changeset 27246:b288fb2724bf

wireproto: config options to disable bundle1 bundle2 is the new and preferred wire protocol format. For various reasons, server operators may wish to force clients to use it. One reason is performance. If a repository is stored in generaldelta, the server must recompute deltas in order to produce the bundle1 changegroup. This can be extremely expensive. For mozilla-central, bundle generation typically takes a few minutes. However, generating a non-gd bundle from a generaldelta encoded mozilla-central requires over 30 minutes of CPU! If a large repository like mozilla-central were encoded in generaldelta and non-gd clients connected, they could easily flood a server by cloning. This patch gives server operators config knobs to control whether bundle1 is allowed for push and pull operations. The default is to support legacy bundle1 clients, making this patch backwards compatible.
author Gregory Szorc <gregory.szorc@gmail.com>
date Fri, 04 Dec 2015 15:12:11 -0800
parents 709977a4fc9d
children be7ef03d7fb6
files mercurial/help/config.txt mercurial/wireproto.py tests/test-bundle2-exchange.t
diffstat 3 files changed, 121 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/help/config.txt	Fri Dec 04 13:31:01 2015 -0800
+++ b/mercurial/help/config.txt	Fri Dec 04 15:12:11 2015 -0800
@@ -1319,6 +1319,23 @@
     Instruct HTTP clients not to send request headers longer than this
     many bytes. (default: 1024)
 
+``bundle1``
+    Whether to allow clients to push and pull using the legacy bundle1
+    exchange format. (default: True)
+
+``bundle1.push``
+    Whether to allow clients to push using the legacy bundle1 exchange
+    format. (default: True)
+
+``bundle1.pull``
+    Whether to allow clients to pull using the legacy bundle1 exchange
+    format. (default: True)
+
+    Large repositories using the *generaldelta* storage format should
+    consider setting this option because converting *generaldelta*
+    repositories to the exchange format required by the bundle1 data
+    format can consume a lot of CPU.
+
 ``smtp``
 --------
 
--- a/mercurial/wireproto.py	Fri Dec 04 13:31:01 2015 -0800
+++ b/mercurial/wireproto.py	Fri Dec 04 15:12:11 2015 -0800
@@ -30,6 +30,10 @@
     util,
 )
 
+bundle2required = _(
+    'incompatible Mercurial client; bundle2 required\n'
+    '(see https://www.mercurial-scm.org/wiki/IncompatibleClient)\n')
+
 class abstractserverproto(object):
     """abstract class that summarizes the protocol API
 
@@ -487,6 +491,14 @@
                          % (cmd, ",".join(others)))
     return opts
 
+def bundle1allowed(ui, action):
+    """Whether a bundle1 operation is allowed from the server."""
+    v = ui.configbool('server', 'bundle1.%s' % action, None)
+    if v is not None:
+        return v
+
+    return ui.configbool('server', 'bundle1', True)
+
 # list of commands
 commands = {}
 
@@ -652,6 +664,11 @@
         elif keytype != 'plain':
             raise KeyError('unknown getbundle option type %s'
                            % keytype)
+
+    if not bundle1allowed(repo.ui, 'pull'):
+        if not exchange.bundle2requested(opts.get('bundlecaps')):
+            return ooberror(bundle2required)
+
     cg = exchange.getbundle(repo, 'serve', **opts)
     return streamres(proto.groupchunks(cg))
 
@@ -763,6 +780,10 @@
             proto.getfile(fp)
             fp.seek(0)
             gen = exchange.readbundle(repo.ui, fp, None)
+            if (isinstance(gen, changegroupmod.cg1unpacker)
+                and not bundle1allowed(repo.ui, 'push')):
+                return ooberror(bundle2required)
+
             r = exchange.unbundle(repo, gen, their_heads, 'serve',
                                   proto._client())
             if util.safehasattr(r, 'addpart'):
--- a/tests/test-bundle2-exchange.t	Fri Dec 04 13:31:01 2015 -0800
+++ b/tests/test-bundle2-exchange.t	Fri Dec 04 15:12:11 2015 -0800
@@ -951,3 +951,86 @@
   remote: adding manifests
   remote: adding file changes
   remote: added 1 changesets with 1 changes to 1 files
+
+  $ cd ..
+
+Servers can disable bundle1 for clone/pull operations
+
+  $ killdaemons.py
+  $ hg init bundle2onlyserver
+  $ cd bundle2onlyserver
+  $ cat > .hg/hgrc << EOF
+  > [server]
+  > bundle1.pull = false
+  > EOF
+
+  $ touch foo
+  $ hg -q commit -A -m initial
+
+  $ hg serve -p $HGPORT -d --pid-file=hg.pid
+  $ cat hg.pid >> $DAEMON_PIDS
+
+  $ hg --config experimental.bundle2-exp=false clone http://localhost:$HGPORT/ not-bundle2
+  requesting all changes
+  abort: remote error:
+  incompatible Mercurial client; bundle2 required
+  (see https://www.mercurial-scm.org/wiki/IncompatibleClient)
+  [255]
+  $ killdaemons.py
+
+Verify the global server.bundle1 option works
+
+  $ cat > .hg/hgrc << EOF
+  > [server]
+  > bundle1 = false
+  > EOF
+  $ hg serve -p $HGPORT -d --pid-file=hg.pid
+  $ cat hg.pid >> $DAEMON_PIDS
+  $ hg --config experimental.bundle2-exp=false clone http://localhost:$HGPORT not-bundle2
+  requesting all changes
+  abort: remote error:
+  incompatible Mercurial client; bundle2 required
+  (see https://www.mercurial-scm.org/wiki/IncompatibleClient)
+  [255]
+  $ killdaemons.py
+
+Verify bundle1 pushes can be disabled
+
+  $ cat > .hg/hgrc << EOF
+  > [server]
+  > bundle1.push = false
+  > [web]
+  > allow_push = *
+  > push_ssl = false
+  > EOF
+
+  $ hg serve -p $HGPORT -d --pid-file=hg.pid -E error.log
+  $ cat hg.pid >> $DAEMON_PIDS
+  $ cd ..
+
+  $ hg clone http://localhost:$HGPORT bundle2-only
+  requesting all changes
+  adding changesets
+  adding manifests
+  adding file changes
+  added 1 changesets with 1 changes to 1 files
+  updating to branch default
+  1 files updated, 0 files merged, 0 files removed, 0 files unresolved
+  $ cd bundle2-only
+  $ echo commit > foo
+  $ hg commit -m commit
+  $ hg --config experimental.bundle2-exp=false push
+  pushing to http://localhost:$HGPORT/
+  searching for changes
+  abort: remote error:
+  incompatible Mercurial client; bundle2 required
+  (see https://www.mercurial-scm.org/wiki/IncompatibleClient)
+  [255]
+
+  $ hg push
+  pushing to http://localhost:$HGPORT/
+  searching for changes
+  remote: adding changesets
+  remote: adding manifests
+  remote: adding file changes
+  remote: added 1 changesets with 1 changes to 1 files