the information regarding the parent file
revision. If the linkrev for the file revision is an ancestor of the starting
changeset, the linkrev is valid and will be used. If it is not, we detected a
topological jump caused by linkrev shadowing, we are going to walk the
ancestors of the starting changeset until we find one setting the file to the
revision we are trying to create.
The performance impact appears acceptable:
- We are walking the changelog once for each filelog traversal (as there should
be no overlap between searches),
- changelog traversal itself is fairly cheap, compared to what is likely going
to be perform on the result on the filelog traversal,
- We only touch the manifest for ancestors touching the file, And such
changesets are likely to be the one introducing the file. (except in
pathological cases involving merge),
- We use manifest diff instead of full manifest unpacking to check manifest
content, so it does not involve applying multiple diffs in most case.
- linkrev shadowing is not the common case.
Tests for fixed issues in log, annotate and rename detection have been
added.
But this changeset does not solve all problems. It fixes -ancestry-
computation, but if the linkrev-shadowed changesets is the starting one, we'll
still get things wrong. We'll have to fix the bootstrapping of such operations
in a later changeset. Also, the usage of `hg log FILE` without --follow still
has issues with linkrev pointing to hidden changesets, because it relies on the
`filelog` revset which implement its own traversal logic that is still to be
fixed.
Thanks goes to:
- Matt Mackall: for nudging me in the right direction
- Julien Cristau and RĂ©mi Cardona: for keep telling me linkrev bug were an
evolution show stopper for 3 years.
- Durham Goode: for finding a new linkrev issue every few weeks
- Mads Kiilerich: for that last rename bug who raise this topic over my
anoyance limit.
author | Pierre-Yves David <pierre-yves.david@fb.com> |
---|---|
date | Tue, 23 Dec 2014 15:30:38 -0800 |
parents | 1ba3e17186c8 |
children | 2b9cda9040f7 |
line wrap: on
line source
#!/usr/bin/env python # # Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de> # # Author(s): # Thomas Arendsen Hein <thomas@intevation.de> # # This software may be used and distributed according to the terms of the # GNU General Public License version 2 or any later version. """ hg-ssh - a wrapper for ssh access to a limited set of mercurial repos To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8): command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ... (probably together with these other useful options: no-port-forwarding,no-X11-forwarding,no-agent-forwarding) This allows pull/push over ssh from/to the repositories given as arguments. If all your repositories are subdirectories of a common directory, you can allow shorter paths with: command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2" You can use pattern matching of your normal shell, e.g.: command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}" You can also add a --read-only flag to allow read-only access to a key, e.g.: command="hg-ssh --read-only repos/*" """ # enable importing on demand to reduce startup time from mercurial import demandimport; demandimport.enable() from mercurial import dispatch import sys, os, shlex def main(): cwd = os.getcwd() readonly = False args = sys.argv[1:] while len(args): if args[0] == '--read-only': readonly = True args.pop(0) else: break allowed_paths = [os.path.normpath(os.path.join(cwd, os.path.expanduser(path))) for path in args] orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?') try: cmdargv = shlex.split(orig_cmd) except ValueError, e: sys.stderr.write('Illegal command "%s": %s\n' % (orig_cmd, e)) sys.exit(255) if cmdargv[:2] == ['hg', '-R'] and cmdargv[3:] == ['serve', '--stdio']: path = cmdargv[2] repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path))) if repo in allowed_paths: cmd = ['-R', repo, 'serve', '--stdio'] if readonly: cmd += [ '--config', 'hooks.prechangegroup.hg-ssh=python:__main__.rejectpush', '--config', 'hooks.prepushkey.hg-ssh=python:__main__.rejectpush' ] dispatch.dispatch(dispatch.request(cmd)) else: sys.stderr.write('Illegal repository "%s"\n' % repo) sys.exit(255) else: sys.stderr.write('Illegal command "%s"\n' % orig_cmd) sys.exit(255) def rejectpush(ui, **kwargs): ui.warn("Permission denied\n") # mercurial hooks use unix process conventions for hook return values # so a truthy return means failure return True if __name__ == '__main__': main()