##// END OF EJS Templates
url: SSL server certificate verification using web.cacerts file (issue1174)
Henrik Stuart -
r10409:4c94a3df default
parent child Browse files
Show More
@@ -1,963 +1,983 b''
1 1 ======
2 2 hgrc
3 3 ======
4 4
5 5 ---------------------------------
6 6 configuration files for Mercurial
7 7 ---------------------------------
8 8
9 9 :Author: Bryan O'Sullivan <bos@serpentine.com>
10 10 :Organization: Mercurial
11 11 :Manual section: 5
12 12 :Manual group: Mercurial Manual
13 13
14 14 .. contents::
15 15 :backlinks: top
16 16 :class: htmlonly
17 17
18 18
19 19 Synopsis
20 20 --------
21 21
22 22 The Mercurial system uses a set of configuration files to control
23 23 aspects of its behavior.
24 24
25 25 Files
26 26 -----
27 27
28 28 Mercurial reads configuration data from several files, if they exist.
29 29 The names of these files depend on the system on which Mercurial is
30 30 installed. ``*.rc`` files from a single directory are read in
31 31 alphabetical order, later ones overriding earlier ones. Where multiple
32 32 paths are given below, settings from earlier paths override later
33 33 ones.
34 34
35 35 | (Unix, Windows) ``<repo>/.hg/hgrc``
36 36
37 37 Per-repository configuration options that only apply in a
38 38 particular repository. This file is not version-controlled, and
39 39 will not get transferred during a "clone" operation. Options in
40 40 this file override options in all other configuration files. On
41 41 Unix, most of this file will be ignored if it doesn't belong to a
42 42 trusted user or to a trusted group. See the documentation for the
43 43 trusted_ section below for more details.
44 44
45 45 | (Unix) ``$HOME/.hgrc``
46 46 | (Windows) ``%USERPROFILE%\.hgrc``
47 47 | (Windows) ``%USERPROFILE%\Mercurial.ini``
48 48 | (Windows) ``%HOME%\.hgrc``
49 49 | (Windows) ``%HOME%\Mercurial.ini``
50 50
51 51 Per-user configuration file(s), for the user running Mercurial. On
52 52 Windows 9x, ``%HOME%`` is replaced by ``%APPDATA%``. Options in these
53 53 files apply to all Mercurial commands executed by this user in any
54 54 directory. Options in these files override per-system and per-installation
55 55 options.
56 56
57 57 | (Unix) ``/etc/mercurial/hgrc``
58 58 | (Unix) ``/etc/mercurial/hgrc.d/*.rc``
59 59
60 60 Per-system configuration files, for the system on which Mercurial
61 61 is running. Options in these files apply to all Mercurial commands
62 62 executed by any user in any directory. Options in these files
63 63 override per-installation options.
64 64
65 65 | (Unix) ``<install-root>/etc/mercurial/hgrc``
66 66 | (Unix) ``<install-root>/etc/mercurial/hgrc.d/*.rc``
67 67
68 68 Per-installation configuration files, searched for in the
69 69 directory where Mercurial is installed. ``<install-root>`` is the
70 70 parent directory of the **hg** executable (or symlink) being run. For
71 71 example, if installed in ``/shared/tools/bin/hg``, Mercurial will look
72 72 in ``/shared/tools/etc/mercurial/hgrc``. Options in these files apply
73 73 to all Mercurial commands executed by any user in any directory.
74 74
75 75 | (Windows) ``<install-dir>\Mercurial.ini``
76 76 | (Windows) ``<install-dir>\hgrc.d\*.rc``
77 77 | (Windows) ``HKEY_LOCAL_MACHINE\SOFTWARE\Mercurial``
78 78
79 79 Per-installation/system configuration files, for the system on
80 80 which Mercurial is running. Options in these files apply to all
81 81 Mercurial commands executed by any user in any directory. Registry
82 82 keys contain PATH-like strings, every part of which must reference
83 83 a ``Mercurial.ini`` file or be a directory where ``*.rc`` files will
84 84 be read. Mercurial checks each of these locations in the specified
85 85 order until one or more configuration files are detected. If the
86 86 pywin32 extensions are not installed, Mercurial will only look for
87 87 site-wide configuration in ``C:\Mercurial\Mercurial.ini``.
88 88
89 89 Syntax
90 90 ------
91 91
92 92 A configuration file consists of sections, led by a ``[section]`` header
93 93 and followed by ``name = value`` entries::
94 94
95 95 [spam]
96 96 eggs=ham
97 97 green=
98 98 eggs
99 99
100 100 Each line contains one entry. If the lines that follow are indented,
101 101 they are treated as continuations of that entry. Leading whitespace is
102 102 removed from values. Empty lines are skipped. Lines beginning with
103 103 ``#`` or ``;`` are ignored and may be used to provide comments.
104 104
105 105 A line of the form ``%include file`` will include ``file`` into the
106 106 current configuration file. The inclusion is recursive, which means
107 107 that included files can include other files. Filenames are relative to
108 108 the configuration file in which the ``%include`` directive is found.
109 109
110 110 A line with ``%unset name`` will remove ``name`` from the current
111 111 section, if it has been set previously.
112 112
113 113
114 114 Sections
115 115 --------
116 116
117 117 This section describes the different sections that may appear in a
118 118 Mercurial "hgrc" file, the purpose of each section, its possible keys,
119 119 and their possible values.
120 120
121 121 ``alias``
122 122 """""""""
123 123 Defines command aliases.
124 124 Aliases allow you to define your own commands in terms of other
125 125 commands (or aliases), optionally including arguments.
126 126
127 127 Alias definitions consist of lines of the form::
128 128
129 129 <alias> = <command> [<argument]...
130 130
131 131 For example, this definition::
132 132
133 133 latest = log --limit 5
134 134
135 135 creates a new command ``latest`` that shows only the five most recent
136 136 changesets. You can define subsequent aliases using earlier ones::
137 137
138 138 stable5 = latest -b stable
139 139
140 140 .. note:: It is possible to create aliases with the same names as
141 141 existing commands, which will then override the original
142 142 definitions. This is almost always a bad idea!
143 143
144 144
145 145 ``auth``
146 146 """"""""
147 147 Authentication credentials for HTTP authentication. Each line has
148 148 the following format::
149 149
150 150 <name>.<argument> = <value>
151 151
152 152 where ``<name>`` is used to group arguments into authentication
153 153 entries. Example::
154 154
155 155 foo.prefix = hg.intevation.org/mercurial
156 156 foo.username = foo
157 157 foo.password = bar
158 158 foo.schemes = http https
159 159
160 160 bar.prefix = secure.example.org
161 161 bar.key = path/to/file.key
162 162 bar.cert = path/to/file.cert
163 163 bar.schemes = https
164 164
165 165 Supported arguments:
166 166
167 167 ``prefix``
168 168 Either ``*`` or a URI prefix with or without the scheme part.
169 169 The authentication entry with the longest matching prefix is used
170 170 (where ``*`` matches everything and counts as a match of length
171 171 1). If the prefix doesn't include a scheme, the match is performed
172 172 against the URI with its scheme stripped as well, and the schemes
173 173 argument, q.v., is then subsequently consulted.
174 174 ``username``
175 175 Optional. Username to authenticate with. If not given, and the
176 176 remote site requires basic or digest authentication, the user
177 177 will be prompted for it.
178 178 ``password``
179 179 Optional. Password to authenticate with. If not given, and the
180 180 remote site requires basic or digest authentication, the user
181 181 will be prompted for it.
182 182 ``key``
183 183 Optional. PEM encoded client certificate key file.
184 184 ``cert``
185 185 Optional. PEM encoded client certificate chain file.
186 186 ``schemes``
187 187 Optional. Space separated list of URI schemes to use this
188 188 authentication entry with. Only used if the prefix doesn't include
189 189 a scheme. Supported schemes are http and https. They will match
190 190 static-http and static-https respectively, as well.
191 191 Default: https.
192 192
193 193 If no suitable authentication entry is found, the user is prompted
194 194 for credentials as usual if required by the remote.
195 195
196 196
197 197 ``decode/encode``
198 198 """""""""""""""""
199 199 Filters for transforming files on checkout/checkin. This would
200 200 typically be used for newline processing or other
201 201 localization/canonicalization of files.
202 202
203 203 Filters consist of a filter pattern followed by a filter command.
204 204 Filter patterns are globs by default, rooted at the repository root.
205 205 For example, to match any file ending in ``.txt`` in the root
206 206 directory only, use the pattern ``*.txt``. To match any file ending
207 207 in ``.c`` anywhere in the repository, use the pattern ``**.c``.
208 208 For each file only the first matching filter applies.
209 209
210 210 The filter command can start with a specifier, either ``pipe:`` or
211 211 ``tempfile:``. If no specifier is given, ``pipe:`` is used by default.
212 212
213 213 A ``pipe:`` command must accept data on stdin and return the transformed
214 214 data on stdout.
215 215
216 216 Pipe example::
217 217
218 218 [encode]
219 219 # uncompress gzip files on checkin to improve delta compression
220 220 # note: not necessarily a good idea, just an example
221 221 *.gz = pipe: gunzip
222 222
223 223 [decode]
224 224 # recompress gzip files when writing them to the working dir (we
225 225 # can safely omit "pipe:", because it's the default)
226 226 *.gz = gzip
227 227
228 228 A ``tempfile:`` command is a template. The string ``INFILE`` is replaced
229 229 with the name of a temporary file that contains the data to be
230 230 filtered by the command. The string ``OUTFILE`` is replaced with the name
231 231 of an empty temporary file, where the filtered data must be written by
232 232 the command.
233 233
234 234 .. note:: The tempfile mechanism is recommended for Windows systems,
235 235 where the standard shell I/O redirection operators often have
236 236 strange effects and may corrupt the contents of your files.
237 237
238 238 The most common usage is for LF <-> CRLF translation on Windows. For
239 239 this, use the "smart" converters which check for binary files::
240 240
241 241 [extensions]
242 242 hgext.win32text =
243 243 [encode]
244 244 ** = cleverencode:
245 245 [decode]
246 246 ** = cleverdecode:
247 247
248 248 or if you only want to translate certain files::
249 249
250 250 [extensions]
251 251 hgext.win32text =
252 252 [encode]
253 253 **.txt = dumbencode:
254 254 [decode]
255 255 **.txt = dumbdecode:
256 256
257 257
258 258 ``defaults``
259 259 """"""""""""
260 260
261 261 (defaults are deprecated. Don't use them. Use aliases instead)
262 262
263 263 Use the ``[defaults]`` section to define command defaults, i.e. the
264 264 default options/arguments to pass to the specified commands.
265 265
266 266 The following example makes ``hg log`` run in verbose mode, and ``hg
267 267 status`` show only the modified files, by default::
268 268
269 269 [defaults]
270 270 log = -v
271 271 status = -m
272 272
273 273 The actual commands, instead of their aliases, must be used when
274 274 defining command defaults. The command defaults will also be applied
275 275 to the aliases of the commands defined.
276 276
277 277
278 278 ``diff``
279 279 """"""""
280 280
281 281 Settings used when displaying diffs. They are all Boolean and
282 282 defaults to False.
283 283
284 284 ``git``
285 285 Use git extended diff format.
286 286 ``nodates``
287 287 Don't include dates in diff headers.
288 288 ``showfunc``
289 289 Show which function each change is in.
290 290 ``ignorews``
291 291 Ignore white space when comparing lines.
292 292 ``ignorewsamount``
293 293 Ignore changes in the amount of white space.
294 294 ``ignoreblanklines``
295 295 Ignore changes whose lines are all blank.
296 296
297 297 ``email``
298 298 """""""""
299 299 Settings for extensions that send email messages.
300 300
301 301 ``from``
302 302 Optional. Email address to use in "From" header and SMTP envelope
303 303 of outgoing messages.
304 304 ``to``
305 305 Optional. Comma-separated list of recipients' email addresses.
306 306 ``cc``
307 307 Optional. Comma-separated list of carbon copy recipients'
308 308 email addresses.
309 309 ``bcc``
310 310 Optional. Comma-separated list of blind carbon copy recipients'
311 311 email addresses.
312 312 ``method``
313 313 Optional. Method to use to send email messages. If value is ``smtp``
314 314 (default), use SMTP (see the SMTP_ section for configuration).
315 315 Otherwise, use as name of program to run that acts like sendmail
316 316 (takes ``-f`` option for sender, list of recipients on command line,
317 317 message on stdin). Normally, setting this to ``sendmail`` or
318 318 ``/usr/sbin/sendmail`` is enough to use sendmail to send messages.
319 319 ``charsets``
320 320 Optional. Comma-separated list of character sets considered
321 321 convenient for recipients. Addresses, headers, and parts not
322 322 containing patches of outgoing messages will be encoded in the
323 323 first character set to which conversion from local encoding
324 324 (``$HGENCODING``, ``ui.fallbackencoding``) succeeds. If correct
325 325 conversion fails, the text in question is sent as is. Defaults to
326 326 empty (explicit) list.
327 327
328 328 Order of outgoing email character sets:
329 329
330 330 1. ``us-ascii``: always first, regardless of settings
331 331 2. ``email.charsets``: in order given by user
332 332 3. ``ui.fallbackencoding``: if not in email.charsets
333 333 4. ``$HGENCODING``: if not in email.charsets
334 334 5. ``utf-8``: always last, regardless of settings
335 335
336 336 Email example::
337 337
338 338 [email]
339 339 from = Joseph User <joe.user@example.com>
340 340 method = /usr/sbin/sendmail
341 341 # charsets for western Europeans
342 342 # us-ascii, utf-8 omitted, as they are tried first and last
343 343 charsets = iso-8859-1, iso-8859-15, windows-1252
344 344
345 345
346 346 ``extensions``
347 347 """"""""""""""
348 348
349 349 Mercurial has an extension mechanism for adding new features. To
350 350 enable an extension, create an entry for it in this section.
351 351
352 352 If you know that the extension is already in Python's search path,
353 353 you can give the name of the module, followed by ``=``, with nothing
354 354 after the ``=``.
355 355
356 356 Otherwise, give a name that you choose, followed by ``=``, followed by
357 357 the path to the ``.py`` file (including the file name extension) that
358 358 defines the extension.
359 359
360 360 To explicitly disable an extension that is enabled in an hgrc of
361 361 broader scope, prepend its path with ``!``, as in
362 362 ``hgext.foo = !/ext/path`` or ``hgext.foo = !`` when path is not
363 363 supplied.
364 364
365 365 Example for ``~/.hgrc``::
366 366
367 367 [extensions]
368 368 # (the mq extension will get loaded from Mercurial's path)
369 369 hgext.mq =
370 370 # (this extension will get loaded from the file specified)
371 371 myfeature = ~/.hgext/myfeature.py
372 372
373 373
374 374 ``format``
375 375 """"""""""
376 376
377 377 ``usestore``
378 378 Enable or disable the "store" repository format which improves
379 379 compatibility with systems that fold case or otherwise mangle
380 380 filenames. Enabled by default. Disabling this option will allow
381 381 you to store longer filenames in some situations at the expense of
382 382 compatibility and ensures that the on-disk format of newly created
383 383 repositories will be compatible with Mercurial before version 0.9.4.
384 384
385 385 ``usefncache``
386 386 Enable or disable the "fncache" repository format which enhances
387 387 the "store" repository format (which has to be enabled to use
388 388 fncache) to allow longer filenames and avoids using Windows
389 389 reserved names, e.g. "nul". Enabled by default. Disabling this
390 390 option ensures that the on-disk format of newly created
391 391 repositories will be compatible with Mercurial before version 1.1.
392 392
393 393 ``merge-patterns``
394 394 """"""""""""""""""
395 395
396 396 This section specifies merge tools to associate with particular file
397 397 patterns. Tools matched here will take precedence over the default
398 398 merge tool. Patterns are globs by default, rooted at the repository
399 399 root.
400 400
401 401 Example::
402 402
403 403 [merge-patterns]
404 404 **.c = kdiff3
405 405 **.jpg = myimgmerge
406 406
407 407 ``merge-tools``
408 408 """""""""""""""
409 409
410 410 This section configures external merge tools to use for file-level
411 411 merges.
412 412
413 413 Example ``~/.hgrc``::
414 414
415 415 [merge-tools]
416 416 # Override stock tool location
417 417 kdiff3.executable = ~/bin/kdiff3
418 418 # Specify command line
419 419 kdiff3.args = $base $local $other -o $output
420 420 # Give higher priority
421 421 kdiff3.priority = 1
422 422
423 423 # Define new tool
424 424 myHtmlTool.args = -m $local $other $base $output
425 425 myHtmlTool.regkey = Software\FooSoftware\HtmlMerge
426 426 myHtmlTool.priority = 1
427 427
428 428 Supported arguments:
429 429
430 430 ``priority``
431 431 The priority in which to evaluate this tool.
432 432 Default: 0.
433 433 ``executable``
434 434 Either just the name of the executable or its pathname.
435 435 Default: the tool name.
436 436 ``args``
437 437 The arguments to pass to the tool executable. You can refer to the
438 438 files being merged as well as the output file through these
439 439 variables: ``$base``, ``$local``, ``$other``, ``$output``.
440 440 Default: ``$local $base $other``
441 441 ``premerge``
442 442 Attempt to run internal non-interactive 3-way merge tool before
443 443 launching external tool.
444 444 Default: True
445 445 ``binary``
446 446 This tool can merge binary files. Defaults to False, unless tool
447 447 was selected by file pattern match.
448 448 ``symlink``
449 449 This tool can merge symlinks. Defaults to False, even if tool was
450 450 selected by file pattern match.
451 451 ``checkconflicts``
452 452 Check whether there are conflicts even though the tool reported
453 453 success.
454 454 Default: False
455 455 ``checkchanged``
456 456 Check whether outputs were written even though the tool reported
457 457 success.
458 458 Default: False
459 459 ``fixeol``
460 460 Attempt to fix up EOL changes caused by the merge tool.
461 461 Default: False
462 462 ``gui``
463 463 This tool requires a graphical interface to run. Default: False
464 464 ``regkey``
465 465 Windows registry key which describes install location of this
466 466 tool. Mercurial will search for this key first under
467 467 ``HKEY_CURRENT_USER`` and then under ``HKEY_LOCAL_MACHINE``.
468 468 Default: None
469 469 ``regname``
470 470 Name of value to read from specified registry key. Defaults to the
471 471 unnamed (default) value.
472 472 ``regappend``
473 473 String to append to the value read from the registry, typically
474 474 the executable name of the tool.
475 475 Default: None
476 476
477 477
478 478 ``hooks``
479 479 """""""""
480 480 Commands or Python functions that get automatically executed by
481 481 various actions such as starting or finishing a commit. Multiple
482 482 hooks can be run for the same action by appending a suffix to the
483 483 action. Overriding a site-wide hook can be done by changing its
484 484 value or setting it to an empty string.
485 485
486 486 Example ``.hg/hgrc``::
487 487
488 488 [hooks]
489 489 # update working directory after adding changesets
490 490 changegroup.update = hg update
491 491 # do not use the site-wide hook
492 492 incoming =
493 493 incoming.email = /my/email/hook
494 494 incoming.autobuild = /my/build/hook
495 495
496 496 Most hooks are run with environment variables set that give useful
497 497 additional information. For each hook below, the environment
498 498 variables it is passed are listed with names of the form ``$HG_foo``.
499 499
500 500 ``changegroup``
501 501 Run after a changegroup has been added via push, pull or unbundle.
502 502 ID of the first new changeset is in ``$HG_NODE``. URL from which
503 503 changes came is in ``$HG_URL``.
504 504 ``commit``
505 505 Run after a changeset has been created in the local repository. ID
506 506 of the newly created changeset is in ``$HG_NODE``. Parent changeset
507 507 IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``.
508 508 ``incoming``
509 509 Run after a changeset has been pulled, pushed, or unbundled into
510 510 the local repository. The ID of the newly arrived changeset is in
511 511 ``$HG_NODE``. URL that was source of changes came is in ``$HG_URL``.
512 512 ``outgoing``
513 513 Run after sending changes from local repository to another. ID of
514 514 first changeset sent is in ``$HG_NODE``. Source of operation is in
515 515 ``$HG_SOURCE``; see "preoutgoing" hook for description.
516 516 ``post-<command>``
517 517 Run after successful invocations of the associated command. The
518 518 contents of the command line are passed as ``$HG_ARGS`` and the result
519 519 code in ``$HG_RESULT``. Hook failure is ignored.
520 520 ``pre-<command>``
521 521 Run before executing the associated command. The contents of the
522 522 command line are passed as ``$HG_ARGS``. If the hook returns failure,
523 523 the command doesn't execute and Mercurial returns the failure
524 524 code.
525 525 ``prechangegroup``
526 526 Run before a changegroup is added via push, pull or unbundle. Exit
527 527 status 0 allows the changegroup to proceed. Non-zero status will
528 528 cause the push, pull or unbundle to fail. URL from which changes
529 529 will come is in ``$HG_URL``.
530 530 ``precommit``
531 531 Run before starting a local commit. Exit status 0 allows the
532 532 commit to proceed. Non-zero status will cause the commit to fail.
533 533 Parent changeset IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``.
534 534 ``preoutgoing``
535 535 Run before collecting changes to send from the local repository to
536 536 another. Non-zero status will cause failure. This lets you prevent
537 537 pull over HTTP or SSH. Also prevents against local pull, push
538 538 (outbound) or bundle commands, but not effective, since you can
539 539 just copy files instead then. Source of operation is in
540 540 ``$HG_SOURCE``. If "serve", operation is happening on behalf of remote
541 541 SSH or HTTP repository. If "push", "pull" or "bundle", operation
542 542 is happening on behalf of repository on same system.
543 543 ``pretag``
544 544 Run before creating a tag. Exit status 0 allows the tag to be
545 545 created. Non-zero status will cause the tag to fail. ID of
546 546 changeset to tag is in ``$HG_NODE``. Name of tag is in ``$HG_TAG``. Tag is
547 547 local if ``$HG_LOCAL=1``, in repository if ``$HG_LOCAL=0``.
548 548 ``pretxnchangegroup``
549 549 Run after a changegroup has been added via push, pull or unbundle,
550 550 but before the transaction has been committed. Changegroup is
551 551 visible to hook program. This lets you validate incoming changes
552 552 before accepting them. Passed the ID of the first new changeset in
553 553 ``$HG_NODE``. Exit status 0 allows the transaction to commit. Non-zero
554 554 status will cause the transaction to be rolled back and the push,
555 555 pull or unbundle will fail. URL that was source of changes is in
556 556 ``$HG_URL``.
557 557 ``pretxncommit``
558 558 Run after a changeset has been created but the transaction not yet
559 559 committed. Changeset is visible to hook program. This lets you
560 560 validate commit message and changes. Exit status 0 allows the
561 561 commit to proceed. Non-zero status will cause the transaction to
562 562 be rolled back. ID of changeset is in ``$HG_NODE``. Parent changeset
563 563 IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``.
564 564 ``preupdate``
565 565 Run before updating the working directory. Exit status 0 allows
566 566 the update to proceed. Non-zero status will prevent the update.
567 567 Changeset ID of first new parent is in ``$HG_PARENT1``. If merge, ID
568 568 of second new parent is in ``$HG_PARENT2``.
569 569 ``tag``
570 570 Run after a tag is created. ID of tagged changeset is in ``$HG_NODE``.
571 571 Name of tag is in ``$HG_TAG``. Tag is local if ``$HG_LOCAL=1``, in
572 572 repository if ``$HG_LOCAL=0``.
573 573 ``update``
574 574 Run after updating the working directory. Changeset ID of first
575 575 new parent is in ``$HG_PARENT1``. If merge, ID of second new parent is
576 576 in ``$HG_PARENT2``. If the update succeeded, ``$HG_ERROR=0``. If the
577 577 update failed (e.g. because conflicts not resolved), ``$HG_ERROR=1``.
578 578
579 579 .. note:: It is generally better to use standard hooks rather than the
580 580 generic pre- and post- command hooks as they are guaranteed to be
581 581 called in the appropriate contexts for influencing transactions.
582 582 Also, hooks like "commit" will be called in all contexts that
583 583 generate a commit (e.g. tag) and not just the commit command.
584 584
585 585 .. note:: Environment variables with empty values may not be passed to
586 586 hooks on platforms such as Windows. As an example, ``$HG_PARENT2``
587 587 will have an empty value under Unix-like platforms for non-merge
588 588 changesets, while it will not be available at all under Windows.
589 589
590 590 The syntax for Python hooks is as follows::
591 591
592 592 hookname = python:modulename.submodule.callable
593 593 hookname = python:/path/to/python/module.py:callable
594 594
595 595 Python hooks are run within the Mercurial process. Each hook is
596 596 called with at least three keyword arguments: a ui object (keyword
597 597 ``ui``), a repository object (keyword ``repo``), and a ``hooktype``
598 598 keyword that tells what kind of hook is used. Arguments listed as
599 599 environment variables above are passed as keyword arguments, with no
600 600 ``HG_`` prefix, and names in lower case.
601 601
602 602 If a Python hook returns a "true" value or raises an exception, this
603 603 is treated as a failure.
604 604
605 605
606 606 ``http_proxy``
607 607 """"""""""""""
608 608 Used to access web-based Mercurial repositories through a HTTP
609 609 proxy.
610 610
611 611 ``host``
612 612 Host name and (optional) port of the proxy server, for example
613 613 "myproxy:8000".
614 614 ``no``
615 615 Optional. Comma-separated list of host names that should bypass
616 616 the proxy.
617 617 ``passwd``
618 618 Optional. Password to authenticate with at the proxy server.
619 619 ``user``
620 620 Optional. User name to authenticate with at the proxy server.
621 621
622 622 ``smtp``
623 623 """"""""
624 624 Configuration for extensions that need to send email messages.
625 625
626 626 ``host``
627 627 Host name of mail server, e.g. "mail.example.com".
628 628 ``port``
629 629 Optional. Port to connect to on mail server. Default: 25.
630 630 ``tls``
631 631 Optional. Whether to connect to mail server using TLS. True or
632 632 False. Default: False.
633 633 ``username``
634 634 Optional. User name to authenticate to SMTP server with. If
635 635 username is specified, password must also be specified.
636 636 Default: none.
637 637 ``password``
638 638 Optional. Password to authenticate to SMTP server with. If
639 639 username is specified, password must also be specified.
640 640 Default: none.
641 641 ``local_hostname``
642 642 Optional. It's the hostname that the sender can use to identify
643 643 itself to the MTA.
644 644
645 645
646 646 ``patch``
647 647 """""""""
648 648 Settings used when applying patches, for instance through the 'import'
649 649 command or with Mercurial Queues extension.
650 650
651 651 ``eol``
652 652 When set to 'strict' patch content and patched files end of lines
653 653 are preserved. When set to ``lf`` or ``crlf``, both files end of
654 654 lines are ignored when patching and the result line endings are
655 655 normalized to either LF (Unix) or CRLF (Windows). When set to
656 656 ``auto``, end of lines are again ignored while patching but line
657 657 endings in patched files are normalized to their original setting
658 658 on a per-file basis. If target file does not exist or has no end
659 659 of line, patch line endings are preserved.
660 660 Default: strict.
661 661
662 662
663 663 ``paths``
664 664 """""""""
665 665 Assigns symbolic names to repositories. The left side is the
666 666 symbolic name, and the right gives the directory or URL that is the
667 667 location of the repository. Default paths can be declared by setting
668 668 the following entries.
669 669
670 670 ``default``
671 671 Directory or URL to use when pulling if no source is specified.
672 672 Default is set to repository from which the current repository was
673 673 cloned.
674 674 ``default-push``
675 675 Optional. Directory or URL to use when pushing if no destination
676 676 is specified.
677 677
678 678
679 679 ``profiling``
680 680 """""""""""""
681 681 Specifies profiling format and file output. In this section
682 682 description, 'profiling data' stands for the raw data collected
683 683 during profiling, while 'profiling report' stands for a statistical
684 684 text report generated from the profiling data. The profiling is done
685 685 using lsprof.
686 686
687 687 ``format``
688 688 Profiling format.
689 689 Default: text.
690 690
691 691 ``text``
692 692 Generate a profiling report. When saving to a file, it should be
693 693 noted that only the report is saved, and the profiling data is
694 694 not kept.
695 695 ``kcachegrind``
696 696 Format profiling data for kcachegrind use: when saving to a
697 697 file, the generated file can directly be loaded into
698 698 kcachegrind.
699 699 ``output``
700 700 File path where profiling data or report should be saved. If the
701 701 file exists, it is replaced. Default: None, data is printed on
702 702 stderr
703 703
704 704 ``server``
705 705 """"""""""
706 706 Controls generic server settings.
707 707
708 708 ``uncompressed``
709 709 Whether to allow clients to clone a repository using the
710 710 uncompressed streaming protocol. This transfers about 40% more
711 711 data than a regular clone, but uses less memory and CPU on both
712 712 server and client. Over a LAN (100 Mbps or better) or a very fast
713 713 WAN, an uncompressed streaming clone is a lot faster (~10x) than a
714 714 regular clone. Over most WAN connections (anything slower than
715 715 about 6 Mbps), uncompressed streaming is slower, because of the
716 716 extra data transfer overhead. Default is False.
717 717
718 718
719 719 ``trusted``
720 720 """""""""""
721 721 For security reasons, Mercurial will not use the settings in the
722 722 ``.hg/hgrc`` file from a repository if it doesn't belong to a trusted
723 723 user or to a trusted group. The main exception is the web interface,
724 724 which automatically uses some safe settings, since it's common to
725 725 serve repositories from different users.
726 726
727 727 This section specifies what users and groups are trusted. The
728 728 current user is always trusted. To trust everybody, list a user or a
729 729 group with name ``*``.
730 730
731 731 ``users``
732 732 Comma-separated list of trusted users.
733 733 ``groups``
734 734 Comma-separated list of trusted groups.
735 735
736 736
737 737 ``ui``
738 738 """"""
739 739
740 740 User interface controls.
741 741
742 742 ``archivemeta``
743 743 Whether to include the .hg_archival.txt file containing meta data
744 744 (hashes for the repository base and for tip) in archives created
745 745 by the hg archive command or downloaded via hgweb.
746 746 Default is True.
747 747 ``askusername``
748 748 Whether to prompt for a username when committing. If True, and
749 749 neither ``$HGUSER`` nor ``$EMAIL`` has been specified, then the user will
750 750 be prompted to enter a username. If no username is entered, the
751 751 default ``USER@HOST`` is used instead.
752 752 Default is False.
753 753 ``debug``
754 754 Print debugging information. True or False. Default is False.
755 755 ``editor``
756 756 The editor to use during a commit. Default is ``$EDITOR`` or ``vi``.
757 757 ``fallbackencoding``
758 758 Encoding to try if it's not possible to decode the changelog using
759 759 UTF-8. Default is ISO-8859-1.
760 760 ``ignore``
761 761 A file to read per-user ignore patterns from. This file should be
762 762 in the same format as a repository-wide .hgignore file. This
763 763 option supports hook syntax, so if you want to specify multiple
764 764 ignore files, you can do so by setting something like
765 765 ``ignore.other = ~/.hgignore2``. For details of the ignore file
766 766 format, see the |hgignore(5)|_ man page.
767 767 ``interactive``
768 768 Allow to prompt the user. True or False. Default is True.
769 769 ``logtemplate``
770 770 Template string for commands that print changesets.
771 771 ``merge``
772 772 The conflict resolution program to use during a manual merge.
773 773 There are some internal tools available:
774 774
775 775 ``internal:local``
776 776 keep the local version
777 777 ``internal:other``
778 778 use the other version
779 779 ``internal:merge``
780 780 use the internal non-interactive merge tool
781 781 ``internal:fail``
782 782 fail to merge
783 783
784 784 For more information on configuring merge tools see the
785 785 merge-tools_ section.
786 786
787 787 ``patch``
788 788 command to use to apply patches. Look for ``gpatch`` or ``patch`` in
789 789 PATH if unset.
790 790 ``quiet``
791 791 Reduce the amount of output printed. True or False. Default is False.
792 792 ``remotecmd``
793 793 remote command to use for clone/push/pull operations. Default is ``hg``.
794 794 ``report_untrusted``
795 795 Warn if a ``.hg/hgrc`` file is ignored due to not being owned by a
796 796 trusted user or group. True or False. Default is True.
797 797 ``slash``
798 798 Display paths using a slash (``/``) as the path separator. This
799 799 only makes a difference on systems where the default path
800 800 separator is not the slash character (e.g. Windows uses the
801 801 backslash character (``\``)).
802 802 Default is False.
803 803 ``ssh``
804 804 command to use for SSH connections. Default is ``ssh``.
805 805 ``strict``
806 806 Require exact command names, instead of allowing unambiguous
807 807 abbreviations. True or False. Default is False.
808 808 ``style``
809 809 Name of style to use for command output.
810 810 ``timeout``
811 811 The timeout used when a lock is held (in seconds), a negative value
812 812 means no timeout. Default is 600.
813 813 ``traceback``
814 814 Mercurial always prints a traceback when an unknown exception
815 815 occurs. Setting this to True will make Mercurial print a traceback
816 816 on all exceptions, even those recognized by Mercurial (such as
817 817 IOError or MemoryError). Default is False.
818 818 ``username``
819 819 The committer of a changeset created when running "commit".
820 820 Typically a person's name and email address, e.g. ``Fred Widget
821 821 <fred@example.com>``. Default is ``$EMAIL`` or ``username@hostname``. If
822 822 the username in hgrc is empty, it has to be specified manually or
823 823 in a different hgrc file (e.g. ``$HOME/.hgrc``, if the admin set
824 824 ``username =`` in the system hgrc).
825 825 ``verbose``
826 826 Increase the amount of output printed. True or False. Default is False.
827 827
828 828
829 829 ``web``
830 830 """""""
831 831 Web interface configuration.
832 832
833 833 ``accesslog``
834 834 Where to output the access log. Default is stdout.
835 835 ``address``
836 836 Interface address to bind to. Default is all.
837 837 ``allow_archive``
838 838 List of archive format (bz2, gz, zip) allowed for downloading.
839 839 Default is empty.
840 840 ``allowbz2``
841 841 (DEPRECATED) Whether to allow .tar.bz2 downloading of repository
842 842 revisions.
843 843 Default is False.
844 844 ``allowgz``
845 845 (DEPRECATED) Whether to allow .tar.gz downloading of repository
846 846 revisions.
847 847 Default is False.
848 848 ``allowpull``
849 849 Whether to allow pulling from the repository. Default is True.
850 850 ``allow_push``
851 851 Whether to allow pushing to the repository. If empty or not set,
852 852 push is not allowed. If the special value ``*``, any remote user can
853 853 push, including unauthenticated users. Otherwise, the remote user
854 854 must have been authenticated, and the authenticated user name must
855 855 be present in this list (separated by whitespace or ``,``). The
856 856 contents of the allow_push list are examined after the deny_push
857 857 list.
858 858 ``allow_read``
859 859 If the user has not already been denied repository access due to
860 860 the contents of deny_read, this list determines whether to grant
861 861 repository access to the user. If this list is not empty, and the
862 862 user is unauthenticated or not present in the list (separated by
863 863 whitespace or ``,``), then access is denied for the user. If the
864 864 list is empty or not set, then access is permitted to all users by
865 865 default. Setting allow_read to the special value ``*`` is equivalent
866 866 to it not being set (i.e. access is permitted to all users). The
867 867 contents of the allow_read list are examined after the deny_read
868 868 list.
869 869 ``allowzip``
870 870 (DEPRECATED) Whether to allow .zip downloading of repository
871 871 revisions. Default is False. This feature creates temporary files.
872 872 ``baseurl``
873 873 Base URL to use when publishing URLs in other locations, so
874 874 third-party tools like email notification hooks can construct
875 875 URLs. Example: ``http://hgserver/repos/``.
876 ``cacerts``
877 Path to file containing a list of PEM encoded certificate authorities
878 that may be used to verify an SSL server's identity. The form must be
879 as follows::
880
881 -----BEGIN CERTIFICATE-----
882 ... (certificate in base64 PEM encoding) ...
883 -----END CERTIFICATE-----
884 -----BEGIN CERTIFICATE-----
885 ... (certificate in base64 PEM encoding) ...
886 -----END CERTIFICATE-----
887
888 This feature is only supported when using Python 2.6. If you wish to
889 use it with earlier versions of Python, install the backported
890 version of the ssl library that is available from
891 ``http://pypi.python.org``.
892
893 You can use OpenSSL's CA certificate file if your platform has one.
894 On most Linux systems this will be ``/etc/ssl/certs/ca-certificates.crt``.
895 Otherwise you will have to generate this file manually.
876 896 ``contact``
877 897 Name or email address of the person in charge of the repository.
878 898 Defaults to ui.username or ``$EMAIL`` or "unknown" if unset or empty.
879 899 ``deny_push``
880 900 Whether to deny pushing to the repository. If empty or not set,
881 901 push is not denied. If the special value ``*``, all remote users are
882 902 denied push. Otherwise, unauthenticated users are all denied, and
883 903 any authenticated user name present in this list (separated by
884 904 whitespace or ``,``) is also denied. The contents of the deny_push
885 905 list are examined before the allow_push list.
886 906 ``deny_read``
887 907 Whether to deny reading/viewing of the repository. If this list is
888 908 not empty, unauthenticated users are all denied, and any
889 909 authenticated user name present in this list (separated by
890 910 whitespace or ``,``) is also denied access to the repository. If set
891 911 to the special value ``*``, all remote users are denied access
892 912 (rarely needed ;). If deny_read is empty or not set, the
893 913 determination of repository access depends on the presence and
894 914 content of the allow_read list (see description). If both
895 915 deny_read and allow_read are empty or not set, then access is
896 916 permitted to all users by default. If the repository is being
897 917 served via hgwebdir, denied users will not be able to see it in
898 918 the list of repositories. The contents of the deny_read list have
899 919 priority over (are examined before) the contents of the allow_read
900 920 list.
901 921 ``descend``
902 922 hgwebdir indexes will not descend into subdirectories. Only repositories
903 923 directly in the current path will be shown (other repositories are still
904 924 available from the index corresponding to their containing path).
905 925 ``description``
906 926 Textual description of the repository's purpose or contents.
907 927 Default is "unknown".
908 928 ``encoding``
909 929 Character encoding name.
910 930 Example: "UTF-8"
911 931 ``errorlog``
912 932 Where to output the error log. Default is stderr.
913 933 ``hidden``
914 934 Whether to hide the repository in the hgwebdir index.
915 935 Default is False.
916 936 ``ipv6``
917 937 Whether to use IPv6. Default is False.
918 938 ``name``
919 939 Repository name to use in the web interface. Default is current
920 940 working directory.
921 941 ``maxchanges``
922 942 Maximum number of changes to list on the changelog. Default is 10.
923 943 ``maxfiles``
924 944 Maximum number of files to list per changeset. Default is 10.
925 945 ``port``
926 946 Port to listen on. Default is 8000.
927 947 ``prefix``
928 948 Prefix path to serve from. Default is '' (server root).
929 949 ``push_ssl``
930 950 Whether to require that inbound pushes be transported over SSL to
931 951 prevent password sniffing. Default is True.
932 952 ``staticurl``
933 953 Base URL to use for static files. If unset, static files (e.g. the
934 954 hgicon.png favicon) will be served by the CGI script itself. Use
935 955 this setting to serve them directly with the HTTP server.
936 956 Example: ``http://hgserver/static/``.
937 957 ``stripes``
938 958 How many lines a "zebra stripe" should span in multiline output.
939 959 Default is 1; set to 0 to disable.
940 960 ``style``
941 961 Which template map style to use.
942 962 ``templates``
943 963 Where to find the HTML templates. Default is install path.
944 964
945 965
946 966 Author
947 967 ------
948 968 Bryan O'Sullivan <bos@serpentine.com>.
949 969
950 970 Mercurial was written by Matt Mackall <mpm@selenic.com>.
951 971
952 972 See Also
953 973 --------
954 974 |hg(1)|_, |hgignore(5)|_
955 975
956 976 Copying
957 977 -------
958 978 This manual page is copyright 2005 Bryan O'Sullivan.
959 979 Mercurial is copyright 2005-2010 Matt Mackall.
960 980 Free use of this software is granted under the terms of the GNU General
961 981 Public License version 2 or any later version.
962 982
963 983 .. include:: common.txt
@@ -1,560 +1,614 b''
1 1 # url.py - HTTP handling for mercurial
2 2 #
3 3 # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com>
4 4 # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br>
5 5 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
6 6 #
7 7 # This software may be used and distributed according to the terms of the
8 8 # GNU General Public License version 2 or any later version.
9 9
10 10 import urllib, urllib2, urlparse, httplib, os, re, socket, cStringIO
11 11 from i18n import _
12 12 import keepalive, util
13 13
14 14 def hidepassword(url):
15 15 '''hide user credential in a url string'''
16 16 scheme, netloc, path, params, query, fragment = urlparse.urlparse(url)
17 17 netloc = re.sub('([^:]*):([^@]*)@(.*)', r'\1:***@\3', netloc)
18 18 return urlparse.urlunparse((scheme, netloc, path, params, query, fragment))
19 19
20 20 def removeauth(url):
21 21 '''remove all authentication information from a url string'''
22 22 scheme, netloc, path, params, query, fragment = urlparse.urlparse(url)
23 23 netloc = netloc[netloc.find('@')+1:]
24 24 return urlparse.urlunparse((scheme, netloc, path, params, query, fragment))
25 25
26 26 def netlocsplit(netloc):
27 27 '''split [user[:passwd]@]host[:port] into 4-tuple.'''
28 28
29 29 a = netloc.find('@')
30 30 if a == -1:
31 31 user, passwd = None, None
32 32 else:
33 33 userpass, netloc = netloc[:a], netloc[a + 1:]
34 34 c = userpass.find(':')
35 35 if c == -1:
36 36 user, passwd = urllib.unquote(userpass), None
37 37 else:
38 38 user = urllib.unquote(userpass[:c])
39 39 passwd = urllib.unquote(userpass[c + 1:])
40 40 c = netloc.find(':')
41 41 if c == -1:
42 42 host, port = netloc, None
43 43 else:
44 44 host, port = netloc[:c], netloc[c + 1:]
45 45 return host, port, user, passwd
46 46
47 47 def netlocunsplit(host, port, user=None, passwd=None):
48 48 '''turn host, port, user, passwd into [user[:passwd]@]host[:port].'''
49 49 if port:
50 50 hostport = host + ':' + port
51 51 else:
52 52 hostport = host
53 53 if user:
54 54 if passwd:
55 55 userpass = urllib.quote(user) + ':' + urllib.quote(passwd)
56 56 else:
57 57 userpass = urllib.quote(user)
58 58 return userpass + '@' + hostport
59 59 return hostport
60 60
61 61 _safe = ('abcdefghijklmnopqrstuvwxyz'
62 62 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
63 63 '0123456789' '_.-/')
64 64 _safeset = None
65 65 _hex = None
66 66 def quotepath(path):
67 67 '''quote the path part of a URL
68 68
69 69 This is similar to urllib.quote, but it also tries to avoid
70 70 quoting things twice (inspired by wget):
71 71
72 72 >>> quotepath('abc def')
73 73 'abc%20def'
74 74 >>> quotepath('abc%20def')
75 75 'abc%20def'
76 76 >>> quotepath('abc%20 def')
77 77 'abc%20%20def'
78 78 >>> quotepath('abc def%20')
79 79 'abc%20def%20'
80 80 >>> quotepath('abc def%2')
81 81 'abc%20def%252'
82 82 >>> quotepath('abc def%')
83 83 'abc%20def%25'
84 84 '''
85 85 global _safeset, _hex
86 86 if _safeset is None:
87 87 _safeset = set(_safe)
88 88 _hex = set('abcdefABCDEF0123456789')
89 89 l = list(path)
90 90 for i in xrange(len(l)):
91 91 c = l[i]
92 92 if (c == '%' and i + 2 < len(l) and
93 93 l[i + 1] in _hex and l[i + 2] in _hex):
94 94 pass
95 95 elif c not in _safeset:
96 96 l[i] = '%%%02X' % ord(c)
97 97 return ''.join(l)
98 98
99 99 class passwordmgr(urllib2.HTTPPasswordMgrWithDefaultRealm):
100 100 def __init__(self, ui):
101 101 urllib2.HTTPPasswordMgrWithDefaultRealm.__init__(self)
102 102 self.ui = ui
103 103
104 104 def find_user_password(self, realm, authuri):
105 105 authinfo = urllib2.HTTPPasswordMgrWithDefaultRealm.find_user_password(
106 106 self, realm, authuri)
107 107 user, passwd = authinfo
108 108 if user and passwd:
109 109 self._writedebug(user, passwd)
110 110 return (user, passwd)
111 111
112 112 if not user:
113 113 auth = self.readauthtoken(authuri)
114 114 if auth:
115 115 user, passwd = auth.get('username'), auth.get('password')
116 116 if not user or not passwd:
117 117 if not self.ui.interactive():
118 118 raise util.Abort(_('http authorization required'))
119 119
120 120 self.ui.write(_("http authorization required\n"))
121 121 self.ui.status(_("realm: %s\n") % realm)
122 122 if user:
123 123 self.ui.status(_("user: %s\n") % user)
124 124 else:
125 125 user = self.ui.prompt(_("user:"), default=None)
126 126
127 127 if not passwd:
128 128 passwd = self.ui.getpass()
129 129
130 130 self.add_password(realm, authuri, user, passwd)
131 131 self._writedebug(user, passwd)
132 132 return (user, passwd)
133 133
134 134 def _writedebug(self, user, passwd):
135 135 msg = _('http auth: user %s, password %s\n')
136 136 self.ui.debug(msg % (user, passwd and '*' * len(passwd) or 'not set'))
137 137
138 138 def readauthtoken(self, uri):
139 139 # Read configuration
140 140 config = dict()
141 141 for key, val in self.ui.configitems('auth'):
142 142 group, setting = key.split('.', 1)
143 143 gdict = config.setdefault(group, dict())
144 144 gdict[setting] = val
145 145
146 146 # Find the best match
147 147 scheme, hostpath = uri.split('://', 1)
148 148 bestlen = 0
149 149 bestauth = None
150 150 for auth in config.itervalues():
151 151 prefix = auth.get('prefix')
152 152 if not prefix:
153 153 continue
154 154 p = prefix.split('://', 1)
155 155 if len(p) > 1:
156 156 schemes, prefix = [p[0]], p[1]
157 157 else:
158 158 schemes = (auth.get('schemes') or 'https').split()
159 159 if (prefix == '*' or hostpath.startswith(prefix)) and \
160 160 len(prefix) > bestlen and scheme in schemes:
161 161 bestlen = len(prefix)
162 162 bestauth = auth
163 163 return bestauth
164 164
165 165 class proxyhandler(urllib2.ProxyHandler):
166 166 def __init__(self, ui):
167 167 proxyurl = ui.config("http_proxy", "host") or os.getenv('http_proxy')
168 168 # XXX proxyauthinfo = None
169 169
170 170 if proxyurl:
171 171 # proxy can be proper url or host[:port]
172 172 if not (proxyurl.startswith('http:') or
173 173 proxyurl.startswith('https:')):
174 174 proxyurl = 'http://' + proxyurl + '/'
175 175 snpqf = urlparse.urlsplit(proxyurl)
176 176 proxyscheme, proxynetloc, proxypath, proxyquery, proxyfrag = snpqf
177 177 hpup = netlocsplit(proxynetloc)
178 178
179 179 proxyhost, proxyport, proxyuser, proxypasswd = hpup
180 180 if not proxyuser:
181 181 proxyuser = ui.config("http_proxy", "user")
182 182 proxypasswd = ui.config("http_proxy", "passwd")
183 183
184 184 # see if we should use a proxy for this url
185 185 no_list = ["localhost", "127.0.0.1"]
186 186 no_list.extend([p.lower() for
187 187 p in ui.configlist("http_proxy", "no")])
188 188 no_list.extend([p.strip().lower() for
189 189 p in os.getenv("no_proxy", '').split(',')
190 190 if p.strip()])
191 191 # "http_proxy.always" config is for running tests on localhost
192 192 if ui.configbool("http_proxy", "always"):
193 193 self.no_list = []
194 194 else:
195 195 self.no_list = no_list
196 196
197 197 proxyurl = urlparse.urlunsplit((
198 198 proxyscheme, netlocunsplit(proxyhost, proxyport,
199 199 proxyuser, proxypasswd or ''),
200 200 proxypath, proxyquery, proxyfrag))
201 201 proxies = {'http': proxyurl, 'https': proxyurl}
202 202 ui.debug('proxying through http://%s:%s\n' %
203 203 (proxyhost, proxyport))
204 204 else:
205 205 proxies = {}
206 206
207 207 # urllib2 takes proxy values from the environment and those
208 208 # will take precedence if found, so drop them
209 209 for env in ["HTTP_PROXY", "http_proxy", "no_proxy"]:
210 210 try:
211 211 if env in os.environ:
212 212 del os.environ[env]
213 213 except OSError:
214 214 pass
215 215
216 216 urllib2.ProxyHandler.__init__(self, proxies)
217 217 self.ui = ui
218 218
219 219 def proxy_open(self, req, proxy, type_):
220 220 host = req.get_host().split(':')[0]
221 221 if host in self.no_list:
222 222 return None
223 223
224 224 # work around a bug in Python < 2.4.2
225 225 # (it leaves a "\n" at the end of Proxy-authorization headers)
226 226 baseclass = req.__class__
227 227 class _request(baseclass):
228 228 def add_header(self, key, val):
229 229 if key.lower() == 'proxy-authorization':
230 230 val = val.strip()
231 231 return baseclass.add_header(self, key, val)
232 232 req.__class__ = _request
233 233
234 234 return urllib2.ProxyHandler.proxy_open(self, req, proxy, type_)
235 235
236 236 class httpsendfile(file):
237 237 def __len__(self):
238 238 return os.fstat(self.fileno()).st_size
239 239
240 240 def _gen_sendfile(connection):
241 241 def _sendfile(self, data):
242 242 # send a file
243 243 if isinstance(data, httpsendfile):
244 244 # if auth required, some data sent twice, so rewind here
245 245 data.seek(0)
246 246 for chunk in util.filechunkiter(data):
247 247 connection.send(self, chunk)
248 248 else:
249 249 connection.send(self, data)
250 250 return _sendfile
251 251
252 252 has_https = hasattr(urllib2, 'HTTPSHandler')
253 253 if has_https:
254 254 try:
255 255 # avoid using deprecated/broken FakeSocket in python 2.6
256 256 import ssl
257 257 _ssl_wrap_socket = ssl.wrap_socket
258 CERT_REQUIRED = ssl.CERT_REQUIRED
258 259 except ImportError:
259 def _ssl_wrap_socket(sock, key_file, cert_file):
260 CERT_REQUIRED = 2
261
262 def _ssl_wrap_socket(sock, key_file, cert_file,
263 cert_reqs=CERT_REQUIRED, ca_certs=None):
264 if ca_certs:
265 raise util.Abort(_(
266 'certificate checking requires Python 2.6'))
267
260 268 ssl = socket.ssl(sock, key_file, cert_file)
261 269 return httplib.FakeSocket(sock, ssl)
262 270
271 _GLOBAL_DEFAULT_TIMEOUT = object()
272
273 try:
274 _create_connection = socket.create_connection
275 except ImportError:
276 def _create_connection(address, timeout=_GLOBAL_DEFAULT_TIMEOUT,
277 source_address=None):
278 # lifted from Python 2.6
279
280 msg = "getaddrinfo returns an empty list"
281 host, port = address
282 for res in socket.getaddrinfo(host, port, 0, socket.SOCK_STREAM):
283 af, socktype, proto, canonname, sa = res
284 sock = None
285 try:
286 sock = socket.socket(af, socktype, proto)
287 if timeout is not _GLOBAL_DEFAULT_TIMEOUT:
288 sock.settimeout(timeout)
289 if source_address:
290 sock.bind(source_address)
291 sock.connect(sa)
292 return sock
293
294 except socket.error, msg:
295 if sock is not None:
296 sock.close()
297
298 raise socket.error, msg
299
263 300 class httpconnection(keepalive.HTTPConnection):
264 301 # must be able to send big bundle as stream.
265 302 send = _gen_sendfile(keepalive.HTTPConnection)
266 303
267 304 def connect(self):
268 305 if has_https and self.realhost: # use CONNECT proxy
269 306 self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
270 307 self.sock.connect((self.host, self.port))
271 308 if _generic_proxytunnel(self):
272 309 # we do not support client x509 certificates
273 310 self.sock = _ssl_wrap_socket(self.sock, None, None)
274 311 else:
275 312 keepalive.HTTPConnection.connect(self)
276 313
277 314 def getresponse(self):
278 315 proxyres = getattr(self, 'proxyres', None)
279 316 if proxyres:
280 317 if proxyres.will_close:
281 318 self.close()
282 319 self.proxyres = None
283 320 return proxyres
284 321 return keepalive.HTTPConnection.getresponse(self)
285 322
286 323 # general transaction handler to support different ways to handle
287 324 # HTTPS proxying before and after Python 2.6.3.
288 325 def _generic_start_transaction(handler, h, req):
289 326 if hasattr(req, '_tunnel_host') and req._tunnel_host:
290 327 tunnel_host = req._tunnel_host
291 328 if tunnel_host[:7] not in ['http://', 'https:/']:
292 329 tunnel_host = 'https://' + tunnel_host
293 330 new_tunnel = True
294 331 else:
295 332 tunnel_host = req.get_selector()
296 333 new_tunnel = False
297 334
298 335 if new_tunnel or tunnel_host == req.get_full_url(): # has proxy
299 336 urlparts = urlparse.urlparse(tunnel_host)
300 337 if new_tunnel or urlparts[0] == 'https': # only use CONNECT for HTTPS
301 338 if ':' in urlparts[1]:
302 339 realhost, realport = urlparts[1].split(':')
303 340 realport = int(realport)
304 341 else:
305 342 realhost = urlparts[1]
306 343 realport = 443
307 344
308 345 h.realhost = realhost
309 346 h.realport = realport
310 347 h.headers = req.headers.copy()
311 348 h.headers.update(handler.parent.addheaders)
312 349 return
313 350
314 351 h.realhost = None
315 352 h.realport = None
316 353 h.headers = None
317 354
318 355 def _generic_proxytunnel(self):
319 356 proxyheaders = dict(
320 357 [(x, self.headers[x]) for x in self.headers
321 358 if x.lower().startswith('proxy-')])
322 359 self._set_hostport(self.host, self.port)
323 360 self.send('CONNECT %s:%d HTTP/1.0\r\n' % (self.realhost, self.realport))
324 361 for header in proxyheaders.iteritems():
325 362 self.send('%s: %s\r\n' % header)
326 363 self.send('\r\n')
327 364
328 365 # majority of the following code is duplicated from
329 366 # httplib.HTTPConnection as there are no adequate places to
330 367 # override functions to provide the needed functionality
331 368 res = self.response_class(self.sock,
332 369 strict=self.strict,
333 370 method=self._method)
334 371
335 372 while True:
336 373 version, status, reason = res._read_status()
337 374 if status != httplib.CONTINUE:
338 375 break
339 376 while True:
340 377 skip = res.fp.readline().strip()
341 378 if not skip:
342 379 break
343 380 res.status = status
344 381 res.reason = reason.strip()
345 382
346 383 if res.status == 200:
347 384 while True:
348 385 line = res.fp.readline()
349 386 if line == '\r\n':
350 387 break
351 388 return True
352 389
353 390 if version == 'HTTP/1.0':
354 391 res.version = 10
355 392 elif version.startswith('HTTP/1.'):
356 393 res.version = 11
357 394 elif version == 'HTTP/0.9':
358 395 res.version = 9
359 396 else:
360 397 raise httplib.UnknownProtocol(version)
361 398
362 399 if res.version == 9:
363 400 res.length = None
364 401 res.chunked = 0
365 402 res.will_close = 1
366 403 res.msg = httplib.HTTPMessage(cStringIO.StringIO())
367 404 return False
368 405
369 406 res.msg = httplib.HTTPMessage(res.fp)
370 407 res.msg.fp = None
371 408
372 409 # are we using the chunked-style of transfer encoding?
373 410 trenc = res.msg.getheader('transfer-encoding')
374 411 if trenc and trenc.lower() == "chunked":
375 412 res.chunked = 1
376 413 res.chunk_left = None
377 414 else:
378 415 res.chunked = 0
379 416
380 417 # will the connection close at the end of the response?
381 418 res.will_close = res._check_close()
382 419
383 420 # do we have a Content-Length?
384 421 # NOTE: RFC 2616, S4.4, #3 says we ignore this if tr_enc is "chunked"
385 422 length = res.msg.getheader('content-length')
386 423 if length and not res.chunked:
387 424 try:
388 425 res.length = int(length)
389 426 except ValueError:
390 427 res.length = None
391 428 else:
392 429 if res.length < 0: # ignore nonsensical negative lengths
393 430 res.length = None
394 431 else:
395 432 res.length = None
396 433
397 434 # does the body have a fixed length? (of zero)
398 435 if (status == httplib.NO_CONTENT or status == httplib.NOT_MODIFIED or
399 436 100 <= status < 200 or # 1xx codes
400 437 res._method == 'HEAD'):
401 438 res.length = 0
402 439
403 440 # if the connection remains open, and we aren't using chunked, and
404 441 # a content-length was not provided, then assume that the connection
405 442 # WILL close.
406 443 if (not res.will_close and
407 444 not res.chunked and
408 445 res.length is None):
409 446 res.will_close = 1
410 447
411 448 self.proxyres = res
412 449
413 450 return False
414 451
415 452 class httphandler(keepalive.HTTPHandler):
416 453 def http_open(self, req):
417 454 return self.do_open(httpconnection, req)
418 455
419 456 def _start_transaction(self, h, req):
420 457 _generic_start_transaction(self, h, req)
421 458 return keepalive.HTTPHandler._start_transaction(self, h, req)
422 459
423 460 def __del__(self):
424 461 self.close_all()
425 462
426 463 if has_https:
427 464 class BetterHTTPS(httplib.HTTPSConnection):
428 465 send = keepalive.safesend
429 466
467 def connect(self):
468 if hasattr(self, 'ui'):
469 cacerts = self.ui.config('web', 'cacerts')
470 else:
471 cacerts = None
472
473 if cacerts:
474 sock = _create_connection((self.host, self.port))
475 self.sock = _ssl_wrap_socket(sock, self.key_file,
476 self.cert_file, cert_reqs=CERT_REQUIRED,
477 ca_certs=cacerts)
478 self.ui.debug(_('server identity verification succeeded\n'))
479 else:
480 httplib.HTTPSConnection.connect(self)
481
430 482 class httpsconnection(BetterHTTPS):
431 483 response_class = keepalive.HTTPResponse
432 484 # must be able to send big bundle as stream.
433 485 send = _gen_sendfile(BetterHTTPS)
434 486 getresponse = keepalive.wrapgetresponse(httplib.HTTPSConnection)
435 487
436 488 def connect(self):
437 489 if self.realhost: # use CONNECT proxy
438 490 self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
439 491 self.sock.connect((self.host, self.port))
440 492 if _generic_proxytunnel(self):
441 493 self.sock = _ssl_wrap_socket(self.sock, self.cert_file,
442 494 self.key_file)
443 495 else:
444 496 BetterHTTPS.connect(self)
445 497
446 498 class httpshandler(keepalive.KeepAliveHandler, urllib2.HTTPSHandler):
447 499 def __init__(self, ui):
448 500 keepalive.KeepAliveHandler.__init__(self)
449 501 urllib2.HTTPSHandler.__init__(self)
450 502 self.ui = ui
451 503 self.pwmgr = passwordmgr(self.ui)
452 504
453 505 def _start_transaction(self, h, req):
454 506 _generic_start_transaction(self, h, req)
455 507 return keepalive.KeepAliveHandler._start_transaction(self, h, req)
456 508
457 509 def https_open(self, req):
458 510 self.auth = self.pwmgr.readauthtoken(req.get_full_url())
459 511 return self.do_open(self._makeconnection, req)
460 512
461 513 def _makeconnection(self, host, port=None, *args, **kwargs):
462 514 keyfile = None
463 515 certfile = None
464 516
465 517 if args: # key_file
466 518 keyfile = args.pop(0)
467 519 if args: # cert_file
468 520 certfile = args.pop(0)
469 521
470 522 # if the user has specified different key/cert files in
471 523 # hgrc, we prefer these
472 524 if self.auth and 'key' in self.auth and 'cert' in self.auth:
473 525 keyfile = self.auth['key']
474 526 certfile = self.auth['cert']
475 527
476 return httpsconnection(host, port, keyfile, certfile, *args, **kwargs)
528 conn = httpsconnection(host, port, keyfile, certfile, *args, **kwargs)
529 conn.ui = self.ui
530 return conn
477 531
478 532 # In python < 2.5 AbstractDigestAuthHandler raises a ValueError if
479 533 # it doesn't know about the auth type requested. This can happen if
480 534 # somebody is using BasicAuth and types a bad password.
481 535 class httpdigestauthhandler(urllib2.HTTPDigestAuthHandler):
482 536 def http_error_auth_reqed(self, auth_header, host, req, headers):
483 537 try:
484 538 return urllib2.HTTPDigestAuthHandler.http_error_auth_reqed(
485 539 self, auth_header, host, req, headers)
486 540 except ValueError, inst:
487 541 arg = inst.args[0]
488 542 if arg.startswith("AbstractDigestAuthHandler doesn't know "):
489 543 return
490 544 raise
491 545
492 546 def getauthinfo(path):
493 547 scheme, netloc, urlpath, query, frag = urlparse.urlsplit(path)
494 548 if not urlpath:
495 549 urlpath = '/'
496 550 if scheme != 'file':
497 551 # XXX: why are we quoting the path again with some smart
498 552 # heuristic here? Anyway, it cannot be done with file://
499 553 # urls since path encoding is os/fs dependent (see
500 554 # urllib.pathname2url() for details).
501 555 urlpath = quotepath(urlpath)
502 556 host, port, user, passwd = netlocsplit(netloc)
503 557
504 558 # urllib cannot handle URLs with embedded user or passwd
505 559 url = urlparse.urlunsplit((scheme, netlocunsplit(host, port),
506 560 urlpath, query, frag))
507 561 if user:
508 562 netloc = host
509 563 if port:
510 564 netloc += ':' + port
511 565 # Python < 2.4.3 uses only the netloc to search for a password
512 566 authinfo = (None, (url, netloc), user, passwd or '')
513 567 else:
514 568 authinfo = None
515 569 return url, authinfo
516 570
517 571 handlerfuncs = []
518 572
519 573 def opener(ui, authinfo=None):
520 574 '''
521 575 construct an opener suitable for urllib2
522 576 authinfo will be added to the password manager
523 577 '''
524 578 handlers = [httphandler()]
525 579 if has_https:
526 580 handlers.append(httpshandler(ui))
527 581
528 582 handlers.append(proxyhandler(ui))
529 583
530 584 passmgr = passwordmgr(ui)
531 585 if authinfo is not None:
532 586 passmgr.add_password(*authinfo)
533 587 user, passwd = authinfo[2:4]
534 588 ui.debug('http auth: user %s, password %s\n' %
535 589 (user, passwd and '*' * len(passwd) or 'not set'))
536 590
537 591 handlers.extend((urllib2.HTTPBasicAuthHandler(passmgr),
538 592 httpdigestauthhandler(passmgr)))
539 593 handlers.extend([h(ui, passmgr) for h in handlerfuncs])
540 594 opener = urllib2.build_opener(*handlers)
541 595
542 596 # 1.0 here is the _protocol_ version
543 597 opener.addheaders = [('User-agent', 'mercurial/proto-1.0')]
544 598 opener.addheaders.append(('Accept', 'application/mercurial-0.1'))
545 599 return opener
546 600
547 601 scheme_re = re.compile(r'^([a-zA-Z0-9+-.]+)://')
548 602
549 603 def open(ui, url, data=None):
550 604 scheme = None
551 605 m = scheme_re.search(url)
552 606 if m:
553 607 scheme = m.group(1).lower()
554 608 if not scheme:
555 609 path = util.normpath(os.path.abspath(url))
556 610 url = 'file://' + urllib.pathname2url(path)
557 611 authinfo = None
558 612 else:
559 613 url, authinfo = getauthinfo(url)
560 614 return opener(ui, authinfo).open(url, data)
General Comments 0
You need to be logged in to leave comments. Login now