##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

config: remove unused hostsecurity.disabletls10warning config
Manuel Jacob -
r45432:4dcb2791 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,1575 +1,1572 b''
1 # configitems.py - centralized declaration of configuration option
1 # configitems.py - centralized declaration of configuration option
2 #
2 #
3 # Copyright 2017 Pierre-Yves David <pierre-yves.david@octobus.net>
3 # Copyright 2017 Pierre-Yves David <pierre-yves.david@octobus.net>
4 #
4 #
5 # This software may be used and distributed according to the terms of the
5 # This software may be used and distributed according to the terms of the
6 # GNU General Public License version 2 or any later version.
6 # GNU General Public License version 2 or any later version.
7
7
8 from __future__ import absolute_import
8 from __future__ import absolute_import
9
9
10 import functools
10 import functools
11 import re
11 import re
12
12
13 from . import (
13 from . import (
14 encoding,
14 encoding,
15 error,
15 error,
16 )
16 )
17
17
18
18
19 def loadconfigtable(ui, extname, configtable):
19 def loadconfigtable(ui, extname, configtable):
20 """update config item known to the ui with the extension ones"""
20 """update config item known to the ui with the extension ones"""
21 for section, items in sorted(configtable.items()):
21 for section, items in sorted(configtable.items()):
22 knownitems = ui._knownconfig.setdefault(section, itemregister())
22 knownitems = ui._knownconfig.setdefault(section, itemregister())
23 knownkeys = set(knownitems)
23 knownkeys = set(knownitems)
24 newkeys = set(items)
24 newkeys = set(items)
25 for key in sorted(knownkeys & newkeys):
25 for key in sorted(knownkeys & newkeys):
26 msg = b"extension '%s' overwrite config item '%s.%s'"
26 msg = b"extension '%s' overwrite config item '%s.%s'"
27 msg %= (extname, section, key)
27 msg %= (extname, section, key)
28 ui.develwarn(msg, config=b'warn-config')
28 ui.develwarn(msg, config=b'warn-config')
29
29
30 knownitems.update(items)
30 knownitems.update(items)
31
31
32
32
33 class configitem(object):
33 class configitem(object):
34 """represent a known config item
34 """represent a known config item
35
35
36 :section: the official config section where to find this item,
36 :section: the official config section where to find this item,
37 :name: the official name within the section,
37 :name: the official name within the section,
38 :default: default value for this item,
38 :default: default value for this item,
39 :alias: optional list of tuples as alternatives,
39 :alias: optional list of tuples as alternatives,
40 :generic: this is a generic definition, match name using regular expression.
40 :generic: this is a generic definition, match name using regular expression.
41 """
41 """
42
42
43 def __init__(
43 def __init__(
44 self,
44 self,
45 section,
45 section,
46 name,
46 name,
47 default=None,
47 default=None,
48 alias=(),
48 alias=(),
49 generic=False,
49 generic=False,
50 priority=0,
50 priority=0,
51 experimental=False,
51 experimental=False,
52 ):
52 ):
53 self.section = section
53 self.section = section
54 self.name = name
54 self.name = name
55 self.default = default
55 self.default = default
56 self.alias = list(alias)
56 self.alias = list(alias)
57 self.generic = generic
57 self.generic = generic
58 self.priority = priority
58 self.priority = priority
59 self.experimental = experimental
59 self.experimental = experimental
60 self._re = None
60 self._re = None
61 if generic:
61 if generic:
62 self._re = re.compile(self.name)
62 self._re = re.compile(self.name)
63
63
64
64
65 class itemregister(dict):
65 class itemregister(dict):
66 """A specialized dictionary that can handle wild-card selection"""
66 """A specialized dictionary that can handle wild-card selection"""
67
67
68 def __init__(self):
68 def __init__(self):
69 super(itemregister, self).__init__()
69 super(itemregister, self).__init__()
70 self._generics = set()
70 self._generics = set()
71
71
72 def update(self, other):
72 def update(self, other):
73 super(itemregister, self).update(other)
73 super(itemregister, self).update(other)
74 self._generics.update(other._generics)
74 self._generics.update(other._generics)
75
75
76 def __setitem__(self, key, item):
76 def __setitem__(self, key, item):
77 super(itemregister, self).__setitem__(key, item)
77 super(itemregister, self).__setitem__(key, item)
78 if item.generic:
78 if item.generic:
79 self._generics.add(item)
79 self._generics.add(item)
80
80
81 def get(self, key):
81 def get(self, key):
82 baseitem = super(itemregister, self).get(key)
82 baseitem = super(itemregister, self).get(key)
83 if baseitem is not None and not baseitem.generic:
83 if baseitem is not None and not baseitem.generic:
84 return baseitem
84 return baseitem
85
85
86 # search for a matching generic item
86 # search for a matching generic item
87 generics = sorted(self._generics, key=(lambda x: (x.priority, x.name)))
87 generics = sorted(self._generics, key=(lambda x: (x.priority, x.name)))
88 for item in generics:
88 for item in generics:
89 # we use 'match' instead of 'search' to make the matching simpler
89 # we use 'match' instead of 'search' to make the matching simpler
90 # for people unfamiliar with regular expression. Having the match
90 # for people unfamiliar with regular expression. Having the match
91 # rooted to the start of the string will produce less surprising
91 # rooted to the start of the string will produce less surprising
92 # result for user writing simple regex for sub-attribute.
92 # result for user writing simple regex for sub-attribute.
93 #
93 #
94 # For example using "color\..*" match produces an unsurprising
94 # For example using "color\..*" match produces an unsurprising
95 # result, while using search could suddenly match apparently
95 # result, while using search could suddenly match apparently
96 # unrelated configuration that happens to contains "color."
96 # unrelated configuration that happens to contains "color."
97 # anywhere. This is a tradeoff where we favor requiring ".*" on
97 # anywhere. This is a tradeoff where we favor requiring ".*" on
98 # some match to avoid the need to prefix most pattern with "^".
98 # some match to avoid the need to prefix most pattern with "^".
99 # The "^" seems more error prone.
99 # The "^" seems more error prone.
100 if item._re.match(key):
100 if item._re.match(key):
101 return item
101 return item
102
102
103 return None
103 return None
104
104
105
105
106 coreitems = {}
106 coreitems = {}
107
107
108
108
109 def _register(configtable, *args, **kwargs):
109 def _register(configtable, *args, **kwargs):
110 item = configitem(*args, **kwargs)
110 item = configitem(*args, **kwargs)
111 section = configtable.setdefault(item.section, itemregister())
111 section = configtable.setdefault(item.section, itemregister())
112 if item.name in section:
112 if item.name in section:
113 msg = b"duplicated config item registration for '%s.%s'"
113 msg = b"duplicated config item registration for '%s.%s'"
114 raise error.ProgrammingError(msg % (item.section, item.name))
114 raise error.ProgrammingError(msg % (item.section, item.name))
115 section[item.name] = item
115 section[item.name] = item
116
116
117
117
118 # special value for case where the default is derived from other values
118 # special value for case where the default is derived from other values
119 dynamicdefault = object()
119 dynamicdefault = object()
120
120
121 # Registering actual config items
121 # Registering actual config items
122
122
123
123
124 def getitemregister(configtable):
124 def getitemregister(configtable):
125 f = functools.partial(_register, configtable)
125 f = functools.partial(_register, configtable)
126 # export pseudo enum as configitem.*
126 # export pseudo enum as configitem.*
127 f.dynamicdefault = dynamicdefault
127 f.dynamicdefault = dynamicdefault
128 return f
128 return f
129
129
130
130
131 coreconfigitem = getitemregister(coreitems)
131 coreconfigitem = getitemregister(coreitems)
132
132
133
133
134 def _registerdiffopts(section, configprefix=b''):
134 def _registerdiffopts(section, configprefix=b''):
135 coreconfigitem(
135 coreconfigitem(
136 section, configprefix + b'nodates', default=False,
136 section, configprefix + b'nodates', default=False,
137 )
137 )
138 coreconfigitem(
138 coreconfigitem(
139 section, configprefix + b'showfunc', default=False,
139 section, configprefix + b'showfunc', default=False,
140 )
140 )
141 coreconfigitem(
141 coreconfigitem(
142 section, configprefix + b'unified', default=None,
142 section, configprefix + b'unified', default=None,
143 )
143 )
144 coreconfigitem(
144 coreconfigitem(
145 section, configprefix + b'git', default=False,
145 section, configprefix + b'git', default=False,
146 )
146 )
147 coreconfigitem(
147 coreconfigitem(
148 section, configprefix + b'ignorews', default=False,
148 section, configprefix + b'ignorews', default=False,
149 )
149 )
150 coreconfigitem(
150 coreconfigitem(
151 section, configprefix + b'ignorewsamount', default=False,
151 section, configprefix + b'ignorewsamount', default=False,
152 )
152 )
153 coreconfigitem(
153 coreconfigitem(
154 section, configprefix + b'ignoreblanklines', default=False,
154 section, configprefix + b'ignoreblanklines', default=False,
155 )
155 )
156 coreconfigitem(
156 coreconfigitem(
157 section, configprefix + b'ignorewseol', default=False,
157 section, configprefix + b'ignorewseol', default=False,
158 )
158 )
159 coreconfigitem(
159 coreconfigitem(
160 section, configprefix + b'nobinary', default=False,
160 section, configprefix + b'nobinary', default=False,
161 )
161 )
162 coreconfigitem(
162 coreconfigitem(
163 section, configprefix + b'noprefix', default=False,
163 section, configprefix + b'noprefix', default=False,
164 )
164 )
165 coreconfigitem(
165 coreconfigitem(
166 section, configprefix + b'word-diff', default=False,
166 section, configprefix + b'word-diff', default=False,
167 )
167 )
168
168
169
169
170 coreconfigitem(
170 coreconfigitem(
171 b'alias', b'.*', default=dynamicdefault, generic=True,
171 b'alias', b'.*', default=dynamicdefault, generic=True,
172 )
172 )
173 coreconfigitem(
173 coreconfigitem(
174 b'auth', b'cookiefile', default=None,
174 b'auth', b'cookiefile', default=None,
175 )
175 )
176 _registerdiffopts(section=b'annotate')
176 _registerdiffopts(section=b'annotate')
177 # bookmarks.pushing: internal hack for discovery
177 # bookmarks.pushing: internal hack for discovery
178 coreconfigitem(
178 coreconfigitem(
179 b'bookmarks', b'pushing', default=list,
179 b'bookmarks', b'pushing', default=list,
180 )
180 )
181 # bundle.mainreporoot: internal hack for bundlerepo
181 # bundle.mainreporoot: internal hack for bundlerepo
182 coreconfigitem(
182 coreconfigitem(
183 b'bundle', b'mainreporoot', default=b'',
183 b'bundle', b'mainreporoot', default=b'',
184 )
184 )
185 coreconfigitem(
185 coreconfigitem(
186 b'censor', b'policy', default=b'abort', experimental=True,
186 b'censor', b'policy', default=b'abort', experimental=True,
187 )
187 )
188 coreconfigitem(
188 coreconfigitem(
189 b'chgserver', b'idletimeout', default=3600,
189 b'chgserver', b'idletimeout', default=3600,
190 )
190 )
191 coreconfigitem(
191 coreconfigitem(
192 b'chgserver', b'skiphash', default=False,
192 b'chgserver', b'skiphash', default=False,
193 )
193 )
194 coreconfigitem(
194 coreconfigitem(
195 b'cmdserver', b'log', default=None,
195 b'cmdserver', b'log', default=None,
196 )
196 )
197 coreconfigitem(
197 coreconfigitem(
198 b'cmdserver', b'max-log-files', default=7,
198 b'cmdserver', b'max-log-files', default=7,
199 )
199 )
200 coreconfigitem(
200 coreconfigitem(
201 b'cmdserver', b'max-log-size', default=b'1 MB',
201 b'cmdserver', b'max-log-size', default=b'1 MB',
202 )
202 )
203 coreconfigitem(
203 coreconfigitem(
204 b'cmdserver', b'max-repo-cache', default=0, experimental=True,
204 b'cmdserver', b'max-repo-cache', default=0, experimental=True,
205 )
205 )
206 coreconfigitem(
206 coreconfigitem(
207 b'cmdserver', b'message-encodings', default=list, experimental=True,
207 b'cmdserver', b'message-encodings', default=list, experimental=True,
208 )
208 )
209 coreconfigitem(
209 coreconfigitem(
210 b'cmdserver',
210 b'cmdserver',
211 b'track-log',
211 b'track-log',
212 default=lambda: [b'chgserver', b'cmdserver', b'repocache'],
212 default=lambda: [b'chgserver', b'cmdserver', b'repocache'],
213 )
213 )
214 coreconfigitem(
214 coreconfigitem(
215 b'color', b'.*', default=None, generic=True,
215 b'color', b'.*', default=None, generic=True,
216 )
216 )
217 coreconfigitem(
217 coreconfigitem(
218 b'color', b'mode', default=b'auto',
218 b'color', b'mode', default=b'auto',
219 )
219 )
220 coreconfigitem(
220 coreconfigitem(
221 b'color', b'pagermode', default=dynamicdefault,
221 b'color', b'pagermode', default=dynamicdefault,
222 )
222 )
223 _registerdiffopts(section=b'commands', configprefix=b'commit.interactive.')
223 _registerdiffopts(section=b'commands', configprefix=b'commit.interactive.')
224 coreconfigitem(
224 coreconfigitem(
225 b'commands', b'commit.post-status', default=False,
225 b'commands', b'commit.post-status', default=False,
226 )
226 )
227 coreconfigitem(
227 coreconfigitem(
228 b'commands', b'grep.all-files', default=False, experimental=True,
228 b'commands', b'grep.all-files', default=False, experimental=True,
229 )
229 )
230 coreconfigitem(
230 coreconfigitem(
231 b'commands', b'merge.require-rev', default=False,
231 b'commands', b'merge.require-rev', default=False,
232 )
232 )
233 coreconfigitem(
233 coreconfigitem(
234 b'commands', b'push.require-revs', default=False,
234 b'commands', b'push.require-revs', default=False,
235 )
235 )
236 coreconfigitem(
236 coreconfigitem(
237 b'commands', b'resolve.confirm', default=False,
237 b'commands', b'resolve.confirm', default=False,
238 )
238 )
239 coreconfigitem(
239 coreconfigitem(
240 b'commands', b'resolve.explicit-re-merge', default=False,
240 b'commands', b'resolve.explicit-re-merge', default=False,
241 )
241 )
242 coreconfigitem(
242 coreconfigitem(
243 b'commands', b'resolve.mark-check', default=b'none',
243 b'commands', b'resolve.mark-check', default=b'none',
244 )
244 )
245 _registerdiffopts(section=b'commands', configprefix=b'revert.interactive.')
245 _registerdiffopts(section=b'commands', configprefix=b'revert.interactive.')
246 coreconfigitem(
246 coreconfigitem(
247 b'commands', b'show.aliasprefix', default=list,
247 b'commands', b'show.aliasprefix', default=list,
248 )
248 )
249 coreconfigitem(
249 coreconfigitem(
250 b'commands', b'status.relative', default=False,
250 b'commands', b'status.relative', default=False,
251 )
251 )
252 coreconfigitem(
252 coreconfigitem(
253 b'commands', b'status.skipstates', default=[], experimental=True,
253 b'commands', b'status.skipstates', default=[], experimental=True,
254 )
254 )
255 coreconfigitem(
255 coreconfigitem(
256 b'commands', b'status.terse', default=b'',
256 b'commands', b'status.terse', default=b'',
257 )
257 )
258 coreconfigitem(
258 coreconfigitem(
259 b'commands', b'status.verbose', default=False,
259 b'commands', b'status.verbose', default=False,
260 )
260 )
261 coreconfigitem(
261 coreconfigitem(
262 b'commands', b'update.check', default=None,
262 b'commands', b'update.check', default=None,
263 )
263 )
264 coreconfigitem(
264 coreconfigitem(
265 b'commands', b'update.requiredest', default=False,
265 b'commands', b'update.requiredest', default=False,
266 )
266 )
267 coreconfigitem(
267 coreconfigitem(
268 b'committemplate', b'.*', default=None, generic=True,
268 b'committemplate', b'.*', default=None, generic=True,
269 )
269 )
270 coreconfigitem(
270 coreconfigitem(
271 b'convert', b'bzr.saverev', default=True,
271 b'convert', b'bzr.saverev', default=True,
272 )
272 )
273 coreconfigitem(
273 coreconfigitem(
274 b'convert', b'cvsps.cache', default=True,
274 b'convert', b'cvsps.cache', default=True,
275 )
275 )
276 coreconfigitem(
276 coreconfigitem(
277 b'convert', b'cvsps.fuzz', default=60,
277 b'convert', b'cvsps.fuzz', default=60,
278 )
278 )
279 coreconfigitem(
279 coreconfigitem(
280 b'convert', b'cvsps.logencoding', default=None,
280 b'convert', b'cvsps.logencoding', default=None,
281 )
281 )
282 coreconfigitem(
282 coreconfigitem(
283 b'convert', b'cvsps.mergefrom', default=None,
283 b'convert', b'cvsps.mergefrom', default=None,
284 )
284 )
285 coreconfigitem(
285 coreconfigitem(
286 b'convert', b'cvsps.mergeto', default=None,
286 b'convert', b'cvsps.mergeto', default=None,
287 )
287 )
288 coreconfigitem(
288 coreconfigitem(
289 b'convert', b'git.committeractions', default=lambda: [b'messagedifferent'],
289 b'convert', b'git.committeractions', default=lambda: [b'messagedifferent'],
290 )
290 )
291 coreconfigitem(
291 coreconfigitem(
292 b'convert', b'git.extrakeys', default=list,
292 b'convert', b'git.extrakeys', default=list,
293 )
293 )
294 coreconfigitem(
294 coreconfigitem(
295 b'convert', b'git.findcopiesharder', default=False,
295 b'convert', b'git.findcopiesharder', default=False,
296 )
296 )
297 coreconfigitem(
297 coreconfigitem(
298 b'convert', b'git.remoteprefix', default=b'remote',
298 b'convert', b'git.remoteprefix', default=b'remote',
299 )
299 )
300 coreconfigitem(
300 coreconfigitem(
301 b'convert', b'git.renamelimit', default=400,
301 b'convert', b'git.renamelimit', default=400,
302 )
302 )
303 coreconfigitem(
303 coreconfigitem(
304 b'convert', b'git.saverev', default=True,
304 b'convert', b'git.saverev', default=True,
305 )
305 )
306 coreconfigitem(
306 coreconfigitem(
307 b'convert', b'git.similarity', default=50,
307 b'convert', b'git.similarity', default=50,
308 )
308 )
309 coreconfigitem(
309 coreconfigitem(
310 b'convert', b'git.skipsubmodules', default=False,
310 b'convert', b'git.skipsubmodules', default=False,
311 )
311 )
312 coreconfigitem(
312 coreconfigitem(
313 b'convert', b'hg.clonebranches', default=False,
313 b'convert', b'hg.clonebranches', default=False,
314 )
314 )
315 coreconfigitem(
315 coreconfigitem(
316 b'convert', b'hg.ignoreerrors', default=False,
316 b'convert', b'hg.ignoreerrors', default=False,
317 )
317 )
318 coreconfigitem(
318 coreconfigitem(
319 b'convert', b'hg.preserve-hash', default=False,
319 b'convert', b'hg.preserve-hash', default=False,
320 )
320 )
321 coreconfigitem(
321 coreconfigitem(
322 b'convert', b'hg.revs', default=None,
322 b'convert', b'hg.revs', default=None,
323 )
323 )
324 coreconfigitem(
324 coreconfigitem(
325 b'convert', b'hg.saverev', default=False,
325 b'convert', b'hg.saverev', default=False,
326 )
326 )
327 coreconfigitem(
327 coreconfigitem(
328 b'convert', b'hg.sourcename', default=None,
328 b'convert', b'hg.sourcename', default=None,
329 )
329 )
330 coreconfigitem(
330 coreconfigitem(
331 b'convert', b'hg.startrev', default=None,
331 b'convert', b'hg.startrev', default=None,
332 )
332 )
333 coreconfigitem(
333 coreconfigitem(
334 b'convert', b'hg.tagsbranch', default=b'default',
334 b'convert', b'hg.tagsbranch', default=b'default',
335 )
335 )
336 coreconfigitem(
336 coreconfigitem(
337 b'convert', b'hg.usebranchnames', default=True,
337 b'convert', b'hg.usebranchnames', default=True,
338 )
338 )
339 coreconfigitem(
339 coreconfigitem(
340 b'convert', b'ignoreancestorcheck', default=False, experimental=True,
340 b'convert', b'ignoreancestorcheck', default=False, experimental=True,
341 )
341 )
342 coreconfigitem(
342 coreconfigitem(
343 b'convert', b'localtimezone', default=False,
343 b'convert', b'localtimezone', default=False,
344 )
344 )
345 coreconfigitem(
345 coreconfigitem(
346 b'convert', b'p4.encoding', default=dynamicdefault,
346 b'convert', b'p4.encoding', default=dynamicdefault,
347 )
347 )
348 coreconfigitem(
348 coreconfigitem(
349 b'convert', b'p4.startrev', default=0,
349 b'convert', b'p4.startrev', default=0,
350 )
350 )
351 coreconfigitem(
351 coreconfigitem(
352 b'convert', b'skiptags', default=False,
352 b'convert', b'skiptags', default=False,
353 )
353 )
354 coreconfigitem(
354 coreconfigitem(
355 b'convert', b'svn.debugsvnlog', default=True,
355 b'convert', b'svn.debugsvnlog', default=True,
356 )
356 )
357 coreconfigitem(
357 coreconfigitem(
358 b'convert', b'svn.trunk', default=None,
358 b'convert', b'svn.trunk', default=None,
359 )
359 )
360 coreconfigitem(
360 coreconfigitem(
361 b'convert', b'svn.tags', default=None,
361 b'convert', b'svn.tags', default=None,
362 )
362 )
363 coreconfigitem(
363 coreconfigitem(
364 b'convert', b'svn.branches', default=None,
364 b'convert', b'svn.branches', default=None,
365 )
365 )
366 coreconfigitem(
366 coreconfigitem(
367 b'convert', b'svn.startrev', default=0,
367 b'convert', b'svn.startrev', default=0,
368 )
368 )
369 coreconfigitem(
369 coreconfigitem(
370 b'debug', b'dirstate.delaywrite', default=0,
370 b'debug', b'dirstate.delaywrite', default=0,
371 )
371 )
372 coreconfigitem(
372 coreconfigitem(
373 b'defaults', b'.*', default=None, generic=True,
373 b'defaults', b'.*', default=None, generic=True,
374 )
374 )
375 coreconfigitem(
375 coreconfigitem(
376 b'devel', b'all-warnings', default=False,
376 b'devel', b'all-warnings', default=False,
377 )
377 )
378 coreconfigitem(
378 coreconfigitem(
379 b'devel', b'bundle2.debug', default=False,
379 b'devel', b'bundle2.debug', default=False,
380 )
380 )
381 coreconfigitem(
381 coreconfigitem(
382 b'devel', b'bundle.delta', default=b'',
382 b'devel', b'bundle.delta', default=b'',
383 )
383 )
384 coreconfigitem(
384 coreconfigitem(
385 b'devel', b'cache-vfs', default=None,
385 b'devel', b'cache-vfs', default=None,
386 )
386 )
387 coreconfigitem(
387 coreconfigitem(
388 b'devel', b'check-locks', default=False,
388 b'devel', b'check-locks', default=False,
389 )
389 )
390 coreconfigitem(
390 coreconfigitem(
391 b'devel', b'check-relroot', default=False,
391 b'devel', b'check-relroot', default=False,
392 )
392 )
393 coreconfigitem(
393 coreconfigitem(
394 b'devel', b'default-date', default=None,
394 b'devel', b'default-date', default=None,
395 )
395 )
396 coreconfigitem(
396 coreconfigitem(
397 b'devel', b'deprec-warn', default=False,
397 b'devel', b'deprec-warn', default=False,
398 )
398 )
399 coreconfigitem(
399 coreconfigitem(
400 b'devel', b'disableloaddefaultcerts', default=False,
400 b'devel', b'disableloaddefaultcerts', default=False,
401 )
401 )
402 coreconfigitem(
402 coreconfigitem(
403 b'devel', b'warn-empty-changegroup', default=False,
403 b'devel', b'warn-empty-changegroup', default=False,
404 )
404 )
405 coreconfigitem(
405 coreconfigitem(
406 b'devel', b'legacy.exchange', default=list,
406 b'devel', b'legacy.exchange', default=list,
407 )
407 )
408 coreconfigitem(
408 coreconfigitem(
409 b'devel', b'persistent-nodemap', default=False,
409 b'devel', b'persistent-nodemap', default=False,
410 )
410 )
411 coreconfigitem(
411 coreconfigitem(
412 b'devel', b'servercafile', default=b'',
412 b'devel', b'servercafile', default=b'',
413 )
413 )
414 coreconfigitem(
414 coreconfigitem(
415 b'devel', b'serverexactprotocol', default=b'',
415 b'devel', b'serverexactprotocol', default=b'',
416 )
416 )
417 coreconfigitem(
417 coreconfigitem(
418 b'devel', b'serverrequirecert', default=False,
418 b'devel', b'serverrequirecert', default=False,
419 )
419 )
420 coreconfigitem(
420 coreconfigitem(
421 b'devel', b'strip-obsmarkers', default=True,
421 b'devel', b'strip-obsmarkers', default=True,
422 )
422 )
423 coreconfigitem(
423 coreconfigitem(
424 b'devel', b'warn-config', default=None,
424 b'devel', b'warn-config', default=None,
425 )
425 )
426 coreconfigitem(
426 coreconfigitem(
427 b'devel', b'warn-config-default', default=None,
427 b'devel', b'warn-config-default', default=None,
428 )
428 )
429 coreconfigitem(
429 coreconfigitem(
430 b'devel', b'user.obsmarker', default=None,
430 b'devel', b'user.obsmarker', default=None,
431 )
431 )
432 coreconfigitem(
432 coreconfigitem(
433 b'devel', b'warn-config-unknown', default=None,
433 b'devel', b'warn-config-unknown', default=None,
434 )
434 )
435 coreconfigitem(
435 coreconfigitem(
436 b'devel', b'debug.copies', default=False,
436 b'devel', b'debug.copies', default=False,
437 )
437 )
438 coreconfigitem(
438 coreconfigitem(
439 b'devel', b'debug.extensions', default=False,
439 b'devel', b'debug.extensions', default=False,
440 )
440 )
441 coreconfigitem(
441 coreconfigitem(
442 b'devel', b'debug.repo-filters', default=False,
442 b'devel', b'debug.repo-filters', default=False,
443 )
443 )
444 coreconfigitem(
444 coreconfigitem(
445 b'devel', b'debug.peer-request', default=False,
445 b'devel', b'debug.peer-request', default=False,
446 )
446 )
447 coreconfigitem(
447 coreconfigitem(
448 b'devel', b'discovery.randomize', default=True,
448 b'devel', b'discovery.randomize', default=True,
449 )
449 )
450 _registerdiffopts(section=b'diff')
450 _registerdiffopts(section=b'diff')
451 coreconfigitem(
451 coreconfigitem(
452 b'email', b'bcc', default=None,
452 b'email', b'bcc', default=None,
453 )
453 )
454 coreconfigitem(
454 coreconfigitem(
455 b'email', b'cc', default=None,
455 b'email', b'cc', default=None,
456 )
456 )
457 coreconfigitem(
457 coreconfigitem(
458 b'email', b'charsets', default=list,
458 b'email', b'charsets', default=list,
459 )
459 )
460 coreconfigitem(
460 coreconfigitem(
461 b'email', b'from', default=None,
461 b'email', b'from', default=None,
462 )
462 )
463 coreconfigitem(
463 coreconfigitem(
464 b'email', b'method', default=b'smtp',
464 b'email', b'method', default=b'smtp',
465 )
465 )
466 coreconfigitem(
466 coreconfigitem(
467 b'email', b'reply-to', default=None,
467 b'email', b'reply-to', default=None,
468 )
468 )
469 coreconfigitem(
469 coreconfigitem(
470 b'email', b'to', default=None,
470 b'email', b'to', default=None,
471 )
471 )
472 coreconfigitem(
472 coreconfigitem(
473 b'experimental', b'archivemetatemplate', default=dynamicdefault,
473 b'experimental', b'archivemetatemplate', default=dynamicdefault,
474 )
474 )
475 coreconfigitem(
475 coreconfigitem(
476 b'experimental', b'auto-publish', default=b'publish',
476 b'experimental', b'auto-publish', default=b'publish',
477 )
477 )
478 coreconfigitem(
478 coreconfigitem(
479 b'experimental', b'bundle-phases', default=False,
479 b'experimental', b'bundle-phases', default=False,
480 )
480 )
481 coreconfigitem(
481 coreconfigitem(
482 b'experimental', b'bundle2-advertise', default=True,
482 b'experimental', b'bundle2-advertise', default=True,
483 )
483 )
484 coreconfigitem(
484 coreconfigitem(
485 b'experimental', b'bundle2-output-capture', default=False,
485 b'experimental', b'bundle2-output-capture', default=False,
486 )
486 )
487 coreconfigitem(
487 coreconfigitem(
488 b'experimental', b'bundle2.pushback', default=False,
488 b'experimental', b'bundle2.pushback', default=False,
489 )
489 )
490 coreconfigitem(
490 coreconfigitem(
491 b'experimental', b'bundle2lazylocking', default=False,
491 b'experimental', b'bundle2lazylocking', default=False,
492 )
492 )
493 coreconfigitem(
493 coreconfigitem(
494 b'experimental', b'bundlecomplevel', default=None,
494 b'experimental', b'bundlecomplevel', default=None,
495 )
495 )
496 coreconfigitem(
496 coreconfigitem(
497 b'experimental', b'bundlecomplevel.bzip2', default=None,
497 b'experimental', b'bundlecomplevel.bzip2', default=None,
498 )
498 )
499 coreconfigitem(
499 coreconfigitem(
500 b'experimental', b'bundlecomplevel.gzip', default=None,
500 b'experimental', b'bundlecomplevel.gzip', default=None,
501 )
501 )
502 coreconfigitem(
502 coreconfigitem(
503 b'experimental', b'bundlecomplevel.none', default=None,
503 b'experimental', b'bundlecomplevel.none', default=None,
504 )
504 )
505 coreconfigitem(
505 coreconfigitem(
506 b'experimental', b'bundlecomplevel.zstd', default=None,
506 b'experimental', b'bundlecomplevel.zstd', default=None,
507 )
507 )
508 coreconfigitem(
508 coreconfigitem(
509 b'experimental', b'changegroup3', default=False,
509 b'experimental', b'changegroup3', default=False,
510 )
510 )
511 coreconfigitem(
511 coreconfigitem(
512 b'experimental', b'cleanup-as-archived', default=False,
512 b'experimental', b'cleanup-as-archived', default=False,
513 )
513 )
514 coreconfigitem(
514 coreconfigitem(
515 b'experimental', b'clientcompressionengines', default=list,
515 b'experimental', b'clientcompressionengines', default=list,
516 )
516 )
517 coreconfigitem(
517 coreconfigitem(
518 b'experimental', b'copytrace', default=b'on',
518 b'experimental', b'copytrace', default=b'on',
519 )
519 )
520 coreconfigitem(
520 coreconfigitem(
521 b'experimental', b'copytrace.movecandidateslimit', default=100,
521 b'experimental', b'copytrace.movecandidateslimit', default=100,
522 )
522 )
523 coreconfigitem(
523 coreconfigitem(
524 b'experimental', b'copytrace.sourcecommitlimit', default=100,
524 b'experimental', b'copytrace.sourcecommitlimit', default=100,
525 )
525 )
526 coreconfigitem(
526 coreconfigitem(
527 b'experimental', b'copies.read-from', default=b"filelog-only",
527 b'experimental', b'copies.read-from', default=b"filelog-only",
528 )
528 )
529 coreconfigitem(
529 coreconfigitem(
530 b'experimental', b'copies.write-to', default=b'filelog-only',
530 b'experimental', b'copies.write-to', default=b'filelog-only',
531 )
531 )
532 coreconfigitem(
532 coreconfigitem(
533 b'experimental', b'crecordtest', default=None,
533 b'experimental', b'crecordtest', default=None,
534 )
534 )
535 coreconfigitem(
535 coreconfigitem(
536 b'experimental', b'directaccess', default=False,
536 b'experimental', b'directaccess', default=False,
537 )
537 )
538 coreconfigitem(
538 coreconfigitem(
539 b'experimental', b'directaccess.revnums', default=False,
539 b'experimental', b'directaccess.revnums', default=False,
540 )
540 )
541 coreconfigitem(
541 coreconfigitem(
542 b'experimental', b'editortmpinhg', default=False,
542 b'experimental', b'editortmpinhg', default=False,
543 )
543 )
544 coreconfigitem(
544 coreconfigitem(
545 b'experimental', b'evolution', default=list,
545 b'experimental', b'evolution', default=list,
546 )
546 )
547 coreconfigitem(
547 coreconfigitem(
548 b'experimental',
548 b'experimental',
549 b'evolution.allowdivergence',
549 b'evolution.allowdivergence',
550 default=False,
550 default=False,
551 alias=[(b'experimental', b'allowdivergence')],
551 alias=[(b'experimental', b'allowdivergence')],
552 )
552 )
553 coreconfigitem(
553 coreconfigitem(
554 b'experimental', b'evolution.allowunstable', default=None,
554 b'experimental', b'evolution.allowunstable', default=None,
555 )
555 )
556 coreconfigitem(
556 coreconfigitem(
557 b'experimental', b'evolution.createmarkers', default=None,
557 b'experimental', b'evolution.createmarkers', default=None,
558 )
558 )
559 coreconfigitem(
559 coreconfigitem(
560 b'experimental',
560 b'experimental',
561 b'evolution.effect-flags',
561 b'evolution.effect-flags',
562 default=True,
562 default=True,
563 alias=[(b'experimental', b'effect-flags')],
563 alias=[(b'experimental', b'effect-flags')],
564 )
564 )
565 coreconfigitem(
565 coreconfigitem(
566 b'experimental', b'evolution.exchange', default=None,
566 b'experimental', b'evolution.exchange', default=None,
567 )
567 )
568 coreconfigitem(
568 coreconfigitem(
569 b'experimental', b'evolution.bundle-obsmarker', default=False,
569 b'experimental', b'evolution.bundle-obsmarker', default=False,
570 )
570 )
571 coreconfigitem(
571 coreconfigitem(
572 b'experimental', b'log.topo', default=False,
572 b'experimental', b'log.topo', default=False,
573 )
573 )
574 coreconfigitem(
574 coreconfigitem(
575 b'experimental', b'evolution.report-instabilities', default=True,
575 b'experimental', b'evolution.report-instabilities', default=True,
576 )
576 )
577 coreconfigitem(
577 coreconfigitem(
578 b'experimental', b'evolution.track-operation', default=True,
578 b'experimental', b'evolution.track-operation', default=True,
579 )
579 )
580 # repo-level config to exclude a revset visibility
580 # repo-level config to exclude a revset visibility
581 #
581 #
582 # The target use case is to use `share` to expose different subset of the same
582 # The target use case is to use `share` to expose different subset of the same
583 # repository, especially server side. See also `server.view`.
583 # repository, especially server side. See also `server.view`.
584 coreconfigitem(
584 coreconfigitem(
585 b'experimental', b'extra-filter-revs', default=None,
585 b'experimental', b'extra-filter-revs', default=None,
586 )
586 )
587 coreconfigitem(
587 coreconfigitem(
588 b'experimental', b'maxdeltachainspan', default=-1,
588 b'experimental', b'maxdeltachainspan', default=-1,
589 )
589 )
590 coreconfigitem(
590 coreconfigitem(
591 b'experimental', b'mergetempdirprefix', default=None,
591 b'experimental', b'mergetempdirprefix', default=None,
592 )
592 )
593 coreconfigitem(
593 coreconfigitem(
594 b'experimental', b'mmapindexthreshold', default=None,
594 b'experimental', b'mmapindexthreshold', default=None,
595 )
595 )
596 coreconfigitem(
596 coreconfigitem(
597 b'experimental', b'narrow', default=False,
597 b'experimental', b'narrow', default=False,
598 )
598 )
599 coreconfigitem(
599 coreconfigitem(
600 b'experimental', b'nonnormalparanoidcheck', default=False,
600 b'experimental', b'nonnormalparanoidcheck', default=False,
601 )
601 )
602 coreconfigitem(
602 coreconfigitem(
603 b'experimental', b'exportableenviron', default=list,
603 b'experimental', b'exportableenviron', default=list,
604 )
604 )
605 coreconfigitem(
605 coreconfigitem(
606 b'experimental', b'extendedheader.index', default=None,
606 b'experimental', b'extendedheader.index', default=None,
607 )
607 )
608 coreconfigitem(
608 coreconfigitem(
609 b'experimental', b'extendedheader.similarity', default=False,
609 b'experimental', b'extendedheader.similarity', default=False,
610 )
610 )
611 coreconfigitem(
611 coreconfigitem(
612 b'experimental', b'graphshorten', default=False,
612 b'experimental', b'graphshorten', default=False,
613 )
613 )
614 coreconfigitem(
614 coreconfigitem(
615 b'experimental', b'graphstyle.parent', default=dynamicdefault,
615 b'experimental', b'graphstyle.parent', default=dynamicdefault,
616 )
616 )
617 coreconfigitem(
617 coreconfigitem(
618 b'experimental', b'graphstyle.missing', default=dynamicdefault,
618 b'experimental', b'graphstyle.missing', default=dynamicdefault,
619 )
619 )
620 coreconfigitem(
620 coreconfigitem(
621 b'experimental', b'graphstyle.grandparent', default=dynamicdefault,
621 b'experimental', b'graphstyle.grandparent', default=dynamicdefault,
622 )
622 )
623 coreconfigitem(
623 coreconfigitem(
624 b'experimental', b'hook-track-tags', default=False,
624 b'experimental', b'hook-track-tags', default=False,
625 )
625 )
626 coreconfigitem(
626 coreconfigitem(
627 b'experimental', b'httppeer.advertise-v2', default=False,
627 b'experimental', b'httppeer.advertise-v2', default=False,
628 )
628 )
629 coreconfigitem(
629 coreconfigitem(
630 b'experimental', b'httppeer.v2-encoder-order', default=None,
630 b'experimental', b'httppeer.v2-encoder-order', default=None,
631 )
631 )
632 coreconfigitem(
632 coreconfigitem(
633 b'experimental', b'httppostargs', default=False,
633 b'experimental', b'httppostargs', default=False,
634 )
634 )
635 coreconfigitem(
635 coreconfigitem(
636 b'experimental', b'mergedriver', default=None,
636 b'experimental', b'mergedriver', default=None,
637 )
637 )
638 coreconfigitem(b'experimental', b'nointerrupt', default=False)
638 coreconfigitem(b'experimental', b'nointerrupt', default=False)
639 coreconfigitem(b'experimental', b'nointerrupt-interactiveonly', default=True)
639 coreconfigitem(b'experimental', b'nointerrupt-interactiveonly', default=True)
640
640
641 coreconfigitem(
641 coreconfigitem(
642 b'experimental', b'obsmarkers-exchange-debug', default=False,
642 b'experimental', b'obsmarkers-exchange-debug', default=False,
643 )
643 )
644 coreconfigitem(
644 coreconfigitem(
645 b'experimental', b'remotenames', default=False,
645 b'experimental', b'remotenames', default=False,
646 )
646 )
647 coreconfigitem(
647 coreconfigitem(
648 b'experimental', b'removeemptydirs', default=True,
648 b'experimental', b'removeemptydirs', default=True,
649 )
649 )
650 coreconfigitem(
650 coreconfigitem(
651 b'experimental', b'revert.interactive.select-to-keep', default=False,
651 b'experimental', b'revert.interactive.select-to-keep', default=False,
652 )
652 )
653 coreconfigitem(
653 coreconfigitem(
654 b'experimental', b'revisions.prefixhexnode', default=False,
654 b'experimental', b'revisions.prefixhexnode', default=False,
655 )
655 )
656 coreconfigitem(
656 coreconfigitem(
657 b'experimental', b'revlogv2', default=None,
657 b'experimental', b'revlogv2', default=None,
658 )
658 )
659 coreconfigitem(
659 coreconfigitem(
660 b'experimental', b'revisions.disambiguatewithin', default=None,
660 b'experimental', b'revisions.disambiguatewithin', default=None,
661 )
661 )
662 coreconfigitem(
662 coreconfigitem(
663 b'experimental', b'rust.index', default=False,
663 b'experimental', b'rust.index', default=False,
664 )
664 )
665 coreconfigitem(
665 coreconfigitem(
666 b'experimental', b'server.filesdata.recommended-batch-size', default=50000,
666 b'experimental', b'server.filesdata.recommended-batch-size', default=50000,
667 )
667 )
668 coreconfigitem(
668 coreconfigitem(
669 b'experimental',
669 b'experimental',
670 b'server.manifestdata.recommended-batch-size',
670 b'server.manifestdata.recommended-batch-size',
671 default=100000,
671 default=100000,
672 )
672 )
673 coreconfigitem(
673 coreconfigitem(
674 b'experimental', b'server.stream-narrow-clones', default=False,
674 b'experimental', b'server.stream-narrow-clones', default=False,
675 )
675 )
676 coreconfigitem(
676 coreconfigitem(
677 b'experimental', b'single-head-per-branch', default=False,
677 b'experimental', b'single-head-per-branch', default=False,
678 )
678 )
679 coreconfigitem(
679 coreconfigitem(
680 b'experimental',
680 b'experimental',
681 b'single-head-per-branch:account-closed-heads',
681 b'single-head-per-branch:account-closed-heads',
682 default=False,
682 default=False,
683 )
683 )
684 coreconfigitem(
684 coreconfigitem(
685 b'experimental', b'sshserver.support-v2', default=False,
685 b'experimental', b'sshserver.support-v2', default=False,
686 )
686 )
687 coreconfigitem(
687 coreconfigitem(
688 b'experimental', b'sparse-read', default=False,
688 b'experimental', b'sparse-read', default=False,
689 )
689 )
690 coreconfigitem(
690 coreconfigitem(
691 b'experimental', b'sparse-read.density-threshold', default=0.50,
691 b'experimental', b'sparse-read.density-threshold', default=0.50,
692 )
692 )
693 coreconfigitem(
693 coreconfigitem(
694 b'experimental', b'sparse-read.min-gap-size', default=b'65K',
694 b'experimental', b'sparse-read.min-gap-size', default=b'65K',
695 )
695 )
696 coreconfigitem(
696 coreconfigitem(
697 b'experimental', b'treemanifest', default=False,
697 b'experimental', b'treemanifest', default=False,
698 )
698 )
699 coreconfigitem(
699 coreconfigitem(
700 b'experimental', b'update.atomic-file', default=False,
700 b'experimental', b'update.atomic-file', default=False,
701 )
701 )
702 coreconfigitem(
702 coreconfigitem(
703 b'experimental', b'sshpeer.advertise-v2', default=False,
703 b'experimental', b'sshpeer.advertise-v2', default=False,
704 )
704 )
705 coreconfigitem(
705 coreconfigitem(
706 b'experimental', b'web.apiserver', default=False,
706 b'experimental', b'web.apiserver', default=False,
707 )
707 )
708 coreconfigitem(
708 coreconfigitem(
709 b'experimental', b'web.api.http-v2', default=False,
709 b'experimental', b'web.api.http-v2', default=False,
710 )
710 )
711 coreconfigitem(
711 coreconfigitem(
712 b'experimental', b'web.api.debugreflect', default=False,
712 b'experimental', b'web.api.debugreflect', default=False,
713 )
713 )
714 coreconfigitem(
714 coreconfigitem(
715 b'experimental', b'worker.wdir-get-thread-safe', default=False,
715 b'experimental', b'worker.wdir-get-thread-safe', default=False,
716 )
716 )
717 coreconfigitem(
717 coreconfigitem(
718 b'experimental', b'worker.repository-upgrade', default=False,
718 b'experimental', b'worker.repository-upgrade', default=False,
719 )
719 )
720 coreconfigitem(
720 coreconfigitem(
721 b'experimental', b'xdiff', default=False,
721 b'experimental', b'xdiff', default=False,
722 )
722 )
723 coreconfigitem(
723 coreconfigitem(
724 b'extensions', b'.*', default=None, generic=True,
724 b'extensions', b'.*', default=None, generic=True,
725 )
725 )
726 coreconfigitem(
726 coreconfigitem(
727 b'extdata', b'.*', default=None, generic=True,
727 b'extdata', b'.*', default=None, generic=True,
728 )
728 )
729 coreconfigitem(
729 coreconfigitem(
730 b'format', b'bookmarks-in-store', default=False,
730 b'format', b'bookmarks-in-store', default=False,
731 )
731 )
732 coreconfigitem(
732 coreconfigitem(
733 b'format', b'chunkcachesize', default=None, experimental=True,
733 b'format', b'chunkcachesize', default=None, experimental=True,
734 )
734 )
735 coreconfigitem(
735 coreconfigitem(
736 b'format', b'dotencode', default=True,
736 b'format', b'dotencode', default=True,
737 )
737 )
738 coreconfigitem(
738 coreconfigitem(
739 b'format', b'generaldelta', default=False, experimental=True,
739 b'format', b'generaldelta', default=False, experimental=True,
740 )
740 )
741 coreconfigitem(
741 coreconfigitem(
742 b'format', b'manifestcachesize', default=None, experimental=True,
742 b'format', b'manifestcachesize', default=None, experimental=True,
743 )
743 )
744 coreconfigitem(
744 coreconfigitem(
745 b'format', b'maxchainlen', default=dynamicdefault, experimental=True,
745 b'format', b'maxchainlen', default=dynamicdefault, experimental=True,
746 )
746 )
747 coreconfigitem(
747 coreconfigitem(
748 b'format', b'obsstore-version', default=None,
748 b'format', b'obsstore-version', default=None,
749 )
749 )
750 coreconfigitem(
750 coreconfigitem(
751 b'format', b'sparse-revlog', default=True,
751 b'format', b'sparse-revlog', default=True,
752 )
752 )
753 coreconfigitem(
753 coreconfigitem(
754 b'format',
754 b'format',
755 b'revlog-compression',
755 b'revlog-compression',
756 default=lambda: [b'zlib'],
756 default=lambda: [b'zlib'],
757 alias=[(b'experimental', b'format.compression')],
757 alias=[(b'experimental', b'format.compression')],
758 )
758 )
759 coreconfigitem(
759 coreconfigitem(
760 b'format', b'usefncache', default=True,
760 b'format', b'usefncache', default=True,
761 )
761 )
762 coreconfigitem(
762 coreconfigitem(
763 b'format', b'usegeneraldelta', default=True,
763 b'format', b'usegeneraldelta', default=True,
764 )
764 )
765 coreconfigitem(
765 coreconfigitem(
766 b'format', b'usestore', default=True,
766 b'format', b'usestore', default=True,
767 )
767 )
768 # Right now, the only efficient implement of the nodemap logic is in Rust, so
768 # Right now, the only efficient implement of the nodemap logic is in Rust, so
769 # the persistent nodemap feature needs to stay experimental as long as the Rust
769 # the persistent nodemap feature needs to stay experimental as long as the Rust
770 # extensions are an experimental feature.
770 # extensions are an experimental feature.
771 coreconfigitem(
771 coreconfigitem(
772 b'format', b'use-persistent-nodemap', default=False, experimental=True
772 b'format', b'use-persistent-nodemap', default=False, experimental=True
773 )
773 )
774 coreconfigitem(
774 coreconfigitem(
775 b'format',
775 b'format',
776 b'exp-use-copies-side-data-changeset',
776 b'exp-use-copies-side-data-changeset',
777 default=False,
777 default=False,
778 experimental=True,
778 experimental=True,
779 )
779 )
780 coreconfigitem(
780 coreconfigitem(
781 b'format', b'exp-use-side-data', default=False, experimental=True,
781 b'format', b'exp-use-side-data', default=False, experimental=True,
782 )
782 )
783 coreconfigitem(
783 coreconfigitem(
784 b'format', b'internal-phase', default=False, experimental=True,
784 b'format', b'internal-phase', default=False, experimental=True,
785 )
785 )
786 coreconfigitem(
786 coreconfigitem(
787 b'fsmonitor', b'warn_when_unused', default=True,
787 b'fsmonitor', b'warn_when_unused', default=True,
788 )
788 )
789 coreconfigitem(
789 coreconfigitem(
790 b'fsmonitor', b'warn_update_file_count', default=50000,
790 b'fsmonitor', b'warn_update_file_count', default=50000,
791 )
791 )
792 coreconfigitem(
792 coreconfigitem(
793 b'help', br'hidden-command\..*', default=False, generic=True,
793 b'help', br'hidden-command\..*', default=False, generic=True,
794 )
794 )
795 coreconfigitem(
795 coreconfigitem(
796 b'help', br'hidden-topic\..*', default=False, generic=True,
796 b'help', br'hidden-topic\..*', default=False, generic=True,
797 )
797 )
798 coreconfigitem(
798 coreconfigitem(
799 b'hooks', b'.*', default=dynamicdefault, generic=True,
799 b'hooks', b'.*', default=dynamicdefault, generic=True,
800 )
800 )
801 coreconfigitem(
801 coreconfigitem(
802 b'hgweb-paths', b'.*', default=list, generic=True,
802 b'hgweb-paths', b'.*', default=list, generic=True,
803 )
803 )
804 coreconfigitem(
804 coreconfigitem(
805 b'hostfingerprints', b'.*', default=list, generic=True,
805 b'hostfingerprints', b'.*', default=list, generic=True,
806 )
806 )
807 coreconfigitem(
807 coreconfigitem(
808 b'hostsecurity', b'ciphers', default=None,
808 b'hostsecurity', b'ciphers', default=None,
809 )
809 )
810 coreconfigitem(
810 coreconfigitem(
811 b'hostsecurity', b'disabletls10warning', default=False,
812 )
813 coreconfigitem(
814 b'hostsecurity', b'minimumprotocol', default=dynamicdefault,
811 b'hostsecurity', b'minimumprotocol', default=dynamicdefault,
815 )
812 )
816 coreconfigitem(
813 coreconfigitem(
817 b'hostsecurity',
814 b'hostsecurity',
818 b'.*:minimumprotocol$',
815 b'.*:minimumprotocol$',
819 default=dynamicdefault,
816 default=dynamicdefault,
820 generic=True,
817 generic=True,
821 )
818 )
822 coreconfigitem(
819 coreconfigitem(
823 b'hostsecurity', b'.*:ciphers$', default=dynamicdefault, generic=True,
820 b'hostsecurity', b'.*:ciphers$', default=dynamicdefault, generic=True,
824 )
821 )
825 coreconfigitem(
822 coreconfigitem(
826 b'hostsecurity', b'.*:fingerprints$', default=list, generic=True,
823 b'hostsecurity', b'.*:fingerprints$', default=list, generic=True,
827 )
824 )
828 coreconfigitem(
825 coreconfigitem(
829 b'hostsecurity', b'.*:verifycertsfile$', default=None, generic=True,
826 b'hostsecurity', b'.*:verifycertsfile$', default=None, generic=True,
830 )
827 )
831
828
832 coreconfigitem(
829 coreconfigitem(
833 b'http_proxy', b'always', default=False,
830 b'http_proxy', b'always', default=False,
834 )
831 )
835 coreconfigitem(
832 coreconfigitem(
836 b'http_proxy', b'host', default=None,
833 b'http_proxy', b'host', default=None,
837 )
834 )
838 coreconfigitem(
835 coreconfigitem(
839 b'http_proxy', b'no', default=list,
836 b'http_proxy', b'no', default=list,
840 )
837 )
841 coreconfigitem(
838 coreconfigitem(
842 b'http_proxy', b'passwd', default=None,
839 b'http_proxy', b'passwd', default=None,
843 )
840 )
844 coreconfigitem(
841 coreconfigitem(
845 b'http_proxy', b'user', default=None,
842 b'http_proxy', b'user', default=None,
846 )
843 )
847
844
848 coreconfigitem(
845 coreconfigitem(
849 b'http', b'timeout', default=None,
846 b'http', b'timeout', default=None,
850 )
847 )
851
848
852 coreconfigitem(
849 coreconfigitem(
853 b'logtoprocess', b'commandexception', default=None,
850 b'logtoprocess', b'commandexception', default=None,
854 )
851 )
855 coreconfigitem(
852 coreconfigitem(
856 b'logtoprocess', b'commandfinish', default=None,
853 b'logtoprocess', b'commandfinish', default=None,
857 )
854 )
858 coreconfigitem(
855 coreconfigitem(
859 b'logtoprocess', b'command', default=None,
856 b'logtoprocess', b'command', default=None,
860 )
857 )
861 coreconfigitem(
858 coreconfigitem(
862 b'logtoprocess', b'develwarn', default=None,
859 b'logtoprocess', b'develwarn', default=None,
863 )
860 )
864 coreconfigitem(
861 coreconfigitem(
865 b'logtoprocess', b'uiblocked', default=None,
862 b'logtoprocess', b'uiblocked', default=None,
866 )
863 )
867 coreconfigitem(
864 coreconfigitem(
868 b'merge', b'checkunknown', default=b'abort',
865 b'merge', b'checkunknown', default=b'abort',
869 )
866 )
870 coreconfigitem(
867 coreconfigitem(
871 b'merge', b'checkignored', default=b'abort',
868 b'merge', b'checkignored', default=b'abort',
872 )
869 )
873 coreconfigitem(
870 coreconfigitem(
874 b'experimental', b'merge.checkpathconflicts', default=False,
871 b'experimental', b'merge.checkpathconflicts', default=False,
875 )
872 )
876 coreconfigitem(
873 coreconfigitem(
877 b'merge', b'followcopies', default=True,
874 b'merge', b'followcopies', default=True,
878 )
875 )
879 coreconfigitem(
876 coreconfigitem(
880 b'merge', b'on-failure', default=b'continue',
877 b'merge', b'on-failure', default=b'continue',
881 )
878 )
882 coreconfigitem(
879 coreconfigitem(
883 b'merge', b'preferancestor', default=lambda: [b'*'], experimental=True,
880 b'merge', b'preferancestor', default=lambda: [b'*'], experimental=True,
884 )
881 )
885 coreconfigitem(
882 coreconfigitem(
886 b'merge', b'strict-capability-check', default=False,
883 b'merge', b'strict-capability-check', default=False,
887 )
884 )
888 coreconfigitem(
885 coreconfigitem(
889 b'merge-tools', b'.*', default=None, generic=True,
886 b'merge-tools', b'.*', default=None, generic=True,
890 )
887 )
891 coreconfigitem(
888 coreconfigitem(
892 b'merge-tools',
889 b'merge-tools',
893 br'.*\.args$',
890 br'.*\.args$',
894 default=b"$local $base $other",
891 default=b"$local $base $other",
895 generic=True,
892 generic=True,
896 priority=-1,
893 priority=-1,
897 )
894 )
898 coreconfigitem(
895 coreconfigitem(
899 b'merge-tools', br'.*\.binary$', default=False, generic=True, priority=-1,
896 b'merge-tools', br'.*\.binary$', default=False, generic=True, priority=-1,
900 )
897 )
901 coreconfigitem(
898 coreconfigitem(
902 b'merge-tools', br'.*\.check$', default=list, generic=True, priority=-1,
899 b'merge-tools', br'.*\.check$', default=list, generic=True, priority=-1,
903 )
900 )
904 coreconfigitem(
901 coreconfigitem(
905 b'merge-tools',
902 b'merge-tools',
906 br'.*\.checkchanged$',
903 br'.*\.checkchanged$',
907 default=False,
904 default=False,
908 generic=True,
905 generic=True,
909 priority=-1,
906 priority=-1,
910 )
907 )
911 coreconfigitem(
908 coreconfigitem(
912 b'merge-tools',
909 b'merge-tools',
913 br'.*\.executable$',
910 br'.*\.executable$',
914 default=dynamicdefault,
911 default=dynamicdefault,
915 generic=True,
912 generic=True,
916 priority=-1,
913 priority=-1,
917 )
914 )
918 coreconfigitem(
915 coreconfigitem(
919 b'merge-tools', br'.*\.fixeol$', default=False, generic=True, priority=-1,
916 b'merge-tools', br'.*\.fixeol$', default=False, generic=True, priority=-1,
920 )
917 )
921 coreconfigitem(
918 coreconfigitem(
922 b'merge-tools', br'.*\.gui$', default=False, generic=True, priority=-1,
919 b'merge-tools', br'.*\.gui$', default=False, generic=True, priority=-1,
923 )
920 )
924 coreconfigitem(
921 coreconfigitem(
925 b'merge-tools',
922 b'merge-tools',
926 br'.*\.mergemarkers$',
923 br'.*\.mergemarkers$',
927 default=b'basic',
924 default=b'basic',
928 generic=True,
925 generic=True,
929 priority=-1,
926 priority=-1,
930 )
927 )
931 coreconfigitem(
928 coreconfigitem(
932 b'merge-tools',
929 b'merge-tools',
933 br'.*\.mergemarkertemplate$',
930 br'.*\.mergemarkertemplate$',
934 default=dynamicdefault, # take from ui.mergemarkertemplate
931 default=dynamicdefault, # take from ui.mergemarkertemplate
935 generic=True,
932 generic=True,
936 priority=-1,
933 priority=-1,
937 )
934 )
938 coreconfigitem(
935 coreconfigitem(
939 b'merge-tools', br'.*\.priority$', default=0, generic=True, priority=-1,
936 b'merge-tools', br'.*\.priority$', default=0, generic=True, priority=-1,
940 )
937 )
941 coreconfigitem(
938 coreconfigitem(
942 b'merge-tools',
939 b'merge-tools',
943 br'.*\.premerge$',
940 br'.*\.premerge$',
944 default=dynamicdefault,
941 default=dynamicdefault,
945 generic=True,
942 generic=True,
946 priority=-1,
943 priority=-1,
947 )
944 )
948 coreconfigitem(
945 coreconfigitem(
949 b'merge-tools', br'.*\.symlink$', default=False, generic=True, priority=-1,
946 b'merge-tools', br'.*\.symlink$', default=False, generic=True, priority=-1,
950 )
947 )
951 coreconfigitem(
948 coreconfigitem(
952 b'pager', b'attend-.*', default=dynamicdefault, generic=True,
949 b'pager', b'attend-.*', default=dynamicdefault, generic=True,
953 )
950 )
954 coreconfigitem(
951 coreconfigitem(
955 b'pager', b'ignore', default=list,
952 b'pager', b'ignore', default=list,
956 )
953 )
957 coreconfigitem(
954 coreconfigitem(
958 b'pager', b'pager', default=dynamicdefault,
955 b'pager', b'pager', default=dynamicdefault,
959 )
956 )
960 coreconfigitem(
957 coreconfigitem(
961 b'patch', b'eol', default=b'strict',
958 b'patch', b'eol', default=b'strict',
962 )
959 )
963 coreconfigitem(
960 coreconfigitem(
964 b'patch', b'fuzz', default=2,
961 b'patch', b'fuzz', default=2,
965 )
962 )
966 coreconfigitem(
963 coreconfigitem(
967 b'paths', b'default', default=None,
964 b'paths', b'default', default=None,
968 )
965 )
969 coreconfigitem(
966 coreconfigitem(
970 b'paths', b'default-push', default=None,
967 b'paths', b'default-push', default=None,
971 )
968 )
972 coreconfigitem(
969 coreconfigitem(
973 b'paths', b'.*', default=None, generic=True,
970 b'paths', b'.*', default=None, generic=True,
974 )
971 )
975 coreconfigitem(
972 coreconfigitem(
976 b'phases', b'checksubrepos', default=b'follow',
973 b'phases', b'checksubrepos', default=b'follow',
977 )
974 )
978 coreconfigitem(
975 coreconfigitem(
979 b'phases', b'new-commit', default=b'draft',
976 b'phases', b'new-commit', default=b'draft',
980 )
977 )
981 coreconfigitem(
978 coreconfigitem(
982 b'phases', b'publish', default=True,
979 b'phases', b'publish', default=True,
983 )
980 )
984 coreconfigitem(
981 coreconfigitem(
985 b'profiling', b'enabled', default=False,
982 b'profiling', b'enabled', default=False,
986 )
983 )
987 coreconfigitem(
984 coreconfigitem(
988 b'profiling', b'format', default=b'text',
985 b'profiling', b'format', default=b'text',
989 )
986 )
990 coreconfigitem(
987 coreconfigitem(
991 b'profiling', b'freq', default=1000,
988 b'profiling', b'freq', default=1000,
992 )
989 )
993 coreconfigitem(
990 coreconfigitem(
994 b'profiling', b'limit', default=30,
991 b'profiling', b'limit', default=30,
995 )
992 )
996 coreconfigitem(
993 coreconfigitem(
997 b'profiling', b'nested', default=0,
994 b'profiling', b'nested', default=0,
998 )
995 )
999 coreconfigitem(
996 coreconfigitem(
1000 b'profiling', b'output', default=None,
997 b'profiling', b'output', default=None,
1001 )
998 )
1002 coreconfigitem(
999 coreconfigitem(
1003 b'profiling', b'showmax', default=0.999,
1000 b'profiling', b'showmax', default=0.999,
1004 )
1001 )
1005 coreconfigitem(
1002 coreconfigitem(
1006 b'profiling', b'showmin', default=dynamicdefault,
1003 b'profiling', b'showmin', default=dynamicdefault,
1007 )
1004 )
1008 coreconfigitem(
1005 coreconfigitem(
1009 b'profiling', b'showtime', default=True,
1006 b'profiling', b'showtime', default=True,
1010 )
1007 )
1011 coreconfigitem(
1008 coreconfigitem(
1012 b'profiling', b'sort', default=b'inlinetime',
1009 b'profiling', b'sort', default=b'inlinetime',
1013 )
1010 )
1014 coreconfigitem(
1011 coreconfigitem(
1015 b'profiling', b'statformat', default=b'hotpath',
1012 b'profiling', b'statformat', default=b'hotpath',
1016 )
1013 )
1017 coreconfigitem(
1014 coreconfigitem(
1018 b'profiling', b'time-track', default=dynamicdefault,
1015 b'profiling', b'time-track', default=dynamicdefault,
1019 )
1016 )
1020 coreconfigitem(
1017 coreconfigitem(
1021 b'profiling', b'type', default=b'stat',
1018 b'profiling', b'type', default=b'stat',
1022 )
1019 )
1023 coreconfigitem(
1020 coreconfigitem(
1024 b'progress', b'assume-tty', default=False,
1021 b'progress', b'assume-tty', default=False,
1025 )
1022 )
1026 coreconfigitem(
1023 coreconfigitem(
1027 b'progress', b'changedelay', default=1,
1024 b'progress', b'changedelay', default=1,
1028 )
1025 )
1029 coreconfigitem(
1026 coreconfigitem(
1030 b'progress', b'clear-complete', default=True,
1027 b'progress', b'clear-complete', default=True,
1031 )
1028 )
1032 coreconfigitem(
1029 coreconfigitem(
1033 b'progress', b'debug', default=False,
1030 b'progress', b'debug', default=False,
1034 )
1031 )
1035 coreconfigitem(
1032 coreconfigitem(
1036 b'progress', b'delay', default=3,
1033 b'progress', b'delay', default=3,
1037 )
1034 )
1038 coreconfigitem(
1035 coreconfigitem(
1039 b'progress', b'disable', default=False,
1036 b'progress', b'disable', default=False,
1040 )
1037 )
1041 coreconfigitem(
1038 coreconfigitem(
1042 b'progress', b'estimateinterval', default=60.0,
1039 b'progress', b'estimateinterval', default=60.0,
1043 )
1040 )
1044 coreconfigitem(
1041 coreconfigitem(
1045 b'progress',
1042 b'progress',
1046 b'format',
1043 b'format',
1047 default=lambda: [b'topic', b'bar', b'number', b'estimate'],
1044 default=lambda: [b'topic', b'bar', b'number', b'estimate'],
1048 )
1045 )
1049 coreconfigitem(
1046 coreconfigitem(
1050 b'progress', b'refresh', default=0.1,
1047 b'progress', b'refresh', default=0.1,
1051 )
1048 )
1052 coreconfigitem(
1049 coreconfigitem(
1053 b'progress', b'width', default=dynamicdefault,
1050 b'progress', b'width', default=dynamicdefault,
1054 )
1051 )
1055 coreconfigitem(
1052 coreconfigitem(
1056 b'pull', b'confirm', default=False,
1053 b'pull', b'confirm', default=False,
1057 )
1054 )
1058 coreconfigitem(
1055 coreconfigitem(
1059 b'push', b'pushvars.server', default=False,
1056 b'push', b'pushvars.server', default=False,
1060 )
1057 )
1061 coreconfigitem(
1058 coreconfigitem(
1062 b'rewrite',
1059 b'rewrite',
1063 b'backup-bundle',
1060 b'backup-bundle',
1064 default=True,
1061 default=True,
1065 alias=[(b'ui', b'history-editing-backup')],
1062 alias=[(b'ui', b'history-editing-backup')],
1066 )
1063 )
1067 coreconfigitem(
1064 coreconfigitem(
1068 b'rewrite', b'update-timestamp', default=False,
1065 b'rewrite', b'update-timestamp', default=False,
1069 )
1066 )
1070 coreconfigitem(
1067 coreconfigitem(
1071 b'storage', b'new-repo-backend', default=b'revlogv1', experimental=True,
1068 b'storage', b'new-repo-backend', default=b'revlogv1', experimental=True,
1072 )
1069 )
1073 coreconfigitem(
1070 coreconfigitem(
1074 b'storage',
1071 b'storage',
1075 b'revlog.optimize-delta-parent-choice',
1072 b'revlog.optimize-delta-parent-choice',
1076 default=True,
1073 default=True,
1077 alias=[(b'format', b'aggressivemergedeltas')],
1074 alias=[(b'format', b'aggressivemergedeltas')],
1078 )
1075 )
1079 # experimental as long as rust is experimental (or a C version is implemented)
1076 # experimental as long as rust is experimental (or a C version is implemented)
1080 coreconfigitem(
1077 coreconfigitem(
1081 b'storage', b'revlog.nodemap.mmap', default=True, experimental=True
1078 b'storage', b'revlog.nodemap.mmap', default=True, experimental=True
1082 )
1079 )
1083 # experimental as long as format.use-persistent-nodemap is.
1080 # experimental as long as format.use-persistent-nodemap is.
1084 coreconfigitem(
1081 coreconfigitem(
1085 b'storage', b'revlog.nodemap.mode', default=b'compat', experimental=True
1082 b'storage', b'revlog.nodemap.mode', default=b'compat', experimental=True
1086 )
1083 )
1087 coreconfigitem(
1084 coreconfigitem(
1088 b'storage', b'revlog.reuse-external-delta', default=True,
1085 b'storage', b'revlog.reuse-external-delta', default=True,
1089 )
1086 )
1090 coreconfigitem(
1087 coreconfigitem(
1091 b'storage', b'revlog.reuse-external-delta-parent', default=None,
1088 b'storage', b'revlog.reuse-external-delta-parent', default=None,
1092 )
1089 )
1093 coreconfigitem(
1090 coreconfigitem(
1094 b'storage', b'revlog.zlib.level', default=None,
1091 b'storage', b'revlog.zlib.level', default=None,
1095 )
1092 )
1096 coreconfigitem(
1093 coreconfigitem(
1097 b'storage', b'revlog.zstd.level', default=None,
1094 b'storage', b'revlog.zstd.level', default=None,
1098 )
1095 )
1099 coreconfigitem(
1096 coreconfigitem(
1100 b'server', b'bookmarks-pushkey-compat', default=True,
1097 b'server', b'bookmarks-pushkey-compat', default=True,
1101 )
1098 )
1102 coreconfigitem(
1099 coreconfigitem(
1103 b'server', b'bundle1', default=True,
1100 b'server', b'bundle1', default=True,
1104 )
1101 )
1105 coreconfigitem(
1102 coreconfigitem(
1106 b'server', b'bundle1gd', default=None,
1103 b'server', b'bundle1gd', default=None,
1107 )
1104 )
1108 coreconfigitem(
1105 coreconfigitem(
1109 b'server', b'bundle1.pull', default=None,
1106 b'server', b'bundle1.pull', default=None,
1110 )
1107 )
1111 coreconfigitem(
1108 coreconfigitem(
1112 b'server', b'bundle1gd.pull', default=None,
1109 b'server', b'bundle1gd.pull', default=None,
1113 )
1110 )
1114 coreconfigitem(
1111 coreconfigitem(
1115 b'server', b'bundle1.push', default=None,
1112 b'server', b'bundle1.push', default=None,
1116 )
1113 )
1117 coreconfigitem(
1114 coreconfigitem(
1118 b'server', b'bundle1gd.push', default=None,
1115 b'server', b'bundle1gd.push', default=None,
1119 )
1116 )
1120 coreconfigitem(
1117 coreconfigitem(
1121 b'server',
1118 b'server',
1122 b'bundle2.stream',
1119 b'bundle2.stream',
1123 default=True,
1120 default=True,
1124 alias=[(b'experimental', b'bundle2.stream')],
1121 alias=[(b'experimental', b'bundle2.stream')],
1125 )
1122 )
1126 coreconfigitem(
1123 coreconfigitem(
1127 b'server', b'compressionengines', default=list,
1124 b'server', b'compressionengines', default=list,
1128 )
1125 )
1129 coreconfigitem(
1126 coreconfigitem(
1130 b'server', b'concurrent-push-mode', default=b'check-related',
1127 b'server', b'concurrent-push-mode', default=b'check-related',
1131 )
1128 )
1132 coreconfigitem(
1129 coreconfigitem(
1133 b'server', b'disablefullbundle', default=False,
1130 b'server', b'disablefullbundle', default=False,
1134 )
1131 )
1135 coreconfigitem(
1132 coreconfigitem(
1136 b'server', b'maxhttpheaderlen', default=1024,
1133 b'server', b'maxhttpheaderlen', default=1024,
1137 )
1134 )
1138 coreconfigitem(
1135 coreconfigitem(
1139 b'server', b'pullbundle', default=False,
1136 b'server', b'pullbundle', default=False,
1140 )
1137 )
1141 coreconfigitem(
1138 coreconfigitem(
1142 b'server', b'preferuncompressed', default=False,
1139 b'server', b'preferuncompressed', default=False,
1143 )
1140 )
1144 coreconfigitem(
1141 coreconfigitem(
1145 b'server', b'streamunbundle', default=False,
1142 b'server', b'streamunbundle', default=False,
1146 )
1143 )
1147 coreconfigitem(
1144 coreconfigitem(
1148 b'server', b'uncompressed', default=True,
1145 b'server', b'uncompressed', default=True,
1149 )
1146 )
1150 coreconfigitem(
1147 coreconfigitem(
1151 b'server', b'uncompressedallowsecret', default=False,
1148 b'server', b'uncompressedallowsecret', default=False,
1152 )
1149 )
1153 coreconfigitem(
1150 coreconfigitem(
1154 b'server', b'view', default=b'served',
1151 b'server', b'view', default=b'served',
1155 )
1152 )
1156 coreconfigitem(
1153 coreconfigitem(
1157 b'server', b'validate', default=False,
1154 b'server', b'validate', default=False,
1158 )
1155 )
1159 coreconfigitem(
1156 coreconfigitem(
1160 b'server', b'zliblevel', default=-1,
1157 b'server', b'zliblevel', default=-1,
1161 )
1158 )
1162 coreconfigitem(
1159 coreconfigitem(
1163 b'server', b'zstdlevel', default=3,
1160 b'server', b'zstdlevel', default=3,
1164 )
1161 )
1165 coreconfigitem(
1162 coreconfigitem(
1166 b'share', b'pool', default=None,
1163 b'share', b'pool', default=None,
1167 )
1164 )
1168 coreconfigitem(
1165 coreconfigitem(
1169 b'share', b'poolnaming', default=b'identity',
1166 b'share', b'poolnaming', default=b'identity',
1170 )
1167 )
1171 coreconfigitem(
1168 coreconfigitem(
1172 b'shelve', b'maxbackups', default=10,
1169 b'shelve', b'maxbackups', default=10,
1173 )
1170 )
1174 coreconfigitem(
1171 coreconfigitem(
1175 b'smtp', b'host', default=None,
1172 b'smtp', b'host', default=None,
1176 )
1173 )
1177 coreconfigitem(
1174 coreconfigitem(
1178 b'smtp', b'local_hostname', default=None,
1175 b'smtp', b'local_hostname', default=None,
1179 )
1176 )
1180 coreconfigitem(
1177 coreconfigitem(
1181 b'smtp', b'password', default=None,
1178 b'smtp', b'password', default=None,
1182 )
1179 )
1183 coreconfigitem(
1180 coreconfigitem(
1184 b'smtp', b'port', default=dynamicdefault,
1181 b'smtp', b'port', default=dynamicdefault,
1185 )
1182 )
1186 coreconfigitem(
1183 coreconfigitem(
1187 b'smtp', b'tls', default=b'none',
1184 b'smtp', b'tls', default=b'none',
1188 )
1185 )
1189 coreconfigitem(
1186 coreconfigitem(
1190 b'smtp', b'username', default=None,
1187 b'smtp', b'username', default=None,
1191 )
1188 )
1192 coreconfigitem(
1189 coreconfigitem(
1193 b'sparse', b'missingwarning', default=True, experimental=True,
1190 b'sparse', b'missingwarning', default=True, experimental=True,
1194 )
1191 )
1195 coreconfigitem(
1192 coreconfigitem(
1196 b'subrepos',
1193 b'subrepos',
1197 b'allowed',
1194 b'allowed',
1198 default=dynamicdefault, # to make backporting simpler
1195 default=dynamicdefault, # to make backporting simpler
1199 )
1196 )
1200 coreconfigitem(
1197 coreconfigitem(
1201 b'subrepos', b'hg:allowed', default=dynamicdefault,
1198 b'subrepos', b'hg:allowed', default=dynamicdefault,
1202 )
1199 )
1203 coreconfigitem(
1200 coreconfigitem(
1204 b'subrepos', b'git:allowed', default=dynamicdefault,
1201 b'subrepos', b'git:allowed', default=dynamicdefault,
1205 )
1202 )
1206 coreconfigitem(
1203 coreconfigitem(
1207 b'subrepos', b'svn:allowed', default=dynamicdefault,
1204 b'subrepos', b'svn:allowed', default=dynamicdefault,
1208 )
1205 )
1209 coreconfigitem(
1206 coreconfigitem(
1210 b'templates', b'.*', default=None, generic=True,
1207 b'templates', b'.*', default=None, generic=True,
1211 )
1208 )
1212 coreconfigitem(
1209 coreconfigitem(
1213 b'templateconfig', b'.*', default=dynamicdefault, generic=True,
1210 b'templateconfig', b'.*', default=dynamicdefault, generic=True,
1214 )
1211 )
1215 coreconfigitem(
1212 coreconfigitem(
1216 b'trusted', b'groups', default=list,
1213 b'trusted', b'groups', default=list,
1217 )
1214 )
1218 coreconfigitem(
1215 coreconfigitem(
1219 b'trusted', b'users', default=list,
1216 b'trusted', b'users', default=list,
1220 )
1217 )
1221 coreconfigitem(
1218 coreconfigitem(
1222 b'ui', b'_usedassubrepo', default=False,
1219 b'ui', b'_usedassubrepo', default=False,
1223 )
1220 )
1224 coreconfigitem(
1221 coreconfigitem(
1225 b'ui', b'allowemptycommit', default=False,
1222 b'ui', b'allowemptycommit', default=False,
1226 )
1223 )
1227 coreconfigitem(
1224 coreconfigitem(
1228 b'ui', b'archivemeta', default=True,
1225 b'ui', b'archivemeta', default=True,
1229 )
1226 )
1230 coreconfigitem(
1227 coreconfigitem(
1231 b'ui', b'askusername', default=False,
1228 b'ui', b'askusername', default=False,
1232 )
1229 )
1233 coreconfigitem(
1230 coreconfigitem(
1234 b'ui', b'clonebundlefallback', default=False,
1231 b'ui', b'clonebundlefallback', default=False,
1235 )
1232 )
1236 coreconfigitem(
1233 coreconfigitem(
1237 b'ui', b'clonebundleprefers', default=list,
1234 b'ui', b'clonebundleprefers', default=list,
1238 )
1235 )
1239 coreconfigitem(
1236 coreconfigitem(
1240 b'ui', b'clonebundles', default=True,
1237 b'ui', b'clonebundles', default=True,
1241 )
1238 )
1242 coreconfigitem(
1239 coreconfigitem(
1243 b'ui', b'color', default=b'auto',
1240 b'ui', b'color', default=b'auto',
1244 )
1241 )
1245 coreconfigitem(
1242 coreconfigitem(
1246 b'ui', b'commitsubrepos', default=False,
1243 b'ui', b'commitsubrepos', default=False,
1247 )
1244 )
1248 coreconfigitem(
1245 coreconfigitem(
1249 b'ui', b'debug', default=False,
1246 b'ui', b'debug', default=False,
1250 )
1247 )
1251 coreconfigitem(
1248 coreconfigitem(
1252 b'ui', b'debugger', default=None,
1249 b'ui', b'debugger', default=None,
1253 )
1250 )
1254 coreconfigitem(
1251 coreconfigitem(
1255 b'ui', b'editor', default=dynamicdefault,
1252 b'ui', b'editor', default=dynamicdefault,
1256 )
1253 )
1257 coreconfigitem(
1254 coreconfigitem(
1258 b'ui', b'fallbackencoding', default=None,
1255 b'ui', b'fallbackencoding', default=None,
1259 )
1256 )
1260 coreconfigitem(
1257 coreconfigitem(
1261 b'ui', b'forcecwd', default=None,
1258 b'ui', b'forcecwd', default=None,
1262 )
1259 )
1263 coreconfigitem(
1260 coreconfigitem(
1264 b'ui', b'forcemerge', default=None,
1261 b'ui', b'forcemerge', default=None,
1265 )
1262 )
1266 coreconfigitem(
1263 coreconfigitem(
1267 b'ui', b'formatdebug', default=False,
1264 b'ui', b'formatdebug', default=False,
1268 )
1265 )
1269 coreconfigitem(
1266 coreconfigitem(
1270 b'ui', b'formatjson', default=False,
1267 b'ui', b'formatjson', default=False,
1271 )
1268 )
1272 coreconfigitem(
1269 coreconfigitem(
1273 b'ui', b'formatted', default=None,
1270 b'ui', b'formatted', default=None,
1274 )
1271 )
1275 coreconfigitem(
1272 coreconfigitem(
1276 b'ui', b'graphnodetemplate', default=None,
1273 b'ui', b'graphnodetemplate', default=None,
1277 )
1274 )
1278 coreconfigitem(
1275 coreconfigitem(
1279 b'ui', b'interactive', default=None,
1276 b'ui', b'interactive', default=None,
1280 )
1277 )
1281 coreconfigitem(
1278 coreconfigitem(
1282 b'ui', b'interface', default=None,
1279 b'ui', b'interface', default=None,
1283 )
1280 )
1284 coreconfigitem(
1281 coreconfigitem(
1285 b'ui', b'interface.chunkselector', default=None,
1282 b'ui', b'interface.chunkselector', default=None,
1286 )
1283 )
1287 coreconfigitem(
1284 coreconfigitem(
1288 b'ui', b'large-file-limit', default=10000000,
1285 b'ui', b'large-file-limit', default=10000000,
1289 )
1286 )
1290 coreconfigitem(
1287 coreconfigitem(
1291 b'ui', b'logblockedtimes', default=False,
1288 b'ui', b'logblockedtimes', default=False,
1292 )
1289 )
1293 coreconfigitem(
1290 coreconfigitem(
1294 b'ui', b'logtemplate', default=None,
1291 b'ui', b'logtemplate', default=None,
1295 )
1292 )
1296 coreconfigitem(
1293 coreconfigitem(
1297 b'ui', b'merge', default=None,
1294 b'ui', b'merge', default=None,
1298 )
1295 )
1299 coreconfigitem(
1296 coreconfigitem(
1300 b'ui', b'mergemarkers', default=b'basic',
1297 b'ui', b'mergemarkers', default=b'basic',
1301 )
1298 )
1302 coreconfigitem(
1299 coreconfigitem(
1303 b'ui',
1300 b'ui',
1304 b'mergemarkertemplate',
1301 b'mergemarkertemplate',
1305 default=(
1302 default=(
1306 b'{node|short} '
1303 b'{node|short} '
1307 b'{ifeq(tags, "tip", "", '
1304 b'{ifeq(tags, "tip", "", '
1308 b'ifeq(tags, "", "", "{tags} "))}'
1305 b'ifeq(tags, "", "", "{tags} "))}'
1309 b'{if(bookmarks, "{bookmarks} ")}'
1306 b'{if(bookmarks, "{bookmarks} ")}'
1310 b'{ifeq(branch, "default", "", "{branch} ")}'
1307 b'{ifeq(branch, "default", "", "{branch} ")}'
1311 b'- {author|user}: {desc|firstline}'
1308 b'- {author|user}: {desc|firstline}'
1312 ),
1309 ),
1313 )
1310 )
1314 coreconfigitem(
1311 coreconfigitem(
1315 b'ui', b'message-output', default=b'stdio',
1312 b'ui', b'message-output', default=b'stdio',
1316 )
1313 )
1317 coreconfigitem(
1314 coreconfigitem(
1318 b'ui', b'nontty', default=False,
1315 b'ui', b'nontty', default=False,
1319 )
1316 )
1320 coreconfigitem(
1317 coreconfigitem(
1321 b'ui', b'origbackuppath', default=None,
1318 b'ui', b'origbackuppath', default=None,
1322 )
1319 )
1323 coreconfigitem(
1320 coreconfigitem(
1324 b'ui', b'paginate', default=True,
1321 b'ui', b'paginate', default=True,
1325 )
1322 )
1326 coreconfigitem(
1323 coreconfigitem(
1327 b'ui', b'patch', default=None,
1324 b'ui', b'patch', default=None,
1328 )
1325 )
1329 coreconfigitem(
1326 coreconfigitem(
1330 b'ui', b'pre-merge-tool-output-template', default=None,
1327 b'ui', b'pre-merge-tool-output-template', default=None,
1331 )
1328 )
1332 coreconfigitem(
1329 coreconfigitem(
1333 b'ui', b'portablefilenames', default=b'warn',
1330 b'ui', b'portablefilenames', default=b'warn',
1334 )
1331 )
1335 coreconfigitem(
1332 coreconfigitem(
1336 b'ui', b'promptecho', default=False,
1333 b'ui', b'promptecho', default=False,
1337 )
1334 )
1338 coreconfigitem(
1335 coreconfigitem(
1339 b'ui', b'quiet', default=False,
1336 b'ui', b'quiet', default=False,
1340 )
1337 )
1341 coreconfigitem(
1338 coreconfigitem(
1342 b'ui', b'quietbookmarkmove', default=False,
1339 b'ui', b'quietbookmarkmove', default=False,
1343 )
1340 )
1344 coreconfigitem(
1341 coreconfigitem(
1345 b'ui', b'relative-paths', default=b'legacy',
1342 b'ui', b'relative-paths', default=b'legacy',
1346 )
1343 )
1347 coreconfigitem(
1344 coreconfigitem(
1348 b'ui', b'remotecmd', default=b'hg',
1345 b'ui', b'remotecmd', default=b'hg',
1349 )
1346 )
1350 coreconfigitem(
1347 coreconfigitem(
1351 b'ui', b'report_untrusted', default=True,
1348 b'ui', b'report_untrusted', default=True,
1352 )
1349 )
1353 coreconfigitem(
1350 coreconfigitem(
1354 b'ui', b'rollback', default=True,
1351 b'ui', b'rollback', default=True,
1355 )
1352 )
1356 coreconfigitem(
1353 coreconfigitem(
1357 b'ui', b'signal-safe-lock', default=True,
1354 b'ui', b'signal-safe-lock', default=True,
1358 )
1355 )
1359 coreconfigitem(
1356 coreconfigitem(
1360 b'ui', b'slash', default=False,
1357 b'ui', b'slash', default=False,
1361 )
1358 )
1362 coreconfigitem(
1359 coreconfigitem(
1363 b'ui', b'ssh', default=b'ssh',
1360 b'ui', b'ssh', default=b'ssh',
1364 )
1361 )
1365 coreconfigitem(
1362 coreconfigitem(
1366 b'ui', b'ssherrorhint', default=None,
1363 b'ui', b'ssherrorhint', default=None,
1367 )
1364 )
1368 coreconfigitem(
1365 coreconfigitem(
1369 b'ui', b'statuscopies', default=False,
1366 b'ui', b'statuscopies', default=False,
1370 )
1367 )
1371 coreconfigitem(
1368 coreconfigitem(
1372 b'ui', b'strict', default=False,
1369 b'ui', b'strict', default=False,
1373 )
1370 )
1374 coreconfigitem(
1371 coreconfigitem(
1375 b'ui', b'style', default=b'',
1372 b'ui', b'style', default=b'',
1376 )
1373 )
1377 coreconfigitem(
1374 coreconfigitem(
1378 b'ui', b'supportcontact', default=None,
1375 b'ui', b'supportcontact', default=None,
1379 )
1376 )
1380 coreconfigitem(
1377 coreconfigitem(
1381 b'ui', b'textwidth', default=78,
1378 b'ui', b'textwidth', default=78,
1382 )
1379 )
1383 coreconfigitem(
1380 coreconfigitem(
1384 b'ui', b'timeout', default=b'600',
1381 b'ui', b'timeout', default=b'600',
1385 )
1382 )
1386 coreconfigitem(
1383 coreconfigitem(
1387 b'ui', b'timeout.warn', default=0,
1384 b'ui', b'timeout.warn', default=0,
1388 )
1385 )
1389 coreconfigitem(
1386 coreconfigitem(
1390 b'ui', b'traceback', default=False,
1387 b'ui', b'traceback', default=False,
1391 )
1388 )
1392 coreconfigitem(
1389 coreconfigitem(
1393 b'ui', b'tweakdefaults', default=False,
1390 b'ui', b'tweakdefaults', default=False,
1394 )
1391 )
1395 coreconfigitem(b'ui', b'username', alias=[(b'ui', b'user')])
1392 coreconfigitem(b'ui', b'username', alias=[(b'ui', b'user')])
1396 coreconfigitem(
1393 coreconfigitem(
1397 b'ui', b'verbose', default=False,
1394 b'ui', b'verbose', default=False,
1398 )
1395 )
1399 coreconfigitem(
1396 coreconfigitem(
1400 b'verify', b'skipflags', default=None,
1397 b'verify', b'skipflags', default=None,
1401 )
1398 )
1402 coreconfigitem(
1399 coreconfigitem(
1403 b'web', b'allowbz2', default=False,
1400 b'web', b'allowbz2', default=False,
1404 )
1401 )
1405 coreconfigitem(
1402 coreconfigitem(
1406 b'web', b'allowgz', default=False,
1403 b'web', b'allowgz', default=False,
1407 )
1404 )
1408 coreconfigitem(
1405 coreconfigitem(
1409 b'web', b'allow-pull', alias=[(b'web', b'allowpull')], default=True,
1406 b'web', b'allow-pull', alias=[(b'web', b'allowpull')], default=True,
1410 )
1407 )
1411 coreconfigitem(
1408 coreconfigitem(
1412 b'web', b'allow-push', alias=[(b'web', b'allow_push')], default=list,
1409 b'web', b'allow-push', alias=[(b'web', b'allow_push')], default=list,
1413 )
1410 )
1414 coreconfigitem(
1411 coreconfigitem(
1415 b'web', b'allowzip', default=False,
1412 b'web', b'allowzip', default=False,
1416 )
1413 )
1417 coreconfigitem(
1414 coreconfigitem(
1418 b'web', b'archivesubrepos', default=False,
1415 b'web', b'archivesubrepos', default=False,
1419 )
1416 )
1420 coreconfigitem(
1417 coreconfigitem(
1421 b'web', b'cache', default=True,
1418 b'web', b'cache', default=True,
1422 )
1419 )
1423 coreconfigitem(
1420 coreconfigitem(
1424 b'web', b'comparisoncontext', default=5,
1421 b'web', b'comparisoncontext', default=5,
1425 )
1422 )
1426 coreconfigitem(
1423 coreconfigitem(
1427 b'web', b'contact', default=None,
1424 b'web', b'contact', default=None,
1428 )
1425 )
1429 coreconfigitem(
1426 coreconfigitem(
1430 b'web', b'deny_push', default=list,
1427 b'web', b'deny_push', default=list,
1431 )
1428 )
1432 coreconfigitem(
1429 coreconfigitem(
1433 b'web', b'guessmime', default=False,
1430 b'web', b'guessmime', default=False,
1434 )
1431 )
1435 coreconfigitem(
1432 coreconfigitem(
1436 b'web', b'hidden', default=False,
1433 b'web', b'hidden', default=False,
1437 )
1434 )
1438 coreconfigitem(
1435 coreconfigitem(
1439 b'web', b'labels', default=list,
1436 b'web', b'labels', default=list,
1440 )
1437 )
1441 coreconfigitem(
1438 coreconfigitem(
1442 b'web', b'logoimg', default=b'hglogo.png',
1439 b'web', b'logoimg', default=b'hglogo.png',
1443 )
1440 )
1444 coreconfigitem(
1441 coreconfigitem(
1445 b'web', b'logourl', default=b'https://mercurial-scm.org/',
1442 b'web', b'logourl', default=b'https://mercurial-scm.org/',
1446 )
1443 )
1447 coreconfigitem(
1444 coreconfigitem(
1448 b'web', b'accesslog', default=b'-',
1445 b'web', b'accesslog', default=b'-',
1449 )
1446 )
1450 coreconfigitem(
1447 coreconfigitem(
1451 b'web', b'address', default=b'',
1448 b'web', b'address', default=b'',
1452 )
1449 )
1453 coreconfigitem(
1450 coreconfigitem(
1454 b'web', b'allow-archive', alias=[(b'web', b'allow_archive')], default=list,
1451 b'web', b'allow-archive', alias=[(b'web', b'allow_archive')], default=list,
1455 )
1452 )
1456 coreconfigitem(
1453 coreconfigitem(
1457 b'web', b'allow_read', default=list,
1454 b'web', b'allow_read', default=list,
1458 )
1455 )
1459 coreconfigitem(
1456 coreconfigitem(
1460 b'web', b'baseurl', default=None,
1457 b'web', b'baseurl', default=None,
1461 )
1458 )
1462 coreconfigitem(
1459 coreconfigitem(
1463 b'web', b'cacerts', default=None,
1460 b'web', b'cacerts', default=None,
1464 )
1461 )
1465 coreconfigitem(
1462 coreconfigitem(
1466 b'web', b'certificate', default=None,
1463 b'web', b'certificate', default=None,
1467 )
1464 )
1468 coreconfigitem(
1465 coreconfigitem(
1469 b'web', b'collapse', default=False,
1466 b'web', b'collapse', default=False,
1470 )
1467 )
1471 coreconfigitem(
1468 coreconfigitem(
1472 b'web', b'csp', default=None,
1469 b'web', b'csp', default=None,
1473 )
1470 )
1474 coreconfigitem(
1471 coreconfigitem(
1475 b'web', b'deny_read', default=list,
1472 b'web', b'deny_read', default=list,
1476 )
1473 )
1477 coreconfigitem(
1474 coreconfigitem(
1478 b'web', b'descend', default=True,
1475 b'web', b'descend', default=True,
1479 )
1476 )
1480 coreconfigitem(
1477 coreconfigitem(
1481 b'web', b'description', default=b"",
1478 b'web', b'description', default=b"",
1482 )
1479 )
1483 coreconfigitem(
1480 coreconfigitem(
1484 b'web', b'encoding', default=lambda: encoding.encoding,
1481 b'web', b'encoding', default=lambda: encoding.encoding,
1485 )
1482 )
1486 coreconfigitem(
1483 coreconfigitem(
1487 b'web', b'errorlog', default=b'-',
1484 b'web', b'errorlog', default=b'-',
1488 )
1485 )
1489 coreconfigitem(
1486 coreconfigitem(
1490 b'web', b'ipv6', default=False,
1487 b'web', b'ipv6', default=False,
1491 )
1488 )
1492 coreconfigitem(
1489 coreconfigitem(
1493 b'web', b'maxchanges', default=10,
1490 b'web', b'maxchanges', default=10,
1494 )
1491 )
1495 coreconfigitem(
1492 coreconfigitem(
1496 b'web', b'maxfiles', default=10,
1493 b'web', b'maxfiles', default=10,
1497 )
1494 )
1498 coreconfigitem(
1495 coreconfigitem(
1499 b'web', b'maxshortchanges', default=60,
1496 b'web', b'maxshortchanges', default=60,
1500 )
1497 )
1501 coreconfigitem(
1498 coreconfigitem(
1502 b'web', b'motd', default=b'',
1499 b'web', b'motd', default=b'',
1503 )
1500 )
1504 coreconfigitem(
1501 coreconfigitem(
1505 b'web', b'name', default=dynamicdefault,
1502 b'web', b'name', default=dynamicdefault,
1506 )
1503 )
1507 coreconfigitem(
1504 coreconfigitem(
1508 b'web', b'port', default=8000,
1505 b'web', b'port', default=8000,
1509 )
1506 )
1510 coreconfigitem(
1507 coreconfigitem(
1511 b'web', b'prefix', default=b'',
1508 b'web', b'prefix', default=b'',
1512 )
1509 )
1513 coreconfigitem(
1510 coreconfigitem(
1514 b'web', b'push_ssl', default=True,
1511 b'web', b'push_ssl', default=True,
1515 )
1512 )
1516 coreconfigitem(
1513 coreconfigitem(
1517 b'web', b'refreshinterval', default=20,
1514 b'web', b'refreshinterval', default=20,
1518 )
1515 )
1519 coreconfigitem(
1516 coreconfigitem(
1520 b'web', b'server-header', default=None,
1517 b'web', b'server-header', default=None,
1521 )
1518 )
1522 coreconfigitem(
1519 coreconfigitem(
1523 b'web', b'static', default=None,
1520 b'web', b'static', default=None,
1524 )
1521 )
1525 coreconfigitem(
1522 coreconfigitem(
1526 b'web', b'staticurl', default=None,
1523 b'web', b'staticurl', default=None,
1527 )
1524 )
1528 coreconfigitem(
1525 coreconfigitem(
1529 b'web', b'stripes', default=1,
1526 b'web', b'stripes', default=1,
1530 )
1527 )
1531 coreconfigitem(
1528 coreconfigitem(
1532 b'web', b'style', default=b'paper',
1529 b'web', b'style', default=b'paper',
1533 )
1530 )
1534 coreconfigitem(
1531 coreconfigitem(
1535 b'web', b'templates', default=None,
1532 b'web', b'templates', default=None,
1536 )
1533 )
1537 coreconfigitem(
1534 coreconfigitem(
1538 b'web', b'view', default=b'served', experimental=True,
1535 b'web', b'view', default=b'served', experimental=True,
1539 )
1536 )
1540 coreconfigitem(
1537 coreconfigitem(
1541 b'worker', b'backgroundclose', default=dynamicdefault,
1538 b'worker', b'backgroundclose', default=dynamicdefault,
1542 )
1539 )
1543 # Windows defaults to a limit of 512 open files. A buffer of 128
1540 # Windows defaults to a limit of 512 open files. A buffer of 128
1544 # should give us enough headway.
1541 # should give us enough headway.
1545 coreconfigitem(
1542 coreconfigitem(
1546 b'worker', b'backgroundclosemaxqueue', default=384,
1543 b'worker', b'backgroundclosemaxqueue', default=384,
1547 )
1544 )
1548 coreconfigitem(
1545 coreconfigitem(
1549 b'worker', b'backgroundcloseminfilecount', default=2048,
1546 b'worker', b'backgroundcloseminfilecount', default=2048,
1550 )
1547 )
1551 coreconfigitem(
1548 coreconfigitem(
1552 b'worker', b'backgroundclosethreadcount', default=4,
1549 b'worker', b'backgroundclosethreadcount', default=4,
1553 )
1550 )
1554 coreconfigitem(
1551 coreconfigitem(
1555 b'worker', b'enabled', default=True,
1552 b'worker', b'enabled', default=True,
1556 )
1553 )
1557 coreconfigitem(
1554 coreconfigitem(
1558 b'worker', b'numcpus', default=None,
1555 b'worker', b'numcpus', default=None,
1559 )
1556 )
1560
1557
1561 # Rebase related configuration moved to core because other extension are doing
1558 # Rebase related configuration moved to core because other extension are doing
1562 # strange things. For example, shelve import the extensions to reuse some bit
1559 # strange things. For example, shelve import the extensions to reuse some bit
1563 # without formally loading it.
1560 # without formally loading it.
1564 coreconfigitem(
1561 coreconfigitem(
1565 b'commands', b'rebase.requiredest', default=False,
1562 b'commands', b'rebase.requiredest', default=False,
1566 )
1563 )
1567 coreconfigitem(
1564 coreconfigitem(
1568 b'experimental', b'rebaseskipobsolete', default=True,
1565 b'experimental', b'rebaseskipobsolete', default=True,
1569 )
1566 )
1570 coreconfigitem(
1567 coreconfigitem(
1571 b'rebase', b'singletransaction', default=False,
1568 b'rebase', b'singletransaction', default=False,
1572 )
1569 )
1573 coreconfigitem(
1570 coreconfigitem(
1574 b'rebase', b'experimental.inmemory', default=False,
1571 b'rebase', b'experimental.inmemory', default=False,
1575 )
1572 )
Show file before | Show file after | Hide comments
@@ -1,560 +1,554 b''
1 #require serve ssl
1 #require serve ssl
2
2
3 Proper https client requires the built-in ssl from Python 2.6.
3 Proper https client requires the built-in ssl from Python 2.6.
4
4
5 Disable the system configuration which may set stricter TLS requirements.
5 Disable the system configuration which may set stricter TLS requirements.
6 This test expects that legacy TLS versions are supported.
6 This test expects that legacy TLS versions are supported.
7
7
8 $ OPENSSL_CONF=
8 $ OPENSSL_CONF=
9 $ export OPENSSL_CONF
9 $ export OPENSSL_CONF
10
10
11 Make server certificates:
11 Make server certificates:
12
12
13 $ CERTSDIR="$TESTDIR/sslcerts"
13 $ CERTSDIR="$TESTDIR/sslcerts"
14 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem
14 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem
15 $ PRIV=`pwd`/server.pem
15 $ PRIV=`pwd`/server.pem
16 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-not-yet.pem" > server-not-yet.pem
16 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-not-yet.pem" > server-not-yet.pem
17 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-expired.pem" > server-expired.pem
17 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-expired.pem" > server-expired.pem
18
18
19 $ hg init test
19 $ hg init test
20 $ cd test
20 $ cd test
21 $ echo foo>foo
21 $ echo foo>foo
22 $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg
22 $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg
23 $ echo foo>foo.d/foo
23 $ echo foo>foo.d/foo
24 $ echo bar>foo.d/bAr.hg.d/BaR
24 $ echo bar>foo.d/bAr.hg.d/BaR
25 $ echo bar>foo.d/baR.d.hg/bAR
25 $ echo bar>foo.d/baR.d.hg/bAR
26 $ hg commit -A -m 1
26 $ hg commit -A -m 1
27 adding foo
27 adding foo
28 adding foo.d/bAr.hg.d/BaR
28 adding foo.d/bAr.hg.d/BaR
29 adding foo.d/baR.d.hg/bAR
29 adding foo.d/baR.d.hg/bAR
30 adding foo.d/foo
30 adding foo.d/foo
31 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV
31 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV
32 $ cat ../hg0.pid >> $DAEMON_PIDS
32 $ cat ../hg0.pid >> $DAEMON_PIDS
33
33
34 cacert not found
34 cacert not found
35
35
36 $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/
36 $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/
37 abort: could not find web.cacerts: no-such.pem
37 abort: could not find web.cacerts: no-such.pem
38 [255]
38 [255]
39
39
40 Test server address cannot be reused
40 Test server address cannot be reused
41
41
42 $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
42 $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
43 abort: cannot start server at 'localhost:$HGPORT': $EADDRINUSE$
43 abort: cannot start server at 'localhost:$HGPORT': $EADDRINUSE$
44 [255]
44 [255]
45
45
46 $ cd ..
46 $ cd ..
47
47
48 Our test cert is not signed by a trusted CA. It should fail to verify if
48 Our test cert is not signed by a trusted CA. It should fail to verify if
49 we are able to load CA certs.
49 we are able to load CA certs.
50
50
51 #if no-defaultcacertsloaded
51 #if no-defaultcacertsloaded
52 $ hg clone https://localhost:$HGPORT/ copy-pull
52 $ hg clone https://localhost:$HGPORT/ copy-pull
53 (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
53 (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
54 abort: error: *certificate verify failed* (glob)
54 abort: error: *certificate verify failed* (glob)
55 [255]
55 [255]
56 #endif
56 #endif
57
57
58 #if defaultcacertsloaded
58 #if defaultcacertsloaded
59 $ hg clone https://localhost:$HGPORT/ copy-pull
59 $ hg clone https://localhost:$HGPORT/ copy-pull
60 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
60 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
61 abort: error: *certificate verify failed* (glob)
61 abort: error: *certificate verify failed* (glob)
62 [255]
62 [255]
63 #endif
63 #endif
64
64
65 Specifying a per-host certificate file that doesn't exist will abort. The full
65 Specifying a per-host certificate file that doesn't exist will abort. The full
66 C:/path/to/msysroot will print on Windows.
66 C:/path/to/msysroot will print on Windows.
67
67
68 $ hg --config hostsecurity.localhost:verifycertsfile=/does/not/exist clone https://localhost:$HGPORT/
68 $ hg --config hostsecurity.localhost:verifycertsfile=/does/not/exist clone https://localhost:$HGPORT/
69 abort: path specified by hostsecurity.localhost:verifycertsfile does not exist: */does/not/exist (glob)
69 abort: path specified by hostsecurity.localhost:verifycertsfile does not exist: */does/not/exist (glob)
70 [255]
70 [255]
71
71
72 A malformed per-host certificate file will raise an error
72 A malformed per-host certificate file will raise an error
73
73
74 $ echo baddata > badca.pem
74 $ echo baddata > badca.pem
75 $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/
75 $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/
76 abort: error loading CA file badca.pem: * (glob)
76 abort: error loading CA file badca.pem: * (glob)
77 (file is empty or malformed?)
77 (file is empty or malformed?)
78 [255]
78 [255]
79
79
80 A per-host certificate mismatching the server will fail verification
80 A per-host certificate mismatching the server will fail verification
81
81
82 (modern ssl is able to discern whether the loaded cert is a CA cert)
82 (modern ssl is able to discern whether the loaded cert is a CA cert)
83 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
83 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
84 (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
84 (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
85 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
85 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
86 abort: error: *certificate verify failed* (glob)
86 abort: error: *certificate verify failed* (glob)
87 [255]
87 [255]
88
88
89 A per-host certificate matching the server's cert will be accepted
89 A per-host certificate matching the server's cert will be accepted
90
90
91 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" clone -U https://localhost:$HGPORT/ perhostgood1
91 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" clone -U https://localhost:$HGPORT/ perhostgood1
92 requesting all changes
92 requesting all changes
93 adding changesets
93 adding changesets
94 adding manifests
94 adding manifests
95 adding file changes
95 adding file changes
96 added 1 changesets with 4 changes to 4 files
96 added 1 changesets with 4 changes to 4 files
97 new changesets 8b6053c928fe
97 new changesets 8b6053c928fe
98
98
99 A per-host certificate with multiple certs and one matching will be accepted
99 A per-host certificate with multiple certs and one matching will be accepted
100
100
101 $ cat "$CERTSDIR/client-cert.pem" "$CERTSDIR/pub.pem" > perhost.pem
101 $ cat "$CERTSDIR/client-cert.pem" "$CERTSDIR/pub.pem" > perhost.pem
102 $ hg --config hostsecurity.localhost:verifycertsfile=perhost.pem clone -U https://localhost:$HGPORT/ perhostgood2
102 $ hg --config hostsecurity.localhost:verifycertsfile=perhost.pem clone -U https://localhost:$HGPORT/ perhostgood2
103 requesting all changes
103 requesting all changes
104 adding changesets
104 adding changesets
105 adding manifests
105 adding manifests
106 adding file changes
106 adding file changes
107 added 1 changesets with 4 changes to 4 files
107 added 1 changesets with 4 changes to 4 files
108 new changesets 8b6053c928fe
108 new changesets 8b6053c928fe
109
109
110 Defining both per-host certificate and a fingerprint will print a warning
110 Defining both per-host certificate and a fingerprint will print a warning
111
111
112 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 clone -U https://localhost:$HGPORT/ caandfingerwarning
112 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 clone -U https://localhost:$HGPORT/ caandfingerwarning
113 (hostsecurity.localhost:verifycertsfile ignored when host fingerprints defined; using host fingerprints for verification)
113 (hostsecurity.localhost:verifycertsfile ignored when host fingerprints defined; using host fingerprints for verification)
114 requesting all changes
114 requesting all changes
115 adding changesets
115 adding changesets
116 adding manifests
116 adding manifests
117 adding file changes
117 adding file changes
118 added 1 changesets with 4 changes to 4 files
118 added 1 changesets with 4 changes to 4 files
119 new changesets 8b6053c928fe
119 new changesets 8b6053c928fe
120
120
121 $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
121 $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
122
122
123 Inability to verify peer certificate will result in abort
123 Inability to verify peer certificate will result in abort
124
124
125 $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS
125 $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS
126 abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
126 abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
127 (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
127 (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
128 [255]
128 [255]
129
129
130 $ hg clone --insecure https://localhost:$HGPORT/ copy-pull
130 $ hg clone --insecure https://localhost:$HGPORT/ copy-pull
131 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
131 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
132 requesting all changes
132 requesting all changes
133 adding changesets
133 adding changesets
134 adding manifests
134 adding manifests
135 adding file changes
135 adding file changes
136 added 1 changesets with 4 changes to 4 files
136 added 1 changesets with 4 changes to 4 files
137 new changesets 8b6053c928fe
137 new changesets 8b6053c928fe
138 updating to branch default
138 updating to branch default
139 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
139 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
140 $ hg verify -R copy-pull
140 $ hg verify -R copy-pull
141 checking changesets
141 checking changesets
142 checking manifests
142 checking manifests
143 crosschecking files in changesets and manifests
143 crosschecking files in changesets and manifests
144 checking files
144 checking files
145 checked 1 changesets with 4 changes to 4 files
145 checked 1 changesets with 4 changes to 4 files
146 $ cd test
146 $ cd test
147 $ echo bar > bar
147 $ echo bar > bar
148 $ hg commit -A -d '1 0' -m 2
148 $ hg commit -A -d '1 0' -m 2
149 adding bar
149 adding bar
150 $ cd ..
150 $ cd ..
151
151
152 pull without cacert
152 pull without cacert
153
153
154 $ cd copy-pull
154 $ cd copy-pull
155 $ cat >> .hg/hgrc <<EOF
155 $ cat >> .hg/hgrc <<EOF
156 > [hooks]
156 > [hooks]
157 > changegroup = sh -c "printenv.py --line changegroup"
157 > changegroup = sh -c "printenv.py --line changegroup"
158 > EOF
158 > EOF
159 $ hg pull $DISABLECACERTS
159 $ hg pull $DISABLECACERTS
160 pulling from https://localhost:$HGPORT/
160 pulling from https://localhost:$HGPORT/
161 abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
161 abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
162 (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
162 (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
163 [255]
163 [255]
164
164
165 $ hg pull --insecure
165 $ hg pull --insecure
166 pulling from https://localhost:$HGPORT/
166 pulling from https://localhost:$HGPORT/
167 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
167 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
168 searching for changes
168 searching for changes
169 adding changesets
169 adding changesets
170 adding manifests
170 adding manifests
171 adding file changes
171 adding file changes
172 added 1 changesets with 1 changes to 1 files
172 added 1 changesets with 1 changes to 1 files
173 new changesets 5fed3813f7f5
173 new changesets 5fed3813f7f5
174 changegroup hook: HG_HOOKNAME=changegroup
174 changegroup hook: HG_HOOKNAME=changegroup
175 HG_HOOKTYPE=changegroup
175 HG_HOOKTYPE=changegroup
176 HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d
176 HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d
177 HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d
177 HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d
178 HG_SOURCE=pull
178 HG_SOURCE=pull
179 HG_TXNID=TXN:$ID$
179 HG_TXNID=TXN:$ID$
180 HG_TXNNAME=pull
180 HG_TXNNAME=pull
181 https://localhost:$HGPORT/
181 https://localhost:$HGPORT/
182 HG_URL=https://localhost:$HGPORT/
182 HG_URL=https://localhost:$HGPORT/
183
183
184 (run 'hg update' to get a working copy)
184 (run 'hg update' to get a working copy)
185 $ cd ..
185 $ cd ..
186
186
187 cacert configured in local repo
187 cacert configured in local repo
188
188
189 $ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu
189 $ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu
190 $ echo "[web]" >> copy-pull/.hg/hgrc
190 $ echo "[web]" >> copy-pull/.hg/hgrc
191 $ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc
191 $ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc
192 $ hg -R copy-pull pull
192 $ hg -R copy-pull pull
193 pulling from https://localhost:$HGPORT/
193 pulling from https://localhost:$HGPORT/
194 searching for changes
194 searching for changes
195 no changes found
195 no changes found
196 $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc
196 $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc
197
197
198 cacert configured globally, also testing expansion of environment
198 cacert configured globally, also testing expansion of environment
199 variables in the filename
199 variables in the filename
200
200
201 $ echo "[web]" >> $HGRCPATH
201 $ echo "[web]" >> $HGRCPATH
202 $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH
202 $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH
203 $ P="$CERTSDIR" hg -R copy-pull pull
203 $ P="$CERTSDIR" hg -R copy-pull pull
204 pulling from https://localhost:$HGPORT/
204 pulling from https://localhost:$HGPORT/
205 searching for changes
205 searching for changes
206 no changes found
206 no changes found
207 $ P="$CERTSDIR" hg -R copy-pull pull --insecure
207 $ P="$CERTSDIR" hg -R copy-pull pull --insecure
208 pulling from https://localhost:$HGPORT/
208 pulling from https://localhost:$HGPORT/
209 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
209 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
210 searching for changes
210 searching for changes
211 no changes found
211 no changes found
212
212
213 empty cacert file
213 empty cacert file
214
214
215 $ touch emptycafile
215 $ touch emptycafile
216
216
217 $ hg --config web.cacerts=emptycafile -R copy-pull pull
217 $ hg --config web.cacerts=emptycafile -R copy-pull pull
218 pulling from https://localhost:$HGPORT/
218 pulling from https://localhost:$HGPORT/
219 abort: error loading CA file emptycafile: * (glob)
219 abort: error loading CA file emptycafile: * (glob)
220 (file is empty or malformed?)
220 (file is empty or malformed?)
221 [255]
221 [255]
222
222
223 cacert mismatch
223 cacert mismatch
224
224
225 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
225 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
226 > https://$LOCALIP:$HGPORT/
226 > https://$LOCALIP:$HGPORT/
227 pulling from https://*:$HGPORT/ (glob)
227 pulling from https://*:$HGPORT/ (glob)
228 abort: $LOCALIP certificate error: certificate is for localhost (glob)
228 abort: $LOCALIP certificate error: certificate is for localhost (glob)
229 (set hostsecurity.$LOCALIP:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely)
229 (set hostsecurity.$LOCALIP:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely)
230 [255]
230 [255]
231 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
231 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
232 > https://$LOCALIP:$HGPORT/ --insecure
232 > https://$LOCALIP:$HGPORT/ --insecure
233 pulling from https://*:$HGPORT/ (glob)
233 pulling from https://*:$HGPORT/ (glob)
234 warning: connection security to $LOCALIP is disabled per current settings; communication is susceptible to eavesdropping and tampering (glob)
234 warning: connection security to $LOCALIP is disabled per current settings; communication is susceptible to eavesdropping and tampering (glob)
235 searching for changes
235 searching for changes
236 no changes found
236 no changes found
237 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem"
237 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem"
238 pulling from https://localhost:$HGPORT/
238 pulling from https://localhost:$HGPORT/
239 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
239 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
240 abort: error: *certificate verify failed* (glob)
240 abort: error: *certificate verify failed* (glob)
241 [255]
241 [255]
242 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \
242 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \
243 > --insecure
243 > --insecure
244 pulling from https://localhost:$HGPORT/
244 pulling from https://localhost:$HGPORT/
245 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
245 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
246 searching for changes
246 searching for changes
247 no changes found
247 no changes found
248
248
249 Test server cert which isn't valid yet
249 Test server cert which isn't valid yet
250
250
251 $ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem
251 $ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem
252 $ cat hg1.pid >> $DAEMON_PIDS
252 $ cat hg1.pid >> $DAEMON_PIDS
253 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \
253 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \
254 > https://localhost:$HGPORT1/
254 > https://localhost:$HGPORT1/
255 pulling from https://localhost:$HGPORT1/
255 pulling from https://localhost:$HGPORT1/
256 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
256 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
257 abort: error: *certificate verify failed* (glob)
257 abort: error: *certificate verify failed* (glob)
258 [255]
258 [255]
259
259
260 Test server cert which no longer is valid
260 Test server cert which no longer is valid
261
261
262 $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
262 $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
263 $ cat hg2.pid >> $DAEMON_PIDS
263 $ cat hg2.pid >> $DAEMON_PIDS
264 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \
264 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \
265 > https://localhost:$HGPORT2/
265 > https://localhost:$HGPORT2/
266 pulling from https://localhost:$HGPORT2/
266 pulling from https://localhost:$HGPORT2/
267 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
267 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
268 abort: error: *certificate verify failed* (glob)
268 abort: error: *certificate verify failed* (glob)
269 [255]
269 [255]
270
270
271 Disabling the TLS 1.0 warning works
272 $ hg -R copy-pull id https://localhost:$HGPORT/ \
273 > --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 \
274 > --config hostsecurity.disabletls10warning=true
275 5fed3813f7f5
276
277 Setting ciphers to an invalid value aborts
271 Setting ciphers to an invalid value aborts
278 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
272 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
279 abort: could not set ciphers: No cipher can be selected.
273 abort: could not set ciphers: No cipher can be selected.
280 (change cipher string (invalid) in config)
274 (change cipher string (invalid) in config)
281 [255]
275 [255]
282
276
283 $ P="$CERTSDIR" hg --config hostsecurity.localhost:ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
277 $ P="$CERTSDIR" hg --config hostsecurity.localhost:ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
284 abort: could not set ciphers: No cipher can be selected.
278 abort: could not set ciphers: No cipher can be selected.
285 (change cipher string (invalid) in config)
279 (change cipher string (invalid) in config)
286 [255]
280 [255]
287
281
288 Changing the cipher string works
282 Changing the cipher string works
289
283
290 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/
284 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/
291 5fed3813f7f5
285 5fed3813f7f5
292
286
293 Fingerprints
287 Fingerprints
294
288
295 - works without cacerts (hostfingerprints)
289 - works without cacerts (hostfingerprints)
296 $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
290 $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
297 (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
291 (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
298 5fed3813f7f5
292 5fed3813f7f5
299
293
300 - works without cacerts (hostsecurity)
294 - works without cacerts (hostsecurity)
301 $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
295 $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
302 5fed3813f7f5
296 5fed3813f7f5
303
297
304 $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e
298 $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e
305 5fed3813f7f5
299 5fed3813f7f5
306
300
307 - multiple fingerprints specified and first matches
301 - multiple fingerprints specified and first matches
308 $ hg --config 'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
302 $ hg --config 'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
309 (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
303 (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
310 5fed3813f7f5
304 5fed3813f7f5
311
305
312 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
306 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
313 5fed3813f7f5
307 5fed3813f7f5
314
308
315 - multiple fingerprints specified and last matches
309 - multiple fingerprints specified and last matches
316 $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ --insecure
310 $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ --insecure
317 (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
311 (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
318 5fed3813f7f5
312 5fed3813f7f5
319
313
320 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/
314 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/
321 5fed3813f7f5
315 5fed3813f7f5
322
316
323 - multiple fingerprints specified and none match
317 - multiple fingerprints specified and none match
324
318
325 $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
319 $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
326 abort: certificate for localhost has unexpected fingerprint ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
320 abort: certificate for localhost has unexpected fingerprint ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
327 (check hostfingerprint configuration)
321 (check hostfingerprint configuration)
328 [255]
322 [255]
329
323
330 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
324 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
331 abort: certificate for localhost has unexpected fingerprint sha1:ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
325 abort: certificate for localhost has unexpected fingerprint sha1:ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
332 (check hostsecurity configuration)
326 (check hostsecurity configuration)
333 [255]
327 [255]
334
328
335 - fails when cert doesn't match hostname (port is ignored)
329 - fails when cert doesn't match hostname (port is ignored)
336 $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
330 $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
337 abort: certificate for localhost has unexpected fingerprint f4:2f:5a:0c:3e:52:5b:db:e7:24:a8:32:1d:18:97:6d:69:b5:87:84
331 abort: certificate for localhost has unexpected fingerprint f4:2f:5a:0c:3e:52:5b:db:e7:24:a8:32:1d:18:97:6d:69:b5:87:84
338 (check hostfingerprint configuration)
332 (check hostfingerprint configuration)
339 [255]
333 [255]
340
334
341
335
342 - ignores that certificate doesn't match hostname
336 - ignores that certificate doesn't match hostname
343 $ hg -R copy-pull id https://$LOCALIP:$HGPORT/ --config hostfingerprints.$LOCALIP=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
337 $ hg -R copy-pull id https://$LOCALIP:$HGPORT/ --config hostfingerprints.$LOCALIP=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
344 (SHA-1 fingerprint for $LOCALIP found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: $LOCALIP:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
338 (SHA-1 fingerprint for $LOCALIP found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: $LOCALIP:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
345 5fed3813f7f5
339 5fed3813f7f5
346
340
347 Ports used by next test. Kill servers.
341 Ports used by next test. Kill servers.
348
342
349 $ killdaemons.py hg0.pid
343 $ killdaemons.py hg0.pid
350 $ killdaemons.py hg1.pid
344 $ killdaemons.py hg1.pid
351 $ killdaemons.py hg2.pid
345 $ killdaemons.py hg2.pid
352
346
353 #if tls1.2
347 #if tls1.2
354 Start servers running supported TLS versions
348 Start servers running supported TLS versions
355
349
356 $ cd test
350 $ cd test
357 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
351 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
358 > --config devel.serverexactprotocol=tls1.0
352 > --config devel.serverexactprotocol=tls1.0
359 $ cat ../hg0.pid >> $DAEMON_PIDS
353 $ cat ../hg0.pid >> $DAEMON_PIDS
360 $ hg serve -p $HGPORT1 -d --pid-file=../hg1.pid --certificate=$PRIV \
354 $ hg serve -p $HGPORT1 -d --pid-file=../hg1.pid --certificate=$PRIV \
361 > --config devel.serverexactprotocol=tls1.1
355 > --config devel.serverexactprotocol=tls1.1
362 $ cat ../hg1.pid >> $DAEMON_PIDS
356 $ cat ../hg1.pid >> $DAEMON_PIDS
363 $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \
357 $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \
364 > --config devel.serverexactprotocol=tls1.2
358 > --config devel.serverexactprotocol=tls1.2
365 $ cat ../hg2.pid >> $DAEMON_PIDS
359 $ cat ../hg2.pid >> $DAEMON_PIDS
366 $ cd ..
360 $ cd ..
367
361
368 Clients talking same TLS versions work
362 Clients talking same TLS versions work
369
363
370 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 id https://localhost:$HGPORT/
364 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 id https://localhost:$HGPORT/
371 5fed3813f7f5
365 5fed3813f7f5
372 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT1/
366 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT1/
373 5fed3813f7f5
367 5fed3813f7f5
374 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/
368 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/
375 5fed3813f7f5
369 5fed3813f7f5
376
370
377 Clients requiring newer TLS version than what server supports fail
371 Clients requiring newer TLS version than what server supports fail
378
372
379 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
373 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
380 (could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
374 (could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
381 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
375 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
382 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
376 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
383 abort: error: .*(unsupported protocol|wrong ssl version).* (re)
377 abort: error: .*(unsupported protocol|wrong ssl version).* (re)
384 [255]
378 [255]
385
379
386 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT/
380 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT/
387 (could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
381 (could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
388 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
382 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
389 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
383 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
390 abort: error: .*(unsupported protocol|wrong ssl version).* (re)
384 abort: error: .*(unsupported protocol|wrong ssl version).* (re)
391 [255]
385 [255]
392 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT/
386 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT/
393 (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
387 (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
394 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
388 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
395 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
389 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
396 abort: error: .*(unsupported protocol|wrong ssl version).* (re)
390 abort: error: .*(unsupported protocol|wrong ssl version).* (re)
397 [255]
391 [255]
398 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT1/
392 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT1/
399 (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
393 (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
400 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
394 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
401 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
395 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
402 abort: error: .*(unsupported protocol|wrong ssl version).* (re)
396 abort: error: .*(unsupported protocol|wrong ssl version).* (re)
403 [255]
397 [255]
404
398
405 --insecure will allow TLS 1.0 connections and override configs
399 --insecure will allow TLS 1.0 connections and override configs
406
400
407 $ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure https://localhost:$HGPORT1/
401 $ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure https://localhost:$HGPORT1/
408 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
402 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
409 5fed3813f7f5
403 5fed3813f7f5
410
404
411 The per-host config option overrides the default
405 The per-host config option overrides the default
412
406
413 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
407 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
414 > --config hostsecurity.minimumprotocol=tls1.2 \
408 > --config hostsecurity.minimumprotocol=tls1.2 \
415 > --config hostsecurity.localhost:minimumprotocol=tls1.0
409 > --config hostsecurity.localhost:minimumprotocol=tls1.0
416 5fed3813f7f5
410 5fed3813f7f5
417
411
418 The per-host config option by itself works
412 The per-host config option by itself works
419
413
420 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
414 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
421 > --config hostsecurity.localhost:minimumprotocol=tls1.2
415 > --config hostsecurity.localhost:minimumprotocol=tls1.2
422 (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
416 (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
423 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
417 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
424 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
418 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
425 abort: error: .*(unsupported protocol|wrong ssl version).* (re)
419 abort: error: .*(unsupported protocol|wrong ssl version).* (re)
426 [255]
420 [255]
427
421
428 .hg/hgrc file [hostsecurity] settings are applied to remote ui instances (issue5305)
422 .hg/hgrc file [hostsecurity] settings are applied to remote ui instances (issue5305)
429
423
430 $ cat >> copy-pull/.hg/hgrc << EOF
424 $ cat >> copy-pull/.hg/hgrc << EOF
431 > [hostsecurity]
425 > [hostsecurity]
432 > localhost:minimumprotocol=tls1.2
426 > localhost:minimumprotocol=tls1.2
433 > EOF
427 > EOF
434 $ P="$CERTSDIR" hg -R copy-pull id https://localhost:$HGPORT/
428 $ P="$CERTSDIR" hg -R copy-pull id https://localhost:$HGPORT/
435 (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
429 (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
436 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
430 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
437 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
431 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
438 abort: error: .*(unsupported protocol|wrong ssl version).* (re)
432 abort: error: .*(unsupported protocol|wrong ssl version).* (re)
439 [255]
433 [255]
440
434
441 $ killdaemons.py hg0.pid
435 $ killdaemons.py hg0.pid
442 $ killdaemons.py hg1.pid
436 $ killdaemons.py hg1.pid
443 $ killdaemons.py hg2.pid
437 $ killdaemons.py hg2.pid
444 #endif
438 #endif
445
439
446 Prepare for connecting through proxy
440 Prepare for connecting through proxy
447
441
448 $ hg serve -R test -p $HGPORT -d --pid-file=hg0.pid --certificate=$PRIV
442 $ hg serve -R test -p $HGPORT -d --pid-file=hg0.pid --certificate=$PRIV
449 $ cat hg0.pid >> $DAEMON_PIDS
443 $ cat hg0.pid >> $DAEMON_PIDS
450 $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
444 $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
451 $ cat hg2.pid >> $DAEMON_PIDS
445 $ cat hg2.pid >> $DAEMON_PIDS
452 tinyproxy.py doesn't fully detach, so killing it may result in extra output
446 tinyproxy.py doesn't fully detach, so killing it may result in extra output
453 from the shell. So don't kill it.
447 from the shell. So don't kill it.
454 $ tinyproxy.py $HGPORT1 localhost >proxy.log </dev/null 2>&1 &
448 $ tinyproxy.py $HGPORT1 localhost >proxy.log </dev/null 2>&1 &
455 $ while [ ! -f proxy.pid ]; do sleep 0; done
449 $ while [ ! -f proxy.pid ]; do sleep 0; done
456 $ cat proxy.pid >> $DAEMON_PIDS
450 $ cat proxy.pid >> $DAEMON_PIDS
457
451
458 $ echo "[http_proxy]" >> copy-pull/.hg/hgrc
452 $ echo "[http_proxy]" >> copy-pull/.hg/hgrc
459 $ echo "always=True" >> copy-pull/.hg/hgrc
453 $ echo "always=True" >> copy-pull/.hg/hgrc
460 $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc
454 $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc
461 $ echo "localhost =" >> copy-pull/.hg/hgrc
455 $ echo "localhost =" >> copy-pull/.hg/hgrc
462
456
463 Test unvalidated https through proxy
457 Test unvalidated https through proxy
464
458
465 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure
459 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure
466 pulling from https://localhost:$HGPORT/
460 pulling from https://localhost:$HGPORT/
467 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
461 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
468 searching for changes
462 searching for changes
469 no changes found
463 no changes found
470
464
471 Test https with cacert and fingerprint through proxy
465 Test https with cacert and fingerprint through proxy
472
466
473 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
467 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
474 > --config web.cacerts="$CERTSDIR/pub.pem"
468 > --config web.cacerts="$CERTSDIR/pub.pem"
475 pulling from https://localhost:$HGPORT/
469 pulling from https://localhost:$HGPORT/
476 searching for changes
470 searching for changes
477 no changes found
471 no changes found
478 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://localhost:$HGPORT/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 --trace
472 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://localhost:$HGPORT/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 --trace
479 pulling from https://*:$HGPORT/ (glob)
473 pulling from https://*:$HGPORT/ (glob)
480 (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
474 (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
481 searching for changes
475 searching for changes
482 no changes found
476 no changes found
483
477
484 Test https with cert problems through proxy
478 Test https with cert problems through proxy
485
479
486 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
480 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
487 > --config web.cacerts="$CERTSDIR/pub-other.pem"
481 > --config web.cacerts="$CERTSDIR/pub-other.pem"
488 pulling from https://localhost:$HGPORT/
482 pulling from https://localhost:$HGPORT/
489 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
483 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
490 abort: error: *certificate verify failed* (glob)
484 abort: error: *certificate verify failed* (glob)
491 [255]
485 [255]
492 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
486 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
493 > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/
487 > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/
494 pulling from https://localhost:$HGPORT2/
488 pulling from https://localhost:$HGPORT2/
495 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
489 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
496 abort: error: *certificate verify failed* (glob)
490 abort: error: *certificate verify failed* (glob)
497 [255]
491 [255]
498
492
499
493
500 $ killdaemons.py hg0.pid
494 $ killdaemons.py hg0.pid
501
495
502 $ cd test
496 $ cd test
503
497
504 Missing certificate file(s) are detected
498 Missing certificate file(s) are detected
505
499
506 $ hg serve -p $HGPORT --certificate=/missing/certificate \
500 $ hg serve -p $HGPORT --certificate=/missing/certificate \
507 > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true
501 > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true
508 abort: referenced certificate file (*/missing/certificate) does not exist (glob)
502 abort: referenced certificate file (*/missing/certificate) does not exist (glob)
509 [255]
503 [255]
510
504
511 $ hg serve -p $HGPORT --certificate=$PRIV \
505 $ hg serve -p $HGPORT --certificate=$PRIV \
512 > --config devel.servercafile=/missing/cafile --config devel.serverrequirecert=true
506 > --config devel.servercafile=/missing/cafile --config devel.serverrequirecert=true
513 abort: referenced certificate file (*/missing/cafile) does not exist (glob)
507 abort: referenced certificate file (*/missing/cafile) does not exist (glob)
514 [255]
508 [255]
515
509
516 Start hgweb that requires client certificates:
510 Start hgweb that requires client certificates:
517
511
518 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
512 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
519 > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true
513 > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true
520 $ cat ../hg0.pid >> $DAEMON_PIDS
514 $ cat ../hg0.pid >> $DAEMON_PIDS
521 $ cd ..
515 $ cd ..
522
516
523 without client certificate:
517 without client certificate:
524
518
525 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
519 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
526 abort: error: .*(\$ECONNRESET\$|certificate required|handshake failure).* (re)
520 abort: error: .*(\$ECONNRESET\$|certificate required|handshake failure).* (re)
527 [255]
521 [255]
528
522
529 with client certificate:
523 with client certificate:
530
524
531 $ cat << EOT >> $HGRCPATH
525 $ cat << EOT >> $HGRCPATH
532 > [auth]
526 > [auth]
533 > l.prefix = localhost
527 > l.prefix = localhost
534 > l.cert = $CERTSDIR/client-cert.pem
528 > l.cert = $CERTSDIR/client-cert.pem
535 > l.key = $CERTSDIR/client-key.pem
529 > l.key = $CERTSDIR/client-key.pem
536 > EOT
530 > EOT
537
531
538 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
532 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
539 > --config auth.l.key="$CERTSDIR/client-key-decrypted.pem"
533 > --config auth.l.key="$CERTSDIR/client-key-decrypted.pem"
540 5fed3813f7f5
534 5fed3813f7f5
541
535
542 $ printf '1234\n' | env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
536 $ printf '1234\n' | env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
543 > --config ui.interactive=True --config ui.nontty=True
537 > --config ui.interactive=True --config ui.nontty=True
544 passphrase for */client-key.pem: 5fed3813f7f5 (glob)
538 passphrase for */client-key.pem: 5fed3813f7f5 (glob)
545
539
546 $ env P="$CERTSDIR" hg id https://localhost:$HGPORT/
540 $ env P="$CERTSDIR" hg id https://localhost:$HGPORT/
547 abort: error: * (glob)
541 abort: error: * (glob)
548 [255]
542 [255]
549
543
550 Missing certficate and key files result in error
544 Missing certficate and key files result in error
551
545
552 $ hg id https://localhost:$HGPORT/ --config auth.l.cert=/missing/cert
546 $ hg id https://localhost:$HGPORT/ --config auth.l.cert=/missing/cert
553 abort: certificate file (*/missing/cert) does not exist; cannot connect to localhost (glob)
547 abort: certificate file (*/missing/cert) does not exist; cannot connect to localhost (glob)
554 (restore missing file or fix references in Mercurial config)
548 (restore missing file or fix references in Mercurial config)
555 [255]
549 [255]
556
550
557 $ hg id https://localhost:$HGPORT/ --config auth.l.key=/missing/key
551 $ hg id https://localhost:$HGPORT/ --config auth.l.key=/missing/key
558 abort: certificate file (*/missing/key) does not exist; cannot connect to localhost (glob)
552 abort: certificate file (*/missing/key) does not exist; cannot connect to localhost (glob)
559 (restore missing file or fix references in Mercurial config)
553 (restore missing file or fix references in Mercurial config)
560 [255]
554 [255]
General Comments 0
You need to be logged in to leave comments. Login now