Thu, 07 May 2015 17:15:24 +0900 ssl: prompt passphrase of client key file via ui.getpass() (issue4648)
Yuya Nishihara <yuya@tcha.org> [Thu, 07 May 2015 17:15:24 +0900] rev 25415
ssl: prompt passphrase of client key file via ui.getpass() (issue4648) This is necessary to communicate with third-party tools through command-server channel. This requires SSLContext backported to Python 2.7.9+. It doesn't look nice to pass ui by sslkwargs, but I think it is the only way to do without touching various client codes including httpclient (aka http2). ui is mandatory if certfile is specified, so it has no default value. BTW, test-check-commit-hg.t complains that ssl_wrap_socket() has foo_bar naming. Should I bulk-replace it to sslwrapsocket() ?
Thu, 07 May 2015 17:02:20 +0900 https: do not inherit httplib.HTTPSConnection that creates unused SSLContext
Yuya Nishihara <yuya@tcha.org> [Thu, 07 May 2015 17:02:20 +0900] rev 25414
https: do not inherit httplib.HTTPSConnection that creates unused SSLContext HTTPSConnection of Python 2.7.9 creates SSLContext in __init__, which involves a password prompt for decrypting the private key. This means the password was asked twice, one for unused SSLContext, and next for our ssl function. Because our httpsconnection replaces connect() method at all, we can simply drop httplib.HTTPSConnection. Instead, class and instance attributes are copied from it. HTTPSConnection of Python 2.7.8 and 2.6.9 seem to have no such problem. https://hg.python.org/cpython/file/v2.7.9/Lib/httplib.py#l1183
Thu, 07 May 2015 17:38:22 +0900 test-https: test basic functions of client certificate authentication
Yuya Nishihara <yuya@tcha.org> [Thu, 07 May 2015 17:38:22 +0900] rev 25413
test-https: test basic functions of client certificate authentication Because hgweb doesn't support client certificates, I just patched it to require client certificates that are signed and verified by the server certificate. This won't be ideal for production servers, but should be okay for the test. The encrypted key file will be used by future patches. I couldn't figure out a way to redirect a password prompt provided by OpenSSL, so it isn't tested for now.
Mon, 01 Jun 2015 14:16:52 -0400 phases: add `hg help phases` hint to failures to edit public commits
Jordi Gutiérrez Hermoso <jordigh@octave.org> [Mon, 01 Jun 2015 14:16:52 -0400] rev 25412
phases: add `hg help phases` hint to failures to edit public commits There were a couple of locations that were missing this hint after an edition of some kind failed due to the public phase.
Mon, 01 Jun 2015 18:05:38 +0000 phases: rewrite "immutable changeset" to "public changeset"
Jordi Gutiérrez Hermoso <jordigh@octave.org> [Mon, 01 Jun 2015 18:05:38 +0000] rev 25411
phases: rewrite "immutable changeset" to "public changeset" The phrase "cannot edit immutable changeset" is kind of tautological. Of course unchangeable things can't be changed. We instead mention "public" and provide a hint so that we can point to the actual problem. Even in cases where some operation other than edition cannot be performed, "public" gives the root cause that results in the "immutable" effect. There is a precedent for saying "public" instead of "immutable", for example, in `hg commit --amend`.
Tue, 02 Jun 2015 15:04:39 -0400 revlog: raise an exception earlier if an entry is too large (issue4675)
Jordi Gutiérrez Hermoso <jordigh@octave.org> [Tue, 02 Jun 2015 15:04:39 -0400] rev 25410
revlog: raise an exception earlier if an entry is too large (issue4675) Before we were relying on _pack to error out when trying to pass an integer that was too large for the "i" format specifier. Now we check this earlier so we can form a better error message. The error message unfortunately must exclude the filename at this level of the call stack. The problem is that this name is not available here, and the error can be triggered by a large manifest or by a large file itself. Although perhaps we could provide the name of a revlog index file (from the revlog object, instead of the revlogio object), this seems like too much leakage of internal data structures. It's not ideal already that an error message even mentions revlogs, but this does seem unavoidable here.
Wed, 03 Jun 2015 14:31:19 -0500 wix: move library.zip and all *.pyd into a lib/ folder
Steve Borho <steve@borho.org> [Wed, 03 Jun 2015 14:31:19 -0500] rev 25409
wix: move library.zip and all *.pyd into a lib/ folder This makes the root install folder (on Windows) nice and tidy. The only files left in the root folder are: hg.exe python27.dll COPYING.rtf ReadMe.html the last of which was probably out-of-date 7 years ago
Wed, 20 May 2015 11:31:38 -0500 sshpeer: run the ssh command unbuffered
Pierre-Yves David <pierre-yves.david@fb.com> [Wed, 20 May 2015 11:31:38 -0500] rev 25408
sshpeer: run the ssh command unbuffered This is necessary to use non-blocking IO base on polling. Such polling is needed to restore real time output with ssh peer. Changeset fce065538bcf is talking about 5x regression on Mac OS X when playing with this value. So we introduced our own buffering layer in previous changesets. This seems to keep the regression away (we are even issuing much less read).
Sun, 31 May 2015 00:00:36 -0700 sshpeer: use a 'bufferedinputpipe' for standard output of the ssh process
Pierre-Yves David <pierre-yves.david@fb.com> [Sun, 31 May 2015 00:00:36 -0700] rev 25407
sshpeer: use a 'bufferedinputpipe' for standard output of the ssh process We need this pipe to still be buffered when will switch to unbuffered pipe. (switch motivated by the need of using polling to restore real time output from ssh server). This is the only pipe that needs to be wrapped because this is the one who do extensive usage of 'readline'. The stderr pipe of the process is alway read in non blocking raw chunk, so it won't benefit from the buffering.
Sat, 30 May 2015 23:55:24 -0700 util: introduce a bufferedinputpipe utility
Pierre-Yves David <pierre-yves.david@fb.com> [Sat, 30 May 2015 23:55:24 -0700] rev 25406
util: introduce a bufferedinputpipe utility To restore real time server output through ssh, we need to using polling feature (like select) on the pipes used to communicate with the ssh client. However we cannot use select alongside python level buffering of these pipe (because we need to know if the buffer is non-empty before calling select). However, unbuffered performance are terrible, presumably because the 'readline' call is issuing 'read(1)' call until it find a '\n'. To work around that we introduces our own overlay that do buffering by hand, exposing the state of the buffer to the outside world. The usage of polling IO will be introduced later in the 'sshpeer' module. All its logic will be very specific to the way mercurial communicate over ssh and does not belong to the generic 'util' module.
(0) -10000 -3000 -1000 -300 -100 -10 +10 +100 +300 +1000 +3000 +10000 tip