upstream/mercurial-mirror Commit - r34990:1a314176

subrepo: use per-type config options to enable subrepos...

Gregory Szorc -

r34990:1a314176 stable

parent child

mercurial/configitems.py

0 +9 0

              coreconfigitem('subrepos', 'allowed',
                  default=dynamicdefault,  # to make backporting simpler
              )
+             coreconfigitem('subrepos', 'hg:allowed',
+                 default=dynamicdefault,
+             )
+             coreconfigitem('subrepos', 'git:allowed',
+                 default=dynamicdefault,
+             )
+             coreconfigitem('subrepos', 'svn:allowed',
+                 default=dynamicdefault,
+             )
              coreconfigitem('templates', '.*',
                  default=None,
                  generic=True,

mercurial/help/config.txt

0 +33 -13

		@@ -1899,20 +1899,40 b' relative path alone. The rules are appli'
1899	1899	This section contains options that control the behavior of the
1900	1900	subrepositories feature. See also :hg:`help subrepos`.
1901	1901
	1902	Security note: auditing in Mercurial is known to be insufficient to
	1903	prevent clone-time code execution with carefully constructed Git
	1904	subrepos. It is unknown if a similar detect is present in Subversion
	1905	subrepos. Both Git and Subversion subrepos are disabled by default
	1906	out of security concerns. These subrepo types can be enabled using
	1907	the respective options below.
	1908
1902	1909	``allowed``
1903		~~List of~~ subrepositor~~y types (hg, git, svn)~~ allowed in the working
1904		directory.
1905
1906		When disallowed, any commands including :hg:`update` will fail if
1907		subrepositories are involved.
1908
1909		Security note: auditing in Mercurial is known to be insufficient
1910		to prevent clone-time code execution with carefully constructed
1911		Git subrepos. It is unknown if a similar defect is present in
1912		Subversion subrepos, so both are disabled by default out of an
1913		abundance of caution. Re-enable such subrepos via this setting
1914		with caution.
1915		(default: `hg`)
	1910	Whether subrepositories are allowed in the working directory.
	1911
	1912	When false, commands involving subrepositories (like :hg:`update`)
	1913	will fail for all subrepository types.
	1914	(default: true)
	1915
	1916	``hg:allowed``
	1917	Whether Mercurial subrepositories are allowed in the working
	1918	directory. This option only has an effect if ``subrepos.allowed``
	1919	is true.
	1920	(default: true)
	1921
	1922	``git:allowed``
	1923	Whether Git subrepositories are allowed in the working directory.
	1924	This option only has an effect if ``subrepos.allowed`` is true.
	1925
	1926	See the security note above before enabling Git subrepos.
	1927	(default: false)
	1928
	1929	``svn:allowed``
	1930	Whether Subversion subrepositories are allowed in the working
	1931	directory. This option only has an effect if ``subrepos.allowed``
	1932	is true.
	1933
	1934	See the security note above before enabling Subversion subrepos.
	1935	(default: false)
1916	1936
1917	1937	``templatealias``
1918	1938	-----------------

mercurial/subrepo.py

0 +16 -2

                  if repo.wvfs.islink(path):
                      raise error.Abort(_("subrepo '%s' traverses symbolic link") % path)
+             SUBREPO_ALLOWED_DEFAULTS = {
+                 'hg': True,
+                 'git': False,
+                 'svn': False,
+             }
              def _checktype(ui, kind):
-                 if kind not in ui.configlist('subrepos', 'allowed', ['hg']):
-                     raise error.Abort(_("subrepo type %s not allowed") % kind,
+                 # subrepos.allowed is a master kill switch. If disabled, subrepos are
+                 # disabled period.
+                 if not ui.configbool('subrepos', 'allowed', True):
+                     raise error.Abort(_('subrepos not enabled'),
                                        hint=_("see 'hg help config.subrepos' for details"))
+                 default = SUBREPO_ALLOWED_DEFAULTS.get(kind, False)
+                 if not ui.configbool('subrepos', '%s:allowed' % kind, default):
+                     raise error.Abort(_('%s subrepos not allowed') % kind,
+                                       hint=_("see 'hg help config.subrepos' for details"))
                  if kind not in types:
                      raise error.Abort(_('unknown subrepo type %s') % kind)

tests/test-convert-git.t

0 +1 -1

                $ echo "convert=" >> $HGRCPATH
                $ cat >> $HGRCPATH <<EOF
                > [subrepos]
-               > allowed = hg, git
+               > git:allowed = true
                > EOF
                $ GIT_AUTHOR_NAME='test'; export GIT_AUTHOR_NAME
                $ GIT_AUTHOR_EMAIL='test@example.org'; export GIT_AUTHOR_EMAIL

tests/test-mq-subrepo-svn.t

0 +2 -1

                > [diff]
                > nodates = 1
                > [subrepos]
-               > allowed = hg, svn
+               > allowed = true
+               > svn:allowed = true
                > EOF
              fn to create new repository, and cd into it

tests/test-subrepo-git.t

0 +7 -15

              git subrepo is disabled by default
                $ hg commit -m 'new git subrepo'
-               abort: subrepo type git not allowed
+               abort: git subrepos not allowed
                (see 'hg help config.subrepos' for details)
                [255]
                $ cat >> $HGRCPATH <<EOF
                > [subrepos]
-               > allowed = hg, git
+               > git:allowed = true
                > EOF
                $ hg commit -m 'new git subrepo'
              clone with subrepo disabled (update should fail)
-               $ hg clone t -U tc2 --config subrepos.allowed=
-               $ hg update -R tc2 --config subrepos.allowed=
-               abort: subrepo type git not allowed
+               $ hg clone t -U tc2 --config subrepos.allowed=false
+               $ hg update -R tc2 --config subrepos.allowed=false
+               abort: subrepos not enabled
                (see 'hg help config.subrepos' for details)
                [255]
                $ ls tc2
                a
-               $ hg clone t tc3 --config subrepos.allowed=
+               $ hg clone t tc3 --config subrepos.allowed=false
                updating to branch default
-               abort: subrepo type git not allowed
+               abort: subrepos not enabled
                (see 'hg help config.subrepos' for details)
                [255]
                $ ls tc3
                a
-               $ hg clone t tc4 --config subrepos.allowed=hg
-               updating to branch default
-               abort: subrepo type git not allowed
-               (see 'hg help config.subrepos' for details)
-               [255]
-               $ ls tc4
+               a
              update to previous substate
                $ cd tc

tests/test-subrepo-svn.t

0 +2 -2

              svn subrepo is disabled by default
                $ hg ci -m1
-               abort: subrepo type svn not allowed
+               abort: svn subrepos not allowed
                (see 'hg help config.subrepos' for details)
                [255]
                $ cat >> $HGRCPATH <<EOF
                > [subrepos]
-               > allowed = hg, svn
+               > svn:allowed = true
                > EOF
                $ hg ci -m1

tests/test-subrepo.t

0 +18 -8

              clone with subrepo disabled (update should fail)
-               $ hg clone t -U tc2 --config subrepos.allowed=
-               $ hg update -R tc2 --config subrepos.allowed=
-               abort: subrepo type hg not allowed
+               $ hg clone t -U tc2 --config subrepos.allowed=false
+               $ hg update -R tc2 --config subrepos.allowed=false
+               abort: subrepos not enabled
                (see 'hg help config.subrepos' for details)
                [255]
                $ ls tc2
                a
-               $ hg clone t tc3 --config subrepos.allowed=
+               $ hg clone t tc3 --config subrepos.allowed=false
                updating to branch default
-               abort: subrepo type hg not allowed
+               abort: subrepos not enabled
                (see 'hg help config.subrepos' for details)
                [255]
                $ ls tc3
                a
-               $ hg clone t tc4 --config subrepos.allowed=git
-               updating to branch default
-               abort: subrepo type hg not allowed
+             And again with just the hg type disabled
+               $ hg clone t -U tc4 --config subrepos.hg:allowed=false
+               $ hg update -R tc4 --config subrepos.hg:allowed=false
+               abort: hg subrepos not allowed
                (see 'hg help config.subrepos' for details)
                [255]
                $ ls tc4
                a
+               $ hg clone t tc5 --config subrepos.hg:allowed=false
+               updating to branch default
+               abort: hg subrepos not allowed
+               (see 'hg help config.subrepos' for details)
+               [255]
+               $ ls tc5
+               a
              push
                $ cd tc

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages