##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r28614:b927fe8b default
r32050:77eaf953 4.1.3 stable
Show More
mercurial.spec
162 lines | 4.6 KiB | text/x-rpm-spec | RPMSpecLexer
Mads Kiilerich
buildrpm: collect code for building local hg and using it in one place
r21639 %global emacs_lispdir %{_datadir}/emacs/site-lisp
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436
%define withpython %{nil}
%if "%{?withpython}"
%global pythonver %{withpython}
%global pythonname Python-%{withpython}
Mads Kiilerich
contrib: update build defaults to latest Python and docutils versions...
r23140 %global docutilsname docutils-0.12
Mads Kiilerich
contrib: buildrpm checking of md5 checksums of downloaded Python and Docutils
r23141 %global docutilsmd5 4622263b62c5c771c03502afa3157768
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436 %global pythonhg python-hg
Mads Kiilerich
rpms: for packages with their own python, put it in /opt/python-hg...
r24729 %global hgpyprefix /opt/%{pythonhg}
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436 # byte compilation will fail on some some Python /test/ files
%global _python_bytecompile_errors_terminate_build 0
%else
Mads Kiilerich
buildrpm: collect code for building local hg and using it in one place
r21639 %global pythonver %(python -c 'import sys;print ".".join(map(str, sys.version_info[:2]))')
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436 %endif
Mads Kiilerich
mercurial.spec: specify file modes for install
r12056 Summary: A fast, lightweight Source Control Management system
mpm@selenic.com
Add an RPM spec file...
r459 Name: mercurial
Matt Mackall
Remove hard-coded version numbers and release notes from packaging
r3863 Version: snapshot
Thomas Arendsen Hein
New version/release in mercurial.spec, patchbomb is now in hgext.
r1891 Release: 0
Matt Mackall
Update license to GPLv2+
r10263 License: GPLv2+
mpm@selenic.com
Add an RPM spec file...
r459 Group: Development/Tools
Matt Mackall
urls: bulk-change primary website URLs
r26421 URL: https://mercurial-scm.org/
Mads Kiilerich
buildrpm: include release version in .tar.gz name...
r21641 Source0: %{name}-%{version}-%{release}.tar.gz
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436 %if "%{?withpython}"
Source1: %{pythonname}.tgz
Source2: %{docutilsname}.tar.gz
%endif
Mads Kiilerich
Fix rpmlint warnings...
r7424 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
mpm@selenic.com
Add an RPM spec file...
r459
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436 BuildRequires: make, gcc, gettext
%if "%{?withpython}"
BuildRequires: readline-devel, openssl-devel, ncurses-devel, zlib-devel, bzip2-devel
%else
Pierre-Yves David
rpm.spec: bump python dependency to 2.6...
r25008 BuildRequires: python >= 2.6, python-devel, python-docutils >= 0.5
Requires: python >= 2.6
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436 %endif
Mads Kiilerich
mercurial.spec: Alignment with AIX spec by Jim Hague...
r10255 # The hgk extension uses the wish tcl interpreter, but we don't enforce it
#Requires: tk
julian@lava.net
mercurial.spec: add BuildRequires...
r4751
mpm@selenic.com
Add an RPM spec file...
r459 %description
Mercurial is a fast, lightweight source control management system designed
for efficient handling of very large distributed projects.
%prep
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436
%if "%{?withpython}"
%setup -q -n mercurial-%{version}-%{release} -a1 -a2
# despite the comments in cgi.py, we do this to prevent rpmdeps from picking /usr/local/bin/python up
sed -i '1c#! /usr/bin/env python' %{pythonname}/Lib/cgi.py
%else
Mads Kiilerich
buildrpm: include release version in .tar.gz name...
r21641 %setup -q -n mercurial-%{version}-%{release}
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436 %endif
mpm@selenic.com
Add an RPM spec file...
r459
%build
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436
%if "%{?withpython}"
PYPATH=$PWD/%{pythonname}
cd $PYPATH
./configure --prefix=%{hgpyprefix}
make all %{?_smp_mflags}
cd -
cd %{docutilsname}
LD_LIBRARY_PATH=$PYPATH $PYPATH/python setup.py build
cd -
# verify Python environment
LD_LIBRARY_PATH=$PYPATH PYTHONPATH=$PWD/%{docutilsname} $PYPATH/python -c 'import sys, zlib, bz2, ssl, curses, readline'
# set environment for make
export PATH=$PYPATH:$PATH
export LD_LIBRARY_PATH=$PYPATH
export CFLAGS="-L $PYPATH"
export PYTHONPATH=$PWD/%{docutilsname}
%endif
Adam Spiers
mercurial.spec: include CONTRIBUTORS, COPYING and man pages in rpm
r4753 make all
mpm@selenic.com
Add an RPM spec file...
r459
%install
Mads Kiilerich
Fix rpmlint warnings...
r7424 rm -rf $RPM_BUILD_ROOT
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436
%if "%{?withpython}"
PYPATH=$PWD/%{pythonname}
cd $PYPATH
make install DESTDIR=$RPM_BUILD_ROOT
# these .a are not necessary and they are readonly and strip fails - kill them!
rm -f %{buildroot}%{hgpyprefix}/lib/{,python2.*/config}/libpython2.*.a
cd -
cd %{docutilsname}
LD_LIBRARY_PATH=$PYPATH $PYPATH/python setup.py install --root="$RPM_BUILD_ROOT"
cd -
PATH=$PYPATH:$PATH LD_LIBRARY_PATH=$PYPATH make install DESTDIR=$RPM_BUILD_ROOT PREFIX=%{hgpyprefix} MANDIR=%{_mandir}
mkdir -p $RPM_BUILD_ROOT%{_bindir}
( cd $RPM_BUILD_ROOT%{_bindir}/ && ln -s ../..%{hgpyprefix}/bin/hg . )
( cd $RPM_BUILD_ROOT%{_bindir}/ && ln -s ../..%{hgpyprefix}/bin/python2.? %{pythonhg} )
%else
Mads Kiilerich
contrib/mercurial.spec: Use DESTDIR variable and 'make install'
r11062 make install DESTDIR=$RPM_BUILD_ROOT PREFIX=%{_prefix} MANDIR=%{_mandir}
Adam Spiers
mercurial.spec: include CONTRIBUTORS, COPYING and man pages in rpm
r4753
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436 %endif
Mads Kiilerich
buildrpm: various minor cleanup
r21638 install -m 755 contrib/hgk $RPM_BUILD_ROOT%{_bindir}/
install -m 755 contrib/hg-ssh $RPM_BUILD_ROOT%{_bindir}/
Adam Spiers
mercurial.spec: include various utility files from contrib/ in rpm...
r4752
bash_completion_dir=$RPM_BUILD_ROOT%{_sysconfdir}/bash_completion.d
mkdir -p $bash_completion_dir
Mads Kiilerich
Make RPM spec in contrib more aligned with the one from Fedora...
r8942 install -m 644 contrib/bash_completion $bash_completion_dir/mercurial.sh
Adam Spiers
mercurial.spec: include various utility files from contrib/ in rpm...
r4752
zsh_completion_dir=$RPM_BUILD_ROOT%{_datadir}/zsh/site-functions
mkdir -p $zsh_completion_dir
Mads Kiilerich
Make RPM spec in contrib more aligned with the one from Fedora...
r8942 install -m 644 contrib/zsh_completion $zsh_completion_dir/_mercurial
Adam Spiers
mercurial.spec: include various utility files from contrib/ in rpm...
r4752
Mads Kiilerich
Make RPM spec in contrib more aligned with the one from Fedora...
r8942 mkdir -p $RPM_BUILD_ROOT%{emacs_lispdir}
Mads Kiilerich
buildrpm: various minor cleanup
r21638 install -m 644 contrib/mercurial.el $RPM_BUILD_ROOT%{emacs_lispdir}/
install -m 644 contrib/mq.el $RPM_BUILD_ROOT%{emacs_lispdir}/
Mads Kiilerich
Make RPM spec in contrib more aligned with the one from Fedora...
r8942
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/mercurial/hgrc.d
mpm@selenic.com
Add an RPM spec file...
r459
mpm@selenic.com
[PATCH] clean up RPM spec file...
r563 %clean
rm -rf $RPM_BUILD_ROOT
mpm@selenic.com
Add an RPM spec file...
r459
mpm@selenic.com
[PATCH] clean up RPM spec file...
r563 %files
%defattr(-,root,root,-)
Greg Lindahl
mercurial.spec: remove reference to doc/ja
r10664 %doc CONTRIBUTORS COPYING doc/README doc/hg*.txt doc/hg*.html *.cgi contrib/*.fcgi
Mads Kiilerich
mercurial.spec: Alignment with AIX spec by Jim Hague...
r10255 %doc %attr(644,root,root) %{_mandir}/man?/hg*
Siddharth Agarwal
fedora: remove sample.hgrc from shipped files...
r22385 %doc %attr(644,root,root) contrib/*.svg
Mads Kiilerich
mercurial.spec: specify file modes for install
r12056 %dir %{_datadir}/zsh/
%dir %{_datadir}/zsh/site-functions/
Adam Spiers
mercurial.spec: include various utility files from contrib/ in rpm...
r4752 %{_datadir}/zsh/site-functions/_mercurial
Mads Kiilerich
mercurial.spec: specify file modes for install
r12056 %dir %{_datadir}/emacs/site-lisp/
Adam Spiers
mercurial.spec: include various utility files from contrib/ in rpm...
r4752 %{_datadir}/emacs/site-lisp/mercurial.el
Mads Kiilerich
mercurial.spec: Alignment with AIX spec by Jim Hague...
r10255 %{_datadir}/emacs/site-lisp/mq.el
Adam Spiers
mercurial.spec: include various utility files from contrib/ in rpm...
r4752 %{_bindir}/hg
%{_bindir}/hgk
%{_bindir}/hg-ssh
Mads Kiilerich
Make RPM spec in contrib more aligned with the one from Fedora...
r8942 %dir %{_sysconfdir}/bash_completion.d/
Mads Kiilerich
mercurial.spec: specify file modes for install
r12056 %config(noreplace) %{_sysconfdir}/bash_completion.d/mercurial.sh
Mads Kiilerich
Make RPM spec in contrib more aligned with the one from Fedora...
r8942 %dir %{_sysconfdir}/mercurial
%dir %{_sysconfdir}/mercurial/hgrc.d
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436 %if "%{?withpython}"
%{_bindir}/%{pythonhg}
%{hgpyprefix}
%else
Mads Kiilerich
contrib/buildrpm: Support python 2.4 and 2.6
r8867 %if "%{?pythonver}" != "2.4"
%{_libdir}/python%{pythonver}/site-packages/%{name}-*-py%{pythonver}.egg-info
%endif
Mads Kiilerich
Make RPM spec in contrib more aligned with the one from Fedora...
r8942 %{_libdir}/python%{pythonver}/site-packages/%{name}
%{_libdir}/python%{pythonver}/site-packages/hgext
av6
rpms: add hgext3rd to mercurial.spec...
r28614 %{_libdir}/python%{pythonver}/site-packages/hgext3rd
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436 %endif