##// END OF EJS Templates
sslutil: issue warning when [hostfingerprint] is used...
sslutil: issue warning when [hostfingerprint] is used Mercurial 3.9 added the [hostsecurity] section, which is better than [hostfingerprints] in every way. One of the ways that [hostsecurity] is better is that it supports SHA-256 and SHA-512 fingerprints, not just SHA-1 fingerprints. The world is moving away from SHA-1 because it is borderline secure. Mercurial should be part of that movement. This patch adds a warning when a valid SHA-1 fingerprint from the [hostfingerprints] section is being used. The warning informs users to switch to [hostsecurity]. It even prints the config option they should set. It uses the SHA-256 fingerprint because recommending a SHA-1 fingerprint in 2017 would be ill-advised. The warning will print itself on every connection to a server until it is fixed. There is no way to suppress the warning. I admit this is annoying. But given the security implications of sticking with SHA-1, I think this is justified. If this patch is accepted, I'll likely send a follow-up to start warning on SHA-1 certificates in [hostsecurity] as well. Then sometime down the road, we can drop support for SHA-1 fingerprints. Credit for this idea comes from timeless in issue 5466.

File last commit:

r29841:d5883fd0 default
r31290:f819aa9d default
Show More
children.py
69 lines | 2.1 KiB | text/x-python | PythonLexer
Thomas Arendsen Hein
Add extension to provide the 'hg children' command (with tests)
r4783 # Mercurial extension to provide the 'hg children' command
#
# Copyright 2007 by Intevation GmbH <intevation@intevation.de>
Martin Geisler
add blank line after copyright notices and after header
r8228 #
Thomas Arendsen Hein
Add extension to provide the 'hg children' command (with tests)
r4783 # Author(s):
# Thomas Arendsen Hein <thomas@intevation.de>
#
Martin Geisler
updated license to be explicit about GPL version 2
r8225 # This software may be used and distributed according to the terms of the
Matt Mackall
Update license to GPLv2+
r10263 # GNU General Public License version 2 or any later version.
Thomas Arendsen Hein
Add extension to provide the 'hg children' command (with tests)
r4783
Augie Fackler
children: mark extension as deprecated
r16668 '''command to display child changesets (DEPRECATED)
Martin Geisler
children: use hg reST role for example
r16670 This extension is deprecated. You should use :hg:`log -r
"children(REV)"` instead.
Augie Fackler
children: mark extension as deprecated
r16668 '''
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Gregory Szorc
children: use absolute_import
r28093 from __future__ import absolute_import
Thomas Arendsen Hein
Add extension to provide the 'hg children' command (with tests)
r4783 from mercurial.i18n import _
Gregory Szorc
children: use absolute_import
r28093 from mercurial import (
cmdutil,
commands,
)
templateopts = commands.templateopts
Thomas Arendsen Hein
Add extension to provide the 'hg children' command (with tests)
r4783
Gregory Szorc
children: declare command using decorator
r21248 cmdtable = {}
command = cmdutil.command(cmdtable)
Augie Fackler
extensions: change magic "shipped with hg" string...
r29841 # Note for extension authors: ONLY specify testedwith = 'ships-with-hg-core' for
Augie Fackler
extensions: document that `testedwith = 'internal'` is special...
r25186 # extensions which SHIP WITH MERCURIAL. Non-mainline extensions should
# be specifying the version(s) of Mercurial they are tested with, or
# leave the attribute unspecified.
Augie Fackler
extensions: change magic "shipped with hg" string...
r29841 testedwith = 'ships-with-hg-core'
Thomas Arendsen Hein
Add extension to provide the 'hg children' command (with tests)
r4783
Gregory Szorc
children: declare command using decorator
r21248 @command('children',
[('r', 'rev', '',
_('show children of the specified revision'), _('REV')),
] + templateopts,
Gregory Szorc
children: define inferrepo in command decorator
r21780 _('hg children [-r REV] [FILE]'),
inferrepo=True)
Thomas Arendsen Hein
Add extension to provide the 'hg children' command (with tests)
r4783 def children(ui, repo, file_=None, **opts):
Martin Geisler
expand "dir" to "directory" in help texts
r8026 """show the children of the given or working directory revision
Thomas Arendsen Hein
Add extension to provide the 'hg children' command (with tests)
r4783
Martin Geisler
children: wrap docstrings at 70 characters
r9253 Print the children of the working directory's revisions. If a
revision is given via -r/--rev, the children of that revision will
be printed. If a file argument is given, revision in which the
file was last changed (after the working directory revision or the
argument to --rev if given) is printed.
timeless
children: update help with replacement
r27716
Please use :hg:`log` instead::
timeless
children: use double quotes for arguments...
r28799 hg children => hg log -r "children()"
hg children -r REV => hg log -r "children(REV)"
timeless
children: update help with replacement
r27716
See :hg:`help log` and :hg:`help revsets.children`.
Thomas Arendsen Hein
Add extension to provide the 'hg children' command (with tests)
r4783 """
rev = opts.get('rev')
if file_:
Yuya Nishihara
children: don't pass filectx to displayer...
r24482 fctx = repo.filectx(file_, changeid=rev)
childctxs = [fcctx.changectx() for fcctx in fctx.children()]
Thomas Arendsen Hein
Add extension to provide the 'hg children' command (with tests)
r4783 else:
Matt Mackall
use repo[changeid] to get a changectx
r6747 ctx = repo[rev]
Yuya Nishihara
children: don't pass filectx to displayer...
r24482 childctxs = ctx.children()
Thomas Arendsen Hein
Add extension to provide the 'hg children' command (with tests)
r4783
displayer = cmdutil.show_changeset(ui, repo, opts)
Yuya Nishihara
children: don't pass filectx to displayer...
r24482 for cctx in childctxs:
Dirkjan Ochtman
cmdutil: use change contexts for cset-printer and cset-templater
r7369 displayer.show(cctx)
Robert Bachmann
Added support for templatevar "footer" to cmdutil.py
r10152 displayer.close()