Show More
@@ -1,121 +1,124 b'' | |||||
1 | # Copyright (C) 2015 - Mike Edgar <adgar@google.com> |
|
1 | # Copyright (C) 2015 - Mike Edgar <adgar@google.com> | |
2 | # |
|
2 | # | |
3 | # This extension enables removal of file content at a given revision, |
|
3 | # This extension enables removal of file content at a given revision, | |
4 | # rewriting the data/metadata of successive revisions to preserve revision log |
|
4 | # rewriting the data/metadata of successive revisions to preserve revision log | |
5 | # integrity. |
|
5 | # integrity. | |
6 |
|
6 | |||
7 | """erase file content at a given revision |
|
7 | """erase file content at a given revision | |
8 |
|
8 | |||
9 | The censor command instructs Mercurial to erase all content of a file at a given |
|
9 | The censor command instructs Mercurial to erase all content of a file at a given | |
10 | revision *without updating the changeset hash.* This allows existing history to |
|
10 | revision *without updating the changeset hash.* This allows existing history to | |
11 | remain valid while preventing future clones/pulls from receiving the erased |
|
11 | remain valid while preventing future clones/pulls from receiving the erased | |
12 | data. |
|
12 | data. | |
13 |
|
13 | |||
14 | Typical uses for censor are due to security or legal requirements, including:: |
|
14 | Typical uses for censor are due to security or legal requirements, including:: | |
15 |
|
15 | |||
16 | * Passwords, private keys, cryptographic material |
|
16 | * Passwords, private keys, cryptographic material | |
17 | * Licensed data/code/libraries for which the license has expired |
|
17 | * Licensed data/code/libraries for which the license has expired | |
18 | * Personally Identifiable Information or other private data |
|
18 | * Personally Identifiable Information or other private data | |
19 |
|
19 | |||
20 | Censored nodes can interrupt mercurial's typical operation whenever the excised |
|
20 | Censored nodes can interrupt mercurial's typical operation whenever the excised | |
21 | data needs to be materialized. Some commands, like ``hg cat``/``hg revert``, |
|
21 | data needs to be materialized. Some commands, like ``hg cat``/``hg revert``, | |
22 | simply fail when asked to produce censored data. Others, like ``hg verify`` and |
|
22 | simply fail when asked to produce censored data. Others, like ``hg verify`` and | |
23 | ``hg update``, must be capable of tolerating censored data to continue to |
|
23 | ``hg update``, must be capable of tolerating censored data to continue to | |
24 | function in a meaningful way. Such commands only tolerate censored file |
|
24 | function in a meaningful way. Such commands only tolerate censored file | |
25 | As having a censored version in a checkout is impractical. The current head |
|
25 | As having a censored version in a checkout is impractical. The current head | |
26 | revisions of the repository are checked. If the revision to be censored is in |
|
26 | revisions of the repository are checked. If the revision to be censored is in | |
27 | any of them the command will abort. |
|
27 | any of them the command will abort. | |
28 |
|
28 | |||
29 | A few informative commands such as ``hg grep`` will unconditionally |
|
29 | A few informative commands such as ``hg grep`` will unconditionally | |
30 | ignore censored data and merely report that it was encountered. |
|
30 | ignore censored data and merely report that it was encountered. | |
31 | """ |
|
31 | """ | |
32 |
|
32 | |||
33 |
|
33 | |||
34 | from mercurial.i18n import _ |
|
34 | from mercurial.i18n import _ | |
35 | from mercurial.node import short |
|
35 | from mercurial.node import short | |
36 |
|
36 | |||
37 | from mercurial import ( |
|
37 | from mercurial import ( | |
38 | error, |
|
38 | error, | |
39 | logcmdutil, |
|
39 | logcmdutil, | |
40 | registrar, |
|
40 | registrar, | |
41 | scmutil, |
|
41 | scmutil, | |
42 | ) |
|
42 | ) | |
43 |
|
43 | |||
44 | cmdtable = {} |
|
44 | cmdtable = {} | |
45 | command = registrar.command(cmdtable) |
|
45 | command = registrar.command(cmdtable) | |
46 | # Note for extension authors: ONLY specify testedwith = 'ships-with-hg-core' for |
|
46 | # Note for extension authors: ONLY specify testedwith = 'ships-with-hg-core' for | |
47 | # extensions which SHIP WITH MERCURIAL. Non-mainline extensions should |
|
47 | # extensions which SHIP WITH MERCURIAL. Non-mainline extensions should | |
48 | # be specifying the version(s) of Mercurial they are tested with, or |
|
48 | # be specifying the version(s) of Mercurial they are tested with, or | |
49 | # leave the attribute unspecified. |
|
49 | # leave the attribute unspecified. | |
50 | testedwith = b'ships-with-hg-core' |
|
50 | testedwith = b'ships-with-hg-core' | |
51 |
|
51 | |||
52 |
|
52 | |||
53 | @command( |
|
53 | @command( | |
54 | b'censor', |
|
54 | b'censor', | |
55 | [ |
|
55 | [ | |
56 | ( |
|
56 | ( | |
57 | b'r', |
|
57 | b'r', | |
58 | b'rev', |
|
58 | b'rev', | |
59 | b'', |
|
59 | b'', | |
60 | _(b'censor file from specified revision'), |
|
60 | _(b'censor file from specified revision'), | |
61 | _(b'REV'), |
|
61 | _(b'REV'), | |
62 | ), |
|
62 | ), | |
63 | (b't', b'tombstone', b'', _(b'replacement tombstone data'), _(b'TEXT')), |
|
63 | (b't', b'tombstone', b'', _(b'replacement tombstone data'), _(b'TEXT')), | |
64 | ], |
|
64 | ], | |
65 | _(b'-r REV [-t TEXT] [FILE]'), |
|
65 | _(b'-r REV [-t TEXT] [FILE]'), | |
66 | helpcategory=command.CATEGORY_MAINTENANCE, |
|
66 | helpcategory=command.CATEGORY_MAINTENANCE, | |
67 | ) |
|
67 | ) | |
68 | def censor(ui, repo, path, rev=b'', tombstone=b'', **opts): |
|
68 | def censor(ui, repo, path, rev=b'', tombstone=b'', **opts): | |
69 | with repo.wlock(), repo.lock(): |
|
69 | with repo.wlock(), repo.lock(): | |
70 | return _docensor(ui, repo, path, rev, tombstone, **opts) |
|
70 | return _docensor(ui, repo, path, rev, tombstone, **opts) | |
71 |
|
71 | |||
72 |
|
72 | |||
73 | def _docensor(ui, repo, path, rev=b'', tombstone=b'', **opts): |
|
73 | def _docensor(ui, repo, path, rev=b'', tombstone=b'', **opts): | |
74 | if not path: |
|
74 | if not path: | |
75 | raise error.Abort(_(b'must specify file path to censor')) |
|
75 | raise error.Abort(_(b'must specify file path to censor')) | |
76 | if not rev: |
|
76 | if not rev: | |
77 | raise error.Abort(_(b'must specify revision to censor')) |
|
77 | raise error.Abort(_(b'must specify revision to censor')) | |
78 |
|
78 | |||
79 | wctx = repo[None] |
|
79 | wctx = repo[None] | |
80 |
|
80 | |||
81 | m = scmutil.match(wctx, (path,)) |
|
81 | m = scmutil.match(wctx, (path,)) | |
82 | if m.anypats() or len(m.files()) != 1: |
|
82 | if m.anypats() or len(m.files()) != 1: | |
83 | raise error.Abort(_(b'can only specify an explicit filename')) |
|
83 | raise error.Abort(_(b'can only specify an explicit filename')) | |
84 | path = m.files()[0] |
|
84 | path = m.files()[0] | |
85 | flog = repo.file(path) |
|
85 | flog = repo.file(path) | |
86 | if not len(flog): |
|
86 | if not len(flog): | |
87 | raise error.Abort(_(b'cannot censor file with no history')) |
|
87 | raise error.Abort(_(b'cannot censor file with no history')) | |
88 |
|
88 | |||
89 | rev = logcmdutil.revsingle(repo, rev, rev).rev() |
|
89 | rev = logcmdutil.revsingle(repo, rev, rev).rev() | |
90 | try: |
|
90 | try: | |
91 | ctx = repo[rev] |
|
91 | ctx = repo[rev] | |
92 | except KeyError: |
|
92 | except KeyError: | |
93 | raise error.Abort(_(b'invalid revision identifier %s') % rev) |
|
93 | raise error.Abort(_(b'invalid revision identifier %s') % rev) | |
94 |
|
94 | |||
95 | try: |
|
95 | try: | |
96 | fctx = ctx.filectx(path) |
|
96 | fctx = ctx.filectx(path) | |
97 | except error.LookupError: |
|
97 | except error.LookupError: | |
98 | raise error.Abort(_(b'file does not exist at revision %s') % rev) |
|
98 | raise error.Abort(_(b'file does not exist at revision %s') % rev) | |
99 |
|
99 | |||
100 | fnode = fctx.filenode() |
|
100 | fnode = fctx.filenode() | |
101 | heads = [] |
|
101 | heads = [] | |
102 |
|
|
102 | repo_heads = repo.heads() | |
|
103 | msg = b'checking for the censored content in %d heads\n' % len(repo_heads) | |||
|
104 | ui.status(msg) | |||
|
105 | for headnode in repo_heads: | |||
103 | hc = repo[headnode] |
|
106 | hc = repo[headnode] | |
104 | if path in hc and hc.filenode(path) == fnode: |
|
107 | if path in hc and hc.filenode(path) == fnode: | |
105 | heads.append(hc) |
|
108 | heads.append(hc) | |
106 | if heads: |
|
109 | if heads: | |
107 | headlist = b', '.join([short(c.node()) for c in heads]) |
|
110 | headlist = b', '.join([short(c.node()) for c in heads]) | |
108 | raise error.Abort( |
|
111 | raise error.Abort( | |
109 | _(b'cannot censor file in heads (%s)') % headlist, |
|
112 | _(b'cannot censor file in heads (%s)') % headlist, | |
110 | hint=_(b'clean/delete and commit first'), |
|
113 | hint=_(b'clean/delete and commit first'), | |
111 | ) |
|
114 | ) | |
112 |
|
115 | |||
113 | wp = wctx.parents() |
|
116 | wp = wctx.parents() | |
114 | if ctx.node() in [p.node() for p in wp]: |
|
117 | if ctx.node() in [p.node() for p in wp]: | |
115 | raise error.Abort( |
|
118 | raise error.Abort( | |
116 | _(b'cannot censor working directory'), |
|
119 | _(b'cannot censor working directory'), | |
117 | hint=_(b'clean/delete/update first'), |
|
120 | hint=_(b'clean/delete/update first'), | |
118 | ) |
|
121 | ) | |
119 |
|
122 | |||
120 | with repo.transaction(b'censor') as tr: |
|
123 | with repo.transaction(b'censor') as tr: | |
121 | flog.censorrevision(tr, fnode, tombstone=tombstone) |
|
124 | flog.censorrevision(tr, fnode, tombstone=tombstone) |
@@ -1,621 +1,632 b'' | |||||
1 | #require no-reposimplestore |
|
1 | #require no-reposimplestore | |
2 | #testcases revlogv1 revlogv2 |
|
2 | #testcases revlogv1 revlogv2 | |
3 |
|
3 | |||
4 | #if revlogv2 |
|
4 | #if revlogv2 | |
5 |
|
5 | |||
6 | $ cat >> $HGRCPATH <<EOF |
|
6 | $ cat >> $HGRCPATH <<EOF | |
7 | > [experimental] |
|
7 | > [experimental] | |
8 | > revlogv2=enable-unstable-format-and-corrupt-my-data |
|
8 | > revlogv2=enable-unstable-format-and-corrupt-my-data | |
9 | > EOF |
|
9 | > EOF | |
10 |
|
10 | |||
11 | #endif |
|
11 | #endif | |
12 |
|
12 | |||
13 | $ cp $HGRCPATH $HGRCPATH.orig |
|
13 | $ cp $HGRCPATH $HGRCPATH.orig | |
14 |
|
14 | |||
15 | Create repo with unimpeachable content |
|
15 | Create repo with unimpeachable content | |
16 |
|
16 | |||
17 | $ hg init r |
|
17 | $ hg init r | |
18 | $ cd r |
|
18 | $ cd r | |
19 | $ echo 'Initially untainted file' > target |
|
19 | $ echo 'Initially untainted file' > target | |
20 | $ echo 'Normal file here' > bystander |
|
20 | $ echo 'Normal file here' > bystander | |
21 | $ hg add target bystander |
|
21 | $ hg add target bystander | |
22 | $ hg ci -m init |
|
22 | $ hg ci -m init | |
23 |
|
23 | |||
24 | Clone repo so we can test pull later |
|
24 | Clone repo so we can test pull later | |
25 |
|
25 | |||
26 | $ cd .. |
|
26 | $ cd .. | |
27 | $ hg clone r rpull |
|
27 | $ hg clone r rpull | |
28 | updating to branch default |
|
28 | updating to branch default | |
29 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
29 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
30 | $ cd r |
|
30 | $ cd r | |
31 |
|
31 | |||
32 | Introduce content which will ultimately require censorship. Name the first |
|
32 | Introduce content which will ultimately require censorship. Name the first | |
33 | censored node C1, second C2, and so on |
|
33 | censored node C1, second C2, and so on | |
34 |
|
34 | |||
35 | $ echo 'Tainted file' > target |
|
35 | $ echo 'Tainted file' > target | |
36 | $ echo 'Passwords: hunter2' >> target |
|
36 | $ echo 'Passwords: hunter2' >> target | |
37 | $ hg ci -m taint target |
|
37 | $ hg ci -m taint target | |
38 | $ C1=`hg id --debug -i` |
|
38 | $ C1=`hg id --debug -i` | |
39 |
|
39 | |||
40 | $ echo 'hunter3' >> target |
|
40 | $ echo 'hunter3' >> target | |
41 | $ echo 'Normal file v2' > bystander |
|
41 | $ echo 'Normal file v2' > bystander | |
42 | $ hg ci -m moretaint target bystander |
|
42 | $ hg ci -m moretaint target bystander | |
43 | $ C2=`hg id --debug -i` |
|
43 | $ C2=`hg id --debug -i` | |
44 |
|
44 | |||
45 | Add a new sanitized versions to correct our mistake. Name the first head H1, |
|
45 | Add a new sanitized versions to correct our mistake. Name the first head H1, | |
46 | the second head H2, and so on |
|
46 | the second head H2, and so on | |
47 |
|
47 | |||
48 | $ echo 'Tainted file is now sanitized' > target |
|
48 | $ echo 'Tainted file is now sanitized' > target | |
49 | $ hg ci -m sanitized target |
|
49 | $ hg ci -m sanitized target | |
50 | $ H1=`hg id --debug -i` |
|
50 | $ H1=`hg id --debug -i` | |
51 |
|
51 | |||
52 | $ hg update -r $C2 |
|
52 | $ hg update -r $C2 | |
53 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
53 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
54 | $ echo 'Tainted file now super sanitized' > target |
|
54 | $ echo 'Tainted file now super sanitized' > target | |
55 | $ hg ci -m 'super sanitized' target |
|
55 | $ hg ci -m 'super sanitized' target | |
56 | created new head |
|
56 | created new head | |
57 | $ H2=`hg id --debug -i` |
|
57 | $ H2=`hg id --debug -i` | |
58 |
|
58 | |||
59 | Verify target contents before censorship at each revision |
|
59 | Verify target contents before censorship at each revision | |
60 |
|
60 | |||
61 | $ hg cat -r $H1 target | head -n 10 |
|
61 | $ hg cat -r $H1 target | head -n 10 | |
62 | Tainted file is now sanitized |
|
62 | Tainted file is now sanitized | |
63 | $ hg cat -r $H2 target | head -n 10 |
|
63 | $ hg cat -r $H2 target | head -n 10 | |
64 | Tainted file now super sanitized |
|
64 | Tainted file now super sanitized | |
65 | $ hg cat -r $C2 target | head -n 10 |
|
65 | $ hg cat -r $C2 target | head -n 10 | |
66 | Tainted file |
|
66 | Tainted file | |
67 | Passwords: hunter2 |
|
67 | Passwords: hunter2 | |
68 | hunter3 |
|
68 | hunter3 | |
69 | $ hg cat -r $C1 target | head -n 10 |
|
69 | $ hg cat -r $C1 target | head -n 10 | |
70 | Tainted file |
|
70 | Tainted file | |
71 | Passwords: hunter2 |
|
71 | Passwords: hunter2 | |
72 | $ hg cat -r 0 target | head -n 10 |
|
72 | $ hg cat -r 0 target | head -n 10 | |
73 | Initially untainted file |
|
73 | Initially untainted file | |
74 |
|
74 | |||
75 | Censor revision with 2 offenses |
|
75 | Censor revision with 2 offenses | |
76 |
|
76 | |||
77 | (this also tests file pattern matching: path relative to cwd case) |
|
77 | (this also tests file pattern matching: path relative to cwd case) | |
78 |
|
78 | |||
79 | $ mkdir -p foo/bar/baz |
|
79 | $ mkdir -p foo/bar/baz | |
80 | $ hg --config extensions.censor= --cwd foo/bar/baz censor -r $C2 -t "remove password" ../../../target |
|
80 | $ hg --config extensions.censor= --cwd foo/bar/baz censor -r $C2 -t "remove password" ../../../target | |
|
81 | checking for the censored content in 2 heads | |||
81 |
$ |
|
82 | $ hg cat -r $H1 target | head -n 10 | |
82 | Tainted file is now sanitized |
|
83 | Tainted file is now sanitized | |
83 | $ hg cat -r $H2 target | head -n 10 |
|
84 | $ hg cat -r $H2 target | head -n 10 | |
84 | Tainted file now super sanitized |
|
85 | Tainted file now super sanitized | |
85 | $ hg cat -r $C2 target | head -n 10 |
|
86 | $ hg cat -r $C2 target | head -n 10 | |
86 | abort: censored node: 1e0247a9a4b7 |
|
87 | abort: censored node: 1e0247a9a4b7 | |
87 | (set censor.policy to ignore errors) |
|
88 | (set censor.policy to ignore errors) | |
88 | $ hg cat -r $C1 target | head -n 10 |
|
89 | $ hg cat -r $C1 target | head -n 10 | |
89 | Tainted file |
|
90 | Tainted file | |
90 | Passwords: hunter2 |
|
91 | Passwords: hunter2 | |
91 | $ hg cat -r 0 target | head -n 10 |
|
92 | $ hg cat -r 0 target | head -n 10 | |
92 | Initially untainted file |
|
93 | Initially untainted file | |
93 |
|
94 | |||
94 | Censor revision with 1 offense |
|
95 | Censor revision with 1 offense | |
95 |
|
96 | |||
96 | (this also tests file pattern matching: with 'path:' scheme) |
|
97 | (this also tests file pattern matching: with 'path:' scheme) | |
97 |
|
98 | |||
98 | $ hg --config extensions.censor= --cwd foo/bar/baz censor -r $C1 path:target |
|
99 | $ hg --config extensions.censor= --cwd foo/bar/baz censor -r $C1 path:target | |
|
100 | checking for the censored content in 2 heads | |||
99 | $ hg cat -r $H1 target | head -n 10 |
|
101 | $ hg cat -r $H1 target | head -n 10 | |
100 | Tainted file is now sanitized |
|
102 | Tainted file is now sanitized | |
101 | $ hg cat -r $H2 target | head -n 10 |
|
103 | $ hg cat -r $H2 target | head -n 10 | |
102 | Tainted file now super sanitized |
|
104 | Tainted file now super sanitized | |
103 | $ hg cat -r $C2 target | head -n 10 |
|
105 | $ hg cat -r $C2 target | head -n 10 | |
104 | abort: censored node: 1e0247a9a4b7 |
|
106 | abort: censored node: 1e0247a9a4b7 | |
105 | (set censor.policy to ignore errors) |
|
107 | (set censor.policy to ignore errors) | |
106 | $ hg cat -r $C1 target | head -n 10 |
|
108 | $ hg cat -r $C1 target | head -n 10 | |
107 | abort: censored node: 613bc869fceb |
|
109 | abort: censored node: 613bc869fceb | |
108 | (set censor.policy to ignore errors) |
|
110 | (set censor.policy to ignore errors) | |
109 | $ hg cat -r 0 target | head -n 10 |
|
111 | $ hg cat -r 0 target | head -n 10 | |
110 | Initially untainted file |
|
112 | Initially untainted file | |
111 |
|
113 | |||
112 | Can only checkout target at uncensored revisions, -X is workaround for --all |
|
114 | Can only checkout target at uncensored revisions, -X is workaround for --all | |
113 |
|
115 | |||
114 | $ hg revert -r $C2 target | head -n 10 |
|
116 | $ hg revert -r $C2 target | head -n 10 | |
115 | abort: censored node: 1e0247a9a4b7 |
|
117 | abort: censored node: 1e0247a9a4b7 | |
116 | (set censor.policy to ignore errors) |
|
118 | (set censor.policy to ignore errors) | |
117 | $ hg revert -r $C1 target | head -n 10 |
|
119 | $ hg revert -r $C1 target | head -n 10 | |
118 | abort: censored node: 613bc869fceb |
|
120 | abort: censored node: 613bc869fceb | |
119 | (set censor.policy to ignore errors) |
|
121 | (set censor.policy to ignore errors) | |
120 | $ hg revert -r $C1 --all |
|
122 | $ hg revert -r $C1 --all | |
121 | reverting bystander |
|
123 | reverting bystander | |
122 | reverting target |
|
124 | reverting target | |
123 | abort: censored node: 613bc869fceb |
|
125 | abort: censored node: 613bc869fceb | |
124 | (set censor.policy to ignore errors) |
|
126 | (set censor.policy to ignore errors) | |
125 | [255] |
|
127 | [255] | |
126 | $ hg revert -r $C1 --all -X target |
|
128 | $ hg revert -r $C1 --all -X target | |
127 | $ cat target | head -n 10 |
|
129 | $ cat target | head -n 10 | |
128 | Tainted file now super sanitized |
|
130 | Tainted file now super sanitized | |
129 | $ hg revert -r 0 --all |
|
131 | $ hg revert -r 0 --all | |
130 | reverting target |
|
132 | reverting target | |
131 | $ cat target | head -n 10 |
|
133 | $ cat target | head -n 10 | |
132 | Initially untainted file |
|
134 | Initially untainted file | |
133 | $ hg revert -r $H2 --all |
|
135 | $ hg revert -r $H2 --all | |
134 | reverting bystander |
|
136 | reverting bystander | |
135 | reverting target |
|
137 | reverting target | |
136 | $ cat target | head -n 10 |
|
138 | $ cat target | head -n 10 | |
137 | Tainted file now super sanitized |
|
139 | Tainted file now super sanitized | |
138 |
|
140 | |||
139 | Uncensored file can be viewed at any revision |
|
141 | Uncensored file can be viewed at any revision | |
140 |
|
142 | |||
141 | $ hg cat -r $H1 bystander | head -n 10 |
|
143 | $ hg cat -r $H1 bystander | head -n 10 | |
142 | Normal file v2 |
|
144 | Normal file v2 | |
143 | $ hg cat -r $C2 bystander | head -n 10 |
|
145 | $ hg cat -r $C2 bystander | head -n 10 | |
144 | Normal file v2 |
|
146 | Normal file v2 | |
145 | $ hg cat -r $C1 bystander | head -n 10 |
|
147 | $ hg cat -r $C1 bystander | head -n 10 | |
146 | Normal file here |
|
148 | Normal file here | |
147 | $ hg cat -r 0 bystander | head -n 10 |
|
149 | $ hg cat -r 0 bystander | head -n 10 | |
148 | Normal file here |
|
150 | Normal file here | |
149 |
|
151 | |||
150 | Can update to children of censored revision |
|
152 | Can update to children of censored revision | |
151 |
|
153 | |||
152 | $ hg update -r $H1 |
|
154 | $ hg update -r $H1 | |
153 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
155 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
154 | $ cat target | head -n 10 |
|
156 | $ cat target | head -n 10 | |
155 | Tainted file is now sanitized |
|
157 | Tainted file is now sanitized | |
156 | $ hg update -r $H2 |
|
158 | $ hg update -r $H2 | |
157 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
159 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
158 | $ cat target | head -n 10 |
|
160 | $ cat target | head -n 10 | |
159 | Tainted file now super sanitized |
|
161 | Tainted file now super sanitized | |
160 |
|
162 | |||
161 | Set censor policy to abort in trusted $HGRC so hg verify fails |
|
163 | Set censor policy to abort in trusted $HGRC so hg verify fails | |
162 |
|
164 | |||
163 | $ cp $HGRCPATH.orig $HGRCPATH |
|
165 | $ cp $HGRCPATH.orig $HGRCPATH | |
164 | $ cat >> $HGRCPATH <<EOF |
|
166 | $ cat >> $HGRCPATH <<EOF | |
165 | > [censor] |
|
167 | > [censor] | |
166 | > policy = abort |
|
168 | > policy = abort | |
167 | > EOF |
|
169 | > EOF | |
168 |
|
170 | |||
169 | Repo fails verification due to censorship |
|
171 | Repo fails verification due to censorship | |
170 |
|
172 | |||
171 | $ hg verify |
|
173 | $ hg verify | |
172 | checking changesets |
|
174 | checking changesets | |
173 | checking manifests |
|
175 | checking manifests | |
174 | crosschecking files in changesets and manifests |
|
176 | crosschecking files in changesets and manifests | |
175 | checking files |
|
177 | checking files | |
176 | target@1: censored file data |
|
178 | target@1: censored file data | |
177 | target@2: censored file data |
|
179 | target@2: censored file data | |
178 | not checking dirstate because of previous errors |
|
180 | not checking dirstate because of previous errors | |
179 | checked 5 changesets with 7 changes to 2 files |
|
181 | checked 5 changesets with 7 changes to 2 files | |
180 | 2 integrity errors encountered! |
|
182 | 2 integrity errors encountered! | |
181 | (first damaged changeset appears to be 1) |
|
183 | (first damaged changeset appears to be 1) | |
182 | [1] |
|
184 | [1] | |
183 |
|
185 | |||
184 | Cannot update to revision with censored data |
|
186 | Cannot update to revision with censored data | |
185 |
|
187 | |||
186 | $ hg update -r $C2 |
|
188 | $ hg update -r $C2 | |
187 | abort: censored node: 1e0247a9a4b7 |
|
189 | abort: censored node: 1e0247a9a4b7 | |
188 | (set censor.policy to ignore errors) |
|
190 | (set censor.policy to ignore errors) | |
189 | [255] |
|
191 | [255] | |
190 | $ hg update -r $C1 |
|
192 | $ hg update -r $C1 | |
191 | abort: censored node: 613bc869fceb |
|
193 | abort: censored node: 613bc869fceb | |
192 | (set censor.policy to ignore errors) |
|
194 | (set censor.policy to ignore errors) | |
193 | [255] |
|
195 | [255] | |
194 | $ hg update -r 0 |
|
196 | $ hg update -r 0 | |
195 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
197 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
196 | $ hg update -r $H2 |
|
198 | $ hg update -r $H2 | |
197 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
199 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
198 |
|
200 | |||
199 | Set censor policy to ignore in trusted $HGRC so hg verify passes |
|
201 | Set censor policy to ignore in trusted $HGRC so hg verify passes | |
200 |
|
202 | |||
201 | $ cp $HGRCPATH.orig $HGRCPATH |
|
203 | $ cp $HGRCPATH.orig $HGRCPATH | |
202 | $ cat >> $HGRCPATH <<EOF |
|
204 | $ cat >> $HGRCPATH <<EOF | |
203 | > [censor] |
|
205 | > [censor] | |
204 | > policy = ignore |
|
206 | > policy = ignore | |
205 | > EOF |
|
207 | > EOF | |
206 |
|
208 | |||
207 | Repo passes verification with warnings with explicit config |
|
209 | Repo passes verification with warnings with explicit config | |
208 |
|
210 | |||
209 | $ hg verify -q |
|
211 | $ hg verify -q | |
210 |
|
212 | |||
211 | May update to revision with censored data with explicit config |
|
213 | May update to revision with censored data with explicit config | |
212 |
|
214 | |||
213 | $ hg update -r $C2 |
|
215 | $ hg update -r $C2 | |
214 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
216 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
215 | $ cat target | head -n 10 |
|
217 | $ cat target | head -n 10 | |
216 | $ hg update -r $C1 |
|
218 | $ hg update -r $C1 | |
217 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
219 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
218 | $ cat target | head -n 10 |
|
220 | $ cat target | head -n 10 | |
219 | $ hg update -r 0 |
|
221 | $ hg update -r 0 | |
220 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
222 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
221 | $ cat target | head -n 10 |
|
223 | $ cat target | head -n 10 | |
222 | Initially untainted file |
|
224 | Initially untainted file | |
223 | $ hg update -r $H2 |
|
225 | $ hg update -r $H2 | |
224 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
226 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
225 | $ cat target | head -n 10 |
|
227 | $ cat target | head -n 10 | |
226 | Tainted file now super sanitized |
|
228 | Tainted file now super sanitized | |
227 |
|
229 | |||
228 | Can merge in revision with censored data. Test requires one branch of history |
|
230 | Can merge in revision with censored data. Test requires one branch of history | |
229 | with the file censored, but we can't censor at a head, so advance H1. |
|
231 | with the file censored, but we can't censor at a head, so advance H1. | |
230 |
|
232 | |||
231 | $ hg update -r $H1 |
|
233 | $ hg update -r $H1 | |
232 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
234 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
233 | $ C3=$H1 |
|
235 | $ C3=$H1 | |
234 | $ echo 'advanced head H1' > target |
|
236 | $ echo 'advanced head H1' > target | |
235 | $ hg ci -m 'advance head H1' target |
|
237 | $ hg ci -m 'advance head H1' target | |
236 | $ H1=`hg id --debug -i` |
|
238 | $ H1=`hg id --debug -i` | |
237 | $ hg --config extensions.censor= censor -r $C3 target |
|
239 | $ hg --config extensions.censor= censor -r $C3 target | |
|
240 | checking for the censored content in 2 heads | |||
238 | $ hg update -r $H2 |
|
241 | $ hg update -r $H2 | |
239 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
242 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
240 | $ hg merge -r $C3 |
|
243 | $ hg merge -r $C3 | |
241 | merging target |
|
244 | merging target | |
242 | 0 files updated, 1 files merged, 0 files removed, 0 files unresolved |
|
245 | 0 files updated, 1 files merged, 0 files removed, 0 files unresolved | |
243 | (branch merge, don't forget to commit) |
|
246 | (branch merge, don't forget to commit) | |
244 |
|
247 | |||
245 | Revisions present in repository heads may not be censored |
|
248 | Revisions present in repository heads may not be censored | |
246 |
|
249 | |||
247 | $ hg update -C -r $H2 |
|
250 | $ hg update -C -r $H2 | |
248 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
251 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
249 | $ hg --config extensions.censor= censor -r $H2 target |
|
252 | $ hg --config extensions.censor= censor -r $H2 target | |
|
253 | checking for the censored content in 2 heads | |||
250 | abort: cannot censor file in heads (78a8fc215e79) |
|
254 | abort: cannot censor file in heads (78a8fc215e79) | |
251 | (clean/delete and commit first) |
|
255 | (clean/delete and commit first) | |
252 | [255] |
|
256 | [255] | |
253 | $ echo 'twiddling thumbs' > bystander |
|
257 | $ echo 'twiddling thumbs' > bystander | |
254 | $ hg ci -m 'bystander commit' |
|
258 | $ hg ci -m 'bystander commit' | |
255 | $ H2=`hg id --debug -i` |
|
259 | $ H2=`hg id --debug -i` | |
256 | $ hg --config extensions.censor= censor -r "$H2^" target |
|
260 | $ hg --config extensions.censor= censor -r "$H2^" target | |
|
261 | checking for the censored content in 2 heads | |||
257 | abort: cannot censor file in heads (efbe78065929) |
|
262 | abort: cannot censor file in heads (efbe78065929) | |
258 | (clean/delete and commit first) |
|
263 | (clean/delete and commit first) | |
259 | [255] |
|
264 | [255] | |
260 |
|
265 | |||
261 | Cannot censor working directory |
|
266 | Cannot censor working directory | |
262 |
|
267 | |||
263 | $ echo 'seriously no passwords' > target |
|
268 | $ echo 'seriously no passwords' > target | |
264 | $ hg ci -m 'extend second head arbitrarily' target |
|
269 | $ hg ci -m 'extend second head arbitrarily' target | |
265 | $ H2=`hg id --debug -i` |
|
270 | $ H2=`hg id --debug -i` | |
266 | $ hg update -r "$H2^" |
|
271 | $ hg update -r "$H2^" | |
267 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
272 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
268 | $ hg --config extensions.censor= censor -r . target |
|
273 | $ hg --config extensions.censor= censor -r . target | |
|
274 | checking for the censored content in 2 heads | |||
269 | abort: cannot censor working directory |
|
275 | abort: cannot censor working directory | |
270 | (clean/delete/update first) |
|
276 | (clean/delete/update first) | |
271 | [255] |
|
277 | [255] | |
272 | $ hg update -r $H2 |
|
278 | $ hg update -r $H2 | |
273 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
279 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
274 |
|
280 | |||
275 | Can re-add file after being deleted + censored |
|
281 | Can re-add file after being deleted + censored | |
276 |
|
282 | |||
277 | $ C4=$H2 |
|
283 | $ C4=$H2 | |
278 | $ hg rm target |
|
284 | $ hg rm target | |
279 | $ hg ci -m 'delete target so it may be censored' |
|
285 | $ hg ci -m 'delete target so it may be censored' | |
280 | $ H2=`hg id --debug -i` |
|
286 | $ H2=`hg id --debug -i` | |
281 | $ hg --config extensions.censor= censor -r $C4 target |
|
287 | $ hg --config extensions.censor= censor -r $C4 target | |
|
288 | checking for the censored content in 2 heads | |||
282 | $ hg cat -r $C4 target | head -n 10 |
|
289 | $ hg cat -r $C4 target | head -n 10 | |
283 | $ hg cat -r "$H2^^" target | head -n 10 |
|
290 | $ hg cat -r "$H2^^" target | head -n 10 | |
284 | Tainted file now super sanitized |
|
291 | Tainted file now super sanitized | |
285 | $ echo 'fresh start' > target |
|
292 | $ echo 'fresh start' > target | |
286 | $ hg add target |
|
293 | $ hg add target | |
287 | $ hg ci -m reincarnated target |
|
294 | $ hg ci -m reincarnated target | |
288 | $ H2=`hg id --debug -i` |
|
295 | $ H2=`hg id --debug -i` | |
289 | $ hg cat -r $H2 target | head -n 10 |
|
296 | $ hg cat -r $H2 target | head -n 10 | |
290 | fresh start |
|
297 | fresh start | |
291 | $ hg cat -r "$H2^" target | head -n 10 |
|
298 | $ hg cat -r "$H2^" target | head -n 10 | |
292 | target: no such file in rev 452ec1762369 |
|
299 | target: no such file in rev 452ec1762369 | |
293 | $ hg cat -r $C4 target | head -n 10 |
|
300 | $ hg cat -r $C4 target | head -n 10 | |
294 | $ hg cat -r "$H2^^^" target | head -n 10 |
|
301 | $ hg cat -r "$H2^^^" target | head -n 10 | |
295 | Tainted file now super sanitized |
|
302 | Tainted file now super sanitized | |
296 |
|
303 | |||
297 | Can censor enough revision to move back to inline storage |
|
304 | Can censor enough revision to move back to inline storage | |
298 |
|
305 | |||
299 | $ hg debugrevlogstats | grep target |
|
306 | $ hg debugrevlogstats | grep target | |
300 | rev-count data-size inl type target |
|
307 | rev-count data-size inl type target | |
301 | 8 ??? no file target (glob) (revlogv2 !) |
|
308 | 8 ??? no file target (glob) (revlogv2 !) | |
302 | 8 ??? yes file target (glob) (revlogv1 !) |
|
309 | 8 ??? yes file target (glob) (revlogv1 !) | |
303 | $ cat /dev/rand?m | dd status=none count=200 | f --hexdump > target |
|
310 | $ cat /dev/rand?m | dd status=none count=200 | f --hexdump > target | |
304 | $ hg ci -m 'add 100k passwords' |
|
311 | $ hg ci -m 'add 100k passwords' | |
305 | $ H2=`hg id --debug -i` |
|
312 | $ H2=`hg id --debug -i` | |
306 | $ C5=$H2 |
|
313 | $ C5=$H2 | |
307 | $ hg revert -r "$H2^" target |
|
314 | $ hg revert -r "$H2^" target | |
308 | $ hg ci -m 'cleaned 100k passwords' |
|
315 | $ hg ci -m 'cleaned 100k passwords' | |
309 | $ H2=`hg id --debug -i` |
|
316 | $ H2=`hg id --debug -i` | |
310 | $ hg debugrevlogstats | grep target |
|
317 | $ hg debugrevlogstats | grep target | |
311 | rev-count data-size inl type target |
|
318 | rev-count data-size inl type target | |
312 | 10 ?????? no file target (glob) |
|
319 | 10 ?????? no file target (glob) | |
313 | $ hg --config extensions.censor= censor -r $C5 target |
|
320 | $ hg --config extensions.censor= censor -r $C5 target | |
|
321 | checking for the censored content in 2 heads | |||
314 |
|
322 | |||
315 | The important part is for the censor operation to not crash and the repository |
|
323 | The important part is for the censor operation to not crash and the repository | |
316 | to not be corrupted. Right now this involve keeping the revlog split. |
|
324 | to not be corrupted. Right now this involve keeping the revlog split. | |
317 |
|
325 | |||
318 | $ hg debugrevlogstats | grep target |
|
326 | $ hg debugrevlogstats | grep target | |
319 | rev-count data-size inl type target |
|
327 | rev-count data-size inl type target | |
320 | 10 ??? no file target (glob) |
|
328 | 10 ??? no file target (glob) | |
321 | $ hg cat -r $C5 target | head -n 10 |
|
329 | $ hg cat -r $C5 target | head -n 10 | |
322 | $ hg cat -r $H2 target | head -n 10 |
|
330 | $ hg cat -r $H2 target | head -n 10 | |
323 | fresh start |
|
331 | fresh start | |
324 | $ hg verify |
|
332 | $ hg verify | |
325 | checking changesets |
|
333 | checking changesets | |
326 | checking manifests |
|
334 | checking manifests | |
327 | crosschecking files in changesets and manifests |
|
335 | crosschecking files in changesets and manifests | |
328 | checking files |
|
336 | checking files | |
329 | checking dirstate |
|
337 | checking dirstate | |
330 | checked 12 changesets with 13 changes to 2 files |
|
338 | checked 12 changesets with 13 changes to 2 files | |
331 |
|
339 | |||
332 | Repo with censored nodes can be cloned and cloned nodes are censored |
|
340 | Repo with censored nodes can be cloned and cloned nodes are censored | |
333 |
|
341 | |||
334 | $ cd .. |
|
342 | $ cd .. | |
335 | $ hg clone r rclone |
|
343 | $ hg clone r rclone | |
336 | updating to branch default |
|
344 | updating to branch default | |
337 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
345 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
338 | $ cd rclone |
|
346 | $ cd rclone | |
339 | $ hg cat -r $H1 target | head -n 10 |
|
347 | $ hg cat -r $H1 target | head -n 10 | |
340 | advanced head H1 |
|
348 | advanced head H1 | |
341 | $ hg cat -r $H2~5 target | head -n 10 |
|
349 | $ hg cat -r $H2~5 target | head -n 10 | |
342 | Tainted file now super sanitized |
|
350 | Tainted file now super sanitized | |
343 | $ hg cat -r $C2 target | head -n 10 |
|
351 | $ hg cat -r $C2 target | head -n 10 | |
344 | $ hg cat -r $C1 target | head -n 10 |
|
352 | $ hg cat -r $C1 target | head -n 10 | |
345 | $ hg cat -r 0 target | head -n 10 |
|
353 | $ hg cat -r 0 target | head -n 10 | |
346 | Initially untainted file |
|
354 | Initially untainted file | |
347 | $ hg verify -q |
|
355 | $ hg verify -q | |
348 |
|
356 | |||
349 | Repo cloned before tainted content introduced can pull censored nodes |
|
357 | Repo cloned before tainted content introduced can pull censored nodes | |
350 |
|
358 | |||
351 | $ cd ../rpull |
|
359 | $ cd ../rpull | |
352 | $ hg cat -r tip target | head -n 10 |
|
360 | $ hg cat -r tip target | head -n 10 | |
353 | Initially untainted file |
|
361 | Initially untainted file | |
354 | $ hg verify -q |
|
362 | $ hg verify -q | |
355 | $ hg pull -r $H1 -r $H2 |
|
363 | $ hg pull -r $H1 -r $H2 | |
356 | pulling from $TESTTMP/r |
|
364 | pulling from $TESTTMP/r | |
357 | searching for changes |
|
365 | searching for changes | |
358 | adding changesets |
|
366 | adding changesets | |
359 | adding manifests |
|
367 | adding manifests | |
360 | adding file changes |
|
368 | adding file changes | |
361 | added 11 changesets with 11 changes to 2 files (+1 heads) |
|
369 | added 11 changesets with 11 changes to 2 files (+1 heads) | |
362 | new changesets * (glob) |
|
370 | new changesets * (glob) | |
363 | (run 'hg heads' to see heads, 'hg merge' to merge) |
|
371 | (run 'hg heads' to see heads, 'hg merge' to merge) | |
364 | $ hg update 4 |
|
372 | $ hg update 4 | |
365 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
373 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
366 | $ cat target | head -n 10 |
|
374 | $ cat target | head -n 10 | |
367 | Tainted file now super sanitized |
|
375 | Tainted file now super sanitized | |
368 | $ hg cat -r $H1 target | head -n 10 |
|
376 | $ hg cat -r $H1 target | head -n 10 | |
369 | advanced head H1 |
|
377 | advanced head H1 | |
370 | $ hg cat -r $H2~5 target | head -n 10 |
|
378 | $ hg cat -r $H2~5 target | head -n 10 | |
371 | Tainted file now super sanitized |
|
379 | Tainted file now super sanitized | |
372 | $ hg cat -r $C2 target | head -n 10 |
|
380 | $ hg cat -r $C2 target | head -n 10 | |
373 | $ hg cat -r $C1 target | head -n 10 |
|
381 | $ hg cat -r $C1 target | head -n 10 | |
374 | $ hg cat -r 0 target | head -n 10 |
|
382 | $ hg cat -r 0 target | head -n 10 | |
375 | Initially untainted file |
|
383 | Initially untainted file | |
376 | $ hg verify -q |
|
384 | $ hg verify -q | |
377 |
|
385 | |||
378 | Censored nodes can be pushed if they censor previously unexchanged nodes |
|
386 | Censored nodes can be pushed if they censor previously unexchanged nodes | |
379 |
|
387 | |||
380 | $ echo 'Passwords: hunter2hunter2' > target |
|
388 | $ echo 'Passwords: hunter2hunter2' > target | |
381 | $ hg ci -m 're-add password from clone' target |
|
389 | $ hg ci -m 're-add password from clone' target | |
382 | created new head |
|
390 | created new head | |
383 | $ H3=`hg id --debug -i` |
|
391 | $ H3=`hg id --debug -i` | |
384 | $ REV=$H3 |
|
392 | $ REV=$H3 | |
385 | $ echo 'Re-sanitized; nothing to see here' > target |
|
393 | $ echo 'Re-sanitized; nothing to see here' > target | |
386 | $ hg ci -m 're-sanitized' target |
|
394 | $ hg ci -m 're-sanitized' target | |
387 | $ H2=`hg id --debug -i` |
|
395 | $ H2=`hg id --debug -i` | |
388 | $ CLEANREV=$H2 |
|
396 | $ CLEANREV=$H2 | |
389 | $ hg cat -r $REV target | head -n 10 |
|
397 | $ hg cat -r $REV target | head -n 10 | |
390 | Passwords: hunter2hunter2 |
|
398 | Passwords: hunter2hunter2 | |
391 | $ hg --config extensions.censor= censor -r $REV target |
|
399 | $ hg --config extensions.censor= censor -r $REV target | |
|
400 | checking for the censored content in 3 heads | |||
392 | $ hg cat -r $REV target | head -n 10 |
|
401 | $ hg cat -r $REV target | head -n 10 | |
393 | $ hg cat -r $CLEANREV target | head -n 10 |
|
402 | $ hg cat -r $CLEANREV target | head -n 10 | |
394 | Re-sanitized; nothing to see here |
|
403 | Re-sanitized; nothing to see here | |
395 | $ hg push -f -r $H2 |
|
404 | $ hg push -f -r $H2 | |
396 | pushing to $TESTTMP/r |
|
405 | pushing to $TESTTMP/r | |
397 | searching for changes |
|
406 | searching for changes | |
398 | adding changesets |
|
407 | adding changesets | |
399 | adding manifests |
|
408 | adding manifests | |
400 | adding file changes |
|
409 | adding file changes | |
401 | added 2 changesets with 2 changes to 1 files (+1 heads) |
|
410 | added 2 changesets with 2 changes to 1 files (+1 heads) | |
402 |
|
411 | |||
403 | $ cd ../r |
|
412 | $ cd ../r | |
404 | $ hg cat -r $REV target | head -n 10 |
|
413 | $ hg cat -r $REV target | head -n 10 | |
405 | $ hg cat -r $CLEANREV target | head -n 10 |
|
414 | $ hg cat -r $CLEANREV target | head -n 10 | |
406 | Re-sanitized; nothing to see here |
|
415 | Re-sanitized; nothing to see here | |
407 | $ hg update $CLEANREV |
|
416 | $ hg update $CLEANREV | |
408 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
417 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
409 | $ cat target | head -n 10 |
|
418 | $ cat target | head -n 10 | |
410 | Re-sanitized; nothing to see here |
|
419 | Re-sanitized; nothing to see here | |
411 |
|
420 | |||
412 | Censored nodes can be bundled up and unbundled in another repo |
|
421 | Censored nodes can be bundled up and unbundled in another repo | |
413 |
|
422 | |||
414 | $ hg bundle --base 0 ../pwbundle |
|
423 | $ hg bundle --base 0 ../pwbundle | |
415 | 13 changesets found |
|
424 | 13 changesets found | |
416 | $ cd ../rclone |
|
425 | $ cd ../rclone | |
417 | $ hg unbundle ../pwbundle |
|
426 | $ hg unbundle ../pwbundle | |
418 | adding changesets |
|
427 | adding changesets | |
419 | adding manifests |
|
428 | adding manifests | |
420 | adding file changes |
|
429 | adding file changes | |
421 | added 2 changesets with 2 changes to 2 files (+1 heads) |
|
430 | added 2 changesets with 2 changes to 2 files (+1 heads) | |
422 | new changesets * (glob) |
|
431 | new changesets * (glob) | |
423 | (run 'hg heads .' to see heads, 'hg merge' to merge) |
|
432 | (run 'hg heads .' to see heads, 'hg merge' to merge) | |
424 | $ hg cat -r $REV target | head -n 10 |
|
433 | $ hg cat -r $REV target | head -n 10 | |
425 | $ hg cat -r $CLEANREV target | head -n 10 |
|
434 | $ hg cat -r $CLEANREV target | head -n 10 | |
426 | Re-sanitized; nothing to see here |
|
435 | Re-sanitized; nothing to see here | |
427 | $ hg update $CLEANREV |
|
436 | $ hg update $CLEANREV | |
428 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
437 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
429 | $ cat target | head -n 10 |
|
438 | $ cat target | head -n 10 | |
430 | Re-sanitized; nothing to see here |
|
439 | Re-sanitized; nothing to see here | |
431 | $ hg verify -q |
|
440 | $ hg verify -q | |
432 |
|
441 | |||
433 | Grepping only warns, doesn't error out |
|
442 | Grepping only warns, doesn't error out | |
434 |
|
443 | |||
435 | $ cd ../rpull |
|
444 | $ cd ../rpull | |
436 | $ hg grep 'Normal file' |
|
445 | $ hg grep 'Normal file' | |
437 | bystander:Normal file v2 |
|
446 | bystander:Normal file v2 | |
438 | $ hg grep nothing |
|
447 | $ hg grep nothing | |
439 | target:Re-sanitized; nothing to see here |
|
448 | target:Re-sanitized; nothing to see here | |
440 | $ hg grep --diff 'Normal file' |
|
449 | $ hg grep --diff 'Normal file' | |
441 | cannot search in censored file: target:7 |
|
450 | cannot search in censored file: target:7 | |
442 | cannot search in censored file: target:10 |
|
451 | cannot search in censored file: target:10 | |
443 | cannot search in censored file: target:12 |
|
452 | cannot search in censored file: target:12 | |
444 | bystander:6:-:Normal file v2 |
|
453 | bystander:6:-:Normal file v2 | |
445 | cannot search in censored file: target:1 |
|
454 | cannot search in censored file: target:1 | |
446 | cannot search in censored file: target:2 |
|
455 | cannot search in censored file: target:2 | |
447 | cannot search in censored file: target:3 |
|
456 | cannot search in censored file: target:3 | |
448 | bystander:2:-:Normal file here |
|
457 | bystander:2:-:Normal file here | |
449 | bystander:2:+:Normal file v2 |
|
458 | bystander:2:+:Normal file v2 | |
450 | bystander:0:+:Normal file here |
|
459 | bystander:0:+:Normal file here | |
451 | $ hg grep --diff nothing |
|
460 | $ hg grep --diff nothing | |
452 | cannot search in censored file: target:7 |
|
461 | cannot search in censored file: target:7 | |
453 | cannot search in censored file: target:10 |
|
462 | cannot search in censored file: target:10 | |
454 | cannot search in censored file: target:12 |
|
463 | cannot search in censored file: target:12 | |
455 | target:13:+:Re-sanitized; nothing to see here |
|
464 | target:13:+:Re-sanitized; nothing to see here | |
456 | cannot search in censored file: target:1 |
|
465 | cannot search in censored file: target:1 | |
457 | cannot search in censored file: target:2 |
|
466 | cannot search in censored file: target:2 | |
458 | cannot search in censored file: target:3 |
|
467 | cannot search in censored file: target:3 | |
459 |
|
468 | |||
460 | Censored nodes can be imported on top of censored nodes, consecutively |
|
469 | Censored nodes can be imported on top of censored nodes, consecutively | |
461 |
|
470 | |||
462 | $ hg init ../rimport |
|
471 | $ hg init ../rimport | |
463 | $ hg bundle --base 1 ../rimport/splitbundle |
|
472 | $ hg bundle --base 1 ../rimport/splitbundle | |
464 | 12 changesets found |
|
473 | 12 changesets found | |
465 | $ cd ../rimport |
|
474 | $ cd ../rimport | |
466 | $ hg pull -r $H1 -r $H2 ../r |
|
475 | $ hg pull -r $H1 -r $H2 ../r | |
467 | pulling from ../r |
|
476 | pulling from ../r | |
468 | adding changesets |
|
477 | adding changesets | |
469 | adding manifests |
|
478 | adding manifests | |
470 | adding file changes |
|
479 | adding file changes | |
471 | added 8 changesets with 10 changes to 2 files (+1 heads) |
|
480 | added 8 changesets with 10 changes to 2 files (+1 heads) | |
472 | new changesets e97f55b2665a:dcbaf17bf3a1 |
|
481 | new changesets e97f55b2665a:dcbaf17bf3a1 | |
473 | (run 'hg heads' to see heads, 'hg merge' to merge) |
|
482 | (run 'hg heads' to see heads, 'hg merge' to merge) | |
474 | $ hg unbundle splitbundle |
|
483 | $ hg unbundle splitbundle | |
475 | adding changesets |
|
484 | adding changesets | |
476 | adding manifests |
|
485 | adding manifests | |
477 | adding file changes |
|
486 | adding file changes | |
478 | added 6 changesets with 5 changes to 2 files (+1 heads) |
|
487 | added 6 changesets with 5 changes to 2 files (+1 heads) | |
479 | new changesets * (glob) |
|
488 | new changesets * (glob) | |
480 | (run 'hg heads .' to see heads, 'hg merge' to merge) |
|
489 | (run 'hg heads .' to see heads, 'hg merge' to merge) | |
481 | $ hg update $H2 |
|
490 | $ hg update $H2 | |
482 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
491 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
483 | $ cat target | head -n 10 |
|
492 | $ cat target | head -n 10 | |
484 | Re-sanitized; nothing to see here |
|
493 | Re-sanitized; nothing to see here | |
485 | $ hg verify -q |
|
494 | $ hg verify -q | |
486 | $ cd ../r |
|
495 | $ cd ../r | |
487 |
|
496 | |||
488 | Can import bundle where first revision of a file is censored |
|
497 | Can import bundle where first revision of a file is censored | |
489 |
|
498 | |||
490 | $ hg init ../rinit |
|
499 | $ hg init ../rinit | |
491 | $ hg --config extensions.censor= censor -r 0 target |
|
500 | $ hg --config extensions.censor= censor -r 0 target | |
|
501 | checking for the censored content in 3 heads | |||
492 | $ hg bundle -r 0 --base null ../rinit/initbundle |
|
502 | $ hg bundle -r 0 --base null ../rinit/initbundle | |
493 | 1 changesets found |
|
503 | 1 changesets found | |
494 | $ cd ../rinit |
|
504 | $ cd ../rinit | |
495 | $ hg unbundle initbundle |
|
505 | $ hg unbundle initbundle | |
496 | adding changesets |
|
506 | adding changesets | |
497 | adding manifests |
|
507 | adding manifests | |
498 | adding file changes |
|
508 | adding file changes | |
499 | added 1 changesets with 2 changes to 2 files |
|
509 | added 1 changesets with 2 changes to 2 files | |
500 | new changesets e97f55b2665a (1 drafts) |
|
510 | new changesets e97f55b2665a (1 drafts) | |
501 | (run 'hg update' to get a working copy) |
|
511 | (run 'hg update' to get a working copy) | |
502 | $ hg cat -r 0 target | head -n 10 |
|
512 | $ hg cat -r 0 target | head -n 10 | |
503 |
|
513 | |||
504 | #if revlogv2 |
|
514 | #if revlogv2 | |
505 |
|
515 | |||
506 | Testing feature that does not work in revlog v1 |
|
516 | Testing feature that does not work in revlog v1 | |
507 | =============================================== |
|
517 | =============================================== | |
508 |
|
518 | |||
509 | Censoring a revision that is used as delta base |
|
519 | Censoring a revision that is used as delta base | |
510 | ----------------------------------------------- |
|
520 | ----------------------------------------------- | |
511 |
|
521 | |||
512 | $ cd .. |
|
522 | $ cd .. | |
513 | $ hg init censor-with-delta |
|
523 | $ hg init censor-with-delta | |
514 | $ cd censor-with-delta |
|
524 | $ cd censor-with-delta | |
515 | $ echo root > target |
|
525 | $ echo root > target | |
516 | $ hg add target |
|
526 | $ hg add target | |
517 | $ hg commit -m root |
|
527 | $ hg commit -m root | |
518 | $ B0=`hg id --debug -i` |
|
528 | $ B0=`hg id --debug -i` | |
519 | $ for x in `"$PYTHON" $TESTDIR/seq.py 0 50000` |
|
529 | $ for x in `"$PYTHON" $TESTDIR/seq.py 0 50000` | |
520 | > do |
|
530 | > do | |
521 | > echo "Password: hunter$x" >> target |
|
531 | > echo "Password: hunter$x" >> target | |
522 | > done |
|
532 | > done | |
523 | $ hg ci -m 'write a long file' |
|
533 | $ hg ci -m 'write a long file' | |
524 | $ B1=`hg id --debug -i` |
|
534 | $ B1=`hg id --debug -i` | |
525 | $ echo 'small change (should create a delta)' >> target |
|
535 | $ echo 'small change (should create a delta)' >> target | |
526 | $ hg ci -m 'create a delta over the password' |
|
536 | $ hg ci -m 'create a delta over the password' | |
527 | (should show that the last revision is a delta, not a snapshot) |
|
537 | (should show that the last revision is a delta, not a snapshot) | |
528 | $ B2=`hg id --debug -i` |
|
538 | $ B2=`hg id --debug -i` | |
529 |
|
539 | |||
530 | Make sure the last revision is a delta against the revision we will censor |
|
540 | Make sure the last revision is a delta against the revision we will censor | |
531 |
|
541 | |||
532 | $ hg debugdeltachain target -T '{rev} {chainid} {chainlen} {prevrev}\n' |
|
542 | $ hg debugdeltachain target -T '{rev} {chainid} {chainlen} {prevrev}\n' | |
533 | 0 1 1 -1 |
|
543 | 0 1 1 -1 | |
534 | 1 2 1 -1 |
|
544 | 1 2 1 -1 | |
535 | 2 2 2 1 |
|
545 | 2 2 2 1 | |
536 |
|
546 | |||
537 | Censor the file |
|
547 | Censor the file | |
538 |
|
548 | |||
539 | $ hg cat -r $B1 target | wc -l |
|
549 | $ hg cat -r $B1 target | wc -l | |
540 | *50002 (re) |
|
550 | *50002 (re) | |
541 | $ hg --config extensions.censor= censor -r $B1 target |
|
551 | $ hg --config extensions.censor= censor -r $B1 target | |
|
552 | checking for the censored content in 1 heads | |||
542 | $ hg cat -r $B1 target | wc -l |
|
553 | $ hg cat -r $B1 target | wc -l | |
543 | *0 (re) |
|
554 | *0 (re) | |
544 |
|
555 | |||
545 | Check the children is fine |
|
556 | Check the children is fine | |
546 |
|
557 | |||
547 | $ hg cat -r $B2 target | wc -l |
|
558 | $ hg cat -r $B2 target | wc -l | |
548 | *50003 (re) |
|
559 | *50003 (re) | |
549 |
|
560 | |||
550 | #endif |
|
561 | #endif | |
551 |
|
562 | |||
552 | Testing repository upgrade with censors revision |
|
563 | Testing repository upgrade with censors revision | |
553 | ================================================ |
|
564 | ================================================ | |
554 |
|
565 | |||
555 | $ cd ../rclone |
|
566 | $ cd ../rclone | |
556 |
|
567 | |||
557 | With the "abort" policy |
|
568 | With the "abort" policy | |
558 | ======================= |
|
569 | ======================= | |
559 |
|
570 | |||
560 | $ hg verify --config censor.policy=ignore |
|
571 | $ hg verify --config censor.policy=ignore | |
561 | checking changesets |
|
572 | checking changesets | |
562 | checking manifests |
|
573 | checking manifests | |
563 | crosschecking files in changesets and manifests |
|
574 | crosschecking files in changesets and manifests | |
564 | checking files |
|
575 | checking files | |
565 | checking dirstate |
|
576 | checking dirstate | |
566 | checked 14 changesets with 15 changes to 2 files |
|
577 | checked 14 changesets with 15 changes to 2 files | |
567 | $ hg debugupgraderepo --run --quiet \ |
|
578 | $ hg debugupgraderepo --run --quiet \ | |
568 | > --optimize re-delta-parent \ |
|
579 | > --optimize re-delta-parent \ | |
569 | > --config censor.policy=abort |
|
580 | > --config censor.policy=abort | |
570 | upgrade will perform the following actions: |
|
581 | upgrade will perform the following actions: | |
571 |
|
582 | |||
572 | requirements |
|
583 | requirements | |
573 | preserved: * (glob) |
|
584 | preserved: * (glob) | |
574 |
|
585 | |||
575 | optimisations: re-delta-parent |
|
586 | optimisations: re-delta-parent | |
576 |
|
587 | |||
577 | processed revlogs: |
|
588 | processed revlogs: | |
578 | - all-filelogs |
|
589 | - all-filelogs | |
579 | - changelog |
|
590 | - changelog | |
580 | - manifest |
|
591 | - manifest | |
581 |
|
592 | |||
582 | $ hg verify --config censor.policy=ignore |
|
593 | $ hg verify --config censor.policy=ignore | |
583 | checking changesets |
|
594 | checking changesets | |
584 | checking manifests |
|
595 | checking manifests | |
585 | crosschecking files in changesets and manifests |
|
596 | crosschecking files in changesets and manifests | |
586 | checking files |
|
597 | checking files | |
587 | checking dirstate |
|
598 | checking dirstate | |
588 | checked 14 changesets with 15 changes to 2 files |
|
599 | checked 14 changesets with 15 changes to 2 files | |
589 |
|
600 | |||
590 | With the "ignore" policy |
|
601 | With the "ignore" policy | |
591 | ======================== |
|
602 | ======================== | |
592 |
|
603 | |||
593 | $ hg verify --config censor.policy=ignore |
|
604 | $ hg verify --config censor.policy=ignore | |
594 | checking changesets |
|
605 | checking changesets | |
595 | checking manifests |
|
606 | checking manifests | |
596 | crosschecking files in changesets and manifests |
|
607 | crosschecking files in changesets and manifests | |
597 | checking files |
|
608 | checking files | |
598 | checking dirstate |
|
609 | checking dirstate | |
599 | checked 14 changesets with 15 changes to 2 files |
|
610 | checked 14 changesets with 15 changes to 2 files | |
600 | $ hg debugupgraderepo --run --quiet \ |
|
611 | $ hg debugupgraderepo --run --quiet \ | |
601 | > --optimize re-delta-parent \ |
|
612 | > --optimize re-delta-parent \ | |
602 | > --config censor.policy=ignore |
|
613 | > --config censor.policy=ignore | |
603 | upgrade will perform the following actions: |
|
614 | upgrade will perform the following actions: | |
604 |
|
615 | |||
605 | requirements |
|
616 | requirements | |
606 | preserved: * (glob) |
|
617 | preserved: * (glob) | |
607 |
|
618 | |||
608 | optimisations: re-delta-parent |
|
619 | optimisations: re-delta-parent | |
609 |
|
620 | |||
610 | processed revlogs: |
|
621 | processed revlogs: | |
611 | - all-filelogs |
|
622 | - all-filelogs | |
612 | - changelog |
|
623 | - changelog | |
613 | - manifest |
|
624 | - manifest | |
614 |
|
625 | |||
615 | $ hg verify --config censor.policy=ignore |
|
626 | $ hg verify --config censor.policy=ignore | |
616 | checking changesets |
|
627 | checking changesets | |
617 | checking manifests |
|
628 | checking manifests | |
618 | crosschecking files in changesets and manifests |
|
629 | crosschecking files in changesets and manifests | |
619 | checking files |
|
630 | checking files | |
620 | checking dirstate |
|
631 | checking dirstate | |
621 | checked 14 changesets with 15 changes to 2 files |
|
632 | checked 14 changesets with 15 changes to 2 files |
@@ -1,22 +1,23 b'' | |||||
1 | $ cat >> $HGRCPATH <<EOF |
|
1 | $ cat >> $HGRCPATH <<EOF | |
2 | > [censor] |
|
2 | > [censor] | |
3 | > policy=ignore |
|
3 | > policy=ignore | |
4 | > EOF |
|
4 | > EOF | |
5 |
|
5 | |||
6 | $ mkdir r |
|
6 | $ mkdir r | |
7 | $ cd r |
|
7 | $ cd r | |
8 | $ hg init |
|
8 | $ hg init | |
9 | $ echo secret > target |
|
9 | $ echo secret > target | |
10 | $ hg commit -Am "secret" |
|
10 | $ hg commit -Am "secret" | |
11 | adding target |
|
11 | adding target | |
12 | $ touch bystander |
|
12 | $ touch bystander | |
13 | $ hg commit -Am "innocent" |
|
13 | $ hg commit -Am "innocent" | |
14 | adding bystander |
|
14 | adding bystander | |
15 | $ echo erased-secret > target |
|
15 | $ echo erased-secret > target | |
16 | $ hg commit -m "erased secret" |
|
16 | $ hg commit -m "erased secret" | |
17 | $ hg censor target --config extensions.censor= -r ".^^" |
|
17 | $ hg censor target --config extensions.censor= -r ".^^" | |
|
18 | checking for the censored content in 1 heads | |||
18 |
$ |
|
19 | $ hg update ".^" | |
19 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
20 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
20 | $ cat target |
|
21 | $ cat target | |
21 | $ hg update tip |
|
22 | $ hg update tip | |
22 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
23 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
General Comments 0
You need to be logged in to leave comments.
Login now