##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

hgweb: do not ignore [auth] if url has a username (issue2822)...
Patrick Mezard -
r15005:4a43e23b 1.9.1 stable
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,1300 +1,1302
1 1 The Mercurial system uses a set of configuration files to control
2 2 aspects of its behavior.
3 3
4 4 The configuration files use a simple ini-file format. A configuration
5 5 file consists of sections, led by a ``[section]`` header and followed
6 6 by ``name = value`` entries::
7 7
8 8 [ui]
9 9 username = Firstname Lastname <firstname.lastname@example.net>
10 10 verbose = True
11 11
12 12 The above entries will be referred to as ``ui.username`` and
13 13 ``ui.verbose``, respectively. See the Syntax section below.
14 14
15 15 Files
16 16 -----
17 17
18 18 Mercurial reads configuration data from several files, if they exist.
19 19 These files do not exist by default and you will have to create the
20 20 appropriate configuration files yourself: global configuration like
21 21 the username setting is typically put into
22 22 ``%USERPROFILE%\mercurial.ini`` or ``$HOME/.hgrc`` and local
23 23 configuration is put into the per-repository ``<repo>/.hg/hgrc`` file.
24 24
25 25 The names of these files depend on the system on which Mercurial is
26 26 installed. ``*.rc`` files from a single directory are read in
27 27 alphabetical order, later ones overriding earlier ones. Where multiple
28 28 paths are given below, settings from earlier paths override later
29 29 ones.
30 30
31 31 | (Unix, Windows) ``<repo>/.hg/hgrc``
32 32
33 33 Per-repository configuration options that only apply in a
34 34 particular repository. This file is not version-controlled, and
35 35 will not get transferred during a "clone" operation. Options in
36 36 this file override options in all other configuration files. On
37 37 Unix, most of this file will be ignored if it doesn't belong to a
38 38 trusted user or to a trusted group. See the documentation for the
39 39 ``[trusted]`` section below for more details.
40 40
41 41 | (Unix) ``$HOME/.hgrc``
42 42 | (Windows) ``%USERPROFILE%\.hgrc``
43 43 | (Windows) ``%USERPROFILE%\Mercurial.ini``
44 44 | (Windows) ``%HOME%\.hgrc``
45 45 | (Windows) ``%HOME%\Mercurial.ini``
46 46
47 47 Per-user configuration file(s), for the user running Mercurial. On
48 48 Windows 9x, ``%HOME%`` is replaced by ``%APPDATA%``. Options in these
49 49 files apply to all Mercurial commands executed by this user in any
50 50 directory. Options in these files override per-system and per-installation
51 51 options.
52 52
53 53 | (Unix) ``/etc/mercurial/hgrc``
54 54 | (Unix) ``/etc/mercurial/hgrc.d/*.rc``
55 55
56 56 Per-system configuration files, for the system on which Mercurial
57 57 is running. Options in these files apply to all Mercurial commands
58 58 executed by any user in any directory. Options in these files
59 59 override per-installation options.
60 60
61 61 | (Unix) ``<install-root>/etc/mercurial/hgrc``
62 62 | (Unix) ``<install-root>/etc/mercurial/hgrc.d/*.rc``
63 63
64 64 Per-installation configuration files, searched for in the
65 65 directory where Mercurial is installed. ``<install-root>`` is the
66 66 parent directory of the **hg** executable (or symlink) being run. For
67 67 example, if installed in ``/shared/tools/bin/hg``, Mercurial will look
68 68 in ``/shared/tools/etc/mercurial/hgrc``. Options in these files apply
69 69 to all Mercurial commands executed by any user in any directory.
70 70
71 71 | (Windows) ``<install-dir>\Mercurial.ini`` **or**
72 72 | (Windows) ``<install-dir>\hgrc.d\*.rc`` **or**
73 73 | (Windows) ``HKEY_LOCAL_MACHINE\SOFTWARE\Mercurial``
74 74
75 75 Per-installation/system configuration files, for the system on
76 76 which Mercurial is running. Options in these files apply to all
77 77 Mercurial commands executed by any user in any directory. Registry
78 78 keys contain PATH-like strings, every part of which must reference
79 79 a ``Mercurial.ini`` file or be a directory where ``*.rc`` files will
80 80 be read. Mercurial checks each of these locations in the specified
81 81 order until one or more configuration files are detected. If the
82 82 pywin32 extensions are not installed, Mercurial will only look for
83 83 site-wide configuration in ``C:\Mercurial\Mercurial.ini``.
84 84
85 85 Syntax
86 86 ------
87 87
88 88 A configuration file consists of sections, led by a ``[section]`` header
89 89 and followed by ``name = value`` entries (sometimes called
90 90 ``configuration keys``)::
91 91
92 92 [spam]
93 93 eggs=ham
94 94 green=
95 95 eggs
96 96
97 97 Each line contains one entry. If the lines that follow are indented,
98 98 they are treated as continuations of that entry. Leading whitespace is
99 99 removed from values. Empty lines are skipped. Lines beginning with
100 100 ``#`` or ``;`` are ignored and may be used to provide comments.
101 101
102 102 Configuration keys can be set multiple times, in which case Mercurial
103 103 will use the value that was configured last. As an example::
104 104
105 105 [spam]
106 106 eggs=large
107 107 ham=serrano
108 108 eggs=small
109 109
110 110 This would set the configuration key named ``eggs`` to ``small``.
111 111
112 112 It is also possible to define a section multiple times. A section can
113 113 be redefined on the same and/or on different configuration files. For
114 114 example::
115 115
116 116 [foo]
117 117 eggs=large
118 118 ham=serrano
119 119 eggs=small
120 120
121 121 [bar]
122 122 eggs=ham
123 123 green=
124 124 eggs
125 125
126 126 [foo]
127 127 ham=prosciutto
128 128 eggs=medium
129 129 bread=toasted
130 130
131 131 This would set the ``eggs``, ``ham``, and ``bread`` configuration keys
132 132 of the ``foo`` section to ``medium``, ``prosciutto``, and ``toasted``,
133 133 respectively. As you can see there only thing that matters is the last
134 134 value that was set for each of the configuration keys.
135 135
136 136 If a configuration key is set multiple times in different
137 137 configuration files the final value will depend on the order in which
138 138 the different configuration files are read, with settings from earlier
139 139 paths overriding later ones as described on the ``Files`` section
140 140 above.
141 141
142 142 A line of the form ``%include file`` will include ``file`` into the
143 143 current configuration file. The inclusion is recursive, which means
144 144 that included files can include other files. Filenames are relative to
145 145 the configuration file in which the ``%include`` directive is found.
146 146 Environment variables and ``~user`` constructs are expanded in
147 147 ``file``. This lets you do something like::
148 148
149 149 %include ~/.hgrc.d/$HOST.rc
150 150
151 151 to include a different configuration file on each computer you use.
152 152
153 153 A line with ``%unset name`` will remove ``name`` from the current
154 154 section, if it has been set previously.
155 155
156 156 The values are either free-form text strings, lists of text strings,
157 157 or Boolean values. Boolean values can be set to true using any of "1",
158 158 "yes", "true", or "on" and to false using "0", "no", "false", or "off"
159 159 (all case insensitive).
160 160
161 161 List values are separated by whitespace or comma, except when values are
162 162 placed in double quotation marks::
163 163
164 164 allow_read = "John Doe, PhD", brian, betty
165 165
166 166 Quotation marks can be escaped by prefixing them with a backslash. Only
167 167 quotation marks at the beginning of a word is counted as a quotation
168 168 (e.g., ``foo"bar baz`` is the list of ``foo"bar`` and ``baz``).
169 169
170 170 Sections
171 171 --------
172 172
173 173 This section describes the different sections that may appear in a
174 174 Mercurial configuration file, the purpose of each section, its possible
175 175 keys, and their possible values.
176 176
177 177 ``alias``
178 178 """""""""
179 179
180 180 Defines command aliases.
181 181 Aliases allow you to define your own commands in terms of other
182 182 commands (or aliases), optionally including arguments. Positional
183 183 arguments in the form of ``$1``, ``$2``, etc in the alias definition
184 184 are expanded by Mercurial before execution. Positional arguments not
185 185 already used by ``$N`` in the definition are put at the end of the
186 186 command to be executed.
187 187
188 188 Alias definitions consist of lines of the form::
189 189
190 190 <alias> = <command> [<argument>]...
191 191
192 192 For example, this definition::
193 193
194 194 latest = log --limit 5
195 195
196 196 creates a new command ``latest`` that shows only the five most recent
197 197 changesets. You can define subsequent aliases using earlier ones::
198 198
199 199 stable5 = latest -b stable
200 200
201 201 .. note:: It is possible to create aliases with the same names as
202 202 existing commands, which will then override the original
203 203 definitions. This is almost always a bad idea!
204 204
205 205 An alias can start with an exclamation point (``!``) to make it a
206 206 shell alias. A shell alias is executed with the shell and will let you
207 207 run arbitrary commands. As an example, ::
208 208
209 209 echo = !echo
210 210
211 211 will let you do ``hg echo foo`` to have ``foo`` printed in your
212 212 terminal. A better example might be::
213 213
214 214 purge = !$HG status --no-status --unknown -0 | xargs -0 rm
215 215
216 216 which will make ``hg purge`` delete all unknown files in the
217 217 repository in the same manner as the purge extension.
218 218
219 219 Shell aliases are executed in an environment where ``$HG`` expand to
220 220 the path of the Mercurial that was used to execute the alias. This is
221 221 useful when you want to call further Mercurial commands in a shell
222 222 alias, as was done above for the purge alias. In addition,
223 223 ``$HG_ARGS`` expand to the arguments given to Mercurial. In the ``hg
224 224 echo foo`` call above, ``$HG_ARGS`` would expand to ``echo foo``.
225 225
226 226 ``auth``
227 227 """"""""
228 228
229 229 Authentication credentials for HTTP authentication. This section
230 230 allows you to store usernames and passwords for use when logging
231 231 *into* HTTP servers. See the ``[web]`` configuration section if
232 232 you want to configure *who* can login to your HTTP server.
233 233
234 234 Each line has the following format::
235 235
236 236 <name>.<argument> = <value>
237 237
238 238 where ``<name>`` is used to group arguments into authentication
239 239 entries. Example::
240 240
241 241 foo.prefix = hg.intevation.org/mercurial
242 242 foo.username = foo
243 243 foo.password = bar
244 244 foo.schemes = http https
245 245
246 246 bar.prefix = secure.example.org
247 247 bar.key = path/to/file.key
248 248 bar.cert = path/to/file.cert
249 249 bar.schemes = https
250 250
251 251 Supported arguments:
252 252
253 253 ``prefix``
254 254 Either ``*`` or a URI prefix with or without the scheme part.
255 255 The authentication entry with the longest matching prefix is used
256 256 (where ``*`` matches everything and counts as a match of length
257 257 1). If the prefix doesn't include a scheme, the match is performed
258 258 against the URI with its scheme stripped as well, and the schemes
259 259 argument, q.v., is then subsequently consulted.
260 260
261 261 ``username``
262 262 Optional. Username to authenticate with. If not given, and the
263 263 remote site requires basic or digest authentication, the user will
264 264 be prompted for it. Environment variables are expanded in the
265 username letting you do ``foo.username = $USER``.
265 username letting you do ``foo.username = $USER``. If the URI
266 includes a username, only ``[auth]`` entries with a matching
267 username or without a username will be considered.
266 268
267 269 ``password``
268 270 Optional. Password to authenticate with. If not given, and the
269 271 remote site requires basic or digest authentication, the user
270 272 will be prompted for it.
271 273
272 274 ``key``
273 275 Optional. PEM encoded client certificate key file. Environment
274 276 variables are expanded in the filename.
275 277
276 278 ``cert``
277 279 Optional. PEM encoded client certificate chain file. Environment
278 280 variables are expanded in the filename.
279 281
280 282 ``schemes``
281 283 Optional. Space separated list of URI schemes to use this
282 284 authentication entry with. Only used if the prefix doesn't include
283 285 a scheme. Supported schemes are http and https. They will match
284 286 static-http and static-https respectively, as well.
285 287 Default: https.
286 288
287 289 If no suitable authentication entry is found, the user is prompted
288 290 for credentials as usual if required by the remote.
289 291
290 292
291 293 ``decode/encode``
292 294 """""""""""""""""
293 295
294 296 Filters for transforming files on checkout/checkin. This would
295 297 typically be used for newline processing or other
296 298 localization/canonicalization of files.
297 299
298 300 Filters consist of a filter pattern followed by a filter command.
299 301 Filter patterns are globs by default, rooted at the repository root.
300 302 For example, to match any file ending in ``.txt`` in the root
301 303 directory only, use the pattern ``*.txt``. To match any file ending
302 304 in ``.c`` anywhere in the repository, use the pattern ``**.c``.
303 305 For each file only the first matching filter applies.
304 306
305 307 The filter command can start with a specifier, either ``pipe:`` or
306 308 ``tempfile:``. If no specifier is given, ``pipe:`` is used by default.
307 309
308 310 A ``pipe:`` command must accept data on stdin and return the transformed
309 311 data on stdout.
310 312
311 313 Pipe example::
312 314
313 315 [encode]
314 316 # uncompress gzip files on checkin to improve delta compression
315 317 # note: not necessarily a good idea, just an example
316 318 *.gz = pipe: gunzip
317 319
318 320 [decode]
319 321 # recompress gzip files when writing them to the working dir (we
320 322 # can safely omit "pipe:", because it's the default)
321 323 *.gz = gzip
322 324
323 325 A ``tempfile:`` command is a template. The string ``INFILE`` is replaced
324 326 with the name of a temporary file that contains the data to be
325 327 filtered by the command. The string ``OUTFILE`` is replaced with the name
326 328 of an empty temporary file, where the filtered data must be written by
327 329 the command.
328 330
329 331 .. note:: The tempfile mechanism is recommended for Windows systems,
330 332 where the standard shell I/O redirection operators often have
331 333 strange effects and may corrupt the contents of your files.
332 334
333 335 This filter mechanism is used internally by the ``eol`` extension to
334 336 translate line ending characters between Windows (CRLF) and Unix (LF)
335 337 format. We suggest you use the ``eol`` extension for convenience.
336 338
337 339
338 340 ``defaults``
339 341 """"""""""""
340 342
341 343 (defaults are deprecated. Don't use them. Use aliases instead)
342 344
343 345 Use the ``[defaults]`` section to define command defaults, i.e. the
344 346 default options/arguments to pass to the specified commands.
345 347
346 348 The following example makes :hg:`log` run in verbose mode, and
347 349 :hg:`status` show only the modified files, by default::
348 350
349 351 [defaults]
350 352 log = -v
351 353 status = -m
352 354
353 355 The actual commands, instead of their aliases, must be used when
354 356 defining command defaults. The command defaults will also be applied
355 357 to the aliases of the commands defined.
356 358
357 359
358 360 ``diff``
359 361 """"""""
360 362
361 363 Settings used when displaying diffs. Everything except for ``unified`` is a
362 364 Boolean and defaults to False.
363 365
364 366 ``git``
365 367 Use git extended diff format.
366 368
367 369 ``nodates``
368 370 Don't include dates in diff headers.
369 371
370 372 ``showfunc``
371 373 Show which function each change is in.
372 374
373 375 ``ignorews``
374 376 Ignore white space when comparing lines.
375 377
376 378 ``ignorewsamount``
377 379 Ignore changes in the amount of white space.
378 380
379 381 ``ignoreblanklines``
380 382 Ignore changes whose lines are all blank.
381 383
382 384 ``unified``
383 385 Number of lines of context to show.
384 386
385 387 ``email``
386 388 """""""""
387 389
388 390 Settings for extensions that send email messages.
389 391
390 392 ``from``
391 393 Optional. Email address to use in "From" header and SMTP envelope
392 394 of outgoing messages.
393 395
394 396 ``to``
395 397 Optional. Comma-separated list of recipients' email addresses.
396 398
397 399 ``cc``
398 400 Optional. Comma-separated list of carbon copy recipients'
399 401 email addresses.
400 402
401 403 ``bcc``
402 404 Optional. Comma-separated list of blind carbon copy recipients'
403 405 email addresses.
404 406
405 407 ``method``
406 408 Optional. Method to use to send email messages. If value is ``smtp``
407 409 (default), use SMTP (see the ``[smtp]`` section for configuration).
408 410 Otherwise, use as name of program to run that acts like sendmail
409 411 (takes ``-f`` option for sender, list of recipients on command line,
410 412 message on stdin). Normally, setting this to ``sendmail`` or
411 413 ``/usr/sbin/sendmail`` is enough to use sendmail to send messages.
412 414
413 415 ``charsets``
414 416 Optional. Comma-separated list of character sets considered
415 417 convenient for recipients. Addresses, headers, and parts not
416 418 containing patches of outgoing messages will be encoded in the
417 419 first character set to which conversion from local encoding
418 420 (``$HGENCODING``, ``ui.fallbackencoding``) succeeds. If correct
419 421 conversion fails, the text in question is sent as is. Defaults to
420 422 empty (explicit) list.
421 423
422 424 Order of outgoing email character sets:
423 425
424 426 1. ``us-ascii``: always first, regardless of settings
425 427 2. ``email.charsets``: in order given by user
426 428 3. ``ui.fallbackencoding``: if not in email.charsets
427 429 4. ``$HGENCODING``: if not in email.charsets
428 430 5. ``utf-8``: always last, regardless of settings
429 431
430 432 Email example::
431 433
432 434 [email]
433 435 from = Joseph User <joe.user@example.com>
434 436 method = /usr/sbin/sendmail
435 437 # charsets for western Europeans
436 438 # us-ascii, utf-8 omitted, as they are tried first and last
437 439 charsets = iso-8859-1, iso-8859-15, windows-1252
438 440
439 441
440 442 ``extensions``
441 443 """"""""""""""
442 444
443 445 Mercurial has an extension mechanism for adding new features. To
444 446 enable an extension, create an entry for it in this section.
445 447
446 448 If you know that the extension is already in Python's search path,
447 449 you can give the name of the module, followed by ``=``, with nothing
448 450 after the ``=``.
449 451
450 452 Otherwise, give a name that you choose, followed by ``=``, followed by
451 453 the path to the ``.py`` file (including the file name extension) that
452 454 defines the extension.
453 455
454 456 To explicitly disable an extension that is enabled in an hgrc of
455 457 broader scope, prepend its path with ``!``, as in ``foo = !/ext/path``
456 458 or ``foo = !`` when path is not supplied.
457 459
458 460 Example for ``~/.hgrc``::
459 461
460 462 [extensions]
461 463 # (the mq extension will get loaded from Mercurial's path)
462 464 mq =
463 465 # (this extension will get loaded from the file specified)
464 466 myfeature = ~/.hgext/myfeature.py
465 467
466 468
467 469 ``hostfingerprints``
468 470 """"""""""""""""""""
469 471
470 472 Fingerprints of the certificates of known HTTPS servers.
471 473 A HTTPS connection to a server with a fingerprint configured here will
472 474 only succeed if the servers certificate matches the fingerprint.
473 475 This is very similar to how ssh known hosts works.
474 476 The fingerprint is the SHA-1 hash value of the DER encoded certificate.
475 477 The CA chain and web.cacerts is not used for servers with a fingerprint.
476 478
477 479 For example::
478 480
479 481 [hostfingerprints]
480 482 hg.intevation.org = 38:76:52:7c:87:26:9a:8f:4a:f8:d3:de:08:45:3b:ea:d6:4b:ee:cc
481 483
482 484 This feature is only supported when using Python 2.6 or later.
483 485
484 486
485 487 ``format``
486 488 """"""""""
487 489
488 490 ``usestore``
489 491 Enable or disable the "store" repository format which improves
490 492 compatibility with systems that fold case or otherwise mangle
491 493 filenames. Enabled by default. Disabling this option will allow
492 494 you to store longer filenames in some situations at the expense of
493 495 compatibility and ensures that the on-disk format of newly created
494 496 repositories will be compatible with Mercurial before version 0.9.4.
495 497
496 498 ``usefncache``
497 499 Enable or disable the "fncache" repository format which enhances
498 500 the "store" repository format (which has to be enabled to use
499 501 fncache) to allow longer filenames and avoids using Windows
500 502 reserved names, e.g. "nul". Enabled by default. Disabling this
501 503 option ensures that the on-disk format of newly created
502 504 repositories will be compatible with Mercurial before version 1.1.
503 505
504 506 ``dotencode``
505 507 Enable or disable the "dotencode" repository format which enhances
506 508 the "fncache" repository format (which has to be enabled to use
507 509 dotencode) to avoid issues with filenames starting with ._ on
508 510 Mac OS X and spaces on Windows. Enabled by default. Disabling this
509 511 option ensures that the on-disk format of newly created
510 512 repositories will be compatible with Mercurial before version 1.7.
511 513
512 514 ``merge-patterns``
513 515 """"""""""""""""""
514 516
515 517 This section specifies merge tools to associate with particular file
516 518 patterns. Tools matched here will take precedence over the default
517 519 merge tool. Patterns are globs by default, rooted at the repository
518 520 root.
519 521
520 522 Example::
521 523
522 524 [merge-patterns]
523 525 **.c = kdiff3
524 526 **.jpg = myimgmerge
525 527
526 528 ``merge-tools``
527 529 """""""""""""""
528 530
529 531 This section configures external merge tools to use for file-level
530 532 merges.
531 533
532 534 Example ``~/.hgrc``::
533 535
534 536 [merge-tools]
535 537 # Override stock tool location
536 538 kdiff3.executable = ~/bin/kdiff3
537 539 # Specify command line
538 540 kdiff3.args = $base $local $other -o $output
539 541 # Give higher priority
540 542 kdiff3.priority = 1
541 543
542 544 # Define new tool
543 545 myHtmlTool.args = -m $local $other $base $output
544 546 myHtmlTool.regkey = Software\FooSoftware\HtmlMerge
545 547 myHtmlTool.priority = 1
546 548
547 549 Supported arguments:
548 550
549 551 ``priority``
550 552 The priority in which to evaluate this tool.
551 553 Default: 0.
552 554
553 555 ``executable``
554 556 Either just the name of the executable or its pathname. On Windows,
555 557 the path can use environment variables with ${ProgramFiles} syntax.
556 558 Default: the tool name.
557 559
558 560 ``args``
559 561 The arguments to pass to the tool executable. You can refer to the
560 562 files being merged as well as the output file through these
561 563 variables: ``$base``, ``$local``, ``$other``, ``$output``.
562 564 Default: ``$local $base $other``
563 565
564 566 ``premerge``
565 567 Attempt to run internal non-interactive 3-way merge tool before
566 568 launching external tool. Options are ``true``, ``false``, or ``keep``
567 569 to leave markers in the file if the premerge fails.
568 570 Default: True
569 571
570 572 ``binary``
571 573 This tool can merge binary files. Defaults to False, unless tool
572 574 was selected by file pattern match.
573 575
574 576 ``symlink``
575 577 This tool can merge symlinks. Defaults to False, even if tool was
576 578 selected by file pattern match.
577 579
578 580 ``check``
579 581 A list of merge success-checking options:
580 582
581 583 ``changed``
582 584 Ask whether merge was successful when the merged file shows no changes.
583 585 ``conflicts``
584 586 Check whether there are conflicts even though the tool reported success.
585 587 ``prompt``
586 588 Always prompt for merge success, regardless of success reported by tool.
587 589
588 590 ``checkchanged``
589 591 True is equivalent to ``check = changed``.
590 592 Default: False
591 593
592 594 ``checkconflicts``
593 595 True is equivalent to ``check = conflicts``.
594 596 Default: False
595 597
596 598 ``fixeol``
597 599 Attempt to fix up EOL changes caused by the merge tool.
598 600 Default: False
599 601
600 602 ``gui``
601 603 This tool requires a graphical interface to run. Default: False
602 604
603 605 ``regkey``
604 606 Windows registry key which describes install location of this
605 607 tool. Mercurial will search for this key first under
606 608 ``HKEY_CURRENT_USER`` and then under ``HKEY_LOCAL_MACHINE``.
607 609 Default: None
608 610
609 611 ``regkeyalt``
610 612 An alternate Windows registry key to try if the first key is not
611 613 found. The alternate key uses the same ``regname`` and ``regappend``
612 614 semantics of the primary key. The most common use for this key
613 615 is to search for 32bit applications on 64bit operating systems.
614 616 Default: None
615 617
616 618 ``regname``
617 619 Name of value to read from specified registry key. Defaults to the
618 620 unnamed (default) value.
619 621
620 622 ``regappend``
621 623 String to append to the value read from the registry, typically
622 624 the executable name of the tool.
623 625 Default: None
624 626
625 627
626 628 ``hooks``
627 629 """""""""
628 630
629 631 Commands or Python functions that get automatically executed by
630 632 various actions such as starting or finishing a commit. Multiple
631 633 hooks can be run for the same action by appending a suffix to the
632 634 action. Overriding a site-wide hook can be done by changing its
633 635 value or setting it to an empty string.
634 636
635 637 Example ``.hg/hgrc``::
636 638
637 639 [hooks]
638 640 # update working directory after adding changesets
639 641 changegroup.update = hg update
640 642 # do not use the site-wide hook
641 643 incoming =
642 644 incoming.email = /my/email/hook
643 645 incoming.autobuild = /my/build/hook
644 646
645 647 Most hooks are run with environment variables set that give useful
646 648 additional information. For each hook below, the environment
647 649 variables it is passed are listed with names of the form ``$HG_foo``.
648 650
649 651 ``changegroup``
650 652 Run after a changegroup has been added via push, pull or unbundle.
651 653 ID of the first new changeset is in ``$HG_NODE``. URL from which
652 654 changes came is in ``$HG_URL``.
653 655
654 656 ``commit``
655 657 Run after a changeset has been created in the local repository. ID
656 658 of the newly created changeset is in ``$HG_NODE``. Parent changeset
657 659 IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``.
658 660
659 661 ``incoming``
660 662 Run after a changeset has been pulled, pushed, or unbundled into
661 663 the local repository. The ID of the newly arrived changeset is in
662 664 ``$HG_NODE``. URL that was source of changes came is in ``$HG_URL``.
663 665
664 666 ``outgoing``
665 667 Run after sending changes from local repository to another. ID of
666 668 first changeset sent is in ``$HG_NODE``. Source of operation is in
667 669 ``$HG_SOURCE``; see "preoutgoing" hook for description.
668 670
669 671 ``post-<command>``
670 672 Run after successful invocations of the associated command. The
671 673 contents of the command line are passed as ``$HG_ARGS`` and the result
672 674 code in ``$HG_RESULT``. Parsed command line arguments are passed as
673 675 ``$HG_PATS`` and ``$HG_OPTS``. These contain string representations of
674 676 the python data internally passed to <command>. ``$HG_OPTS`` is a
675 677 dictionary of options (with unspecified options set to their defaults).
676 678 ``$HG_PATS`` is a list of arguments. Hook failure is ignored.
677 679
678 680 ``pre-<command>``
679 681 Run before executing the associated command. The contents of the
680 682 command line are passed as ``$HG_ARGS``. Parsed command line arguments
681 683 are passed as ``$HG_PATS`` and ``$HG_OPTS``. These contain string
682 684 representations of the data internally passed to <command>. ``$HG_OPTS``
683 685 is a dictionary of options (with unspecified options set to their
684 686 defaults). ``$HG_PATS`` is a list of arguments. If the hook returns
685 687 failure, the command doesn't execute and Mercurial returns the failure
686 688 code.
687 689
688 690 ``prechangegroup``
689 691 Run before a changegroup is added via push, pull or unbundle. Exit
690 692 status 0 allows the changegroup to proceed. Non-zero status will
691 693 cause the push, pull or unbundle to fail. URL from which changes
692 694 will come is in ``$HG_URL``.
693 695
694 696 ``precommit``
695 697 Run before starting a local commit. Exit status 0 allows the
696 698 commit to proceed. Non-zero status will cause the commit to fail.
697 699 Parent changeset IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``.
698 700
699 701 ``prelistkeys``
700 702 Run before listing pushkeys (like bookmarks) in the
701 703 repository. Non-zero status will cause failure. The key namespace is
702 704 in ``$HG_NAMESPACE``.
703 705
704 706 ``preoutgoing``
705 707 Run before collecting changes to send from the local repository to
706 708 another. Non-zero status will cause failure. This lets you prevent
707 709 pull over HTTP or SSH. Also prevents against local pull, push
708 710 (outbound) or bundle commands, but not effective, since you can
709 711 just copy files instead then. Source of operation is in
710 712 ``$HG_SOURCE``. If "serve", operation is happening on behalf of remote
711 713 SSH or HTTP repository. If "push", "pull" or "bundle", operation
712 714 is happening on behalf of repository on same system.
713 715
714 716 ``prepushkey``
715 717 Run before a pushkey (like a bookmark) is added to the
716 718 repository. Non-zero status will cause the key to be rejected. The
717 719 key namespace is in ``$HG_NAMESPACE``, the key is in ``$HG_KEY``,
718 720 the old value (if any) is in ``$HG_OLD``, and the new value is in
719 721 ``$HG_NEW``.
720 722
721 723 ``pretag``
722 724 Run before creating a tag. Exit status 0 allows the tag to be
723 725 created. Non-zero status will cause the tag to fail. ID of
724 726 changeset to tag is in ``$HG_NODE``. Name of tag is in ``$HG_TAG``. Tag is
725 727 local if ``$HG_LOCAL=1``, in repository if ``$HG_LOCAL=0``.
726 728
727 729 ``pretxnchangegroup``
728 730 Run after a changegroup has been added via push, pull or unbundle,
729 731 but before the transaction has been committed. Changegroup is
730 732 visible to hook program. This lets you validate incoming changes
731 733 before accepting them. Passed the ID of the first new changeset in
732 734 ``$HG_NODE``. Exit status 0 allows the transaction to commit. Non-zero
733 735 status will cause the transaction to be rolled back and the push,
734 736 pull or unbundle will fail. URL that was source of changes is in
735 737 ``$HG_URL``.
736 738
737 739 ``pretxncommit``
738 740 Run after a changeset has been created but the transaction not yet
739 741 committed. Changeset is visible to hook program. This lets you
740 742 validate commit message and changes. Exit status 0 allows the
741 743 commit to proceed. Non-zero status will cause the transaction to
742 744 be rolled back. ID of changeset is in ``$HG_NODE``. Parent changeset
743 745 IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``.
744 746
745 747 ``preupdate``
746 748 Run before updating the working directory. Exit status 0 allows
747 749 the update to proceed. Non-zero status will prevent the update.
748 750 Changeset ID of first new parent is in ``$HG_PARENT1``. If merge, ID
749 751 of second new parent is in ``$HG_PARENT2``.
750 752
751 753 ``listkeys``
752 754 Run after listing pushkeys (like bookmarks) in the repository. The
753 755 key namespace is in ``$HG_NAMESPACE``. ``$HG_VALUES`` is a
754 756 dictionary containing the keys and values.
755 757
756 758 ``pushkey``
757 759 Run after a pushkey (like a bookmark) is added to the
758 760 repository. The key namespace is in ``$HG_NAMESPACE``, the key is in
759 761 ``$HG_KEY``, the old value (if any) is in ``$HG_OLD``, and the new
760 762 value is in ``$HG_NEW``.
761 763
762 764 ``tag``
763 765 Run after a tag is created. ID of tagged changeset is in ``$HG_NODE``.
764 766 Name of tag is in ``$HG_TAG``. Tag is local if ``$HG_LOCAL=1``, in
765 767 repository if ``$HG_LOCAL=0``.
766 768
767 769 ``update``
768 770 Run after updating the working directory. Changeset ID of first
769 771 new parent is in ``$HG_PARENT1``. If merge, ID of second new parent is
770 772 in ``$HG_PARENT2``. If the update succeeded, ``$HG_ERROR=0``. If the
771 773 update failed (e.g. because conflicts not resolved), ``$HG_ERROR=1``.
772 774
773 775 .. note:: It is generally better to use standard hooks rather than the
774 776 generic pre- and post- command hooks as they are guaranteed to be
775 777 called in the appropriate contexts for influencing transactions.
776 778 Also, hooks like "commit" will be called in all contexts that
777 779 generate a commit (e.g. tag) and not just the commit command.
778 780
779 781 .. note:: Environment variables with empty values may not be passed to
780 782 hooks on platforms such as Windows. As an example, ``$HG_PARENT2``
781 783 will have an empty value under Unix-like platforms for non-merge
782 784 changesets, while it will not be available at all under Windows.
783 785
784 786 The syntax for Python hooks is as follows::
785 787
786 788 hookname = python:modulename.submodule.callable
787 789 hookname = python:/path/to/python/module.py:callable
788 790
789 791 Python hooks are run within the Mercurial process. Each hook is
790 792 called with at least three keyword arguments: a ui object (keyword
791 793 ``ui``), a repository object (keyword ``repo``), and a ``hooktype``
792 794 keyword that tells what kind of hook is used. Arguments listed as
793 795 environment variables above are passed as keyword arguments, with no
794 796 ``HG_`` prefix, and names in lower case.
795 797
796 798 If a Python hook returns a "true" value or raises an exception, this
797 799 is treated as a failure.
798 800
799 801
800 802 ``http_proxy``
801 803 """"""""""""""
802 804
803 805 Used to access web-based Mercurial repositories through a HTTP
804 806 proxy.
805 807
806 808 ``host``
807 809 Host name and (optional) port of the proxy server, for example
808 810 "myproxy:8000".
809 811
810 812 ``no``
811 813 Optional. Comma-separated list of host names that should bypass
812 814 the proxy.
813 815
814 816 ``passwd``
815 817 Optional. Password to authenticate with at the proxy server.
816 818
817 819 ``user``
818 820 Optional. User name to authenticate with at the proxy server.
819 821
820 822 ``always``
821 823 Optional. Always use the proxy, even for localhost and any entries
822 824 in ``http_proxy.no``. True or False. Default: False.
823 825
824 826 ``smtp``
825 827 """"""""
826 828
827 829 Configuration for extensions that need to send email messages.
828 830
829 831 ``host``
830 832 Host name of mail server, e.g. "mail.example.com".
831 833
832 834 ``port``
833 835 Optional. Port to connect to on mail server. Default: 25.
834 836
835 837 ``tls``
836 838 Optional. Method to enable TLS when connecting to mail server: starttls,
837 839 smtps or none. Default: none.
838 840
839 841 ``username``
840 842 Optional. User name for authenticating with the SMTP server.
841 843 Default: none.
842 844
843 845 ``password``
844 846 Optional. Password for authenticating with the SMTP server. If not
845 847 specified, interactive sessions will prompt the user for a
846 848 password; non-interactive sessions will fail. Default: none.
847 849
848 850 ``local_hostname``
849 851 Optional. It's the hostname that the sender can use to identify
850 852 itself to the MTA.
851 853
852 854
853 855 ``patch``
854 856 """""""""
855 857
856 858 Settings used when applying patches, for instance through the 'import'
857 859 command or with Mercurial Queues extension.
858 860
859 861 ``eol``
860 862 When set to 'strict' patch content and patched files end of lines
861 863 are preserved. When set to ``lf`` or ``crlf``, both files end of
862 864 lines are ignored when patching and the result line endings are
863 865 normalized to either LF (Unix) or CRLF (Windows). When set to
864 866 ``auto``, end of lines are again ignored while patching but line
865 867 endings in patched files are normalized to their original setting
866 868 on a per-file basis. If target file does not exist or has no end
867 869 of line, patch line endings are preserved.
868 870 Default: strict.
869 871
870 872
871 873 ``paths``
872 874 """""""""
873 875
874 876 Assigns symbolic names to repositories. The left side is the
875 877 symbolic name, and the right gives the directory or URL that is the
876 878 location of the repository. Default paths can be declared by setting
877 879 the following entries.
878 880
879 881 ``default``
880 882 Directory or URL to use when pulling if no source is specified.
881 883 Default is set to repository from which the current repository was
882 884 cloned.
883 885
884 886 ``default-push``
885 887 Optional. Directory or URL to use when pushing if no destination
886 888 is specified.
887 889
888 890
889 891 ``profiling``
890 892 """""""""""""
891 893
892 894 Specifies profiling format and file output. In this section
893 895 description, 'profiling data' stands for the raw data collected
894 896 during profiling, while 'profiling report' stands for a statistical
895 897 text report generated from the profiling data. The profiling is done
896 898 using lsprof.
897 899
898 900 ``format``
899 901 Profiling format.
900 902 Default: text.
901 903
902 904 ``text``
903 905 Generate a profiling report. When saving to a file, it should be
904 906 noted that only the report is saved, and the profiling data is
905 907 not kept.
906 908 ``kcachegrind``
907 909 Format profiling data for kcachegrind use: when saving to a
908 910 file, the generated file can directly be loaded into
909 911 kcachegrind.
910 912
911 913 ``output``
912 914 File path where profiling data or report should be saved. If the
913 915 file exists, it is replaced. Default: None, data is printed on
914 916 stderr
915 917
916 918 ``revsetalias``
917 919 """""""""""""""
918 920
919 921 Alias definitions for revsets. See :hg:`help revsets` for details.
920 922
921 923 ``server``
922 924 """"""""""
923 925
924 926 Controls generic server settings.
925 927
926 928 ``uncompressed``
927 929 Whether to allow clients to clone a repository using the
928 930 uncompressed streaming protocol. This transfers about 40% more
929 931 data than a regular clone, but uses less memory and CPU on both
930 932 server and client. Over a LAN (100 Mbps or better) or a very fast
931 933 WAN, an uncompressed streaming clone is a lot faster (~10x) than a
932 934 regular clone. Over most WAN connections (anything slower than
933 935 about 6 Mbps), uncompressed streaming is slower, because of the
934 936 extra data transfer overhead. This mode will also temporarily hold
935 937 the write lock while determining what data to transfer.
936 938 Default is True.
937 939
938 940 ``validate``
939 941 Whether to validate the completeness of pushed changesets by
940 942 checking that all new file revisions specified in manifests are
941 943 present. Default is False.
942 944
943 945 ``subpaths``
944 946 """"""""""""
945 947
946 948 Defines subrepositories source locations rewriting rules of the form::
947 949
948 950 <pattern> = <replacement>
949 951
950 952 Where ``pattern`` is a regular expression matching the source and
951 953 ``replacement`` is the replacement string used to rewrite it. Groups
952 954 can be matched in ``pattern`` and referenced in ``replacements``. For
953 955 instance::
954 956
955 957 http://server/(.*)-hg/ = http://hg.server/\1/
956 958
957 959 rewrites ``http://server/foo-hg/`` into ``http://hg.server/foo/``.
958 960
959 961 All patterns are applied in definition order.
960 962
961 963 ``trusted``
962 964 """""""""""
963 965
964 966 Mercurial will not use the settings in the
965 967 ``.hg/hgrc`` file from a repository if it doesn't belong to a trusted
966 968 user or to a trusted group, as various hgrc features allow arbitrary
967 969 commands to be run. This issue is often encountered when configuring
968 970 hooks or extensions for shared repositories or servers. However,
969 971 the web interface will use some safe settings from the ``[web]``
970 972 section.
971 973
972 974 This section specifies what users and groups are trusted. The
973 975 current user is always trusted. To trust everybody, list a user or a
974 976 group with name ``*``. These settings must be placed in an
975 977 *already-trusted file* to take effect, such as ``$HOME/.hgrc`` of the
976 978 user or service running Mercurial.
977 979
978 980 ``users``
979 981 Comma-separated list of trusted users.
980 982
981 983 ``groups``
982 984 Comma-separated list of trusted groups.
983 985
984 986
985 987 ``ui``
986 988 """"""
987 989
988 990 User interface controls.
989 991
990 992 ``archivemeta``
991 993 Whether to include the .hg_archival.txt file containing meta data
992 994 (hashes for the repository base and for tip) in archives created
993 995 by the :hg:`archive` command or downloaded via hgweb.
994 996 Default is True.
995 997
996 998 ``askusername``
997 999 Whether to prompt for a username when committing. If True, and
998 1000 neither ``$HGUSER`` nor ``$EMAIL`` has been specified, then the user will
999 1001 be prompted to enter a username. If no username is entered, the
1000 1002 default ``USER@HOST`` is used instead.
1001 1003 Default is False.
1002 1004
1003 1005 ``commitsubrepos``
1004 1006 Whether to commit modified subrepositories when committing the
1005 1007 parent repository. If False and one subrepository has uncommitted
1006 1008 changes, abort the commit.
1007 1009 Default is True.
1008 1010
1009 1011 ``debug``
1010 1012 Print debugging information. True or False. Default is False.
1011 1013
1012 1014 ``editor``
1013 1015 The editor to use during a commit. Default is ``$EDITOR`` or ``vi``.
1014 1016
1015 1017 ``fallbackencoding``
1016 1018 Encoding to try if it's not possible to decode the changelog using
1017 1019 UTF-8. Default is ISO-8859-1.
1018 1020
1019 1021 ``ignore``
1020 1022 A file to read per-user ignore patterns from. This file should be
1021 1023 in the same format as a repository-wide .hgignore file. This
1022 1024 option supports hook syntax, so if you want to specify multiple
1023 1025 ignore files, you can do so by setting something like
1024 1026 ``ignore.other = ~/.hgignore2``. For details of the ignore file
1025 1027 format, see the ``hgignore(5)`` man page.
1026 1028
1027 1029 ``interactive``
1028 1030 Allow to prompt the user. True or False. Default is True.
1029 1031
1030 1032 ``logtemplate``
1031 1033 Template string for commands that print changesets.
1032 1034
1033 1035 ``merge``
1034 1036 The conflict resolution program to use during a manual merge.
1035 1037 For more information on merge tools see :hg:`help merge-tools`.
1036 1038 For configuring merge tools see the ``[merge-tools]`` section.
1037 1039
1038 1040 ``portablefilenames``
1039 1041 Check for portable filenames. Can be ``warn``, ``ignore`` or ``abort``.
1040 1042 Default is ``warn``.
1041 1043 If set to ``warn`` (or ``true``), a warning message is printed on POSIX
1042 1044 platforms, if a file with a non-portable filename is added (e.g. a file
1043 1045 with a name that can't be created on Windows because it contains reserved
1044 1046 parts like ``AUX``, reserved characters like ``:``, or would cause a case
1045 1047 collision with an existing file).
1046 1048 If set to ``ignore`` (or ``false``), no warning is printed.
1047 1049 If set to ``abort``, the command is aborted.
1048 1050 On Windows, this configuration option is ignored and the command aborted.
1049 1051
1050 1052 ``quiet``
1051 1053 Reduce the amount of output printed. True or False. Default is False.
1052 1054
1053 1055 ``remotecmd``
1054 1056 remote command to use for clone/push/pull operations. Default is ``hg``.
1055 1057
1056 1058 ``report_untrusted``
1057 1059 Warn if a ``.hg/hgrc`` file is ignored due to not being owned by a
1058 1060 trusted user or group. True or False. Default is True.
1059 1061
1060 1062 ``slash``
1061 1063 Display paths using a slash (``/``) as the path separator. This
1062 1064 only makes a difference on systems where the default path
1063 1065 separator is not the slash character (e.g. Windows uses the
1064 1066 backslash character (``\``)).
1065 1067 Default is False.
1066 1068
1067 1069 ``ssh``
1068 1070 command to use for SSH connections. Default is ``ssh``.
1069 1071
1070 1072 ``strict``
1071 1073 Require exact command names, instead of allowing unambiguous
1072 1074 abbreviations. True or False. Default is False.
1073 1075
1074 1076 ``style``
1075 1077 Name of style to use for command output.
1076 1078
1077 1079 ``timeout``
1078 1080 The timeout used when a lock is held (in seconds), a negative value
1079 1081 means no timeout. Default is 600.
1080 1082
1081 1083 ``traceback``
1082 1084 Mercurial always prints a traceback when an unknown exception
1083 1085 occurs. Setting this to True will make Mercurial print a traceback
1084 1086 on all exceptions, even those recognized by Mercurial (such as
1085 1087 IOError or MemoryError). Default is False.
1086 1088
1087 1089 ``username``
1088 1090 The committer of a changeset created when running "commit".
1089 1091 Typically a person's name and email address, e.g. ``Fred Widget
1090 1092 <fred@example.com>``. Default is ``$EMAIL`` or ``username@hostname``. If
1091 1093 the username in hgrc is empty, it has to be specified manually or
1092 1094 in a different hgrc file (e.g. ``$HOME/.hgrc``, if the admin set
1093 1095 ``username =`` in the system hgrc). Environment variables in the
1094 1096 username are expanded.
1095 1097
1096 1098 ``verbose``
1097 1099 Increase the amount of output printed. True or False. Default is False.
1098 1100
1099 1101
1100 1102 ``web``
1101 1103 """""""
1102 1104
1103 1105 Web interface configuration. The settings in this section apply to
1104 1106 both the builtin webserver (started by :hg:`serve`) and the script you
1105 1107 run through a webserver (``hgweb.cgi`` and the derivatives for FastCGI
1106 1108 and WSGI).
1107 1109
1108 1110 The Mercurial webserver does no authentication (it does not prompt for
1109 1111 usernames and passwords to validate *who* users are), but it does do
1110 1112 authorization (it grants or denies access for *authenticated users*
1111 1113 based on settings in this section). You must either configure your
1112 1114 webserver to do authentication for you, or disable the authorization
1113 1115 checks.
1114 1116
1115 1117 For a quick setup in a trusted environment, e.g., a private LAN, where
1116 1118 you want it to accept pushes from anybody, you can use the following
1117 1119 command line::
1118 1120
1119 1121 $ hg --config web.allow_push=* --config web.push_ssl=False serve
1120 1122
1121 1123 Note that this will allow anybody to push anything to the server and
1122 1124 that this should not be used for public servers.
1123 1125
1124 1126 The full set of options is:
1125 1127
1126 1128 ``accesslog``
1127 1129 Where to output the access log. Default is stdout.
1128 1130
1129 1131 ``address``
1130 1132 Interface address to bind to. Default is all.
1131 1133
1132 1134 ``allow_archive``
1133 1135 List of archive format (bz2, gz, zip) allowed for downloading.
1134 1136 Default is empty.
1135 1137
1136 1138 ``allowbz2``
1137 1139 (DEPRECATED) Whether to allow .tar.bz2 downloading of repository
1138 1140 revisions.
1139 1141 Default is False.
1140 1142
1141 1143 ``allowgz``
1142 1144 (DEPRECATED) Whether to allow .tar.gz downloading of repository
1143 1145 revisions.
1144 1146 Default is False.
1145 1147
1146 1148 ``allowpull``
1147 1149 Whether to allow pulling from the repository. Default is True.
1148 1150
1149 1151 ``allow_push``
1150 1152 Whether to allow pushing to the repository. If empty or not set,
1151 1153 push is not allowed. If the special value ``*``, any remote user can
1152 1154 push, including unauthenticated users. Otherwise, the remote user
1153 1155 must have been authenticated, and the authenticated user name must
1154 1156 be present in this list. The contents of the allow_push list are
1155 1157 examined after the deny_push list.
1156 1158
1157 1159 ``guessmime``
1158 1160 Control MIME types for raw download of file content.
1159 1161 Set to True to let hgweb guess the content type from the file
1160 1162 extension. This will serve HTML files as ``text/html`` and might
1161 1163 allow cross-site scripting attacks when serving untrusted
1162 1164 repositories. Default is False.
1163 1165
1164 1166 ``allow_read``
1165 1167 If the user has not already been denied repository access due to
1166 1168 the contents of deny_read, this list determines whether to grant
1167 1169 repository access to the user. If this list is not empty, and the
1168 1170 user is unauthenticated or not present in the list, then access is
1169 1171 denied for the user. If the list is empty or not set, then access
1170 1172 is permitted to all users by default. Setting allow_read to the
1171 1173 special value ``*`` is equivalent to it not being set (i.e. access
1172 1174 is permitted to all users). The contents of the allow_read list are
1173 1175 examined after the deny_read list.
1174 1176
1175 1177 ``allowzip``
1176 1178 (DEPRECATED) Whether to allow .zip downloading of repository
1177 1179 revisions. Default is False. This feature creates temporary files.
1178 1180
1179 1181 ``baseurl``
1180 1182 Base URL to use when publishing URLs in other locations, so
1181 1183 third-party tools like email notification hooks can construct
1182 1184 URLs. Example: ``http://hgserver/repos/``.
1183 1185
1184 1186 ``cacerts``
1185 1187 Path to file containing a list of PEM encoded certificate
1186 1188 authority certificates. Environment variables and ``~user``
1187 1189 constructs are expanded in the filename. If specified on the
1188 1190 client, then it will verify the identity of remote HTTPS servers
1189 1191 with these certificates. The form must be as follows::
1190 1192
1191 1193 -----BEGIN CERTIFICATE-----
1192 1194 ... (certificate in base64 PEM encoding) ...
1193 1195 -----END CERTIFICATE-----
1194 1196 -----BEGIN CERTIFICATE-----
1195 1197 ... (certificate in base64 PEM encoding) ...
1196 1198 -----END CERTIFICATE-----
1197 1199
1198 1200 This feature is only supported when using Python 2.6 or later. If you wish
1199 1201 to use it with earlier versions of Python, install the backported
1200 1202 version of the ssl library that is available from
1201 1203 ``http://pypi.python.org``.
1202 1204
1203 1205 You can use OpenSSL's CA certificate file if your platform has one.
1204 1206 On most Linux systems this will be ``/etc/ssl/certs/ca-certificates.crt``.
1205 1207 Otherwise you will have to generate this file manually.
1206 1208
1207 1209 To disable SSL verification temporarily, specify ``--insecure`` from
1208 1210 command line.
1209 1211
1210 1212 ``cache``
1211 1213 Whether to support caching in hgweb. Defaults to True.
1212 1214
1213 1215 ``contact``
1214 1216 Name or email address of the person in charge of the repository.
1215 1217 Defaults to ui.username or ``$EMAIL`` or "unknown" if unset or empty.
1216 1218
1217 1219 ``deny_push``
1218 1220 Whether to deny pushing to the repository. If empty or not set,
1219 1221 push is not denied. If the special value ``*``, all remote users are
1220 1222 denied push. Otherwise, unauthenticated users are all denied, and
1221 1223 any authenticated user name present in this list is also denied. The
1222 1224 contents of the deny_push list are examined before the allow_push list.
1223 1225
1224 1226 ``deny_read``
1225 1227 Whether to deny reading/viewing of the repository. If this list is
1226 1228 not empty, unauthenticated users are all denied, and any
1227 1229 authenticated user name present in this list is also denied access to
1228 1230 the repository. If set to the special value ``*``, all remote users
1229 1231 are denied access (rarely needed ;). If deny_read is empty or not set,
1230 1232 the determination of repository access depends on the presence and
1231 1233 content of the allow_read list (see description). If both
1232 1234 deny_read and allow_read are empty or not set, then access is
1233 1235 permitted to all users by default. If the repository is being
1234 1236 served via hgwebdir, denied users will not be able to see it in
1235 1237 the list of repositories. The contents of the deny_read list have
1236 1238 priority over (are examined before) the contents of the allow_read
1237 1239 list.
1238 1240
1239 1241 ``descend``
1240 1242 hgwebdir indexes will not descend into subdirectories. Only repositories
1241 1243 directly in the current path will be shown (other repositories are still
1242 1244 available from the index corresponding to their containing path).
1243 1245
1244 1246 ``description``
1245 1247 Textual description of the repository's purpose or contents.
1246 1248 Default is "unknown".
1247 1249
1248 1250 ``encoding``
1249 1251 Character encoding name. Default is the current locale charset.
1250 1252 Example: "UTF-8"
1251 1253
1252 1254 ``errorlog``
1253 1255 Where to output the error log. Default is stderr.
1254 1256
1255 1257 ``hidden``
1256 1258 Whether to hide the repository in the hgwebdir index.
1257 1259 Default is False.
1258 1260
1259 1261 ``ipv6``
1260 1262 Whether to use IPv6. Default is False.
1261 1263
1262 1264 ``logourl``
1263 1265 Base URL to use for logos. If unset, ``http://mercurial.selenic.com/``
1264 1266 will be used.
1265 1267
1266 1268 ``name``
1267 1269 Repository name to use in the web interface. Default is current
1268 1270 working directory.
1269 1271
1270 1272 ``maxchanges``
1271 1273 Maximum number of changes to list on the changelog. Default is 10.
1272 1274
1273 1275 ``maxfiles``
1274 1276 Maximum number of files to list per changeset. Default is 10.
1275 1277
1276 1278 ``port``
1277 1279 Port to listen on. Default is 8000.
1278 1280
1279 1281 ``prefix``
1280 1282 Prefix path to serve from. Default is '' (server root).
1281 1283
1282 1284 ``push_ssl``
1283 1285 Whether to require that inbound pushes be transported over SSL to
1284 1286 prevent password sniffing. Default is True.
1285 1287
1286 1288 ``staticurl``
1287 1289 Base URL to use for static files. If unset, static files (e.g. the
1288 1290 hgicon.png favicon) will be served by the CGI script itself. Use
1289 1291 this setting to serve them directly with the HTTP server.
1290 1292 Example: ``http://hgserver/static/``.
1291 1293
1292 1294 ``stripes``
1293 1295 How many lines a "zebra stripe" should span in multiline output.
1294 1296 Default is 1; set to 0 to disable.
1295 1297
1296 1298 ``style``
1297 1299 Which template map style to use.
1298 1300
1299 1301 ``templates``
1300 1302 Where to find the HTML templates. Default is install path.
Show file before | Show file after | Hide comments
@@ -1,268 +1,282
1 1 # httpconnection.py - urllib2 handler for new http support
2 2 #
3 3 # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com>
4 4 # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br>
5 5 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
6 6 # Copyright 2011 Google, Inc.
7 7 #
8 8 # This software may be used and distributed according to the terms of the
9 9 # GNU General Public License version 2 or any later version.
10 10 import logging
11 11 import socket
12 12 import urllib
13 13 import urllib2
14 14 import os
15 15
16 16 from mercurial import httpclient
17 17 from mercurial import sslutil
18 18 from mercurial import util
19 19 from mercurial.i18n import _
20 20
21 21 # moved here from url.py to avoid a cycle
22 22 class httpsendfile(object):
23 23 """This is a wrapper around the objects returned by python's "open".
24 24
25 25 Its purpose is to send file-like objects via HTTP and, to do so, it
26 26 defines a __len__ attribute to feed the Content-Length header.
27 27 """
28 28
29 29 def __init__(self, ui, *args, **kwargs):
30 30 # We can't just "self._data = open(*args, **kwargs)" here because there
31 31 # is an "open" function defined in this module that shadows the global
32 32 # one
33 33 self.ui = ui
34 34 self._data = open(*args, **kwargs)
35 35 self.seek = self._data.seek
36 36 self.close = self._data.close
37 37 self.write = self._data.write
38 38 self._len = os.fstat(self._data.fileno()).st_size
39 39 self._pos = 0
40 40 self._total = self._len / 1024 * 2
41 41
42 42 def read(self, *args, **kwargs):
43 43 try:
44 44 ret = self._data.read(*args, **kwargs)
45 45 except EOFError:
46 46 self.ui.progress(_('sending'), None)
47 47 self._pos += len(ret)
48 48 # We pass double the max for total because we currently have
49 49 # to send the bundle twice in the case of a server that
50 50 # requires authentication. Since we can't know until we try
51 51 # once whether authentication will be required, just lie to
52 52 # the user and maybe the push succeeds suddenly at 50%.
53 53 self.ui.progress(_('sending'), self._pos / 1024,
54 54 unit=_('kb'), total=self._total)
55 55 return ret
56 56
57 57 def __len__(self):
58 58 return self._len
59 59
60 60 # moved here from url.py to avoid a cycle
61 61 def readauthforuri(ui, uri):
62 62 # Read configuration
63 63 config = dict()
64 64 for key, val in ui.configitems('auth'):
65 65 if '.' not in key:
66 66 ui.warn(_("ignoring invalid [auth] key '%s'\n") % key)
67 67 continue
68 68 group, setting = key.rsplit('.', 1)
69 69 gdict = config.setdefault(group, dict())
70 70 if setting in ('username', 'cert', 'key'):
71 71 val = util.expandpath(val)
72 72 gdict[setting] = val
73 73
74 74 # Find the best match
75 uri = util.url(uri)
76 user = uri.user
77 uri.user = uri.password = None
78 uri = str(uri)
75 79 scheme, hostpath = uri.split('://', 1)
80 bestuser = None
76 81 bestlen = 0
77 82 bestauth = None
78 83 for group, auth in config.iteritems():
84 if user and user != auth.get('username', user):
85 # If a username was set in the URI, the entry username
86 # must either match it or be unset
87 continue
79 88 prefix = auth.get('prefix')
80 89 if not prefix:
81 90 continue
82 91 p = prefix.split('://', 1)
83 92 if len(p) > 1:
84 93 schemes, prefix = [p[0]], p[1]
85 94 else:
86 95 schemes = (auth.get('schemes') or 'https').split()
87 96 if (prefix == '*' or hostpath.startswith(prefix)) and \
88 len(prefix) > bestlen and scheme in schemes:
97 (len(prefix) > bestlen or (len(prefix) == bestlen and \
98 not bestuser and 'username' in auth)) \
99 and scheme in schemes:
89 100 bestlen = len(prefix)
90 101 bestauth = group, auth
102 bestuser = auth.get('username')
103 if user and not bestuser:
104 auth['username'] = user
91 105 return bestauth
92 106
93 107 # Mercurial (at least until we can remove the old codepath) requires
94 108 # that the http response object be sufficiently file-like, so we
95 109 # provide a close() method here.
96 110 class HTTPResponse(httpclient.HTTPResponse):
97 111 def close(self):
98 112 pass
99 113
100 114 class HTTPConnection(httpclient.HTTPConnection):
101 115 response_class = HTTPResponse
102 116 def request(self, method, uri, body=None, headers={}):
103 117 if isinstance(body, httpsendfile):
104 118 body.seek(0)
105 119 httpclient.HTTPConnection.request(self, method, uri, body=body,
106 120 headers=headers)
107 121
108 122
109 123 _configuredlogging = False
110 124 LOGFMT = '%(levelname)s:%(name)s:%(lineno)d:%(message)s'
111 125 # Subclass BOTH of these because otherwise urllib2 "helpfully"
112 126 # reinserts them since it notices we don't include any subclasses of
113 127 # them.
114 128 class http2handler(urllib2.HTTPHandler, urllib2.HTTPSHandler):
115 129 def __init__(self, ui, pwmgr):
116 130 global _configuredlogging
117 131 urllib2.AbstractHTTPHandler.__init__(self)
118 132 self.ui = ui
119 133 self.pwmgr = pwmgr
120 134 self._connections = {}
121 135 loglevel = ui.config('ui', 'http2debuglevel', default=None)
122 136 if loglevel and not _configuredlogging:
123 137 _configuredlogging = True
124 138 logger = logging.getLogger('mercurial.httpclient')
125 139 logger.setLevel(getattr(logging, loglevel.upper()))
126 140 handler = logging.StreamHandler()
127 141 handler.setFormatter(logging.Formatter(LOGFMT))
128 142 logger.addHandler(handler)
129 143
130 144 def close_all(self):
131 145 """Close and remove all connection objects being kept for reuse."""
132 146 for openconns in self._connections.values():
133 147 for conn in openconns:
134 148 conn.close()
135 149 self._connections = {}
136 150
137 151 # shamelessly borrowed from urllib2.AbstractHTTPHandler
138 152 def do_open(self, http_class, req, use_ssl):
139 153 """Return an addinfourl object for the request, using http_class.
140 154
141 155 http_class must implement the HTTPConnection API from httplib.
142 156 The addinfourl return value is a file-like object. It also
143 157 has methods and attributes including:
144 158 - info(): return a mimetools.Message object for the headers
145 159 - geturl(): return the original request URL
146 160 - code: HTTP status code
147 161 """
148 162 # If using a proxy, the host returned by get_host() is
149 163 # actually the proxy. On Python 2.6.1, the real destination
150 164 # hostname is encoded in the URI in the urllib2 request
151 165 # object. On Python 2.6.5, it's stored in the _tunnel_host
152 166 # attribute which has no accessor.
153 167 tunhost = getattr(req, '_tunnel_host', None)
154 168 host = req.get_host()
155 169 if tunhost:
156 170 proxyhost = host
157 171 host = tunhost
158 172 elif req.has_proxy():
159 173 proxyhost = req.get_host()
160 174 host = req.get_selector().split('://', 1)[1].split('/', 1)[0]
161 175 else:
162 176 proxyhost = None
163 177
164 178 if proxyhost:
165 179 if ':' in proxyhost:
166 180 # Note: this means we'll explode if we try and use an
167 181 # IPv6 http proxy. This isn't a regression, so we
168 182 # won't worry about it for now.
169 183 proxyhost, proxyport = proxyhost.rsplit(':', 1)
170 184 else:
171 185 proxyport = 3128 # squid default
172 186 proxy = (proxyhost, proxyport)
173 187 else:
174 188 proxy = None
175 189
176 190 if not host:
177 191 raise urllib2.URLError('no host given')
178 192
179 193 connkey = use_ssl, host, proxy
180 194 allconns = self._connections.get(connkey, [])
181 195 conns = [c for c in allconns if not c.busy()]
182 196 if conns:
183 197 h = conns[0]
184 198 else:
185 199 if allconns:
186 200 self.ui.debug('all connections for %s busy, making a new '
187 201 'one\n' % host)
188 202 timeout = None
189 203 if req.timeout is not socket._GLOBAL_DEFAULT_TIMEOUT:
190 204 timeout = req.timeout
191 205 h = http_class(host, timeout=timeout, proxy_hostport=proxy)
192 206 self._connections.setdefault(connkey, []).append(h)
193 207
194 208 headers = dict(req.headers)
195 209 headers.update(req.unredirected_hdrs)
196 210 headers = dict(
197 211 (name.title(), val) for name, val in headers.items())
198 212 try:
199 213 path = req.get_selector()
200 214 if '://' in path:
201 215 path = path.split('://', 1)[1].split('/', 1)[1]
202 216 if path[0] != '/':
203 217 path = '/' + path
204 218 h.request(req.get_method(), path, req.data, headers)
205 219 r = h.getresponse()
206 220 except socket.error, err: # XXX what error?
207 221 raise urllib2.URLError(err)
208 222
209 223 # Pick apart the HTTPResponse object to get the addinfourl
210 224 # object initialized properly.
211 225 r.recv = r.read
212 226
213 227 resp = urllib.addinfourl(r, r.headers, req.get_full_url())
214 228 resp.code = r.status
215 229 resp.msg = r.reason
216 230 return resp
217 231
218 232 # httplib always uses the given host/port as the socket connect
219 233 # target, and then allows full URIs in the request path, which it
220 234 # then observes and treats as a signal to do proxying instead.
221 235 def http_open(self, req):
222 236 if req.get_full_url().startswith('https'):
223 237 return self.https_open(req)
224 238 return self.do_open(HTTPConnection, req, False)
225 239
226 240 def https_open(self, req):
227 241 res = readauthforuri(self.ui, req.get_full_url())
228 242 if res:
229 243 group, auth = res
230 244 self.auth = auth
231 245 self.ui.debug("using auth.%s.* for authentication\n" % group)
232 246 else:
233 247 self.auth = None
234 248 return self.do_open(self._makesslconnection, req, True)
235 249
236 250 def _makesslconnection(self, host, port=443, *args, **kwargs):
237 251 keyfile = None
238 252 certfile = None
239 253
240 254 if args: # key_file
241 255 keyfile = args.pop(0)
242 256 if args: # cert_file
243 257 certfile = args.pop(0)
244 258
245 259 # if the user has specified different key/cert files in
246 260 # hgrc, we prefer these
247 261 if self.auth and 'key' in self.auth and 'cert' in self.auth:
248 262 keyfile = self.auth['key']
249 263 certfile = self.auth['cert']
250 264
251 265 # let host port take precedence
252 266 if ':' in host and '[' not in host or ']:' in host:
253 267 host, port = host.rsplit(':', 1)
254 268 port = int(port)
255 269 if '[' in host:
256 270 host = host[1:-1]
257 271
258 272 if keyfile:
259 273 kwargs['keyfile'] = keyfile
260 274 if certfile:
261 275 kwargs['certfile'] = certfile
262 276
263 277 kwargs.update(sslutil.sslkwargs(self.ui, host))
264 278
265 279 con = HTTPConnection(host, port, use_ssl=True,
266 280 ssl_validator=sslutil.validator(self.ui, host),
267 281 **kwargs)
268 282 return con
Show file before | Show file after | Hide comments
@@ -1,463 +1,463
1 1 # url.py - HTTP handling for mercurial
2 2 #
3 3 # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com>
4 4 # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br>
5 5 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
6 6 #
7 7 # This software may be used and distributed according to the terms of the
8 8 # GNU General Public License version 2 or any later version.
9 9
10 10 import urllib, urllib2, httplib, os, socket, cStringIO
11 11 from i18n import _
12 12 import keepalive, util, sslutil
13 13 import httpconnection as httpconnectionmod
14 14
15 15 class passwordmgr(urllib2.HTTPPasswordMgrWithDefaultRealm):
16 16 def __init__(self, ui):
17 17 urllib2.HTTPPasswordMgrWithDefaultRealm.__init__(self)
18 18 self.ui = ui
19 19
20 20 def find_user_password(self, realm, authuri):
21 21 authinfo = urllib2.HTTPPasswordMgrWithDefaultRealm.find_user_password(
22 22 self, realm, authuri)
23 23 user, passwd = authinfo
24 24 if user and passwd:
25 25 self._writedebug(user, passwd)
26 26 return (user, passwd)
27 27
28 if not user:
28 if not user or not passwd:
29 29 res = httpconnectionmod.readauthforuri(self.ui, authuri)
30 30 if res:
31 31 group, auth = res
32 32 user, passwd = auth.get('username'), auth.get('password')
33 33 self.ui.debug("using auth.%s.* for authentication\n" % group)
34 34 if not user or not passwd:
35 35 if not self.ui.interactive():
36 36 raise util.Abort(_('http authorization required'))
37 37
38 38 self.ui.write(_("http authorization required\n"))
39 39 self.ui.write(_("realm: %s\n") % realm)
40 40 if user:
41 41 self.ui.write(_("user: %s\n") % user)
42 42 else:
43 43 user = self.ui.prompt(_("user:"), default=None)
44 44
45 45 if not passwd:
46 46 passwd = self.ui.getpass()
47 47
48 48 self.add_password(realm, authuri, user, passwd)
49 49 self._writedebug(user, passwd)
50 50 return (user, passwd)
51 51
52 52 def _writedebug(self, user, passwd):
53 53 msg = _('http auth: user %s, password %s\n')
54 54 self.ui.debug(msg % (user, passwd and '*' * len(passwd) or 'not set'))
55 55
56 56 class proxyhandler(urllib2.ProxyHandler):
57 57 def __init__(self, ui):
58 58 proxyurl = ui.config("http_proxy", "host") or os.getenv('http_proxy')
59 59 # XXX proxyauthinfo = None
60 60
61 61 if proxyurl:
62 62 # proxy can be proper url or host[:port]
63 63 if not (proxyurl.startswith('http:') or
64 64 proxyurl.startswith('https:')):
65 65 proxyurl = 'http://' + proxyurl + '/'
66 66 proxy = util.url(proxyurl)
67 67 if not proxy.user:
68 68 proxy.user = ui.config("http_proxy", "user")
69 69 proxy.passwd = ui.config("http_proxy", "passwd")
70 70
71 71 # see if we should use a proxy for this url
72 72 no_list = ["localhost", "127.0.0.1"]
73 73 no_list.extend([p.lower() for
74 74 p in ui.configlist("http_proxy", "no")])
75 75 no_list.extend([p.strip().lower() for
76 76 p in os.getenv("no_proxy", '').split(',')
77 77 if p.strip()])
78 78 # "http_proxy.always" config is for running tests on localhost
79 79 if ui.configbool("http_proxy", "always"):
80 80 self.no_list = []
81 81 else:
82 82 self.no_list = no_list
83 83
84 84 proxyurl = str(proxy)
85 85 proxies = {'http': proxyurl, 'https': proxyurl}
86 86 ui.debug('proxying through http://%s:%s\n' %
87 87 (proxy.host, proxy.port))
88 88 else:
89 89 proxies = {}
90 90
91 91 # urllib2 takes proxy values from the environment and those
92 92 # will take precedence if found, so drop them
93 93 for env in ["HTTP_PROXY", "http_proxy", "no_proxy"]:
94 94 try:
95 95 if env in os.environ:
96 96 del os.environ[env]
97 97 except OSError:
98 98 pass
99 99
100 100 urllib2.ProxyHandler.__init__(self, proxies)
101 101 self.ui = ui
102 102
103 103 def proxy_open(self, req, proxy, type_):
104 104 host = req.get_host().split(':')[0]
105 105 if host in self.no_list:
106 106 return None
107 107
108 108 # work around a bug in Python < 2.4.2
109 109 # (it leaves a "\n" at the end of Proxy-authorization headers)
110 110 baseclass = req.__class__
111 111 class _request(baseclass):
112 112 def add_header(self, key, val):
113 113 if key.lower() == 'proxy-authorization':
114 114 val = val.strip()
115 115 return baseclass.add_header(self, key, val)
116 116 req.__class__ = _request
117 117
118 118 return urllib2.ProxyHandler.proxy_open(self, req, proxy, type_)
119 119
120 120 def _gen_sendfile(orgsend):
121 121 def _sendfile(self, data):
122 122 # send a file
123 123 if isinstance(data, httpconnectionmod.httpsendfile):
124 124 # if auth required, some data sent twice, so rewind here
125 125 data.seek(0)
126 126 for chunk in util.filechunkiter(data):
127 127 orgsend(self, chunk)
128 128 else:
129 129 orgsend(self, data)
130 130 return _sendfile
131 131
132 132 has_https = hasattr(urllib2, 'HTTPSHandler')
133 133 if has_https:
134 134 try:
135 135 _create_connection = socket.create_connection
136 136 except AttributeError:
137 137 _GLOBAL_DEFAULT_TIMEOUT = object()
138 138
139 139 def _create_connection(address, timeout=_GLOBAL_DEFAULT_TIMEOUT,
140 140 source_address=None):
141 141 # lifted from Python 2.6
142 142
143 143 msg = "getaddrinfo returns an empty list"
144 144 host, port = address
145 145 for res in socket.getaddrinfo(host, port, 0, socket.SOCK_STREAM):
146 146 af, socktype, proto, canonname, sa = res
147 147 sock = None
148 148 try:
149 149 sock = socket.socket(af, socktype, proto)
150 150 if timeout is not _GLOBAL_DEFAULT_TIMEOUT:
151 151 sock.settimeout(timeout)
152 152 if source_address:
153 153 sock.bind(source_address)
154 154 sock.connect(sa)
155 155 return sock
156 156
157 157 except socket.error, msg:
158 158 if sock is not None:
159 159 sock.close()
160 160
161 161 raise socket.error, msg
162 162
163 163 class httpconnection(keepalive.HTTPConnection):
164 164 # must be able to send big bundle as stream.
165 165 send = _gen_sendfile(keepalive.HTTPConnection.send)
166 166
167 167 def connect(self):
168 168 if has_https and self.realhostport: # use CONNECT proxy
169 169 self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
170 170 self.sock.connect((self.host, self.port))
171 171 if _generic_proxytunnel(self):
172 172 # we do not support client x509 certificates
173 173 self.sock = sslutil.ssl_wrap_socket(self.sock, None, None)
174 174 else:
175 175 keepalive.HTTPConnection.connect(self)
176 176
177 177 def getresponse(self):
178 178 proxyres = getattr(self, 'proxyres', None)
179 179 if proxyres:
180 180 if proxyres.will_close:
181 181 self.close()
182 182 self.proxyres = None
183 183 return proxyres
184 184 return keepalive.HTTPConnection.getresponse(self)
185 185
186 186 # general transaction handler to support different ways to handle
187 187 # HTTPS proxying before and after Python 2.6.3.
188 188 def _generic_start_transaction(handler, h, req):
189 189 if hasattr(req, '_tunnel_host') and req._tunnel_host:
190 190 tunnel_host = req._tunnel_host
191 191 if tunnel_host[:7] not in ['http://', 'https:/']:
192 192 tunnel_host = 'https://' + tunnel_host
193 193 new_tunnel = True
194 194 else:
195 195 tunnel_host = req.get_selector()
196 196 new_tunnel = False
197 197
198 198 if new_tunnel or tunnel_host == req.get_full_url(): # has proxy
199 199 u = util.url(tunnel_host)
200 200 if new_tunnel or u.scheme == 'https': # only use CONNECT for HTTPS
201 201 h.realhostport = ':'.join([u.host, (u.port or '443')])
202 202 h.headers = req.headers.copy()
203 203 h.headers.update(handler.parent.addheaders)
204 204 return
205 205
206 206 h.realhostport = None
207 207 h.headers = None
208 208
209 209 def _generic_proxytunnel(self):
210 210 proxyheaders = dict(
211 211 [(x, self.headers[x]) for x in self.headers
212 212 if x.lower().startswith('proxy-')])
213 213 self._set_hostport(self.host, self.port)
214 214 self.send('CONNECT %s HTTP/1.0\r\n' % self.realhostport)
215 215 for header in proxyheaders.iteritems():
216 216 self.send('%s: %s\r\n' % header)
217 217 self.send('\r\n')
218 218
219 219 # majority of the following code is duplicated from
220 220 # httplib.HTTPConnection as there are no adequate places to
221 221 # override functions to provide the needed functionality
222 222 res = self.response_class(self.sock,
223 223 strict=self.strict,
224 224 method=self._method)
225 225
226 226 while True:
227 227 version, status, reason = res._read_status()
228 228 if status != httplib.CONTINUE:
229 229 break
230 230 while True:
231 231 skip = res.fp.readline().strip()
232 232 if not skip:
233 233 break
234 234 res.status = status
235 235 res.reason = reason.strip()
236 236
237 237 if res.status == 200:
238 238 while True:
239 239 line = res.fp.readline()
240 240 if line == '\r\n':
241 241 break
242 242 return True
243 243
244 244 if version == 'HTTP/1.0':
245 245 res.version = 10
246 246 elif version.startswith('HTTP/1.'):
247 247 res.version = 11
248 248 elif version == 'HTTP/0.9':
249 249 res.version = 9
250 250 else:
251 251 raise httplib.UnknownProtocol(version)
252 252
253 253 if res.version == 9:
254 254 res.length = None
255 255 res.chunked = 0
256 256 res.will_close = 1
257 257 res.msg = httplib.HTTPMessage(cStringIO.StringIO())
258 258 return False
259 259
260 260 res.msg = httplib.HTTPMessage(res.fp)
261 261 res.msg.fp = None
262 262
263 263 # are we using the chunked-style of transfer encoding?
264 264 trenc = res.msg.getheader('transfer-encoding')
265 265 if trenc and trenc.lower() == "chunked":
266 266 res.chunked = 1
267 267 res.chunk_left = None
268 268 else:
269 269 res.chunked = 0
270 270
271 271 # will the connection close at the end of the response?
272 272 res.will_close = res._check_close()
273 273
274 274 # do we have a Content-Length?
275 275 # NOTE: RFC 2616, S4.4, #3 says we ignore this if tr_enc is "chunked"
276 276 length = res.msg.getheader('content-length')
277 277 if length and not res.chunked:
278 278 try:
279 279 res.length = int(length)
280 280 except ValueError:
281 281 res.length = None
282 282 else:
283 283 if res.length < 0: # ignore nonsensical negative lengths
284 284 res.length = None
285 285 else:
286 286 res.length = None
287 287
288 288 # does the body have a fixed length? (of zero)
289 289 if (status == httplib.NO_CONTENT or status == httplib.NOT_MODIFIED or
290 290 100 <= status < 200 or # 1xx codes
291 291 res._method == 'HEAD'):
292 292 res.length = 0
293 293
294 294 # if the connection remains open, and we aren't using chunked, and
295 295 # a content-length was not provided, then assume that the connection
296 296 # WILL close.
297 297 if (not res.will_close and
298 298 not res.chunked and
299 299 res.length is None):
300 300 res.will_close = 1
301 301
302 302 self.proxyres = res
303 303
304 304 return False
305 305
306 306 class httphandler(keepalive.HTTPHandler):
307 307 def http_open(self, req):
308 308 return self.do_open(httpconnection, req)
309 309
310 310 def _start_transaction(self, h, req):
311 311 _generic_start_transaction(self, h, req)
312 312 return keepalive.HTTPHandler._start_transaction(self, h, req)
313 313
314 314 if has_https:
315 315 class httpsconnection(httplib.HTTPSConnection):
316 316 response_class = keepalive.HTTPResponse
317 317 # must be able to send big bundle as stream.
318 318 send = _gen_sendfile(keepalive.safesend)
319 319 getresponse = keepalive.wrapgetresponse(httplib.HTTPSConnection)
320 320
321 321 def connect(self):
322 322 self.sock = _create_connection((self.host, self.port))
323 323
324 324 host = self.host
325 325 if self.realhostport: # use CONNECT proxy
326 326 _generic_proxytunnel(self)
327 327 host = self.realhostport.rsplit(':', 1)[0]
328 328 self.sock = sslutil.ssl_wrap_socket(
329 329 self.sock, self.key_file, self.cert_file,
330 330 **sslutil.sslkwargs(self.ui, host))
331 331 sslutil.validator(self.ui, host)(self.sock)
332 332
333 333 class httpshandler(keepalive.KeepAliveHandler, urllib2.HTTPSHandler):
334 334 def __init__(self, ui):
335 335 keepalive.KeepAliveHandler.__init__(self)
336 336 urllib2.HTTPSHandler.__init__(self)
337 337 self.ui = ui
338 338 self.pwmgr = passwordmgr(self.ui)
339 339
340 340 def _start_transaction(self, h, req):
341 341 _generic_start_transaction(self, h, req)
342 342 return keepalive.KeepAliveHandler._start_transaction(self, h, req)
343 343
344 344 def https_open(self, req):
345 345 res = httpconnectionmod.readauthforuri(self.ui, req.get_full_url())
346 346 if res:
347 347 group, auth = res
348 348 self.auth = auth
349 349 self.ui.debug("using auth.%s.* for authentication\n" % group)
350 350 else:
351 351 self.auth = None
352 352 return self.do_open(self._makeconnection, req)
353 353
354 354 def _makeconnection(self, host, port=None, *args, **kwargs):
355 355 keyfile = None
356 356 certfile = None
357 357
358 358 if len(args) >= 1: # key_file
359 359 keyfile = args[0]
360 360 if len(args) >= 2: # cert_file
361 361 certfile = args[1]
362 362 args = args[2:]
363 363
364 364 # if the user has specified different key/cert files in
365 365 # hgrc, we prefer these
366 366 if self.auth and 'key' in self.auth and 'cert' in self.auth:
367 367 keyfile = self.auth['key']
368 368 certfile = self.auth['cert']
369 369
370 370 conn = httpsconnection(host, port, keyfile, certfile, *args, **kwargs)
371 371 conn.ui = self.ui
372 372 return conn
373 373
374 374 class httpdigestauthhandler(urllib2.HTTPDigestAuthHandler):
375 375 def __init__(self, *args, **kwargs):
376 376 urllib2.HTTPDigestAuthHandler.__init__(self, *args, **kwargs)
377 377 self.retried_req = None
378 378
379 379 def reset_retry_count(self):
380 380 # Python 2.6.5 will call this on 401 or 407 errors and thus loop
381 381 # forever. We disable reset_retry_count completely and reset in
382 382 # http_error_auth_reqed instead.
383 383 pass
384 384
385 385 def http_error_auth_reqed(self, auth_header, host, req, headers):
386 386 # Reset the retry counter once for each request.
387 387 if req is not self.retried_req:
388 388 self.retried_req = req
389 389 self.retried = 0
390 390 # In python < 2.5 AbstractDigestAuthHandler raises a ValueError if
391 391 # it doesn't know about the auth type requested. This can happen if
392 392 # somebody is using BasicAuth and types a bad password.
393 393 try:
394 394 return urllib2.HTTPDigestAuthHandler.http_error_auth_reqed(
395 395 self, auth_header, host, req, headers)
396 396 except ValueError, inst:
397 397 arg = inst.args[0]
398 398 if arg.startswith("AbstractDigestAuthHandler doesn't know "):
399 399 return
400 400 raise
401 401
402 402 class httpbasicauthhandler(urllib2.HTTPBasicAuthHandler):
403 403 def __init__(self, *args, **kwargs):
404 404 urllib2.HTTPBasicAuthHandler.__init__(self, *args, **kwargs)
405 405 self.retried_req = None
406 406
407 407 def reset_retry_count(self):
408 408 # Python 2.6.5 will call this on 401 or 407 errors and thus loop
409 409 # forever. We disable reset_retry_count completely and reset in
410 410 # http_error_auth_reqed instead.
411 411 pass
412 412
413 413 def http_error_auth_reqed(self, auth_header, host, req, headers):
414 414 # Reset the retry counter once for each request.
415 415 if req is not self.retried_req:
416 416 self.retried_req = req
417 417 self.retried = 0
418 418 return urllib2.HTTPBasicAuthHandler.http_error_auth_reqed(
419 419 self, auth_header, host, req, headers)
420 420
421 421 handlerfuncs = []
422 422
423 423 def opener(ui, authinfo=None):
424 424 '''
425 425 construct an opener suitable for urllib2
426 426 authinfo will be added to the password manager
427 427 '''
428 428 if ui.configbool('ui', 'usehttp2', False):
429 429 handlers = [httpconnectionmod.http2handler(ui, passwordmgr(ui))]
430 430 else:
431 431 handlers = [httphandler()]
432 432 if has_https:
433 433 handlers.append(httpshandler(ui))
434 434
435 435 handlers.append(proxyhandler(ui))
436 436
437 437 passmgr = passwordmgr(ui)
438 438 if authinfo is not None:
439 439 passmgr.add_password(*authinfo)
440 440 user, passwd = authinfo[2:4]
441 441 ui.debug('http auth: user %s, password %s\n' %
442 442 (user, passwd and '*' * len(passwd) or 'not set'))
443 443
444 444 handlers.extend((httpbasicauthhandler(passmgr),
445 445 httpdigestauthhandler(passmgr)))
446 446 handlers.extend([h(ui, passmgr) for h in handlerfuncs])
447 447 opener = urllib2.build_opener(*handlers)
448 448
449 449 # 1.0 here is the _protocol_ version
450 450 opener.addheaders = [('User-agent', 'mercurial/proto-1.0')]
451 451 opener.addheaders.append(('Accept', 'application/mercurial-0.1'))
452 452 return opener
453 453
454 454 def open(ui, url_, data=None):
455 455 u = util.url(url_)
456 456 if u.scheme:
457 457 u.scheme = u.scheme.lower()
458 458 url_, authinfo = u.authinfo()
459 459 else:
460 460 path = util.normpath(os.path.abspath(url_))
461 461 url_ = 'file://' + urllib.pathname2url(path)
462 462 authinfo = None
463 463 return opener(ui, authinfo).open(url_, data)
Show file before | Show file after | Hide comments
@@ -1,64 +1,97
1 1 from mercurial import demandimport; demandimport.enable()
2 from mercurial import ui
2 from mercurial import ui, util
3 3 from mercurial import url
4 4 from mercurial.error import Abort
5 5
6 6 class myui(ui.ui):
7 7 def interactive(self):
8 8 return False
9 9
10 10 origui = myui()
11 11
12 12 def writeauth(items):
13 13 ui = origui.copy()
14 14 for name, value in items.iteritems():
15 15 ui.setconfig('auth', name, value)
16 16 return ui
17 17
18 18 def dumpdict(dict):
19 19 return '{' + ', '.join(['%s: %s' % (k, dict[k])
20 20 for k in sorted(dict.iterkeys())]) + '}'
21 21
22 def test(auth):
22 def test(auth, urls=None):
23 23 print 'CFG:', dumpdict(auth)
24 24 prefixes = set()
25 25 for k in auth:
26 26 prefixes.add(k.split('.', 1)[0])
27 27 for p in prefixes:
28 auth.update({p + '.username': p, p + '.password': p})
28 for name in ('.username', '.password'):
29 if (p + name) not in auth:
30 auth[p + name] = p
31 auth = dict((k, v) for k, v in auth.iteritems() if v is not None)
29 32
30 33 ui = writeauth(auth)
31 34
32 35 def _test(uri):
33 36 print 'URI:', uri
34 37 try:
35 38 pm = url.passwordmgr(ui)
39 authinfo = util.url(uri).authinfo()[1]
40 if authinfo is not None:
41 pm.add_password(*authinfo)
36 42 print ' ', pm.find_user_password('test', uri)
37 43 except Abort, e:
38 44 print 'abort'
39 45
40 _test('http://example.org/foo')
41 _test('http://example.org/foo/bar')
42 _test('http://example.org/bar')
43 _test('https://example.org/foo')
44 _test('https://example.org/foo/bar')
45 _test('https://example.org/bar')
46 if not urls:
47 urls = [
48 'http://example.org/foo',
49 'http://example.org/foo/bar',
50 'http://example.org/bar',
51 'https://example.org/foo',
52 'https://example.org/foo/bar',
53 'https://example.org/bar',
54 'https://x@example.org/bar',
55 'https://y@example.org/bar',
56 ]
57 for u in urls:
58 _test(u)
46 59
47 60
48 61 print '\n*** Test in-uri schemes\n'
49 62 test({'x.prefix': 'http://example.org'})
50 63 test({'x.prefix': 'https://example.org'})
51 64 test({'x.prefix': 'http://example.org', 'x.schemes': 'https'})
52 65 test({'x.prefix': 'https://example.org', 'x.schemes': 'http'})
53 66
54 67 print '\n*** Test separately configured schemes\n'
55 68 test({'x.prefix': 'example.org', 'x.schemes': 'http'})
56 69 test({'x.prefix': 'example.org', 'x.schemes': 'https'})
57 70 test({'x.prefix': 'example.org', 'x.schemes': 'http https'})
58 71
59 72 print '\n*** Test prefix matching\n'
60 73 test({'x.prefix': 'http://example.org/foo',
61 74 'y.prefix': 'http://example.org/bar'})
62 75 test({'x.prefix': 'http://example.org/foo',
63 76 'y.prefix': 'http://example.org/foo/bar'})
64 77 test({'x.prefix': '*', 'y.prefix': 'https://example.org/bar'})
78
79 print '\n*** Test user matching\n'
80 test({'x.prefix': 'http://example.org/foo',
81 'x.username': None,
82 'x.password': 'xpassword'},
83 urls=['http://y@example.org/foo'])
84 test({'x.prefix': 'http://example.org/foo',
85 'x.username': None,
86 'x.password': 'xpassword',
87 'y.prefix': 'http://example.org/foo',
88 'y.username': 'y',
89 'y.password': 'ypassword'},
90 urls=['http://y@example.org/foo'])
91 test({'x.prefix': 'http://example.org/foo/bar',
92 'x.username': None,
93 'x.password': 'xpassword',
94 'y.prefix': 'http://example.org/foo',
95 'y.username': 'y',
96 'y.password': 'ypassword'},
97 urls=['http://y@example.org/foo/bar'])
Show file before | Show file after | Hide comments
@@ -1,139 +1,191
1 1
2 2 *** Test in-uri schemes
3 3
4 4 CFG: {x.prefix: http://example.org}
5 5 URI: http://example.org/foo
6 6 ('x', 'x')
7 7 URI: http://example.org/foo/bar
8 8 ('x', 'x')
9 9 URI: http://example.org/bar
10 10 ('x', 'x')
11 11 URI: https://example.org/foo
12 12 abort
13 13 URI: https://example.org/foo/bar
14 14 abort
15 15 URI: https://example.org/bar
16 16 abort
17 URI: https://x@example.org/bar
18 abort
19 URI: https://y@example.org/bar
20 abort
17 21 CFG: {x.prefix: https://example.org}
18 22 URI: http://example.org/foo
19 23 abort
20 24 URI: http://example.org/foo/bar
21 25 abort
22 26 URI: http://example.org/bar
23 27 abort
24 28 URI: https://example.org/foo
25 29 ('x', 'x')
26 30 URI: https://example.org/foo/bar
27 31 ('x', 'x')
28 32 URI: https://example.org/bar
29 33 ('x', 'x')
34 URI: https://x@example.org/bar
35 ('x', 'x')
36 URI: https://y@example.org/bar
37 abort
30 38 CFG: {x.prefix: http://example.org, x.schemes: https}
31 39 URI: http://example.org/foo
32 40 ('x', 'x')
33 41 URI: http://example.org/foo/bar
34 42 ('x', 'x')
35 43 URI: http://example.org/bar
36 44 ('x', 'x')
37 45 URI: https://example.org/foo
38 46 abort
39 47 URI: https://example.org/foo/bar
40 48 abort
41 49 URI: https://example.org/bar
42 50 abort
51 URI: https://x@example.org/bar
52 abort
53 URI: https://y@example.org/bar
54 abort
43 55 CFG: {x.prefix: https://example.org, x.schemes: http}
44 56 URI: http://example.org/foo
45 57 abort
46 58 URI: http://example.org/foo/bar
47 59 abort
48 60 URI: http://example.org/bar
49 61 abort
50 62 URI: https://example.org/foo
51 63 ('x', 'x')
52 64 URI: https://example.org/foo/bar
53 65 ('x', 'x')
54 66 URI: https://example.org/bar
55 67 ('x', 'x')
68 URI: https://x@example.org/bar
69 ('x', 'x')
70 URI: https://y@example.org/bar
71 abort
56 72
57 73 *** Test separately configured schemes
58 74
59 75 CFG: {x.prefix: example.org, x.schemes: http}
60 76 URI: http://example.org/foo
61 77 ('x', 'x')
62 78 URI: http://example.org/foo/bar
63 79 ('x', 'x')
64 80 URI: http://example.org/bar
65 81 ('x', 'x')
66 82 URI: https://example.org/foo
67 83 abort
68 84 URI: https://example.org/foo/bar
69 85 abort
70 86 URI: https://example.org/bar
71 87 abort
88 URI: https://x@example.org/bar
89 abort
90 URI: https://y@example.org/bar
91 abort
72 92 CFG: {x.prefix: example.org, x.schemes: https}
73 93 URI: http://example.org/foo
74 94 abort
75 95 URI: http://example.org/foo/bar
76 96 abort
77 97 URI: http://example.org/bar
78 98 abort
79 99 URI: https://example.org/foo
80 100 ('x', 'x')
81 101 URI: https://example.org/foo/bar
82 102 ('x', 'x')
83 103 URI: https://example.org/bar
84 104 ('x', 'x')
105 URI: https://x@example.org/bar
106 ('x', 'x')
107 URI: https://y@example.org/bar
108 abort
85 109 CFG: {x.prefix: example.org, x.schemes: http https}
86 110 URI: http://example.org/foo
87 111 ('x', 'x')
88 112 URI: http://example.org/foo/bar
89 113 ('x', 'x')
90 114 URI: http://example.org/bar
91 115 ('x', 'x')
92 116 URI: https://example.org/foo
93 117 ('x', 'x')
94 118 URI: https://example.org/foo/bar
95 119 ('x', 'x')
96 120 URI: https://example.org/bar
97 121 ('x', 'x')
122 URI: https://x@example.org/bar
123 ('x', 'x')
124 URI: https://y@example.org/bar
125 abort
98 126
99 127 *** Test prefix matching
100 128
101 129 CFG: {x.prefix: http://example.org/foo, y.prefix: http://example.org/bar}
102 130 URI: http://example.org/foo
103 131 ('x', 'x')
104 132 URI: http://example.org/foo/bar
105 133 ('x', 'x')
106 134 URI: http://example.org/bar
107 135 ('y', 'y')
108 136 URI: https://example.org/foo
109 137 abort
110 138 URI: https://example.org/foo/bar
111 139 abort
112 140 URI: https://example.org/bar
113 141 abort
142 URI: https://x@example.org/bar
143 abort
144 URI: https://y@example.org/bar
145 abort
114 146 CFG: {x.prefix: http://example.org/foo, y.prefix: http://example.org/foo/bar}
115 147 URI: http://example.org/foo
116 148 ('x', 'x')
117 149 URI: http://example.org/foo/bar
118 150 ('y', 'y')
119 151 URI: http://example.org/bar
120 152 abort
121 153 URI: https://example.org/foo
122 154 abort
123 155 URI: https://example.org/foo/bar
124 156 abort
125 157 URI: https://example.org/bar
126 158 abort
159 URI: https://x@example.org/bar
160 abort
161 URI: https://y@example.org/bar
162 abort
127 163 CFG: {x.prefix: *, y.prefix: https://example.org/bar}
128 164 URI: http://example.org/foo
129 165 abort
130 166 URI: http://example.org/foo/bar
131 167 abort
132 168 URI: http://example.org/bar
133 169 abort
134 170 URI: https://example.org/foo
135 171 ('x', 'x')
136 172 URI: https://example.org/foo/bar
137 173 ('x', 'x')
138 174 URI: https://example.org/bar
139 175 ('y', 'y')
176 URI: https://x@example.org/bar
177 ('x', 'x')
178 URI: https://y@example.org/bar
179 ('y', 'y')
180
181 *** Test user matching
182
183 CFG: {x.password: xpassword, x.prefix: http://example.org/foo, x.username: None}
184 URI: http://y@example.org/foo
185 ('y', 'xpassword')
186 CFG: {x.password: xpassword, x.prefix: http://example.org/foo, x.username: None, y.password: ypassword, y.prefix: http://example.org/foo, y.username: y}
187 URI: http://y@example.org/foo
188 ('y', 'ypassword')
189 CFG: {x.password: xpassword, x.prefix: http://example.org/foo/bar, x.username: None, y.password: ypassword, y.prefix: http://example.org/foo, y.username: y}
190 URI: http://y@example.org/foo/bar
191 ('y', 'xpassword')
General Comments 0
You need to be logged in to leave comments. Login now