Show More
@@ -1,1016 +1,1016 | |||||
1 | # hg.py - repository classes for mercurial |
|
1 | # hg.py - repository classes for mercurial | |
2 | # |
|
2 | # | |
3 | # Copyright 2005-2007 Matt Mackall <mpm@selenic.com> |
|
3 | # Copyright 2005-2007 Matt Mackall <mpm@selenic.com> | |
4 | # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> |
|
4 | # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> | |
5 | # |
|
5 | # | |
6 | # This software may be used and distributed according to the terms of the |
|
6 | # This software may be used and distributed according to the terms of the | |
7 | # GNU General Public License version 2 or any later version. |
|
7 | # GNU General Public License version 2 or any later version. | |
8 |
|
8 | |||
9 | from __future__ import absolute_import |
|
9 | from __future__ import absolute_import | |
10 |
|
10 | |||
11 | import errno |
|
11 | import errno | |
12 | import hashlib |
|
12 | import hashlib | |
13 | import os |
|
13 | import os | |
14 | import shutil |
|
14 | import shutil | |
15 |
|
15 | |||
16 | from .i18n import _ |
|
16 | from .i18n import _ | |
17 | from .node import nullid |
|
17 | from .node import nullid | |
18 |
|
18 | |||
19 | from . import ( |
|
19 | from . import ( | |
20 | bookmarks, |
|
20 | bookmarks, | |
21 | bundlerepo, |
|
21 | bundlerepo, | |
22 | cmdutil, |
|
22 | cmdutil, | |
23 | destutil, |
|
23 | destutil, | |
24 | discovery, |
|
24 | discovery, | |
25 | error, |
|
25 | error, | |
26 | exchange, |
|
26 | exchange, | |
27 | extensions, |
|
27 | extensions, | |
28 | httppeer, |
|
28 | httppeer, | |
29 | localrepo, |
|
29 | localrepo, | |
30 | lock, |
|
30 | lock, | |
31 | merge as mergemod, |
|
31 | merge as mergemod, | |
32 | node, |
|
32 | node, | |
33 | phases, |
|
33 | phases, | |
34 | repoview, |
|
34 | repoview, | |
35 | scmutil, |
|
35 | scmutil, | |
36 | sshpeer, |
|
36 | sshpeer, | |
37 | statichttprepo, |
|
37 | statichttprepo, | |
38 | ui as uimod, |
|
38 | ui as uimod, | |
39 | unionrepo, |
|
39 | unionrepo, | |
40 | url, |
|
40 | url, | |
41 | util, |
|
41 | util, | |
42 | verify as verifymod, |
|
42 | verify as verifymod, | |
43 | ) |
|
43 | ) | |
44 |
|
44 | |||
45 | release = lock.release |
|
45 | release = lock.release | |
46 |
|
46 | |||
47 | # shared features |
|
47 | # shared features | |
48 | sharedbookmarks = 'bookmarks' |
|
48 | sharedbookmarks = 'bookmarks' | |
49 |
|
49 | |||
50 | def _local(path): |
|
50 | def _local(path): | |
51 | path = util.expandpath(util.urllocalpath(path)) |
|
51 | path = util.expandpath(util.urllocalpath(path)) | |
52 | return (os.path.isfile(path) and bundlerepo or localrepo) |
|
52 | return (os.path.isfile(path) and bundlerepo or localrepo) | |
53 |
|
53 | |||
54 | def addbranchrevs(lrepo, other, branches, revs): |
|
54 | def addbranchrevs(lrepo, other, branches, revs): | |
55 | peer = other.peer() # a courtesy to callers using a localrepo for other |
|
55 | peer = other.peer() # a courtesy to callers using a localrepo for other | |
56 | hashbranch, branches = branches |
|
56 | hashbranch, branches = branches | |
57 | if not hashbranch and not branches: |
|
57 | if not hashbranch and not branches: | |
58 | x = revs or None |
|
58 | x = revs or None | |
59 | if util.safehasattr(revs, 'first'): |
|
59 | if util.safehasattr(revs, 'first'): | |
60 | y = revs.first() |
|
60 | y = revs.first() | |
61 | elif revs: |
|
61 | elif revs: | |
62 | y = revs[0] |
|
62 | y = revs[0] | |
63 | else: |
|
63 | else: | |
64 | y = None |
|
64 | y = None | |
65 | return x, y |
|
65 | return x, y | |
66 | if revs: |
|
66 | if revs: | |
67 | revs = list(revs) |
|
67 | revs = list(revs) | |
68 | else: |
|
68 | else: | |
69 | revs = [] |
|
69 | revs = [] | |
70 |
|
70 | |||
71 | if not peer.capable('branchmap'): |
|
71 | if not peer.capable('branchmap'): | |
72 | if branches: |
|
72 | if branches: | |
73 | raise error.Abort(_("remote branch lookup not supported")) |
|
73 | raise error.Abort(_("remote branch lookup not supported")) | |
74 | revs.append(hashbranch) |
|
74 | revs.append(hashbranch) | |
75 | return revs, revs[0] |
|
75 | return revs, revs[0] | |
76 | branchmap = peer.branchmap() |
|
76 | branchmap = peer.branchmap() | |
77 |
|
77 | |||
78 | def primary(branch): |
|
78 | def primary(branch): | |
79 | if branch == '.': |
|
79 | if branch == '.': | |
80 | if not lrepo: |
|
80 | if not lrepo: | |
81 | raise error.Abort(_("dirstate branch not accessible")) |
|
81 | raise error.Abort(_("dirstate branch not accessible")) | |
82 | branch = lrepo.dirstate.branch() |
|
82 | branch = lrepo.dirstate.branch() | |
83 | if branch in branchmap: |
|
83 | if branch in branchmap: | |
84 | revs.extend(node.hex(r) for r in reversed(branchmap[branch])) |
|
84 | revs.extend(node.hex(r) for r in reversed(branchmap[branch])) | |
85 | return True |
|
85 | return True | |
86 | else: |
|
86 | else: | |
87 | return False |
|
87 | return False | |
88 |
|
88 | |||
89 | for branch in branches: |
|
89 | for branch in branches: | |
90 | if not primary(branch): |
|
90 | if not primary(branch): | |
91 | raise error.RepoLookupError(_("unknown branch '%s'") % branch) |
|
91 | raise error.RepoLookupError(_("unknown branch '%s'") % branch) | |
92 | if hashbranch: |
|
92 | if hashbranch: | |
93 | if not primary(hashbranch): |
|
93 | if not primary(hashbranch): | |
94 | revs.append(hashbranch) |
|
94 | revs.append(hashbranch) | |
95 | return revs, revs[0] |
|
95 | return revs, revs[0] | |
96 |
|
96 | |||
97 | def parseurl(path, branches=None): |
|
97 | def parseurl(path, branches=None): | |
98 | '''parse url#branch, returning (url, (branch, branches))''' |
|
98 | '''parse url#branch, returning (url, (branch, branches))''' | |
99 |
|
99 | |||
100 | u = util.url(path) |
|
100 | u = util.url(path) | |
101 | branch = None |
|
101 | branch = None | |
102 | if u.fragment: |
|
102 | if u.fragment: | |
103 | branch = u.fragment |
|
103 | branch = u.fragment | |
104 | u.fragment = None |
|
104 | u.fragment = None | |
105 | return str(u), (branch, branches or []) |
|
105 | return str(u), (branch, branches or []) | |
106 |
|
106 | |||
107 | schemes = { |
|
107 | schemes = { | |
108 | 'bundle': bundlerepo, |
|
108 | 'bundle': bundlerepo, | |
109 | 'union': unionrepo, |
|
109 | 'union': unionrepo, | |
110 | 'file': _local, |
|
110 | 'file': _local, | |
111 | 'http': httppeer, |
|
111 | 'http': httppeer, | |
112 | 'https': httppeer, |
|
112 | 'https': httppeer, | |
113 | 'ssh': sshpeer, |
|
113 | 'ssh': sshpeer, | |
114 | 'static-http': statichttprepo, |
|
114 | 'static-http': statichttprepo, | |
115 | } |
|
115 | } | |
116 |
|
116 | |||
117 | def _peerlookup(path): |
|
117 | def _peerlookup(path): | |
118 | u = util.url(path) |
|
118 | u = util.url(path) | |
119 | scheme = u.scheme or 'file' |
|
119 | scheme = u.scheme or 'file' | |
120 | thing = schemes.get(scheme) or schemes['file'] |
|
120 | thing = schemes.get(scheme) or schemes['file'] | |
121 | try: |
|
121 | try: | |
122 | return thing(path) |
|
122 | return thing(path) | |
123 | except TypeError: |
|
123 | except TypeError: | |
124 | # we can't test callable(thing) because 'thing' can be an unloaded |
|
124 | # we can't test callable(thing) because 'thing' can be an unloaded | |
125 | # module that implements __call__ |
|
125 | # module that implements __call__ | |
126 | if not util.safehasattr(thing, 'instance'): |
|
126 | if not util.safehasattr(thing, 'instance'): | |
127 | raise |
|
127 | raise | |
128 | return thing |
|
128 | return thing | |
129 |
|
129 | |||
130 | def islocal(repo): |
|
130 | def islocal(repo): | |
131 | '''return true if repo (or path pointing to repo) is local''' |
|
131 | '''return true if repo (or path pointing to repo) is local''' | |
132 | if isinstance(repo, str): |
|
132 | if isinstance(repo, str): | |
133 | try: |
|
133 | try: | |
134 | return _peerlookup(repo).islocal(repo) |
|
134 | return _peerlookup(repo).islocal(repo) | |
135 | except AttributeError: |
|
135 | except AttributeError: | |
136 | return False |
|
136 | return False | |
137 | return repo.local() |
|
137 | return repo.local() | |
138 |
|
138 | |||
139 | def openpath(ui, path): |
|
139 | def openpath(ui, path): | |
140 | '''open path with open if local, url.open if remote''' |
|
140 | '''open path with open if local, url.open if remote''' | |
141 | pathurl = util.url(path, parsequery=False, parsefragment=False) |
|
141 | pathurl = util.url(path, parsequery=False, parsefragment=False) | |
142 | if pathurl.islocal(): |
|
142 | if pathurl.islocal(): | |
143 | return util.posixfile(pathurl.localpath(), 'rb') |
|
143 | return util.posixfile(pathurl.localpath(), 'rb') | |
144 | else: |
|
144 | else: | |
145 | return url.open(ui, path) |
|
145 | return url.open(ui, path) | |
146 |
|
146 | |||
147 | # a list of (ui, repo) functions called for wire peer initialization |
|
147 | # a list of (ui, repo) functions called for wire peer initialization | |
148 | wirepeersetupfuncs = [] |
|
148 | wirepeersetupfuncs = [] | |
149 |
|
149 | |||
150 | def _peerorrepo(ui, path, create=False): |
|
150 | def _peerorrepo(ui, path, create=False): | |
151 | """return a repository object for the specified path""" |
|
151 | """return a repository object for the specified path""" | |
152 | obj = _peerlookup(path).instance(ui, path, create) |
|
152 | obj = _peerlookup(path).instance(ui, path, create) | |
153 | ui = getattr(obj, "ui", ui) |
|
153 | ui = getattr(obj, "ui", ui) | |
154 | for name, module in extensions.extensions(ui): |
|
154 | for name, module in extensions.extensions(ui): | |
155 | hook = getattr(module, 'reposetup', None) |
|
155 | hook = getattr(module, 'reposetup', None) | |
156 | if hook: |
|
156 | if hook: | |
157 | hook(ui, obj) |
|
157 | hook(ui, obj) | |
158 | if not obj.local(): |
|
158 | if not obj.local(): | |
159 | for f in wirepeersetupfuncs: |
|
159 | for f in wirepeersetupfuncs: | |
160 | f(ui, obj) |
|
160 | f(ui, obj) | |
161 | return obj |
|
161 | return obj | |
162 |
|
162 | |||
163 | def repository(ui, path='', create=False): |
|
163 | def repository(ui, path='', create=False): | |
164 | """return a repository object for the specified path""" |
|
164 | """return a repository object for the specified path""" | |
165 | peer = _peerorrepo(ui, path, create) |
|
165 | peer = _peerorrepo(ui, path, create) | |
166 | repo = peer.local() |
|
166 | repo = peer.local() | |
167 | if not repo: |
|
167 | if not repo: | |
168 | raise error.Abort(_("repository '%s' is not local") % |
|
168 | raise error.Abort(_("repository '%s' is not local") % | |
169 | (path or peer.url())) |
|
169 | (path or peer.url())) | |
170 | return repo.filtered('visible') |
|
170 | return repo.filtered('visible') | |
171 |
|
171 | |||
172 | def peer(uiorrepo, opts, path, create=False): |
|
172 | def peer(uiorrepo, opts, path, create=False): | |
173 | '''return a repository peer for the specified path''' |
|
173 | '''return a repository peer for the specified path''' | |
174 | rui = remoteui(uiorrepo, opts) |
|
174 | rui = remoteui(uiorrepo, opts) | |
175 | return _peerorrepo(rui, path, create).peer() |
|
175 | return _peerorrepo(rui, path, create).peer() | |
176 |
|
176 | |||
177 | def defaultdest(source): |
|
177 | def defaultdest(source): | |
178 | '''return default destination of clone if none is given |
|
178 | '''return default destination of clone if none is given | |
179 |
|
179 | |||
180 | >>> defaultdest('foo') |
|
180 | >>> defaultdest('foo') | |
181 | 'foo' |
|
181 | 'foo' | |
182 | >>> defaultdest('/foo/bar') |
|
182 | >>> defaultdest('/foo/bar') | |
183 | 'bar' |
|
183 | 'bar' | |
184 | >>> defaultdest('/') |
|
184 | >>> defaultdest('/') | |
185 | '' |
|
185 | '' | |
186 | >>> defaultdest('') |
|
186 | >>> defaultdest('') | |
187 | '' |
|
187 | '' | |
188 | >>> defaultdest('http://example.org/') |
|
188 | >>> defaultdest('http://example.org/') | |
189 | '' |
|
189 | '' | |
190 | >>> defaultdest('http://example.org/foo/') |
|
190 | >>> defaultdest('http://example.org/foo/') | |
191 | 'foo' |
|
191 | 'foo' | |
192 | ''' |
|
192 | ''' | |
193 | path = util.url(source).path |
|
193 | path = util.url(source).path | |
194 | if not path: |
|
194 | if not path: | |
195 | return '' |
|
195 | return '' | |
196 | return os.path.basename(os.path.normpath(path)) |
|
196 | return os.path.basename(os.path.normpath(path)) | |
197 |
|
197 | |||
198 | def share(ui, source, dest=None, update=True, bookmarks=True): |
|
198 | def share(ui, source, dest=None, update=True, bookmarks=True): | |
199 | '''create a shared repository''' |
|
199 | '''create a shared repository''' | |
200 |
|
200 | |||
201 | if not islocal(source): |
|
201 | if not islocal(source): | |
202 | raise error.Abort(_('can only share local repositories')) |
|
202 | raise error.Abort(_('can only share local repositories')) | |
203 |
|
203 | |||
204 | if not dest: |
|
204 | if not dest: | |
205 | dest = defaultdest(source) |
|
205 | dest = defaultdest(source) | |
206 | else: |
|
206 | else: | |
207 | dest = ui.expandpath(dest) |
|
207 | dest = ui.expandpath(dest) | |
208 |
|
208 | |||
209 | if isinstance(source, str): |
|
209 | if isinstance(source, str): | |
210 | origsource = ui.expandpath(source) |
|
210 | origsource = ui.expandpath(source) | |
211 | source, branches = parseurl(origsource) |
|
211 | source, branches = parseurl(origsource) | |
212 | srcrepo = repository(ui, source) |
|
212 | srcrepo = repository(ui, source) | |
213 | rev, checkout = addbranchrevs(srcrepo, srcrepo, branches, None) |
|
213 | rev, checkout = addbranchrevs(srcrepo, srcrepo, branches, None) | |
214 | else: |
|
214 | else: | |
215 | srcrepo = source.local() |
|
215 | srcrepo = source.local() | |
216 | origsource = source = srcrepo.url() |
|
216 | origsource = source = srcrepo.url() | |
217 | checkout = None |
|
217 | checkout = None | |
218 |
|
218 | |||
219 | sharedpath = srcrepo.sharedpath # if our source is already sharing |
|
219 | sharedpath = srcrepo.sharedpath # if our source is already sharing | |
220 |
|
220 | |||
221 | destwvfs = scmutil.vfs(dest, realpath=True) |
|
221 | destwvfs = scmutil.vfs(dest, realpath=True) | |
222 | destvfs = scmutil.vfs(os.path.join(destwvfs.base, '.hg'), realpath=True) |
|
222 | destvfs = scmutil.vfs(os.path.join(destwvfs.base, '.hg'), realpath=True) | |
223 |
|
223 | |||
224 | if destvfs.lexists(): |
|
224 | if destvfs.lexists(): | |
225 | raise error.Abort(_('destination already exists')) |
|
225 | raise error.Abort(_('destination already exists')) | |
226 |
|
226 | |||
227 | if not destwvfs.isdir(): |
|
227 | if not destwvfs.isdir(): | |
228 | destwvfs.mkdir() |
|
228 | destwvfs.mkdir() | |
229 | destvfs.makedir() |
|
229 | destvfs.makedir() | |
230 |
|
230 | |||
231 | requirements = '' |
|
231 | requirements = '' | |
232 | try: |
|
232 | try: | |
233 | requirements = srcrepo.vfs.read('requires') |
|
233 | requirements = srcrepo.vfs.read('requires') | |
234 | except IOError as inst: |
|
234 | except IOError as inst: | |
235 | if inst.errno != errno.ENOENT: |
|
235 | if inst.errno != errno.ENOENT: | |
236 | raise |
|
236 | raise | |
237 |
|
237 | |||
238 | requirements += 'shared\n' |
|
238 | requirements += 'shared\n' | |
239 | destvfs.write('requires', requirements) |
|
239 | destvfs.write('requires', requirements) | |
240 | destvfs.write('sharedpath', sharedpath) |
|
240 | destvfs.write('sharedpath', sharedpath) | |
241 |
|
241 | |||
242 | r = repository(ui, destwvfs.base) |
|
242 | r = repository(ui, destwvfs.base) | |
243 | postshare(srcrepo, r, bookmarks=bookmarks) |
|
243 | postshare(srcrepo, r, bookmarks=bookmarks) | |
244 | _postshareupdate(r, update, checkout=checkout) |
|
244 | _postshareupdate(r, update, checkout=checkout) | |
245 |
|
245 | |||
246 | def postshare(sourcerepo, destrepo, bookmarks=True): |
|
246 | def postshare(sourcerepo, destrepo, bookmarks=True): | |
247 | """Called after a new shared repo is created. |
|
247 | """Called after a new shared repo is created. | |
248 |
|
248 | |||
249 | The new repo only has a requirements file and pointer to the source. |
|
249 | The new repo only has a requirements file and pointer to the source. | |
250 | This function configures additional shared data. |
|
250 | This function configures additional shared data. | |
251 |
|
251 | |||
252 | Extensions can wrap this function and write additional entries to |
|
252 | Extensions can wrap this function and write additional entries to | |
253 | destrepo/.hg/shared to indicate additional pieces of data to be shared. |
|
253 | destrepo/.hg/shared to indicate additional pieces of data to be shared. | |
254 | """ |
|
254 | """ | |
255 | default = sourcerepo.ui.config('paths', 'default') |
|
255 | default = sourcerepo.ui.config('paths', 'default') | |
256 | if default: |
|
256 | if default: | |
257 | fp = destrepo.vfs("hgrc", "w", text=True) |
|
257 | fp = destrepo.vfs("hgrc", "w", text=True) | |
258 | fp.write("[paths]\n") |
|
258 | fp.write("[paths]\n") | |
259 | fp.write("default = %s\n" % default) |
|
259 | fp.write("default = %s\n" % default) | |
260 | fp.close() |
|
260 | fp.close() | |
261 |
|
261 | |||
262 | if bookmarks: |
|
262 | if bookmarks: | |
263 | fp = destrepo.vfs('shared', 'w') |
|
263 | fp = destrepo.vfs('shared', 'w') | |
264 | fp.write(sharedbookmarks + '\n') |
|
264 | fp.write(sharedbookmarks + '\n') | |
265 | fp.close() |
|
265 | fp.close() | |
266 |
|
266 | |||
267 | def _postshareupdate(repo, update, checkout=None): |
|
267 | def _postshareupdate(repo, update, checkout=None): | |
268 | """Maybe perform a working directory update after a shared repo is created. |
|
268 | """Maybe perform a working directory update after a shared repo is created. | |
269 |
|
269 | |||
270 | ``update`` can be a boolean or a revision to update to. |
|
270 | ``update`` can be a boolean or a revision to update to. | |
271 | """ |
|
271 | """ | |
272 | if not update: |
|
272 | if not update: | |
273 | return |
|
273 | return | |
274 |
|
274 | |||
275 | repo.ui.status(_("updating working directory\n")) |
|
275 | repo.ui.status(_("updating working directory\n")) | |
276 | if update is not True: |
|
276 | if update is not True: | |
277 | checkout = update |
|
277 | checkout = update | |
278 | for test in (checkout, 'default', 'tip'): |
|
278 | for test in (checkout, 'default', 'tip'): | |
279 | if test is None: |
|
279 | if test is None: | |
280 | continue |
|
280 | continue | |
281 | try: |
|
281 | try: | |
282 | uprev = repo.lookup(test) |
|
282 | uprev = repo.lookup(test) | |
283 | break |
|
283 | break | |
284 | except error.RepoLookupError: |
|
284 | except error.RepoLookupError: | |
285 | continue |
|
285 | continue | |
286 | _update(repo, uprev) |
|
286 | _update(repo, uprev) | |
287 |
|
287 | |||
288 | def copystore(ui, srcrepo, destpath): |
|
288 | def copystore(ui, srcrepo, destpath): | |
289 | '''copy files from store of srcrepo in destpath |
|
289 | '''copy files from store of srcrepo in destpath | |
290 |
|
290 | |||
291 | returns destlock |
|
291 | returns destlock | |
292 | ''' |
|
292 | ''' | |
293 | destlock = None |
|
293 | destlock = None | |
294 | try: |
|
294 | try: | |
295 | hardlink = None |
|
295 | hardlink = None | |
296 | num = 0 |
|
296 | num = 0 | |
297 | closetopic = [None] |
|
297 | closetopic = [None] | |
298 | def prog(topic, pos): |
|
298 | def prog(topic, pos): | |
299 | if pos is None: |
|
299 | if pos is None: | |
300 | closetopic[0] = topic |
|
300 | closetopic[0] = topic | |
301 | else: |
|
301 | else: | |
302 | ui.progress(topic, pos + num) |
|
302 | ui.progress(topic, pos + num) | |
303 | srcpublishing = srcrepo.publishing() |
|
303 | srcpublishing = srcrepo.publishing() | |
304 | srcvfs = scmutil.vfs(srcrepo.sharedpath) |
|
304 | srcvfs = scmutil.vfs(srcrepo.sharedpath) | |
305 | dstvfs = scmutil.vfs(destpath) |
|
305 | dstvfs = scmutil.vfs(destpath) | |
306 | for f in srcrepo.store.copylist(): |
|
306 | for f in srcrepo.store.copylist(): | |
307 | if srcpublishing and f.endswith('phaseroots'): |
|
307 | if srcpublishing and f.endswith('phaseroots'): | |
308 | continue |
|
308 | continue | |
309 | dstbase = os.path.dirname(f) |
|
309 | dstbase = os.path.dirname(f) | |
310 | if dstbase and not dstvfs.exists(dstbase): |
|
310 | if dstbase and not dstvfs.exists(dstbase): | |
311 | dstvfs.mkdir(dstbase) |
|
311 | dstvfs.mkdir(dstbase) | |
312 | if srcvfs.exists(f): |
|
312 | if srcvfs.exists(f): | |
313 | if f.endswith('data'): |
|
313 | if f.endswith('data'): | |
314 | # 'dstbase' may be empty (e.g. revlog format 0) |
|
314 | # 'dstbase' may be empty (e.g. revlog format 0) | |
315 | lockfile = os.path.join(dstbase, "lock") |
|
315 | lockfile = os.path.join(dstbase, "lock") | |
316 | # lock to avoid premature writing to the target |
|
316 | # lock to avoid premature writing to the target | |
317 | destlock = lock.lock(dstvfs, lockfile) |
|
317 | destlock = lock.lock(dstvfs, lockfile) | |
318 | hardlink, n = util.copyfiles(srcvfs.join(f), dstvfs.join(f), |
|
318 | hardlink, n = util.copyfiles(srcvfs.join(f), dstvfs.join(f), | |
319 | hardlink, progress=prog) |
|
319 | hardlink, progress=prog) | |
320 | num += n |
|
320 | num += n | |
321 | if hardlink: |
|
321 | if hardlink: | |
322 | ui.debug("linked %d files\n" % num) |
|
322 | ui.debug("linked %d files\n" % num) | |
323 | if closetopic[0]: |
|
323 | if closetopic[0]: | |
324 | ui.progress(closetopic[0], None) |
|
324 | ui.progress(closetopic[0], None) | |
325 | else: |
|
325 | else: | |
326 | ui.debug("copied %d files\n" % num) |
|
326 | ui.debug("copied %d files\n" % num) | |
327 | if closetopic[0]: |
|
327 | if closetopic[0]: | |
328 | ui.progress(closetopic[0], None) |
|
328 | ui.progress(closetopic[0], None) | |
329 | return destlock |
|
329 | return destlock | |
330 | except: # re-raises |
|
330 | except: # re-raises | |
331 | release(destlock) |
|
331 | release(destlock) | |
332 | raise |
|
332 | raise | |
333 |
|
333 | |||
334 | def clonewithshare(ui, peeropts, sharepath, source, srcpeer, dest, pull=False, |
|
334 | def clonewithshare(ui, peeropts, sharepath, source, srcpeer, dest, pull=False, | |
335 | rev=None, update=True, stream=False): |
|
335 | rev=None, update=True, stream=False): | |
336 | """Perform a clone using a shared repo. |
|
336 | """Perform a clone using a shared repo. | |
337 |
|
337 | |||
338 | The store for the repository will be located at <sharepath>/.hg. The |
|
338 | The store for the repository will be located at <sharepath>/.hg. The | |
339 | specified revisions will be cloned or pulled from "source". A shared repo |
|
339 | specified revisions will be cloned or pulled from "source". A shared repo | |
340 | will be created at "dest" and a working copy will be created if "update" is |
|
340 | will be created at "dest" and a working copy will be created if "update" is | |
341 | True. |
|
341 | True. | |
342 | """ |
|
342 | """ | |
343 | revs = None |
|
343 | revs = None | |
344 | if rev: |
|
344 | if rev: | |
345 | if not srcpeer.capable('lookup'): |
|
345 | if not srcpeer.capable('lookup'): | |
346 | raise error.Abort(_("src repository does not support " |
|
346 | raise error.Abort(_("src repository does not support " | |
347 | "revision lookup and so doesn't " |
|
347 | "revision lookup and so doesn't " | |
348 | "support clone by revision")) |
|
348 | "support clone by revision")) | |
349 | revs = [srcpeer.lookup(r) for r in rev] |
|
349 | revs = [srcpeer.lookup(r) for r in rev] | |
350 |
|
350 | |||
351 | # Obtain a lock before checking for or cloning the pooled repo otherwise |
|
351 | # Obtain a lock before checking for or cloning the pooled repo otherwise | |
352 | # 2 clients may race creating or populating it. |
|
352 | # 2 clients may race creating or populating it. | |
353 | pooldir = os.path.dirname(sharepath) |
|
353 | pooldir = os.path.dirname(sharepath) | |
354 | # lock class requires the directory to exist. |
|
354 | # lock class requires the directory to exist. | |
355 | try: |
|
355 | try: | |
356 | util.makedir(pooldir, False) |
|
356 | util.makedir(pooldir, False) | |
357 | except OSError as e: |
|
357 | except OSError as e: | |
358 | if e.errno != errno.EEXIST: |
|
358 | if e.errno != errno.EEXIST: | |
359 | raise |
|
359 | raise | |
360 |
|
360 | |||
361 | poolvfs = scmutil.vfs(pooldir) |
|
361 | poolvfs = scmutil.vfs(pooldir) | |
362 | basename = os.path.basename(sharepath) |
|
362 | basename = os.path.basename(sharepath) | |
363 |
|
363 | |||
364 | with lock.lock(poolvfs, '%s.lock' % basename): |
|
364 | with lock.lock(poolvfs, '%s.lock' % basename): | |
365 | if os.path.exists(sharepath): |
|
365 | if os.path.exists(sharepath): | |
366 | ui.status(_('(sharing from existing pooled repository %s)\n') % |
|
366 | ui.status(_('(sharing from existing pooled repository %s)\n') % | |
367 | basename) |
|
367 | basename) | |
368 | else: |
|
368 | else: | |
369 | ui.status(_('(sharing from new pooled repository %s)\n') % basename) |
|
369 | ui.status(_('(sharing from new pooled repository %s)\n') % basename) | |
370 | # Always use pull mode because hardlinks in share mode don't work |
|
370 | # Always use pull mode because hardlinks in share mode don't work | |
371 | # well. Never update because working copies aren't necessary in |
|
371 | # well. Never update because working copies aren't necessary in | |
372 | # share mode. |
|
372 | # share mode. | |
373 | clone(ui, peeropts, source, dest=sharepath, pull=True, |
|
373 | clone(ui, peeropts, source, dest=sharepath, pull=True, | |
374 | rev=rev, update=False, stream=stream) |
|
374 | rev=rev, update=False, stream=stream) | |
375 |
|
375 | |||
376 | sharerepo = repository(ui, path=sharepath) |
|
376 | sharerepo = repository(ui, path=sharepath) | |
377 | share(ui, sharerepo, dest=dest, update=False, bookmarks=False) |
|
377 | share(ui, sharerepo, dest=dest, update=False, bookmarks=False) | |
378 |
|
378 | |||
379 | # We need to perform a pull against the dest repo to fetch bookmarks |
|
379 | # We need to perform a pull against the dest repo to fetch bookmarks | |
380 | # and other non-store data that isn't shared by default. In the case of |
|
380 | # and other non-store data that isn't shared by default. In the case of | |
381 | # non-existing shared repo, this means we pull from the remote twice. This |
|
381 | # non-existing shared repo, this means we pull from the remote twice. This | |
382 | # is a bit weird. But at the time it was implemented, there wasn't an easy |
|
382 | # is a bit weird. But at the time it was implemented, there wasn't an easy | |
383 | # way to pull just non-changegroup data. |
|
383 | # way to pull just non-changegroup data. | |
384 | destrepo = repository(ui, path=dest) |
|
384 | destrepo = repository(ui, path=dest) | |
385 | exchange.pull(destrepo, srcpeer, heads=revs) |
|
385 | exchange.pull(destrepo, srcpeer, heads=revs) | |
386 |
|
386 | |||
387 | _postshareupdate(destrepo, update) |
|
387 | _postshareupdate(destrepo, update) | |
388 |
|
388 | |||
389 | return srcpeer, peer(ui, peeropts, dest) |
|
389 | return srcpeer, peer(ui, peeropts, dest) | |
390 |
|
390 | |||
391 | def clone(ui, peeropts, source, dest=None, pull=False, rev=None, |
|
391 | def clone(ui, peeropts, source, dest=None, pull=False, rev=None, | |
392 | update=True, stream=False, branch=None, shareopts=None): |
|
392 | update=True, stream=False, branch=None, shareopts=None): | |
393 | """Make a copy of an existing repository. |
|
393 | """Make a copy of an existing repository. | |
394 |
|
394 | |||
395 | Create a copy of an existing repository in a new directory. The |
|
395 | Create a copy of an existing repository in a new directory. The | |
396 | source and destination are URLs, as passed to the repository |
|
396 | source and destination are URLs, as passed to the repository | |
397 | function. Returns a pair of repository peers, the source and |
|
397 | function. Returns a pair of repository peers, the source and | |
398 | newly created destination. |
|
398 | newly created destination. | |
399 |
|
399 | |||
400 | The location of the source is added to the new repository's |
|
400 | The location of the source is added to the new repository's | |
401 | .hg/hgrc file, as the default to be used for future pulls and |
|
401 | .hg/hgrc file, as the default to be used for future pulls and | |
402 | pushes. |
|
402 | pushes. | |
403 |
|
403 | |||
404 | If an exception is raised, the partly cloned/updated destination |
|
404 | If an exception is raised, the partly cloned/updated destination | |
405 | repository will be deleted. |
|
405 | repository will be deleted. | |
406 |
|
406 | |||
407 | Arguments: |
|
407 | Arguments: | |
408 |
|
408 | |||
409 | source: repository object or URL |
|
409 | source: repository object or URL | |
410 |
|
410 | |||
411 | dest: URL of destination repository to create (defaults to base |
|
411 | dest: URL of destination repository to create (defaults to base | |
412 | name of source repository) |
|
412 | name of source repository) | |
413 |
|
413 | |||
414 | pull: always pull from source repository, even in local case or if the |
|
414 | pull: always pull from source repository, even in local case or if the | |
415 | server prefers streaming |
|
415 | server prefers streaming | |
416 |
|
416 | |||
417 | stream: stream raw data uncompressed from repository (fast over |
|
417 | stream: stream raw data uncompressed from repository (fast over | |
418 | LAN, slow over WAN) |
|
418 | LAN, slow over WAN) | |
419 |
|
419 | |||
420 | rev: revision to clone up to (implies pull=True) |
|
420 | rev: revision to clone up to (implies pull=True) | |
421 |
|
421 | |||
422 | update: update working directory after clone completes, if |
|
422 | update: update working directory after clone completes, if | |
423 | destination is local repository (True means update to default rev, |
|
423 | destination is local repository (True means update to default rev, | |
424 | anything else is treated as a revision) |
|
424 | anything else is treated as a revision) | |
425 |
|
425 | |||
426 | branch: branches to clone |
|
426 | branch: branches to clone | |
427 |
|
427 | |||
428 | shareopts: dict of options to control auto sharing behavior. The "pool" key |
|
428 | shareopts: dict of options to control auto sharing behavior. The "pool" key | |
429 | activates auto sharing mode and defines the directory for stores. The |
|
429 | activates auto sharing mode and defines the directory for stores. The | |
430 | "mode" key determines how to construct the directory name of the shared |
|
430 | "mode" key determines how to construct the directory name of the shared | |
431 | repository. "identity" means the name is derived from the node of the first |
|
431 | repository. "identity" means the name is derived from the node of the first | |
432 | changeset in the repository. "remote" means the name is derived from the |
|
432 | changeset in the repository. "remote" means the name is derived from the | |
433 | remote's path/URL. Defaults to "identity." |
|
433 | remote's path/URL. Defaults to "identity." | |
434 | """ |
|
434 | """ | |
435 |
|
435 | |||
436 | if isinstance(source, str): |
|
436 | if isinstance(source, str): | |
437 | origsource = ui.expandpath(source) |
|
437 | origsource = ui.expandpath(source) | |
438 | source, branch = parseurl(origsource, branch) |
|
438 | source, branch = parseurl(origsource, branch) | |
439 | srcpeer = peer(ui, peeropts, source) |
|
439 | srcpeer = peer(ui, peeropts, source) | |
440 | else: |
|
440 | else: | |
441 | srcpeer = source.peer() # in case we were called with a localrepo |
|
441 | srcpeer = source.peer() # in case we were called with a localrepo | |
442 | branch = (None, branch or []) |
|
442 | branch = (None, branch or []) | |
443 | origsource = source = srcpeer.url() |
|
443 | origsource = source = srcpeer.url() | |
444 | rev, checkout = addbranchrevs(srcpeer, srcpeer, branch, rev) |
|
444 | rev, checkout = addbranchrevs(srcpeer, srcpeer, branch, rev) | |
445 |
|
445 | |||
446 | if dest is None: |
|
446 | if dest is None: | |
447 | dest = defaultdest(source) |
|
447 | dest = defaultdest(source) | |
448 | if dest: |
|
448 | if dest: | |
449 | ui.status(_("destination directory: %s\n") % dest) |
|
449 | ui.status(_("destination directory: %s\n") % dest) | |
450 | else: |
|
450 | else: | |
451 | dest = ui.expandpath(dest) |
|
451 | dest = ui.expandpath(dest) | |
452 |
|
452 | |||
453 | dest = util.urllocalpath(dest) |
|
453 | dest = util.urllocalpath(dest) | |
454 | source = util.urllocalpath(source) |
|
454 | source = util.urllocalpath(source) | |
455 |
|
455 | |||
456 | if not dest: |
|
456 | if not dest: | |
457 | raise error.Abort(_("empty destination path is not valid")) |
|
457 | raise error.Abort(_("empty destination path is not valid")) | |
458 |
|
458 | |||
459 | destvfs = scmutil.vfs(dest, expandpath=True) |
|
459 | destvfs = scmutil.vfs(dest, expandpath=True) | |
460 | if destvfs.lexists(): |
|
460 | if destvfs.lexists(): | |
461 | if not destvfs.isdir(): |
|
461 | if not destvfs.isdir(): | |
462 | raise error.Abort(_("destination '%s' already exists") % dest) |
|
462 | raise error.Abort(_("destination '%s' already exists") % dest) | |
463 | elif destvfs.listdir(): |
|
463 | elif destvfs.listdir(): | |
464 | raise error.Abort(_("destination '%s' is not empty") % dest) |
|
464 | raise error.Abort(_("destination '%s' is not empty") % dest) | |
465 |
|
465 | |||
466 | shareopts = shareopts or {} |
|
466 | shareopts = shareopts or {} | |
467 | sharepool = shareopts.get('pool') |
|
467 | sharepool = shareopts.get('pool') | |
468 | sharenamemode = shareopts.get('mode') |
|
468 | sharenamemode = shareopts.get('mode') | |
469 | if sharepool and islocal(dest): |
|
469 | if sharepool and islocal(dest): | |
470 | sharepath = None |
|
470 | sharepath = None | |
471 | if sharenamemode == 'identity': |
|
471 | if sharenamemode == 'identity': | |
472 | # Resolve the name from the initial changeset in the remote |
|
472 | # Resolve the name from the initial changeset in the remote | |
473 | # repository. This returns nullid when the remote is empty. It |
|
473 | # repository. This returns nullid when the remote is empty. It | |
474 | # raises RepoLookupError if revision 0 is filtered or otherwise |
|
474 | # raises RepoLookupError if revision 0 is filtered or otherwise | |
475 | # not available. If we fail to resolve, sharing is not enabled. |
|
475 | # not available. If we fail to resolve, sharing is not enabled. | |
476 | try: |
|
476 | try: | |
477 | rootnode = srcpeer.lookup('0') |
|
477 | rootnode = srcpeer.lookup('0') | |
478 | if rootnode != node.nullid: |
|
478 | if rootnode != node.nullid: | |
479 | sharepath = os.path.join(sharepool, node.hex(rootnode)) |
|
479 | sharepath = os.path.join(sharepool, node.hex(rootnode)) | |
480 | else: |
|
480 | else: | |
481 | ui.status(_('(not using pooled storage: ' |
|
481 | ui.status(_('(not using pooled storage: ' | |
482 | 'remote appears to be empty)\n')) |
|
482 | 'remote appears to be empty)\n')) | |
483 | except error.RepoLookupError: |
|
483 | except error.RepoLookupError: | |
484 | ui.status(_('(not using pooled storage: ' |
|
484 | ui.status(_('(not using pooled storage: ' | |
485 | 'unable to resolve identity of remote)\n')) |
|
485 | 'unable to resolve identity of remote)\n')) | |
486 | elif sharenamemode == 'remote': |
|
486 | elif sharenamemode == 'remote': | |
487 | sharepath = os.path.join( |
|
487 | sharepath = os.path.join( | |
488 | sharepool, hashlib.sha1(source).hexdigest()) |
|
488 | sharepool, hashlib.sha1(source).hexdigest()) | |
489 | else: |
|
489 | else: | |
490 | raise error.Abort(_('unknown share naming mode: %s') % |
|
490 | raise error.Abort(_('unknown share naming mode: %s') % | |
491 | sharenamemode) |
|
491 | sharenamemode) | |
492 |
|
492 | |||
493 | if sharepath: |
|
493 | if sharepath: | |
494 | return clonewithshare(ui, peeropts, sharepath, source, srcpeer, |
|
494 | return clonewithshare(ui, peeropts, sharepath, source, srcpeer, | |
495 | dest, pull=pull, rev=rev, update=update, |
|
495 | dest, pull=pull, rev=rev, update=update, | |
496 | stream=stream) |
|
496 | stream=stream) | |
497 |
|
497 | |||
498 | srclock = destlock = cleandir = None |
|
498 | srclock = destlock = cleandir = None | |
499 | srcrepo = srcpeer.local() |
|
499 | srcrepo = srcpeer.local() | |
500 | try: |
|
500 | try: | |
501 | abspath = origsource |
|
501 | abspath = origsource | |
502 | if islocal(origsource): |
|
502 | if islocal(origsource): | |
503 | abspath = os.path.abspath(util.urllocalpath(origsource)) |
|
503 | abspath = os.path.abspath(util.urllocalpath(origsource)) | |
504 |
|
504 | |||
505 | if islocal(dest): |
|
505 | if islocal(dest): | |
506 | cleandir = dest |
|
506 | cleandir = dest | |
507 |
|
507 | |||
508 | copy = False |
|
508 | copy = False | |
509 | if (srcrepo and srcrepo.cancopy() and islocal(dest) |
|
509 | if (srcrepo and srcrepo.cancopy() and islocal(dest) | |
510 | and not phases.hassecret(srcrepo)): |
|
510 | and not phases.hassecret(srcrepo)): | |
511 | copy = not pull and not rev |
|
511 | copy = not pull and not rev | |
512 |
|
512 | |||
513 | if copy: |
|
513 | if copy: | |
514 | try: |
|
514 | try: | |
515 | # we use a lock here because if we race with commit, we |
|
515 | # we use a lock here because if we race with commit, we | |
516 | # can end up with extra data in the cloned revlogs that's |
|
516 | # can end up with extra data in the cloned revlogs that's | |
517 | # not pointed to by changesets, thus causing verify to |
|
517 | # not pointed to by changesets, thus causing verify to | |
518 | # fail |
|
518 | # fail | |
519 | srclock = srcrepo.lock(wait=False) |
|
519 | srclock = srcrepo.lock(wait=False) | |
520 | except error.LockError: |
|
520 | except error.LockError: | |
521 | copy = False |
|
521 | copy = False | |
522 |
|
522 | |||
523 | if copy: |
|
523 | if copy: | |
524 | srcrepo.hook('preoutgoing', throw=True, source='clone') |
|
524 | srcrepo.hook('preoutgoing', throw=True, source='clone') | |
525 | hgdir = os.path.realpath(os.path.join(dest, ".hg")) |
|
525 | hgdir = os.path.realpath(os.path.join(dest, ".hg")) | |
526 | if not os.path.exists(dest): |
|
526 | if not os.path.exists(dest): | |
527 | os.mkdir(dest) |
|
527 | os.mkdir(dest) | |
528 | else: |
|
528 | else: | |
529 | # only clean up directories we create ourselves |
|
529 | # only clean up directories we create ourselves | |
530 | cleandir = hgdir |
|
530 | cleandir = hgdir | |
531 | try: |
|
531 | try: | |
532 | destpath = hgdir |
|
532 | destpath = hgdir | |
533 | util.makedir(destpath, notindexed=True) |
|
533 | util.makedir(destpath, notindexed=True) | |
534 | except OSError as inst: |
|
534 | except OSError as inst: | |
535 | if inst.errno == errno.EEXIST: |
|
535 | if inst.errno == errno.EEXIST: | |
536 | cleandir = None |
|
536 | cleandir = None | |
537 | raise error.Abort(_("destination '%s' already exists") |
|
537 | raise error.Abort(_("destination '%s' already exists") | |
538 | % dest) |
|
538 | % dest) | |
539 | raise |
|
539 | raise | |
540 |
|
540 | |||
541 | destlock = copystore(ui, srcrepo, destpath) |
|
541 | destlock = copystore(ui, srcrepo, destpath) | |
542 | # copy bookmarks over |
|
542 | # copy bookmarks over | |
543 | srcbookmarks = srcrepo.join('bookmarks') |
|
543 | srcbookmarks = srcrepo.join('bookmarks') | |
544 | dstbookmarks = os.path.join(destpath, 'bookmarks') |
|
544 | dstbookmarks = os.path.join(destpath, 'bookmarks') | |
545 | if os.path.exists(srcbookmarks): |
|
545 | if os.path.exists(srcbookmarks): | |
546 | util.copyfile(srcbookmarks, dstbookmarks) |
|
546 | util.copyfile(srcbookmarks, dstbookmarks) | |
547 |
|
547 | |||
548 | # Recomputing branch cache might be slow on big repos, |
|
548 | # Recomputing branch cache might be slow on big repos, | |
549 | # so just copy it |
|
549 | # so just copy it | |
550 | def copybranchcache(fname): |
|
550 | def copybranchcache(fname): | |
551 | srcbranchcache = srcrepo.join('cache/%s' % fname) |
|
551 | srcbranchcache = srcrepo.join('cache/%s' % fname) | |
552 | dstbranchcache = os.path.join(dstcachedir, fname) |
|
552 | dstbranchcache = os.path.join(dstcachedir, fname) | |
553 | if os.path.exists(srcbranchcache): |
|
553 | if os.path.exists(srcbranchcache): | |
554 | if not os.path.exists(dstcachedir): |
|
554 | if not os.path.exists(dstcachedir): | |
555 | os.mkdir(dstcachedir) |
|
555 | os.mkdir(dstcachedir) | |
556 | util.copyfile(srcbranchcache, dstbranchcache) |
|
556 | util.copyfile(srcbranchcache, dstbranchcache) | |
557 |
|
557 | |||
558 | dstcachedir = os.path.join(destpath, 'cache') |
|
558 | dstcachedir = os.path.join(destpath, 'cache') | |
559 | # In local clones we're copying all nodes, not just served |
|
559 | # In local clones we're copying all nodes, not just served | |
560 | # ones. Therefore copy all branch caches over. |
|
560 | # ones. Therefore copy all branch caches over. | |
561 | copybranchcache('branch2') |
|
561 | copybranchcache('branch2') | |
562 | for cachename in repoview.filtertable: |
|
562 | for cachename in repoview.filtertable: | |
563 | copybranchcache('branch2-%s' % cachename) |
|
563 | copybranchcache('branch2-%s' % cachename) | |
564 |
|
564 | |||
565 | # we need to re-init the repo after manually copying the data |
|
565 | # we need to re-init the repo after manually copying the data | |
566 | # into it |
|
566 | # into it | |
567 | destpeer = peer(srcrepo, peeropts, dest) |
|
567 | destpeer = peer(srcrepo, peeropts, dest) | |
568 | srcrepo.hook('outgoing', source='clone', |
|
568 | srcrepo.hook('outgoing', source='clone', | |
569 | node=node.hex(node.nullid)) |
|
569 | node=node.hex(node.nullid)) | |
570 | else: |
|
570 | else: | |
571 | try: |
|
571 | try: | |
572 | destpeer = peer(srcrepo or ui, peeropts, dest, create=True) |
|
572 | destpeer = peer(srcrepo or ui, peeropts, dest, create=True) | |
573 | # only pass ui when no srcrepo |
|
573 | # only pass ui when no srcrepo | |
574 | except OSError as inst: |
|
574 | except OSError as inst: | |
575 | if inst.errno == errno.EEXIST: |
|
575 | if inst.errno == errno.EEXIST: | |
576 | cleandir = None |
|
576 | cleandir = None | |
577 | raise error.Abort(_("destination '%s' already exists") |
|
577 | raise error.Abort(_("destination '%s' already exists") | |
578 | % dest) |
|
578 | % dest) | |
579 | raise |
|
579 | raise | |
580 |
|
580 | |||
581 | revs = None |
|
581 | revs = None | |
582 | if rev: |
|
582 | if rev: | |
583 | if not srcpeer.capable('lookup'): |
|
583 | if not srcpeer.capable('lookup'): | |
584 | raise error.Abort(_("src repository does not support " |
|
584 | raise error.Abort(_("src repository does not support " | |
585 | "revision lookup and so doesn't " |
|
585 | "revision lookup and so doesn't " | |
586 | "support clone by revision")) |
|
586 | "support clone by revision")) | |
587 | revs = [srcpeer.lookup(r) for r in rev] |
|
587 | revs = [srcpeer.lookup(r) for r in rev] | |
588 | checkout = revs[0] |
|
588 | checkout = revs[0] | |
589 | local = destpeer.local() |
|
589 | local = destpeer.local() | |
590 | if local: |
|
590 | if local: | |
591 | if not stream: |
|
591 | if not stream: | |
592 | if pull: |
|
592 | if pull: | |
593 | stream = False |
|
593 | stream = False | |
594 | else: |
|
594 | else: | |
595 | stream = None |
|
595 | stream = None | |
596 | # internal config: ui.quietbookmarkmove |
|
596 | # internal config: ui.quietbookmarkmove | |
597 | quiet = local.ui.backupconfig('ui', 'quietbookmarkmove') |
|
597 | quiet = local.ui.backupconfig('ui', 'quietbookmarkmove') | |
598 | try: |
|
598 | try: | |
599 | local.ui.setconfig( |
|
599 | local.ui.setconfig( | |
600 | 'ui', 'quietbookmarkmove', True, 'clone') |
|
600 | 'ui', 'quietbookmarkmove', True, 'clone') | |
601 | exchange.pull(local, srcpeer, revs, |
|
601 | exchange.pull(local, srcpeer, revs, | |
602 | streamclonerequested=stream) |
|
602 | streamclonerequested=stream) | |
603 | finally: |
|
603 | finally: | |
604 | local.ui.restoreconfig(quiet) |
|
604 | local.ui.restoreconfig(quiet) | |
605 | elif srcrepo: |
|
605 | elif srcrepo: | |
606 | exchange.push(srcrepo, destpeer, revs=revs, |
|
606 | exchange.push(srcrepo, destpeer, revs=revs, | |
607 | bookmarks=srcrepo._bookmarks.keys()) |
|
607 | bookmarks=srcrepo._bookmarks.keys()) | |
608 | else: |
|
608 | else: | |
609 | raise error.Abort(_("clone from remote to remote not supported") |
|
609 | raise error.Abort(_("clone from remote to remote not supported") | |
610 | ) |
|
610 | ) | |
611 |
|
611 | |||
612 | cleandir = None |
|
612 | cleandir = None | |
613 |
|
613 | |||
614 | destrepo = destpeer.local() |
|
614 | destrepo = destpeer.local() | |
615 | if destrepo: |
|
615 | if destrepo: | |
616 | template = uimod.samplehgrcs['cloned'] |
|
616 | template = uimod.samplehgrcs['cloned'] | |
617 | fp = destrepo.vfs("hgrc", "w", text=True) |
|
617 | fp = destrepo.vfs("hgrc", "w", text=True) | |
618 | u = util.url(abspath) |
|
618 | u = util.url(abspath) | |
619 | u.passwd = None |
|
619 | u.passwd = None | |
620 | defaulturl = str(u) |
|
620 | defaulturl = str(u) | |
621 | fp.write(template % defaulturl) |
|
621 | fp.write(template % defaulturl) | |
622 | fp.close() |
|
622 | fp.close() | |
623 |
|
623 | |||
624 | destrepo.ui.setconfig('paths', 'default', defaulturl, 'clone') |
|
624 | destrepo.ui.setconfig('paths', 'default', defaulturl, 'clone') | |
625 |
|
625 | |||
626 | if update: |
|
626 | if update: | |
627 | if update is not True: |
|
627 | if update is not True: | |
628 | checkout = srcpeer.lookup(update) |
|
628 | checkout = srcpeer.lookup(update) | |
629 | uprev = None |
|
629 | uprev = None | |
630 | status = None |
|
630 | status = None | |
631 | if checkout is not None: |
|
631 | if checkout is not None: | |
632 | try: |
|
632 | try: | |
633 | uprev = destrepo.lookup(checkout) |
|
633 | uprev = destrepo.lookup(checkout) | |
634 | except error.RepoLookupError: |
|
634 | except error.RepoLookupError: | |
635 | if update is not True: |
|
635 | if update is not True: | |
636 | try: |
|
636 | try: | |
637 | uprev = destrepo.lookup(update) |
|
637 | uprev = destrepo.lookup(update) | |
638 | except error.RepoLookupError: |
|
638 | except error.RepoLookupError: | |
639 | pass |
|
639 | pass | |
640 | if uprev is None: |
|
640 | if uprev is None: | |
641 | try: |
|
641 | try: | |
642 | uprev = destrepo._bookmarks['@'] |
|
642 | uprev = destrepo._bookmarks['@'] | |
643 | update = '@' |
|
643 | update = '@' | |
644 | bn = destrepo[uprev].branch() |
|
644 | bn = destrepo[uprev].branch() | |
645 | if bn == 'default': |
|
645 | if bn == 'default': | |
646 | status = _("updating to bookmark @\n") |
|
646 | status = _("updating to bookmark @\n") | |
647 | else: |
|
647 | else: | |
648 | status = (_("updating to bookmark @ on branch %s\n") |
|
648 | status = (_("updating to bookmark @ on branch %s\n") | |
649 | % bn) |
|
649 | % bn) | |
650 | except KeyError: |
|
650 | except KeyError: | |
651 | try: |
|
651 | try: | |
652 | uprev = destrepo.branchtip('default') |
|
652 | uprev = destrepo.branchtip('default') | |
653 | except error.RepoLookupError: |
|
653 | except error.RepoLookupError: | |
654 | uprev = destrepo.lookup('tip') |
|
654 | uprev = destrepo.lookup('tip') | |
655 | if not status: |
|
655 | if not status: | |
656 | bn = destrepo[uprev].branch() |
|
656 | bn = destrepo[uprev].branch() | |
657 | status = _("updating to branch %s\n") % bn |
|
657 | status = _("updating to branch %s\n") % bn | |
658 | destrepo.ui.status(status) |
|
658 | destrepo.ui.status(status) | |
659 | _update(destrepo, uprev) |
|
659 | _update(destrepo, uprev) | |
660 | if update in destrepo._bookmarks: |
|
660 | if update in destrepo._bookmarks: | |
661 | bookmarks.activate(destrepo, update) |
|
661 | bookmarks.activate(destrepo, update) | |
662 | finally: |
|
662 | finally: | |
663 | release(srclock, destlock) |
|
663 | release(srclock, destlock) | |
664 | if cleandir is not None: |
|
664 | if cleandir is not None: | |
665 | shutil.rmtree(cleandir, True) |
|
665 | shutil.rmtree(cleandir, True) | |
666 | if srcpeer is not None: |
|
666 | if srcpeer is not None: | |
667 | srcpeer.close() |
|
667 | srcpeer.close() | |
668 | return srcpeer, destpeer |
|
668 | return srcpeer, destpeer | |
669 |
|
669 | |||
670 | def _showstats(repo, stats, quietempty=False): |
|
670 | def _showstats(repo, stats, quietempty=False): | |
671 | if quietempty and not any(stats): |
|
671 | if quietempty and not any(stats): | |
672 | return |
|
672 | return | |
673 | repo.ui.status(_("%d files updated, %d files merged, " |
|
673 | repo.ui.status(_("%d files updated, %d files merged, " | |
674 | "%d files removed, %d files unresolved\n") % stats) |
|
674 | "%d files removed, %d files unresolved\n") % stats) | |
675 |
|
675 | |||
676 | def updaterepo(repo, node, overwrite): |
|
676 | def updaterepo(repo, node, overwrite): | |
677 | """Update the working directory to node. |
|
677 | """Update the working directory to node. | |
678 |
|
678 | |||
679 | When overwrite is set, changes are clobbered, merged else |
|
679 | When overwrite is set, changes are clobbered, merged else | |
680 |
|
680 | |||
681 | returns stats (see pydoc mercurial.merge.applyupdates)""" |
|
681 | returns stats (see pydoc mercurial.merge.applyupdates)""" | |
682 | return mergemod.update(repo, node, False, overwrite, |
|
682 | return mergemod.update(repo, node, False, overwrite, | |
683 | labels=['working copy', 'destination']) |
|
683 | labels=['working copy', 'destination']) | |
684 |
|
684 | |||
685 | def update(repo, node, quietempty=False): |
|
685 | def update(repo, node, quietempty=False): | |
686 | """update the working directory to node, merging linear changes""" |
|
686 | """update the working directory to node, merging linear changes""" | |
687 | stats = updaterepo(repo, node, False) |
|
687 | stats = updaterepo(repo, node, False) | |
688 | _showstats(repo, stats, quietempty) |
|
688 | _showstats(repo, stats, quietempty) | |
689 | if stats[3]: |
|
689 | if stats[3]: | |
690 | repo.ui.status(_("use 'hg resolve' to retry unresolved file merges\n")) |
|
690 | repo.ui.status(_("use 'hg resolve' to retry unresolved file merges\n")) | |
691 | return stats[3] > 0 |
|
691 | return stats[3] > 0 | |
692 |
|
692 | |||
693 | # naming conflict in clone() |
|
693 | # naming conflict in clone() | |
694 | _update = update |
|
694 | _update = update | |
695 |
|
695 | |||
696 | def clean(repo, node, show_stats=True, quietempty=False): |
|
696 | def clean(repo, node, show_stats=True, quietempty=False): | |
697 | """forcibly switch the working directory to node, clobbering changes""" |
|
697 | """forcibly switch the working directory to node, clobbering changes""" | |
698 | stats = updaterepo(repo, node, True) |
|
698 | stats = updaterepo(repo, node, True) | |
699 | util.unlinkpath(repo.join('graftstate'), ignoremissing=True) |
|
699 | util.unlinkpath(repo.join('graftstate'), ignoremissing=True) | |
700 | if show_stats: |
|
700 | if show_stats: | |
701 | _showstats(repo, stats, quietempty) |
|
701 | _showstats(repo, stats, quietempty) | |
702 | return stats[3] > 0 |
|
702 | return stats[3] > 0 | |
703 |
|
703 | |||
704 | # naming conflict in updatetotally() |
|
704 | # naming conflict in updatetotally() | |
705 | _clean = clean |
|
705 | _clean = clean | |
706 |
|
706 | |||
707 | def updatetotally(ui, repo, checkout, brev, clean=False, check=False): |
|
707 | def updatetotally(ui, repo, checkout, brev, clean=False, check=False): | |
708 | """Update the working directory with extra care for non-file components |
|
708 | """Update the working directory with extra care for non-file components | |
709 |
|
709 | |||
710 | This takes care of non-file components below: |
|
710 | This takes care of non-file components below: | |
711 |
|
711 | |||
712 | :bookmark: might be advanced or (in)activated |
|
712 | :bookmark: might be advanced or (in)activated | |
713 |
|
713 | |||
714 | This takes arguments below: |
|
714 | This takes arguments below: | |
715 |
|
715 | |||
716 | :checkout: to which revision the working directory is updated |
|
716 | :checkout: to which revision the working directory is updated | |
717 | :brev: a name, which might be a bookmark to be activated after updating |
|
717 | :brev: a name, which might be a bookmark to be activated after updating | |
718 | :clean: whether changes in the working directory can be discarded |
|
718 | :clean: whether changes in the working directory can be discarded | |
719 | :check: whether changes in the working directory should be checked |
|
719 | :check: whether changes in the working directory should be checked | |
720 |
|
720 | |||
721 | This returns whether conflict is detected at updating or not. |
|
721 | This returns whether conflict is detected at updating or not. | |
722 | """ |
|
722 | """ | |
723 | with repo.wlock(): |
|
723 | with repo.wlock(): | |
724 | movemarkfrom = None |
|
724 | movemarkfrom = None | |
725 | warndest = False |
|
725 | warndest = False | |
726 | if checkout is None: |
|
726 | if checkout is None: | |
727 | updata = destutil.destupdate(repo, clean=clean, check=check) |
|
727 | updata = destutil.destupdate(repo, clean=clean, check=check) | |
728 | checkout, movemarkfrom, brev = updata |
|
728 | checkout, movemarkfrom, brev = updata | |
729 | warndest = True |
|
729 | warndest = True | |
730 |
|
730 | |||
731 | if clean: |
|
731 | if clean: | |
732 | ret = _clean(repo, checkout) |
|
732 | ret = _clean(repo, checkout) | |
733 | else: |
|
733 | else: | |
734 | ret = _update(repo, checkout) |
|
734 | ret = _update(repo, checkout) | |
735 |
|
735 | |||
736 | if not ret and movemarkfrom: |
|
736 | if not ret and movemarkfrom: | |
737 | if movemarkfrom == repo['.'].node(): |
|
737 | if movemarkfrom == repo['.'].node(): | |
738 | pass # no-op update |
|
738 | pass # no-op update | |
739 | elif bookmarks.update(repo, [movemarkfrom], repo['.'].node()): |
|
739 | elif bookmarks.update(repo, [movemarkfrom], repo['.'].node()): | |
740 | ui.status(_("updating bookmark %s\n") % repo._activebookmark) |
|
740 | ui.status(_("updating bookmark %s\n") % repo._activebookmark) | |
741 | else: |
|
741 | else: | |
742 | # this can happen with a non-linear update |
|
742 | # this can happen with a non-linear update | |
743 | ui.status(_("(leaving bookmark %s)\n") % |
|
743 | ui.status(_("(leaving bookmark %s)\n") % | |
744 | repo._activebookmark) |
|
744 | repo._activebookmark) | |
745 | bookmarks.deactivate(repo) |
|
745 | bookmarks.deactivate(repo) | |
746 | elif brev in repo._bookmarks: |
|
746 | elif brev in repo._bookmarks: | |
747 | if brev != repo._activebookmark: |
|
747 | if brev != repo._activebookmark: | |
748 | ui.status(_("(activating bookmark %s)\n") % brev) |
|
748 | ui.status(_("(activating bookmark %s)\n") % brev) | |
749 | bookmarks.activate(repo, brev) |
|
749 | bookmarks.activate(repo, brev) | |
750 | elif brev: |
|
750 | elif brev: | |
751 | if repo._activebookmark: |
|
751 | if repo._activebookmark: | |
752 | ui.status(_("(leaving bookmark %s)\n") % |
|
752 | ui.status(_("(leaving bookmark %s)\n") % | |
753 | repo._activebookmark) |
|
753 | repo._activebookmark) | |
754 | bookmarks.deactivate(repo) |
|
754 | bookmarks.deactivate(repo) | |
755 |
|
755 | |||
756 | if warndest: |
|
756 | if warndest: | |
757 | destutil.statusotherdests(ui, repo) |
|
757 | destutil.statusotherdests(ui, repo) | |
758 |
|
758 | |||
759 | return ret |
|
759 | return ret | |
760 |
|
760 | |||
761 | def merge(repo, node, force=None, remind=True, mergeforce=False): |
|
761 | def merge(repo, node, force=None, remind=True, mergeforce=False): | |
762 | """Branch merge with node, resolving changes. Return true if any |
|
762 | """Branch merge with node, resolving changes. Return true if any | |
763 | unresolved conflicts.""" |
|
763 | unresolved conflicts.""" | |
764 | stats = mergemod.update(repo, node, True, force, mergeforce=mergeforce) |
|
764 | stats = mergemod.update(repo, node, True, force, mergeforce=mergeforce) | |
765 | _showstats(repo, stats) |
|
765 | _showstats(repo, stats) | |
766 | if stats[3]: |
|
766 | if stats[3]: | |
767 | repo.ui.status(_("use 'hg resolve' to retry unresolved file merges " |
|
767 | repo.ui.status(_("use 'hg resolve' to retry unresolved file merges " | |
768 | "or 'hg update -C .' to abandon\n")) |
|
768 | "or 'hg update -C .' to abandon\n")) | |
769 | elif remind: |
|
769 | elif remind: | |
770 | repo.ui.status(_("(branch merge, don't forget to commit)\n")) |
|
770 | repo.ui.status(_("(branch merge, don't forget to commit)\n")) | |
771 | return stats[3] > 0 |
|
771 | return stats[3] > 0 | |
772 |
|
772 | |||
773 | def _incoming(displaychlist, subreporecurse, ui, repo, source, |
|
773 | def _incoming(displaychlist, subreporecurse, ui, repo, source, | |
774 | opts, buffered=False): |
|
774 | opts, buffered=False): | |
775 | """ |
|
775 | """ | |
776 | Helper for incoming / gincoming. |
|
776 | Helper for incoming / gincoming. | |
777 | displaychlist gets called with |
|
777 | displaychlist gets called with | |
778 | (remoterepo, incomingchangesetlist, displayer) parameters, |
|
778 | (remoterepo, incomingchangesetlist, displayer) parameters, | |
779 | and is supposed to contain only code that can't be unified. |
|
779 | and is supposed to contain only code that can't be unified. | |
780 | """ |
|
780 | """ | |
781 | source, branches = parseurl(ui.expandpath(source), opts.get('branch')) |
|
781 | source, branches = parseurl(ui.expandpath(source), opts.get('branch')) | |
782 | other = peer(repo, opts, source) |
|
782 | other = peer(repo, opts, source) | |
783 | ui.status(_('comparing with %s\n') % util.hidepassword(source)) |
|
783 | ui.status(_('comparing with %s\n') % util.hidepassword(source)) | |
784 | revs, checkout = addbranchrevs(repo, other, branches, opts.get('rev')) |
|
784 | revs, checkout = addbranchrevs(repo, other, branches, opts.get('rev')) | |
785 |
|
785 | |||
786 | if revs: |
|
786 | if revs: | |
787 | revs = [other.lookup(rev) for rev in revs] |
|
787 | revs = [other.lookup(rev) for rev in revs] | |
788 | other, chlist, cleanupfn = bundlerepo.getremotechanges(ui, repo, other, |
|
788 | other, chlist, cleanupfn = bundlerepo.getremotechanges(ui, repo, other, | |
789 | revs, opts["bundle"], opts["force"]) |
|
789 | revs, opts["bundle"], opts["force"]) | |
790 | try: |
|
790 | try: | |
791 | if not chlist: |
|
791 | if not chlist: | |
792 | ui.status(_("no changes found\n")) |
|
792 | ui.status(_("no changes found\n")) | |
793 | return subreporecurse() |
|
793 | return subreporecurse() | |
794 |
|
794 | |||
795 | displayer = cmdutil.show_changeset(ui, other, opts, buffered) |
|
795 | displayer = cmdutil.show_changeset(ui, other, opts, buffered) | |
796 | displaychlist(other, chlist, displayer) |
|
796 | displaychlist(other, chlist, displayer) | |
797 | displayer.close() |
|
797 | displayer.close() | |
798 | finally: |
|
798 | finally: | |
799 | cleanupfn() |
|
799 | cleanupfn() | |
800 | subreporecurse() |
|
800 | subreporecurse() | |
801 | return 0 # exit code is zero since we found incoming changes |
|
801 | return 0 # exit code is zero since we found incoming changes | |
802 |
|
802 | |||
803 | def incoming(ui, repo, source, opts): |
|
803 | def incoming(ui, repo, source, opts): | |
804 | def subreporecurse(): |
|
804 | def subreporecurse(): | |
805 | ret = 1 |
|
805 | ret = 1 | |
806 | if opts.get('subrepos'): |
|
806 | if opts.get('subrepos'): | |
807 | ctx = repo[None] |
|
807 | ctx = repo[None] | |
808 | for subpath in sorted(ctx.substate): |
|
808 | for subpath in sorted(ctx.substate): | |
809 | sub = ctx.sub(subpath) |
|
809 | sub = ctx.sub(subpath) | |
810 | ret = min(ret, sub.incoming(ui, source, opts)) |
|
810 | ret = min(ret, sub.incoming(ui, source, opts)) | |
811 | return ret |
|
811 | return ret | |
812 |
|
812 | |||
813 | def display(other, chlist, displayer): |
|
813 | def display(other, chlist, displayer): | |
814 | limit = cmdutil.loglimit(opts) |
|
814 | limit = cmdutil.loglimit(opts) | |
815 | if opts.get('newest_first'): |
|
815 | if opts.get('newest_first'): | |
816 | chlist.reverse() |
|
816 | chlist.reverse() | |
817 | count = 0 |
|
817 | count = 0 | |
818 | for n in chlist: |
|
818 | for n in chlist: | |
819 | if limit is not None and count >= limit: |
|
819 | if limit is not None and count >= limit: | |
820 | break |
|
820 | break | |
821 | parents = [p for p in other.changelog.parents(n) if p != nullid] |
|
821 | parents = [p for p in other.changelog.parents(n) if p != nullid] | |
822 | if opts.get('no_merges') and len(parents) == 2: |
|
822 | if opts.get('no_merges') and len(parents) == 2: | |
823 | continue |
|
823 | continue | |
824 | count += 1 |
|
824 | count += 1 | |
825 | displayer.show(other[n]) |
|
825 | displayer.show(other[n]) | |
826 | return _incoming(display, subreporecurse, ui, repo, source, opts) |
|
826 | return _incoming(display, subreporecurse, ui, repo, source, opts) | |
827 |
|
827 | |||
828 | def _outgoing(ui, repo, dest, opts): |
|
828 | def _outgoing(ui, repo, dest, opts): | |
829 | dest = ui.expandpath(dest or 'default-push', dest or 'default') |
|
829 | dest = ui.expandpath(dest or 'default-push', dest or 'default') | |
830 | dest, branches = parseurl(dest, opts.get('branch')) |
|
830 | dest, branches = parseurl(dest, opts.get('branch')) | |
831 | ui.status(_('comparing with %s\n') % util.hidepassword(dest)) |
|
831 | ui.status(_('comparing with %s\n') % util.hidepassword(dest)) | |
832 | revs, checkout = addbranchrevs(repo, repo, branches, opts.get('rev')) |
|
832 | revs, checkout = addbranchrevs(repo, repo, branches, opts.get('rev')) | |
833 | if revs: |
|
833 | if revs: | |
834 | revs = [repo.lookup(rev) for rev in scmutil.revrange(repo, revs)] |
|
834 | revs = [repo.lookup(rev) for rev in scmutil.revrange(repo, revs)] | |
835 |
|
835 | |||
836 | other = peer(repo, opts, dest) |
|
836 | other = peer(repo, opts, dest) | |
837 | outgoing = discovery.findcommonoutgoing(repo.unfiltered(), other, revs, |
|
837 | outgoing = discovery.findcommonoutgoing(repo.unfiltered(), other, revs, | |
838 | force=opts.get('force')) |
|
838 | force=opts.get('force')) | |
839 | o = outgoing.missing |
|
839 | o = outgoing.missing | |
840 | if not o: |
|
840 | if not o: | |
841 | scmutil.nochangesfound(repo.ui, repo, outgoing.excluded) |
|
841 | scmutil.nochangesfound(repo.ui, repo, outgoing.excluded) | |
842 | return o, other |
|
842 | return o, other | |
843 |
|
843 | |||
844 | def outgoing(ui, repo, dest, opts): |
|
844 | def outgoing(ui, repo, dest, opts): | |
845 | def recurse(): |
|
845 | def recurse(): | |
846 | ret = 1 |
|
846 | ret = 1 | |
847 | if opts.get('subrepos'): |
|
847 | if opts.get('subrepos'): | |
848 | ctx = repo[None] |
|
848 | ctx = repo[None] | |
849 | for subpath in sorted(ctx.substate): |
|
849 | for subpath in sorted(ctx.substate): | |
850 | sub = ctx.sub(subpath) |
|
850 | sub = ctx.sub(subpath) | |
851 | ret = min(ret, sub.outgoing(ui, dest, opts)) |
|
851 | ret = min(ret, sub.outgoing(ui, dest, opts)) | |
852 | return ret |
|
852 | return ret | |
853 |
|
853 | |||
854 | limit = cmdutil.loglimit(opts) |
|
854 | limit = cmdutil.loglimit(opts) | |
855 | o, other = _outgoing(ui, repo, dest, opts) |
|
855 | o, other = _outgoing(ui, repo, dest, opts) | |
856 | if not o: |
|
856 | if not o: | |
857 | cmdutil.outgoinghooks(ui, repo, other, opts, o) |
|
857 | cmdutil.outgoinghooks(ui, repo, other, opts, o) | |
858 | return recurse() |
|
858 | return recurse() | |
859 |
|
859 | |||
860 | if opts.get('newest_first'): |
|
860 | if opts.get('newest_first'): | |
861 | o.reverse() |
|
861 | o.reverse() | |
862 | displayer = cmdutil.show_changeset(ui, repo, opts) |
|
862 | displayer = cmdutil.show_changeset(ui, repo, opts) | |
863 | count = 0 |
|
863 | count = 0 | |
864 | for n in o: |
|
864 | for n in o: | |
865 | if limit is not None and count >= limit: |
|
865 | if limit is not None and count >= limit: | |
866 | break |
|
866 | break | |
867 | parents = [p for p in repo.changelog.parents(n) if p != nullid] |
|
867 | parents = [p for p in repo.changelog.parents(n) if p != nullid] | |
868 | if opts.get('no_merges') and len(parents) == 2: |
|
868 | if opts.get('no_merges') and len(parents) == 2: | |
869 | continue |
|
869 | continue | |
870 | count += 1 |
|
870 | count += 1 | |
871 | displayer.show(repo[n]) |
|
871 | displayer.show(repo[n]) | |
872 | displayer.close() |
|
872 | displayer.close() | |
873 | cmdutil.outgoinghooks(ui, repo, other, opts, o) |
|
873 | cmdutil.outgoinghooks(ui, repo, other, opts, o) | |
874 | recurse() |
|
874 | recurse() | |
875 | return 0 # exit code is zero since we found outgoing changes |
|
875 | return 0 # exit code is zero since we found outgoing changes | |
876 |
|
876 | |||
877 | def verify(repo): |
|
877 | def verify(repo): | |
878 | """verify the consistency of a repository""" |
|
878 | """verify the consistency of a repository""" | |
879 | ret = verifymod.verify(repo) |
|
879 | ret = verifymod.verify(repo) | |
880 |
|
880 | |||
881 | # Broken subrepo references in hidden csets don't seem worth worrying about, |
|
881 | # Broken subrepo references in hidden csets don't seem worth worrying about, | |
882 | # since they can't be pushed/pulled, and --hidden can be used if they are a |
|
882 | # since they can't be pushed/pulled, and --hidden can be used if they are a | |
883 | # concern. |
|
883 | # concern. | |
884 |
|
884 | |||
885 | # pathto() is needed for -R case |
|
885 | # pathto() is needed for -R case | |
886 | revs = repo.revs("filelog(%s)", |
|
886 | revs = repo.revs("filelog(%s)", | |
887 | util.pathto(repo.root, repo.getcwd(), '.hgsubstate')) |
|
887 | util.pathto(repo.root, repo.getcwd(), '.hgsubstate')) | |
888 |
|
888 | |||
889 | if revs: |
|
889 | if revs: | |
890 | repo.ui.status(_('checking subrepo links\n')) |
|
890 | repo.ui.status(_('checking subrepo links\n')) | |
891 | for rev in revs: |
|
891 | for rev in revs: | |
892 | ctx = repo[rev] |
|
892 | ctx = repo[rev] | |
893 | try: |
|
893 | try: | |
894 | for subpath in ctx.substate: |
|
894 | for subpath in ctx.substate: | |
895 | try: |
|
895 | try: | |
896 | ret = (ctx.sub(subpath, allowcreate=False).verify() |
|
896 | ret = (ctx.sub(subpath, allowcreate=False).verify() | |
897 | or ret) |
|
897 | or ret) | |
898 | except error.RepoError as e: |
|
898 | except error.RepoError as e: | |
899 | repo.ui.warn(_('%s: %s\n') % (rev, e)) |
|
899 | repo.ui.warn(_('%s: %s\n') % (rev, e)) | |
900 | except Exception: |
|
900 | except Exception: | |
901 | repo.ui.warn(_('.hgsubstate is corrupt in revision %s\n') % |
|
901 | repo.ui.warn(_('.hgsubstate is corrupt in revision %s\n') % | |
902 | node.short(ctx.node())) |
|
902 | node.short(ctx.node())) | |
903 |
|
903 | |||
904 | return ret |
|
904 | return ret | |
905 |
|
905 | |||
906 | def remoteui(src, opts): |
|
906 | def remoteui(src, opts): | |
907 | 'build a remote ui from ui or repo and opts' |
|
907 | 'build a remote ui from ui or repo and opts' | |
908 | if util.safehasattr(src, 'baseui'): # looks like a repository |
|
908 | if util.safehasattr(src, 'baseui'): # looks like a repository | |
909 | dst = src.baseui.copy() # drop repo-specific config |
|
909 | dst = src.baseui.copy() # drop repo-specific config | |
910 | src = src.ui # copy target options from repo |
|
910 | src = src.ui # copy target options from repo | |
911 | else: # assume it's a global ui object |
|
911 | else: # assume it's a global ui object | |
912 | dst = src.copy() # keep all global options |
|
912 | dst = src.copy() # keep all global options | |
913 |
|
913 | |||
914 | # copy ssh-specific options |
|
914 | # copy ssh-specific options | |
915 | for o in 'ssh', 'remotecmd': |
|
915 | for o in 'ssh', 'remotecmd': | |
916 | v = opts.get(o) or src.config('ui', o) |
|
916 | v = opts.get(o) or src.config('ui', o) | |
917 | if v: |
|
917 | if v: | |
918 | dst.setconfig("ui", o, v, 'copied') |
|
918 | dst.setconfig("ui", o, v, 'copied') | |
919 |
|
919 | |||
920 | # copy bundle-specific options |
|
920 | # copy bundle-specific options | |
921 | r = src.config('bundle', 'mainreporoot') |
|
921 | r = src.config('bundle', 'mainreporoot') | |
922 | if r: |
|
922 | if r: | |
923 | dst.setconfig('bundle', 'mainreporoot', r, 'copied') |
|
923 | dst.setconfig('bundle', 'mainreporoot', r, 'copied') | |
924 |
|
924 | |||
925 | # copy selected local settings to the remote ui |
|
925 | # copy selected local settings to the remote ui | |
926 | for sect in ('auth', 'hostfingerprints', 'http_proxy'): |
|
926 | for sect in ('auth', 'hostfingerprints', 'hostsecurity', 'http_proxy'): | |
927 | for key, val in src.configitems(sect): |
|
927 | for key, val in src.configitems(sect): | |
928 | dst.setconfig(sect, key, val, 'copied') |
|
928 | dst.setconfig(sect, key, val, 'copied') | |
929 | v = src.config('web', 'cacerts') |
|
929 | v = src.config('web', 'cacerts') | |
930 | if v: |
|
930 | if v: | |
931 | dst.setconfig('web', 'cacerts', util.expandpath(v), 'copied') |
|
931 | dst.setconfig('web', 'cacerts', util.expandpath(v), 'copied') | |
932 |
|
932 | |||
933 | return dst |
|
933 | return dst | |
934 |
|
934 | |||
935 | # Files of interest |
|
935 | # Files of interest | |
936 | # Used to check if the repository has changed looking at mtime and size of |
|
936 | # Used to check if the repository has changed looking at mtime and size of | |
937 | # these files. |
|
937 | # these files. | |
938 | foi = [('spath', '00changelog.i'), |
|
938 | foi = [('spath', '00changelog.i'), | |
939 | ('spath', 'phaseroots'), # ! phase can change content at the same size |
|
939 | ('spath', 'phaseroots'), # ! phase can change content at the same size | |
940 | ('spath', 'obsstore'), |
|
940 | ('spath', 'obsstore'), | |
941 | ('path', 'bookmarks'), # ! bookmark can change content at the same size |
|
941 | ('path', 'bookmarks'), # ! bookmark can change content at the same size | |
942 | ] |
|
942 | ] | |
943 |
|
943 | |||
944 | class cachedlocalrepo(object): |
|
944 | class cachedlocalrepo(object): | |
945 | """Holds a localrepository that can be cached and reused.""" |
|
945 | """Holds a localrepository that can be cached and reused.""" | |
946 |
|
946 | |||
947 | def __init__(self, repo): |
|
947 | def __init__(self, repo): | |
948 | """Create a new cached repo from an existing repo. |
|
948 | """Create a new cached repo from an existing repo. | |
949 |
|
949 | |||
950 | We assume the passed in repo was recently created. If the |
|
950 | We assume the passed in repo was recently created. If the | |
951 | repo has changed between when it was created and when it was |
|
951 | repo has changed between when it was created and when it was | |
952 | turned into a cache, it may not refresh properly. |
|
952 | turned into a cache, it may not refresh properly. | |
953 | """ |
|
953 | """ | |
954 | assert isinstance(repo, localrepo.localrepository) |
|
954 | assert isinstance(repo, localrepo.localrepository) | |
955 | self._repo = repo |
|
955 | self._repo = repo | |
956 | self._state, self.mtime = self._repostate() |
|
956 | self._state, self.mtime = self._repostate() | |
957 | self._filtername = repo.filtername |
|
957 | self._filtername = repo.filtername | |
958 |
|
958 | |||
959 | def fetch(self): |
|
959 | def fetch(self): | |
960 | """Refresh (if necessary) and return a repository. |
|
960 | """Refresh (if necessary) and return a repository. | |
961 |
|
961 | |||
962 | If the cached instance is out of date, it will be recreated |
|
962 | If the cached instance is out of date, it will be recreated | |
963 | automatically and returned. |
|
963 | automatically and returned. | |
964 |
|
964 | |||
965 | Returns a tuple of the repo and a boolean indicating whether a new |
|
965 | Returns a tuple of the repo and a boolean indicating whether a new | |
966 | repo instance was created. |
|
966 | repo instance was created. | |
967 | """ |
|
967 | """ | |
968 | # We compare the mtimes and sizes of some well-known files to |
|
968 | # We compare the mtimes and sizes of some well-known files to | |
969 | # determine if the repo changed. This is not precise, as mtimes |
|
969 | # determine if the repo changed. This is not precise, as mtimes | |
970 | # are susceptible to clock skew and imprecise filesystems and |
|
970 | # are susceptible to clock skew and imprecise filesystems and | |
971 | # file content can change while maintaining the same size. |
|
971 | # file content can change while maintaining the same size. | |
972 |
|
972 | |||
973 | state, mtime = self._repostate() |
|
973 | state, mtime = self._repostate() | |
974 | if state == self._state: |
|
974 | if state == self._state: | |
975 | return self._repo, False |
|
975 | return self._repo, False | |
976 |
|
976 | |||
977 | repo = repository(self._repo.baseui, self._repo.url()) |
|
977 | repo = repository(self._repo.baseui, self._repo.url()) | |
978 | if self._filtername: |
|
978 | if self._filtername: | |
979 | self._repo = repo.filtered(self._filtername) |
|
979 | self._repo = repo.filtered(self._filtername) | |
980 | else: |
|
980 | else: | |
981 | self._repo = repo.unfiltered() |
|
981 | self._repo = repo.unfiltered() | |
982 | self._state = state |
|
982 | self._state = state | |
983 | self.mtime = mtime |
|
983 | self.mtime = mtime | |
984 |
|
984 | |||
985 | return self._repo, True |
|
985 | return self._repo, True | |
986 |
|
986 | |||
987 | def _repostate(self): |
|
987 | def _repostate(self): | |
988 | state = [] |
|
988 | state = [] | |
989 | maxmtime = -1 |
|
989 | maxmtime = -1 | |
990 | for attr, fname in foi: |
|
990 | for attr, fname in foi: | |
991 | prefix = getattr(self._repo, attr) |
|
991 | prefix = getattr(self._repo, attr) | |
992 | p = os.path.join(prefix, fname) |
|
992 | p = os.path.join(prefix, fname) | |
993 | try: |
|
993 | try: | |
994 | st = os.stat(p) |
|
994 | st = os.stat(p) | |
995 | except OSError: |
|
995 | except OSError: | |
996 | st = os.stat(prefix) |
|
996 | st = os.stat(prefix) | |
997 | state.append((st.st_mtime, st.st_size)) |
|
997 | state.append((st.st_mtime, st.st_size)) | |
998 | maxmtime = max(maxmtime, st.st_mtime) |
|
998 | maxmtime = max(maxmtime, st.st_mtime) | |
999 |
|
999 | |||
1000 | return tuple(state), maxmtime |
|
1000 | return tuple(state), maxmtime | |
1001 |
|
1001 | |||
1002 | def copy(self): |
|
1002 | def copy(self): | |
1003 | """Obtain a copy of this class instance. |
|
1003 | """Obtain a copy of this class instance. | |
1004 |
|
1004 | |||
1005 | A new localrepository instance is obtained. The new instance should be |
|
1005 | A new localrepository instance is obtained. The new instance should be | |
1006 | completely independent of the original. |
|
1006 | completely independent of the original. | |
1007 | """ |
|
1007 | """ | |
1008 | repo = repository(self._repo.baseui, self._repo.origroot) |
|
1008 | repo = repository(self._repo.baseui, self._repo.origroot) | |
1009 | if self._filtername: |
|
1009 | if self._filtername: | |
1010 | repo = repo.filtered(self._filtername) |
|
1010 | repo = repo.filtered(self._filtername) | |
1011 | else: |
|
1011 | else: | |
1012 | repo = repo.unfiltered() |
|
1012 | repo = repo.unfiltered() | |
1013 | c = cachedlocalrepo(repo) |
|
1013 | c = cachedlocalrepo(repo) | |
1014 | c._state = self._state |
|
1014 | c._state = self._state | |
1015 | c.mtime = self.mtime |
|
1015 | c.mtime = self.mtime | |
1016 | return c |
|
1016 | return c |
@@ -1,608 +1,619 | |||||
1 | #require serve ssl |
|
1 | #require serve ssl | |
2 |
|
2 | |||
3 | Proper https client requires the built-in ssl from Python 2.6. |
|
3 | Proper https client requires the built-in ssl from Python 2.6. | |
4 |
|
4 | |||
5 | Make server certificates: |
|
5 | Make server certificates: | |
6 |
|
6 | |||
7 | $ CERTSDIR="$TESTDIR/sslcerts" |
|
7 | $ CERTSDIR="$TESTDIR/sslcerts" | |
8 | $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem |
|
8 | $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem | |
9 | $ PRIV=`pwd`/server.pem |
|
9 | $ PRIV=`pwd`/server.pem | |
10 | $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-not-yet.pem" > server-not-yet.pem |
|
10 | $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-not-yet.pem" > server-not-yet.pem | |
11 | $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-expired.pem" > server-expired.pem |
|
11 | $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-expired.pem" > server-expired.pem | |
12 |
|
12 | |||
13 | $ hg init test |
|
13 | $ hg init test | |
14 | $ cd test |
|
14 | $ cd test | |
15 | $ echo foo>foo |
|
15 | $ echo foo>foo | |
16 | $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg |
|
16 | $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg | |
17 | $ echo foo>foo.d/foo |
|
17 | $ echo foo>foo.d/foo | |
18 | $ echo bar>foo.d/bAr.hg.d/BaR |
|
18 | $ echo bar>foo.d/bAr.hg.d/BaR | |
19 | $ echo bar>foo.d/baR.d.hg/bAR |
|
19 | $ echo bar>foo.d/baR.d.hg/bAR | |
20 | $ hg commit -A -m 1 |
|
20 | $ hg commit -A -m 1 | |
21 | adding foo |
|
21 | adding foo | |
22 | adding foo.d/bAr.hg.d/BaR |
|
22 | adding foo.d/bAr.hg.d/BaR | |
23 | adding foo.d/baR.d.hg/bAR |
|
23 | adding foo.d/baR.d.hg/bAR | |
24 | adding foo.d/foo |
|
24 | adding foo.d/foo | |
25 | $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV |
|
25 | $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV | |
26 | $ cat ../hg0.pid >> $DAEMON_PIDS |
|
26 | $ cat ../hg0.pid >> $DAEMON_PIDS | |
27 |
|
27 | |||
28 | cacert not found |
|
28 | cacert not found | |
29 |
|
29 | |||
30 | $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/ |
|
30 | $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/ | |
31 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
31 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
32 | abort: could not find web.cacerts: no-such.pem |
|
32 | abort: could not find web.cacerts: no-such.pem | |
33 | [255] |
|
33 | [255] | |
34 |
|
34 | |||
35 | Test server address cannot be reused |
|
35 | Test server address cannot be reused | |
36 |
|
36 | |||
37 | #if windows |
|
37 | #if windows | |
38 | $ hg serve -p $HGPORT --certificate=$PRIV 2>&1 |
|
38 | $ hg serve -p $HGPORT --certificate=$PRIV 2>&1 | |
39 | abort: cannot start server at ':$HGPORT': |
|
39 | abort: cannot start server at ':$HGPORT': | |
40 | [255] |
|
40 | [255] | |
41 | #else |
|
41 | #else | |
42 | $ hg serve -p $HGPORT --certificate=$PRIV 2>&1 |
|
42 | $ hg serve -p $HGPORT --certificate=$PRIV 2>&1 | |
43 | abort: cannot start server at ':$HGPORT': Address already in use |
|
43 | abort: cannot start server at ':$HGPORT': Address already in use | |
44 | [255] |
|
44 | [255] | |
45 | #endif |
|
45 | #endif | |
46 | $ cd .. |
|
46 | $ cd .. | |
47 |
|
47 | |||
48 | Our test cert is not signed by a trusted CA. It should fail to verify if |
|
48 | Our test cert is not signed by a trusted CA. It should fail to verify if | |
49 | we are able to load CA certs. |
|
49 | we are able to load CA certs. | |
50 |
|
50 | |||
51 | #if sslcontext defaultcacerts no-defaultcacertsloaded |
|
51 | #if sslcontext defaultcacerts no-defaultcacertsloaded | |
52 | $ hg clone https://localhost:$HGPORT/ copy-pull |
|
52 | $ hg clone https://localhost:$HGPORT/ copy-pull | |
53 | (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) |
|
53 | (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) | |
54 | abort: error: *certificate verify failed* (glob) |
|
54 | abort: error: *certificate verify failed* (glob) | |
55 | [255] |
|
55 | [255] | |
56 | #endif |
|
56 | #endif | |
57 |
|
57 | |||
58 | #if no-sslcontext defaultcacerts |
|
58 | #if no-sslcontext defaultcacerts | |
59 | $ hg clone https://localhost:$HGPORT/ copy-pull |
|
59 | $ hg clone https://localhost:$HGPORT/ copy-pull | |
60 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
60 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
61 | (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) |
|
61 | (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) | |
62 | abort: error: *certificate verify failed* (glob) |
|
62 | abort: error: *certificate verify failed* (glob) | |
63 | [255] |
|
63 | [255] | |
64 | #endif |
|
64 | #endif | |
65 |
|
65 | |||
66 | #if no-sslcontext windows |
|
66 | #if no-sslcontext windows | |
67 | $ hg clone https://localhost:$HGPORT/ copy-pull |
|
67 | $ hg clone https://localhost:$HGPORT/ copy-pull | |
68 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info |
|
68 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info | |
69 | (unable to load Windows CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) |
|
69 | (unable to load Windows CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) | |
70 | abort: error: *certificate verify failed* (glob) |
|
70 | abort: error: *certificate verify failed* (glob) | |
71 | [255] |
|
71 | [255] | |
72 | #endif |
|
72 | #endif | |
73 |
|
73 | |||
74 | #if no-sslcontext osx |
|
74 | #if no-sslcontext osx | |
75 | $ hg clone https://localhost:$HGPORT/ copy-pull |
|
75 | $ hg clone https://localhost:$HGPORT/ copy-pull | |
76 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info |
|
76 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info | |
77 | (unable to load CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) |
|
77 | (unable to load CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) | |
78 | abort: localhost certificate error: no certificate received |
|
78 | abort: localhost certificate error: no certificate received | |
79 | (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely) |
|
79 | (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely) | |
80 | [255] |
|
80 | [255] | |
81 | #endif |
|
81 | #endif | |
82 |
|
82 | |||
83 | #if defaultcacertsloaded |
|
83 | #if defaultcacertsloaded | |
84 | $ hg clone https://localhost:$HGPORT/ copy-pull |
|
84 | $ hg clone https://localhost:$HGPORT/ copy-pull | |
85 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
85 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
86 | (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) |
|
86 | (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) | |
87 | abort: error: *certificate verify failed* (glob) |
|
87 | abort: error: *certificate verify failed* (glob) | |
88 | [255] |
|
88 | [255] | |
89 | #endif |
|
89 | #endif | |
90 |
|
90 | |||
91 | #if no-defaultcacerts |
|
91 | #if no-defaultcacerts | |
92 | $ hg clone https://localhost:$HGPORT/ copy-pull |
|
92 | $ hg clone https://localhost:$HGPORT/ copy-pull | |
93 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
93 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
94 | (unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) |
|
94 | (unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) | |
95 | abort: localhost certificate error: no certificate received |
|
95 | abort: localhost certificate error: no certificate received | |
96 | (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely) |
|
96 | (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely) | |
97 | [255] |
|
97 | [255] | |
98 | #endif |
|
98 | #endif | |
99 |
|
99 | |||
100 | Specifying a per-host certificate file that doesn't exist will abort |
|
100 | Specifying a per-host certificate file that doesn't exist will abort | |
101 |
|
101 | |||
102 | $ hg --config hostsecurity.localhost:verifycertsfile=/does/not/exist clone https://localhost:$HGPORT/ |
|
102 | $ hg --config hostsecurity.localhost:verifycertsfile=/does/not/exist clone https://localhost:$HGPORT/ | |
103 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
103 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
104 | abort: path specified by hostsecurity.localhost:verifycertsfile does not exist: /does/not/exist |
|
104 | abort: path specified by hostsecurity.localhost:verifycertsfile does not exist: /does/not/exist | |
105 | [255] |
|
105 | [255] | |
106 |
|
106 | |||
107 | A malformed per-host certificate file will raise an error |
|
107 | A malformed per-host certificate file will raise an error | |
108 |
|
108 | |||
109 | $ echo baddata > badca.pem |
|
109 | $ echo baddata > badca.pem | |
110 | #if sslcontext |
|
110 | #if sslcontext | |
111 | $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/ |
|
111 | $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/ | |
112 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
112 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
113 | abort: error loading CA file badca.pem: * (glob) |
|
113 | abort: error loading CA file badca.pem: * (glob) | |
114 | (file is empty or malformed?) |
|
114 | (file is empty or malformed?) | |
115 | [255] |
|
115 | [255] | |
116 | #else |
|
116 | #else | |
117 | $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/ |
|
117 | $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/ | |
118 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
118 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
119 | abort: error: * (glob) |
|
119 | abort: error: * (glob) | |
120 | [255] |
|
120 | [255] | |
121 | #endif |
|
121 | #endif | |
122 |
|
122 | |||
123 | A per-host certificate mismatching the server will fail verification |
|
123 | A per-host certificate mismatching the server will fail verification | |
124 |
|
124 | |||
125 | (modern ssl is able to discern whether the loaded cert is a CA cert) |
|
125 | (modern ssl is able to discern whether the loaded cert is a CA cert) | |
126 | #if sslcontext |
|
126 | #if sslcontext | |
127 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/ |
|
127 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/ | |
128 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
128 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
129 | (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) |
|
129 | (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) | |
130 | abort: error: *certificate verify failed* (glob) |
|
130 | abort: error: *certificate verify failed* (glob) | |
131 | [255] |
|
131 | [255] | |
132 | #else |
|
132 | #else | |
133 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/ |
|
133 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/ | |
134 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
134 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
135 | abort: error: *certificate verify failed* (glob) |
|
135 | abort: error: *certificate verify failed* (glob) | |
136 | [255] |
|
136 | [255] | |
137 | #endif |
|
137 | #endif | |
138 |
|
138 | |||
139 | A per-host certificate matching the server's cert will be accepted |
|
139 | A per-host certificate matching the server's cert will be accepted | |
140 |
|
140 | |||
141 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" clone -U https://localhost:$HGPORT/ perhostgood1 |
|
141 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" clone -U https://localhost:$HGPORT/ perhostgood1 | |
142 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
142 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
143 | requesting all changes |
|
143 | requesting all changes | |
144 | adding changesets |
|
144 | adding changesets | |
145 | adding manifests |
|
145 | adding manifests | |
146 | adding file changes |
|
146 | adding file changes | |
147 | added 1 changesets with 4 changes to 4 files |
|
147 | added 1 changesets with 4 changes to 4 files | |
148 |
|
148 | |||
149 | A per-host certificate with multiple certs and one matching will be accepted |
|
149 | A per-host certificate with multiple certs and one matching will be accepted | |
150 |
|
150 | |||
151 | $ cat "$CERTSDIR/client-cert.pem" "$CERTSDIR/pub.pem" > perhost.pem |
|
151 | $ cat "$CERTSDIR/client-cert.pem" "$CERTSDIR/pub.pem" > perhost.pem | |
152 | $ hg --config hostsecurity.localhost:verifycertsfile=perhost.pem clone -U https://localhost:$HGPORT/ perhostgood2 |
|
152 | $ hg --config hostsecurity.localhost:verifycertsfile=perhost.pem clone -U https://localhost:$HGPORT/ perhostgood2 | |
153 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
153 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
154 | requesting all changes |
|
154 | requesting all changes | |
155 | adding changesets |
|
155 | adding changesets | |
156 | adding manifests |
|
156 | adding manifests | |
157 | adding file changes |
|
157 | adding file changes | |
158 | added 1 changesets with 4 changes to 4 files |
|
158 | added 1 changesets with 4 changes to 4 files | |
159 |
|
159 | |||
160 | Defining both per-host certificate and a fingerprint will print a warning |
|
160 | Defining both per-host certificate and a fingerprint will print a warning | |
161 |
|
161 | |||
162 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 clone -U https://localhost:$HGPORT/ caandfingerwarning |
|
162 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 clone -U https://localhost:$HGPORT/ caandfingerwarning | |
163 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
163 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
164 | (hostsecurity.localhost:verifycertsfile ignored when host fingerprints defined; using host fingerprints for verification) |
|
164 | (hostsecurity.localhost:verifycertsfile ignored when host fingerprints defined; using host fingerprints for verification) | |
165 | requesting all changes |
|
165 | requesting all changes | |
166 | adding changesets |
|
166 | adding changesets | |
167 | adding manifests |
|
167 | adding manifests | |
168 | adding file changes |
|
168 | adding file changes | |
169 | added 1 changesets with 4 changes to 4 files |
|
169 | added 1 changesets with 4 changes to 4 files | |
170 |
|
170 | |||
171 | $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true" |
|
171 | $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true" | |
172 |
|
172 | |||
173 | Inability to verify peer certificate will result in abort |
|
173 | Inability to verify peer certificate will result in abort | |
174 |
|
174 | |||
175 | $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS |
|
175 | $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS | |
176 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
176 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
177 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect |
|
177 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect | |
178 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) |
|
178 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) | |
179 | [255] |
|
179 | [255] | |
180 |
|
180 | |||
181 | $ hg clone --insecure https://localhost:$HGPORT/ copy-pull |
|
181 | $ hg clone --insecure https://localhost:$HGPORT/ copy-pull | |
182 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
182 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
183 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
183 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |
184 | requesting all changes |
|
184 | requesting all changes | |
185 | adding changesets |
|
185 | adding changesets | |
186 | adding manifests |
|
186 | adding manifests | |
187 | adding file changes |
|
187 | adding file changes | |
188 | added 1 changesets with 4 changes to 4 files |
|
188 | added 1 changesets with 4 changes to 4 files | |
189 | updating to branch default |
|
189 | updating to branch default | |
190 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
190 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
191 | $ hg verify -R copy-pull |
|
191 | $ hg verify -R copy-pull | |
192 | checking changesets |
|
192 | checking changesets | |
193 | checking manifests |
|
193 | checking manifests | |
194 | crosschecking files in changesets and manifests |
|
194 | crosschecking files in changesets and manifests | |
195 | checking files |
|
195 | checking files | |
196 | 4 files, 1 changesets, 4 total revisions |
|
196 | 4 files, 1 changesets, 4 total revisions | |
197 | $ cd test |
|
197 | $ cd test | |
198 | $ echo bar > bar |
|
198 | $ echo bar > bar | |
199 | $ hg commit -A -d '1 0' -m 2 |
|
199 | $ hg commit -A -d '1 0' -m 2 | |
200 | adding bar |
|
200 | adding bar | |
201 | $ cd .. |
|
201 | $ cd .. | |
202 |
|
202 | |||
203 | pull without cacert |
|
203 | pull without cacert | |
204 |
|
204 | |||
205 | $ cd copy-pull |
|
205 | $ cd copy-pull | |
206 | $ echo '[hooks]' >> .hg/hgrc |
|
206 | $ echo '[hooks]' >> .hg/hgrc | |
207 | $ echo "changegroup = printenv.py changegroup" >> .hg/hgrc |
|
207 | $ echo "changegroup = printenv.py changegroup" >> .hg/hgrc | |
208 | $ hg pull $DISABLECACERTS |
|
208 | $ hg pull $DISABLECACERTS | |
209 | pulling from https://localhost:$HGPORT/ |
|
209 | pulling from https://localhost:$HGPORT/ | |
210 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
210 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
211 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect |
|
211 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect | |
212 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) |
|
212 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) | |
213 | [255] |
|
213 | [255] | |
214 |
|
214 | |||
215 | $ hg pull --insecure |
|
215 | $ hg pull --insecure | |
216 | pulling from https://localhost:$HGPORT/ |
|
216 | pulling from https://localhost:$HGPORT/ | |
217 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
217 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
218 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
218 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |
219 | searching for changes |
|
219 | searching for changes | |
220 | adding changesets |
|
220 | adding changesets | |
221 | adding manifests |
|
221 | adding manifests | |
222 | adding file changes |
|
222 | adding file changes | |
223 | added 1 changesets with 1 changes to 1 files |
|
223 | added 1 changesets with 1 changes to 1 files | |
224 | changegroup hook: HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_TXNID=TXN:* HG_URL=https://localhost:$HGPORT/ (glob) |
|
224 | changegroup hook: HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_TXNID=TXN:* HG_URL=https://localhost:$HGPORT/ (glob) | |
225 | (run 'hg update' to get a working copy) |
|
225 | (run 'hg update' to get a working copy) | |
226 | $ cd .. |
|
226 | $ cd .. | |
227 |
|
227 | |||
228 | cacert configured in local repo |
|
228 | cacert configured in local repo | |
229 |
|
229 | |||
230 | $ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu |
|
230 | $ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu | |
231 | $ echo "[web]" >> copy-pull/.hg/hgrc |
|
231 | $ echo "[web]" >> copy-pull/.hg/hgrc | |
232 | $ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc |
|
232 | $ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc | |
233 | $ hg -R copy-pull pull --traceback |
|
233 | $ hg -R copy-pull pull --traceback | |
234 | pulling from https://localhost:$HGPORT/ |
|
234 | pulling from https://localhost:$HGPORT/ | |
235 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
235 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
236 | searching for changes |
|
236 | searching for changes | |
237 | no changes found |
|
237 | no changes found | |
238 | $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc |
|
238 | $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc | |
239 |
|
239 | |||
240 | cacert configured globally, also testing expansion of environment |
|
240 | cacert configured globally, also testing expansion of environment | |
241 | variables in the filename |
|
241 | variables in the filename | |
242 |
|
242 | |||
243 | $ echo "[web]" >> $HGRCPATH |
|
243 | $ echo "[web]" >> $HGRCPATH | |
244 | $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH |
|
244 | $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH | |
245 | $ P="$CERTSDIR" hg -R copy-pull pull |
|
245 | $ P="$CERTSDIR" hg -R copy-pull pull | |
246 | pulling from https://localhost:$HGPORT/ |
|
246 | pulling from https://localhost:$HGPORT/ | |
247 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
247 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
248 | searching for changes |
|
248 | searching for changes | |
249 | no changes found |
|
249 | no changes found | |
250 | $ P="$CERTSDIR" hg -R copy-pull pull --insecure |
|
250 | $ P="$CERTSDIR" hg -R copy-pull pull --insecure | |
251 | pulling from https://localhost:$HGPORT/ |
|
251 | pulling from https://localhost:$HGPORT/ | |
252 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
252 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
253 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
253 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |
254 | searching for changes |
|
254 | searching for changes | |
255 | no changes found |
|
255 | no changes found | |
256 |
|
256 | |||
257 | empty cacert file |
|
257 | empty cacert file | |
258 |
|
258 | |||
259 | $ touch emptycafile |
|
259 | $ touch emptycafile | |
260 |
|
260 | |||
261 | #if sslcontext |
|
261 | #if sslcontext | |
262 | $ hg --config web.cacerts=emptycafile -R copy-pull pull |
|
262 | $ hg --config web.cacerts=emptycafile -R copy-pull pull | |
263 | pulling from https://localhost:$HGPORT/ |
|
263 | pulling from https://localhost:$HGPORT/ | |
264 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
264 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
265 | abort: error loading CA file emptycafile: * (glob) |
|
265 | abort: error loading CA file emptycafile: * (glob) | |
266 | (file is empty or malformed?) |
|
266 | (file is empty or malformed?) | |
267 | [255] |
|
267 | [255] | |
268 | #else |
|
268 | #else | |
269 | $ hg --config web.cacerts=emptycafile -R copy-pull pull |
|
269 | $ hg --config web.cacerts=emptycafile -R copy-pull pull | |
270 | pulling from https://localhost:$HGPORT/ |
|
270 | pulling from https://localhost:$HGPORT/ | |
271 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
271 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
272 | abort: error: * (glob) |
|
272 | abort: error: * (glob) | |
273 | [255] |
|
273 | [255] | |
274 | #endif |
|
274 | #endif | |
275 |
|
275 | |||
276 | cacert mismatch |
|
276 | cacert mismatch | |
277 |
|
277 | |||
278 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \ |
|
278 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \ | |
279 | > https://127.0.0.1:$HGPORT/ |
|
279 | > https://127.0.0.1:$HGPORT/ | |
280 | pulling from https://127.0.0.1:$HGPORT/ (glob) |
|
280 | pulling from https://127.0.0.1:$HGPORT/ (glob) | |
281 | warning: connecting to 127.0.0.1 using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
281 | warning: connecting to 127.0.0.1 using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
282 | abort: 127.0.0.1 certificate error: certificate is for localhost (glob) |
|
282 | abort: 127.0.0.1 certificate error: certificate is for localhost (glob) | |
283 | (set hostsecurity.127.0.0.1:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely) (glob) |
|
283 | (set hostsecurity.127.0.0.1:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely) (glob) | |
284 | [255] |
|
284 | [255] | |
285 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \ |
|
285 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \ | |
286 | > https://127.0.0.1:$HGPORT/ --insecure |
|
286 | > https://127.0.0.1:$HGPORT/ --insecure | |
287 | pulling from https://127.0.0.1:$HGPORT/ (glob) |
|
287 | pulling from https://127.0.0.1:$HGPORT/ (glob) | |
288 | warning: connecting to 127.0.0.1 using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
288 | warning: connecting to 127.0.0.1 using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
289 | warning: connection security to 127.0.0.1 is disabled per current settings; communication is susceptible to eavesdropping and tampering (glob) |
|
289 | warning: connection security to 127.0.0.1 is disabled per current settings; communication is susceptible to eavesdropping and tampering (glob) | |
290 | searching for changes |
|
290 | searching for changes | |
291 | no changes found |
|
291 | no changes found | |
292 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" |
|
292 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" | |
293 | pulling from https://localhost:$HGPORT/ |
|
293 | pulling from https://localhost:$HGPORT/ | |
294 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
294 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
295 | abort: error: *certificate verify failed* (glob) |
|
295 | abort: error: *certificate verify failed* (glob) | |
296 | [255] |
|
296 | [255] | |
297 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \ |
|
297 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \ | |
298 | > --insecure |
|
298 | > --insecure | |
299 | pulling from https://localhost:$HGPORT/ |
|
299 | pulling from https://localhost:$HGPORT/ | |
300 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
300 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
301 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
301 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |
302 | searching for changes |
|
302 | searching for changes | |
303 | no changes found |
|
303 | no changes found | |
304 |
|
304 | |||
305 | Test server cert which isn't valid yet |
|
305 | Test server cert which isn't valid yet | |
306 |
|
306 | |||
307 | $ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem |
|
307 | $ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem | |
308 | $ cat hg1.pid >> $DAEMON_PIDS |
|
308 | $ cat hg1.pid >> $DAEMON_PIDS | |
309 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \ |
|
309 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \ | |
310 | > https://localhost:$HGPORT1/ |
|
310 | > https://localhost:$HGPORT1/ | |
311 | pulling from https://localhost:$HGPORT1/ |
|
311 | pulling from https://localhost:$HGPORT1/ | |
312 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
312 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
313 | abort: error: *certificate verify failed* (glob) |
|
313 | abort: error: *certificate verify failed* (glob) | |
314 | [255] |
|
314 | [255] | |
315 |
|
315 | |||
316 | Test server cert which no longer is valid |
|
316 | Test server cert which no longer is valid | |
317 |
|
317 | |||
318 | $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem |
|
318 | $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem | |
319 | $ cat hg2.pid >> $DAEMON_PIDS |
|
319 | $ cat hg2.pid >> $DAEMON_PIDS | |
320 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \ |
|
320 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \ | |
321 | > https://localhost:$HGPORT2/ |
|
321 | > https://localhost:$HGPORT2/ | |
322 | pulling from https://localhost:$HGPORT2/ |
|
322 | pulling from https://localhost:$HGPORT2/ | |
323 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
323 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
324 | abort: error: *certificate verify failed* (glob) |
|
324 | abort: error: *certificate verify failed* (glob) | |
325 | [255] |
|
325 | [255] | |
326 |
|
326 | |||
327 | Disabling the TLS 1.0 warning works |
|
327 | Disabling the TLS 1.0 warning works | |
328 | $ hg -R copy-pull id https://localhost:$HGPORT/ \ |
|
328 | $ hg -R copy-pull id https://localhost:$HGPORT/ \ | |
329 | > --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 \ |
|
329 | > --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 \ | |
330 | > --config hostsecurity.disabletls10warning=true |
|
330 | > --config hostsecurity.disabletls10warning=true | |
331 | 5fed3813f7f5 |
|
331 | 5fed3813f7f5 | |
332 |
|
332 | |||
333 | #if no-sslcontext no-py27+ |
|
333 | #if no-sslcontext no-py27+ | |
334 | Setting ciphers doesn't work in Python 2.6 |
|
334 | Setting ciphers doesn't work in Python 2.6 | |
335 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/ |
|
335 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/ | |
336 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info |
|
336 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info | |
337 | abort: setting ciphers in [hostsecurity] is not supported by this version of Python |
|
337 | abort: setting ciphers in [hostsecurity] is not supported by this version of Python | |
338 | (remove the config option or run Mercurial with a modern Python version (preferred)) |
|
338 | (remove the config option or run Mercurial with a modern Python version (preferred)) | |
339 | [255] |
|
339 | [255] | |
340 | #endif |
|
340 | #endif | |
341 |
|
341 | |||
342 | Setting ciphers works in Python 2.7+ but the error message is different on |
|
342 | Setting ciphers works in Python 2.7+ but the error message is different on | |
343 | legacy ssl. We test legacy once and do more feature checking on modern |
|
343 | legacy ssl. We test legacy once and do more feature checking on modern | |
344 | configs. |
|
344 | configs. | |
345 |
|
345 | |||
346 | #if py27+ no-sslcontext |
|
346 | #if py27+ no-sslcontext | |
347 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ |
|
347 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ | |
348 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info |
|
348 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info | |
349 | abort: *No cipher can be selected. (glob) |
|
349 | abort: *No cipher can be selected. (glob) | |
350 | [255] |
|
350 | [255] | |
351 |
|
351 | |||
352 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/ |
|
352 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/ | |
353 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info |
|
353 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info | |
354 | 5fed3813f7f5 |
|
354 | 5fed3813f7f5 | |
355 | #endif |
|
355 | #endif | |
356 |
|
356 | |||
357 | #if sslcontext |
|
357 | #if sslcontext | |
358 | Setting ciphers to an invalid value aborts |
|
358 | Setting ciphers to an invalid value aborts | |
359 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ |
|
359 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ | |
360 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
360 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
361 | abort: could not set ciphers: No cipher can be selected. |
|
361 | abort: could not set ciphers: No cipher can be selected. | |
362 | (change cipher string (invalid) in config) |
|
362 | (change cipher string (invalid) in config) | |
363 | [255] |
|
363 | [255] | |
364 |
|
364 | |||
365 | $ P="$CERTSDIR" hg --config hostsecurity.localhost:ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ |
|
365 | $ P="$CERTSDIR" hg --config hostsecurity.localhost:ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ | |
366 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
366 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
367 | abort: could not set ciphers: No cipher can be selected. |
|
367 | abort: could not set ciphers: No cipher can be selected. | |
368 | (change cipher string (invalid) in config) |
|
368 | (change cipher string (invalid) in config) | |
369 | [255] |
|
369 | [255] | |
370 |
|
370 | |||
371 | Changing the cipher string works |
|
371 | Changing the cipher string works | |
372 |
|
372 | |||
373 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/ |
|
373 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/ | |
374 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
374 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
375 | 5fed3813f7f5 |
|
375 | 5fed3813f7f5 | |
376 | #endif |
|
376 | #endif | |
377 |
|
377 | |||
378 | Fingerprints |
|
378 | Fingerprints | |
379 |
|
379 | |||
380 | - works without cacerts (hostkeyfingerprints) |
|
380 | - works without cacerts (hostkeyfingerprints) | |
381 | $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 |
|
381 | $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 | |
382 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
382 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
383 | 5fed3813f7f5 |
|
383 | 5fed3813f7f5 | |
384 |
|
384 | |||
385 | - works without cacerts (hostsecurity) |
|
385 | - works without cacerts (hostsecurity) | |
386 | $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 |
|
386 | $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 | |
387 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
387 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
388 | 5fed3813f7f5 |
|
388 | 5fed3813f7f5 | |
389 |
|
389 | |||
390 | $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e |
|
390 | $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e | |
391 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
391 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
392 | 5fed3813f7f5 |
|
392 | 5fed3813f7f5 | |
393 |
|
393 | |||
394 | - multiple fingerprints specified and first matches |
|
394 | - multiple fingerprints specified and first matches | |
395 | $ hg --config 'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure |
|
395 | $ hg --config 'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure | |
396 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
396 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
397 | 5fed3813f7f5 |
|
397 | 5fed3813f7f5 | |
398 |
|
398 | |||
399 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ |
|
399 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ | |
400 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
400 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
401 | 5fed3813f7f5 |
|
401 | 5fed3813f7f5 | |
402 |
|
402 | |||
403 | - multiple fingerprints specified and last matches |
|
403 | - multiple fingerprints specified and last matches | |
404 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ --insecure |
|
404 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ --insecure | |
405 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
405 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
406 | 5fed3813f7f5 |
|
406 | 5fed3813f7f5 | |
407 |
|
407 | |||
408 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ |
|
408 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ | |
409 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
409 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
410 | 5fed3813f7f5 |
|
410 | 5fed3813f7f5 | |
411 |
|
411 | |||
412 | - multiple fingerprints specified and none match |
|
412 | - multiple fingerprints specified and none match | |
413 |
|
413 | |||
414 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure |
|
414 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure | |
415 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
415 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
416 | abort: certificate for localhost has unexpected fingerprint ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 |
|
416 | abort: certificate for localhost has unexpected fingerprint ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 | |
417 | (check hostfingerprint configuration) |
|
417 | (check hostfingerprint configuration) | |
418 | [255] |
|
418 | [255] | |
419 |
|
419 | |||
420 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ |
|
420 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ | |
421 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
421 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
422 | abort: certificate for localhost has unexpected fingerprint sha1:ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 |
|
422 | abort: certificate for localhost has unexpected fingerprint sha1:ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 | |
423 | (check hostsecurity configuration) |
|
423 | (check hostsecurity configuration) | |
424 | [255] |
|
424 | [255] | |
425 |
|
425 | |||
426 | - fails when cert doesn't match hostname (port is ignored) |
|
426 | - fails when cert doesn't match hostname (port is ignored) | |
427 | $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 |
|
427 | $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 | |
428 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
428 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
429 | abort: certificate for localhost has unexpected fingerprint f4:2f:5a:0c:3e:52:5b:db:e7:24:a8:32:1d:18:97:6d:69:b5:87:84 |
|
429 | abort: certificate for localhost has unexpected fingerprint f4:2f:5a:0c:3e:52:5b:db:e7:24:a8:32:1d:18:97:6d:69:b5:87:84 | |
430 | (check hostfingerprint configuration) |
|
430 | (check hostfingerprint configuration) | |
431 | [255] |
|
431 | [255] | |
432 |
|
432 | |||
433 |
|
433 | |||
434 | - ignores that certificate doesn't match hostname |
|
434 | - ignores that certificate doesn't match hostname | |
435 | $ hg -R copy-pull id https://127.0.0.1:$HGPORT/ --config hostfingerprints.127.0.0.1=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 |
|
435 | $ hg -R copy-pull id https://127.0.0.1:$HGPORT/ --config hostfingerprints.127.0.0.1=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 | |
436 | warning: connecting to 127.0.0.1 using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
436 | warning: connecting to 127.0.0.1 using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
437 | 5fed3813f7f5 |
|
437 | 5fed3813f7f5 | |
438 |
|
438 | |||
439 | Ports used by next test. Kill servers. |
|
439 | Ports used by next test. Kill servers. | |
440 |
|
440 | |||
441 | $ killdaemons.py hg0.pid |
|
441 | $ killdaemons.py hg0.pid | |
442 | $ killdaemons.py hg1.pid |
|
442 | $ killdaemons.py hg1.pid | |
443 | $ killdaemons.py hg2.pid |
|
443 | $ killdaemons.py hg2.pid | |
444 |
|
444 | |||
445 | #if sslcontext tls1.2 |
|
445 | #if sslcontext tls1.2 | |
446 | Start servers running supported TLS versions |
|
446 | Start servers running supported TLS versions | |
447 |
|
447 | |||
448 | $ cd test |
|
448 | $ cd test | |
449 | $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \ |
|
449 | $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \ | |
450 | > --config devel.serverexactprotocol=tls1.0 |
|
450 | > --config devel.serverexactprotocol=tls1.0 | |
451 | $ cat ../hg0.pid >> $DAEMON_PIDS |
|
451 | $ cat ../hg0.pid >> $DAEMON_PIDS | |
452 | $ hg serve -p $HGPORT1 -d --pid-file=../hg1.pid --certificate=$PRIV \ |
|
452 | $ hg serve -p $HGPORT1 -d --pid-file=../hg1.pid --certificate=$PRIV \ | |
453 | > --config devel.serverexactprotocol=tls1.1 |
|
453 | > --config devel.serverexactprotocol=tls1.1 | |
454 | $ cat ../hg1.pid >> $DAEMON_PIDS |
|
454 | $ cat ../hg1.pid >> $DAEMON_PIDS | |
455 | $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \ |
|
455 | $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \ | |
456 | > --config devel.serverexactprotocol=tls1.2 |
|
456 | > --config devel.serverexactprotocol=tls1.2 | |
457 | $ cat ../hg2.pid >> $DAEMON_PIDS |
|
457 | $ cat ../hg2.pid >> $DAEMON_PIDS | |
458 | $ cd .. |
|
458 | $ cd .. | |
459 |
|
459 | |||
460 | Clients talking same TLS versions work |
|
460 | Clients talking same TLS versions work | |
461 |
|
461 | |||
462 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 id https://localhost:$HGPORT/ |
|
462 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 id https://localhost:$HGPORT/ | |
463 | 5fed3813f7f5 |
|
463 | 5fed3813f7f5 | |
464 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT1/ |
|
464 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT1/ | |
465 | 5fed3813f7f5 |
|
465 | 5fed3813f7f5 | |
466 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/ |
|
466 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/ | |
467 | 5fed3813f7f5 |
|
467 | 5fed3813f7f5 | |
468 |
|
468 | |||
469 | Clients requiring newer TLS version than what server supports fail |
|
469 | Clients requiring newer TLS version than what server supports fail | |
470 |
|
470 | |||
471 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ |
|
471 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ | |
472 | (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) |
|
472 | (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) | |
473 | abort: error: *unsupported protocol* (glob) |
|
473 | abort: error: *unsupported protocol* (glob) | |
474 | [255] |
|
474 | [255] | |
475 |
|
475 | |||
476 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT/ |
|
476 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT/ | |
477 | (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) |
|
477 | (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) | |
478 | abort: error: *unsupported protocol* (glob) |
|
478 | abort: error: *unsupported protocol* (glob) | |
479 | [255] |
|
479 | [255] | |
480 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT/ |
|
480 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT/ | |
481 | (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) |
|
481 | (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) | |
482 | abort: error: *unsupported protocol* (glob) |
|
482 | abort: error: *unsupported protocol* (glob) | |
483 | [255] |
|
483 | [255] | |
484 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT1/ |
|
484 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT1/ | |
485 | (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) |
|
485 | (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) | |
486 | abort: error: *unsupported protocol* (glob) |
|
486 | abort: error: *unsupported protocol* (glob) | |
487 | [255] |
|
487 | [255] | |
488 |
|
488 | |||
489 | The per-host config option overrides the default |
|
489 | The per-host config option overrides the default | |
490 |
|
490 | |||
491 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ |
|
491 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ | |
492 | > --config hostsecurity.minimumprotocol=tls1.2 \ |
|
492 | > --config hostsecurity.minimumprotocol=tls1.2 \ | |
493 | > --config hostsecurity.localhost:minimumprotocol=tls1.0 |
|
493 | > --config hostsecurity.localhost:minimumprotocol=tls1.0 | |
494 | 5fed3813f7f5 |
|
494 | 5fed3813f7f5 | |
495 |
|
495 | |||
496 | The per-host config option by itself works |
|
496 | The per-host config option by itself works | |
497 |
|
497 | |||
498 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ |
|
498 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ | |
499 | > --config hostsecurity.localhost:minimumprotocol=tls1.2 |
|
499 | > --config hostsecurity.localhost:minimumprotocol=tls1.2 | |
500 | (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) |
|
500 | (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) | |
501 | abort: error: *unsupported protocol* (glob) |
|
501 | abort: error: *unsupported protocol* (glob) | |
502 | [255] |
|
502 | [255] | |
503 |
|
503 | |||
|
504 | .hg/hgrc file [hostsecurity] settings are applied to remote ui instances (issue5305) | |||
|
505 | ||||
|
506 | $ cat >> copy-pull/.hg/hgrc << EOF | |||
|
507 | > [hostsecurity] | |||
|
508 | > localhost:minimumprotocol=tls1.2 | |||
|
509 | > EOF | |||
|
510 | $ P="$CERTSDIR" hg -R copy-pull id https://localhost:$HGPORT/ | |||
|
511 | (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) | |||
|
512 | abort: error: [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:590) | |||
|
513 | [255] | |||
|
514 | ||||
504 | $ killdaemons.py hg0.pid |
|
515 | $ killdaemons.py hg0.pid | |
505 | $ killdaemons.py hg1.pid |
|
516 | $ killdaemons.py hg1.pid | |
506 | $ killdaemons.py hg2.pid |
|
517 | $ killdaemons.py hg2.pid | |
507 | #endif |
|
518 | #endif | |
508 |
|
519 | |||
509 | Prepare for connecting through proxy |
|
520 | Prepare for connecting through proxy | |
510 |
|
521 | |||
511 | $ hg serve -R test -p $HGPORT -d --pid-file=hg0.pid --certificate=$PRIV |
|
522 | $ hg serve -R test -p $HGPORT -d --pid-file=hg0.pid --certificate=$PRIV | |
512 | $ cat hg0.pid >> $DAEMON_PIDS |
|
523 | $ cat hg0.pid >> $DAEMON_PIDS | |
513 | $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem |
|
524 | $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem | |
514 | $ cat hg2.pid >> $DAEMON_PIDS |
|
525 | $ cat hg2.pid >> $DAEMON_PIDS | |
515 | tinyproxy.py doesn't fully detach, so killing it may result in extra output |
|
526 | tinyproxy.py doesn't fully detach, so killing it may result in extra output | |
516 | from the shell. So don't kill it. |
|
527 | from the shell. So don't kill it. | |
517 | $ tinyproxy.py $HGPORT1 localhost >proxy.log </dev/null 2>&1 & |
|
528 | $ tinyproxy.py $HGPORT1 localhost >proxy.log </dev/null 2>&1 & | |
518 | $ while [ ! -f proxy.pid ]; do sleep 0; done |
|
529 | $ while [ ! -f proxy.pid ]; do sleep 0; done | |
519 | $ cat proxy.pid >> $DAEMON_PIDS |
|
530 | $ cat proxy.pid >> $DAEMON_PIDS | |
520 |
|
531 | |||
521 | $ echo "[http_proxy]" >> copy-pull/.hg/hgrc |
|
532 | $ echo "[http_proxy]" >> copy-pull/.hg/hgrc | |
522 | $ echo "always=True" >> copy-pull/.hg/hgrc |
|
533 | $ echo "always=True" >> copy-pull/.hg/hgrc | |
523 | $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc |
|
534 | $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc | |
524 | $ echo "localhost =" >> copy-pull/.hg/hgrc |
|
535 | $ echo "localhost =" >> copy-pull/.hg/hgrc | |
525 |
|
536 | |||
526 | Test unvalidated https through proxy |
|
537 | Test unvalidated https through proxy | |
527 |
|
538 | |||
528 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure --traceback |
|
539 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure --traceback | |
529 | pulling from https://localhost:$HGPORT/ |
|
540 | pulling from https://localhost:$HGPORT/ | |
530 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
541 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
531 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
542 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |
532 | searching for changes |
|
543 | searching for changes | |
533 | no changes found |
|
544 | no changes found | |
534 |
|
545 | |||
535 | Test https with cacert and fingerprint through proxy |
|
546 | Test https with cacert and fingerprint through proxy | |
536 |
|
547 | |||
537 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ |
|
548 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ | |
538 | > --config web.cacerts="$CERTSDIR/pub.pem" |
|
549 | > --config web.cacerts="$CERTSDIR/pub.pem" | |
539 | pulling from https://localhost:$HGPORT/ |
|
550 | pulling from https://localhost:$HGPORT/ | |
540 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
551 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
541 | searching for changes |
|
552 | searching for changes | |
542 | no changes found |
|
553 | no changes found | |
543 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://127.0.0.1:$HGPORT/ --config hostfingerprints.127.0.0.1=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 |
|
554 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://127.0.0.1:$HGPORT/ --config hostfingerprints.127.0.0.1=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 | |
544 | pulling from https://127.0.0.1:$HGPORT/ (glob) |
|
555 | pulling from https://127.0.0.1:$HGPORT/ (glob) | |
545 | warning: connecting to 127.0.0.1 using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
556 | warning: connecting to 127.0.0.1 using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
546 | searching for changes |
|
557 | searching for changes | |
547 | no changes found |
|
558 | no changes found | |
548 |
|
559 | |||
549 | Test https with cert problems through proxy |
|
560 | Test https with cert problems through proxy | |
550 |
|
561 | |||
551 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ |
|
562 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ | |
552 | > --config web.cacerts="$CERTSDIR/pub-other.pem" |
|
563 | > --config web.cacerts="$CERTSDIR/pub-other.pem" | |
553 | pulling from https://localhost:$HGPORT/ |
|
564 | pulling from https://localhost:$HGPORT/ | |
554 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
565 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
555 | abort: error: *certificate verify failed* (glob) |
|
566 | abort: error: *certificate verify failed* (glob) | |
556 | [255] |
|
567 | [255] | |
557 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ |
|
568 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ | |
558 | > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/ |
|
569 | > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/ | |
559 | pulling from https://localhost:$HGPORT2/ |
|
570 | pulling from https://localhost:$HGPORT2/ | |
560 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
571 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
561 | abort: error: *certificate verify failed* (glob) |
|
572 | abort: error: *certificate verify failed* (glob) | |
562 | [255] |
|
573 | [255] | |
563 |
|
574 | |||
564 |
|
575 | |||
565 | $ killdaemons.py hg0.pid |
|
576 | $ killdaemons.py hg0.pid | |
566 |
|
577 | |||
567 | #if sslcontext |
|
578 | #if sslcontext | |
568 |
|
579 | |||
569 | Start hgweb that requires client certificates: |
|
580 | Start hgweb that requires client certificates: | |
570 |
|
581 | |||
571 | $ cd test |
|
582 | $ cd test | |
572 | $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \ |
|
583 | $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \ | |
573 | > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true |
|
584 | > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true | |
574 | $ cat ../hg0.pid >> $DAEMON_PIDS |
|
585 | $ cat ../hg0.pid >> $DAEMON_PIDS | |
575 | $ cd .. |
|
586 | $ cd .. | |
576 |
|
587 | |||
577 | without client certificate: |
|
588 | without client certificate: | |
578 |
|
589 | |||
579 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ |
|
590 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ | |
580 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
591 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
581 | abort: error: *handshake failure* (glob) |
|
592 | abort: error: *handshake failure* (glob) | |
582 | [255] |
|
593 | [255] | |
583 |
|
594 | |||
584 | with client certificate: |
|
595 | with client certificate: | |
585 |
|
596 | |||
586 | $ cat << EOT >> $HGRCPATH |
|
597 | $ cat << EOT >> $HGRCPATH | |
587 | > [auth] |
|
598 | > [auth] | |
588 | > l.prefix = localhost |
|
599 | > l.prefix = localhost | |
589 | > l.cert = $CERTSDIR/client-cert.pem |
|
600 | > l.cert = $CERTSDIR/client-cert.pem | |
590 | > l.key = $CERTSDIR/client-key.pem |
|
601 | > l.key = $CERTSDIR/client-key.pem | |
591 | > EOT |
|
602 | > EOT | |
592 |
|
603 | |||
593 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ |
|
604 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ | |
594 | > --config auth.l.key="$CERTSDIR/client-key-decrypted.pem" |
|
605 | > --config auth.l.key="$CERTSDIR/client-key-decrypted.pem" | |
595 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
606 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
596 | 5fed3813f7f5 |
|
607 | 5fed3813f7f5 | |
597 |
|
608 | |||
598 | $ printf '1234\n' | env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ |
|
609 | $ printf '1234\n' | env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ | |
599 | > --config ui.interactive=True --config ui.nontty=True |
|
610 | > --config ui.interactive=True --config ui.nontty=True | |
600 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
611 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
601 | passphrase for */client-key.pem: 5fed3813f7f5 (glob) |
|
612 | passphrase for */client-key.pem: 5fed3813f7f5 (glob) | |
602 |
|
613 | |||
603 | $ env P="$CERTSDIR" hg id https://localhost:$HGPORT/ |
|
614 | $ env P="$CERTSDIR" hg id https://localhost:$HGPORT/ | |
604 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
615 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
605 | abort: error: * (glob) |
|
616 | abort: error: * (glob) | |
606 | [255] |
|
617 | [255] | |
607 |
|
618 | |||
608 | #endif |
|
619 | #endif |
General Comments 0
You need to be logged in to leave comments.
Login now