##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

config: remove unused hostsecurity.disabletls10warning config
Manuel Jacob -
r45432:4dcb2791 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,1575 +1,1572 b''
1 1 # configitems.py - centralized declaration of configuration option
2 2 #
3 3 # Copyright 2017 Pierre-Yves David <pierre-yves.david@octobus.net>
4 4 #
5 5 # This software may be used and distributed according to the terms of the
6 6 # GNU General Public License version 2 or any later version.
7 7
8 8 from __future__ import absolute_import
9 9
10 10 import functools
11 11 import re
12 12
13 13 from . import (
14 14 encoding,
15 15 error,
16 16 )
17 17
18 18
19 19 def loadconfigtable(ui, extname, configtable):
20 20 """update config item known to the ui with the extension ones"""
21 21 for section, items in sorted(configtable.items()):
22 22 knownitems = ui._knownconfig.setdefault(section, itemregister())
23 23 knownkeys = set(knownitems)
24 24 newkeys = set(items)
25 25 for key in sorted(knownkeys & newkeys):
26 26 msg = b"extension '%s' overwrite config item '%s.%s'"
27 27 msg %= (extname, section, key)
28 28 ui.develwarn(msg, config=b'warn-config')
29 29
30 30 knownitems.update(items)
31 31
32 32
33 33 class configitem(object):
34 34 """represent a known config item
35 35
36 36 :section: the official config section where to find this item,
37 37 :name: the official name within the section,
38 38 :default: default value for this item,
39 39 :alias: optional list of tuples as alternatives,
40 40 :generic: this is a generic definition, match name using regular expression.
41 41 """
42 42
43 43 def __init__(
44 44 self,
45 45 section,
46 46 name,
47 47 default=None,
48 48 alias=(),
49 49 generic=False,
50 50 priority=0,
51 51 experimental=False,
52 52 ):
53 53 self.section = section
54 54 self.name = name
55 55 self.default = default
56 56 self.alias = list(alias)
57 57 self.generic = generic
58 58 self.priority = priority
59 59 self.experimental = experimental
60 60 self._re = None
61 61 if generic:
62 62 self._re = re.compile(self.name)
63 63
64 64
65 65 class itemregister(dict):
66 66 """A specialized dictionary that can handle wild-card selection"""
67 67
68 68 def __init__(self):
69 69 super(itemregister, self).__init__()
70 70 self._generics = set()
71 71
72 72 def update(self, other):
73 73 super(itemregister, self).update(other)
74 74 self._generics.update(other._generics)
75 75
76 76 def __setitem__(self, key, item):
77 77 super(itemregister, self).__setitem__(key, item)
78 78 if item.generic:
79 79 self._generics.add(item)
80 80
81 81 def get(self, key):
82 82 baseitem = super(itemregister, self).get(key)
83 83 if baseitem is not None and not baseitem.generic:
84 84 return baseitem
85 85
86 86 # search for a matching generic item
87 87 generics = sorted(self._generics, key=(lambda x: (x.priority, x.name)))
88 88 for item in generics:
89 89 # we use 'match' instead of 'search' to make the matching simpler
90 90 # for people unfamiliar with regular expression. Having the match
91 91 # rooted to the start of the string will produce less surprising
92 92 # result for user writing simple regex for sub-attribute.
93 93 #
94 94 # For example using "color\..*" match produces an unsurprising
95 95 # result, while using search could suddenly match apparently
96 96 # unrelated configuration that happens to contains "color."
97 97 # anywhere. This is a tradeoff where we favor requiring ".*" on
98 98 # some match to avoid the need to prefix most pattern with "^".
99 99 # The "^" seems more error prone.
100 100 if item._re.match(key):
101 101 return item
102 102
103 103 return None
104 104
105 105
106 106 coreitems = {}
107 107
108 108
109 109 def _register(configtable, *args, **kwargs):
110 110 item = configitem(*args, **kwargs)
111 111 section = configtable.setdefault(item.section, itemregister())
112 112 if item.name in section:
113 113 msg = b"duplicated config item registration for '%s.%s'"
114 114 raise error.ProgrammingError(msg % (item.section, item.name))
115 115 section[item.name] = item
116 116
117 117
118 118 # special value for case where the default is derived from other values
119 119 dynamicdefault = object()
120 120
121 121 # Registering actual config items
122 122
123 123
124 124 def getitemregister(configtable):
125 125 f = functools.partial(_register, configtable)
126 126 # export pseudo enum as configitem.*
127 127 f.dynamicdefault = dynamicdefault
128 128 return f
129 129
130 130
131 131 coreconfigitem = getitemregister(coreitems)
132 132
133 133
134 134 def _registerdiffopts(section, configprefix=b''):
135 135 coreconfigitem(
136 136 section, configprefix + b'nodates', default=False,
137 137 )
138 138 coreconfigitem(
139 139 section, configprefix + b'showfunc', default=False,
140 140 )
141 141 coreconfigitem(
142 142 section, configprefix + b'unified', default=None,
143 143 )
144 144 coreconfigitem(
145 145 section, configprefix + b'git', default=False,
146 146 )
147 147 coreconfigitem(
148 148 section, configprefix + b'ignorews', default=False,
149 149 )
150 150 coreconfigitem(
151 151 section, configprefix + b'ignorewsamount', default=False,
152 152 )
153 153 coreconfigitem(
154 154 section, configprefix + b'ignoreblanklines', default=False,
155 155 )
156 156 coreconfigitem(
157 157 section, configprefix + b'ignorewseol', default=False,
158 158 )
159 159 coreconfigitem(
160 160 section, configprefix + b'nobinary', default=False,
161 161 )
162 162 coreconfigitem(
163 163 section, configprefix + b'noprefix', default=False,
164 164 )
165 165 coreconfigitem(
166 166 section, configprefix + b'word-diff', default=False,
167 167 )
168 168
169 169
170 170 coreconfigitem(
171 171 b'alias', b'.*', default=dynamicdefault, generic=True,
172 172 )
173 173 coreconfigitem(
174 174 b'auth', b'cookiefile', default=None,
175 175 )
176 176 _registerdiffopts(section=b'annotate')
177 177 # bookmarks.pushing: internal hack for discovery
178 178 coreconfigitem(
179 179 b'bookmarks', b'pushing', default=list,
180 180 )
181 181 # bundle.mainreporoot: internal hack for bundlerepo
182 182 coreconfigitem(
183 183 b'bundle', b'mainreporoot', default=b'',
184 184 )
185 185 coreconfigitem(
186 186 b'censor', b'policy', default=b'abort', experimental=True,
187 187 )
188 188 coreconfigitem(
189 189 b'chgserver', b'idletimeout', default=3600,
190 190 )
191 191 coreconfigitem(
192 192 b'chgserver', b'skiphash', default=False,
193 193 )
194 194 coreconfigitem(
195 195 b'cmdserver', b'log', default=None,
196 196 )
197 197 coreconfigitem(
198 198 b'cmdserver', b'max-log-files', default=7,
199 199 )
200 200 coreconfigitem(
201 201 b'cmdserver', b'max-log-size', default=b'1 MB',
202 202 )
203 203 coreconfigitem(
204 204 b'cmdserver', b'max-repo-cache', default=0, experimental=True,
205 205 )
206 206 coreconfigitem(
207 207 b'cmdserver', b'message-encodings', default=list, experimental=True,
208 208 )
209 209 coreconfigitem(
210 210 b'cmdserver',
211 211 b'track-log',
212 212 default=lambda: [b'chgserver', b'cmdserver', b'repocache'],
213 213 )
214 214 coreconfigitem(
215 215 b'color', b'.*', default=None, generic=True,
216 216 )
217 217 coreconfigitem(
218 218 b'color', b'mode', default=b'auto',
219 219 )
220 220 coreconfigitem(
221 221 b'color', b'pagermode', default=dynamicdefault,
222 222 )
223 223 _registerdiffopts(section=b'commands', configprefix=b'commit.interactive.')
224 224 coreconfigitem(
225 225 b'commands', b'commit.post-status', default=False,
226 226 )
227 227 coreconfigitem(
228 228 b'commands', b'grep.all-files', default=False, experimental=True,
229 229 )
230 230 coreconfigitem(
231 231 b'commands', b'merge.require-rev', default=False,
232 232 )
233 233 coreconfigitem(
234 234 b'commands', b'push.require-revs', default=False,
235 235 )
236 236 coreconfigitem(
237 237 b'commands', b'resolve.confirm', default=False,
238 238 )
239 239 coreconfigitem(
240 240 b'commands', b'resolve.explicit-re-merge', default=False,
241 241 )
242 242 coreconfigitem(
243 243 b'commands', b'resolve.mark-check', default=b'none',
244 244 )
245 245 _registerdiffopts(section=b'commands', configprefix=b'revert.interactive.')
246 246 coreconfigitem(
247 247 b'commands', b'show.aliasprefix', default=list,
248 248 )
249 249 coreconfigitem(
250 250 b'commands', b'status.relative', default=False,
251 251 )
252 252 coreconfigitem(
253 253 b'commands', b'status.skipstates', default=[], experimental=True,
254 254 )
255 255 coreconfigitem(
256 256 b'commands', b'status.terse', default=b'',
257 257 )
258 258 coreconfigitem(
259 259 b'commands', b'status.verbose', default=False,
260 260 )
261 261 coreconfigitem(
262 262 b'commands', b'update.check', default=None,
263 263 )
264 264 coreconfigitem(
265 265 b'commands', b'update.requiredest', default=False,
266 266 )
267 267 coreconfigitem(
268 268 b'committemplate', b'.*', default=None, generic=True,
269 269 )
270 270 coreconfigitem(
271 271 b'convert', b'bzr.saverev', default=True,
272 272 )
273 273 coreconfigitem(
274 274 b'convert', b'cvsps.cache', default=True,
275 275 )
276 276 coreconfigitem(
277 277 b'convert', b'cvsps.fuzz', default=60,
278 278 )
279 279 coreconfigitem(
280 280 b'convert', b'cvsps.logencoding', default=None,
281 281 )
282 282 coreconfigitem(
283 283 b'convert', b'cvsps.mergefrom', default=None,
284 284 )
285 285 coreconfigitem(
286 286 b'convert', b'cvsps.mergeto', default=None,
287 287 )
288 288 coreconfigitem(
289 289 b'convert', b'git.committeractions', default=lambda: [b'messagedifferent'],
290 290 )
291 291 coreconfigitem(
292 292 b'convert', b'git.extrakeys', default=list,
293 293 )
294 294 coreconfigitem(
295 295 b'convert', b'git.findcopiesharder', default=False,
296 296 )
297 297 coreconfigitem(
298 298 b'convert', b'git.remoteprefix', default=b'remote',
299 299 )
300 300 coreconfigitem(
301 301 b'convert', b'git.renamelimit', default=400,
302 302 )
303 303 coreconfigitem(
304 304 b'convert', b'git.saverev', default=True,
305 305 )
306 306 coreconfigitem(
307 307 b'convert', b'git.similarity', default=50,
308 308 )
309 309 coreconfigitem(
310 310 b'convert', b'git.skipsubmodules', default=False,
311 311 )
312 312 coreconfigitem(
313 313 b'convert', b'hg.clonebranches', default=False,
314 314 )
315 315 coreconfigitem(
316 316 b'convert', b'hg.ignoreerrors', default=False,
317 317 )
318 318 coreconfigitem(
319 319 b'convert', b'hg.preserve-hash', default=False,
320 320 )
321 321 coreconfigitem(
322 322 b'convert', b'hg.revs', default=None,
323 323 )
324 324 coreconfigitem(
325 325 b'convert', b'hg.saverev', default=False,
326 326 )
327 327 coreconfigitem(
328 328 b'convert', b'hg.sourcename', default=None,
329 329 )
330 330 coreconfigitem(
331 331 b'convert', b'hg.startrev', default=None,
332 332 )
333 333 coreconfigitem(
334 334 b'convert', b'hg.tagsbranch', default=b'default',
335 335 )
336 336 coreconfigitem(
337 337 b'convert', b'hg.usebranchnames', default=True,
338 338 )
339 339 coreconfigitem(
340 340 b'convert', b'ignoreancestorcheck', default=False, experimental=True,
341 341 )
342 342 coreconfigitem(
343 343 b'convert', b'localtimezone', default=False,
344 344 )
345 345 coreconfigitem(
346 346 b'convert', b'p4.encoding', default=dynamicdefault,
347 347 )
348 348 coreconfigitem(
349 349 b'convert', b'p4.startrev', default=0,
350 350 )
351 351 coreconfigitem(
352 352 b'convert', b'skiptags', default=False,
353 353 )
354 354 coreconfigitem(
355 355 b'convert', b'svn.debugsvnlog', default=True,
356 356 )
357 357 coreconfigitem(
358 358 b'convert', b'svn.trunk', default=None,
359 359 )
360 360 coreconfigitem(
361 361 b'convert', b'svn.tags', default=None,
362 362 )
363 363 coreconfigitem(
364 364 b'convert', b'svn.branches', default=None,
365 365 )
366 366 coreconfigitem(
367 367 b'convert', b'svn.startrev', default=0,
368 368 )
369 369 coreconfigitem(
370 370 b'debug', b'dirstate.delaywrite', default=0,
371 371 )
372 372 coreconfigitem(
373 373 b'defaults', b'.*', default=None, generic=True,
374 374 )
375 375 coreconfigitem(
376 376 b'devel', b'all-warnings', default=False,
377 377 )
378 378 coreconfigitem(
379 379 b'devel', b'bundle2.debug', default=False,
380 380 )
381 381 coreconfigitem(
382 382 b'devel', b'bundle.delta', default=b'',
383 383 )
384 384 coreconfigitem(
385 385 b'devel', b'cache-vfs', default=None,
386 386 )
387 387 coreconfigitem(
388 388 b'devel', b'check-locks', default=False,
389 389 )
390 390 coreconfigitem(
391 391 b'devel', b'check-relroot', default=False,
392 392 )
393 393 coreconfigitem(
394 394 b'devel', b'default-date', default=None,
395 395 )
396 396 coreconfigitem(
397 397 b'devel', b'deprec-warn', default=False,
398 398 )
399 399 coreconfigitem(
400 400 b'devel', b'disableloaddefaultcerts', default=False,
401 401 )
402 402 coreconfigitem(
403 403 b'devel', b'warn-empty-changegroup', default=False,
404 404 )
405 405 coreconfigitem(
406 406 b'devel', b'legacy.exchange', default=list,
407 407 )
408 408 coreconfigitem(
409 409 b'devel', b'persistent-nodemap', default=False,
410 410 )
411 411 coreconfigitem(
412 412 b'devel', b'servercafile', default=b'',
413 413 )
414 414 coreconfigitem(
415 415 b'devel', b'serverexactprotocol', default=b'',
416 416 )
417 417 coreconfigitem(
418 418 b'devel', b'serverrequirecert', default=False,
419 419 )
420 420 coreconfigitem(
421 421 b'devel', b'strip-obsmarkers', default=True,
422 422 )
423 423 coreconfigitem(
424 424 b'devel', b'warn-config', default=None,
425 425 )
426 426 coreconfigitem(
427 427 b'devel', b'warn-config-default', default=None,
428 428 )
429 429 coreconfigitem(
430 430 b'devel', b'user.obsmarker', default=None,
431 431 )
432 432 coreconfigitem(
433 433 b'devel', b'warn-config-unknown', default=None,
434 434 )
435 435 coreconfigitem(
436 436 b'devel', b'debug.copies', default=False,
437 437 )
438 438 coreconfigitem(
439 439 b'devel', b'debug.extensions', default=False,
440 440 )
441 441 coreconfigitem(
442 442 b'devel', b'debug.repo-filters', default=False,
443 443 )
444 444 coreconfigitem(
445 445 b'devel', b'debug.peer-request', default=False,
446 446 )
447 447 coreconfigitem(
448 448 b'devel', b'discovery.randomize', default=True,
449 449 )
450 450 _registerdiffopts(section=b'diff')
451 451 coreconfigitem(
452 452 b'email', b'bcc', default=None,
453 453 )
454 454 coreconfigitem(
455 455 b'email', b'cc', default=None,
456 456 )
457 457 coreconfigitem(
458 458 b'email', b'charsets', default=list,
459 459 )
460 460 coreconfigitem(
461 461 b'email', b'from', default=None,
462 462 )
463 463 coreconfigitem(
464 464 b'email', b'method', default=b'smtp',
465 465 )
466 466 coreconfigitem(
467 467 b'email', b'reply-to', default=None,
468 468 )
469 469 coreconfigitem(
470 470 b'email', b'to', default=None,
471 471 )
472 472 coreconfigitem(
473 473 b'experimental', b'archivemetatemplate', default=dynamicdefault,
474 474 )
475 475 coreconfigitem(
476 476 b'experimental', b'auto-publish', default=b'publish',
477 477 )
478 478 coreconfigitem(
479 479 b'experimental', b'bundle-phases', default=False,
480 480 )
481 481 coreconfigitem(
482 482 b'experimental', b'bundle2-advertise', default=True,
483 483 )
484 484 coreconfigitem(
485 485 b'experimental', b'bundle2-output-capture', default=False,
486 486 )
487 487 coreconfigitem(
488 488 b'experimental', b'bundle2.pushback', default=False,
489 489 )
490 490 coreconfigitem(
491 491 b'experimental', b'bundle2lazylocking', default=False,
492 492 )
493 493 coreconfigitem(
494 494 b'experimental', b'bundlecomplevel', default=None,
495 495 )
496 496 coreconfigitem(
497 497 b'experimental', b'bundlecomplevel.bzip2', default=None,
498 498 )
499 499 coreconfigitem(
500 500 b'experimental', b'bundlecomplevel.gzip', default=None,
501 501 )
502 502 coreconfigitem(
503 503 b'experimental', b'bundlecomplevel.none', default=None,
504 504 )
505 505 coreconfigitem(
506 506 b'experimental', b'bundlecomplevel.zstd', default=None,
507 507 )
508 508 coreconfigitem(
509 509 b'experimental', b'changegroup3', default=False,
510 510 )
511 511 coreconfigitem(
512 512 b'experimental', b'cleanup-as-archived', default=False,
513 513 )
514 514 coreconfigitem(
515 515 b'experimental', b'clientcompressionengines', default=list,
516 516 )
517 517 coreconfigitem(
518 518 b'experimental', b'copytrace', default=b'on',
519 519 )
520 520 coreconfigitem(
521 521 b'experimental', b'copytrace.movecandidateslimit', default=100,
522 522 )
523 523 coreconfigitem(
524 524 b'experimental', b'copytrace.sourcecommitlimit', default=100,
525 525 )
526 526 coreconfigitem(
527 527 b'experimental', b'copies.read-from', default=b"filelog-only",
528 528 )
529 529 coreconfigitem(
530 530 b'experimental', b'copies.write-to', default=b'filelog-only',
531 531 )
532 532 coreconfigitem(
533 533 b'experimental', b'crecordtest', default=None,
534 534 )
535 535 coreconfigitem(
536 536 b'experimental', b'directaccess', default=False,
537 537 )
538 538 coreconfigitem(
539 539 b'experimental', b'directaccess.revnums', default=False,
540 540 )
541 541 coreconfigitem(
542 542 b'experimental', b'editortmpinhg', default=False,
543 543 )
544 544 coreconfigitem(
545 545 b'experimental', b'evolution', default=list,
546 546 )
547 547 coreconfigitem(
548 548 b'experimental',
549 549 b'evolution.allowdivergence',
550 550 default=False,
551 551 alias=[(b'experimental', b'allowdivergence')],
552 552 )
553 553 coreconfigitem(
554 554 b'experimental', b'evolution.allowunstable', default=None,
555 555 )
556 556 coreconfigitem(
557 557 b'experimental', b'evolution.createmarkers', default=None,
558 558 )
559 559 coreconfigitem(
560 560 b'experimental',
561 561 b'evolution.effect-flags',
562 562 default=True,
563 563 alias=[(b'experimental', b'effect-flags')],
564 564 )
565 565 coreconfigitem(
566 566 b'experimental', b'evolution.exchange', default=None,
567 567 )
568 568 coreconfigitem(
569 569 b'experimental', b'evolution.bundle-obsmarker', default=False,
570 570 )
571 571 coreconfigitem(
572 572 b'experimental', b'log.topo', default=False,
573 573 )
574 574 coreconfigitem(
575 575 b'experimental', b'evolution.report-instabilities', default=True,
576 576 )
577 577 coreconfigitem(
578 578 b'experimental', b'evolution.track-operation', default=True,
579 579 )
580 580 # repo-level config to exclude a revset visibility
581 581 #
582 582 # The target use case is to use `share` to expose different subset of the same
583 583 # repository, especially server side. See also `server.view`.
584 584 coreconfigitem(
585 585 b'experimental', b'extra-filter-revs', default=None,
586 586 )
587 587 coreconfigitem(
588 588 b'experimental', b'maxdeltachainspan', default=-1,
589 589 )
590 590 coreconfigitem(
591 591 b'experimental', b'mergetempdirprefix', default=None,
592 592 )
593 593 coreconfigitem(
594 594 b'experimental', b'mmapindexthreshold', default=None,
595 595 )
596 596 coreconfigitem(
597 597 b'experimental', b'narrow', default=False,
598 598 )
599 599 coreconfigitem(
600 600 b'experimental', b'nonnormalparanoidcheck', default=False,
601 601 )
602 602 coreconfigitem(
603 603 b'experimental', b'exportableenviron', default=list,
604 604 )
605 605 coreconfigitem(
606 606 b'experimental', b'extendedheader.index', default=None,
607 607 )
608 608 coreconfigitem(
609 609 b'experimental', b'extendedheader.similarity', default=False,
610 610 )
611 611 coreconfigitem(
612 612 b'experimental', b'graphshorten', default=False,
613 613 )
614 614 coreconfigitem(
615 615 b'experimental', b'graphstyle.parent', default=dynamicdefault,
616 616 )
617 617 coreconfigitem(
618 618 b'experimental', b'graphstyle.missing', default=dynamicdefault,
619 619 )
620 620 coreconfigitem(
621 621 b'experimental', b'graphstyle.grandparent', default=dynamicdefault,
622 622 )
623 623 coreconfigitem(
624 624 b'experimental', b'hook-track-tags', default=False,
625 625 )
626 626 coreconfigitem(
627 627 b'experimental', b'httppeer.advertise-v2', default=False,
628 628 )
629 629 coreconfigitem(
630 630 b'experimental', b'httppeer.v2-encoder-order', default=None,
631 631 )
632 632 coreconfigitem(
633 633 b'experimental', b'httppostargs', default=False,
634 634 )
635 635 coreconfigitem(
636 636 b'experimental', b'mergedriver', default=None,
637 637 )
638 638 coreconfigitem(b'experimental', b'nointerrupt', default=False)
639 639 coreconfigitem(b'experimental', b'nointerrupt-interactiveonly', default=True)
640 640
641 641 coreconfigitem(
642 642 b'experimental', b'obsmarkers-exchange-debug', default=False,
643 643 )
644 644 coreconfigitem(
645 645 b'experimental', b'remotenames', default=False,
646 646 )
647 647 coreconfigitem(
648 648 b'experimental', b'removeemptydirs', default=True,
649 649 )
650 650 coreconfigitem(
651 651 b'experimental', b'revert.interactive.select-to-keep', default=False,
652 652 )
653 653 coreconfigitem(
654 654 b'experimental', b'revisions.prefixhexnode', default=False,
655 655 )
656 656 coreconfigitem(
657 657 b'experimental', b'revlogv2', default=None,
658 658 )
659 659 coreconfigitem(
660 660 b'experimental', b'revisions.disambiguatewithin', default=None,
661 661 )
662 662 coreconfigitem(
663 663 b'experimental', b'rust.index', default=False,
664 664 )
665 665 coreconfigitem(
666 666 b'experimental', b'server.filesdata.recommended-batch-size', default=50000,
667 667 )
668 668 coreconfigitem(
669 669 b'experimental',
670 670 b'server.manifestdata.recommended-batch-size',
671 671 default=100000,
672 672 )
673 673 coreconfigitem(
674 674 b'experimental', b'server.stream-narrow-clones', default=False,
675 675 )
676 676 coreconfigitem(
677 677 b'experimental', b'single-head-per-branch', default=False,
678 678 )
679 679 coreconfigitem(
680 680 b'experimental',
681 681 b'single-head-per-branch:account-closed-heads',
682 682 default=False,
683 683 )
684 684 coreconfigitem(
685 685 b'experimental', b'sshserver.support-v2', default=False,
686 686 )
687 687 coreconfigitem(
688 688 b'experimental', b'sparse-read', default=False,
689 689 )
690 690 coreconfigitem(
691 691 b'experimental', b'sparse-read.density-threshold', default=0.50,
692 692 )
693 693 coreconfigitem(
694 694 b'experimental', b'sparse-read.min-gap-size', default=b'65K',
695 695 )
696 696 coreconfigitem(
697 697 b'experimental', b'treemanifest', default=False,
698 698 )
699 699 coreconfigitem(
700 700 b'experimental', b'update.atomic-file', default=False,
701 701 )
702 702 coreconfigitem(
703 703 b'experimental', b'sshpeer.advertise-v2', default=False,
704 704 )
705 705 coreconfigitem(
706 706 b'experimental', b'web.apiserver', default=False,
707 707 )
708 708 coreconfigitem(
709 709 b'experimental', b'web.api.http-v2', default=False,
710 710 )
711 711 coreconfigitem(
712 712 b'experimental', b'web.api.debugreflect', default=False,
713 713 )
714 714 coreconfigitem(
715 715 b'experimental', b'worker.wdir-get-thread-safe', default=False,
716 716 )
717 717 coreconfigitem(
718 718 b'experimental', b'worker.repository-upgrade', default=False,
719 719 )
720 720 coreconfigitem(
721 721 b'experimental', b'xdiff', default=False,
722 722 )
723 723 coreconfigitem(
724 724 b'extensions', b'.*', default=None, generic=True,
725 725 )
726 726 coreconfigitem(
727 727 b'extdata', b'.*', default=None, generic=True,
728 728 )
729 729 coreconfigitem(
730 730 b'format', b'bookmarks-in-store', default=False,
731 731 )
732 732 coreconfigitem(
733 733 b'format', b'chunkcachesize', default=None, experimental=True,
734 734 )
735 735 coreconfigitem(
736 736 b'format', b'dotencode', default=True,
737 737 )
738 738 coreconfigitem(
739 739 b'format', b'generaldelta', default=False, experimental=True,
740 740 )
741 741 coreconfigitem(
742 742 b'format', b'manifestcachesize', default=None, experimental=True,
743 743 )
744 744 coreconfigitem(
745 745 b'format', b'maxchainlen', default=dynamicdefault, experimental=True,
746 746 )
747 747 coreconfigitem(
748 748 b'format', b'obsstore-version', default=None,
749 749 )
750 750 coreconfigitem(
751 751 b'format', b'sparse-revlog', default=True,
752 752 )
753 753 coreconfigitem(
754 754 b'format',
755 755 b'revlog-compression',
756 756 default=lambda: [b'zlib'],
757 757 alias=[(b'experimental', b'format.compression')],
758 758 )
759 759 coreconfigitem(
760 760 b'format', b'usefncache', default=True,
761 761 )
762 762 coreconfigitem(
763 763 b'format', b'usegeneraldelta', default=True,
764 764 )
765 765 coreconfigitem(
766 766 b'format', b'usestore', default=True,
767 767 )
768 768 # Right now, the only efficient implement of the nodemap logic is in Rust, so
769 769 # the persistent nodemap feature needs to stay experimental as long as the Rust
770 770 # extensions are an experimental feature.
771 771 coreconfigitem(
772 772 b'format', b'use-persistent-nodemap', default=False, experimental=True
773 773 )
774 774 coreconfigitem(
775 775 b'format',
776 776 b'exp-use-copies-side-data-changeset',
777 777 default=False,
778 778 experimental=True,
779 779 )
780 780 coreconfigitem(
781 781 b'format', b'exp-use-side-data', default=False, experimental=True,
782 782 )
783 783 coreconfigitem(
784 784 b'format', b'internal-phase', default=False, experimental=True,
785 785 )
786 786 coreconfigitem(
787 787 b'fsmonitor', b'warn_when_unused', default=True,
788 788 )
789 789 coreconfigitem(
790 790 b'fsmonitor', b'warn_update_file_count', default=50000,
791 791 )
792 792 coreconfigitem(
793 793 b'help', br'hidden-command\..*', default=False, generic=True,
794 794 )
795 795 coreconfigitem(
796 796 b'help', br'hidden-topic\..*', default=False, generic=True,
797 797 )
798 798 coreconfigitem(
799 799 b'hooks', b'.*', default=dynamicdefault, generic=True,
800 800 )
801 801 coreconfigitem(
802 802 b'hgweb-paths', b'.*', default=list, generic=True,
803 803 )
804 804 coreconfigitem(
805 805 b'hostfingerprints', b'.*', default=list, generic=True,
806 806 )
807 807 coreconfigitem(
808 808 b'hostsecurity', b'ciphers', default=None,
809 809 )
810 810 coreconfigitem(
811 b'hostsecurity', b'disabletls10warning', default=False,
812 )
813 coreconfigitem(
814 811 b'hostsecurity', b'minimumprotocol', default=dynamicdefault,
815 812 )
816 813 coreconfigitem(
817 814 b'hostsecurity',
818 815 b'.*:minimumprotocol$',
819 816 default=dynamicdefault,
820 817 generic=True,
821 818 )
822 819 coreconfigitem(
823 820 b'hostsecurity', b'.*:ciphers$', default=dynamicdefault, generic=True,
824 821 )
825 822 coreconfigitem(
826 823 b'hostsecurity', b'.*:fingerprints$', default=list, generic=True,
827 824 )
828 825 coreconfigitem(
829 826 b'hostsecurity', b'.*:verifycertsfile$', default=None, generic=True,
830 827 )
831 828
832 829 coreconfigitem(
833 830 b'http_proxy', b'always', default=False,
834 831 )
835 832 coreconfigitem(
836 833 b'http_proxy', b'host', default=None,
837 834 )
838 835 coreconfigitem(
839 836 b'http_proxy', b'no', default=list,
840 837 )
841 838 coreconfigitem(
842 839 b'http_proxy', b'passwd', default=None,
843 840 )
844 841 coreconfigitem(
845 842 b'http_proxy', b'user', default=None,
846 843 )
847 844
848 845 coreconfigitem(
849 846 b'http', b'timeout', default=None,
850 847 )
851 848
852 849 coreconfigitem(
853 850 b'logtoprocess', b'commandexception', default=None,
854 851 )
855 852 coreconfigitem(
856 853 b'logtoprocess', b'commandfinish', default=None,
857 854 )
858 855 coreconfigitem(
859 856 b'logtoprocess', b'command', default=None,
860 857 )
861 858 coreconfigitem(
862 859 b'logtoprocess', b'develwarn', default=None,
863 860 )
864 861 coreconfigitem(
865 862 b'logtoprocess', b'uiblocked', default=None,
866 863 )
867 864 coreconfigitem(
868 865 b'merge', b'checkunknown', default=b'abort',
869 866 )
870 867 coreconfigitem(
871 868 b'merge', b'checkignored', default=b'abort',
872 869 )
873 870 coreconfigitem(
874 871 b'experimental', b'merge.checkpathconflicts', default=False,
875 872 )
876 873 coreconfigitem(
877 874 b'merge', b'followcopies', default=True,
878 875 )
879 876 coreconfigitem(
880 877 b'merge', b'on-failure', default=b'continue',
881 878 )
882 879 coreconfigitem(
883 880 b'merge', b'preferancestor', default=lambda: [b'*'], experimental=True,
884 881 )
885 882 coreconfigitem(
886 883 b'merge', b'strict-capability-check', default=False,
887 884 )
888 885 coreconfigitem(
889 886 b'merge-tools', b'.*', default=None, generic=True,
890 887 )
891 888 coreconfigitem(
892 889 b'merge-tools',
893 890 br'.*\.args$',
894 891 default=b"$local $base $other",
895 892 generic=True,
896 893 priority=-1,
897 894 )
898 895 coreconfigitem(
899 896 b'merge-tools', br'.*\.binary$', default=False, generic=True, priority=-1,
900 897 )
901 898 coreconfigitem(
902 899 b'merge-tools', br'.*\.check$', default=list, generic=True, priority=-1,
903 900 )
904 901 coreconfigitem(
905 902 b'merge-tools',
906 903 br'.*\.checkchanged$',
907 904 default=False,
908 905 generic=True,
909 906 priority=-1,
910 907 )
911 908 coreconfigitem(
912 909 b'merge-tools',
913 910 br'.*\.executable$',
914 911 default=dynamicdefault,
915 912 generic=True,
916 913 priority=-1,
917 914 )
918 915 coreconfigitem(
919 916 b'merge-tools', br'.*\.fixeol$', default=False, generic=True, priority=-1,
920 917 )
921 918 coreconfigitem(
922 919 b'merge-tools', br'.*\.gui$', default=False, generic=True, priority=-1,
923 920 )
924 921 coreconfigitem(
925 922 b'merge-tools',
926 923 br'.*\.mergemarkers$',
927 924 default=b'basic',
928 925 generic=True,
929 926 priority=-1,
930 927 )
931 928 coreconfigitem(
932 929 b'merge-tools',
933 930 br'.*\.mergemarkertemplate$',
934 931 default=dynamicdefault, # take from ui.mergemarkertemplate
935 932 generic=True,
936 933 priority=-1,
937 934 )
938 935 coreconfigitem(
939 936 b'merge-tools', br'.*\.priority$', default=0, generic=True, priority=-1,
940 937 )
941 938 coreconfigitem(
942 939 b'merge-tools',
943 940 br'.*\.premerge$',
944 941 default=dynamicdefault,
945 942 generic=True,
946 943 priority=-1,
947 944 )
948 945 coreconfigitem(
949 946 b'merge-tools', br'.*\.symlink$', default=False, generic=True, priority=-1,
950 947 )
951 948 coreconfigitem(
952 949 b'pager', b'attend-.*', default=dynamicdefault, generic=True,
953 950 )
954 951 coreconfigitem(
955 952 b'pager', b'ignore', default=list,
956 953 )
957 954 coreconfigitem(
958 955 b'pager', b'pager', default=dynamicdefault,
959 956 )
960 957 coreconfigitem(
961 958 b'patch', b'eol', default=b'strict',
962 959 )
963 960 coreconfigitem(
964 961 b'patch', b'fuzz', default=2,
965 962 )
966 963 coreconfigitem(
967 964 b'paths', b'default', default=None,
968 965 )
969 966 coreconfigitem(
970 967 b'paths', b'default-push', default=None,
971 968 )
972 969 coreconfigitem(
973 970 b'paths', b'.*', default=None, generic=True,
974 971 )
975 972 coreconfigitem(
976 973 b'phases', b'checksubrepos', default=b'follow',
977 974 )
978 975 coreconfigitem(
979 976 b'phases', b'new-commit', default=b'draft',
980 977 )
981 978 coreconfigitem(
982 979 b'phases', b'publish', default=True,
983 980 )
984 981 coreconfigitem(
985 982 b'profiling', b'enabled', default=False,
986 983 )
987 984 coreconfigitem(
988 985 b'profiling', b'format', default=b'text',
989 986 )
990 987 coreconfigitem(
991 988 b'profiling', b'freq', default=1000,
992 989 )
993 990 coreconfigitem(
994 991 b'profiling', b'limit', default=30,
995 992 )
996 993 coreconfigitem(
997 994 b'profiling', b'nested', default=0,
998 995 )
999 996 coreconfigitem(
1000 997 b'profiling', b'output', default=None,
1001 998 )
1002 999 coreconfigitem(
1003 1000 b'profiling', b'showmax', default=0.999,
1004 1001 )
1005 1002 coreconfigitem(
1006 1003 b'profiling', b'showmin', default=dynamicdefault,
1007 1004 )
1008 1005 coreconfigitem(
1009 1006 b'profiling', b'showtime', default=True,
1010 1007 )
1011 1008 coreconfigitem(
1012 1009 b'profiling', b'sort', default=b'inlinetime',
1013 1010 )
1014 1011 coreconfigitem(
1015 1012 b'profiling', b'statformat', default=b'hotpath',
1016 1013 )
1017 1014 coreconfigitem(
1018 1015 b'profiling', b'time-track', default=dynamicdefault,
1019 1016 )
1020 1017 coreconfigitem(
1021 1018 b'profiling', b'type', default=b'stat',
1022 1019 )
1023 1020 coreconfigitem(
1024 1021 b'progress', b'assume-tty', default=False,
1025 1022 )
1026 1023 coreconfigitem(
1027 1024 b'progress', b'changedelay', default=1,
1028 1025 )
1029 1026 coreconfigitem(
1030 1027 b'progress', b'clear-complete', default=True,
1031 1028 )
1032 1029 coreconfigitem(
1033 1030 b'progress', b'debug', default=False,
1034 1031 )
1035 1032 coreconfigitem(
1036 1033 b'progress', b'delay', default=3,
1037 1034 )
1038 1035 coreconfigitem(
1039 1036 b'progress', b'disable', default=False,
1040 1037 )
1041 1038 coreconfigitem(
1042 1039 b'progress', b'estimateinterval', default=60.0,
1043 1040 )
1044 1041 coreconfigitem(
1045 1042 b'progress',
1046 1043 b'format',
1047 1044 default=lambda: [b'topic', b'bar', b'number', b'estimate'],
1048 1045 )
1049 1046 coreconfigitem(
1050 1047 b'progress', b'refresh', default=0.1,
1051 1048 )
1052 1049 coreconfigitem(
1053 1050 b'progress', b'width', default=dynamicdefault,
1054 1051 )
1055 1052 coreconfigitem(
1056 1053 b'pull', b'confirm', default=False,
1057 1054 )
1058 1055 coreconfigitem(
1059 1056 b'push', b'pushvars.server', default=False,
1060 1057 )
1061 1058 coreconfigitem(
1062 1059 b'rewrite',
1063 1060 b'backup-bundle',
1064 1061 default=True,
1065 1062 alias=[(b'ui', b'history-editing-backup')],
1066 1063 )
1067 1064 coreconfigitem(
1068 1065 b'rewrite', b'update-timestamp', default=False,
1069 1066 )
1070 1067 coreconfigitem(
1071 1068 b'storage', b'new-repo-backend', default=b'revlogv1', experimental=True,
1072 1069 )
1073 1070 coreconfigitem(
1074 1071 b'storage',
1075 1072 b'revlog.optimize-delta-parent-choice',
1076 1073 default=True,
1077 1074 alias=[(b'format', b'aggressivemergedeltas')],
1078 1075 )
1079 1076 # experimental as long as rust is experimental (or a C version is implemented)
1080 1077 coreconfigitem(
1081 1078 b'storage', b'revlog.nodemap.mmap', default=True, experimental=True
1082 1079 )
1083 1080 # experimental as long as format.use-persistent-nodemap is.
1084 1081 coreconfigitem(
1085 1082 b'storage', b'revlog.nodemap.mode', default=b'compat', experimental=True
1086 1083 )
1087 1084 coreconfigitem(
1088 1085 b'storage', b'revlog.reuse-external-delta', default=True,
1089 1086 )
1090 1087 coreconfigitem(
1091 1088 b'storage', b'revlog.reuse-external-delta-parent', default=None,
1092 1089 )
1093 1090 coreconfigitem(
1094 1091 b'storage', b'revlog.zlib.level', default=None,
1095 1092 )
1096 1093 coreconfigitem(
1097 1094 b'storage', b'revlog.zstd.level', default=None,
1098 1095 )
1099 1096 coreconfigitem(
1100 1097 b'server', b'bookmarks-pushkey-compat', default=True,
1101 1098 )
1102 1099 coreconfigitem(
1103 1100 b'server', b'bundle1', default=True,
1104 1101 )
1105 1102 coreconfigitem(
1106 1103 b'server', b'bundle1gd', default=None,
1107 1104 )
1108 1105 coreconfigitem(
1109 1106 b'server', b'bundle1.pull', default=None,
1110 1107 )
1111 1108 coreconfigitem(
1112 1109 b'server', b'bundle1gd.pull', default=None,
1113 1110 )
1114 1111 coreconfigitem(
1115 1112 b'server', b'bundle1.push', default=None,
1116 1113 )
1117 1114 coreconfigitem(
1118 1115 b'server', b'bundle1gd.push', default=None,
1119 1116 )
1120 1117 coreconfigitem(
1121 1118 b'server',
1122 1119 b'bundle2.stream',
1123 1120 default=True,
1124 1121 alias=[(b'experimental', b'bundle2.stream')],
1125 1122 )
1126 1123 coreconfigitem(
1127 1124 b'server', b'compressionengines', default=list,
1128 1125 )
1129 1126 coreconfigitem(
1130 1127 b'server', b'concurrent-push-mode', default=b'check-related',
1131 1128 )
1132 1129 coreconfigitem(
1133 1130 b'server', b'disablefullbundle', default=False,
1134 1131 )
1135 1132 coreconfigitem(
1136 1133 b'server', b'maxhttpheaderlen', default=1024,
1137 1134 )
1138 1135 coreconfigitem(
1139 1136 b'server', b'pullbundle', default=False,
1140 1137 )
1141 1138 coreconfigitem(
1142 1139 b'server', b'preferuncompressed', default=False,
1143 1140 )
1144 1141 coreconfigitem(
1145 1142 b'server', b'streamunbundle', default=False,
1146 1143 )
1147 1144 coreconfigitem(
1148 1145 b'server', b'uncompressed', default=True,
1149 1146 )
1150 1147 coreconfigitem(
1151 1148 b'server', b'uncompressedallowsecret', default=False,
1152 1149 )
1153 1150 coreconfigitem(
1154 1151 b'server', b'view', default=b'served',
1155 1152 )
1156 1153 coreconfigitem(
1157 1154 b'server', b'validate', default=False,
1158 1155 )
1159 1156 coreconfigitem(
1160 1157 b'server', b'zliblevel', default=-1,
1161 1158 )
1162 1159 coreconfigitem(
1163 1160 b'server', b'zstdlevel', default=3,
1164 1161 )
1165 1162 coreconfigitem(
1166 1163 b'share', b'pool', default=None,
1167 1164 )
1168 1165 coreconfigitem(
1169 1166 b'share', b'poolnaming', default=b'identity',
1170 1167 )
1171 1168 coreconfigitem(
1172 1169 b'shelve', b'maxbackups', default=10,
1173 1170 )
1174 1171 coreconfigitem(
1175 1172 b'smtp', b'host', default=None,
1176 1173 )
1177 1174 coreconfigitem(
1178 1175 b'smtp', b'local_hostname', default=None,
1179 1176 )
1180 1177 coreconfigitem(
1181 1178 b'smtp', b'password', default=None,
1182 1179 )
1183 1180 coreconfigitem(
1184 1181 b'smtp', b'port', default=dynamicdefault,
1185 1182 )
1186 1183 coreconfigitem(
1187 1184 b'smtp', b'tls', default=b'none',
1188 1185 )
1189 1186 coreconfigitem(
1190 1187 b'smtp', b'username', default=None,
1191 1188 )
1192 1189 coreconfigitem(
1193 1190 b'sparse', b'missingwarning', default=True, experimental=True,
1194 1191 )
1195 1192 coreconfigitem(
1196 1193 b'subrepos',
1197 1194 b'allowed',
1198 1195 default=dynamicdefault, # to make backporting simpler
1199 1196 )
1200 1197 coreconfigitem(
1201 1198 b'subrepos', b'hg:allowed', default=dynamicdefault,
1202 1199 )
1203 1200 coreconfigitem(
1204 1201 b'subrepos', b'git:allowed', default=dynamicdefault,
1205 1202 )
1206 1203 coreconfigitem(
1207 1204 b'subrepos', b'svn:allowed', default=dynamicdefault,
1208 1205 )
1209 1206 coreconfigitem(
1210 1207 b'templates', b'.*', default=None, generic=True,
1211 1208 )
1212 1209 coreconfigitem(
1213 1210 b'templateconfig', b'.*', default=dynamicdefault, generic=True,
1214 1211 )
1215 1212 coreconfigitem(
1216 1213 b'trusted', b'groups', default=list,
1217 1214 )
1218 1215 coreconfigitem(
1219 1216 b'trusted', b'users', default=list,
1220 1217 )
1221 1218 coreconfigitem(
1222 1219 b'ui', b'_usedassubrepo', default=False,
1223 1220 )
1224 1221 coreconfigitem(
1225 1222 b'ui', b'allowemptycommit', default=False,
1226 1223 )
1227 1224 coreconfigitem(
1228 1225 b'ui', b'archivemeta', default=True,
1229 1226 )
1230 1227 coreconfigitem(
1231 1228 b'ui', b'askusername', default=False,
1232 1229 )
1233 1230 coreconfigitem(
1234 1231 b'ui', b'clonebundlefallback', default=False,
1235 1232 )
1236 1233 coreconfigitem(
1237 1234 b'ui', b'clonebundleprefers', default=list,
1238 1235 )
1239 1236 coreconfigitem(
1240 1237 b'ui', b'clonebundles', default=True,
1241 1238 )
1242 1239 coreconfigitem(
1243 1240 b'ui', b'color', default=b'auto',
1244 1241 )
1245 1242 coreconfigitem(
1246 1243 b'ui', b'commitsubrepos', default=False,
1247 1244 )
1248 1245 coreconfigitem(
1249 1246 b'ui', b'debug', default=False,
1250 1247 )
1251 1248 coreconfigitem(
1252 1249 b'ui', b'debugger', default=None,
1253 1250 )
1254 1251 coreconfigitem(
1255 1252 b'ui', b'editor', default=dynamicdefault,
1256 1253 )
1257 1254 coreconfigitem(
1258 1255 b'ui', b'fallbackencoding', default=None,
1259 1256 )
1260 1257 coreconfigitem(
1261 1258 b'ui', b'forcecwd', default=None,
1262 1259 )
1263 1260 coreconfigitem(
1264 1261 b'ui', b'forcemerge', default=None,
1265 1262 )
1266 1263 coreconfigitem(
1267 1264 b'ui', b'formatdebug', default=False,
1268 1265 )
1269 1266 coreconfigitem(
1270 1267 b'ui', b'formatjson', default=False,
1271 1268 )
1272 1269 coreconfigitem(
1273 1270 b'ui', b'formatted', default=None,
1274 1271 )
1275 1272 coreconfigitem(
1276 1273 b'ui', b'graphnodetemplate', default=None,
1277 1274 )
1278 1275 coreconfigitem(
1279 1276 b'ui', b'interactive', default=None,
1280 1277 )
1281 1278 coreconfigitem(
1282 1279 b'ui', b'interface', default=None,
1283 1280 )
1284 1281 coreconfigitem(
1285 1282 b'ui', b'interface.chunkselector', default=None,
1286 1283 )
1287 1284 coreconfigitem(
1288 1285 b'ui', b'large-file-limit', default=10000000,
1289 1286 )
1290 1287 coreconfigitem(
1291 1288 b'ui', b'logblockedtimes', default=False,
1292 1289 )
1293 1290 coreconfigitem(
1294 1291 b'ui', b'logtemplate', default=None,
1295 1292 )
1296 1293 coreconfigitem(
1297 1294 b'ui', b'merge', default=None,
1298 1295 )
1299 1296 coreconfigitem(
1300 1297 b'ui', b'mergemarkers', default=b'basic',
1301 1298 )
1302 1299 coreconfigitem(
1303 1300 b'ui',
1304 1301 b'mergemarkertemplate',
1305 1302 default=(
1306 1303 b'{node|short} '
1307 1304 b'{ifeq(tags, "tip", "", '
1308 1305 b'ifeq(tags, "", "", "{tags} "))}'
1309 1306 b'{if(bookmarks, "{bookmarks} ")}'
1310 1307 b'{ifeq(branch, "default", "", "{branch} ")}'
1311 1308 b'- {author|user}: {desc|firstline}'
1312 1309 ),
1313 1310 )
1314 1311 coreconfigitem(
1315 1312 b'ui', b'message-output', default=b'stdio',
1316 1313 )
1317 1314 coreconfigitem(
1318 1315 b'ui', b'nontty', default=False,
1319 1316 )
1320 1317 coreconfigitem(
1321 1318 b'ui', b'origbackuppath', default=None,
1322 1319 )
1323 1320 coreconfigitem(
1324 1321 b'ui', b'paginate', default=True,
1325 1322 )
1326 1323 coreconfigitem(
1327 1324 b'ui', b'patch', default=None,
1328 1325 )
1329 1326 coreconfigitem(
1330 1327 b'ui', b'pre-merge-tool-output-template', default=None,
1331 1328 )
1332 1329 coreconfigitem(
1333 1330 b'ui', b'portablefilenames', default=b'warn',
1334 1331 )
1335 1332 coreconfigitem(
1336 1333 b'ui', b'promptecho', default=False,
1337 1334 )
1338 1335 coreconfigitem(
1339 1336 b'ui', b'quiet', default=False,
1340 1337 )
1341 1338 coreconfigitem(
1342 1339 b'ui', b'quietbookmarkmove', default=False,
1343 1340 )
1344 1341 coreconfigitem(
1345 1342 b'ui', b'relative-paths', default=b'legacy',
1346 1343 )
1347 1344 coreconfigitem(
1348 1345 b'ui', b'remotecmd', default=b'hg',
1349 1346 )
1350 1347 coreconfigitem(
1351 1348 b'ui', b'report_untrusted', default=True,
1352 1349 )
1353 1350 coreconfigitem(
1354 1351 b'ui', b'rollback', default=True,
1355 1352 )
1356 1353 coreconfigitem(
1357 1354 b'ui', b'signal-safe-lock', default=True,
1358 1355 )
1359 1356 coreconfigitem(
1360 1357 b'ui', b'slash', default=False,
1361 1358 )
1362 1359 coreconfigitem(
1363 1360 b'ui', b'ssh', default=b'ssh',
1364 1361 )
1365 1362 coreconfigitem(
1366 1363 b'ui', b'ssherrorhint', default=None,
1367 1364 )
1368 1365 coreconfigitem(
1369 1366 b'ui', b'statuscopies', default=False,
1370 1367 )
1371 1368 coreconfigitem(
1372 1369 b'ui', b'strict', default=False,
1373 1370 )
1374 1371 coreconfigitem(
1375 1372 b'ui', b'style', default=b'',
1376 1373 )
1377 1374 coreconfigitem(
1378 1375 b'ui', b'supportcontact', default=None,
1379 1376 )
1380 1377 coreconfigitem(
1381 1378 b'ui', b'textwidth', default=78,
1382 1379 )
1383 1380 coreconfigitem(
1384 1381 b'ui', b'timeout', default=b'600',
1385 1382 )
1386 1383 coreconfigitem(
1387 1384 b'ui', b'timeout.warn', default=0,
1388 1385 )
1389 1386 coreconfigitem(
1390 1387 b'ui', b'traceback', default=False,
1391 1388 )
1392 1389 coreconfigitem(
1393 1390 b'ui', b'tweakdefaults', default=False,
1394 1391 )
1395 1392 coreconfigitem(b'ui', b'username', alias=[(b'ui', b'user')])
1396 1393 coreconfigitem(
1397 1394 b'ui', b'verbose', default=False,
1398 1395 )
1399 1396 coreconfigitem(
1400 1397 b'verify', b'skipflags', default=None,
1401 1398 )
1402 1399 coreconfigitem(
1403 1400 b'web', b'allowbz2', default=False,
1404 1401 )
1405 1402 coreconfigitem(
1406 1403 b'web', b'allowgz', default=False,
1407 1404 )
1408 1405 coreconfigitem(
1409 1406 b'web', b'allow-pull', alias=[(b'web', b'allowpull')], default=True,
1410 1407 )
1411 1408 coreconfigitem(
1412 1409 b'web', b'allow-push', alias=[(b'web', b'allow_push')], default=list,
1413 1410 )
1414 1411 coreconfigitem(
1415 1412 b'web', b'allowzip', default=False,
1416 1413 )
1417 1414 coreconfigitem(
1418 1415 b'web', b'archivesubrepos', default=False,
1419 1416 )
1420 1417 coreconfigitem(
1421 1418 b'web', b'cache', default=True,
1422 1419 )
1423 1420 coreconfigitem(
1424 1421 b'web', b'comparisoncontext', default=5,
1425 1422 )
1426 1423 coreconfigitem(
1427 1424 b'web', b'contact', default=None,
1428 1425 )
1429 1426 coreconfigitem(
1430 1427 b'web', b'deny_push', default=list,
1431 1428 )
1432 1429 coreconfigitem(
1433 1430 b'web', b'guessmime', default=False,
1434 1431 )
1435 1432 coreconfigitem(
1436 1433 b'web', b'hidden', default=False,
1437 1434 )
1438 1435 coreconfigitem(
1439 1436 b'web', b'labels', default=list,
1440 1437 )
1441 1438 coreconfigitem(
1442 1439 b'web', b'logoimg', default=b'hglogo.png',
1443 1440 )
1444 1441 coreconfigitem(
1445 1442 b'web', b'logourl', default=b'https://mercurial-scm.org/',
1446 1443 )
1447 1444 coreconfigitem(
1448 1445 b'web', b'accesslog', default=b'-',
1449 1446 )
1450 1447 coreconfigitem(
1451 1448 b'web', b'address', default=b'',
1452 1449 )
1453 1450 coreconfigitem(
1454 1451 b'web', b'allow-archive', alias=[(b'web', b'allow_archive')], default=list,
1455 1452 )
1456 1453 coreconfigitem(
1457 1454 b'web', b'allow_read', default=list,
1458 1455 )
1459 1456 coreconfigitem(
1460 1457 b'web', b'baseurl', default=None,
1461 1458 )
1462 1459 coreconfigitem(
1463 1460 b'web', b'cacerts', default=None,
1464 1461 )
1465 1462 coreconfigitem(
1466 1463 b'web', b'certificate', default=None,
1467 1464 )
1468 1465 coreconfigitem(
1469 1466 b'web', b'collapse', default=False,
1470 1467 )
1471 1468 coreconfigitem(
1472 1469 b'web', b'csp', default=None,
1473 1470 )
1474 1471 coreconfigitem(
1475 1472 b'web', b'deny_read', default=list,
1476 1473 )
1477 1474 coreconfigitem(
1478 1475 b'web', b'descend', default=True,
1479 1476 )
1480 1477 coreconfigitem(
1481 1478 b'web', b'description', default=b"",
1482 1479 )
1483 1480 coreconfigitem(
1484 1481 b'web', b'encoding', default=lambda: encoding.encoding,
1485 1482 )
1486 1483 coreconfigitem(
1487 1484 b'web', b'errorlog', default=b'-',
1488 1485 )
1489 1486 coreconfigitem(
1490 1487 b'web', b'ipv6', default=False,
1491 1488 )
1492 1489 coreconfigitem(
1493 1490 b'web', b'maxchanges', default=10,
1494 1491 )
1495 1492 coreconfigitem(
1496 1493 b'web', b'maxfiles', default=10,
1497 1494 )
1498 1495 coreconfigitem(
1499 1496 b'web', b'maxshortchanges', default=60,
1500 1497 )
1501 1498 coreconfigitem(
1502 1499 b'web', b'motd', default=b'',
1503 1500 )
1504 1501 coreconfigitem(
1505 1502 b'web', b'name', default=dynamicdefault,
1506 1503 )
1507 1504 coreconfigitem(
1508 1505 b'web', b'port', default=8000,
1509 1506 )
1510 1507 coreconfigitem(
1511 1508 b'web', b'prefix', default=b'',
1512 1509 )
1513 1510 coreconfigitem(
1514 1511 b'web', b'push_ssl', default=True,
1515 1512 )
1516 1513 coreconfigitem(
1517 1514 b'web', b'refreshinterval', default=20,
1518 1515 )
1519 1516 coreconfigitem(
1520 1517 b'web', b'server-header', default=None,
1521 1518 )
1522 1519 coreconfigitem(
1523 1520 b'web', b'static', default=None,
1524 1521 )
1525 1522 coreconfigitem(
1526 1523 b'web', b'staticurl', default=None,
1527 1524 )
1528 1525 coreconfigitem(
1529 1526 b'web', b'stripes', default=1,
1530 1527 )
1531 1528 coreconfigitem(
1532 1529 b'web', b'style', default=b'paper',
1533 1530 )
1534 1531 coreconfigitem(
1535 1532 b'web', b'templates', default=None,
1536 1533 )
1537 1534 coreconfigitem(
1538 1535 b'web', b'view', default=b'served', experimental=True,
1539 1536 )
1540 1537 coreconfigitem(
1541 1538 b'worker', b'backgroundclose', default=dynamicdefault,
1542 1539 )
1543 1540 # Windows defaults to a limit of 512 open files. A buffer of 128
1544 1541 # should give us enough headway.
1545 1542 coreconfigitem(
1546 1543 b'worker', b'backgroundclosemaxqueue', default=384,
1547 1544 )
1548 1545 coreconfigitem(
1549 1546 b'worker', b'backgroundcloseminfilecount', default=2048,
1550 1547 )
1551 1548 coreconfigitem(
1552 1549 b'worker', b'backgroundclosethreadcount', default=4,
1553 1550 )
1554 1551 coreconfigitem(
1555 1552 b'worker', b'enabled', default=True,
1556 1553 )
1557 1554 coreconfigitem(
1558 1555 b'worker', b'numcpus', default=None,
1559 1556 )
1560 1557
1561 1558 # Rebase related configuration moved to core because other extension are doing
1562 1559 # strange things. For example, shelve import the extensions to reuse some bit
1563 1560 # without formally loading it.
1564 1561 coreconfigitem(
1565 1562 b'commands', b'rebase.requiredest', default=False,
1566 1563 )
1567 1564 coreconfigitem(
1568 1565 b'experimental', b'rebaseskipobsolete', default=True,
1569 1566 )
1570 1567 coreconfigitem(
1571 1568 b'rebase', b'singletransaction', default=False,
1572 1569 )
1573 1570 coreconfigitem(
1574 1571 b'rebase', b'experimental.inmemory', default=False,
1575 1572 )
Show file before | Show file after | Hide comments
@@ -1,560 +1,554 b''
1 1 #require serve ssl
2 2
3 3 Proper https client requires the built-in ssl from Python 2.6.
4 4
5 5 Disable the system configuration which may set stricter TLS requirements.
6 6 This test expects that legacy TLS versions are supported.
7 7
8 8 $ OPENSSL_CONF=
9 9 $ export OPENSSL_CONF
10 10
11 11 Make server certificates:
12 12
13 13 $ CERTSDIR="$TESTDIR/sslcerts"
14 14 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem
15 15 $ PRIV=`pwd`/server.pem
16 16 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-not-yet.pem" > server-not-yet.pem
17 17 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-expired.pem" > server-expired.pem
18 18
19 19 $ hg init test
20 20 $ cd test
21 21 $ echo foo>foo
22 22 $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg
23 23 $ echo foo>foo.d/foo
24 24 $ echo bar>foo.d/bAr.hg.d/BaR
25 25 $ echo bar>foo.d/baR.d.hg/bAR
26 26 $ hg commit -A -m 1
27 27 adding foo
28 28 adding foo.d/bAr.hg.d/BaR
29 29 adding foo.d/baR.d.hg/bAR
30 30 adding foo.d/foo
31 31 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV
32 32 $ cat ../hg0.pid >> $DAEMON_PIDS
33 33
34 34 cacert not found
35 35
36 36 $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/
37 37 abort: could not find web.cacerts: no-such.pem
38 38 [255]
39 39
40 40 Test server address cannot be reused
41 41
42 42 $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
43 43 abort: cannot start server at 'localhost:$HGPORT': $EADDRINUSE$
44 44 [255]
45 45
46 46 $ cd ..
47 47
48 48 Our test cert is not signed by a trusted CA. It should fail to verify if
49 49 we are able to load CA certs.
50 50
51 51 #if no-defaultcacertsloaded
52 52 $ hg clone https://localhost:$HGPORT/ copy-pull
53 53 (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
54 54 abort: error: *certificate verify failed* (glob)
55 55 [255]
56 56 #endif
57 57
58 58 #if defaultcacertsloaded
59 59 $ hg clone https://localhost:$HGPORT/ copy-pull
60 60 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
61 61 abort: error: *certificate verify failed* (glob)
62 62 [255]
63 63 #endif
64 64
65 65 Specifying a per-host certificate file that doesn't exist will abort. The full
66 66 C:/path/to/msysroot will print on Windows.
67 67
68 68 $ hg --config hostsecurity.localhost:verifycertsfile=/does/not/exist clone https://localhost:$HGPORT/
69 69 abort: path specified by hostsecurity.localhost:verifycertsfile does not exist: */does/not/exist (glob)
70 70 [255]
71 71
72 72 A malformed per-host certificate file will raise an error
73 73
74 74 $ echo baddata > badca.pem
75 75 $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/
76 76 abort: error loading CA file badca.pem: * (glob)
77 77 (file is empty or malformed?)
78 78 [255]
79 79
80 80 A per-host certificate mismatching the server will fail verification
81 81
82 82 (modern ssl is able to discern whether the loaded cert is a CA cert)
83 83 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
84 84 (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
85 85 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
86 86 abort: error: *certificate verify failed* (glob)
87 87 [255]
88 88
89 89 A per-host certificate matching the server's cert will be accepted
90 90
91 91 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" clone -U https://localhost:$HGPORT/ perhostgood1
92 92 requesting all changes
93 93 adding changesets
94 94 adding manifests
95 95 adding file changes
96 96 added 1 changesets with 4 changes to 4 files
97 97 new changesets 8b6053c928fe
98 98
99 99 A per-host certificate with multiple certs and one matching will be accepted
100 100
101 101 $ cat "$CERTSDIR/client-cert.pem" "$CERTSDIR/pub.pem" > perhost.pem
102 102 $ hg --config hostsecurity.localhost:verifycertsfile=perhost.pem clone -U https://localhost:$HGPORT/ perhostgood2
103 103 requesting all changes
104 104 adding changesets
105 105 adding manifests
106 106 adding file changes
107 107 added 1 changesets with 4 changes to 4 files
108 108 new changesets 8b6053c928fe
109 109
110 110 Defining both per-host certificate and a fingerprint will print a warning
111 111
112 112 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 clone -U https://localhost:$HGPORT/ caandfingerwarning
113 113 (hostsecurity.localhost:verifycertsfile ignored when host fingerprints defined; using host fingerprints for verification)
114 114 requesting all changes
115 115 adding changesets
116 116 adding manifests
117 117 adding file changes
118 118 added 1 changesets with 4 changes to 4 files
119 119 new changesets 8b6053c928fe
120 120
121 121 $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
122 122
123 123 Inability to verify peer certificate will result in abort
124 124
125 125 $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS
126 126 abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
127 127 (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
128 128 [255]
129 129
130 130 $ hg clone --insecure https://localhost:$HGPORT/ copy-pull
131 131 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
132 132 requesting all changes
133 133 adding changesets
134 134 adding manifests
135 135 adding file changes
136 136 added 1 changesets with 4 changes to 4 files
137 137 new changesets 8b6053c928fe
138 138 updating to branch default
139 139 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
140 140 $ hg verify -R copy-pull
141 141 checking changesets
142 142 checking manifests
143 143 crosschecking files in changesets and manifests
144 144 checking files
145 145 checked 1 changesets with 4 changes to 4 files
146 146 $ cd test
147 147 $ echo bar > bar
148 148 $ hg commit -A -d '1 0' -m 2
149 149 adding bar
150 150 $ cd ..
151 151
152 152 pull without cacert
153 153
154 154 $ cd copy-pull
155 155 $ cat >> .hg/hgrc <<EOF
156 156 > [hooks]
157 157 > changegroup = sh -c "printenv.py --line changegroup"
158 158 > EOF
159 159 $ hg pull $DISABLECACERTS
160 160 pulling from https://localhost:$HGPORT/
161 161 abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
162 162 (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
163 163 [255]
164 164
165 165 $ hg pull --insecure
166 166 pulling from https://localhost:$HGPORT/
167 167 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
168 168 searching for changes
169 169 adding changesets
170 170 adding manifests
171 171 adding file changes
172 172 added 1 changesets with 1 changes to 1 files
173 173 new changesets 5fed3813f7f5
174 174 changegroup hook: HG_HOOKNAME=changegroup
175 175 HG_HOOKTYPE=changegroup
176 176 HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d
177 177 HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d
178 178 HG_SOURCE=pull
179 179 HG_TXNID=TXN:$ID$
180 180 HG_TXNNAME=pull
181 181 https://localhost:$HGPORT/
182 182 HG_URL=https://localhost:$HGPORT/
183 183
184 184 (run 'hg update' to get a working copy)
185 185 $ cd ..
186 186
187 187 cacert configured in local repo
188 188
189 189 $ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu
190 190 $ echo "[web]" >> copy-pull/.hg/hgrc
191 191 $ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc
192 192 $ hg -R copy-pull pull
193 193 pulling from https://localhost:$HGPORT/
194 194 searching for changes
195 195 no changes found
196 196 $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc
197 197
198 198 cacert configured globally, also testing expansion of environment
199 199 variables in the filename
200 200
201 201 $ echo "[web]" >> $HGRCPATH
202 202 $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH
203 203 $ P="$CERTSDIR" hg -R copy-pull pull
204 204 pulling from https://localhost:$HGPORT/
205 205 searching for changes
206 206 no changes found
207 207 $ P="$CERTSDIR" hg -R copy-pull pull --insecure
208 208 pulling from https://localhost:$HGPORT/
209 209 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
210 210 searching for changes
211 211 no changes found
212 212
213 213 empty cacert file
214 214
215 215 $ touch emptycafile
216 216
217 217 $ hg --config web.cacerts=emptycafile -R copy-pull pull
218 218 pulling from https://localhost:$HGPORT/
219 219 abort: error loading CA file emptycafile: * (glob)
220 220 (file is empty or malformed?)
221 221 [255]
222 222
223 223 cacert mismatch
224 224
225 225 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
226 226 > https://$LOCALIP:$HGPORT/
227 227 pulling from https://*:$HGPORT/ (glob)
228 228 abort: $LOCALIP certificate error: certificate is for localhost (glob)
229 229 (set hostsecurity.$LOCALIP:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely)
230 230 [255]
231 231 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
232 232 > https://$LOCALIP:$HGPORT/ --insecure
233 233 pulling from https://*:$HGPORT/ (glob)
234 234 warning: connection security to $LOCALIP is disabled per current settings; communication is susceptible to eavesdropping and tampering (glob)
235 235 searching for changes
236 236 no changes found
237 237 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem"
238 238 pulling from https://localhost:$HGPORT/
239 239 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
240 240 abort: error: *certificate verify failed* (glob)
241 241 [255]
242 242 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \
243 243 > --insecure
244 244 pulling from https://localhost:$HGPORT/
245 245 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
246 246 searching for changes
247 247 no changes found
248 248
249 249 Test server cert which isn't valid yet
250 250
251 251 $ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem
252 252 $ cat hg1.pid >> $DAEMON_PIDS
253 253 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \
254 254 > https://localhost:$HGPORT1/
255 255 pulling from https://localhost:$HGPORT1/
256 256 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
257 257 abort: error: *certificate verify failed* (glob)
258 258 [255]
259 259
260 260 Test server cert which no longer is valid
261 261
262 262 $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
263 263 $ cat hg2.pid >> $DAEMON_PIDS
264 264 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \
265 265 > https://localhost:$HGPORT2/
266 266 pulling from https://localhost:$HGPORT2/
267 267 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
268 268 abort: error: *certificate verify failed* (glob)
269 269 [255]
270 270
271 Disabling the TLS 1.0 warning works
272 $ hg -R copy-pull id https://localhost:$HGPORT/ \
273 > --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 \
274 > --config hostsecurity.disabletls10warning=true
275 5fed3813f7f5
276
277 271 Setting ciphers to an invalid value aborts
278 272 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
279 273 abort: could not set ciphers: No cipher can be selected.
280 274 (change cipher string (invalid) in config)
281 275 [255]
282 276
283 277 $ P="$CERTSDIR" hg --config hostsecurity.localhost:ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
284 278 abort: could not set ciphers: No cipher can be selected.
285 279 (change cipher string (invalid) in config)
286 280 [255]
287 281
288 282 Changing the cipher string works
289 283
290 284 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/
291 285 5fed3813f7f5
292 286
293 287 Fingerprints
294 288
295 289 - works without cacerts (hostfingerprints)
296 290 $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
297 291 (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
298 292 5fed3813f7f5
299 293
300 294 - works without cacerts (hostsecurity)
301 295 $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
302 296 5fed3813f7f5
303 297
304 298 $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e
305 299 5fed3813f7f5
306 300
307 301 - multiple fingerprints specified and first matches
308 302 $ hg --config 'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
309 303 (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
310 304 5fed3813f7f5
311 305
312 306 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
313 307 5fed3813f7f5
314 308
315 309 - multiple fingerprints specified and last matches
316 310 $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ --insecure
317 311 (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
318 312 5fed3813f7f5
319 313
320 314 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/
321 315 5fed3813f7f5
322 316
323 317 - multiple fingerprints specified and none match
324 318
325 319 $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
326 320 abort: certificate for localhost has unexpected fingerprint ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
327 321 (check hostfingerprint configuration)
328 322 [255]
329 323
330 324 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
331 325 abort: certificate for localhost has unexpected fingerprint sha1:ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
332 326 (check hostsecurity configuration)
333 327 [255]
334 328
335 329 - fails when cert doesn't match hostname (port is ignored)
336 330 $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
337 331 abort: certificate for localhost has unexpected fingerprint f4:2f:5a:0c:3e:52:5b:db:e7:24:a8:32:1d:18:97:6d:69:b5:87:84
338 332 (check hostfingerprint configuration)
339 333 [255]
340 334
341 335
342 336 - ignores that certificate doesn't match hostname
343 337 $ hg -R copy-pull id https://$LOCALIP:$HGPORT/ --config hostfingerprints.$LOCALIP=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
344 338 (SHA-1 fingerprint for $LOCALIP found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: $LOCALIP:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
345 339 5fed3813f7f5
346 340
347 341 Ports used by next test. Kill servers.
348 342
349 343 $ killdaemons.py hg0.pid
350 344 $ killdaemons.py hg1.pid
351 345 $ killdaemons.py hg2.pid
352 346
353 347 #if tls1.2
354 348 Start servers running supported TLS versions
355 349
356 350 $ cd test
357 351 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
358 352 > --config devel.serverexactprotocol=tls1.0
359 353 $ cat ../hg0.pid >> $DAEMON_PIDS
360 354 $ hg serve -p $HGPORT1 -d --pid-file=../hg1.pid --certificate=$PRIV \
361 355 > --config devel.serverexactprotocol=tls1.1
362 356 $ cat ../hg1.pid >> $DAEMON_PIDS
363 357 $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \
364 358 > --config devel.serverexactprotocol=tls1.2
365 359 $ cat ../hg2.pid >> $DAEMON_PIDS
366 360 $ cd ..
367 361
368 362 Clients talking same TLS versions work
369 363
370 364 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 id https://localhost:$HGPORT/
371 365 5fed3813f7f5
372 366 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT1/
373 367 5fed3813f7f5
374 368 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/
375 369 5fed3813f7f5
376 370
377 371 Clients requiring newer TLS version than what server supports fail
378 372
379 373 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
380 374 (could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
381 375 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
382 376 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
383 377 abort: error: .*(unsupported protocol|wrong ssl version).* (re)
384 378 [255]
385 379
386 380 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT/
387 381 (could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
388 382 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
389 383 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
390 384 abort: error: .*(unsupported protocol|wrong ssl version).* (re)
391 385 [255]
392 386 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT/
393 387 (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
394 388 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
395 389 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
396 390 abort: error: .*(unsupported protocol|wrong ssl version).* (re)
397 391 [255]
398 392 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT1/
399 393 (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
400 394 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
401 395 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
402 396 abort: error: .*(unsupported protocol|wrong ssl version).* (re)
403 397 [255]
404 398
405 399 --insecure will allow TLS 1.0 connections and override configs
406 400
407 401 $ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure https://localhost:$HGPORT1/
408 402 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
409 403 5fed3813f7f5
410 404
411 405 The per-host config option overrides the default
412 406
413 407 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
414 408 > --config hostsecurity.minimumprotocol=tls1.2 \
415 409 > --config hostsecurity.localhost:minimumprotocol=tls1.0
416 410 5fed3813f7f5
417 411
418 412 The per-host config option by itself works
419 413
420 414 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
421 415 > --config hostsecurity.localhost:minimumprotocol=tls1.2
422 416 (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
423 417 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
424 418 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
425 419 abort: error: .*(unsupported protocol|wrong ssl version).* (re)
426 420 [255]
427 421
428 422 .hg/hgrc file [hostsecurity] settings are applied to remote ui instances (issue5305)
429 423
430 424 $ cat >> copy-pull/.hg/hgrc << EOF
431 425 > [hostsecurity]
432 426 > localhost:minimumprotocol=tls1.2
433 427 > EOF
434 428 $ P="$CERTSDIR" hg -R copy-pull id https://localhost:$HGPORT/
435 429 (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
436 430 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
437 431 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
438 432 abort: error: .*(unsupported protocol|wrong ssl version).* (re)
439 433 [255]
440 434
441 435 $ killdaemons.py hg0.pid
442 436 $ killdaemons.py hg1.pid
443 437 $ killdaemons.py hg2.pid
444 438 #endif
445 439
446 440 Prepare for connecting through proxy
447 441
448 442 $ hg serve -R test -p $HGPORT -d --pid-file=hg0.pid --certificate=$PRIV
449 443 $ cat hg0.pid >> $DAEMON_PIDS
450 444 $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
451 445 $ cat hg2.pid >> $DAEMON_PIDS
452 446 tinyproxy.py doesn't fully detach, so killing it may result in extra output
453 447 from the shell. So don't kill it.
454 448 $ tinyproxy.py $HGPORT1 localhost >proxy.log </dev/null 2>&1 &
455 449 $ while [ ! -f proxy.pid ]; do sleep 0; done
456 450 $ cat proxy.pid >> $DAEMON_PIDS
457 451
458 452 $ echo "[http_proxy]" >> copy-pull/.hg/hgrc
459 453 $ echo "always=True" >> copy-pull/.hg/hgrc
460 454 $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc
461 455 $ echo "localhost =" >> copy-pull/.hg/hgrc
462 456
463 457 Test unvalidated https through proxy
464 458
465 459 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure
466 460 pulling from https://localhost:$HGPORT/
467 461 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
468 462 searching for changes
469 463 no changes found
470 464
471 465 Test https with cacert and fingerprint through proxy
472 466
473 467 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
474 468 > --config web.cacerts="$CERTSDIR/pub.pem"
475 469 pulling from https://localhost:$HGPORT/
476 470 searching for changes
477 471 no changes found
478 472 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://localhost:$HGPORT/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 --trace
479 473 pulling from https://*:$HGPORT/ (glob)
480 474 (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
481 475 searching for changes
482 476 no changes found
483 477
484 478 Test https with cert problems through proxy
485 479
486 480 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
487 481 > --config web.cacerts="$CERTSDIR/pub-other.pem"
488 482 pulling from https://localhost:$HGPORT/
489 483 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
490 484 abort: error: *certificate verify failed* (glob)
491 485 [255]
492 486 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
493 487 > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/
494 488 pulling from https://localhost:$HGPORT2/
495 489 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
496 490 abort: error: *certificate verify failed* (glob)
497 491 [255]
498 492
499 493
500 494 $ killdaemons.py hg0.pid
501 495
502 496 $ cd test
503 497
504 498 Missing certificate file(s) are detected
505 499
506 500 $ hg serve -p $HGPORT --certificate=/missing/certificate \
507 501 > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true
508 502 abort: referenced certificate file (*/missing/certificate) does not exist (glob)
509 503 [255]
510 504
511 505 $ hg serve -p $HGPORT --certificate=$PRIV \
512 506 > --config devel.servercafile=/missing/cafile --config devel.serverrequirecert=true
513 507 abort: referenced certificate file (*/missing/cafile) does not exist (glob)
514 508 [255]
515 509
516 510 Start hgweb that requires client certificates:
517 511
518 512 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
519 513 > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true
520 514 $ cat ../hg0.pid >> $DAEMON_PIDS
521 515 $ cd ..
522 516
523 517 without client certificate:
524 518
525 519 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
526 520 abort: error: .*(\$ECONNRESET\$|certificate required|handshake failure).* (re)
527 521 [255]
528 522
529 523 with client certificate:
530 524
531 525 $ cat << EOT >> $HGRCPATH
532 526 > [auth]
533 527 > l.prefix = localhost
534 528 > l.cert = $CERTSDIR/client-cert.pem
535 529 > l.key = $CERTSDIR/client-key.pem
536 530 > EOT
537 531
538 532 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
539 533 > --config auth.l.key="$CERTSDIR/client-key-decrypted.pem"
540 534 5fed3813f7f5
541 535
542 536 $ printf '1234\n' | env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
543 537 > --config ui.interactive=True --config ui.nontty=True
544 538 passphrase for */client-key.pem: 5fed3813f7f5 (glob)
545 539
546 540 $ env P="$CERTSDIR" hg id https://localhost:$HGPORT/
547 541 abort: error: * (glob)
548 542 [255]
549 543
550 544 Missing certficate and key files result in error
551 545
552 546 $ hg id https://localhost:$HGPORT/ --config auth.l.cert=/missing/cert
553 547 abort: certificate file (*/missing/cert) does not exist; cannot connect to localhost (glob)
554 548 (restore missing file or fix references in Mercurial config)
555 549 [255]
556 550
557 551 $ hg id https://localhost:$HGPORT/ --config auth.l.key=/missing/key
558 552 abort: certificate file (*/missing/key) does not exist; cannot connect to localhost (glob)
559 553 (restore missing file or fix references in Mercurial config)
560 554 [255]
General Comments 0
You need to be logged in to leave comments. Login now