upstream/mercurial-mirror Files · contrib/hg-ssh

dummysmtpd: don't die on client connection errors...

dummysmtpd: don't die on client connection errors The connection refused error in test-patchbomb-tls.t[1] is sporadic, but one of the more often seen errors on Windows. I added enough logging to a file and dumped it out at the end to make the following observations: - The listening socket is successfully created and bound to the port, and the "listening at..." message is always logged. - Generally, the following is the entire log output, with the "accepted ..." message having been added after `sslutil.wrapserversocket`: listening at localhost:$HGPORT $LOCALIP ssl error accepted connect accepted connect $LOCALIP from=quux to=foo, bar $LOCALIP ssl error - In the cases that fail, asyncore.loop() in the run() method is exiting, but not with an exception. - In the cases that fail, the following is logged right after "listening ...": Traceback (most recent call last): File "c:\\Python27\\lib\\asyncore.py", line 83, in read obj.handle_read_event() File "c:\\Python27\\lib\\asyncore.py", line 443, in handle_read_event self.handle_accept() File "../tests/dummysmtpd.py", line 80, in handle_accept conn = sslutil.wrapserversocket(conn, ui, certfile=self._certfile) File "..\\mercurial\\sslutil.py", line 570, in wrapserversocket return sslcontext.wrap_socket(sock, server_side=True) File "c:\\Python27\\lib\\ssl.py", line 363, in wrap_socket _context=self) File "c:\\Python27\\lib\\ssl.py", line 611, in __init__ self.do_handshake() File "c:\\Python27\\lib\\ssl.py", line 840, in do_handshake self._sslobj.do_handshake() error: [Errno 10054] $ECONNRESET$ - If the base class handler is overridden completely, the the first "ssl error" line is replaced by the stacktrace, but the other lines are unchanged. The client behaves no differently, whether or not the server stacktraced. In general, `./run-tests.py --local -j9 -t9000 test-patchbomb-tls.t --runs-per-test 20` would show the issue after a run or two. With this change, `./run-tests.py --local -j9 -t9000 test-patchbomb-tls.t --loop` ran 800 times without a hiccup. This makes me wonder if the other connection refused messages that bubble up on occasion are caused by a similar issue. It seems a bit drastic to kill the whole server on account of a single communication failure with a client. # no-check-commit because of handle_error() [1] https://buildbot.mercurial-scm.org/builders/Win7%20x86_64%20hg%20tests/builds/421/steps/run-tests.py%20%28python%202.7.13%29/logs/stdio

Augie Fackler - - Load All Authors

File last commit:

r33892:42bc7f39 default


                r35794:75bae697

default

Download file

             hg-ssh
        
                    93 lines
            
             | 3.0 KiB
            
                | text/plain
            
             |
                TextLexer

/ contrib / hg-ssh

History | Source | Raw |Copy content |Copy permalink

Thomas Arendsen Hein Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...	r1537	#!/usr/bin/env python
		#
Thomas Arendsen Hein Adjust contrib/hg-ssh for moved dispatch() function.	r5191	# Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de>
Martin Geisler add blank line after copyright notices and after header	r8228	#
Thomas Arendsen Hein Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...	r1537	# Author(s):
		# Thomas Arendsen Hein <thomas@intevation.de>
		#
Martin Geisler updated license to be explicit about GPL version 2	r8225	# This software may be used and distributed according to the terms of the
Matt Mackall Update license to GPLv2+	r10263	# GNU General Public License version 2 or any later version.
Thomas Arendsen Hein Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...	r1537
		"""
		hg-ssh - a wrapper for ssh access to a limited set of mercurial repos

		To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8):
		command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ...
		(probably together with these other useful options:
		no-port-forwarding,no-X11-forwarding,no-agent-forwarding)

Andreas Freimuth hg-ssh: fix duplicate word in docstring	r13996	This allows pull/push over ssh from/to the repositories given as arguments.
Thomas Arendsen Hein Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...	r1537
		If all your repositories are subdirectories of a common directory, you can
		allow shorter paths with:
		command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2"
Thomas Arendsen Hein Added hint to hg-ssh that you can use shell pattern matching.	r1640
		You can use pattern matching of your normal shell, e.g.:
		command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}"
David Schleimer hg-ssh: read-only flag...	r16836
		You can also add a --read-only flag to allow read-only access to a key, e.g.:
		command="hg-ssh --read-only repos/*"
Thomas Arendsen Hein Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...	r1537	"""
Augie Fackler contrib: update hg-ssh to conform with import style checks	r33892	from __future__ import absolute_import

		import os
		import shlex
		import sys
Thomas Arendsen Hein Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...	r1537
Thomas Arendsen Hein Enable demandimport only in scripts, not in importable modules (issue605)...	r5197	# enable importing on demand to reduce startup time
Augie Fackler contrib: update hg-ssh to conform with import style checks	r33892	import hgdemandimport ; hgdemandimport.enable()
Thomas Arendsen Hein Enable demandimport only in scripts, not in importable modules (issue605)...	r5197
Augie Fackler contrib: update hg-ssh to conform with import style checks	r33892	from mercurial import (
		dispatch,
		ui as uimod,
		)
Thomas Arendsen Hein Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...	r1537
David Schleimer hg-ssh: refactor to have main() method...	r16779	def main():
		cwd = os.getcwd()
David Schleimer hg-ssh: read-only flag...	r16836	readonly = False
		args = sys.argv[1:]
		while len(args):
		if args[0] == '--read-only':
		readonly = True
		args.pop(0)
		else:
		break
David Schleimer hg-ssh: refactor to have main() method...	r16779	allowed_paths = [os.path.normpath(os.path.join(cwd,
		os.path.expanduser(path)))
David Schleimer hg-ssh: read-only flag...	r16836	for path in args]
David Schleimer hg-ssh: refactor to have main() method...	r16779	orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?')
		try:
		cmdargv = shlex.split(orig_cmd)
FUJIWARA Katsunori misc: use modern exception syntax...	r28047	except ValueError as e:
David Schleimer hg-ssh: refactor to have main() method...	r16779	sys.stderr.write('Illegal command "%s": %s\n' % (orig_cmd, e))
		sys.exit(255)
Thomas Arendsen Hein Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...	r1537
David Schleimer hg-ssh: refactor to have main() method...	r16779	if cmdargv[:2] == ['hg', '-R'] and cmdargv[3:] == ['serve', '--stdio']:
		path = cmdargv[2]
		repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
		if repo in allowed_paths:
David Schleimer hg-ssh: read-only flag...	r16836	cmd = ['-R', repo, 'serve', '--stdio']
Augie Fackler dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...	r32050	req = dispatch.request(cmd)
David Schleimer hg-ssh: read-only flag...	r16836	if readonly:
Augie Fackler dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...	r32050	if not req.ui:
		req.ui = uimod.ui.load()
		req.ui.setconfig('hooks', 'pretxnopen.hg-ssh',
		'python:__main__.rejectpush', 'hg-ssh')
		req.ui.setconfig('hooks', 'prepushkey.hg-ssh',
		'python:__main__.rejectpush', 'hg-ssh')
		dispatch.dispatch(req)
David Schleimer hg-ssh: refactor to have main() method...	r16779	else:
		sys.stderr.write('Illegal repository "%s"\n' % repo)
		sys.exit(255)
Thomas Arendsen Hein Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...	r1537	else:
David Schleimer hg-ssh: refactor to have main() method...	r16779	sys.stderr.write('Illegal command "%s"\n' % orig_cmd)
Mads Kiilerich hg-ssh: exit with 255 instead of -1 on error...	r16607	sys.exit(255)
Thomas Arendsen Hein Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...	r1537
David Schleimer hg-ssh: read-only flag...	r16836	def rejectpush(ui, **kwargs):
FUJIWARA Katsunori hg-ssh: parenthesize non-translated message...	r28045	ui.warn(("Permission denied\n"))
David Schleimer hg-ssh: read-only flag...	r16836	# mercurial hooks use unix process conventions for hook return values
		# so a truthy return means failure
		return True

David Schleimer hg-ssh: refactor to have main() method...	r16779	if __name__ == '__main__':
		main()

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages