Mon, 02 May 2016 12:09:00 +0900 revset: factor out public optimize() function from recursion
Yuya Nishihara <yuya@tcha.org> [Mon, 02 May 2016 12:09:00 +0900] rev 29119
revset: factor out public optimize() function from recursion New optimize() hides internal arguments and return values. This makes it easy to add more parameters and return values to _optimize().
Mon, 02 May 2016 12:47:09 +0900 revset: introduce temporary variables in optimize() where they look better
Yuya Nishihara <yuya@tcha.org> [Mon, 02 May 2016 12:47:09 +0900] rev 29118
revset: introduce temporary variables in optimize() where they look better
Mon, 02 May 2016 11:50:48 +0900 revset: construct arguments of only() against matched tree
Yuya Nishihara <yuya@tcha.org> [Mon, 02 May 2016 11:50:48 +0900] rev 29117
revset: construct arguments of only() against matched tree Since _isonly() knows the structure of 'revs' and 'bases', it should be slightly easier to understand than destructuring 'ta' and 'tb'.
Mon, 02 May 2016 11:27:26 +0900 revset: unnest isonly() closure from optimize()
Yuya Nishihara <yuya@tcha.org> [Mon, 02 May 2016 11:27:26 +0900] rev 29116
revset: unnest isonly() closure from optimize() There were no variables to be captured.
Thu, 05 May 2016 00:46:31 -0700 sslutil: stop checking for web.cacerts=! (BC)
Gregory Szorc <gregory.szorc@gmail.com> [Thu, 05 May 2016 00:46:31 -0700] rev 29115
sslutil: stop checking for web.cacerts=! (BC) The previous patch stopped setting web.cacerts=! to indicate --insecure. That left user configs as the only source that could introduce web.cacerts=!. The practical impact of this patch is we no longer honor web.cacerts=! in configs. Instead, we always treat web.cacerts as a path. The patch is therefore technically BC. However, since I don't believe web.cacerts=! is documented, it should be safe to remove. a939f08fae9c (which introduced --insecure) has no indication that web.cacerts=! is anything but an implementation detail, reinforcing my belief it can be removed without major debate.
Thu, 05 May 2016 00:40:01 -0700 dispatch: stop setting web.cacerts=! to indicate --insecure
Gregory Szorc <gregory.szorc@gmail.com> [Thu, 05 May 2016 00:40:01 -0700] rev 29114
dispatch: stop setting web.cacerts=! to indicate --insecure Consumers needing to know if --insecure was used have already transitioned to using ui.insecureconnections. The previous patch removed the last meaningful consumer looking for web.cacerts=!.
Thu, 05 May 2016 00:38:18 -0700 sslutil: use CA loaded state to drive validation logic
Gregory Szorc <gregory.szorc@gmail.com> [Thu, 05 May 2016 00:38:18 -0700] rev 29113
sslutil: use CA loaded state to drive validation logic Until now, sslkwargs may set web.cacerts=! to indicate that system certs could not be found. This is really obtuse because sslkwargs effectively sets state on a global object which bypasses wrapsocket() and is later consulted by validator.__call__. This is madness. This patch introduces an attribute on the wrapped socket instance indicating whether system CAs were loaded. We can set this directly inside wrapsocket() because that function knows everything that sslkwargs() does - and more. With this attribute set on the socket, we refactor validator.__call__ to use it. Since we no longer have a need for setting web.cacerts=! in sslkwargs, we remove that. I think the new logic is much easier to understand and will enable behavior to be changed more easily.
Thu, 05 May 2016 00:37:28 -0700 sslutil: handle ui.insecureconnections in validator
Gregory Szorc <gregory.szorc@gmail.com> [Thu, 05 May 2016 00:37:28 -0700] rev 29112
sslutil: handle ui.insecureconnections in validator Right now, web.cacerts=! means one of two things: 1) Use of --insecure 2) No CAs could be found and were loaded (see sslkwargs) This isn't very obvious and makes changing behavior of these different scenarios independent of the other impossible. This patch changes the validator code to explicit handle the case of --insecure being used. As the inline comment indicates, there is room to possibly change messaging and logic here. For now, we are backwards compatible.
Thu, 05 May 2016 00:35:45 -0700 sslutil: check for ui.insecureconnections in sslkwargs
Gregory Szorc <gregory.szorc@gmail.com> [Thu, 05 May 2016 00:35:45 -0700] rev 29111
sslutil: check for ui.insecureconnections in sslkwargs The end result of this function is the same. We now have a more explicit return branch. We still keep the old code looking at web.cacerts=! a few lines below because we're still setting web.cacerts=! and need to react to the variable. This will be removed in an upcoming patch.
Thu, 05 May 2016 00:34:22 -0700 dispatch: set ui.insecureconnections when --insecure is used
Gregory Szorc <gregory.szorc@gmail.com> [Thu, 05 May 2016 00:34:22 -0700] rev 29110
dispatch: set ui.insecureconnections when --insecure is used
(0) -10000 -3000 -1000 -300 -100 -10 +10 +100 +300 +1000 +3000 +10000 tip