context: add a repo accessor There are 29 instances of 'ctx._repo' in the code, so make the ability to access more official.

test-histedit-edit.t: demonstrate qnew fails during a histedit (issue4366) This was accidentally fixed by other work, but given that it's been broken in the past, I'd like to have a test defending us against regressions in this area, especially as we add more functionality to histedit.

lazymanifest: make __iter__ generate filenames, not 3-tuples The _lazymanifest type(s) behave very much like a sorted dict with filenames as keys and (nodeid, flags) as values. It therefore seems surprising that its __iter__ generates 3-tuples of (path, nodeid, flags). Let's make it match dict's behavior of generating the keys instead, and add a new iterentries method for the 3-tuples. With this change, the "x" in "if x in lm" and "for x in lm" now have the same type (a filename string).

lazymanifest: fix pure hg iterkeys() I broke pure hg when I just added iterkeys() to the native version in 2b7ab29627fd. I forgot to make the pure version sorted. Fix it.

hgweb: prevent loading style map from directories other than specified paths A style name should not contain "/", "\", "." and "..". Otherwise, templates could be loaded from outside of the specified templates directory by invalid ?style= parameter. hgweb should not allow such requests. This change means subdir/name is also rejected.

lazymanifest: add iterkeys() method So we don't have to iteratate over (path, node, flags) tuples only to throw away the node and flags.

lazymanifest: extract function for iterating to next line This will soon be reused by keys iterator.

lazymanifest: fail if path or hash strings cannot be created While generating (path, hash, flags), we fail if flags cannot be created. We should also fail if path or hash cannot be created.

manifest: rewrite find(node, f) in terms of read(node) Since find() now always works with a full manifest, we can simplify by calling read() to give us that manifest. That way, we also populate the manifest cache. However, now that we no longer parse the manifest text into a Python type (thanks, lazymanifest/Augie), the cost of parsing (scanning for newlines, really) is small enough that it seems generally drowned by revlog reading.

ssl: load CA certificates from system's store by default on Python 2.7.9 This will make it easy to manage in-house CA certificates, which are often used in corporate environment and installed into the Windows' certs store. Unlike Apple python, the dummycert trick isn't necessary on Python 2.7.9. The default web.cacerts will be set as follows: environment web.cacerts behavior ------------- ----------- ----------------------------------------- Apple Python dummycert fall back to system's store Python 2.7.8 '!' never use CA certs (show warning instead) Python 2.7.9+ None load CA certs from system's store

ssl: set explicit symbol "!" to web.cacerts to disable SSL verification (BC) The next patch will enable verification by using the system's CA store if possible, which means we would have to distinguish None (=use default) from '' (=--insecure). This smells bug-prone and provides no way to override web.cacerts to forcibly use the system's store by --config argument. This patch changes the meaning of web.cacerts as follows: value behavior ------- --------------------------------------- None/'' use default '!' never use CA certs (set by --insecure) <path> verify by the specified CA certificates Values other than <path> are for internal use and therefore undocumented.

test-https: enable dummycert test only if Apple python is used (issue4500) The dummycert trick works only if Python is linked to Apple's patched OpenSSL.