Martin von Zweigbergk <martinvonz@google.com> [Thu, 12 Mar 2015 18:18:29 -0700] rev 24298
lazymanifest: make __iter__ generate filenames, not 3-tuples
The _lazymanifest type(s) behave very much like a sorted dict with
filenames as keys and (nodeid, flags) as values. It therefore seems
surprising that its __iter__ generates 3-tuples of (path, nodeid,
flags). Let's make it match dict's behavior of generating the keys
instead, and add a new iterentries method for the 3-tuples. With this
change, the "x" in "if x in lm" and "for x in lm" now have the same
type (a filename string).
Martin von Zweigbergk <martinvonz@google.com> [Thu, 12 Mar 2015 18:53:44 -0700] rev 24297
lazymanifest: fix pure hg iterkeys()
I broke pure hg when I just added iterkeys() to the native version in
2b7ab29627fd. I forgot to make the pure version sorted. Fix it.
Yuya Nishihara <yuya@tcha.org> [Fri, 13 Mar 2015 21:18:59 +0900] rev 24296
hgweb: prevent loading style map from directories other than specified paths
A style name should not contain "/", "\", "." and "..". Otherwise, templates
could be loaded from outside of the specified templates directory by invalid
?style= parameter. hgweb should not allow such requests.
This change means subdir/name is also rejected.
Martin von Zweigbergk <martinvonz@google.com> [Wed, 11 Mar 2015 13:46:15 -0700] rev 24295
lazymanifest: add iterkeys() method
So we don't have to iteratate over (path, node, flags) tuples only to
throw away the node and flags.
Martin von Zweigbergk <martinvonz@google.com> [Wed, 11 Mar 2015 13:15:26 -0700] rev 24294
lazymanifest: extract function for iterating to next line
This will soon be reused by keys iterator.
Martin von Zweigbergk <martinvonz@google.com> [Wed, 11 Mar 2015 13:35:34 -0700] rev 24293
lazymanifest: fail if path or hash strings cannot be created
While generating (path, hash, flags), we fail if flags cannot be
created. We should also fail if path or hash cannot be created.
Martin von Zweigbergk <martinvonz@google.com> [Wed, 11 Mar 2015 08:28:56 -0700] rev 24292
manifest: rewrite find(node, f) in terms of read(node)
Since find() now always works with a full manifest, we can simplify by
calling read() to give us that manifest. That way, we also populate
the manifest cache. However, now that we no longer parse the manifest
text into a Python type (thanks, lazymanifest/Augie), the cost of
parsing (scanning for newlines, really) is small enough that it seems
generally drowned by revlog reading.
Yuya Nishihara <yuya@tcha.org> [Thu, 26 Feb 2015 22:54:13 +0900] rev 24291
ssl: load CA certificates from system's store by default on Python 2.7.9
This will make it easy to manage in-house CA certificates, which are often
used in corporate environment and installed into the Windows' certs store.
Unlike Apple python, the dummycert trick isn't necessary on Python 2.7.9.
The default web.cacerts will be set as follows:
environment web.cacerts behavior
------------- ----------- -----------------------------------------
Apple Python dummycert fall back to system's store
Python 2.7.8 '!' never use CA certs (show warning instead)
Python 2.7.9+ None load CA certs from system's store
Yuya Nishihara <yuya@tcha.org> [Wed, 04 Mar 2015 23:27:04 +0900] rev 24290
ssl: set explicit symbol "!" to web.cacerts to disable SSL verification (BC)
The next patch will enable verification by using the system's CA store if
possible, which means we would have to distinguish None (=use default) from
'' (=--insecure). This smells bug-prone and provides no way to override
web.cacerts to forcibly use the system's store by --config argument.
This patch changes the meaning of web.cacerts as follows:
value behavior
------- ---------------------------------------
None/'' use default
'!' never use CA certs (set by --insecure)
<path> verify by the specified CA certificates
Values other than <path> are for internal use and therefore undocumented.
Yuya Nishihara <yuya@tcha.org> [Wed, 04 Mar 2015 22:41:48 +0900] rev 24289
test-https: enable dummycert test only if Apple python is used (
issue4500)
The dummycert trick works only if Python is linked to Apple's patched OpenSSL.