##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

typing: disable module attribute warnings for properly conditionalized code...
Matt Harbison -
r47544:52528570 stable
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,1375 +1,1379 b''
1 # dispatch.py - command dispatching for mercurial
1 # dispatch.py - command dispatching for mercurial
2 #
2 #
3 # Copyright 2005-2007 Matt Mackall <mpm@selenic.com>
3 # Copyright 2005-2007 Matt Mackall <mpm@selenic.com>
4 #
4 #
5 # This software may be used and distributed according to the terms of the
5 # This software may be used and distributed according to the terms of the
6 # GNU General Public License version 2 or any later version.
6 # GNU General Public License version 2 or any later version.
7
7
8 from __future__ import absolute_import, print_function
8 from __future__ import absolute_import, print_function
9
9
10 import errno
10 import errno
11 import getopt
11 import getopt
12 import io
12 import io
13 import os
13 import os
14 import pdb
14 import pdb
15 import re
15 import re
16 import signal
16 import signal
17 import sys
17 import sys
18 import traceback
18 import traceback
19
19
20
20
21 from .i18n import _
21 from .i18n import _
22 from .pycompat import getattr
22 from .pycompat import getattr
23
23
24 from hgdemandimport import tracing
24 from hgdemandimport import tracing
25
25
26 from . import (
26 from . import (
27 cmdutil,
27 cmdutil,
28 color,
28 color,
29 commands,
29 commands,
30 demandimport,
30 demandimport,
31 encoding,
31 encoding,
32 error,
32 error,
33 extensions,
33 extensions,
34 fancyopts,
34 fancyopts,
35 help,
35 help,
36 hg,
36 hg,
37 hook,
37 hook,
38 localrepo,
38 localrepo,
39 profiling,
39 profiling,
40 pycompat,
40 pycompat,
41 rcutil,
41 rcutil,
42 registrar,
42 registrar,
43 requirements as requirementsmod,
43 requirements as requirementsmod,
44 scmutil,
44 scmutil,
45 ui as uimod,
45 ui as uimod,
46 util,
46 util,
47 vfs,
47 vfs,
48 )
48 )
49
49
50 from .utils import (
50 from .utils import (
51 procutil,
51 procutil,
52 stringutil,
52 stringutil,
53 )
53 )
54
54
55
55
56 class request(object):
56 class request(object):
57 def __init__(
57 def __init__(
58 self,
58 self,
59 args,
59 args,
60 ui=None,
60 ui=None,
61 repo=None,
61 repo=None,
62 fin=None,
62 fin=None,
63 fout=None,
63 fout=None,
64 ferr=None,
64 ferr=None,
65 fmsg=None,
65 fmsg=None,
66 prereposetups=None,
66 prereposetups=None,
67 ):
67 ):
68 self.args = args
68 self.args = args
69 self.ui = ui
69 self.ui = ui
70 self.repo = repo
70 self.repo = repo
71
71
72 # input/output/error streams
72 # input/output/error streams
73 self.fin = fin
73 self.fin = fin
74 self.fout = fout
74 self.fout = fout
75 self.ferr = ferr
75 self.ferr = ferr
76 # separate stream for status/error messages
76 # separate stream for status/error messages
77 self.fmsg = fmsg
77 self.fmsg = fmsg
78
78
79 # remember options pre-parsed by _earlyparseopts()
79 # remember options pre-parsed by _earlyparseopts()
80 self.earlyoptions = {}
80 self.earlyoptions = {}
81
81
82 # reposetups which run before extensions, useful for chg to pre-fill
82 # reposetups which run before extensions, useful for chg to pre-fill
83 # low-level repo state (for example, changelog) before extensions.
83 # low-level repo state (for example, changelog) before extensions.
84 self.prereposetups = prereposetups or []
84 self.prereposetups = prereposetups or []
85
85
86 # store the parsed and canonical command
86 # store the parsed and canonical command
87 self.canonical_command = None
87 self.canonical_command = None
88
88
89 def _runexithandlers(self):
89 def _runexithandlers(self):
90 exc = None
90 exc = None
91 handlers = self.ui._exithandlers
91 handlers = self.ui._exithandlers
92 try:
92 try:
93 while handlers:
93 while handlers:
94 func, args, kwargs = handlers.pop()
94 func, args, kwargs = handlers.pop()
95 try:
95 try:
96 func(*args, **kwargs)
96 func(*args, **kwargs)
97 except: # re-raises below
97 except: # re-raises below
98 if exc is None:
98 if exc is None:
99 exc = sys.exc_info()[1]
99 exc = sys.exc_info()[1]
100 self.ui.warnnoi18n(b'error in exit handlers:\n')
100 self.ui.warnnoi18n(b'error in exit handlers:\n')
101 self.ui.traceback(force=True)
101 self.ui.traceback(force=True)
102 finally:
102 finally:
103 if exc is not None:
103 if exc is not None:
104 raise exc
104 raise exc
105
105
106
106
107 def _flushstdio(ui, err):
107 def _flushstdio(ui, err):
108 status = None
108 status = None
109 # In all cases we try to flush stdio streams.
109 # In all cases we try to flush stdio streams.
110 if util.safehasattr(ui, b'fout'):
110 if util.safehasattr(ui, b'fout'):
111 assert ui is not None # help pytype
111 assert ui is not None # help pytype
112 assert ui.fout is not None # help pytype
112 assert ui.fout is not None # help pytype
113 try:
113 try:
114 ui.fout.flush()
114 ui.fout.flush()
115 except IOError as e:
115 except IOError as e:
116 err = e
116 err = e
117 status = -1
117 status = -1
118
118
119 if util.safehasattr(ui, b'ferr'):
119 if util.safehasattr(ui, b'ferr'):
120 assert ui is not None # help pytype
120 assert ui is not None # help pytype
121 assert ui.ferr is not None # help pytype
121 assert ui.ferr is not None # help pytype
122 try:
122 try:
123 if err is not None and err.errno != errno.EPIPE:
123 if err is not None and err.errno != errno.EPIPE:
124 ui.ferr.write(
124 ui.ferr.write(
125 b'abort: %s\n' % encoding.strtolocal(err.strerror)
125 b'abort: %s\n' % encoding.strtolocal(err.strerror)
126 )
126 )
127 ui.ferr.flush()
127 ui.ferr.flush()
128 # There's not much we can do about an I/O error here. So (possibly)
128 # There's not much we can do about an I/O error here. So (possibly)
129 # change the status code and move on.
129 # change the status code and move on.
130 except IOError:
130 except IOError:
131 status = -1
131 status = -1
132
132
133 return status
133 return status
134
134
135
135
136 def run():
136 def run():
137 """run the command in sys.argv"""
137 """run the command in sys.argv"""
138 try:
138 try:
139 initstdio()
139 initstdio()
140 with tracing.log('parse args into request'):
140 with tracing.log('parse args into request'):
141 req = request(pycompat.sysargv[1:])
141 req = request(pycompat.sysargv[1:])
142
142
143 status = dispatch(req)
143 status = dispatch(req)
144 _silencestdio()
144 _silencestdio()
145 except KeyboardInterrupt:
145 except KeyboardInterrupt:
146 # Catch early/late KeyboardInterrupt as last ditch. Here nothing will
146 # Catch early/late KeyboardInterrupt as last ditch. Here nothing will
147 # be printed to console to avoid another IOError/KeyboardInterrupt.
147 # be printed to console to avoid another IOError/KeyboardInterrupt.
148 status = -1
148 status = -1
149 sys.exit(status & 255)
149 sys.exit(status & 255)
150
150
151
151
152 if pycompat.ispy3:
152 if pycompat.ispy3:
153
153
154 def initstdio():
154 def initstdio():
155 # stdio streams on Python 3 are io.TextIOWrapper instances proxying another
155 # stdio streams on Python 3 are io.TextIOWrapper instances proxying another
156 # buffer. These streams will normalize \n to \r\n by default. Mercurial's
156 # buffer. These streams will normalize \n to \r\n by default. Mercurial's
157 # preferred mechanism for writing output (ui.write()) uses io.BufferedWriter
157 # preferred mechanism for writing output (ui.write()) uses io.BufferedWriter
158 # instances, which write to the underlying stdio file descriptor in binary
158 # instances, which write to the underlying stdio file descriptor in binary
159 # mode. ui.write() uses \n for line endings and no line ending normalization
159 # mode. ui.write() uses \n for line endings and no line ending normalization
160 # is attempted through this interface. This "just works," even if the system
160 # is attempted through this interface. This "just works," even if the system
161 # preferred line ending is not \n.
161 # preferred line ending is not \n.
162 #
162 #
163 # But some parts of Mercurial (e.g. hooks) can still send data to sys.stdout
163 # But some parts of Mercurial (e.g. hooks) can still send data to sys.stdout
164 # and sys.stderr. They will inherit the line ending normalization settings,
164 # and sys.stderr. They will inherit the line ending normalization settings,
165 # potentially causing e.g. \r\n to be emitted. Since emitting \n should
165 # potentially causing e.g. \r\n to be emitted. Since emitting \n should
166 # "just work," here we change the sys.* streams to disable line ending
166 # "just work," here we change the sys.* streams to disable line ending
167 # normalization, ensuring compatibility with our ui type.
167 # normalization, ensuring compatibility with our ui type.
168
168
169 if sys.stdout is not None:
169 if sys.stdout is not None:
170 # write_through is new in Python 3.7.
170 # write_through is new in Python 3.7.
171 kwargs = {
171 kwargs = {
172 "newline": "\n",
172 "newline": "\n",
173 "line_buffering": sys.stdout.line_buffering,
173 "line_buffering": sys.stdout.line_buffering,
174 }
174 }
175 if util.safehasattr(sys.stdout, "write_through"):
175 if util.safehasattr(sys.stdout, "write_through"):
176 # pytype: disable=attribute-error
176 kwargs["write_through"] = sys.stdout.write_through
177 kwargs["write_through"] = sys.stdout.write_through
178 # pytype: enable=attribute-error
177 sys.stdout = io.TextIOWrapper(
179 sys.stdout = io.TextIOWrapper(
178 sys.stdout.buffer,
180 sys.stdout.buffer,
179 sys.stdout.encoding,
181 sys.stdout.encoding,
180 sys.stdout.errors,
182 sys.stdout.errors,
181 **kwargs
183 **kwargs
182 )
184 )
183
185
184 if sys.stderr is not None:
186 if sys.stderr is not None:
185 kwargs = {
187 kwargs = {
186 "newline": "\n",
188 "newline": "\n",
187 "line_buffering": sys.stderr.line_buffering,
189 "line_buffering": sys.stderr.line_buffering,
188 }
190 }
189 if util.safehasattr(sys.stderr, "write_through"):
191 if util.safehasattr(sys.stderr, "write_through"):
192 # pytype: disable=attribute-error
190 kwargs["write_through"] = sys.stderr.write_through
193 kwargs["write_through"] = sys.stderr.write_through
194 # pytype: enable=attribute-error
191 sys.stderr = io.TextIOWrapper(
195 sys.stderr = io.TextIOWrapper(
192 sys.stderr.buffer,
196 sys.stderr.buffer,
193 sys.stderr.encoding,
197 sys.stderr.encoding,
194 sys.stderr.errors,
198 sys.stderr.errors,
195 **kwargs
199 **kwargs
196 )
200 )
197
201
198 if sys.stdin is not None:
202 if sys.stdin is not None:
199 # No write_through on read-only stream.
203 # No write_through on read-only stream.
200 sys.stdin = io.TextIOWrapper(
204 sys.stdin = io.TextIOWrapper(
201 sys.stdin.buffer,
205 sys.stdin.buffer,
202 sys.stdin.encoding,
206 sys.stdin.encoding,
203 sys.stdin.errors,
207 sys.stdin.errors,
204 # None is universal newlines mode.
208 # None is universal newlines mode.
205 newline=None,
209 newline=None,
206 line_buffering=sys.stdin.line_buffering,
210 line_buffering=sys.stdin.line_buffering,
207 )
211 )
208
212
209 def _silencestdio():
213 def _silencestdio():
210 for fp in (sys.stdout, sys.stderr):
214 for fp in (sys.stdout, sys.stderr):
211 if fp is None:
215 if fp is None:
212 continue
216 continue
213 # Check if the file is okay
217 # Check if the file is okay
214 try:
218 try:
215 fp.flush()
219 fp.flush()
216 continue
220 continue
217 except IOError:
221 except IOError:
218 pass
222 pass
219 # Otherwise mark it as closed to silence "Exception ignored in"
223 # Otherwise mark it as closed to silence "Exception ignored in"
220 # message emitted by the interpreter finalizer.
224 # message emitted by the interpreter finalizer.
221 try:
225 try:
222 fp.close()
226 fp.close()
223 except IOError:
227 except IOError:
224 pass
228 pass
225
229
226
230
227 else:
231 else:
228
232
229 def initstdio():
233 def initstdio():
230 for fp in (sys.stdin, sys.stdout, sys.stderr):
234 for fp in (sys.stdin, sys.stdout, sys.stderr):
231 procutil.setbinary(fp)
235 procutil.setbinary(fp)
232
236
233 def _silencestdio():
237 def _silencestdio():
234 pass
238 pass
235
239
236
240
237 def _formatargs(args):
241 def _formatargs(args):
238 return b' '.join(procutil.shellquote(a) for a in args)
242 return b' '.join(procutil.shellquote(a) for a in args)
239
243
240
244
241 def dispatch(req):
245 def dispatch(req):
242 """run the command specified in req.args; returns an integer status code"""
246 """run the command specified in req.args; returns an integer status code"""
243 err = None
247 err = None
244 try:
248 try:
245 status = _rundispatch(req)
249 status = _rundispatch(req)
246 except error.StdioError as e:
250 except error.StdioError as e:
247 err = e
251 err = e
248 status = -1
252 status = -1
249
253
250 ret = _flushstdio(req.ui, err)
254 ret = _flushstdio(req.ui, err)
251 if ret:
255 if ret:
252 status = ret
256 status = ret
253 return status
257 return status
254
258
255
259
256 def _rundispatch(req):
260 def _rundispatch(req):
257 with tracing.log('dispatch._rundispatch'):
261 with tracing.log('dispatch._rundispatch'):
258 if req.ferr:
262 if req.ferr:
259 ferr = req.ferr
263 ferr = req.ferr
260 elif req.ui:
264 elif req.ui:
261 ferr = req.ui.ferr
265 ferr = req.ui.ferr
262 else:
266 else:
263 ferr = procutil.stderr
267 ferr = procutil.stderr
264
268
265 try:
269 try:
266 if not req.ui:
270 if not req.ui:
267 req.ui = uimod.ui.load()
271 req.ui = uimod.ui.load()
268 req.earlyoptions.update(_earlyparseopts(req.ui, req.args))
272 req.earlyoptions.update(_earlyparseopts(req.ui, req.args))
269 if req.earlyoptions[b'traceback']:
273 if req.earlyoptions[b'traceback']:
270 req.ui.setconfig(b'ui', b'traceback', b'on', b'--traceback')
274 req.ui.setconfig(b'ui', b'traceback', b'on', b'--traceback')
271
275
272 # set ui streams from the request
276 # set ui streams from the request
273 if req.fin:
277 if req.fin:
274 req.ui.fin = req.fin
278 req.ui.fin = req.fin
275 if req.fout:
279 if req.fout:
276 req.ui.fout = req.fout
280 req.ui.fout = req.fout
277 if req.ferr:
281 if req.ferr:
278 req.ui.ferr = req.ferr
282 req.ui.ferr = req.ferr
279 if req.fmsg:
283 if req.fmsg:
280 req.ui.fmsg = req.fmsg
284 req.ui.fmsg = req.fmsg
281 except error.Abort as inst:
285 except error.Abort as inst:
282 ferr.write(inst.format())
286 ferr.write(inst.format())
283 return -1
287 return -1
284
288
285 msg = _formatargs(req.args)
289 msg = _formatargs(req.args)
286 starttime = util.timer()
290 starttime = util.timer()
287 ret = 1 # default of Python exit code on unhandled exception
291 ret = 1 # default of Python exit code on unhandled exception
288 try:
292 try:
289 ret = _runcatch(req) or 0
293 ret = _runcatch(req) or 0
290 except error.ProgrammingError as inst:
294 except error.ProgrammingError as inst:
291 req.ui.error(_(b'** ProgrammingError: %s\n') % inst)
295 req.ui.error(_(b'** ProgrammingError: %s\n') % inst)
292 if inst.hint:
296 if inst.hint:
293 req.ui.error(_(b'** (%s)\n') % inst.hint)
297 req.ui.error(_(b'** (%s)\n') % inst.hint)
294 raise
298 raise
295 except KeyboardInterrupt as inst:
299 except KeyboardInterrupt as inst:
296 try:
300 try:
297 if isinstance(inst, error.SignalInterrupt):
301 if isinstance(inst, error.SignalInterrupt):
298 msg = _(b"killed!\n")
302 msg = _(b"killed!\n")
299 else:
303 else:
300 msg = _(b"interrupted!\n")
304 msg = _(b"interrupted!\n")
301 req.ui.error(msg)
305 req.ui.error(msg)
302 except error.SignalInterrupt:
306 except error.SignalInterrupt:
303 # maybe pager would quit without consuming all the output, and
307 # maybe pager would quit without consuming all the output, and
304 # SIGPIPE was raised. we cannot print anything in this case.
308 # SIGPIPE was raised. we cannot print anything in this case.
305 pass
309 pass
306 except IOError as inst:
310 except IOError as inst:
307 if inst.errno != errno.EPIPE:
311 if inst.errno != errno.EPIPE:
308 raise
312 raise
309 ret = -1
313 ret = -1
310 finally:
314 finally:
311 duration = util.timer() - starttime
315 duration = util.timer() - starttime
312 req.ui.flush() # record blocked times
316 req.ui.flush() # record blocked times
313 if req.ui.logblockedtimes:
317 if req.ui.logblockedtimes:
314 req.ui._blockedtimes[b'command_duration'] = duration * 1000
318 req.ui._blockedtimes[b'command_duration'] = duration * 1000
315 req.ui.log(
319 req.ui.log(
316 b'uiblocked',
320 b'uiblocked',
317 b'ui blocked ms\n',
321 b'ui blocked ms\n',
318 **pycompat.strkwargs(req.ui._blockedtimes)
322 **pycompat.strkwargs(req.ui._blockedtimes)
319 )
323 )
320 return_code = ret & 255
324 return_code = ret & 255
321 req.ui.log(
325 req.ui.log(
322 b"commandfinish",
326 b"commandfinish",
323 b"%s exited %d after %0.2f seconds\n",
327 b"%s exited %d after %0.2f seconds\n",
324 msg,
328 msg,
325 return_code,
329 return_code,
326 duration,
330 duration,
327 return_code=return_code,
331 return_code=return_code,
328 duration=duration,
332 duration=duration,
329 canonical_command=req.canonical_command,
333 canonical_command=req.canonical_command,
330 )
334 )
331 try:
335 try:
332 req._runexithandlers()
336 req._runexithandlers()
333 except: # exiting, so no re-raises
337 except: # exiting, so no re-raises
334 ret = ret or -1
338 ret = ret or -1
335 # do flush again since ui.log() and exit handlers may write to ui
339 # do flush again since ui.log() and exit handlers may write to ui
336 req.ui.flush()
340 req.ui.flush()
337 return ret
341 return ret
338
342
339
343
340 def _runcatch(req):
344 def _runcatch(req):
341 with tracing.log('dispatch._runcatch'):
345 with tracing.log('dispatch._runcatch'):
342
346
343 def catchterm(*args):
347 def catchterm(*args):
344 raise error.SignalInterrupt
348 raise error.SignalInterrupt
345
349
346 ui = req.ui
350 ui = req.ui
347 try:
351 try:
348 for name in b'SIGBREAK', b'SIGHUP', b'SIGTERM':
352 for name in b'SIGBREAK', b'SIGHUP', b'SIGTERM':
349 num = getattr(signal, name, None)
353 num = getattr(signal, name, None)
350 if num:
354 if num:
351 signal.signal(num, catchterm)
355 signal.signal(num, catchterm)
352 except ValueError:
356 except ValueError:
353 pass # happens if called in a thread
357 pass # happens if called in a thread
354
358
355 def _runcatchfunc():
359 def _runcatchfunc():
356 realcmd = None
360 realcmd = None
357 try:
361 try:
358 cmdargs = fancyopts.fancyopts(
362 cmdargs = fancyopts.fancyopts(
359 req.args[:], commands.globalopts, {}
363 req.args[:], commands.globalopts, {}
360 )
364 )
361 cmd = cmdargs[0]
365 cmd = cmdargs[0]
362 aliases, entry = cmdutil.findcmd(cmd, commands.table, False)
366 aliases, entry = cmdutil.findcmd(cmd, commands.table, False)
363 realcmd = aliases[0]
367 realcmd = aliases[0]
364 except (
368 except (
365 error.UnknownCommand,
369 error.UnknownCommand,
366 error.AmbiguousCommand,
370 error.AmbiguousCommand,
367 IndexError,
371 IndexError,
368 getopt.GetoptError,
372 getopt.GetoptError,
369 ):
373 ):
370 # Don't handle this here. We know the command is
374 # Don't handle this here. We know the command is
371 # invalid, but all we're worried about for now is that
375 # invalid, but all we're worried about for now is that
372 # it's not a command that server operators expect to
376 # it's not a command that server operators expect to
373 # be safe to offer to users in a sandbox.
377 # be safe to offer to users in a sandbox.
374 pass
378 pass
375 if realcmd == b'serve' and b'--stdio' in cmdargs:
379 if realcmd == b'serve' and b'--stdio' in cmdargs:
376 # We want to constrain 'hg serve --stdio' instances pretty
380 # We want to constrain 'hg serve --stdio' instances pretty
377 # closely, as many shared-ssh access tools want to grant
381 # closely, as many shared-ssh access tools want to grant
378 # access to run *only* 'hg -R $repo serve --stdio'. We
382 # access to run *only* 'hg -R $repo serve --stdio'. We
379 # restrict to exactly that set of arguments, and prohibit
383 # restrict to exactly that set of arguments, and prohibit
380 # any repo name that starts with '--' to prevent
384 # any repo name that starts with '--' to prevent
381 # shenanigans wherein a user does something like pass
385 # shenanigans wherein a user does something like pass
382 # --debugger or --config=ui.debugger=1 as a repo
386 # --debugger or --config=ui.debugger=1 as a repo
383 # name. This used to actually run the debugger.
387 # name. This used to actually run the debugger.
384 if (
388 if (
385 len(req.args) != 4
389 len(req.args) != 4
386 or req.args[0] != b'-R'
390 or req.args[0] != b'-R'
387 or req.args[1].startswith(b'--')
391 or req.args[1].startswith(b'--')
388 or req.args[2] != b'serve'
392 or req.args[2] != b'serve'
389 or req.args[3] != b'--stdio'
393 or req.args[3] != b'--stdio'
390 ):
394 ):
391 raise error.Abort(
395 raise error.Abort(
392 _(b'potentially unsafe serve --stdio invocation: %s')
396 _(b'potentially unsafe serve --stdio invocation: %s')
393 % (stringutil.pprint(req.args),)
397 % (stringutil.pprint(req.args),)
394 )
398 )
395
399
396 try:
400 try:
397 debugger = b'pdb'
401 debugger = b'pdb'
398 debugtrace = {b'pdb': pdb.set_trace}
402 debugtrace = {b'pdb': pdb.set_trace}
399 debugmortem = {b'pdb': pdb.post_mortem}
403 debugmortem = {b'pdb': pdb.post_mortem}
400
404
401 # read --config before doing anything else
405 # read --config before doing anything else
402 # (e.g. to change trust settings for reading .hg/hgrc)
406 # (e.g. to change trust settings for reading .hg/hgrc)
403 cfgs = _parseconfig(req.ui, req.earlyoptions[b'config'])
407 cfgs = _parseconfig(req.ui, req.earlyoptions[b'config'])
404
408
405 if req.repo:
409 if req.repo:
406 # copy configs that were passed on the cmdline (--config) to
410 # copy configs that were passed on the cmdline (--config) to
407 # the repo ui
411 # the repo ui
408 for sec, name, val in cfgs:
412 for sec, name, val in cfgs:
409 req.repo.ui.setconfig(
413 req.repo.ui.setconfig(
410 sec, name, val, source=b'--config'
414 sec, name, val, source=b'--config'
411 )
415 )
412
416
413 # developer config: ui.debugger
417 # developer config: ui.debugger
414 debugger = ui.config(b"ui", b"debugger")
418 debugger = ui.config(b"ui", b"debugger")
415 debugmod = pdb
419 debugmod = pdb
416 if not debugger or ui.plain():
420 if not debugger or ui.plain():
417 # if we are in HGPLAIN mode, then disable custom debugging
421 # if we are in HGPLAIN mode, then disable custom debugging
418 debugger = b'pdb'
422 debugger = b'pdb'
419 elif req.earlyoptions[b'debugger']:
423 elif req.earlyoptions[b'debugger']:
420 # This import can be slow for fancy debuggers, so only
424 # This import can be slow for fancy debuggers, so only
421 # do it when absolutely necessary, i.e. when actual
425 # do it when absolutely necessary, i.e. when actual
422 # debugging has been requested
426 # debugging has been requested
423 with demandimport.deactivated():
427 with demandimport.deactivated():
424 try:
428 try:
425 debugmod = __import__(debugger)
429 debugmod = __import__(debugger)
426 except ImportError:
430 except ImportError:
427 pass # Leave debugmod = pdb
431 pass # Leave debugmod = pdb
428
432
429 debugtrace[debugger] = debugmod.set_trace
433 debugtrace[debugger] = debugmod.set_trace
430 debugmortem[debugger] = debugmod.post_mortem
434 debugmortem[debugger] = debugmod.post_mortem
431
435
432 # enter the debugger before command execution
436 # enter the debugger before command execution
433 if req.earlyoptions[b'debugger']:
437 if req.earlyoptions[b'debugger']:
434 ui.warn(
438 ui.warn(
435 _(
439 _(
436 b"entering debugger - "
440 b"entering debugger - "
437 b"type c to continue starting hg or h for help\n"
441 b"type c to continue starting hg or h for help\n"
438 )
442 )
439 )
443 )
440
444
441 if (
445 if (
442 debugger != b'pdb'
446 debugger != b'pdb'
443 and debugtrace[debugger] == debugtrace[b'pdb']
447 and debugtrace[debugger] == debugtrace[b'pdb']
444 ):
448 ):
445 ui.warn(
449 ui.warn(
446 _(
450 _(
447 b"%s debugger specified "
451 b"%s debugger specified "
448 b"but its module was not found\n"
452 b"but its module was not found\n"
449 )
453 )
450 % debugger
454 % debugger
451 )
455 )
452 with demandimport.deactivated():
456 with demandimport.deactivated():
453 debugtrace[debugger]()
457 debugtrace[debugger]()
454 try:
458 try:
455 return _dispatch(req)
459 return _dispatch(req)
456 finally:
460 finally:
457 ui.flush()
461 ui.flush()
458 except: # re-raises
462 except: # re-raises
459 # enter the debugger when we hit an exception
463 # enter the debugger when we hit an exception
460 if req.earlyoptions[b'debugger']:
464 if req.earlyoptions[b'debugger']:
461 traceback.print_exc()
465 traceback.print_exc()
462 debugmortem[debugger](sys.exc_info()[2])
466 debugmortem[debugger](sys.exc_info()[2])
463 raise
467 raise
464
468
465 return _callcatch(ui, _runcatchfunc)
469 return _callcatch(ui, _runcatchfunc)
466
470
467
471
468 def _callcatch(ui, func):
472 def _callcatch(ui, func):
469 """like scmutil.callcatch but handles more high-level exceptions about
473 """like scmutil.callcatch but handles more high-level exceptions about
470 config parsing and commands. besides, use handlecommandexception to handle
474 config parsing and commands. besides, use handlecommandexception to handle
471 uncaught exceptions.
475 uncaught exceptions.
472 """
476 """
473 detailed_exit_code = -1
477 detailed_exit_code = -1
474 try:
478 try:
475 return scmutil.callcatch(ui, func)
479 return scmutil.callcatch(ui, func)
476 except error.AmbiguousCommand as inst:
480 except error.AmbiguousCommand as inst:
477 detailed_exit_code = 10
481 detailed_exit_code = 10
478 ui.warn(
482 ui.warn(
479 _(b"hg: command '%s' is ambiguous:\n %s\n")
483 _(b"hg: command '%s' is ambiguous:\n %s\n")
480 % (inst.prefix, b" ".join(inst.matches))
484 % (inst.prefix, b" ".join(inst.matches))
481 )
485 )
482 except error.CommandError as inst:
486 except error.CommandError as inst:
483 detailed_exit_code = 10
487 detailed_exit_code = 10
484 if inst.command:
488 if inst.command:
485 ui.pager(b'help')
489 ui.pager(b'help')
486 msgbytes = pycompat.bytestr(inst.message)
490 msgbytes = pycompat.bytestr(inst.message)
487 ui.warn(_(b"hg %s: %s\n") % (inst.command, msgbytes))
491 ui.warn(_(b"hg %s: %s\n") % (inst.command, msgbytes))
488 commands.help_(ui, inst.command, full=False, command=True)
492 commands.help_(ui, inst.command, full=False, command=True)
489 else:
493 else:
490 ui.warn(_(b"hg: %s\n") % inst.message)
494 ui.warn(_(b"hg: %s\n") % inst.message)
491 ui.warn(_(b"(use 'hg help -v' for a list of global options)\n"))
495 ui.warn(_(b"(use 'hg help -v' for a list of global options)\n"))
492 except error.UnknownCommand as inst:
496 except error.UnknownCommand as inst:
493 detailed_exit_code = 10
497 detailed_exit_code = 10
494 nocmdmsg = _(b"hg: unknown command '%s'\n") % inst.command
498 nocmdmsg = _(b"hg: unknown command '%s'\n") % inst.command
495 try:
499 try:
496 # check if the command is in a disabled extension
500 # check if the command is in a disabled extension
497 # (but don't check for extensions themselves)
501 # (but don't check for extensions themselves)
498 formatted = help.formattedhelp(
502 formatted = help.formattedhelp(
499 ui, commands, inst.command, unknowncmd=True
503 ui, commands, inst.command, unknowncmd=True
500 )
504 )
501 ui.warn(nocmdmsg)
505 ui.warn(nocmdmsg)
502 ui.write(formatted)
506 ui.write(formatted)
503 except (error.UnknownCommand, error.Abort):
507 except (error.UnknownCommand, error.Abort):
504 suggested = False
508 suggested = False
505 if inst.all_commands:
509 if inst.all_commands:
506 sim = error.getsimilar(inst.all_commands, inst.command)
510 sim = error.getsimilar(inst.all_commands, inst.command)
507 if sim:
511 if sim:
508 ui.warn(nocmdmsg)
512 ui.warn(nocmdmsg)
509 ui.warn(b"(%s)\n" % error.similarity_hint(sim))
513 ui.warn(b"(%s)\n" % error.similarity_hint(sim))
510 suggested = True
514 suggested = True
511 if not suggested:
515 if not suggested:
512 ui.warn(nocmdmsg)
516 ui.warn(nocmdmsg)
513 ui.warn(_(b"(use 'hg help' for a list of commands)\n"))
517 ui.warn(_(b"(use 'hg help' for a list of commands)\n"))
514 except IOError:
518 except IOError:
515 raise
519 raise
516 except KeyboardInterrupt:
520 except KeyboardInterrupt:
517 raise
521 raise
518 except: # probably re-raises
522 except: # probably re-raises
519 if not handlecommandexception(ui):
523 if not handlecommandexception(ui):
520 raise
524 raise
521
525
522 if ui.configbool(b'ui', b'detailed-exit-code'):
526 if ui.configbool(b'ui', b'detailed-exit-code'):
523 return detailed_exit_code
527 return detailed_exit_code
524 else:
528 else:
525 return -1
529 return -1
526
530
527
531
528 def aliasargs(fn, givenargs):
532 def aliasargs(fn, givenargs):
529 args = []
533 args = []
530 # only care about alias 'args', ignore 'args' set by extensions.wrapfunction
534 # only care about alias 'args', ignore 'args' set by extensions.wrapfunction
531 if not util.safehasattr(fn, b'_origfunc'):
535 if not util.safehasattr(fn, b'_origfunc'):
532 args = getattr(fn, 'args', args)
536 args = getattr(fn, 'args', args)
533 if args:
537 if args:
534 cmd = b' '.join(map(procutil.shellquote, args))
538 cmd = b' '.join(map(procutil.shellquote, args))
535
539
536 nums = []
540 nums = []
537
541
538 def replacer(m):
542 def replacer(m):
539 num = int(m.group(1)) - 1
543 num = int(m.group(1)) - 1
540 nums.append(num)
544 nums.append(num)
541 if num < len(givenargs):
545 if num < len(givenargs):
542 return givenargs[num]
546 return givenargs[num]
543 raise error.InputError(_(b'too few arguments for command alias'))
547 raise error.InputError(_(b'too few arguments for command alias'))
544
548
545 cmd = re.sub(br'\$(\d+|\$)', replacer, cmd)
549 cmd = re.sub(br'\$(\d+|\$)', replacer, cmd)
546 givenargs = [x for i, x in enumerate(givenargs) if i not in nums]
550 givenargs = [x for i, x in enumerate(givenargs) if i not in nums]
547 args = pycompat.shlexsplit(cmd)
551 args = pycompat.shlexsplit(cmd)
548 return args + givenargs
552 return args + givenargs
549
553
550
554
551 def aliasinterpolate(name, args, cmd):
555 def aliasinterpolate(name, args, cmd):
552 """interpolate args into cmd for shell aliases
556 """interpolate args into cmd for shell aliases
553
557
554 This also handles $0, $@ and "$@".
558 This also handles $0, $@ and "$@".
555 """
559 """
556 # util.interpolate can't deal with "$@" (with quotes) because it's only
560 # util.interpolate can't deal with "$@" (with quotes) because it's only
557 # built to match prefix + patterns.
561 # built to match prefix + patterns.
558 replacemap = {b'$%d' % (i + 1): arg for i, arg in enumerate(args)}
562 replacemap = {b'$%d' % (i + 1): arg for i, arg in enumerate(args)}
559 replacemap[b'$0'] = name
563 replacemap[b'$0'] = name
560 replacemap[b'$$'] = b'$'
564 replacemap[b'$$'] = b'$'
561 replacemap[b'$@'] = b' '.join(args)
565 replacemap[b'$@'] = b' '.join(args)
562 # Typical Unix shells interpolate "$@" (with quotes) as all the positional
566 # Typical Unix shells interpolate "$@" (with quotes) as all the positional
563 # parameters, separated out into words. Emulate the same behavior here by
567 # parameters, separated out into words. Emulate the same behavior here by
564 # quoting the arguments individually. POSIX shells will then typically
568 # quoting the arguments individually. POSIX shells will then typically
565 # tokenize each argument into exactly one word.
569 # tokenize each argument into exactly one word.
566 replacemap[b'"$@"'] = b' '.join(procutil.shellquote(arg) for arg in args)
570 replacemap[b'"$@"'] = b' '.join(procutil.shellquote(arg) for arg in args)
567 # escape '\$' for regex
571 # escape '\$' for regex
568 regex = b'|'.join(replacemap.keys()).replace(b'$', br'\$')
572 regex = b'|'.join(replacemap.keys()).replace(b'$', br'\$')
569 r = re.compile(regex)
573 r = re.compile(regex)
570 return r.sub(lambda x: replacemap[x.group()], cmd)
574 return r.sub(lambda x: replacemap[x.group()], cmd)
571
575
572
576
573 class cmdalias(object):
577 class cmdalias(object):
574 def __init__(self, ui, name, definition, cmdtable, source):
578 def __init__(self, ui, name, definition, cmdtable, source):
575 self.name = self.cmd = name
579 self.name = self.cmd = name
576 self.cmdname = b''
580 self.cmdname = b''
577 self.definition = definition
581 self.definition = definition
578 self.fn = None
582 self.fn = None
579 self.givenargs = []
583 self.givenargs = []
580 self.opts = []
584 self.opts = []
581 self.help = b''
585 self.help = b''
582 self.badalias = None
586 self.badalias = None
583 self.unknowncmd = False
587 self.unknowncmd = False
584 self.source = source
588 self.source = source
585
589
586 try:
590 try:
587 aliases, entry = cmdutil.findcmd(self.name, cmdtable)
591 aliases, entry = cmdutil.findcmd(self.name, cmdtable)
588 for alias, e in pycompat.iteritems(cmdtable):
592 for alias, e in pycompat.iteritems(cmdtable):
589 if e is entry:
593 if e is entry:
590 self.cmd = alias
594 self.cmd = alias
591 break
595 break
592 self.shadows = True
596 self.shadows = True
593 except error.UnknownCommand:
597 except error.UnknownCommand:
594 self.shadows = False
598 self.shadows = False
595
599
596 if not self.definition:
600 if not self.definition:
597 self.badalias = _(b"no definition for alias '%s'") % self.name
601 self.badalias = _(b"no definition for alias '%s'") % self.name
598 return
602 return
599
603
600 if self.definition.startswith(b'!'):
604 if self.definition.startswith(b'!'):
601 shdef = self.definition[1:]
605 shdef = self.definition[1:]
602 self.shell = True
606 self.shell = True
603
607
604 def fn(ui, *args):
608 def fn(ui, *args):
605 env = {b'HG_ARGS': b' '.join((self.name,) + args)}
609 env = {b'HG_ARGS': b' '.join((self.name,) + args)}
606
610
607 def _checkvar(m):
611 def _checkvar(m):
608 if m.groups()[0] == b'$':
612 if m.groups()[0] == b'$':
609 return m.group()
613 return m.group()
610 elif int(m.groups()[0]) <= len(args):
614 elif int(m.groups()[0]) <= len(args):
611 return m.group()
615 return m.group()
612 else:
616 else:
613 ui.debug(
617 ui.debug(
614 b"No argument found for substitution "
618 b"No argument found for substitution "
615 b"of %i variable in alias '%s' definition.\n"
619 b"of %i variable in alias '%s' definition.\n"
616 % (int(m.groups()[0]), self.name)
620 % (int(m.groups()[0]), self.name)
617 )
621 )
618 return b''
622 return b''
619
623
620 cmd = re.sub(br'\$(\d+|\$)', _checkvar, shdef)
624 cmd = re.sub(br'\$(\d+|\$)', _checkvar, shdef)
621 cmd = aliasinterpolate(self.name, args, cmd)
625 cmd = aliasinterpolate(self.name, args, cmd)
622 return ui.system(
626 return ui.system(
623 cmd, environ=env, blockedtag=b'alias_%s' % self.name
627 cmd, environ=env, blockedtag=b'alias_%s' % self.name
624 )
628 )
625
629
626 self.fn = fn
630 self.fn = fn
627 self.alias = True
631 self.alias = True
628 self._populatehelp(ui, name, shdef, self.fn)
632 self._populatehelp(ui, name, shdef, self.fn)
629 return
633 return
630
634
631 try:
635 try:
632 args = pycompat.shlexsplit(self.definition)
636 args = pycompat.shlexsplit(self.definition)
633 except ValueError as inst:
637 except ValueError as inst:
634 self.badalias = _(b"error in definition for alias '%s': %s") % (
638 self.badalias = _(b"error in definition for alias '%s': %s") % (
635 self.name,
639 self.name,
636 stringutil.forcebytestr(inst),
640 stringutil.forcebytestr(inst),
637 )
641 )
638 return
642 return
639 earlyopts, args = _earlysplitopts(args)
643 earlyopts, args = _earlysplitopts(args)
640 if earlyopts:
644 if earlyopts:
641 self.badalias = _(
645 self.badalias = _(
642 b"error in definition for alias '%s': %s may "
646 b"error in definition for alias '%s': %s may "
643 b"only be given on the command line"
647 b"only be given on the command line"
644 ) % (self.name, b'/'.join(pycompat.ziplist(*earlyopts)[0]))
648 ) % (self.name, b'/'.join(pycompat.ziplist(*earlyopts)[0]))
645 return
649 return
646 self.cmdname = cmd = args.pop(0)
650 self.cmdname = cmd = args.pop(0)
647 self.givenargs = args
651 self.givenargs = args
648
652
649 try:
653 try:
650 tableentry = cmdutil.findcmd(cmd, cmdtable, False)[1]
654 tableentry = cmdutil.findcmd(cmd, cmdtable, False)[1]
651 if len(tableentry) > 2:
655 if len(tableentry) > 2:
652 self.fn, self.opts, cmdhelp = tableentry
656 self.fn, self.opts, cmdhelp = tableentry
653 else:
657 else:
654 self.fn, self.opts = tableentry
658 self.fn, self.opts = tableentry
655 cmdhelp = None
659 cmdhelp = None
656
660
657 self.alias = True
661 self.alias = True
658 self._populatehelp(ui, name, cmd, self.fn, cmdhelp)
662 self._populatehelp(ui, name, cmd, self.fn, cmdhelp)
659
663
660 except error.UnknownCommand:
664 except error.UnknownCommand:
661 self.badalias = _(
665 self.badalias = _(
662 b"alias '%s' resolves to unknown command '%s'"
666 b"alias '%s' resolves to unknown command '%s'"
663 ) % (
667 ) % (
664 self.name,
668 self.name,
665 cmd,
669 cmd,
666 )
670 )
667 self.unknowncmd = True
671 self.unknowncmd = True
668 except error.AmbiguousCommand:
672 except error.AmbiguousCommand:
669 self.badalias = _(
673 self.badalias = _(
670 b"alias '%s' resolves to ambiguous command '%s'"
674 b"alias '%s' resolves to ambiguous command '%s'"
671 ) % (
675 ) % (
672 self.name,
676 self.name,
673 cmd,
677 cmd,
674 )
678 )
675
679
676 def _populatehelp(self, ui, name, cmd, fn, defaulthelp=None):
680 def _populatehelp(self, ui, name, cmd, fn, defaulthelp=None):
677 # confine strings to be passed to i18n.gettext()
681 # confine strings to be passed to i18n.gettext()
678 cfg = {}
682 cfg = {}
679 for k in (b'doc', b'help', b'category'):
683 for k in (b'doc', b'help', b'category'):
680 v = ui.config(b'alias', b'%s:%s' % (name, k), None)
684 v = ui.config(b'alias', b'%s:%s' % (name, k), None)
681 if v is None:
685 if v is None:
682 continue
686 continue
683 if not encoding.isasciistr(v):
687 if not encoding.isasciistr(v):
684 self.badalias = _(
688 self.badalias = _(
685 b"non-ASCII character in alias definition '%s:%s'"
689 b"non-ASCII character in alias definition '%s:%s'"
686 ) % (name, k)
690 ) % (name, k)
687 return
691 return
688 cfg[k] = v
692 cfg[k] = v
689
693
690 self.help = cfg.get(b'help', defaulthelp or b'')
694 self.help = cfg.get(b'help', defaulthelp or b'')
691 if self.help and self.help.startswith(b"hg " + cmd):
695 if self.help and self.help.startswith(b"hg " + cmd):
692 # drop prefix in old-style help lines so hg shows the alias
696 # drop prefix in old-style help lines so hg shows the alias
693 self.help = self.help[4 + len(cmd) :]
697 self.help = self.help[4 + len(cmd) :]
694
698
695 self.owndoc = b'doc' in cfg
699 self.owndoc = b'doc' in cfg
696 doc = cfg.get(b'doc', pycompat.getdoc(fn))
700 doc = cfg.get(b'doc', pycompat.getdoc(fn))
697 if doc is not None:
701 if doc is not None:
698 doc = pycompat.sysstr(doc)
702 doc = pycompat.sysstr(doc)
699 self.__doc__ = doc
703 self.__doc__ = doc
700
704
701 self.helpcategory = cfg.get(
705 self.helpcategory = cfg.get(
702 b'category', registrar.command.CATEGORY_NONE
706 b'category', registrar.command.CATEGORY_NONE
703 )
707 )
704
708
705 @property
709 @property
706 def args(self):
710 def args(self):
707 args = pycompat.maplist(util.expandpath, self.givenargs)
711 args = pycompat.maplist(util.expandpath, self.givenargs)
708 return aliasargs(self.fn, args)
712 return aliasargs(self.fn, args)
709
713
710 def __getattr__(self, name):
714 def __getattr__(self, name):
711 adefaults = {
715 adefaults = {
712 'norepo': True,
716 'norepo': True,
713 'intents': set(),
717 'intents': set(),
714 'optionalrepo': False,
718 'optionalrepo': False,
715 'inferrepo': False,
719 'inferrepo': False,
716 }
720 }
717 if name not in adefaults:
721 if name not in adefaults:
718 raise AttributeError(name)
722 raise AttributeError(name)
719 if self.badalias or util.safehasattr(self, b'shell'):
723 if self.badalias or util.safehasattr(self, b'shell'):
720 return adefaults[name]
724 return adefaults[name]
721 return getattr(self.fn, name)
725 return getattr(self.fn, name)
722
726
723 def __call__(self, ui, *args, **opts):
727 def __call__(self, ui, *args, **opts):
724 if self.badalias:
728 if self.badalias:
725 hint = None
729 hint = None
726 if self.unknowncmd:
730 if self.unknowncmd:
727 try:
731 try:
728 # check if the command is in a disabled extension
732 # check if the command is in a disabled extension
729 cmd, ext = extensions.disabledcmd(ui, self.cmdname)[:2]
733 cmd, ext = extensions.disabledcmd(ui, self.cmdname)[:2]
730 hint = _(b"'%s' is provided by '%s' extension") % (cmd, ext)
734 hint = _(b"'%s' is provided by '%s' extension") % (cmd, ext)
731 except error.UnknownCommand:
735 except error.UnknownCommand:
732 pass
736 pass
733 raise error.ConfigError(self.badalias, hint=hint)
737 raise error.ConfigError(self.badalias, hint=hint)
734 if self.shadows:
738 if self.shadows:
735 ui.debug(
739 ui.debug(
736 b"alias '%s' shadows command '%s'\n" % (self.name, self.cmdname)
740 b"alias '%s' shadows command '%s'\n" % (self.name, self.cmdname)
737 )
741 )
738
742
739 ui.log(
743 ui.log(
740 b'commandalias',
744 b'commandalias',
741 b"alias '%s' expands to '%s'\n",
745 b"alias '%s' expands to '%s'\n",
742 self.name,
746 self.name,
743 self.definition,
747 self.definition,
744 )
748 )
745 if util.safehasattr(self, b'shell'):
749 if util.safehasattr(self, b'shell'):
746 return self.fn(ui, *args, **opts)
750 return self.fn(ui, *args, **opts)
747 else:
751 else:
748 try:
752 try:
749 return util.checksignature(self.fn)(ui, *args, **opts)
753 return util.checksignature(self.fn)(ui, *args, **opts)
750 except error.SignatureError:
754 except error.SignatureError:
751 args = b' '.join([self.cmdname] + self.args)
755 args = b' '.join([self.cmdname] + self.args)
752 ui.debug(b"alias '%s' expands to '%s'\n" % (self.name, args))
756 ui.debug(b"alias '%s' expands to '%s'\n" % (self.name, args))
753 raise
757 raise
754
758
755
759
756 class lazyaliasentry(object):
760 class lazyaliasentry(object):
757 """like a typical command entry (func, opts, help), but is lazy"""
761 """like a typical command entry (func, opts, help), but is lazy"""
758
762
759 def __init__(self, ui, name, definition, cmdtable, source):
763 def __init__(self, ui, name, definition, cmdtable, source):
760 self.ui = ui
764 self.ui = ui
761 self.name = name
765 self.name = name
762 self.definition = definition
766 self.definition = definition
763 self.cmdtable = cmdtable.copy()
767 self.cmdtable = cmdtable.copy()
764 self.source = source
768 self.source = source
765 self.alias = True
769 self.alias = True
766
770
767 @util.propertycache
771 @util.propertycache
768 def _aliasdef(self):
772 def _aliasdef(self):
769 return cmdalias(
773 return cmdalias(
770 self.ui, self.name, self.definition, self.cmdtable, self.source
774 self.ui, self.name, self.definition, self.cmdtable, self.source
771 )
775 )
772
776
773 def __getitem__(self, n):
777 def __getitem__(self, n):
774 aliasdef = self._aliasdef
778 aliasdef = self._aliasdef
775 if n == 0:
779 if n == 0:
776 return aliasdef
780 return aliasdef
777 elif n == 1:
781 elif n == 1:
778 return aliasdef.opts
782 return aliasdef.opts
779 elif n == 2:
783 elif n == 2:
780 return aliasdef.help
784 return aliasdef.help
781 else:
785 else:
782 raise IndexError
786 raise IndexError
783
787
784 def __iter__(self):
788 def __iter__(self):
785 for i in range(3):
789 for i in range(3):
786 yield self[i]
790 yield self[i]
787
791
788 def __len__(self):
792 def __len__(self):
789 return 3
793 return 3
790
794
791
795
792 def addaliases(ui, cmdtable):
796 def addaliases(ui, cmdtable):
793 # aliases are processed after extensions have been loaded, so they
797 # aliases are processed after extensions have been loaded, so they
794 # may use extension commands. Aliases can also use other alias definitions,
798 # may use extension commands. Aliases can also use other alias definitions,
795 # but only if they have been defined prior to the current definition.
799 # but only if they have been defined prior to the current definition.
796 for alias, definition in ui.configitems(b'alias', ignoresub=True):
800 for alias, definition in ui.configitems(b'alias', ignoresub=True):
797 try:
801 try:
798 if cmdtable[alias].definition == definition:
802 if cmdtable[alias].definition == definition:
799 continue
803 continue
800 except (KeyError, AttributeError):
804 except (KeyError, AttributeError):
801 # definition might not exist or it might not be a cmdalias
805 # definition might not exist or it might not be a cmdalias
802 pass
806 pass
803
807
804 source = ui.configsource(b'alias', alias)
808 source = ui.configsource(b'alias', alias)
805 entry = lazyaliasentry(ui, alias, definition, cmdtable, source)
809 entry = lazyaliasentry(ui, alias, definition, cmdtable, source)
806 cmdtable[alias] = entry
810 cmdtable[alias] = entry
807
811
808
812
809 def _parse(ui, args):
813 def _parse(ui, args):
810 options = {}
814 options = {}
811 cmdoptions = {}
815 cmdoptions = {}
812
816
813 try:
817 try:
814 args = fancyopts.fancyopts(args, commands.globalopts, options)
818 args = fancyopts.fancyopts(args, commands.globalopts, options)
815 except getopt.GetoptError as inst:
819 except getopt.GetoptError as inst:
816 raise error.CommandError(None, stringutil.forcebytestr(inst))
820 raise error.CommandError(None, stringutil.forcebytestr(inst))
817
821
818 if args:
822 if args:
819 cmd, args = args[0], args[1:]
823 cmd, args = args[0], args[1:]
820 aliases, entry = cmdutil.findcmd(
824 aliases, entry = cmdutil.findcmd(
821 cmd, commands.table, ui.configbool(b"ui", b"strict")
825 cmd, commands.table, ui.configbool(b"ui", b"strict")
822 )
826 )
823 cmd = aliases[0]
827 cmd = aliases[0]
824 args = aliasargs(entry[0], args)
828 args = aliasargs(entry[0], args)
825 defaults = ui.config(b"defaults", cmd)
829 defaults = ui.config(b"defaults", cmd)
826 if defaults:
830 if defaults:
827 args = (
831 args = (
828 pycompat.maplist(util.expandpath, pycompat.shlexsplit(defaults))
832 pycompat.maplist(util.expandpath, pycompat.shlexsplit(defaults))
829 + args
833 + args
830 )
834 )
831 c = list(entry[1])
835 c = list(entry[1])
832 else:
836 else:
833 cmd = None
837 cmd = None
834 c = []
838 c = []
835
839
836 # combine global options into local
840 # combine global options into local
837 for o in commands.globalopts:
841 for o in commands.globalopts:
838 c.append((o[0], o[1], options[o[1]], o[3]))
842 c.append((o[0], o[1], options[o[1]], o[3]))
839
843
840 try:
844 try:
841 args = fancyopts.fancyopts(args, c, cmdoptions, gnu=True)
845 args = fancyopts.fancyopts(args, c, cmdoptions, gnu=True)
842 except getopt.GetoptError as inst:
846 except getopt.GetoptError as inst:
843 raise error.CommandError(cmd, stringutil.forcebytestr(inst))
847 raise error.CommandError(cmd, stringutil.forcebytestr(inst))
844
848
845 # separate global options back out
849 # separate global options back out
846 for o in commands.globalopts:
850 for o in commands.globalopts:
847 n = o[1]
851 n = o[1]
848 options[n] = cmdoptions[n]
852 options[n] = cmdoptions[n]
849 del cmdoptions[n]
853 del cmdoptions[n]
850
854
851 return (cmd, cmd and entry[0] or None, args, options, cmdoptions)
855 return (cmd, cmd and entry[0] or None, args, options, cmdoptions)
852
856
853
857
854 def _parseconfig(ui, config):
858 def _parseconfig(ui, config):
855 """parse the --config options from the command line"""
859 """parse the --config options from the command line"""
856 configs = []
860 configs = []
857
861
858 for cfg in config:
862 for cfg in config:
859 try:
863 try:
860 name, value = [cfgelem.strip() for cfgelem in cfg.split(b'=', 1)]
864 name, value = [cfgelem.strip() for cfgelem in cfg.split(b'=', 1)]
861 section, name = name.split(b'.', 1)
865 section, name = name.split(b'.', 1)
862 if not section or not name:
866 if not section or not name:
863 raise IndexError
867 raise IndexError
864 ui.setconfig(section, name, value, b'--config')
868 ui.setconfig(section, name, value, b'--config')
865 configs.append((section, name, value))
869 configs.append((section, name, value))
866 except (IndexError, ValueError):
870 except (IndexError, ValueError):
867 raise error.InputError(
871 raise error.InputError(
868 _(
872 _(
869 b'malformed --config option: %r '
873 b'malformed --config option: %r '
870 b'(use --config section.name=value)'
874 b'(use --config section.name=value)'
871 )
875 )
872 % pycompat.bytestr(cfg)
876 % pycompat.bytestr(cfg)
873 )
877 )
874
878
875 return configs
879 return configs
876
880
877
881
878 def _earlyparseopts(ui, args):
882 def _earlyparseopts(ui, args):
879 options = {}
883 options = {}
880 fancyopts.fancyopts(
884 fancyopts.fancyopts(
881 args,
885 args,
882 commands.globalopts,
886 commands.globalopts,
883 options,
887 options,
884 gnu=not ui.plain(b'strictflags'),
888 gnu=not ui.plain(b'strictflags'),
885 early=True,
889 early=True,
886 optaliases={b'repository': [b'repo']},
890 optaliases={b'repository': [b'repo']},
887 )
891 )
888 return options
892 return options
889
893
890
894
891 def _earlysplitopts(args):
895 def _earlysplitopts(args):
892 """Split args into a list of possible early options and remainder args"""
896 """Split args into a list of possible early options and remainder args"""
893 shortoptions = b'R:'
897 shortoptions = b'R:'
894 # TODO: perhaps 'debugger' should be included
898 # TODO: perhaps 'debugger' should be included
895 longoptions = [b'cwd=', b'repository=', b'repo=', b'config=']
899 longoptions = [b'cwd=', b'repository=', b'repo=', b'config=']
896 return fancyopts.earlygetopt(
900 return fancyopts.earlygetopt(
897 args, shortoptions, longoptions, gnu=True, keepsep=True
901 args, shortoptions, longoptions, gnu=True, keepsep=True
898 )
902 )
899
903
900
904
901 def runcommand(lui, repo, cmd, fullargs, ui, options, d, cmdpats, cmdoptions):
905 def runcommand(lui, repo, cmd, fullargs, ui, options, d, cmdpats, cmdoptions):
902 # run pre-hook, and abort if it fails
906 # run pre-hook, and abort if it fails
903 hook.hook(
907 hook.hook(
904 lui,
908 lui,
905 repo,
909 repo,
906 b"pre-%s" % cmd,
910 b"pre-%s" % cmd,
907 True,
911 True,
908 args=b" ".join(fullargs),
912 args=b" ".join(fullargs),
909 pats=cmdpats,
913 pats=cmdpats,
910 opts=cmdoptions,
914 opts=cmdoptions,
911 )
915 )
912 try:
916 try:
913 ret = _runcommand(ui, options, cmd, d)
917 ret = _runcommand(ui, options, cmd, d)
914 # run post-hook, passing command result
918 # run post-hook, passing command result
915 hook.hook(
919 hook.hook(
916 lui,
920 lui,
917 repo,
921 repo,
918 b"post-%s" % cmd,
922 b"post-%s" % cmd,
919 False,
923 False,
920 args=b" ".join(fullargs),
924 args=b" ".join(fullargs),
921 result=ret,
925 result=ret,
922 pats=cmdpats,
926 pats=cmdpats,
923 opts=cmdoptions,
927 opts=cmdoptions,
924 )
928 )
925 except Exception:
929 except Exception:
926 # run failure hook and re-raise
930 # run failure hook and re-raise
927 hook.hook(
931 hook.hook(
928 lui,
932 lui,
929 repo,
933 repo,
930 b"fail-%s" % cmd,
934 b"fail-%s" % cmd,
931 False,
935 False,
932 args=b" ".join(fullargs),
936 args=b" ".join(fullargs),
933 pats=cmdpats,
937 pats=cmdpats,
934 opts=cmdoptions,
938 opts=cmdoptions,
935 )
939 )
936 raise
940 raise
937 return ret
941 return ret
938
942
939
943
940 def _readsharedsourceconfig(ui, path):
944 def _readsharedsourceconfig(ui, path):
941 """if the current repository is shared one, this tries to read
945 """if the current repository is shared one, this tries to read
942 .hg/hgrc of shared source if we are in share-safe mode
946 .hg/hgrc of shared source if we are in share-safe mode
943
947
944 Config read is loaded into the ui object passed
948 Config read is loaded into the ui object passed
945
949
946 This should be called before reading .hg/hgrc or the main repo
950 This should be called before reading .hg/hgrc or the main repo
947 as that overrides config set in shared source"""
951 as that overrides config set in shared source"""
948 try:
952 try:
949 with open(os.path.join(path, b".hg", b"requires"), "rb") as fp:
953 with open(os.path.join(path, b".hg", b"requires"), "rb") as fp:
950 requirements = set(fp.read().splitlines())
954 requirements = set(fp.read().splitlines())
951 if not (
955 if not (
952 requirementsmod.SHARESAFE_REQUIREMENT in requirements
956 requirementsmod.SHARESAFE_REQUIREMENT in requirements
953 and requirementsmod.SHARED_REQUIREMENT in requirements
957 and requirementsmod.SHARED_REQUIREMENT in requirements
954 ):
958 ):
955 return
959 return
956 hgvfs = vfs.vfs(os.path.join(path, b".hg"))
960 hgvfs = vfs.vfs(os.path.join(path, b".hg"))
957 sharedvfs = localrepo._getsharedvfs(hgvfs, requirements)
961 sharedvfs = localrepo._getsharedvfs(hgvfs, requirements)
958 root = sharedvfs.base
962 root = sharedvfs.base
959 ui.readconfig(sharedvfs.join(b"hgrc"), root)
963 ui.readconfig(sharedvfs.join(b"hgrc"), root)
960 except IOError:
964 except IOError:
961 pass
965 pass
962
966
963
967
964 def _getlocal(ui, rpath, wd=None):
968 def _getlocal(ui, rpath, wd=None):
965 """Return (path, local ui object) for the given target path.
969 """Return (path, local ui object) for the given target path.
966
970
967 Takes paths in [cwd]/.hg/hgrc into account."
971 Takes paths in [cwd]/.hg/hgrc into account."
968 """
972 """
969 if wd is None:
973 if wd is None:
970 try:
974 try:
971 wd = encoding.getcwd()
975 wd = encoding.getcwd()
972 except OSError as e:
976 except OSError as e:
973 raise error.Abort(
977 raise error.Abort(
974 _(b"error getting current working directory: %s")
978 _(b"error getting current working directory: %s")
975 % encoding.strtolocal(e.strerror)
979 % encoding.strtolocal(e.strerror)
976 )
980 )
977
981
978 path = cmdutil.findrepo(wd) or b""
982 path = cmdutil.findrepo(wd) or b""
979 if not path:
983 if not path:
980 lui = ui
984 lui = ui
981 else:
985 else:
982 lui = ui.copy()
986 lui = ui.copy()
983 if rcutil.use_repo_hgrc():
987 if rcutil.use_repo_hgrc():
984 _readsharedsourceconfig(lui, path)
988 _readsharedsourceconfig(lui, path)
985 lui.readconfig(os.path.join(path, b".hg", b"hgrc"), path)
989 lui.readconfig(os.path.join(path, b".hg", b"hgrc"), path)
986 lui.readconfig(os.path.join(path, b".hg", b"hgrc-not-shared"), path)
990 lui.readconfig(os.path.join(path, b".hg", b"hgrc-not-shared"), path)
987
991
988 if rpath:
992 if rpath:
989 path = lui.expandpath(rpath)
993 path = lui.expandpath(rpath)
990 lui = ui.copy()
994 lui = ui.copy()
991 if rcutil.use_repo_hgrc():
995 if rcutil.use_repo_hgrc():
992 _readsharedsourceconfig(lui, path)
996 _readsharedsourceconfig(lui, path)
993 lui.readconfig(os.path.join(path, b".hg", b"hgrc"), path)
997 lui.readconfig(os.path.join(path, b".hg", b"hgrc"), path)
994 lui.readconfig(os.path.join(path, b".hg", b"hgrc-not-shared"), path)
998 lui.readconfig(os.path.join(path, b".hg", b"hgrc-not-shared"), path)
995
999
996 return path, lui
1000 return path, lui
997
1001
998
1002
999 def _checkshellalias(lui, ui, args):
1003 def _checkshellalias(lui, ui, args):
1000 """Return the function to run the shell alias, if it is required"""
1004 """Return the function to run the shell alias, if it is required"""
1001 options = {}
1005 options = {}
1002
1006
1003 try:
1007 try:
1004 args = fancyopts.fancyopts(args, commands.globalopts, options)
1008 args = fancyopts.fancyopts(args, commands.globalopts, options)
1005 except getopt.GetoptError:
1009 except getopt.GetoptError:
1006 return
1010 return
1007
1011
1008 if not args:
1012 if not args:
1009 return
1013 return
1010
1014
1011 cmdtable = commands.table
1015 cmdtable = commands.table
1012
1016
1013 cmd = args[0]
1017 cmd = args[0]
1014 try:
1018 try:
1015 strict = ui.configbool(b"ui", b"strict")
1019 strict = ui.configbool(b"ui", b"strict")
1016 aliases, entry = cmdutil.findcmd(cmd, cmdtable, strict)
1020 aliases, entry = cmdutil.findcmd(cmd, cmdtable, strict)
1017 except (error.AmbiguousCommand, error.UnknownCommand):
1021 except (error.AmbiguousCommand, error.UnknownCommand):
1018 return
1022 return
1019
1023
1020 cmd = aliases[0]
1024 cmd = aliases[0]
1021 fn = entry[0]
1025 fn = entry[0]
1022
1026
1023 if cmd and util.safehasattr(fn, b'shell'):
1027 if cmd and util.safehasattr(fn, b'shell'):
1024 # shell alias shouldn't receive early options which are consumed by hg
1028 # shell alias shouldn't receive early options which are consumed by hg
1025 _earlyopts, args = _earlysplitopts(args)
1029 _earlyopts, args = _earlysplitopts(args)
1026 d = lambda: fn(ui, *args[1:])
1030 d = lambda: fn(ui, *args[1:])
1027 return lambda: runcommand(
1031 return lambda: runcommand(
1028 lui, None, cmd, args[:1], ui, options, d, [], {}
1032 lui, None, cmd, args[:1], ui, options, d, [], {}
1029 )
1033 )
1030
1034
1031
1035
1032 def _dispatch(req):
1036 def _dispatch(req):
1033 args = req.args
1037 args = req.args
1034 ui = req.ui
1038 ui = req.ui
1035
1039
1036 # check for cwd
1040 # check for cwd
1037 cwd = req.earlyoptions[b'cwd']
1041 cwd = req.earlyoptions[b'cwd']
1038 if cwd:
1042 if cwd:
1039 os.chdir(cwd)
1043 os.chdir(cwd)
1040
1044
1041 rpath = req.earlyoptions[b'repository']
1045 rpath = req.earlyoptions[b'repository']
1042 path, lui = _getlocal(ui, rpath)
1046 path, lui = _getlocal(ui, rpath)
1043
1047
1044 uis = {ui, lui}
1048 uis = {ui, lui}
1045
1049
1046 if req.repo:
1050 if req.repo:
1047 uis.add(req.repo.ui)
1051 uis.add(req.repo.ui)
1048
1052
1049 if (
1053 if (
1050 req.earlyoptions[b'verbose']
1054 req.earlyoptions[b'verbose']
1051 or req.earlyoptions[b'debug']
1055 or req.earlyoptions[b'debug']
1052 or req.earlyoptions[b'quiet']
1056 or req.earlyoptions[b'quiet']
1053 ):
1057 ):
1054 for opt in (b'verbose', b'debug', b'quiet'):
1058 for opt in (b'verbose', b'debug', b'quiet'):
1055 val = pycompat.bytestr(bool(req.earlyoptions[opt]))
1059 val = pycompat.bytestr(bool(req.earlyoptions[opt]))
1056 for ui_ in uis:
1060 for ui_ in uis:
1057 ui_.setconfig(b'ui', opt, val, b'--' + opt)
1061 ui_.setconfig(b'ui', opt, val, b'--' + opt)
1058
1062
1059 if req.earlyoptions[b'profile']:
1063 if req.earlyoptions[b'profile']:
1060 for ui_ in uis:
1064 for ui_ in uis:
1061 ui_.setconfig(b'profiling', b'enabled', b'true', b'--profile')
1065 ui_.setconfig(b'profiling', b'enabled', b'true', b'--profile')
1062
1066
1063 profile = lui.configbool(b'profiling', b'enabled')
1067 profile = lui.configbool(b'profiling', b'enabled')
1064 with profiling.profile(lui, enabled=profile) as profiler:
1068 with profiling.profile(lui, enabled=profile) as profiler:
1065 # Configure extensions in phases: uisetup, extsetup, cmdtable, and
1069 # Configure extensions in phases: uisetup, extsetup, cmdtable, and
1066 # reposetup
1070 # reposetup
1067 extensions.loadall(lui)
1071 extensions.loadall(lui)
1068 # Propagate any changes to lui.__class__ by extensions
1072 # Propagate any changes to lui.__class__ by extensions
1069 ui.__class__ = lui.__class__
1073 ui.__class__ = lui.__class__
1070
1074
1071 # (uisetup and extsetup are handled in extensions.loadall)
1075 # (uisetup and extsetup are handled in extensions.loadall)
1072
1076
1073 # (reposetup is handled in hg.repository)
1077 # (reposetup is handled in hg.repository)
1074
1078
1075 addaliases(lui, commands.table)
1079 addaliases(lui, commands.table)
1076
1080
1077 # All aliases and commands are completely defined, now.
1081 # All aliases and commands are completely defined, now.
1078 # Check abbreviation/ambiguity of shell alias.
1082 # Check abbreviation/ambiguity of shell alias.
1079 shellaliasfn = _checkshellalias(lui, ui, args)
1083 shellaliasfn = _checkshellalias(lui, ui, args)
1080 if shellaliasfn:
1084 if shellaliasfn:
1081 # no additional configs will be set, set up the ui instances
1085 # no additional configs will be set, set up the ui instances
1082 for ui_ in uis:
1086 for ui_ in uis:
1083 extensions.populateui(ui_)
1087 extensions.populateui(ui_)
1084 return shellaliasfn()
1088 return shellaliasfn()
1085
1089
1086 # check for fallback encoding
1090 # check for fallback encoding
1087 fallback = lui.config(b'ui', b'fallbackencoding')
1091 fallback = lui.config(b'ui', b'fallbackencoding')
1088 if fallback:
1092 if fallback:
1089 encoding.fallbackencoding = fallback
1093 encoding.fallbackencoding = fallback
1090
1094
1091 fullargs = args
1095 fullargs = args
1092 cmd, func, args, options, cmdoptions = _parse(lui, args)
1096 cmd, func, args, options, cmdoptions = _parse(lui, args)
1093
1097
1094 # store the canonical command name in request object for later access
1098 # store the canonical command name in request object for later access
1095 req.canonical_command = cmd
1099 req.canonical_command = cmd
1096
1100
1097 if options[b"config"] != req.earlyoptions[b"config"]:
1101 if options[b"config"] != req.earlyoptions[b"config"]:
1098 raise error.InputError(_(b"option --config may not be abbreviated"))
1102 raise error.InputError(_(b"option --config may not be abbreviated"))
1099 if options[b"cwd"] != req.earlyoptions[b"cwd"]:
1103 if options[b"cwd"] != req.earlyoptions[b"cwd"]:
1100 raise error.InputError(_(b"option --cwd may not be abbreviated"))
1104 raise error.InputError(_(b"option --cwd may not be abbreviated"))
1101 if options[b"repository"] != req.earlyoptions[b"repository"]:
1105 if options[b"repository"] != req.earlyoptions[b"repository"]:
1102 raise error.InputError(
1106 raise error.InputError(
1103 _(
1107 _(
1104 b"option -R has to be separated from other options (e.g. not "
1108 b"option -R has to be separated from other options (e.g. not "
1105 b"-qR) and --repository may only be abbreviated as --repo"
1109 b"-qR) and --repository may only be abbreviated as --repo"
1106 )
1110 )
1107 )
1111 )
1108 if options[b"debugger"] != req.earlyoptions[b"debugger"]:
1112 if options[b"debugger"] != req.earlyoptions[b"debugger"]:
1109 raise error.InputError(
1113 raise error.InputError(
1110 _(b"option --debugger may not be abbreviated")
1114 _(b"option --debugger may not be abbreviated")
1111 )
1115 )
1112 # don't validate --profile/--traceback, which can be enabled from now
1116 # don't validate --profile/--traceback, which can be enabled from now
1113
1117
1114 if options[b"encoding"]:
1118 if options[b"encoding"]:
1115 encoding.encoding = options[b"encoding"]
1119 encoding.encoding = options[b"encoding"]
1116 if options[b"encodingmode"]:
1120 if options[b"encodingmode"]:
1117 encoding.encodingmode = options[b"encodingmode"]
1121 encoding.encodingmode = options[b"encodingmode"]
1118 if options[b"time"]:
1122 if options[b"time"]:
1119
1123
1120 def get_times():
1124 def get_times():
1121 t = os.times()
1125 t = os.times()
1122 if t[4] == 0.0:
1126 if t[4] == 0.0:
1123 # Windows leaves this as zero, so use time.perf_counter()
1127 # Windows leaves this as zero, so use time.perf_counter()
1124 t = (t[0], t[1], t[2], t[3], util.timer())
1128 t = (t[0], t[1], t[2], t[3], util.timer())
1125 return t
1129 return t
1126
1130
1127 s = get_times()
1131 s = get_times()
1128
1132
1129 def print_time():
1133 def print_time():
1130 t = get_times()
1134 t = get_times()
1131 ui.warn(
1135 ui.warn(
1132 _(b"time: real %.3f secs (user %.3f+%.3f sys %.3f+%.3f)\n")
1136 _(b"time: real %.3f secs (user %.3f+%.3f sys %.3f+%.3f)\n")
1133 % (
1137 % (
1134 t[4] - s[4],
1138 t[4] - s[4],
1135 t[0] - s[0],
1139 t[0] - s[0],
1136 t[2] - s[2],
1140 t[2] - s[2],
1137 t[1] - s[1],
1141 t[1] - s[1],
1138 t[3] - s[3],
1142 t[3] - s[3],
1139 )
1143 )
1140 )
1144 )
1141
1145
1142 ui.atexit(print_time)
1146 ui.atexit(print_time)
1143 if options[b"profile"]:
1147 if options[b"profile"]:
1144 profiler.start()
1148 profiler.start()
1145
1149
1146 # if abbreviated version of this were used, take them in account, now
1150 # if abbreviated version of this were used, take them in account, now
1147 if options[b'verbose'] or options[b'debug'] or options[b'quiet']:
1151 if options[b'verbose'] or options[b'debug'] or options[b'quiet']:
1148 for opt in (b'verbose', b'debug', b'quiet'):
1152 for opt in (b'verbose', b'debug', b'quiet'):
1149 if options[opt] == req.earlyoptions[opt]:
1153 if options[opt] == req.earlyoptions[opt]:
1150 continue
1154 continue
1151 val = pycompat.bytestr(bool(options[opt]))
1155 val = pycompat.bytestr(bool(options[opt]))
1152 for ui_ in uis:
1156 for ui_ in uis:
1153 ui_.setconfig(b'ui', opt, val, b'--' + opt)
1157 ui_.setconfig(b'ui', opt, val, b'--' + opt)
1154
1158
1155 if options[b'traceback']:
1159 if options[b'traceback']:
1156 for ui_ in uis:
1160 for ui_ in uis:
1157 ui_.setconfig(b'ui', b'traceback', b'on', b'--traceback')
1161 ui_.setconfig(b'ui', b'traceback', b'on', b'--traceback')
1158
1162
1159 if options[b'noninteractive']:
1163 if options[b'noninteractive']:
1160 for ui_ in uis:
1164 for ui_ in uis:
1161 ui_.setconfig(b'ui', b'interactive', b'off', b'-y')
1165 ui_.setconfig(b'ui', b'interactive', b'off', b'-y')
1162
1166
1163 if cmdoptions.get(b'insecure', False):
1167 if cmdoptions.get(b'insecure', False):
1164 for ui_ in uis:
1168 for ui_ in uis:
1165 ui_.insecureconnections = True
1169 ui_.insecureconnections = True
1166
1170
1167 # setup color handling before pager, because setting up pager
1171 # setup color handling before pager, because setting up pager
1168 # might cause incorrect console information
1172 # might cause incorrect console information
1169 coloropt = options[b'color']
1173 coloropt = options[b'color']
1170 for ui_ in uis:
1174 for ui_ in uis:
1171 if coloropt:
1175 if coloropt:
1172 ui_.setconfig(b'ui', b'color', coloropt, b'--color')
1176 ui_.setconfig(b'ui', b'color', coloropt, b'--color')
1173 color.setup(ui_)
1177 color.setup(ui_)
1174
1178
1175 if stringutil.parsebool(options[b'pager']):
1179 if stringutil.parsebool(options[b'pager']):
1176 # ui.pager() expects 'internal-always-' prefix in this case
1180 # ui.pager() expects 'internal-always-' prefix in this case
1177 ui.pager(b'internal-always-' + cmd)
1181 ui.pager(b'internal-always-' + cmd)
1178 elif options[b'pager'] != b'auto':
1182 elif options[b'pager'] != b'auto':
1179 for ui_ in uis:
1183 for ui_ in uis:
1180 ui_.disablepager()
1184 ui_.disablepager()
1181
1185
1182 # configs are fully loaded, set up the ui instances
1186 # configs are fully loaded, set up the ui instances
1183 for ui_ in uis:
1187 for ui_ in uis:
1184 extensions.populateui(ui_)
1188 extensions.populateui(ui_)
1185
1189
1186 if options[b'version']:
1190 if options[b'version']:
1187 return commands.version_(ui)
1191 return commands.version_(ui)
1188 if options[b'help']:
1192 if options[b'help']:
1189 return commands.help_(ui, cmd, command=cmd is not None)
1193 return commands.help_(ui, cmd, command=cmd is not None)
1190 elif not cmd:
1194 elif not cmd:
1191 return commands.help_(ui, b'shortlist')
1195 return commands.help_(ui, b'shortlist')
1192
1196
1193 repo = None
1197 repo = None
1194 cmdpats = args[:]
1198 cmdpats = args[:]
1195 assert func is not None # help out pytype
1199 assert func is not None # help out pytype
1196 if not func.norepo:
1200 if not func.norepo:
1197 # use the repo from the request only if we don't have -R
1201 # use the repo from the request only if we don't have -R
1198 if not rpath and not cwd:
1202 if not rpath and not cwd:
1199 repo = req.repo
1203 repo = req.repo
1200
1204
1201 if repo:
1205 if repo:
1202 # set the descriptors of the repo ui to those of ui
1206 # set the descriptors of the repo ui to those of ui
1203 repo.ui.fin = ui.fin
1207 repo.ui.fin = ui.fin
1204 repo.ui.fout = ui.fout
1208 repo.ui.fout = ui.fout
1205 repo.ui.ferr = ui.ferr
1209 repo.ui.ferr = ui.ferr
1206 repo.ui.fmsg = ui.fmsg
1210 repo.ui.fmsg = ui.fmsg
1207 else:
1211 else:
1208 try:
1212 try:
1209 repo = hg.repository(
1213 repo = hg.repository(
1210 ui,
1214 ui,
1211 path=path,
1215 path=path,
1212 presetupfuncs=req.prereposetups,
1216 presetupfuncs=req.prereposetups,
1213 intents=func.intents,
1217 intents=func.intents,
1214 )
1218 )
1215 if not repo.local():
1219 if not repo.local():
1216 raise error.InputError(
1220 raise error.InputError(
1217 _(b"repository '%s' is not local") % path
1221 _(b"repository '%s' is not local") % path
1218 )
1222 )
1219 repo.ui.setconfig(
1223 repo.ui.setconfig(
1220 b"bundle", b"mainreporoot", repo.root, b'repo'
1224 b"bundle", b"mainreporoot", repo.root, b'repo'
1221 )
1225 )
1222 except error.RequirementError:
1226 except error.RequirementError:
1223 raise
1227 raise
1224 except error.RepoError:
1228 except error.RepoError:
1225 if rpath: # invalid -R path
1229 if rpath: # invalid -R path
1226 raise
1230 raise
1227 if not func.optionalrepo:
1231 if not func.optionalrepo:
1228 if func.inferrepo and args and not path:
1232 if func.inferrepo and args and not path:
1229 # try to infer -R from command args
1233 # try to infer -R from command args
1230 repos = pycompat.maplist(cmdutil.findrepo, args)
1234 repos = pycompat.maplist(cmdutil.findrepo, args)
1231 guess = repos[0]
1235 guess = repos[0]
1232 if guess and repos.count(guess) == len(repos):
1236 if guess and repos.count(guess) == len(repos):
1233 req.args = [b'--repository', guess] + fullargs
1237 req.args = [b'--repository', guess] + fullargs
1234 req.earlyoptions[b'repository'] = guess
1238 req.earlyoptions[b'repository'] = guess
1235 return _dispatch(req)
1239 return _dispatch(req)
1236 if not path:
1240 if not path:
1237 raise error.InputError(
1241 raise error.InputError(
1238 _(
1242 _(
1239 b"no repository found in"
1243 b"no repository found in"
1240 b" '%s' (.hg not found)"
1244 b" '%s' (.hg not found)"
1241 )
1245 )
1242 % encoding.getcwd()
1246 % encoding.getcwd()
1243 )
1247 )
1244 raise
1248 raise
1245 if repo:
1249 if repo:
1246 ui = repo.ui
1250 ui = repo.ui
1247 if options[b'hidden']:
1251 if options[b'hidden']:
1248 repo = repo.unfiltered()
1252 repo = repo.unfiltered()
1249 args.insert(0, repo)
1253 args.insert(0, repo)
1250 elif rpath:
1254 elif rpath:
1251 ui.warn(_(b"warning: --repository ignored\n"))
1255 ui.warn(_(b"warning: --repository ignored\n"))
1252
1256
1253 msg = _formatargs(fullargs)
1257 msg = _formatargs(fullargs)
1254 ui.log(b"command", b'%s\n', msg)
1258 ui.log(b"command", b'%s\n', msg)
1255 strcmdopt = pycompat.strkwargs(cmdoptions)
1259 strcmdopt = pycompat.strkwargs(cmdoptions)
1256 d = lambda: util.checksignature(func)(ui, *args, **strcmdopt)
1260 d = lambda: util.checksignature(func)(ui, *args, **strcmdopt)
1257 try:
1261 try:
1258 return runcommand(
1262 return runcommand(
1259 lui, repo, cmd, fullargs, ui, options, d, cmdpats, cmdoptions
1263 lui, repo, cmd, fullargs, ui, options, d, cmdpats, cmdoptions
1260 )
1264 )
1261 finally:
1265 finally:
1262 if repo and repo != req.repo:
1266 if repo and repo != req.repo:
1263 repo.close()
1267 repo.close()
1264
1268
1265
1269
1266 def _runcommand(ui, options, cmd, cmdfunc):
1270 def _runcommand(ui, options, cmd, cmdfunc):
1267 """Run a command function, possibly with profiling enabled."""
1271 """Run a command function, possibly with profiling enabled."""
1268 try:
1272 try:
1269 with tracing.log("Running %s command" % cmd):
1273 with tracing.log("Running %s command" % cmd):
1270 return cmdfunc()
1274 return cmdfunc()
1271 except error.SignatureError:
1275 except error.SignatureError:
1272 raise error.CommandError(cmd, _(b'invalid arguments'))
1276 raise error.CommandError(cmd, _(b'invalid arguments'))
1273
1277
1274
1278
1275 def _exceptionwarning(ui):
1279 def _exceptionwarning(ui):
1276 """Produce a warning message for the current active exception"""
1280 """Produce a warning message for the current active exception"""
1277
1281
1278 # For compatibility checking, we discard the portion of the hg
1282 # For compatibility checking, we discard the portion of the hg
1279 # version after the + on the assumption that if a "normal
1283 # version after the + on the assumption that if a "normal
1280 # user" is running a build with a + in it the packager
1284 # user" is running a build with a + in it the packager
1281 # probably built from fairly close to a tag and anyone with a
1285 # probably built from fairly close to a tag and anyone with a
1282 # 'make local' copy of hg (where the version number can be out
1286 # 'make local' copy of hg (where the version number can be out
1283 # of date) will be clueful enough to notice the implausible
1287 # of date) will be clueful enough to notice the implausible
1284 # version number and try updating.
1288 # version number and try updating.
1285 ct = util.versiontuple(n=2)
1289 ct = util.versiontuple(n=2)
1286 worst = None, ct, b'', b''
1290 worst = None, ct, b'', b''
1287 if ui.config(b'ui', b'supportcontact') is None:
1291 if ui.config(b'ui', b'supportcontact') is None:
1288 for name, mod in extensions.extensions():
1292 for name, mod in extensions.extensions():
1289 # 'testedwith' should be bytes, but not all extensions are ported
1293 # 'testedwith' should be bytes, but not all extensions are ported
1290 # to py3 and we don't want UnicodeException because of that.
1294 # to py3 and we don't want UnicodeException because of that.
1291 testedwith = stringutil.forcebytestr(
1295 testedwith = stringutil.forcebytestr(
1292 getattr(mod, 'testedwith', b'')
1296 getattr(mod, 'testedwith', b'')
1293 )
1297 )
1294 version = extensions.moduleversion(mod)
1298 version = extensions.moduleversion(mod)
1295 report = getattr(mod, 'buglink', _(b'the extension author.'))
1299 report = getattr(mod, 'buglink', _(b'the extension author.'))
1296 if not testedwith.strip():
1300 if not testedwith.strip():
1297 # We found an untested extension. It's likely the culprit.
1301 # We found an untested extension. It's likely the culprit.
1298 worst = name, b'unknown', report, version
1302 worst = name, b'unknown', report, version
1299 break
1303 break
1300
1304
1301 # Never blame on extensions bundled with Mercurial.
1305 # Never blame on extensions bundled with Mercurial.
1302 if extensions.ismoduleinternal(mod):
1306 if extensions.ismoduleinternal(mod):
1303 continue
1307 continue
1304
1308
1305 tested = [util.versiontuple(t, 2) for t in testedwith.split()]
1309 tested = [util.versiontuple(t, 2) for t in testedwith.split()]
1306 if ct in tested:
1310 if ct in tested:
1307 continue
1311 continue
1308
1312
1309 lower = [t for t in tested if t < ct]
1313 lower = [t for t in tested if t < ct]
1310 nearest = max(lower or tested)
1314 nearest = max(lower or tested)
1311 if worst[0] is None or nearest < worst[1]:
1315 if worst[0] is None or nearest < worst[1]:
1312 worst = name, nearest, report, version
1316 worst = name, nearest, report, version
1313 if worst[0] is not None:
1317 if worst[0] is not None:
1314 name, testedwith, report, version = worst
1318 name, testedwith, report, version = worst
1315 if not isinstance(testedwith, (bytes, str)):
1319 if not isinstance(testedwith, (bytes, str)):
1316 testedwith = b'.'.join(
1320 testedwith = b'.'.join(
1317 [stringutil.forcebytestr(c) for c in testedwith]
1321 [stringutil.forcebytestr(c) for c in testedwith]
1318 )
1322 )
1319 extver = version or _(b"(version N/A)")
1323 extver = version or _(b"(version N/A)")
1320 warning = _(
1324 warning = _(
1321 b'** Unknown exception encountered with '
1325 b'** Unknown exception encountered with '
1322 b'possibly-broken third-party extension "%s" %s\n'
1326 b'possibly-broken third-party extension "%s" %s\n'
1323 b'** which supports versions %s of Mercurial.\n'
1327 b'** which supports versions %s of Mercurial.\n'
1324 b'** Please disable "%s" and try your action again.\n'
1328 b'** Please disable "%s" and try your action again.\n'
1325 b'** If that fixes the bug please report it to %s\n'
1329 b'** If that fixes the bug please report it to %s\n'
1326 ) % (name, extver, testedwith, name, stringutil.forcebytestr(report))
1330 ) % (name, extver, testedwith, name, stringutil.forcebytestr(report))
1327 else:
1331 else:
1328 bugtracker = ui.config(b'ui', b'supportcontact')
1332 bugtracker = ui.config(b'ui', b'supportcontact')
1329 if bugtracker is None:
1333 if bugtracker is None:
1330 bugtracker = _(b"https://mercurial-scm.org/wiki/BugTracker")
1334 bugtracker = _(b"https://mercurial-scm.org/wiki/BugTracker")
1331 warning = (
1335 warning = (
1332 _(
1336 _(
1333 b"** unknown exception encountered, "
1337 b"** unknown exception encountered, "
1334 b"please report by visiting\n** "
1338 b"please report by visiting\n** "
1335 )
1339 )
1336 + bugtracker
1340 + bugtracker
1337 + b'\n'
1341 + b'\n'
1338 )
1342 )
1339 sysversion = pycompat.sysbytes(sys.version).replace(b'\n', b'')
1343 sysversion = pycompat.sysbytes(sys.version).replace(b'\n', b'')
1340
1344
1341 def ext_with_ver(x):
1345 def ext_with_ver(x):
1342 ext = x[0]
1346 ext = x[0]
1343 ver = extensions.moduleversion(x[1])
1347 ver = extensions.moduleversion(x[1])
1344 if ver:
1348 if ver:
1345 ext += b' ' + ver
1349 ext += b' ' + ver
1346 return ext
1350 return ext
1347
1351
1348 warning += (
1352 warning += (
1349 (_(b"** Python %s\n") % sysversion)
1353 (_(b"** Python %s\n") % sysversion)
1350 + (_(b"** Mercurial Distributed SCM (version %s)\n") % util.version())
1354 + (_(b"** Mercurial Distributed SCM (version %s)\n") % util.version())
1351 + (
1355 + (
1352 _(b"** Extensions loaded: %s\n")
1356 _(b"** Extensions loaded: %s\n")
1353 % b", ".join(
1357 % b", ".join(
1354 [ext_with_ver(x) for x in sorted(extensions.extensions())]
1358 [ext_with_ver(x) for x in sorted(extensions.extensions())]
1355 )
1359 )
1356 )
1360 )
1357 )
1361 )
1358 return warning
1362 return warning
1359
1363
1360
1364
1361 def handlecommandexception(ui):
1365 def handlecommandexception(ui):
1362 """Produce a warning message for broken commands
1366 """Produce a warning message for broken commands
1363
1367
1364 Called when handling an exception; the exception is reraised if
1368 Called when handling an exception; the exception is reraised if
1365 this function returns False, ignored otherwise.
1369 this function returns False, ignored otherwise.
1366 """
1370 """
1367 warning = _exceptionwarning(ui)
1371 warning = _exceptionwarning(ui)
1368 ui.log(
1372 ui.log(
1369 b"commandexception",
1373 b"commandexception",
1370 b"%s\n%s\n",
1374 b"%s\n%s\n",
1371 warning,
1375 warning,
1372 pycompat.sysbytes(traceback.format_exc()),
1376 pycompat.sysbytes(traceback.format_exc()),
1373 )
1377 )
1374 ui.warn(warning)
1378 ui.warn(warning)
1375 return False # re-raise the exception
1379 return False # re-raise the exception
Show file before | Show file after | Hide comments
@@ -1,305 +1,305 b''
1 # osutil.py - pure Python version of osutil.c
1 # osutil.py - pure Python version of osutil.c
2 #
2 #
3 # Copyright 2009 Matt Mackall <mpm@selenic.com> and others
3 # Copyright 2009 Matt Mackall <mpm@selenic.com> and others
4 #
4 #
5 # This software may be used and distributed according to the terms of the
5 # This software may be used and distributed according to the terms of the
6 # GNU General Public License version 2 or any later version.
6 # GNU General Public License version 2 or any later version.
7
7
8 from __future__ import absolute_import, division
8 from __future__ import absolute_import, division
9
9
10 import ctypes
10 import ctypes
11 import ctypes.util
11 import ctypes.util
12 import os
12 import os
13 import socket
13 import socket
14 import stat as statmod
14 import stat as statmod
15
15
16 from ..pycompat import getattr
16 from ..pycompat import getattr
17 from .. import (
17 from .. import (
18 encoding,
18 encoding,
19 pycompat,
19 pycompat,
20 )
20 )
21
21
22
22
23 def _mode_to_kind(mode):
23 def _mode_to_kind(mode):
24 if statmod.S_ISREG(mode):
24 if statmod.S_ISREG(mode):
25 return statmod.S_IFREG
25 return statmod.S_IFREG
26 if statmod.S_ISDIR(mode):
26 if statmod.S_ISDIR(mode):
27 return statmod.S_IFDIR
27 return statmod.S_IFDIR
28 if statmod.S_ISLNK(mode):
28 if statmod.S_ISLNK(mode):
29 return statmod.S_IFLNK
29 return statmod.S_IFLNK
30 if statmod.S_ISBLK(mode):
30 if statmod.S_ISBLK(mode):
31 return statmod.S_IFBLK
31 return statmod.S_IFBLK
32 if statmod.S_ISCHR(mode):
32 if statmod.S_ISCHR(mode):
33 return statmod.S_IFCHR
33 return statmod.S_IFCHR
34 if statmod.S_ISFIFO(mode):
34 if statmod.S_ISFIFO(mode):
35 return statmod.S_IFIFO
35 return statmod.S_IFIFO
36 if statmod.S_ISSOCK(mode):
36 if statmod.S_ISSOCK(mode):
37 return statmod.S_IFSOCK
37 return statmod.S_IFSOCK
38 return mode
38 return mode
39
39
40
40
41 def listdir(path, stat=False, skip=None):
41 def listdir(path, stat=False, skip=None):
42 """listdir(path, stat=False) -> list_of_tuples
42 """listdir(path, stat=False) -> list_of_tuples
43
43
44 Return a sorted list containing information about the entries
44 Return a sorted list containing information about the entries
45 in the directory.
45 in the directory.
46
46
47 If stat is True, each element is a 3-tuple:
47 If stat is True, each element is a 3-tuple:
48
48
49 (name, type, stat object)
49 (name, type, stat object)
50
50
51 Otherwise, each element is a 2-tuple:
51 Otherwise, each element is a 2-tuple:
52
52
53 (name, type)
53 (name, type)
54 """
54 """
55 result = []
55 result = []
56 prefix = path
56 prefix = path
57 if not prefix.endswith(pycompat.ossep):
57 if not prefix.endswith(pycompat.ossep):
58 prefix += pycompat.ossep
58 prefix += pycompat.ossep
59 names = os.listdir(path)
59 names = os.listdir(path)
60 names.sort()
60 names.sort()
61 for fn in names:
61 for fn in names:
62 st = os.lstat(prefix + fn)
62 st = os.lstat(prefix + fn)
63 if fn == skip and statmod.S_ISDIR(st.st_mode):
63 if fn == skip and statmod.S_ISDIR(st.st_mode):
64 return []
64 return []
65 if stat:
65 if stat:
66 result.append((fn, _mode_to_kind(st.st_mode), st))
66 result.append((fn, _mode_to_kind(st.st_mode), st))
67 else:
67 else:
68 result.append((fn, _mode_to_kind(st.st_mode)))
68 result.append((fn, _mode_to_kind(st.st_mode)))
69 return result
69 return result
70
70
71
71
72 if not pycompat.iswindows:
72 if not pycompat.iswindows:
73 posixfile = open
73 posixfile = open
74
74
75 _SCM_RIGHTS = 0x01
75 _SCM_RIGHTS = 0x01
76 _socklen_t = ctypes.c_uint
76 _socklen_t = ctypes.c_uint
77
77
78 if pycompat.sysplatform.startswith(b'linux'):
78 if pycompat.sysplatform.startswith(b'linux'):
79 # socket.h says "the type should be socklen_t but the definition of
79 # socket.h says "the type should be socklen_t but the definition of
80 # the kernel is incompatible with this."
80 # the kernel is incompatible with this."
81 _cmsg_len_t = ctypes.c_size_t
81 _cmsg_len_t = ctypes.c_size_t
82 _msg_controllen_t = ctypes.c_size_t
82 _msg_controllen_t = ctypes.c_size_t
83 _msg_iovlen_t = ctypes.c_size_t
83 _msg_iovlen_t = ctypes.c_size_t
84 else:
84 else:
85 _cmsg_len_t = _socklen_t
85 _cmsg_len_t = _socklen_t
86 _msg_controllen_t = _socklen_t
86 _msg_controllen_t = _socklen_t
87 _msg_iovlen_t = ctypes.c_int
87 _msg_iovlen_t = ctypes.c_int
88
88
89 class _iovec(ctypes.Structure):
89 class _iovec(ctypes.Structure):
90 _fields_ = [
90 _fields_ = [
91 (u'iov_base', ctypes.c_void_p),
91 (u'iov_base', ctypes.c_void_p),
92 (u'iov_len', ctypes.c_size_t),
92 (u'iov_len', ctypes.c_size_t),
93 ]
93 ]
94
94
95 class _msghdr(ctypes.Structure):
95 class _msghdr(ctypes.Structure):
96 _fields_ = [
96 _fields_ = [
97 (u'msg_name', ctypes.c_void_p),
97 (u'msg_name', ctypes.c_void_p),
98 (u'msg_namelen', _socklen_t),
98 (u'msg_namelen', _socklen_t),
99 (u'msg_iov', ctypes.POINTER(_iovec)),
99 (u'msg_iov', ctypes.POINTER(_iovec)),
100 (u'msg_iovlen', _msg_iovlen_t),
100 (u'msg_iovlen', _msg_iovlen_t),
101 (u'msg_control', ctypes.c_void_p),
101 (u'msg_control', ctypes.c_void_p),
102 (u'msg_controllen', _msg_controllen_t),
102 (u'msg_controllen', _msg_controllen_t),
103 (u'msg_flags', ctypes.c_int),
103 (u'msg_flags', ctypes.c_int),
104 ]
104 ]
105
105
106 class _cmsghdr(ctypes.Structure):
106 class _cmsghdr(ctypes.Structure):
107 _fields_ = [
107 _fields_ = [
108 (u'cmsg_len', _cmsg_len_t),
108 (u'cmsg_len', _cmsg_len_t),
109 (u'cmsg_level', ctypes.c_int),
109 (u'cmsg_level', ctypes.c_int),
110 (u'cmsg_type', ctypes.c_int),
110 (u'cmsg_type', ctypes.c_int),
111 (u'cmsg_data', ctypes.c_ubyte * 0),
111 (u'cmsg_data', ctypes.c_ubyte * 0),
112 ]
112 ]
113
113
114 _libc = ctypes.CDLL(ctypes.util.find_library(u'c'), use_errno=True)
114 _libc = ctypes.CDLL(ctypes.util.find_library(u'c'), use_errno=True)
115 _recvmsg = getattr(_libc, 'recvmsg', None)
115 _recvmsg = getattr(_libc, 'recvmsg', None)
116 if _recvmsg:
116 if _recvmsg:
117 _recvmsg.restype = getattr(ctypes, 'c_ssize_t', ctypes.c_long)
117 _recvmsg.restype = getattr(ctypes, 'c_ssize_t', ctypes.c_long)
118 _recvmsg.argtypes = (
118 _recvmsg.argtypes = (
119 ctypes.c_int,
119 ctypes.c_int,
120 ctypes.POINTER(_msghdr),
120 ctypes.POINTER(_msghdr),
121 ctypes.c_int,
121 ctypes.c_int,
122 )
122 )
123 else:
123 else:
124 # recvmsg isn't always provided by libc; such systems are unsupported
124 # recvmsg isn't always provided by libc; such systems are unsupported
125 def _recvmsg(sockfd, msg, flags):
125 def _recvmsg(sockfd, msg, flags):
126 raise NotImplementedError(b'unsupported platform')
126 raise NotImplementedError(b'unsupported platform')
127
127
128 def _CMSG_FIRSTHDR(msgh):
128 def _CMSG_FIRSTHDR(msgh):
129 if msgh.msg_controllen < ctypes.sizeof(_cmsghdr):
129 if msgh.msg_controllen < ctypes.sizeof(_cmsghdr):
130 return
130 return
131 cmsgptr = ctypes.cast(msgh.msg_control, ctypes.POINTER(_cmsghdr))
131 cmsgptr = ctypes.cast(msgh.msg_control, ctypes.POINTER(_cmsghdr))
132 return cmsgptr.contents
132 return cmsgptr.contents
133
133
134 # The pure version is less portable than the native version because the
134 # The pure version is less portable than the native version because the
135 # handling of socket ancillary data heavily depends on C preprocessor.
135 # handling of socket ancillary data heavily depends on C preprocessor.
136 # Also, some length fields are wrongly typed in Linux kernel.
136 # Also, some length fields are wrongly typed in Linux kernel.
137 def recvfds(sockfd):
137 def recvfds(sockfd):
138 """receive list of file descriptors via socket"""
138 """receive list of file descriptors via socket"""
139 dummy = (ctypes.c_ubyte * 1)()
139 dummy = (ctypes.c_ubyte * 1)()
140 iov = _iovec(ctypes.cast(dummy, ctypes.c_void_p), ctypes.sizeof(dummy))
140 iov = _iovec(ctypes.cast(dummy, ctypes.c_void_p), ctypes.sizeof(dummy))
141 cbuf = ctypes.create_string_buffer(256)
141 cbuf = ctypes.create_string_buffer(256)
142 msgh = _msghdr(
142 msgh = _msghdr(
143 None,
143 None,
144 0,
144 0,
145 ctypes.pointer(iov),
145 ctypes.pointer(iov),
146 1,
146 1,
147 ctypes.cast(cbuf, ctypes.c_void_p),
147 ctypes.cast(cbuf, ctypes.c_void_p),
148 ctypes.sizeof(cbuf),
148 ctypes.sizeof(cbuf),
149 0,
149 0,
150 )
150 )
151 r = _recvmsg(sockfd, ctypes.byref(msgh), 0)
151 r = _recvmsg(sockfd, ctypes.byref(msgh), 0)
152 if r < 0:
152 if r < 0:
153 e = ctypes.get_errno()
153 e = ctypes.get_errno()
154 raise OSError(e, os.strerror(e))
154 raise OSError(e, os.strerror(e))
155 # assumes that the first cmsg has fds because it isn't easy to write
155 # assumes that the first cmsg has fds because it isn't easy to write
156 # portable CMSG_NXTHDR() with ctypes.
156 # portable CMSG_NXTHDR() with ctypes.
157 cmsg = _CMSG_FIRSTHDR(msgh)
157 cmsg = _CMSG_FIRSTHDR(msgh)
158 if not cmsg:
158 if not cmsg:
159 return []
159 return []
160 if (
160 if (
161 cmsg.cmsg_level != socket.SOL_SOCKET
161 cmsg.cmsg_level != socket.SOL_SOCKET
162 or cmsg.cmsg_type != _SCM_RIGHTS
162 or cmsg.cmsg_type != _SCM_RIGHTS
163 ):
163 ):
164 return []
164 return []
165 rfds = ctypes.cast(cmsg.cmsg_data, ctypes.POINTER(ctypes.c_int))
165 rfds = ctypes.cast(cmsg.cmsg_data, ctypes.POINTER(ctypes.c_int))
166 rfdscount = (
166 rfdscount = (
167 cmsg.cmsg_len - _cmsghdr.cmsg_data.offset
167 cmsg.cmsg_len - _cmsghdr.cmsg_data.offset
168 ) // ctypes.sizeof(ctypes.c_int)
168 ) // ctypes.sizeof(ctypes.c_int)
169 return [rfds[i] for i in pycompat.xrange(rfdscount)]
169 return [rfds[i] for i in pycompat.xrange(rfdscount)]
170
170
171
171
172 else:
172 else:
173 import msvcrt
173 import msvcrt
174
174
175 _kernel32 = ctypes.windll.kernel32
175 _kernel32 = ctypes.windll.kernel32 # pytype: disable=module-attr
176
176
177 _DWORD = ctypes.c_ulong
177 _DWORD = ctypes.c_ulong
178 _LPCSTR = _LPSTR = ctypes.c_char_p
178 _LPCSTR = _LPSTR = ctypes.c_char_p
179 _HANDLE = ctypes.c_void_p
179 _HANDLE = ctypes.c_void_p
180
180
181 _INVALID_HANDLE_VALUE = _HANDLE(-1).value
181 _INVALID_HANDLE_VALUE = _HANDLE(-1).value
182
182
183 # CreateFile
183 # CreateFile
184 _FILE_SHARE_READ = 0x00000001
184 _FILE_SHARE_READ = 0x00000001
185 _FILE_SHARE_WRITE = 0x00000002
185 _FILE_SHARE_WRITE = 0x00000002
186 _FILE_SHARE_DELETE = 0x00000004
186 _FILE_SHARE_DELETE = 0x00000004
187
187
188 _CREATE_ALWAYS = 2
188 _CREATE_ALWAYS = 2
189 _OPEN_EXISTING = 3
189 _OPEN_EXISTING = 3
190 _OPEN_ALWAYS = 4
190 _OPEN_ALWAYS = 4
191
191
192 _GENERIC_READ = 0x80000000
192 _GENERIC_READ = 0x80000000
193 _GENERIC_WRITE = 0x40000000
193 _GENERIC_WRITE = 0x40000000
194
194
195 _FILE_ATTRIBUTE_NORMAL = 0x80
195 _FILE_ATTRIBUTE_NORMAL = 0x80
196
196
197 # open_osfhandle flags
197 # open_osfhandle flags
198 _O_RDONLY = 0x0000
198 _O_RDONLY = 0x0000
199 _O_RDWR = 0x0002
199 _O_RDWR = 0x0002
200 _O_APPEND = 0x0008
200 _O_APPEND = 0x0008
201
201
202 _O_TEXT = 0x4000
202 _O_TEXT = 0x4000
203 _O_BINARY = 0x8000
203 _O_BINARY = 0x8000
204
204
205 # types of parameters of C functions used (required by pypy)
205 # types of parameters of C functions used (required by pypy)
206
206
207 _kernel32.CreateFileA.argtypes = [
207 _kernel32.CreateFileA.argtypes = [
208 _LPCSTR,
208 _LPCSTR,
209 _DWORD,
209 _DWORD,
210 _DWORD,
210 _DWORD,
211 ctypes.c_void_p,
211 ctypes.c_void_p,
212 _DWORD,
212 _DWORD,
213 _DWORD,
213 _DWORD,
214 _HANDLE,
214 _HANDLE,
215 ]
215 ]
216 _kernel32.CreateFileA.restype = _HANDLE
216 _kernel32.CreateFileA.restype = _HANDLE
217
217
218 def _raiseioerror(name):
218 def _raiseioerror(name):
219 err = ctypes.WinError()
219 err = ctypes.WinError() # pytype: disable=module-attr
220 raise IOError(
220 raise IOError(
221 err.errno, '%s: %s' % (encoding.strfromlocal(name), err.strerror)
221 err.errno, '%s: %s' % (encoding.strfromlocal(name), err.strerror)
222 )
222 )
223
223
224 class posixfile(object):
224 class posixfile(object):
225 """a file object aiming for POSIX-like semantics
225 """a file object aiming for POSIX-like semantics
226
226
227 CPython's open() returns a file that was opened *without* setting the
227 CPython's open() returns a file that was opened *without* setting the
228 _FILE_SHARE_DELETE flag, which causes rename and unlink to abort.
228 _FILE_SHARE_DELETE flag, which causes rename and unlink to abort.
229 This even happens if any hardlinked copy of the file is in open state.
229 This even happens if any hardlinked copy of the file is in open state.
230 We set _FILE_SHARE_DELETE here, so files opened with posixfile can be
230 We set _FILE_SHARE_DELETE here, so files opened with posixfile can be
231 renamed and deleted while they are held open.
231 renamed and deleted while they are held open.
232 Note that if a file opened with posixfile is unlinked, the file
232 Note that if a file opened with posixfile is unlinked, the file
233 remains but cannot be opened again or be recreated under the same name,
233 remains but cannot be opened again or be recreated under the same name,
234 until all reading processes have closed the file."""
234 until all reading processes have closed the file."""
235
235
236 def __init__(self, name, mode=b'r', bufsize=-1):
236 def __init__(self, name, mode=b'r', bufsize=-1):
237 if b'b' in mode:
237 if b'b' in mode:
238 flags = _O_BINARY
238 flags = _O_BINARY
239 else:
239 else:
240 flags = _O_TEXT
240 flags = _O_TEXT
241
241
242 m0 = mode[0:1]
242 m0 = mode[0:1]
243 if m0 == b'r' and b'+' not in mode:
243 if m0 == b'r' and b'+' not in mode:
244 flags |= _O_RDONLY
244 flags |= _O_RDONLY
245 access = _GENERIC_READ
245 access = _GENERIC_READ
246 else:
246 else:
247 # work around http://support.microsoft.com/kb/899149 and
247 # work around http://support.microsoft.com/kb/899149 and
248 # set _O_RDWR for 'w' and 'a', even if mode has no '+'
248 # set _O_RDWR for 'w' and 'a', even if mode has no '+'
249 flags |= _O_RDWR
249 flags |= _O_RDWR
250 access = _GENERIC_READ | _GENERIC_WRITE
250 access = _GENERIC_READ | _GENERIC_WRITE
251
251
252 if m0 == b'r':
252 if m0 == b'r':
253 creation = _OPEN_EXISTING
253 creation = _OPEN_EXISTING
254 elif m0 == b'w':
254 elif m0 == b'w':
255 creation = _CREATE_ALWAYS
255 creation = _CREATE_ALWAYS
256 elif m0 == b'a':
256 elif m0 == b'a':
257 creation = _OPEN_ALWAYS
257 creation = _OPEN_ALWAYS
258 flags |= _O_APPEND
258 flags |= _O_APPEND
259 else:
259 else:
260 raise ValueError("invalid mode: %s" % pycompat.sysstr(mode))
260 raise ValueError("invalid mode: %s" % pycompat.sysstr(mode))
261
261
262 fh = _kernel32.CreateFileA(
262 fh = _kernel32.CreateFileA(
263 name,
263 name,
264 access,
264 access,
265 _FILE_SHARE_READ | _FILE_SHARE_WRITE | _FILE_SHARE_DELETE,
265 _FILE_SHARE_READ | _FILE_SHARE_WRITE | _FILE_SHARE_DELETE,
266 None,
266 None,
267 creation,
267 creation,
268 _FILE_ATTRIBUTE_NORMAL,
268 _FILE_ATTRIBUTE_NORMAL,
269 None,
269 None,
270 )
270 )
271 if fh == _INVALID_HANDLE_VALUE:
271 if fh == _INVALID_HANDLE_VALUE:
272 _raiseioerror(name)
272 _raiseioerror(name)
273
273
274 fd = msvcrt.open_osfhandle(fh, flags)
274 fd = msvcrt.open_osfhandle(fh, flags) # pytype: disable=module-attr
275 if fd == -1:
275 if fd == -1:
276 _kernel32.CloseHandle(fh)
276 _kernel32.CloseHandle(fh)
277 _raiseioerror(name)
277 _raiseioerror(name)
278
278
279 f = os.fdopen(fd, pycompat.sysstr(mode), bufsize)
279 f = os.fdopen(fd, pycompat.sysstr(mode), bufsize)
280 # unfortunately, f.name is '<fdopen>' at this point -- so we store
280 # unfortunately, f.name is '<fdopen>' at this point -- so we store
281 # the name on this wrapper. We cannot just assign to f.name,
281 # the name on this wrapper. We cannot just assign to f.name,
282 # because that attribute is read-only.
282 # because that attribute is read-only.
283 object.__setattr__(self, 'name', name)
283 object.__setattr__(self, 'name', name)
284 object.__setattr__(self, '_file', f)
284 object.__setattr__(self, '_file', f)
285
285
286 def __iter__(self):
286 def __iter__(self):
287 return self._file
287 return self._file
288
288
289 def __getattr__(self, name):
289 def __getattr__(self, name):
290 return getattr(self._file, name)
290 return getattr(self._file, name)
291
291
292 def __setattr__(self, name, value):
292 def __setattr__(self, name, value):
293 """mimics the read-only attributes of Python file objects
293 """mimics the read-only attributes of Python file objects
294 by raising 'TypeError: readonly attribute' if someone tries:
294 by raising 'TypeError: readonly attribute' if someone tries:
295 f = posixfile('foo.txt')
295 f = posixfile('foo.txt')
296 f.name = 'bla'
296 f.name = 'bla'
297 """
297 """
298 return self._file.__setattr__(name, value)
298 return self._file.__setattr__(name, value)
299
299
300 def __enter__(self):
300 def __enter__(self):
301 self._file.__enter__()
301 self._file.__enter__()
302 return self
302 return self
303
303
304 def __exit__(self, exc_type, exc_value, exc_tb):
304 def __exit__(self, exc_type, exc_value, exc_tb):
305 return self._file.__exit__(exc_type, exc_value, exc_tb)
305 return self._file.__exit__(exc_type, exc_value, exc_tb)
Show file before | Show file after | Hide comments
@@ -1,836 +1,838 b''
1 # sslutil.py - SSL handling for mercurial
1 # sslutil.py - SSL handling for mercurial
2 #
2 #
3 # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com>
3 # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com>
4 # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br>
4 # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br>
5 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
5 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
6 #
6 #
7 # This software may be used and distributed according to the terms of the
7 # This software may be used and distributed according to the terms of the
8 # GNU General Public License version 2 or any later version.
8 # GNU General Public License version 2 or any later version.
9
9
10 from __future__ import absolute_import
10 from __future__ import absolute_import
11
11
12 import hashlib
12 import hashlib
13 import os
13 import os
14 import re
14 import re
15 import ssl
15 import ssl
16
16
17 from .i18n import _
17 from .i18n import _
18 from .pycompat import getattr
18 from .pycompat import getattr
19 from .node import hex
19 from .node import hex
20 from . import (
20 from . import (
21 encoding,
21 encoding,
22 error,
22 error,
23 pycompat,
23 pycompat,
24 util,
24 util,
25 )
25 )
26 from .utils import (
26 from .utils import (
27 hashutil,
27 hashutil,
28 resourceutil,
28 resourceutil,
29 stringutil,
29 stringutil,
30 )
30 )
31
31
32 # Python 2.7.9+ overhauled the built-in SSL/TLS features of Python. It added
32 # Python 2.7.9+ overhauled the built-in SSL/TLS features of Python. It added
33 # support for TLS 1.1, TLS 1.2, SNI, system CA stores, etc. These features are
33 # support for TLS 1.1, TLS 1.2, SNI, system CA stores, etc. These features are
34 # all exposed via the "ssl" module.
34 # all exposed via the "ssl" module.
35 #
35 #
36 # We require in setup.py the presence of ssl.SSLContext, which indicates modern
36 # We require in setup.py the presence of ssl.SSLContext, which indicates modern
37 # SSL/TLS support.
37 # SSL/TLS support.
38
38
39 configprotocols = {
39 configprotocols = {
40 b'tls1.0',
40 b'tls1.0',
41 b'tls1.1',
41 b'tls1.1',
42 b'tls1.2',
42 b'tls1.2',
43 }
43 }
44
44
45 hassni = getattr(ssl, 'HAS_SNI', False)
45 hassni = getattr(ssl, 'HAS_SNI', False)
46
46
47 # ssl.HAS_TLSv1* are preferred to check support but they were added in Python
47 # ssl.HAS_TLSv1* are preferred to check support but they were added in Python
48 # 3.7. Prior to CPython commit 6e8cda91d92da72800d891b2fc2073ecbc134d98
48 # 3.7. Prior to CPython commit 6e8cda91d92da72800d891b2fc2073ecbc134d98
49 # (backported to the 3.7 branch), ssl.PROTOCOL_TLSv1_1 / ssl.PROTOCOL_TLSv1_2
49 # (backported to the 3.7 branch), ssl.PROTOCOL_TLSv1_1 / ssl.PROTOCOL_TLSv1_2
50 # were defined only if compiled against a OpenSSL version with TLS 1.1 / 1.2
50 # were defined only if compiled against a OpenSSL version with TLS 1.1 / 1.2
51 # support. At the mentioned commit, they were unconditionally defined.
51 # support. At the mentioned commit, they were unconditionally defined.
52 supportedprotocols = set()
52 supportedprotocols = set()
53 if getattr(ssl, 'HAS_TLSv1', util.safehasattr(ssl, 'PROTOCOL_TLSv1')):
53 if getattr(ssl, 'HAS_TLSv1', util.safehasattr(ssl, 'PROTOCOL_TLSv1')):
54 supportedprotocols.add(b'tls1.0')
54 supportedprotocols.add(b'tls1.0')
55 if getattr(ssl, 'HAS_TLSv1_1', util.safehasattr(ssl, 'PROTOCOL_TLSv1_1')):
55 if getattr(ssl, 'HAS_TLSv1_1', util.safehasattr(ssl, 'PROTOCOL_TLSv1_1')):
56 supportedprotocols.add(b'tls1.1')
56 supportedprotocols.add(b'tls1.1')
57 if getattr(ssl, 'HAS_TLSv1_2', util.safehasattr(ssl, 'PROTOCOL_TLSv1_2')):
57 if getattr(ssl, 'HAS_TLSv1_2', util.safehasattr(ssl, 'PROTOCOL_TLSv1_2')):
58 supportedprotocols.add(b'tls1.2')
58 supportedprotocols.add(b'tls1.2')
59
59
60
60
61 def _hostsettings(ui, hostname):
61 def _hostsettings(ui, hostname):
62 """Obtain security settings for a hostname.
62 """Obtain security settings for a hostname.
63
63
64 Returns a dict of settings relevant to that hostname.
64 Returns a dict of settings relevant to that hostname.
65 """
65 """
66 bhostname = pycompat.bytesurl(hostname)
66 bhostname = pycompat.bytesurl(hostname)
67 s = {
67 s = {
68 # Whether we should attempt to load default/available CA certs
68 # Whether we should attempt to load default/available CA certs
69 # if an explicit ``cafile`` is not defined.
69 # if an explicit ``cafile`` is not defined.
70 b'allowloaddefaultcerts': True,
70 b'allowloaddefaultcerts': True,
71 # List of 2-tuple of (hash algorithm, hash).
71 # List of 2-tuple of (hash algorithm, hash).
72 b'certfingerprints': [],
72 b'certfingerprints': [],
73 # Path to file containing concatenated CA certs. Used by
73 # Path to file containing concatenated CA certs. Used by
74 # SSLContext.load_verify_locations().
74 # SSLContext.load_verify_locations().
75 b'cafile': None,
75 b'cafile': None,
76 # Whether certificate verification should be disabled.
76 # Whether certificate verification should be disabled.
77 b'disablecertverification': False,
77 b'disablecertverification': False,
78 # Whether the legacy [hostfingerprints] section has data for this host.
78 # Whether the legacy [hostfingerprints] section has data for this host.
79 b'legacyfingerprint': False,
79 b'legacyfingerprint': False,
80 # String representation of minimum protocol to be used for UI
80 # String representation of minimum protocol to be used for UI
81 # presentation.
81 # presentation.
82 b'minimumprotocol': None,
82 b'minimumprotocol': None,
83 # ssl.CERT_* constant used by SSLContext.verify_mode.
83 # ssl.CERT_* constant used by SSLContext.verify_mode.
84 b'verifymode': None,
84 b'verifymode': None,
85 # OpenSSL Cipher List to use (instead of default).
85 # OpenSSL Cipher List to use (instead of default).
86 b'ciphers': None,
86 b'ciphers': None,
87 }
87 }
88
88
89 # Allow minimum TLS protocol to be specified in the config.
89 # Allow minimum TLS protocol to be specified in the config.
90 def validateprotocol(protocol, key):
90 def validateprotocol(protocol, key):
91 if protocol not in configprotocols:
91 if protocol not in configprotocols:
92 raise error.Abort(
92 raise error.Abort(
93 _(b'unsupported protocol from hostsecurity.%s: %s')
93 _(b'unsupported protocol from hostsecurity.%s: %s')
94 % (key, protocol),
94 % (key, protocol),
95 hint=_(b'valid protocols: %s')
95 hint=_(b'valid protocols: %s')
96 % b' '.join(sorted(configprotocols)),
96 % b' '.join(sorted(configprotocols)),
97 )
97 )
98
98
99 # We default to TLS 1.1+ because TLS 1.0 has known vulnerabilities (like
99 # We default to TLS 1.1+ because TLS 1.0 has known vulnerabilities (like
100 # BEAST and POODLE). We allow users to downgrade to TLS 1.0+ via config
100 # BEAST and POODLE). We allow users to downgrade to TLS 1.0+ via config
101 # options in case a legacy server is encountered.
101 # options in case a legacy server is encountered.
102
102
103 # setup.py checks that TLS 1.1 or TLS 1.2 is present, so the following
103 # setup.py checks that TLS 1.1 or TLS 1.2 is present, so the following
104 # assert should not fail.
104 # assert should not fail.
105 assert supportedprotocols - {b'tls1.0'}
105 assert supportedprotocols - {b'tls1.0'}
106 defaultminimumprotocol = b'tls1.1'
106 defaultminimumprotocol = b'tls1.1'
107
107
108 key = b'minimumprotocol'
108 key = b'minimumprotocol'
109 minimumprotocol = ui.config(b'hostsecurity', key, defaultminimumprotocol)
109 minimumprotocol = ui.config(b'hostsecurity', key, defaultminimumprotocol)
110 validateprotocol(minimumprotocol, key)
110 validateprotocol(minimumprotocol, key)
111
111
112 key = b'%s:minimumprotocol' % bhostname
112 key = b'%s:minimumprotocol' % bhostname
113 minimumprotocol = ui.config(b'hostsecurity', key, minimumprotocol)
113 minimumprotocol = ui.config(b'hostsecurity', key, minimumprotocol)
114 validateprotocol(minimumprotocol, key)
114 validateprotocol(minimumprotocol, key)
115
115
116 # If --insecure is used, we allow the use of TLS 1.0 despite config options.
116 # If --insecure is used, we allow the use of TLS 1.0 despite config options.
117 # We always print a "connection security to %s is disabled..." message when
117 # We always print a "connection security to %s is disabled..." message when
118 # --insecure is used. So no need to print anything more here.
118 # --insecure is used. So no need to print anything more here.
119 if ui.insecureconnections:
119 if ui.insecureconnections:
120 minimumprotocol = b'tls1.0'
120 minimumprotocol = b'tls1.0'
121
121
122 s[b'minimumprotocol'] = minimumprotocol
122 s[b'minimumprotocol'] = minimumprotocol
123
123
124 ciphers = ui.config(b'hostsecurity', b'ciphers')
124 ciphers = ui.config(b'hostsecurity', b'ciphers')
125 ciphers = ui.config(b'hostsecurity', b'%s:ciphers' % bhostname, ciphers)
125 ciphers = ui.config(b'hostsecurity', b'%s:ciphers' % bhostname, ciphers)
126 s[b'ciphers'] = ciphers
126 s[b'ciphers'] = ciphers
127
127
128 # Look for fingerprints in [hostsecurity] section. Value is a list
128 # Look for fingerprints in [hostsecurity] section. Value is a list
129 # of <alg>:<fingerprint> strings.
129 # of <alg>:<fingerprint> strings.
130 fingerprints = ui.configlist(
130 fingerprints = ui.configlist(
131 b'hostsecurity', b'%s:fingerprints' % bhostname
131 b'hostsecurity', b'%s:fingerprints' % bhostname
132 )
132 )
133 for fingerprint in fingerprints:
133 for fingerprint in fingerprints:
134 if not (fingerprint.startswith((b'sha1:', b'sha256:', b'sha512:'))):
134 if not (fingerprint.startswith((b'sha1:', b'sha256:', b'sha512:'))):
135 raise error.Abort(
135 raise error.Abort(
136 _(b'invalid fingerprint for %s: %s') % (bhostname, fingerprint),
136 _(b'invalid fingerprint for %s: %s') % (bhostname, fingerprint),
137 hint=_(b'must begin with "sha1:", "sha256:", or "sha512:"'),
137 hint=_(b'must begin with "sha1:", "sha256:", or "sha512:"'),
138 )
138 )
139
139
140 alg, fingerprint = fingerprint.split(b':', 1)
140 alg, fingerprint = fingerprint.split(b':', 1)
141 fingerprint = fingerprint.replace(b':', b'').lower()
141 fingerprint = fingerprint.replace(b':', b'').lower()
142 s[b'certfingerprints'].append((alg, fingerprint))
142 s[b'certfingerprints'].append((alg, fingerprint))
143
143
144 # Fingerprints from [hostfingerprints] are always SHA-1.
144 # Fingerprints from [hostfingerprints] are always SHA-1.
145 for fingerprint in ui.configlist(b'hostfingerprints', bhostname):
145 for fingerprint in ui.configlist(b'hostfingerprints', bhostname):
146 fingerprint = fingerprint.replace(b':', b'').lower()
146 fingerprint = fingerprint.replace(b':', b'').lower()
147 s[b'certfingerprints'].append((b'sha1', fingerprint))
147 s[b'certfingerprints'].append((b'sha1', fingerprint))
148 s[b'legacyfingerprint'] = True
148 s[b'legacyfingerprint'] = True
149
149
150 # If a host cert fingerprint is defined, it is the only thing that
150 # If a host cert fingerprint is defined, it is the only thing that
151 # matters. No need to validate CA certs.
151 # matters. No need to validate CA certs.
152 if s[b'certfingerprints']:
152 if s[b'certfingerprints']:
153 s[b'verifymode'] = ssl.CERT_NONE
153 s[b'verifymode'] = ssl.CERT_NONE
154 s[b'allowloaddefaultcerts'] = False
154 s[b'allowloaddefaultcerts'] = False
155
155
156 # If --insecure is used, don't take CAs into consideration.
156 # If --insecure is used, don't take CAs into consideration.
157 elif ui.insecureconnections:
157 elif ui.insecureconnections:
158 s[b'disablecertverification'] = True
158 s[b'disablecertverification'] = True
159 s[b'verifymode'] = ssl.CERT_NONE
159 s[b'verifymode'] = ssl.CERT_NONE
160 s[b'allowloaddefaultcerts'] = False
160 s[b'allowloaddefaultcerts'] = False
161
161
162 if ui.configbool(b'devel', b'disableloaddefaultcerts'):
162 if ui.configbool(b'devel', b'disableloaddefaultcerts'):
163 s[b'allowloaddefaultcerts'] = False
163 s[b'allowloaddefaultcerts'] = False
164
164
165 # If both fingerprints and a per-host ca file are specified, issue a warning
165 # If both fingerprints and a per-host ca file are specified, issue a warning
166 # because users should not be surprised about what security is or isn't
166 # because users should not be surprised about what security is or isn't
167 # being performed.
167 # being performed.
168 cafile = ui.config(b'hostsecurity', b'%s:verifycertsfile' % bhostname)
168 cafile = ui.config(b'hostsecurity', b'%s:verifycertsfile' % bhostname)
169 if s[b'certfingerprints'] and cafile:
169 if s[b'certfingerprints'] and cafile:
170 ui.warn(
170 ui.warn(
171 _(
171 _(
172 b'(hostsecurity.%s:verifycertsfile ignored when host '
172 b'(hostsecurity.%s:verifycertsfile ignored when host '
173 b'fingerprints defined; using host fingerprints for '
173 b'fingerprints defined; using host fingerprints for '
174 b'verification)\n'
174 b'verification)\n'
175 )
175 )
176 % bhostname
176 % bhostname
177 )
177 )
178
178
179 # Try to hook up CA certificate validation unless something above
179 # Try to hook up CA certificate validation unless something above
180 # makes it not necessary.
180 # makes it not necessary.
181 if s[b'verifymode'] is None:
181 if s[b'verifymode'] is None:
182 # Look at per-host ca file first.
182 # Look at per-host ca file first.
183 if cafile:
183 if cafile:
184 cafile = util.expandpath(cafile)
184 cafile = util.expandpath(cafile)
185 if not os.path.exists(cafile):
185 if not os.path.exists(cafile):
186 raise error.Abort(
186 raise error.Abort(
187 _(b'path specified by %s does not exist: %s')
187 _(b'path specified by %s does not exist: %s')
188 % (
188 % (
189 b'hostsecurity.%s:verifycertsfile' % (bhostname,),
189 b'hostsecurity.%s:verifycertsfile' % (bhostname,),
190 cafile,
190 cafile,
191 )
191 )
192 )
192 )
193 s[b'cafile'] = cafile
193 s[b'cafile'] = cafile
194 else:
194 else:
195 # Find global certificates file in config.
195 # Find global certificates file in config.
196 cafile = ui.config(b'web', b'cacerts')
196 cafile = ui.config(b'web', b'cacerts')
197
197
198 if cafile:
198 if cafile:
199 cafile = util.expandpath(cafile)
199 cafile = util.expandpath(cafile)
200 if not os.path.exists(cafile):
200 if not os.path.exists(cafile):
201 raise error.Abort(
201 raise error.Abort(
202 _(b'could not find web.cacerts: %s') % cafile
202 _(b'could not find web.cacerts: %s') % cafile
203 )
203 )
204 elif s[b'allowloaddefaultcerts']:
204 elif s[b'allowloaddefaultcerts']:
205 # CAs not defined in config. Try to find system bundles.
205 # CAs not defined in config. Try to find system bundles.
206 cafile = _defaultcacerts(ui)
206 cafile = _defaultcacerts(ui)
207 if cafile:
207 if cafile:
208 ui.debug(b'using %s for CA file\n' % cafile)
208 ui.debug(b'using %s for CA file\n' % cafile)
209
209
210 s[b'cafile'] = cafile
210 s[b'cafile'] = cafile
211
211
212 # Require certificate validation if CA certs are being loaded and
212 # Require certificate validation if CA certs are being loaded and
213 # verification hasn't been disabled above.
213 # verification hasn't been disabled above.
214 if cafile or s[b'allowloaddefaultcerts']:
214 if cafile or s[b'allowloaddefaultcerts']:
215 s[b'verifymode'] = ssl.CERT_REQUIRED
215 s[b'verifymode'] = ssl.CERT_REQUIRED
216 else:
216 else:
217 # At this point we don't have a fingerprint, aren't being
217 # At this point we don't have a fingerprint, aren't being
218 # explicitly insecure, and can't load CA certs. Connecting
218 # explicitly insecure, and can't load CA certs. Connecting
219 # is insecure. We allow the connection and abort during
219 # is insecure. We allow the connection and abort during
220 # validation (once we have the fingerprint to print to the
220 # validation (once we have the fingerprint to print to the
221 # user).
221 # user).
222 s[b'verifymode'] = ssl.CERT_NONE
222 s[b'verifymode'] = ssl.CERT_NONE
223
223
224 assert s[b'verifymode'] is not None
224 assert s[b'verifymode'] is not None
225
225
226 return s
226 return s
227
227
228
228
229 def commonssloptions(minimumprotocol):
229 def commonssloptions(minimumprotocol):
230 """Return SSLContext options common to servers and clients."""
230 """Return SSLContext options common to servers and clients."""
231 if minimumprotocol not in configprotocols:
231 if minimumprotocol not in configprotocols:
232 raise ValueError(b'protocol value not supported: %s' % minimumprotocol)
232 raise ValueError(b'protocol value not supported: %s' % minimumprotocol)
233
233
234 # SSLv2 and SSLv3 are broken. We ban them outright.
234 # SSLv2 and SSLv3 are broken. We ban them outright.
235 options = ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3
235 options = ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3
236
236
237 if minimumprotocol == b'tls1.0':
237 if minimumprotocol == b'tls1.0':
238 # Defaults above are to use TLS 1.0+
238 # Defaults above are to use TLS 1.0+
239 pass
239 pass
240 elif minimumprotocol == b'tls1.1':
240 elif minimumprotocol == b'tls1.1':
241 options |= ssl.OP_NO_TLSv1
241 options |= ssl.OP_NO_TLSv1
242 elif minimumprotocol == b'tls1.2':
242 elif minimumprotocol == b'tls1.2':
243 options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
243 options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
244 else:
244 else:
245 raise error.Abort(_(b'this should not happen'))
245 raise error.Abort(_(b'this should not happen'))
246
246
247 # Prevent CRIME.
247 # Prevent CRIME.
248 # There is no guarantee this attribute is defined on the module.
248 # There is no guarantee this attribute is defined on the module.
249 options |= getattr(ssl, 'OP_NO_COMPRESSION', 0)
249 options |= getattr(ssl, 'OP_NO_COMPRESSION', 0)
250
250
251 return options
251 return options
252
252
253
253
254 def wrapsocket(sock, keyfile, certfile, ui, serverhostname=None):
254 def wrapsocket(sock, keyfile, certfile, ui, serverhostname=None):
255 """Add SSL/TLS to a socket.
255 """Add SSL/TLS to a socket.
256
256
257 This is a glorified wrapper for ``ssl.wrap_socket()``. It makes sane
257 This is a glorified wrapper for ``ssl.wrap_socket()``. It makes sane
258 choices based on what security options are available.
258 choices based on what security options are available.
259
259
260 In addition to the arguments supported by ``ssl.wrap_socket``, we allow
260 In addition to the arguments supported by ``ssl.wrap_socket``, we allow
261 the following additional arguments:
261 the following additional arguments:
262
262
263 * serverhostname - The expected hostname of the remote server. If the
263 * serverhostname - The expected hostname of the remote server. If the
264 server (and client) support SNI, this tells the server which certificate
264 server (and client) support SNI, this tells the server which certificate
265 to use.
265 to use.
266 """
266 """
267 if not serverhostname:
267 if not serverhostname:
268 raise error.Abort(_(b'serverhostname argument is required'))
268 raise error.Abort(_(b'serverhostname argument is required'))
269
269
270 if b'SSLKEYLOGFILE' in encoding.environ:
270 if b'SSLKEYLOGFILE' in encoding.environ:
271 try:
271 try:
272 import sslkeylog # pytype: disable=import-error
272 import sslkeylog # pytype: disable=import-error
273
273
274 sslkeylog.set_keylog(
274 sslkeylog.set_keylog(
275 pycompat.fsdecode(encoding.environ[b'SSLKEYLOGFILE'])
275 pycompat.fsdecode(encoding.environ[b'SSLKEYLOGFILE'])
276 )
276 )
277 ui.warnnoi18n(
277 ui.warnnoi18n(
278 b'sslkeylog enabled by SSLKEYLOGFILE environment variable\n'
278 b'sslkeylog enabled by SSLKEYLOGFILE environment variable\n'
279 )
279 )
280 except ImportError:
280 except ImportError:
281 ui.warnnoi18n(
281 ui.warnnoi18n(
282 b'sslkeylog module missing, '
282 b'sslkeylog module missing, '
283 b'but SSLKEYLOGFILE set in environment\n'
283 b'but SSLKEYLOGFILE set in environment\n'
284 )
284 )
285
285
286 for f in (keyfile, certfile):
286 for f in (keyfile, certfile):
287 if f and not os.path.exists(f):
287 if f and not os.path.exists(f):
288 raise error.Abort(
288 raise error.Abort(
289 _(b'certificate file (%s) does not exist; cannot connect to %s')
289 _(b'certificate file (%s) does not exist; cannot connect to %s')
290 % (f, pycompat.bytesurl(serverhostname)),
290 % (f, pycompat.bytesurl(serverhostname)),
291 hint=_(
291 hint=_(
292 b'restore missing file or fix references '
292 b'restore missing file or fix references '
293 b'in Mercurial config'
293 b'in Mercurial config'
294 ),
294 ),
295 )
295 )
296
296
297 settings = _hostsettings(ui, serverhostname)
297 settings = _hostsettings(ui, serverhostname)
298
298
299 # We can't use ssl.create_default_context() because it calls
299 # We can't use ssl.create_default_context() because it calls
300 # load_default_certs() unless CA arguments are passed to it. We want to
300 # load_default_certs() unless CA arguments are passed to it. We want to
301 # have explicit control over CA loading because implicitly loading
301 # have explicit control over CA loading because implicitly loading
302 # CAs may undermine the user's intent. For example, a user may define a CA
302 # CAs may undermine the user's intent. For example, a user may define a CA
303 # bundle with a specific CA cert removed. If the system/default CA bundle
303 # bundle with a specific CA cert removed. If the system/default CA bundle
304 # is loaded and contains that removed CA, you've just undone the user's
304 # is loaded and contains that removed CA, you've just undone the user's
305 # choice.
305 # choice.
306 #
306 #
307 # Despite its name, PROTOCOL_SSLv23 selects the highest protocol that both
307 # Despite its name, PROTOCOL_SSLv23 selects the highest protocol that both
308 # ends support, including TLS protocols. commonssloptions() restricts the
308 # ends support, including TLS protocols. commonssloptions() restricts the
309 # set of allowed protocols.
309 # set of allowed protocols.
310 sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
310 sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
311 sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
311 sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
312 sslcontext.verify_mode = settings[b'verifymode']
312 sslcontext.verify_mode = settings[b'verifymode']
313
313
314 if settings[b'ciphers']:
314 if settings[b'ciphers']:
315 try:
315 try:
316 sslcontext.set_ciphers(pycompat.sysstr(settings[b'ciphers']))
316 sslcontext.set_ciphers(pycompat.sysstr(settings[b'ciphers']))
317 except ssl.SSLError as e:
317 except ssl.SSLError as e:
318 raise error.Abort(
318 raise error.Abort(
319 _(b'could not set ciphers: %s')
319 _(b'could not set ciphers: %s')
320 % stringutil.forcebytestr(e.args[0]),
320 % stringutil.forcebytestr(e.args[0]),
321 hint=_(b'change cipher string (%s) in config')
321 hint=_(b'change cipher string (%s) in config')
322 % settings[b'ciphers'],
322 % settings[b'ciphers'],
323 )
323 )
324
324
325 if certfile is not None:
325 if certfile is not None:
326
326
327 def password():
327 def password():
328 f = keyfile or certfile
328 f = keyfile or certfile
329 return ui.getpass(_(b'passphrase for %s: ') % f, b'')
329 return ui.getpass(_(b'passphrase for %s: ') % f, b'')
330
330
331 sslcontext.load_cert_chain(certfile, keyfile, password)
331 sslcontext.load_cert_chain(certfile, keyfile, password)
332
332
333 if settings[b'cafile'] is not None:
333 if settings[b'cafile'] is not None:
334 try:
334 try:
335 sslcontext.load_verify_locations(cafile=settings[b'cafile'])
335 sslcontext.load_verify_locations(cafile=settings[b'cafile'])
336 except ssl.SSLError as e:
336 except ssl.SSLError as e:
337 if len(e.args) == 1: # pypy has different SSLError args
337 if len(e.args) == 1: # pypy has different SSLError args
338 msg = e.args[0]
338 msg = e.args[0]
339 else:
339 else:
340 msg = e.args[1]
340 msg = e.args[1]
341 raise error.Abort(
341 raise error.Abort(
342 _(b'error loading CA file %s: %s')
342 _(b'error loading CA file %s: %s')
343 % (settings[b'cafile'], stringutil.forcebytestr(msg)),
343 % (settings[b'cafile'], stringutil.forcebytestr(msg)),
344 hint=_(b'file is empty or malformed?'),
344 hint=_(b'file is empty or malformed?'),
345 )
345 )
346 caloaded = True
346 caloaded = True
347 elif settings[b'allowloaddefaultcerts']:
347 elif settings[b'allowloaddefaultcerts']:
348 # This is a no-op on old Python.
348 # This is a no-op on old Python.
349 sslcontext.load_default_certs()
349 sslcontext.load_default_certs()
350 caloaded = True
350 caloaded = True
351 else:
351 else:
352 caloaded = False
352 caloaded = False
353
353
354 try:
354 try:
355 sslsocket = sslcontext.wrap_socket(sock, server_hostname=serverhostname)
355 sslsocket = sslcontext.wrap_socket(sock, server_hostname=serverhostname)
356 except ssl.SSLError as e:
356 except ssl.SSLError as e:
357 # If we're doing certificate verification and no CA certs are loaded,
357 # If we're doing certificate verification and no CA certs are loaded,
358 # that is almost certainly the reason why verification failed. Provide
358 # that is almost certainly the reason why verification failed. Provide
359 # a hint to the user.
359 # a hint to the user.
360 # The exception handler is here to handle bugs around cert attributes:
360 # The exception handler is here to handle bugs around cert attributes:
361 # https://bugs.python.org/issue20916#msg213479. (See issues5313.)
361 # https://bugs.python.org/issue20916#msg213479. (See issues5313.)
362 # When the main 20916 bug occurs, 'sslcontext.get_ca_certs()' is a
362 # When the main 20916 bug occurs, 'sslcontext.get_ca_certs()' is a
363 # non-empty list, but the following conditional is otherwise True.
363 # non-empty list, but the following conditional is otherwise True.
364 try:
364 try:
365 if (
365 if (
366 caloaded
366 caloaded
367 and settings[b'verifymode'] == ssl.CERT_REQUIRED
367 and settings[b'verifymode'] == ssl.CERT_REQUIRED
368 and not sslcontext.get_ca_certs()
368 and not sslcontext.get_ca_certs()
369 ):
369 ):
370 ui.warn(
370 ui.warn(
371 _(
371 _(
372 b'(an attempt was made to load CA certificates but '
372 b'(an attempt was made to load CA certificates but '
373 b'none were loaded; see '
373 b'none were loaded; see '
374 b'https://mercurial-scm.org/wiki/SecureConnections '
374 b'https://mercurial-scm.org/wiki/SecureConnections '
375 b'for how to configure Mercurial to avoid this '
375 b'for how to configure Mercurial to avoid this '
376 b'error)\n'
376 b'error)\n'
377 )
377 )
378 )
378 )
379 except ssl.SSLError:
379 except ssl.SSLError:
380 pass
380 pass
381
381
382 # Try to print more helpful error messages for known failures.
382 # Try to print more helpful error messages for known failures.
383 if util.safehasattr(e, b'reason'):
383 if util.safehasattr(e, b'reason'):
384 # This error occurs when the client and server don't share a
384 # This error occurs when the client and server don't share a
385 # common/supported SSL/TLS protocol. We've disabled SSLv2 and SSLv3
385 # common/supported SSL/TLS protocol. We've disabled SSLv2 and SSLv3
386 # outright. Hopefully the reason for this error is that we require
386 # outright. Hopefully the reason for this error is that we require
387 # TLS 1.1+ and the server only supports TLS 1.0. Whatever the
387 # TLS 1.1+ and the server only supports TLS 1.0. Whatever the
388 # reason, try to emit an actionable warning.
388 # reason, try to emit an actionable warning.
389 if e.reason == 'UNSUPPORTED_PROTOCOL':
389 if e.reason == 'UNSUPPORTED_PROTOCOL':
390 # We attempted TLS 1.0+.
390 # We attempted TLS 1.0+.
391 if settings[b'minimumprotocol'] == b'tls1.0':
391 if settings[b'minimumprotocol'] == b'tls1.0':
392 # We support more than just TLS 1.0+. If this happens,
392 # We support more than just TLS 1.0+. If this happens,
393 # the likely scenario is either the client or the server
393 # the likely scenario is either the client or the server
394 # is really old. (e.g. server doesn't support TLS 1.0+ or
394 # is really old. (e.g. server doesn't support TLS 1.0+ or
395 # client doesn't support modern TLS versions introduced
395 # client doesn't support modern TLS versions introduced
396 # several years from when this comment was written).
396 # several years from when this comment was written).
397 if supportedprotocols != {b'tls1.0'}:
397 if supportedprotocols != {b'tls1.0'}:
398 ui.warn(
398 ui.warn(
399 _(
399 _(
400 b'(could not communicate with %s using security '
400 b'(could not communicate with %s using security '
401 b'protocols %s; if you are using a modern Mercurial '
401 b'protocols %s; if you are using a modern Mercurial '
402 b'version, consider contacting the operator of this '
402 b'version, consider contacting the operator of this '
403 b'server; see '
403 b'server; see '
404 b'https://mercurial-scm.org/wiki/SecureConnections '
404 b'https://mercurial-scm.org/wiki/SecureConnections '
405 b'for more info)\n'
405 b'for more info)\n'
406 )
406 )
407 % (
407 % (
408 pycompat.bytesurl(serverhostname),
408 pycompat.bytesurl(serverhostname),
409 b', '.join(sorted(supportedprotocols)),
409 b', '.join(sorted(supportedprotocols)),
410 )
410 )
411 )
411 )
412 else:
412 else:
413 ui.warn(
413 ui.warn(
414 _(
414 _(
415 b'(could not communicate with %s using TLS 1.0; the '
415 b'(could not communicate with %s using TLS 1.0; the '
416 b'likely cause of this is the server no longer '
416 b'likely cause of this is the server no longer '
417 b'supports TLS 1.0 because it has known security '
417 b'supports TLS 1.0 because it has known security '
418 b'vulnerabilities; see '
418 b'vulnerabilities; see '
419 b'https://mercurial-scm.org/wiki/SecureConnections '
419 b'https://mercurial-scm.org/wiki/SecureConnections '
420 b'for more info)\n'
420 b'for more info)\n'
421 )
421 )
422 % pycompat.bytesurl(serverhostname)
422 % pycompat.bytesurl(serverhostname)
423 )
423 )
424 else:
424 else:
425 # We attempted TLS 1.1+. We can only get here if the client
425 # We attempted TLS 1.1+. We can only get here if the client
426 # supports the configured protocol. So the likely reason is
426 # supports the configured protocol. So the likely reason is
427 # the client wants better security than the server can
427 # the client wants better security than the server can
428 # offer.
428 # offer.
429 ui.warn(
429 ui.warn(
430 _(
430 _(
431 b'(could not negotiate a common security protocol (%s+) '
431 b'(could not negotiate a common security protocol (%s+) '
432 b'with %s; the likely cause is Mercurial is configured '
432 b'with %s; the likely cause is Mercurial is configured '
433 b'to be more secure than the server can support)\n'
433 b'to be more secure than the server can support)\n'
434 )
434 )
435 % (
435 % (
436 settings[b'minimumprotocol'],
436 settings[b'minimumprotocol'],
437 pycompat.bytesurl(serverhostname),
437 pycompat.bytesurl(serverhostname),
438 )
438 )
439 )
439 )
440 ui.warn(
440 ui.warn(
441 _(
441 _(
442 b'(consider contacting the operator of this '
442 b'(consider contacting the operator of this '
443 b'server and ask them to support modern TLS '
443 b'server and ask them to support modern TLS '
444 b'protocol versions; or, set '
444 b'protocol versions; or, set '
445 b'hostsecurity.%s:minimumprotocol=tls1.0 to allow '
445 b'hostsecurity.%s:minimumprotocol=tls1.0 to allow '
446 b'use of legacy, less secure protocols when '
446 b'use of legacy, less secure protocols when '
447 b'communicating with this server)\n'
447 b'communicating with this server)\n'
448 )
448 )
449 % pycompat.bytesurl(serverhostname)
449 % pycompat.bytesurl(serverhostname)
450 )
450 )
451 ui.warn(
451 ui.warn(
452 _(
452 _(
453 b'(see https://mercurial-scm.org/wiki/SecureConnections '
453 b'(see https://mercurial-scm.org/wiki/SecureConnections '
454 b'for more info)\n'
454 b'for more info)\n'
455 )
455 )
456 )
456 )
457
457
458 elif e.reason == 'CERTIFICATE_VERIFY_FAILED' and pycompat.iswindows:
458 elif e.reason == 'CERTIFICATE_VERIFY_FAILED' and pycompat.iswindows:
459
459
460 ui.warn(
460 ui.warn(
461 _(
461 _(
462 b'(the full certificate chain may not be available '
462 b'(the full certificate chain may not be available '
463 b'locally; see "hg help debugssl")\n'
463 b'locally; see "hg help debugssl")\n'
464 )
464 )
465 )
465 )
466 raise
466 raise
467
467
468 # check if wrap_socket failed silently because socket had been
468 # check if wrap_socket failed silently because socket had been
469 # closed
469 # closed
470 # - see http://bugs.python.org/issue13721
470 # - see http://bugs.python.org/issue13721
471 if not sslsocket.cipher():
471 if not sslsocket.cipher():
472 raise error.SecurityError(_(b'ssl connection failed'))
472 raise error.SecurityError(_(b'ssl connection failed'))
473
473
474 sslsocket._hgstate = {
474 sslsocket._hgstate = {
475 b'caloaded': caloaded,
475 b'caloaded': caloaded,
476 b'hostname': serverhostname,
476 b'hostname': serverhostname,
477 b'settings': settings,
477 b'settings': settings,
478 b'ui': ui,
478 b'ui': ui,
479 }
479 }
480
480
481 return sslsocket
481 return sslsocket
482
482
483
483
484 def wrapserversocket(
484 def wrapserversocket(
485 sock, ui, certfile=None, keyfile=None, cafile=None, requireclientcert=False
485 sock, ui, certfile=None, keyfile=None, cafile=None, requireclientcert=False
486 ):
486 ):
487 """Wrap a socket for use by servers.
487 """Wrap a socket for use by servers.
488
488
489 ``certfile`` and ``keyfile`` specify the files containing the certificate's
489 ``certfile`` and ``keyfile`` specify the files containing the certificate's
490 public and private keys, respectively. Both keys can be defined in the same
490 public and private keys, respectively. Both keys can be defined in the same
491 file via ``certfile`` (the private key must come first in the file).
491 file via ``certfile`` (the private key must come first in the file).
492
492
493 ``cafile`` defines the path to certificate authorities.
493 ``cafile`` defines the path to certificate authorities.
494
494
495 ``requireclientcert`` specifies whether to require client certificates.
495 ``requireclientcert`` specifies whether to require client certificates.
496
496
497 Typically ``cafile`` is only defined if ``requireclientcert`` is true.
497 Typically ``cafile`` is only defined if ``requireclientcert`` is true.
498 """
498 """
499 # This function is not used much by core Mercurial, so the error messaging
499 # This function is not used much by core Mercurial, so the error messaging
500 # doesn't have to be as detailed as for wrapsocket().
500 # doesn't have to be as detailed as for wrapsocket().
501 for f in (certfile, keyfile, cafile):
501 for f in (certfile, keyfile, cafile):
502 if f and not os.path.exists(f):
502 if f and not os.path.exists(f):
503 raise error.Abort(
503 raise error.Abort(
504 _(b'referenced certificate file (%s) does not exist') % f
504 _(b'referenced certificate file (%s) does not exist') % f
505 )
505 )
506
506
507 # Despite its name, PROTOCOL_SSLv23 selects the highest protocol that both
507 # Despite its name, PROTOCOL_SSLv23 selects the highest protocol that both
508 # ends support, including TLS protocols. commonssloptions() restricts the
508 # ends support, including TLS protocols. commonssloptions() restricts the
509 # set of allowed protocols.
509 # set of allowed protocols.
510 protocol = ssl.PROTOCOL_SSLv23
510 protocol = ssl.PROTOCOL_SSLv23
511 options = commonssloptions(b'tls1.0')
511 options = commonssloptions(b'tls1.0')
512
512
513 # This config option is intended for use in tests only. It is a giant
513 # This config option is intended for use in tests only. It is a giant
514 # footgun to kill security. Don't define it.
514 # footgun to kill security. Don't define it.
515 exactprotocol = ui.config(b'devel', b'serverexactprotocol')
515 exactprotocol = ui.config(b'devel', b'serverexactprotocol')
516 if exactprotocol == b'tls1.0':
516 if exactprotocol == b'tls1.0':
517 if b'tls1.0' not in supportedprotocols:
517 if b'tls1.0' not in supportedprotocols:
518 raise error.Abort(_(b'TLS 1.0 not supported by this Python'))
518 raise error.Abort(_(b'TLS 1.0 not supported by this Python'))
519 protocol = ssl.PROTOCOL_TLSv1
519 protocol = ssl.PROTOCOL_TLSv1
520 elif exactprotocol == b'tls1.1':
520 elif exactprotocol == b'tls1.1':
521 if b'tls1.1' not in supportedprotocols:
521 if b'tls1.1' not in supportedprotocols:
522 raise error.Abort(_(b'TLS 1.1 not supported by this Python'))
522 raise error.Abort(_(b'TLS 1.1 not supported by this Python'))
523 protocol = ssl.PROTOCOL_TLSv1_1
523 protocol = ssl.PROTOCOL_TLSv1_1
524 elif exactprotocol == b'tls1.2':
524 elif exactprotocol == b'tls1.2':
525 if b'tls1.2' not in supportedprotocols:
525 if b'tls1.2' not in supportedprotocols:
526 raise error.Abort(_(b'TLS 1.2 not supported by this Python'))
526 raise error.Abort(_(b'TLS 1.2 not supported by this Python'))
527 protocol = ssl.PROTOCOL_TLSv1_2
527 protocol = ssl.PROTOCOL_TLSv1_2
528 elif exactprotocol:
528 elif exactprotocol:
529 raise error.Abort(
529 raise error.Abort(
530 _(b'invalid value for serverexactprotocol: %s') % exactprotocol
530 _(b'invalid value for serverexactprotocol: %s') % exactprotocol
531 )
531 )
532
532
533 # We /could/ use create_default_context() here since it doesn't load
533 # We /could/ use create_default_context() here since it doesn't load
534 # CAs when configured for client auth. However, it is hard-coded to
534 # CAs when configured for client auth. However, it is hard-coded to
535 # use ssl.PROTOCOL_SSLv23 which may not be appropriate here.
535 # use ssl.PROTOCOL_SSLv23 which may not be appropriate here.
536 sslcontext = ssl.SSLContext(protocol)
536 sslcontext = ssl.SSLContext(protocol)
537 sslcontext.options |= options
537 sslcontext.options |= options
538
538
539 # Improve forward secrecy.
539 # Improve forward secrecy.
540 sslcontext.options |= getattr(ssl, 'OP_SINGLE_DH_USE', 0)
540 sslcontext.options |= getattr(ssl, 'OP_SINGLE_DH_USE', 0)
541 sslcontext.options |= getattr(ssl, 'OP_SINGLE_ECDH_USE', 0)
541 sslcontext.options |= getattr(ssl, 'OP_SINGLE_ECDH_USE', 0)
542
542
543 # Use the list of more secure ciphers if found in the ssl module.
543 # Use the list of more secure ciphers if found in the ssl module.
544 if util.safehasattr(ssl, b'_RESTRICTED_SERVER_CIPHERS'):
544 if util.safehasattr(ssl, b'_RESTRICTED_SERVER_CIPHERS'):
545 sslcontext.options |= getattr(ssl, 'OP_CIPHER_SERVER_PREFERENCE', 0)
545 sslcontext.options |= getattr(ssl, 'OP_CIPHER_SERVER_PREFERENCE', 0)
546 # pytype: disable=module-attr
546 sslcontext.set_ciphers(ssl._RESTRICTED_SERVER_CIPHERS)
547 sslcontext.set_ciphers(ssl._RESTRICTED_SERVER_CIPHERS)
548 # pytype: enable=module-attr
547
549
548 if requireclientcert:
550 if requireclientcert:
549 sslcontext.verify_mode = ssl.CERT_REQUIRED
551 sslcontext.verify_mode = ssl.CERT_REQUIRED
550 else:
552 else:
551 sslcontext.verify_mode = ssl.CERT_NONE
553 sslcontext.verify_mode = ssl.CERT_NONE
552
554
553 if certfile or keyfile:
555 if certfile or keyfile:
554 sslcontext.load_cert_chain(certfile=certfile, keyfile=keyfile)
556 sslcontext.load_cert_chain(certfile=certfile, keyfile=keyfile)
555
557
556 if cafile:
558 if cafile:
557 sslcontext.load_verify_locations(cafile=cafile)
559 sslcontext.load_verify_locations(cafile=cafile)
558
560
559 return sslcontext.wrap_socket(sock, server_side=True)
561 return sslcontext.wrap_socket(sock, server_side=True)
560
562
561
563
562 class wildcarderror(Exception):
564 class wildcarderror(Exception):
563 """Represents an error parsing wildcards in DNS name."""
565 """Represents an error parsing wildcards in DNS name."""
564
566
565
567
566 def _dnsnamematch(dn, hostname, maxwildcards=1):
568 def _dnsnamematch(dn, hostname, maxwildcards=1):
567 """Match DNS names according RFC 6125 section 6.4.3.
569 """Match DNS names according RFC 6125 section 6.4.3.
568
570
569 This code is effectively copied from CPython's ssl._dnsname_match.
571 This code is effectively copied from CPython's ssl._dnsname_match.
570
572
571 Returns a bool indicating whether the expected hostname matches
573 Returns a bool indicating whether the expected hostname matches
572 the value in ``dn``.
574 the value in ``dn``.
573 """
575 """
574 pats = []
576 pats = []
575 if not dn:
577 if not dn:
576 return False
578 return False
577 dn = pycompat.bytesurl(dn)
579 dn = pycompat.bytesurl(dn)
578 hostname = pycompat.bytesurl(hostname)
580 hostname = pycompat.bytesurl(hostname)
579
581
580 pieces = dn.split(b'.')
582 pieces = dn.split(b'.')
581 leftmost = pieces[0]
583 leftmost = pieces[0]
582 remainder = pieces[1:]
584 remainder = pieces[1:]
583 wildcards = leftmost.count(b'*')
585 wildcards = leftmost.count(b'*')
584 if wildcards > maxwildcards:
586 if wildcards > maxwildcards:
585 raise wildcarderror(
587 raise wildcarderror(
586 _(b'too many wildcards in certificate DNS name: %s') % dn
588 _(b'too many wildcards in certificate DNS name: %s') % dn
587 )
589 )
588
590
589 # speed up common case w/o wildcards
591 # speed up common case w/o wildcards
590 if not wildcards:
592 if not wildcards:
591 return dn.lower() == hostname.lower()
593 return dn.lower() == hostname.lower()
592
594
593 # RFC 6125, section 6.4.3, subitem 1.
595 # RFC 6125, section 6.4.3, subitem 1.
594 # The client SHOULD NOT attempt to match a presented identifier in which
596 # The client SHOULD NOT attempt to match a presented identifier in which
595 # the wildcard character comprises a label other than the left-most label.
597 # the wildcard character comprises a label other than the left-most label.
596 if leftmost == b'*':
598 if leftmost == b'*':
597 # When '*' is a fragment by itself, it matches a non-empty dotless
599 # When '*' is a fragment by itself, it matches a non-empty dotless
598 # fragment.
600 # fragment.
599 pats.append(b'[^.]+')
601 pats.append(b'[^.]+')
600 elif leftmost.startswith(b'xn--') or hostname.startswith(b'xn--'):
602 elif leftmost.startswith(b'xn--') or hostname.startswith(b'xn--'):
601 # RFC 6125, section 6.4.3, subitem 3.
603 # RFC 6125, section 6.4.3, subitem 3.
602 # The client SHOULD NOT attempt to match a presented identifier
604 # The client SHOULD NOT attempt to match a presented identifier
603 # where the wildcard character is embedded within an A-label or
605 # where the wildcard character is embedded within an A-label or
604 # U-label of an internationalized domain name.
606 # U-label of an internationalized domain name.
605 pats.append(stringutil.reescape(leftmost))
607 pats.append(stringutil.reescape(leftmost))
606 else:
608 else:
607 # Otherwise, '*' matches any dotless string, e.g. www*
609 # Otherwise, '*' matches any dotless string, e.g. www*
608 pats.append(stringutil.reescape(leftmost).replace(br'\*', b'[^.]*'))
610 pats.append(stringutil.reescape(leftmost).replace(br'\*', b'[^.]*'))
609
611
610 # add the remaining fragments, ignore any wildcards
612 # add the remaining fragments, ignore any wildcards
611 for frag in remainder:
613 for frag in remainder:
612 pats.append(stringutil.reescape(frag))
614 pats.append(stringutil.reescape(frag))
613
615
614 pat = re.compile(br'\A' + br'\.'.join(pats) + br'\Z', re.IGNORECASE)
616 pat = re.compile(br'\A' + br'\.'.join(pats) + br'\Z', re.IGNORECASE)
615 return pat.match(hostname) is not None
617 return pat.match(hostname) is not None
616
618
617
619
618 def _verifycert(cert, hostname):
620 def _verifycert(cert, hostname):
619 """Verify that cert (in socket.getpeercert() format) matches hostname.
621 """Verify that cert (in socket.getpeercert() format) matches hostname.
620 CRLs is not handled.
622 CRLs is not handled.
621
623
622 Returns error message if any problems are found and None on success.
624 Returns error message if any problems are found and None on success.
623 """
625 """
624 if not cert:
626 if not cert:
625 return _(b'no certificate received')
627 return _(b'no certificate received')
626
628
627 dnsnames = []
629 dnsnames = []
628 san = cert.get('subjectAltName', [])
630 san = cert.get('subjectAltName', [])
629 for key, value in san:
631 for key, value in san:
630 if key == 'DNS':
632 if key == 'DNS':
631 try:
633 try:
632 if _dnsnamematch(value, hostname):
634 if _dnsnamematch(value, hostname):
633 return
635 return
634 except wildcarderror as e:
636 except wildcarderror as e:
635 return stringutil.forcebytestr(e.args[0])
637 return stringutil.forcebytestr(e.args[0])
636
638
637 dnsnames.append(value)
639 dnsnames.append(value)
638
640
639 if not dnsnames:
641 if not dnsnames:
640 # The subject is only checked when there is no DNS in subjectAltName.
642 # The subject is only checked when there is no DNS in subjectAltName.
641 for sub in cert.get('subject', []):
643 for sub in cert.get('subject', []):
642 for key, value in sub:
644 for key, value in sub:
643 # According to RFC 2818 the most specific Common Name must
645 # According to RFC 2818 the most specific Common Name must
644 # be used.
646 # be used.
645 if key == 'commonName':
647 if key == 'commonName':
646 # 'subject' entries are unicode.
648 # 'subject' entries are unicode.
647 try:
649 try:
648 value = value.encode('ascii')
650 value = value.encode('ascii')
649 except UnicodeEncodeError:
651 except UnicodeEncodeError:
650 return _(b'IDN in certificate not supported')
652 return _(b'IDN in certificate not supported')
651
653
652 try:
654 try:
653 if _dnsnamematch(value, hostname):
655 if _dnsnamematch(value, hostname):
654 return
656 return
655 except wildcarderror as e:
657 except wildcarderror as e:
656 return stringutil.forcebytestr(e.args[0])
658 return stringutil.forcebytestr(e.args[0])
657
659
658 dnsnames.append(value)
660 dnsnames.append(value)
659
661
660 dnsnames = [pycompat.bytesurl(d) for d in dnsnames]
662 dnsnames = [pycompat.bytesurl(d) for d in dnsnames]
661 if len(dnsnames) > 1:
663 if len(dnsnames) > 1:
662 return _(b'certificate is for %s') % b', '.join(dnsnames)
664 return _(b'certificate is for %s') % b', '.join(dnsnames)
663 elif len(dnsnames) == 1:
665 elif len(dnsnames) == 1:
664 return _(b'certificate is for %s') % dnsnames[0]
666 return _(b'certificate is for %s') % dnsnames[0]
665 else:
667 else:
666 return _(b'no commonName or subjectAltName found in certificate')
668 return _(b'no commonName or subjectAltName found in certificate')
667
669
668
670
669 def _plainapplepython():
671 def _plainapplepython():
670 """return true if this seems to be a pure Apple Python that
672 """return true if this seems to be a pure Apple Python that
671 * is unfrozen and presumably has the whole mercurial module in the file
673 * is unfrozen and presumably has the whole mercurial module in the file
672 system
674 system
673 * presumably is an Apple Python that uses Apple OpenSSL which has patches
675 * presumably is an Apple Python that uses Apple OpenSSL which has patches
674 for using system certificate store CAs in addition to the provided
676 for using system certificate store CAs in addition to the provided
675 cacerts file
677 cacerts file
676 """
678 """
677 if (
679 if (
678 not pycompat.isdarwin
680 not pycompat.isdarwin
679 or resourceutil.mainfrozen()
681 or resourceutil.mainfrozen()
680 or not pycompat.sysexecutable
682 or not pycompat.sysexecutable
681 ):
683 ):
682 return False
684 return False
683 exe = os.path.realpath(pycompat.sysexecutable).lower()
685 exe = os.path.realpath(pycompat.sysexecutable).lower()
684 return exe.startswith(b'/usr/bin/python') or exe.startswith(
686 return exe.startswith(b'/usr/bin/python') or exe.startswith(
685 b'/system/library/frameworks/python.framework/'
687 b'/system/library/frameworks/python.framework/'
686 )
688 )
687
689
688
690
689 def _defaultcacerts(ui):
691 def _defaultcacerts(ui):
690 """return path to default CA certificates or None.
692 """return path to default CA certificates or None.
691
693
692 It is assumed this function is called when the returned certificates
694 It is assumed this function is called when the returned certificates
693 file will actually be used to validate connections. Therefore this
695 file will actually be used to validate connections. Therefore this
694 function may print warnings or debug messages assuming this usage.
696 function may print warnings or debug messages assuming this usage.
695
697
696 We don't print a message when the Python is able to load default
698 We don't print a message when the Python is able to load default
697 CA certs because this scenario is detected at socket connect time.
699 CA certs because this scenario is detected at socket connect time.
698 """
700 """
699 # The "certifi" Python package provides certificates. If it is installed
701 # The "certifi" Python package provides certificates. If it is installed
700 # and usable, assume the user intends it to be used and use it.
702 # and usable, assume the user intends it to be used and use it.
701 try:
703 try:
702 import certifi
704 import certifi
703
705
704 certs = certifi.where()
706 certs = certifi.where()
705 if os.path.exists(certs):
707 if os.path.exists(certs):
706 ui.debug(b'using ca certificates from certifi\n')
708 ui.debug(b'using ca certificates from certifi\n')
707 return pycompat.fsencode(certs)
709 return pycompat.fsencode(certs)
708 except (ImportError, AttributeError):
710 except (ImportError, AttributeError):
709 pass
711 pass
710
712
711 # Apple's OpenSSL has patches that allow a specially constructed certificate
713 # Apple's OpenSSL has patches that allow a specially constructed certificate
712 # to load the system CA store. If we're running on Apple Python, use this
714 # to load the system CA store. If we're running on Apple Python, use this
713 # trick.
715 # trick.
714 if _plainapplepython():
716 if _plainapplepython():
715 dummycert = os.path.join(
717 dummycert = os.path.join(
716 os.path.dirname(pycompat.fsencode(__file__)), b'dummycert.pem'
718 os.path.dirname(pycompat.fsencode(__file__)), b'dummycert.pem'
717 )
719 )
718 if os.path.exists(dummycert):
720 if os.path.exists(dummycert):
719 return dummycert
721 return dummycert
720
722
721 return None
723 return None
722
724
723
725
724 def validatesocket(sock):
726 def validatesocket(sock):
725 """Validate a socket meets security requirements.
727 """Validate a socket meets security requirements.
726
728
727 The passed socket must have been created with ``wrapsocket()``.
729 The passed socket must have been created with ``wrapsocket()``.
728 """
730 """
729 shost = sock._hgstate[b'hostname']
731 shost = sock._hgstate[b'hostname']
730 host = pycompat.bytesurl(shost)
732 host = pycompat.bytesurl(shost)
731 ui = sock._hgstate[b'ui']
733 ui = sock._hgstate[b'ui']
732 settings = sock._hgstate[b'settings']
734 settings = sock._hgstate[b'settings']
733
735
734 try:
736 try:
735 peercert = sock.getpeercert(True)
737 peercert = sock.getpeercert(True)
736 peercert2 = sock.getpeercert()
738 peercert2 = sock.getpeercert()
737 except AttributeError:
739 except AttributeError:
738 raise error.SecurityError(_(b'%s ssl connection error') % host)
740 raise error.SecurityError(_(b'%s ssl connection error') % host)
739
741
740 if not peercert:
742 if not peercert:
741 raise error.SecurityError(
743 raise error.SecurityError(
742 _(b'%s certificate error: no certificate received') % host
744 _(b'%s certificate error: no certificate received') % host
743 )
745 )
744
746
745 if settings[b'disablecertverification']:
747 if settings[b'disablecertverification']:
746 # We don't print the certificate fingerprint because it shouldn't
748 # We don't print the certificate fingerprint because it shouldn't
747 # be necessary: if the user requested certificate verification be
749 # be necessary: if the user requested certificate verification be
748 # disabled, they presumably already saw a message about the inability
750 # disabled, they presumably already saw a message about the inability
749 # to verify the certificate and this message would have printed the
751 # to verify the certificate and this message would have printed the
750 # fingerprint. So printing the fingerprint here adds little to no
752 # fingerprint. So printing the fingerprint here adds little to no
751 # value.
753 # value.
752 ui.warn(
754 ui.warn(
753 _(
755 _(
754 b'warning: connection security to %s is disabled per current '
756 b'warning: connection security to %s is disabled per current '
755 b'settings; communication is susceptible to eavesdropping '
757 b'settings; communication is susceptible to eavesdropping '
756 b'and tampering\n'
758 b'and tampering\n'
757 )
759 )
758 % host
760 % host
759 )
761 )
760 return
762 return
761
763
762 # If a certificate fingerprint is pinned, use it and only it to
764 # If a certificate fingerprint is pinned, use it and only it to
763 # validate the remote cert.
765 # validate the remote cert.
764 peerfingerprints = {
766 peerfingerprints = {
765 b'sha1': hex(hashutil.sha1(peercert).digest()),
767 b'sha1': hex(hashutil.sha1(peercert).digest()),
766 b'sha256': hex(hashlib.sha256(peercert).digest()),
768 b'sha256': hex(hashlib.sha256(peercert).digest()),
767 b'sha512': hex(hashlib.sha512(peercert).digest()),
769 b'sha512': hex(hashlib.sha512(peercert).digest()),
768 }
770 }
769
771
770 def fmtfingerprint(s):
772 def fmtfingerprint(s):
771 return b':'.join([s[x : x + 2] for x in range(0, len(s), 2)])
773 return b':'.join([s[x : x + 2] for x in range(0, len(s), 2)])
772
774
773 nicefingerprint = b'sha256:%s' % fmtfingerprint(peerfingerprints[b'sha256'])
775 nicefingerprint = b'sha256:%s' % fmtfingerprint(peerfingerprints[b'sha256'])
774
776
775 if settings[b'certfingerprints']:
777 if settings[b'certfingerprints']:
776 for hash, fingerprint in settings[b'certfingerprints']:
778 for hash, fingerprint in settings[b'certfingerprints']:
777 if peerfingerprints[hash].lower() == fingerprint:
779 if peerfingerprints[hash].lower() == fingerprint:
778 ui.debug(
780 ui.debug(
779 b'%s certificate matched fingerprint %s:%s\n'
781 b'%s certificate matched fingerprint %s:%s\n'
780 % (host, hash, fmtfingerprint(fingerprint))
782 % (host, hash, fmtfingerprint(fingerprint))
781 )
783 )
782 if settings[b'legacyfingerprint']:
784 if settings[b'legacyfingerprint']:
783 ui.warn(
785 ui.warn(
784 _(
786 _(
785 b'(SHA-1 fingerprint for %s found in legacy '
787 b'(SHA-1 fingerprint for %s found in legacy '
786 b'[hostfingerprints] section; '
788 b'[hostfingerprints] section; '
787 b'if you trust this fingerprint, remove the old '
789 b'if you trust this fingerprint, remove the old '
788 b'SHA-1 fingerprint from [hostfingerprints] and '
790 b'SHA-1 fingerprint from [hostfingerprints] and '
789 b'add the following entry to the new '
791 b'add the following entry to the new '
790 b'[hostsecurity] section: %s:fingerprints=%s)\n'
792 b'[hostsecurity] section: %s:fingerprints=%s)\n'
791 )
793 )
792 % (host, host, nicefingerprint)
794 % (host, host, nicefingerprint)
793 )
795 )
794 return
796 return
795
797
796 # Pinned fingerprint didn't match. This is a fatal error.
798 # Pinned fingerprint didn't match. This is a fatal error.
797 if settings[b'legacyfingerprint']:
799 if settings[b'legacyfingerprint']:
798 section = b'hostfingerprint'
800 section = b'hostfingerprint'
799 nice = fmtfingerprint(peerfingerprints[b'sha1'])
801 nice = fmtfingerprint(peerfingerprints[b'sha1'])
800 else:
802 else:
801 section = b'hostsecurity'
803 section = b'hostsecurity'
802 nice = b'%s:%s' % (hash, fmtfingerprint(peerfingerprints[hash]))
804 nice = b'%s:%s' % (hash, fmtfingerprint(peerfingerprints[hash]))
803 raise error.SecurityError(
805 raise error.SecurityError(
804 _(b'certificate for %s has unexpected fingerprint %s')
806 _(b'certificate for %s has unexpected fingerprint %s')
805 % (host, nice),
807 % (host, nice),
806 hint=_(b'check %s configuration') % section,
808 hint=_(b'check %s configuration') % section,
807 )
809 )
808
810
809 # Security is enabled but no CAs are loaded. We can't establish trust
811 # Security is enabled but no CAs are loaded. We can't establish trust
810 # for the cert so abort.
812 # for the cert so abort.
811 if not sock._hgstate[b'caloaded']:
813 if not sock._hgstate[b'caloaded']:
812 raise error.SecurityError(
814 raise error.SecurityError(
813 _(
815 _(
814 b'unable to verify security of %s (no loaded CA certificates); '
816 b'unable to verify security of %s (no loaded CA certificates); '
815 b'refusing to connect'
817 b'refusing to connect'
816 )
818 )
817 % host,
819 % host,
818 hint=_(
820 hint=_(
819 b'see https://mercurial-scm.org/wiki/SecureConnections for '
821 b'see https://mercurial-scm.org/wiki/SecureConnections for '
820 b'how to configure Mercurial to avoid this error or set '
822 b'how to configure Mercurial to avoid this error or set '
821 b'hostsecurity.%s:fingerprints=%s to trust this server'
823 b'hostsecurity.%s:fingerprints=%s to trust this server'
822 )
824 )
823 % (host, nicefingerprint),
825 % (host, nicefingerprint),
824 )
826 )
825
827
826 msg = _verifycert(peercert2, shost)
828 msg = _verifycert(peercert2, shost)
827 if msg:
829 if msg:
828 raise error.SecurityError(
830 raise error.SecurityError(
829 _(b'%s certificate error: %s') % (host, msg),
831 _(b'%s certificate error: %s') % (host, msg),
830 hint=_(
832 hint=_(
831 b'set hostsecurity.%s:certfingerprints=%s '
833 b'set hostsecurity.%s:certfingerprints=%s '
832 b'config setting or use --insecure to connect '
834 b'config setting or use --insecure to connect '
833 b'insecurely'
835 b'insecurely'
834 )
836 )
835 % (host, nicefingerprint),
837 % (host, nicefingerprint),
836 )
838 )
General Comments 0
You need to be logged in to leave comments. Login now