##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

sslutil: support defining cipher list...
Gregory Szorc -
r29577:9654ef41 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,2197 +1,2213
1 1 The Mercurial system uses a set of configuration files to control
2 2 aspects of its behavior.
3 3
4 4 Troubleshooting
5 5 ===============
6 6
7 7 If you're having problems with your configuration,
8 8 :hg:`config --debug` can help you understand what is introducing
9 9 a setting into your environment.
10 10
11 11 See :hg:`help config.syntax` and :hg:`help config.files`
12 12 for information about how and where to override things.
13 13
14 14 Structure
15 15 =========
16 16
17 17 The configuration files use a simple ini-file format. A configuration
18 18 file consists of sections, led by a ``[section]`` header and followed
19 19 by ``name = value`` entries::
20 20
21 21 [ui]
22 22 username = Firstname Lastname <firstname.lastname@example.net>
23 23 verbose = True
24 24
25 25 The above entries will be referred to as ``ui.username`` and
26 26 ``ui.verbose``, respectively. See :hg:`help config.syntax`.
27 27
28 28 Files
29 29 =====
30 30
31 31 Mercurial reads configuration data from several files, if they exist.
32 32 These files do not exist by default and you will have to create the
33 33 appropriate configuration files yourself:
34 34
35 35 Local configuration is put into the per-repository ``<repo>/.hg/hgrc`` file.
36 36
37 37 Global configuration like the username setting is typically put into:
38 38
39 39 .. container:: windows
40 40
41 41 - ``%USERPROFILE%\mercurial.ini`` (on Windows)
42 42
43 43 .. container:: unix.plan9
44 44
45 45 - ``$HOME/.hgrc`` (on Unix, Plan9)
46 46
47 47 The names of these files depend on the system on which Mercurial is
48 48 installed. ``*.rc`` files from a single directory are read in
49 49 alphabetical order, later ones overriding earlier ones. Where multiple
50 50 paths are given below, settings from earlier paths override later
51 51 ones.
52 52
53 53 .. container:: verbose.unix
54 54
55 55 On Unix, the following files are consulted:
56 56
57 57 - ``<repo>/.hg/hgrc`` (per-repository)
58 58 - ``$HOME/.hgrc`` (per-user)
59 59 - ``<install-root>/etc/mercurial/hgrc`` (per-installation)
60 60 - ``<install-root>/etc/mercurial/hgrc.d/*.rc`` (per-installation)
61 61 - ``/etc/mercurial/hgrc`` (per-system)
62 62 - ``/etc/mercurial/hgrc.d/*.rc`` (per-system)
63 63 - ``<internal>/default.d/*.rc`` (defaults)
64 64
65 65 .. container:: verbose.windows
66 66
67 67 On Windows, the following files are consulted:
68 68
69 69 - ``<repo>/.hg/hgrc`` (per-repository)
70 70 - ``%USERPROFILE%\.hgrc`` (per-user)
71 71 - ``%USERPROFILE%\Mercurial.ini`` (per-user)
72 72 - ``%HOME%\.hgrc`` (per-user)
73 73 - ``%HOME%\Mercurial.ini`` (per-user)
74 74 - ``HKEY_LOCAL_MACHINE\SOFTWARE\Mercurial`` (per-installation)
75 75 - ``<install-dir>\hgrc.d\*.rc`` (per-installation)
76 76 - ``<install-dir>\Mercurial.ini`` (per-installation)
77 77 - ``<internal>/default.d/*.rc`` (defaults)
78 78
79 79 .. note::
80 80
81 81 The registry key ``HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mercurial``
82 82 is used when running 32-bit Python on 64-bit Windows.
83 83
84 84 .. container:: windows
85 85
86 86 On Windows 9x, ``%HOME%`` is replaced by ``%APPDATA%``.
87 87
88 88 .. container:: verbose.plan9
89 89
90 90 On Plan9, the following files are consulted:
91 91
92 92 - ``<repo>/.hg/hgrc`` (per-repository)
93 93 - ``$home/lib/hgrc`` (per-user)
94 94 - ``<install-root>/lib/mercurial/hgrc`` (per-installation)
95 95 - ``<install-root>/lib/mercurial/hgrc.d/*.rc`` (per-installation)
96 96 - ``/lib/mercurial/hgrc`` (per-system)
97 97 - ``/lib/mercurial/hgrc.d/*.rc`` (per-system)
98 98 - ``<internal>/default.d/*.rc`` (defaults)
99 99
100 100 Per-repository configuration options only apply in a
101 101 particular repository. This file is not version-controlled, and
102 102 will not get transferred during a "clone" operation. Options in
103 103 this file override options in all other configuration files.
104 104
105 105 .. container:: unix.plan9
106 106
107 107 On Plan 9 and Unix, most of this file will be ignored if it doesn't
108 108 belong to a trusted user or to a trusted group. See
109 109 :hg:`help config.trusted` for more details.
110 110
111 111 Per-user configuration file(s) are for the user running Mercurial. Options
112 112 in these files apply to all Mercurial commands executed by this user in any
113 113 directory. Options in these files override per-system and per-installation
114 114 options.
115 115
116 116 Per-installation configuration files are searched for in the
117 117 directory where Mercurial is installed. ``<install-root>`` is the
118 118 parent directory of the **hg** executable (or symlink) being run.
119 119
120 120 .. container:: unix.plan9
121 121
122 122 For example, if installed in ``/shared/tools/bin/hg``, Mercurial
123 123 will look in ``/shared/tools/etc/mercurial/hgrc``. Options in these
124 124 files apply to all Mercurial commands executed by any user in any
125 125 directory.
126 126
127 127 Per-installation configuration files are for the system on
128 128 which Mercurial is running. Options in these files apply to all
129 129 Mercurial commands executed by any user in any directory. Registry
130 130 keys contain PATH-like strings, every part of which must reference
131 131 a ``Mercurial.ini`` file or be a directory where ``*.rc`` files will
132 132 be read. Mercurial checks each of these locations in the specified
133 133 order until one or more configuration files are detected.
134 134
135 135 Per-system configuration files are for the system on which Mercurial
136 136 is running. Options in these files apply to all Mercurial commands
137 137 executed by any user in any directory. Options in these files
138 138 override per-installation options.
139 139
140 140 Mercurial comes with some default configuration. The default configuration
141 141 files are installed with Mercurial and will be overwritten on upgrades. Default
142 142 configuration files should never be edited by users or administrators but can
143 143 be overridden in other configuration files. So far the directory only contains
144 144 merge tool configuration but packagers can also put other default configuration
145 145 there.
146 146
147 147 Syntax
148 148 ======
149 149
150 150 A configuration file consists of sections, led by a ``[section]`` header
151 151 and followed by ``name = value`` entries (sometimes called
152 152 ``configuration keys``)::
153 153
154 154 [spam]
155 155 eggs=ham
156 156 green=
157 157 eggs
158 158
159 159 Each line contains one entry. If the lines that follow are indented,
160 160 they are treated as continuations of that entry. Leading whitespace is
161 161 removed from values. Empty lines are skipped. Lines beginning with
162 162 ``#`` or ``;`` are ignored and may be used to provide comments.
163 163
164 164 Configuration keys can be set multiple times, in which case Mercurial
165 165 will use the value that was configured last. As an example::
166 166
167 167 [spam]
168 168 eggs=large
169 169 ham=serrano
170 170 eggs=small
171 171
172 172 This would set the configuration key named ``eggs`` to ``small``.
173 173
174 174 It is also possible to define a section multiple times. A section can
175 175 be redefined on the same and/or on different configuration files. For
176 176 example::
177 177
178 178 [foo]
179 179 eggs=large
180 180 ham=serrano
181 181 eggs=small
182 182
183 183 [bar]
184 184 eggs=ham
185 185 green=
186 186 eggs
187 187
188 188 [foo]
189 189 ham=prosciutto
190 190 eggs=medium
191 191 bread=toasted
192 192
193 193 This would set the ``eggs``, ``ham``, and ``bread`` configuration keys
194 194 of the ``foo`` section to ``medium``, ``prosciutto``, and ``toasted``,
195 195 respectively. As you can see there only thing that matters is the last
196 196 value that was set for each of the configuration keys.
197 197
198 198 If a configuration key is set multiple times in different
199 199 configuration files the final value will depend on the order in which
200 200 the different configuration files are read, with settings from earlier
201 201 paths overriding later ones as described on the ``Files`` section
202 202 above.
203 203
204 204 A line of the form ``%include file`` will include ``file`` into the
205 205 current configuration file. The inclusion is recursive, which means
206 206 that included files can include other files. Filenames are relative to
207 207 the configuration file in which the ``%include`` directive is found.
208 208 Environment variables and ``~user`` constructs are expanded in
209 209 ``file``. This lets you do something like::
210 210
211 211 %include ~/.hgrc.d/$HOST.rc
212 212
213 213 to include a different configuration file on each computer you use.
214 214
215 215 A line with ``%unset name`` will remove ``name`` from the current
216 216 section, if it has been set previously.
217 217
218 218 The values are either free-form text strings, lists of text strings,
219 219 or Boolean values. Boolean values can be set to true using any of "1",
220 220 "yes", "true", or "on" and to false using "0", "no", "false", or "off"
221 221 (all case insensitive).
222 222
223 223 List values are separated by whitespace or comma, except when values are
224 224 placed in double quotation marks::
225 225
226 226 allow_read = "John Doe, PhD", brian, betty
227 227
228 228 Quotation marks can be escaped by prefixing them with a backslash. Only
229 229 quotation marks at the beginning of a word is counted as a quotation
230 230 (e.g., ``foo"bar baz`` is the list of ``foo"bar`` and ``baz``).
231 231
232 232 Sections
233 233 ========
234 234
235 235 This section describes the different sections that may appear in a
236 236 Mercurial configuration file, the purpose of each section, its possible
237 237 keys, and their possible values.
238 238
239 239 ``alias``
240 240 ---------
241 241
242 242 Defines command aliases.
243 243
244 244 Aliases allow you to define your own commands in terms of other
245 245 commands (or aliases), optionally including arguments. Positional
246 246 arguments in the form of ``$1``, ``$2``, etc. in the alias definition
247 247 are expanded by Mercurial before execution. Positional arguments not
248 248 already used by ``$N`` in the definition are put at the end of the
249 249 command to be executed.
250 250
251 251 Alias definitions consist of lines of the form::
252 252
253 253 <alias> = <command> [<argument>]...
254 254
255 255 For example, this definition::
256 256
257 257 latest = log --limit 5
258 258
259 259 creates a new command ``latest`` that shows only the five most recent
260 260 changesets. You can define subsequent aliases using earlier ones::
261 261
262 262 stable5 = latest -b stable
263 263
264 264 .. note::
265 265
266 266 It is possible to create aliases with the same names as
267 267 existing commands, which will then override the original
268 268 definitions. This is almost always a bad idea!
269 269
270 270 An alias can start with an exclamation point (``!``) to make it a
271 271 shell alias. A shell alias is executed with the shell and will let you
272 272 run arbitrary commands. As an example, ::
273 273
274 274 echo = !echo $@
275 275
276 276 will let you do ``hg echo foo`` to have ``foo`` printed in your
277 277 terminal. A better example might be::
278 278
279 279 purge = !$HG status --no-status --unknown -0 re: | xargs -0 rm
280 280
281 281 which will make ``hg purge`` delete all unknown files in the
282 282 repository in the same manner as the purge extension.
283 283
284 284 Positional arguments like ``$1``, ``$2``, etc. in the alias definition
285 285 expand to the command arguments. Unmatched arguments are
286 286 removed. ``$0`` expands to the alias name and ``$@`` expands to all
287 287 arguments separated by a space. ``"$@"`` (with quotes) expands to all
288 288 arguments quoted individually and separated by a space. These expansions
289 289 happen before the command is passed to the shell.
290 290
291 291 Shell aliases are executed in an environment where ``$HG`` expands to
292 292 the path of the Mercurial that was used to execute the alias. This is
293 293 useful when you want to call further Mercurial commands in a shell
294 294 alias, as was done above for the purge alias. In addition,
295 295 ``$HG_ARGS`` expands to the arguments given to Mercurial. In the ``hg
296 296 echo foo`` call above, ``$HG_ARGS`` would expand to ``echo foo``.
297 297
298 298 .. note::
299 299
300 300 Some global configuration options such as ``-R`` are
301 301 processed before shell aliases and will thus not be passed to
302 302 aliases.
303 303
304 304
305 305 ``annotate``
306 306 ------------
307 307
308 308 Settings used when displaying file annotations. All values are
309 309 Booleans and default to False. See :hg:`help config.diff` for
310 310 related options for the diff command.
311 311
312 312 ``ignorews``
313 313 Ignore white space when comparing lines.
314 314
315 315 ``ignorewsamount``
316 316 Ignore changes in the amount of white space.
317 317
318 318 ``ignoreblanklines``
319 319 Ignore changes whose lines are all blank.
320 320
321 321
322 322 ``auth``
323 323 --------
324 324
325 325 Authentication credentials for HTTP authentication. This section
326 326 allows you to store usernames and passwords for use when logging
327 327 *into* HTTP servers. See :hg:`help config.web` if
328 328 you want to configure *who* can login to your HTTP server.
329 329
330 330 Each line has the following format::
331 331
332 332 <name>.<argument> = <value>
333 333
334 334 where ``<name>`` is used to group arguments into authentication
335 335 entries. Example::
336 336
337 337 foo.prefix = hg.intevation.de/mercurial
338 338 foo.username = foo
339 339 foo.password = bar
340 340 foo.schemes = http https
341 341
342 342 bar.prefix = secure.example.org
343 343 bar.key = path/to/file.key
344 344 bar.cert = path/to/file.cert
345 345 bar.schemes = https
346 346
347 347 Supported arguments:
348 348
349 349 ``prefix``
350 350 Either ``*`` or a URI prefix with or without the scheme part.
351 351 The authentication entry with the longest matching prefix is used
352 352 (where ``*`` matches everything and counts as a match of length
353 353 1). If the prefix doesn't include a scheme, the match is performed
354 354 against the URI with its scheme stripped as well, and the schemes
355 355 argument, q.v., is then subsequently consulted.
356 356
357 357 ``username``
358 358 Optional. Username to authenticate with. If not given, and the
359 359 remote site requires basic or digest authentication, the user will
360 360 be prompted for it. Environment variables are expanded in the
361 361 username letting you do ``foo.username = $USER``. If the URI
362 362 includes a username, only ``[auth]`` entries with a matching
363 363 username or without a username will be considered.
364 364
365 365 ``password``
366 366 Optional. Password to authenticate with. If not given, and the
367 367 remote site requires basic or digest authentication, the user
368 368 will be prompted for it.
369 369
370 370 ``key``
371 371 Optional. PEM encoded client certificate key file. Environment
372 372 variables are expanded in the filename.
373 373
374 374 ``cert``
375 375 Optional. PEM encoded client certificate chain file. Environment
376 376 variables are expanded in the filename.
377 377
378 378 ``schemes``
379 379 Optional. Space separated list of URI schemes to use this
380 380 authentication entry with. Only used if the prefix doesn't include
381 381 a scheme. Supported schemes are http and https. They will match
382 382 static-http and static-https respectively, as well.
383 383 (default: https)
384 384
385 385 If no suitable authentication entry is found, the user is prompted
386 386 for credentials as usual if required by the remote.
387 387
388 388
389 389 ``committemplate``
390 390 ------------------
391 391
392 392 ``changeset``
393 393 String: configuration in this section is used as the template to
394 394 customize the text shown in the editor when committing.
395 395
396 396 In addition to pre-defined template keywords, commit log specific one
397 397 below can be used for customization:
398 398
399 399 ``extramsg``
400 400 String: Extra message (typically 'Leave message empty to abort
401 401 commit.'). This may be changed by some commands or extensions.
402 402
403 403 For example, the template configuration below shows as same text as
404 404 one shown by default::
405 405
406 406 [committemplate]
407 407 changeset = {desc}\n\n
408 408 HG: Enter commit message. Lines beginning with 'HG:' are removed.
409 409 HG: {extramsg}
410 410 HG: --
411 411 HG: user: {author}\n{ifeq(p2rev, "-1", "",
412 412 "HG: branch merge\n")
413 413 }HG: branch '{branch}'\n{if(activebookmark,
414 414 "HG: bookmark '{activebookmark}'\n") }{subrepos %
415 415 "HG: subrepo {subrepo}\n" }{file_adds %
416 416 "HG: added {file}\n" }{file_mods %
417 417 "HG: changed {file}\n" }{file_dels %
418 418 "HG: removed {file}\n" }{if(files, "",
419 419 "HG: no files changed\n")}
420 420
421 421 .. note::
422 422
423 423 For some problematic encodings (see :hg:`help win32mbcs` for
424 424 detail), this customization should be configured carefully, to
425 425 avoid showing broken characters.
426 426
427 427 For example, if a multibyte character ending with backslash (0x5c) is
428 428 followed by the ASCII character 'n' in the customized template,
429 429 the sequence of backslash and 'n' is treated as line-feed unexpectedly
430 430 (and the multibyte character is broken, too).
431 431
432 432 Customized template is used for commands below (``--edit`` may be
433 433 required):
434 434
435 435 - :hg:`backout`
436 436 - :hg:`commit`
437 437 - :hg:`fetch` (for merge commit only)
438 438 - :hg:`graft`
439 439 - :hg:`histedit`
440 440 - :hg:`import`
441 441 - :hg:`qfold`, :hg:`qnew` and :hg:`qrefresh`
442 442 - :hg:`rebase`
443 443 - :hg:`shelve`
444 444 - :hg:`sign`
445 445 - :hg:`tag`
446 446 - :hg:`transplant`
447 447
448 448 Configuring items below instead of ``changeset`` allows showing
449 449 customized message only for specific actions, or showing different
450 450 messages for each action.
451 451
452 452 - ``changeset.backout`` for :hg:`backout`
453 453 - ``changeset.commit.amend.merge`` for :hg:`commit --amend` on merges
454 454 - ``changeset.commit.amend.normal`` for :hg:`commit --amend` on other
455 455 - ``changeset.commit.normal.merge`` for :hg:`commit` on merges
456 456 - ``changeset.commit.normal.normal`` for :hg:`commit` on other
457 457 - ``changeset.fetch`` for :hg:`fetch` (impling merge commit)
458 458 - ``changeset.gpg.sign`` for :hg:`sign`
459 459 - ``changeset.graft`` for :hg:`graft`
460 460 - ``changeset.histedit.edit`` for ``edit`` of :hg:`histedit`
461 461 - ``changeset.histedit.fold`` for ``fold`` of :hg:`histedit`
462 462 - ``changeset.histedit.mess`` for ``mess`` of :hg:`histedit`
463 463 - ``changeset.histedit.pick`` for ``pick`` of :hg:`histedit`
464 464 - ``changeset.import.bypass`` for :hg:`import --bypass`
465 465 - ``changeset.import.normal.merge`` for :hg:`import` on merges
466 466 - ``changeset.import.normal.normal`` for :hg:`import` on other
467 467 - ``changeset.mq.qnew`` for :hg:`qnew`
468 468 - ``changeset.mq.qfold`` for :hg:`qfold`
469 469 - ``changeset.mq.qrefresh`` for :hg:`qrefresh`
470 470 - ``changeset.rebase.collapse`` for :hg:`rebase --collapse`
471 471 - ``changeset.rebase.merge`` for :hg:`rebase` on merges
472 472 - ``changeset.rebase.normal`` for :hg:`rebase` on other
473 473 - ``changeset.shelve.shelve`` for :hg:`shelve`
474 474 - ``changeset.tag.add`` for :hg:`tag` without ``--remove``
475 475 - ``changeset.tag.remove`` for :hg:`tag --remove`
476 476 - ``changeset.transplant.merge`` for :hg:`transplant` on merges
477 477 - ``changeset.transplant.normal`` for :hg:`transplant` on other
478 478
479 479 These dot-separated lists of names are treated as hierarchical ones.
480 480 For example, ``changeset.tag.remove`` customizes the commit message
481 481 only for :hg:`tag --remove`, but ``changeset.tag`` customizes the
482 482 commit message for :hg:`tag` regardless of ``--remove`` option.
483 483
484 484 When the external editor is invoked for a commit, the corresponding
485 485 dot-separated list of names without the ``changeset.`` prefix
486 486 (e.g. ``commit.normal.normal``) is in the ``HGEDITFORM`` environment
487 487 variable.
488 488
489 489 In this section, items other than ``changeset`` can be referred from
490 490 others. For example, the configuration to list committed files up
491 491 below can be referred as ``{listupfiles}``::
492 492
493 493 [committemplate]
494 494 listupfiles = {file_adds %
495 495 "HG: added {file}\n" }{file_mods %
496 496 "HG: changed {file}\n" }{file_dels %
497 497 "HG: removed {file}\n" }{if(files, "",
498 498 "HG: no files changed\n")}
499 499
500 500 ``decode/encode``
501 501 -----------------
502 502
503 503 Filters for transforming files on checkout/checkin. This would
504 504 typically be used for newline processing or other
505 505 localization/canonicalization of files.
506 506
507 507 Filters consist of a filter pattern followed by a filter command.
508 508 Filter patterns are globs by default, rooted at the repository root.
509 509 For example, to match any file ending in ``.txt`` in the root
510 510 directory only, use the pattern ``*.txt``. To match any file ending
511 511 in ``.c`` anywhere in the repository, use the pattern ``**.c``.
512 512 For each file only the first matching filter applies.
513 513
514 514 The filter command can start with a specifier, either ``pipe:`` or
515 515 ``tempfile:``. If no specifier is given, ``pipe:`` is used by default.
516 516
517 517 A ``pipe:`` command must accept data on stdin and return the transformed
518 518 data on stdout.
519 519
520 520 Pipe example::
521 521
522 522 [encode]
523 523 # uncompress gzip files on checkin to improve delta compression
524 524 # note: not necessarily a good idea, just an example
525 525 *.gz = pipe: gunzip
526 526
527 527 [decode]
528 528 # recompress gzip files when writing them to the working dir (we
529 529 # can safely omit "pipe:", because it's the default)
530 530 *.gz = gzip
531 531
532 532 A ``tempfile:`` command is a template. The string ``INFILE`` is replaced
533 533 with the name of a temporary file that contains the data to be
534 534 filtered by the command. The string ``OUTFILE`` is replaced with the name
535 535 of an empty temporary file, where the filtered data must be written by
536 536 the command.
537 537
538 538 .. container:: windows
539 539
540 540 .. note::
541 541
542 542 The tempfile mechanism is recommended for Windows systems,
543 543 where the standard shell I/O redirection operators often have
544 544 strange effects and may corrupt the contents of your files.
545 545
546 546 This filter mechanism is used internally by the ``eol`` extension to
547 547 translate line ending characters between Windows (CRLF) and Unix (LF)
548 548 format. We suggest you use the ``eol`` extension for convenience.
549 549
550 550
551 551 ``defaults``
552 552 ------------
553 553
554 554 (defaults are deprecated. Don't use them. Use aliases instead.)
555 555
556 556 Use the ``[defaults]`` section to define command defaults, i.e. the
557 557 default options/arguments to pass to the specified commands.
558 558
559 559 The following example makes :hg:`log` run in verbose mode, and
560 560 :hg:`status` show only the modified files, by default::
561 561
562 562 [defaults]
563 563 log = -v
564 564 status = -m
565 565
566 566 The actual commands, instead of their aliases, must be used when
567 567 defining command defaults. The command defaults will also be applied
568 568 to the aliases of the commands defined.
569 569
570 570
571 571 ``diff``
572 572 --------
573 573
574 574 Settings used when displaying diffs. Everything except for ``unified``
575 575 is a Boolean and defaults to False. See :hg:`help config.annotate`
576 576 for related options for the annotate command.
577 577
578 578 ``git``
579 579 Use git extended diff format.
580 580
581 581 ``nobinary``
582 582 Omit git binary patches.
583 583
584 584 ``nodates``
585 585 Don't include dates in diff headers.
586 586
587 587 ``noprefix``
588 588 Omit 'a/' and 'b/' prefixes from filenames. Ignored in plain mode.
589 589
590 590 ``showfunc``
591 591 Show which function each change is in.
592 592
593 593 ``ignorews``
594 594 Ignore white space when comparing lines.
595 595
596 596 ``ignorewsamount``
597 597 Ignore changes in the amount of white space.
598 598
599 599 ``ignoreblanklines``
600 600 Ignore changes whose lines are all blank.
601 601
602 602 ``unified``
603 603 Number of lines of context to show.
604 604
605 605 ``email``
606 606 ---------
607 607
608 608 Settings for extensions that send email messages.
609 609
610 610 ``from``
611 611 Optional. Email address to use in "From" header and SMTP envelope
612 612 of outgoing messages.
613 613
614 614 ``to``
615 615 Optional. Comma-separated list of recipients' email addresses.
616 616
617 617 ``cc``
618 618 Optional. Comma-separated list of carbon copy recipients'
619 619 email addresses.
620 620
621 621 ``bcc``
622 622 Optional. Comma-separated list of blind carbon copy recipients'
623 623 email addresses.
624 624
625 625 ``method``
626 626 Optional. Method to use to send email messages. If value is ``smtp``
627 627 (default), use SMTP (see the ``[smtp]`` section for configuration).
628 628 Otherwise, use as name of program to run that acts like sendmail
629 629 (takes ``-f`` option for sender, list of recipients on command line,
630 630 message on stdin). Normally, setting this to ``sendmail`` or
631 631 ``/usr/sbin/sendmail`` is enough to use sendmail to send messages.
632 632
633 633 ``charsets``
634 634 Optional. Comma-separated list of character sets considered
635 635 convenient for recipients. Addresses, headers, and parts not
636 636 containing patches of outgoing messages will be encoded in the
637 637 first character set to which conversion from local encoding
638 638 (``$HGENCODING``, ``ui.fallbackencoding``) succeeds. If correct
639 639 conversion fails, the text in question is sent as is.
640 640 (default: '')
641 641
642 642 Order of outgoing email character sets:
643 643
644 644 1. ``us-ascii``: always first, regardless of settings
645 645 2. ``email.charsets``: in order given by user
646 646 3. ``ui.fallbackencoding``: if not in email.charsets
647 647 4. ``$HGENCODING``: if not in email.charsets
648 648 5. ``utf-8``: always last, regardless of settings
649 649
650 650 Email example::
651 651
652 652 [email]
653 653 from = Joseph User <joe.user@example.com>
654 654 method = /usr/sbin/sendmail
655 655 # charsets for western Europeans
656 656 # us-ascii, utf-8 omitted, as they are tried first and last
657 657 charsets = iso-8859-1, iso-8859-15, windows-1252
658 658
659 659
660 660 ``extensions``
661 661 --------------
662 662
663 663 Mercurial has an extension mechanism for adding new features. To
664 664 enable an extension, create an entry for it in this section.
665 665
666 666 If you know that the extension is already in Python's search path,
667 667 you can give the name of the module, followed by ``=``, with nothing
668 668 after the ``=``.
669 669
670 670 Otherwise, give a name that you choose, followed by ``=``, followed by
671 671 the path to the ``.py`` file (including the file name extension) that
672 672 defines the extension.
673 673
674 674 To explicitly disable an extension that is enabled in an hgrc of
675 675 broader scope, prepend its path with ``!``, as in ``foo = !/ext/path``
676 676 or ``foo = !`` when path is not supplied.
677 677
678 678 Example for ``~/.hgrc``::
679 679
680 680 [extensions]
681 681 # (the color extension will get loaded from Mercurial's path)
682 682 color =
683 683 # (this extension will get loaded from the file specified)
684 684 myfeature = ~/.hgext/myfeature.py
685 685
686 686
687 687 ``format``
688 688 ----------
689 689
690 690 ``usegeneraldelta``
691 691 Enable or disable the "generaldelta" repository format which improves
692 692 repository compression by allowing "revlog" to store delta against arbitrary
693 693 revision instead of the previous stored one. This provides significant
694 694 improvement for repositories with branches.
695 695
696 696 Repositories with this on-disk format require Mercurial version 1.9.
697 697
698 698 Enabled by default.
699 699
700 700 ``dotencode``
701 701 Enable or disable the "dotencode" repository format which enhances
702 702 the "fncache" repository format (which has to be enabled to use
703 703 dotencode) to avoid issues with filenames starting with ._ on
704 704 Mac OS X and spaces on Windows.
705 705
706 706 Repositories with this on-disk format require Mercurial version 1.7.
707 707
708 708 Enabled by default.
709 709
710 710 ``usefncache``
711 711 Enable or disable the "fncache" repository format which enhances
712 712 the "store" repository format (which has to be enabled to use
713 713 fncache) to allow longer filenames and avoids using Windows
714 714 reserved names, e.g. "nul".
715 715
716 716 Repositories with this on-disk format require Mercurial version 1.1.
717 717
718 718 Enabled by default.
719 719
720 720 ``usestore``
721 721 Enable or disable the "store" repository format which improves
722 722 compatibility with systems that fold case or otherwise mangle
723 723 filenames. Disabling this option will allow you to store longer filenames
724 724 in some situations at the expense of compatibility.
725 725
726 726 Repositories with this on-disk format require Mercurial version 0.9.4.
727 727
728 728 Enabled by default.
729 729
730 730 ``graph``
731 731 ---------
732 732
733 733 Web graph view configuration. This section let you change graph
734 734 elements display properties by branches, for instance to make the
735 735 ``default`` branch stand out.
736 736
737 737 Each line has the following format::
738 738
739 739 <branch>.<argument> = <value>
740 740
741 741 where ``<branch>`` is the name of the branch being
742 742 customized. Example::
743 743
744 744 [graph]
745 745 # 2px width
746 746 default.width = 2
747 747 # red color
748 748 default.color = FF0000
749 749
750 750 Supported arguments:
751 751
752 752 ``width``
753 753 Set branch edges width in pixels.
754 754
755 755 ``color``
756 756 Set branch edges color in hexadecimal RGB notation.
757 757
758 758 ``hooks``
759 759 ---------
760 760
761 761 Commands or Python functions that get automatically executed by
762 762 various actions such as starting or finishing a commit. Multiple
763 763 hooks can be run for the same action by appending a suffix to the
764 764 action. Overriding a site-wide hook can be done by changing its
765 765 value or setting it to an empty string. Hooks can be prioritized
766 766 by adding a prefix of ``priority.`` to the hook name on a new line
767 767 and setting the priority. The default priority is 0.
768 768
769 769 Example ``.hg/hgrc``::
770 770
771 771 [hooks]
772 772 # update working directory after adding changesets
773 773 changegroup.update = hg update
774 774 # do not use the site-wide hook
775 775 incoming =
776 776 incoming.email = /my/email/hook
777 777 incoming.autobuild = /my/build/hook
778 778 # force autobuild hook to run before other incoming hooks
779 779 priority.incoming.autobuild = 1
780 780
781 781 Most hooks are run with environment variables set that give useful
782 782 additional information. For each hook below, the environment
783 783 variables it is passed are listed with names of the form ``$HG_foo``.
784 784
785 785 ``changegroup``
786 786 Run after a changegroup has been added via push, pull or unbundle. ID of the
787 787 first new changeset is in ``$HG_NODE`` and last in ``$HG_NODE_LAST``. URL
788 788 from which changes came is in ``$HG_URL``.
789 789
790 790 ``commit``
791 791 Run after a changeset has been created in the local repository. ID
792 792 of the newly created changeset is in ``$HG_NODE``. Parent changeset
793 793 IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``.
794 794
795 795 ``incoming``
796 796 Run after a changeset has been pulled, pushed, or unbundled into
797 797 the local repository. The ID of the newly arrived changeset is in
798 798 ``$HG_NODE``. URL that was source of changes came is in ``$HG_URL``.
799 799
800 800 ``outgoing``
801 801 Run after sending changes from local repository to another. ID of
802 802 first changeset sent is in ``$HG_NODE``. Source of operation is in
803 803 ``$HG_SOURCE``; Also see :hg:`help config.hooks.preoutgoing` hook.
804 804
805 805 ``post-<command>``
806 806 Run after successful invocations of the associated command. The
807 807 contents of the command line are passed as ``$HG_ARGS`` and the result
808 808 code in ``$HG_RESULT``. Parsed command line arguments are passed as
809 809 ``$HG_PATS`` and ``$HG_OPTS``. These contain string representations of
810 810 the python data internally passed to <command>. ``$HG_OPTS`` is a
811 811 dictionary of options (with unspecified options set to their defaults).
812 812 ``$HG_PATS`` is a list of arguments. Hook failure is ignored.
813 813
814 814 ``fail-<command>``
815 815 Run after a failed invocation of an associated command. The contents
816 816 of the command line are passed as ``$HG_ARGS``. Parsed command line
817 817 arguments are passed as ``$HG_PATS`` and ``$HG_OPTS``. These contain
818 818 string representations of the python data internally passed to
819 819 <command>. ``$HG_OPTS`` is a dictionary of options (with unspecified
820 820 options set to their defaults). ``$HG_PATS`` is a list of arguments.
821 821 Hook failure is ignored.
822 822
823 823 ``pre-<command>``
824 824 Run before executing the associated command. The contents of the
825 825 command line are passed as ``$HG_ARGS``. Parsed command line arguments
826 826 are passed as ``$HG_PATS`` and ``$HG_OPTS``. These contain string
827 827 representations of the data internally passed to <command>. ``$HG_OPTS``
828 828 is a dictionary of options (with unspecified options set to their
829 829 defaults). ``$HG_PATS`` is a list of arguments. If the hook returns
830 830 failure, the command doesn't execute and Mercurial returns the failure
831 831 code.
832 832
833 833 ``prechangegroup``
834 834 Run before a changegroup is added via push, pull or unbundle. Exit
835 835 status 0 allows the changegroup to proceed. Non-zero status will
836 836 cause the push, pull or unbundle to fail. URL from which changes
837 837 will come is in ``$HG_URL``.
838 838
839 839 ``precommit``
840 840 Run before starting a local commit. Exit status 0 allows the
841 841 commit to proceed. Non-zero status will cause the commit to fail.
842 842 Parent changeset IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``.
843 843
844 844 ``prelistkeys``
845 845 Run before listing pushkeys (like bookmarks) in the
846 846 repository. Non-zero status will cause failure. The key namespace is
847 847 in ``$HG_NAMESPACE``.
848 848
849 849 ``preoutgoing``
850 850 Run before collecting changes to send from the local repository to
851 851 another. Non-zero status will cause failure. This lets you prevent
852 852 pull over HTTP or SSH. Also prevents against local pull, push
853 853 (outbound) or bundle commands, but not effective, since you can
854 854 just copy files instead then. Source of operation is in
855 855 ``$HG_SOURCE``. If "serve", operation is happening on behalf of remote
856 856 SSH or HTTP repository. If "push", "pull" or "bundle", operation
857 857 is happening on behalf of repository on same system.
858 858
859 859 ``prepushkey``
860 860 Run before a pushkey (like a bookmark) is added to the
861 861 repository. Non-zero status will cause the key to be rejected. The
862 862 key namespace is in ``$HG_NAMESPACE``, the key is in ``$HG_KEY``,
863 863 the old value (if any) is in ``$HG_OLD``, and the new value is in
864 864 ``$HG_NEW``.
865 865
866 866 ``pretag``
867 867 Run before creating a tag. Exit status 0 allows the tag to be
868 868 created. Non-zero status will cause the tag to fail. ID of
869 869 changeset to tag is in ``$HG_NODE``. Name of tag is in ``$HG_TAG``. Tag is
870 870 local if ``$HG_LOCAL=1``, in repository if ``$HG_LOCAL=0``.
871 871
872 872 ``pretxnopen``
873 873 Run before any new repository transaction is open. The reason for the
874 874 transaction will be in ``$HG_TXNNAME`` and a unique identifier for the
875 875 transaction will be in ``HG_TXNID``. A non-zero status will prevent the
876 876 transaction from being opened.
877 877
878 878 ``pretxnclose``
879 879 Run right before the transaction is actually finalized. Any repository change
880 880 will be visible to the hook program. This lets you validate the transaction
881 881 content or change it. Exit status 0 allows the commit to proceed. Non-zero
882 882 status will cause the transaction to be rolled back. The reason for the
883 883 transaction opening will be in ``$HG_TXNNAME`` and a unique identifier for
884 884 the transaction will be in ``HG_TXNID``. The rest of the available data will
885 885 vary according the transaction type. New changesets will add ``$HG_NODE`` (id
886 886 of the first added changeset), ``$HG_NODE_LAST`` (id of the last added
887 887 changeset), ``$HG_URL`` and ``$HG_SOURCE`` variables, bookmarks and phases
888 888 changes will set ``HG_BOOKMARK_MOVED`` and ``HG_PHASES_MOVED`` to ``1``, etc.
889 889
890 890 ``txnclose``
891 891 Run after any repository transaction has been committed. At this
892 892 point, the transaction can no longer be rolled back. The hook will run
893 893 after the lock is released. See :hg:`help config.hooks.pretxnclose` docs for
894 894 details about available variables.
895 895
896 896 ``txnabort``
897 897 Run when a transaction is aborted. See :hg:`help config.hooks.pretxnclose`
898 898 docs for details about available variables.
899 899
900 900 ``pretxnchangegroup``
901 901 Run after a changegroup has been added via push, pull or unbundle, but before
902 902 the transaction has been committed. Changegroup is visible to hook program.
903 903 This lets you validate incoming changes before accepting them. Passed the ID
904 904 of the first new changeset in ``$HG_NODE`` and last in ``$HG_NODE_LAST``.
905 905 Exit status 0 allows the transaction to commit. Non-zero status will cause
906 906 the transaction to be rolled back and the push, pull or unbundle will fail.
907 907 URL that was source of changes is in ``$HG_URL``.
908 908
909 909 ``pretxncommit``
910 910 Run after a changeset has been created but the transaction not yet
911 911 committed. Changeset is visible to hook program. This lets you
912 912 validate commit message and changes. Exit status 0 allows the
913 913 commit to proceed. Non-zero status will cause the transaction to
914 914 be rolled back. ID of changeset is in ``$HG_NODE``. Parent changeset
915 915 IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``.
916 916
917 917 ``preupdate``
918 918 Run before updating the working directory. Exit status 0 allows
919 919 the update to proceed. Non-zero status will prevent the update.
920 920 Changeset ID of first new parent is in ``$HG_PARENT1``. If merge, ID
921 921 of second new parent is in ``$HG_PARENT2``.
922 922
923 923 ``listkeys``
924 924 Run after listing pushkeys (like bookmarks) in the repository. The
925 925 key namespace is in ``$HG_NAMESPACE``. ``$HG_VALUES`` is a
926 926 dictionary containing the keys and values.
927 927
928 928 ``pushkey``
929 929 Run after a pushkey (like a bookmark) is added to the
930 930 repository. The key namespace is in ``$HG_NAMESPACE``, the key is in
931 931 ``$HG_KEY``, the old value (if any) is in ``$HG_OLD``, and the new
932 932 value is in ``$HG_NEW``.
933 933
934 934 ``tag``
935 935 Run after a tag is created. ID of tagged changeset is in ``$HG_NODE``.
936 936 Name of tag is in ``$HG_TAG``. Tag is local if ``$HG_LOCAL=1``, in
937 937 repository if ``$HG_LOCAL=0``.
938 938
939 939 ``update``
940 940 Run after updating the working directory. Changeset ID of first
941 941 new parent is in ``$HG_PARENT1``. If merge, ID of second new parent is
942 942 in ``$HG_PARENT2``. If the update succeeded, ``$HG_ERROR=0``. If the
943 943 update failed (e.g. because conflicts not resolved), ``$HG_ERROR=1``.
944 944
945 945 .. note::
946 946
947 947 It is generally better to use standard hooks rather than the
948 948 generic pre- and post- command hooks as they are guaranteed to be
949 949 called in the appropriate contexts for influencing transactions.
950 950 Also, hooks like "commit" will be called in all contexts that
951 951 generate a commit (e.g. tag) and not just the commit command.
952 952
953 953 .. note::
954 954
955 955 Environment variables with empty values may not be passed to
956 956 hooks on platforms such as Windows. As an example, ``$HG_PARENT2``
957 957 will have an empty value under Unix-like platforms for non-merge
958 958 changesets, while it will not be available at all under Windows.
959 959
960 960 The syntax for Python hooks is as follows::
961 961
962 962 hookname = python:modulename.submodule.callable
963 963 hookname = python:/path/to/python/module.py:callable
964 964
965 965 Python hooks are run within the Mercurial process. Each hook is
966 966 called with at least three keyword arguments: a ui object (keyword
967 967 ``ui``), a repository object (keyword ``repo``), and a ``hooktype``
968 968 keyword that tells what kind of hook is used. Arguments listed as
969 969 environment variables above are passed as keyword arguments, with no
970 970 ``HG_`` prefix, and names in lower case.
971 971
972 972 If a Python hook returns a "true" value or raises an exception, this
973 973 is treated as a failure.
974 974
975 975
976 976 ``hostfingerprints``
977 977 --------------------
978 978
979 979 (Deprecated. Use ``[hostsecurity]``'s ``fingerprints`` options instead.)
980 980
981 981 Fingerprints of the certificates of known HTTPS servers.
982 982
983 983 A HTTPS connection to a server with a fingerprint configured here will
984 984 only succeed if the servers certificate matches the fingerprint.
985 985 This is very similar to how ssh known hosts works.
986 986
987 987 The fingerprint is the SHA-1 hash value of the DER encoded certificate.
988 988 Multiple values can be specified (separated by spaces or commas). This can
989 989 be used to define both old and new fingerprints while a host transitions
990 990 to a new certificate.
991 991
992 992 The CA chain and web.cacerts is not used for servers with a fingerprint.
993 993
994 994 For example::
995 995
996 996 [hostfingerprints]
997 997 hg.intevation.de = fc:e2:8d:d9:51:cd:cb:c1:4d:18:6b:b7:44:8d:49:72:57:e6:cd:33
998 998 hg.intevation.org = fc:e2:8d:d9:51:cd:cb:c1:4d:18:6b:b7:44:8d:49:72:57:e6:cd:33
999 999
1000 1000 ``hostsecurity``
1001 1001 ----------------
1002 1002
1003 1003 Used to specify global and per-host security settings for connecting to
1004 1004 other machines.
1005 1005
1006 1006 The following options control default behavior for all hosts.
1007 1007
1008 ``ciphers``
1009 Defines the cryptographic ciphers to use for connections.
1010
1011 Value must be a valid OpenSSL Cipher List Format as documented at
1012 https://www.openssl.org/docs/manmaster/apps/ciphers.html#CIPHER-LIST-FORMAT.
1013
1014 This setting is for advanced users only. Setting to incorrect values
1015 can significantly lower connection security or decrease performance.
1016 You have been warned.
1017
1018 This option requires Python 2.7.
1019
1008 1020 ``minimumprotocol``
1009 1021 Defines the minimum channel encryption protocol to use.
1010 1022
1011 1023 By default, the highest version of TLS supported by both client and server
1012 1024 is used.
1013 1025
1014 1026 Allowed values are: ``tls1.0``, ``tls1.1``, ``tls1.2``.
1015 1027
1016 1028 When running on an old Python version, only ``tls1.0`` is allowed since
1017 1029 old versions of Python only support up to TLS 1.0.
1018 1030
1019 1031 When running a Python that supports modern TLS versions, the default is
1020 1032 ``tls1.1``. ``tls1.0`` can still be used to allow TLS 1.0. However, this
1021 1033 weakens security and should only be used as a feature of last resort if
1022 1034 a server does not support TLS 1.1+.
1023 1035
1024 1036 Options in the ``[hostsecurity]`` section can have the form
1025 1037 ``hostname``:``setting``. This allows multiple settings to be defined on a
1026 1038 per-host basis.
1027 1039
1028 1040 The following per-host settings can be defined.
1029 1041
1042 ``ciphers``
1043 This behaves like ``ciphers`` as described above except it only applies
1044 to the host on which it is defined.
1045
1030 1046 ``fingerprints``
1031 1047 A list of hashes of the DER encoded peer/remote certificate. Values have
1032 1048 the form ``algorithm``:``fingerprint``. e.g.
1033 1049 ``sha256:c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2``.
1034 1050
1035 1051 The following algorithms/prefixes are supported: ``sha1``, ``sha256``,
1036 1052 ``sha512``.
1037 1053
1038 1054 Use of ``sha256`` or ``sha512`` is preferred.
1039 1055
1040 1056 If a fingerprint is specified, the CA chain is not validated for this
1041 1057 host and Mercurial will require the remote certificate to match one
1042 1058 of the fingerprints specified. This means if the server updates its
1043 1059 certificate, Mercurial will abort until a new fingerprint is defined.
1044 1060 This can provide stronger security than traditional CA-based validation
1045 1061 at the expense of convenience.
1046 1062
1047 1063 This option takes precedence over ``verifycertsfile``.
1048 1064
1049 1065 ``minimumprotocol``
1050 1066 This behaves like ``minimumprotocol`` as described above except it
1051 1067 only applies to the host on which it is defined.
1052 1068
1053 1069 ``verifycertsfile``
1054 1070 Path to file a containing a list of PEM encoded certificates used to
1055 1071 verify the server certificate. Environment variables and ``~user``
1056 1072 constructs are expanded in the filename.
1057 1073
1058 1074 The server certificate or the certificate's certificate authority (CA)
1059 1075 must match a certificate from this file or certificate verification
1060 1076 will fail and connections to the server will be refused.
1061 1077
1062 1078 If defined, only certificates provided by this file will be used:
1063 1079 ``web.cacerts`` and any system/default certificates will not be
1064 1080 used.
1065 1081
1066 1082 This option has no effect if the per-host ``fingerprints`` option
1067 1083 is set.
1068 1084
1069 1085 The format of the file is as follows:
1070 1086
1071 1087 -----BEGIN CERTIFICATE-----
1072 1088 ... (certificate in base64 PEM encoding) ...
1073 1089 -----END CERTIFICATE-----
1074 1090 -----BEGIN CERTIFICATE-----
1075 1091 ... (certificate in base64 PEM encoding) ...
1076 1092 -----END CERTIFICATE-----
1077 1093
1078 1094 For example::
1079 1095
1080 1096 [hostsecurity]
1081 1097 hg.example.com:fingerprints = sha256:c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2
1082 1098 hg2.example.com:fingerprints = sha1:914f1aff87249c09b6859b88b1906d30756491ca, sha1:fc:e2:8d:d9:51:cd:cb:c1:4d:18:6b:b7:44:8d:49:72:57:e6:cd:33
1083 1099 foo.example.com:verifycertsfile = /etc/ssl/trusted-ca-certs.pem
1084 1100
1085 1101 To change the default minimum protocol version to TLS 1.2 but to allow TLS 1.1
1086 1102 when connecting to ``hg.example.com``::
1087 1103
1088 1104 [hostsecurity]
1089 1105 minimumprotocol = tls1.2
1090 1106 hg.example.com:minimumprotocol = tls1.1
1091 1107
1092 1108 ``http_proxy``
1093 1109 --------------
1094 1110
1095 1111 Used to access web-based Mercurial repositories through a HTTP
1096 1112 proxy.
1097 1113
1098 1114 ``host``
1099 1115 Host name and (optional) port of the proxy server, for example
1100 1116 "myproxy:8000".
1101 1117
1102 1118 ``no``
1103 1119 Optional. Comma-separated list of host names that should bypass
1104 1120 the proxy.
1105 1121
1106 1122 ``passwd``
1107 1123 Optional. Password to authenticate with at the proxy server.
1108 1124
1109 1125 ``user``
1110 1126 Optional. User name to authenticate with at the proxy server.
1111 1127
1112 1128 ``always``
1113 1129 Optional. Always use the proxy, even for localhost and any entries
1114 1130 in ``http_proxy.no``. (default: False)
1115 1131
1116 1132 ``merge``
1117 1133 ---------
1118 1134
1119 1135 This section specifies behavior during merges and updates.
1120 1136
1121 1137 ``checkignored``
1122 1138 Controls behavior when an ignored file on disk has the same name as a tracked
1123 1139 file in the changeset being merged or updated to, and has different
1124 1140 contents. Options are ``abort``, ``warn`` and ``ignore``. With ``abort``,
1125 1141 abort on such files. With ``warn``, warn on such files and back them up as
1126 1142 ``.orig``. With ``ignore``, don't print a warning and back them up as
1127 1143 ``.orig``. (default: ``abort``)
1128 1144
1129 1145 ``checkunknown``
1130 1146 Controls behavior when an unknown file that isn't ignored has the same name
1131 1147 as a tracked file in the changeset being merged or updated to, and has
1132 1148 different contents. Similar to ``merge.checkignored``, except for files that
1133 1149 are not ignored. (default: ``abort``)
1134 1150
1135 1151 ``merge-patterns``
1136 1152 ------------------
1137 1153
1138 1154 This section specifies merge tools to associate with particular file
1139 1155 patterns. Tools matched here will take precedence over the default
1140 1156 merge tool. Patterns are globs by default, rooted at the repository
1141 1157 root.
1142 1158
1143 1159 Example::
1144 1160
1145 1161 [merge-patterns]
1146 1162 **.c = kdiff3
1147 1163 **.jpg = myimgmerge
1148 1164
1149 1165 ``merge-tools``
1150 1166 ---------------
1151 1167
1152 1168 This section configures external merge tools to use for file-level
1153 1169 merges. This section has likely been preconfigured at install time.
1154 1170 Use :hg:`config merge-tools` to check the existing configuration.
1155 1171 Also see :hg:`help merge-tools` for more details.
1156 1172
1157 1173 Example ``~/.hgrc``::
1158 1174
1159 1175 [merge-tools]
1160 1176 # Override stock tool location
1161 1177 kdiff3.executable = ~/bin/kdiff3
1162 1178 # Specify command line
1163 1179 kdiff3.args = $base $local $other -o $output
1164 1180 # Give higher priority
1165 1181 kdiff3.priority = 1
1166 1182
1167 1183 # Changing the priority of preconfigured tool
1168 1184 meld.priority = 0
1169 1185
1170 1186 # Disable a preconfigured tool
1171 1187 vimdiff.disabled = yes
1172 1188
1173 1189 # Define new tool
1174 1190 myHtmlTool.args = -m $local $other $base $output
1175 1191 myHtmlTool.regkey = Software\FooSoftware\HtmlMerge
1176 1192 myHtmlTool.priority = 1
1177 1193
1178 1194 Supported arguments:
1179 1195
1180 1196 ``priority``
1181 1197 The priority in which to evaluate this tool.
1182 1198 (default: 0)
1183 1199
1184 1200 ``executable``
1185 1201 Either just the name of the executable or its pathname.
1186 1202
1187 1203 .. container:: windows
1188 1204
1189 1205 On Windows, the path can use environment variables with ${ProgramFiles}
1190 1206 syntax.
1191 1207
1192 1208 (default: the tool name)
1193 1209
1194 1210 ``args``
1195 1211 The arguments to pass to the tool executable. You can refer to the
1196 1212 files being merged as well as the output file through these
1197 1213 variables: ``$base``, ``$local``, ``$other``, ``$output``. The meaning
1198 1214 of ``$local`` and ``$other`` can vary depending on which action is being
1199 1215 performed. During and update or merge, ``$local`` represents the original
1200 1216 state of the file, while ``$other`` represents the commit you are updating
1201 1217 to or the commit you are merging with. During a rebase ``$local``
1202 1218 represents the destination of the rebase, and ``$other`` represents the
1203 1219 commit being rebased.
1204 1220 (default: ``$local $base $other``)
1205 1221
1206 1222 ``premerge``
1207 1223 Attempt to run internal non-interactive 3-way merge tool before
1208 1224 launching external tool. Options are ``true``, ``false``, ``keep`` or
1209 1225 ``keep-merge3``. The ``keep`` option will leave markers in the file if the
1210 1226 premerge fails. The ``keep-merge3`` will do the same but include information
1211 1227 about the base of the merge in the marker (see internal :merge3 in
1212 1228 :hg:`help merge-tools`).
1213 1229 (default: True)
1214 1230
1215 1231 ``binary``
1216 1232 This tool can merge binary files. (default: False, unless tool
1217 1233 was selected by file pattern match)
1218 1234
1219 1235 ``symlink``
1220 1236 This tool can merge symlinks. (default: False)
1221 1237
1222 1238 ``check``
1223 1239 A list of merge success-checking options:
1224 1240
1225 1241 ``changed``
1226 1242 Ask whether merge was successful when the merged file shows no changes.
1227 1243 ``conflicts``
1228 1244 Check whether there are conflicts even though the tool reported success.
1229 1245 ``prompt``
1230 1246 Always prompt for merge success, regardless of success reported by tool.
1231 1247
1232 1248 ``fixeol``
1233 1249 Attempt to fix up EOL changes caused by the merge tool.
1234 1250 (default: False)
1235 1251
1236 1252 ``gui``
1237 1253 This tool requires a graphical interface to run. (default: False)
1238 1254
1239 1255 .. container:: windows
1240 1256
1241 1257 ``regkey``
1242 1258 Windows registry key which describes install location of this
1243 1259 tool. Mercurial will search for this key first under
1244 1260 ``HKEY_CURRENT_USER`` and then under ``HKEY_LOCAL_MACHINE``.
1245 1261 (default: None)
1246 1262
1247 1263 ``regkeyalt``
1248 1264 An alternate Windows registry key to try if the first key is not
1249 1265 found. The alternate key uses the same ``regname`` and ``regappend``
1250 1266 semantics of the primary key. The most common use for this key
1251 1267 is to search for 32bit applications on 64bit operating systems.
1252 1268 (default: None)
1253 1269
1254 1270 ``regname``
1255 1271 Name of value to read from specified registry key.
1256 1272 (default: the unnamed (default) value)
1257 1273
1258 1274 ``regappend``
1259 1275 String to append to the value read from the registry, typically
1260 1276 the executable name of the tool.
1261 1277 (default: None)
1262 1278
1263 1279
1264 1280 ``patch``
1265 1281 ---------
1266 1282
1267 1283 Settings used when applying patches, for instance through the 'import'
1268 1284 command or with Mercurial Queues extension.
1269 1285
1270 1286 ``eol``
1271 1287 When set to 'strict' patch content and patched files end of lines
1272 1288 are preserved. When set to ``lf`` or ``crlf``, both files end of
1273 1289 lines are ignored when patching and the result line endings are
1274 1290 normalized to either LF (Unix) or CRLF (Windows). When set to
1275 1291 ``auto``, end of lines are again ignored while patching but line
1276 1292 endings in patched files are normalized to their original setting
1277 1293 on a per-file basis. If target file does not exist or has no end
1278 1294 of line, patch line endings are preserved.
1279 1295 (default: strict)
1280 1296
1281 1297 ``fuzz``
1282 1298 The number of lines of 'fuzz' to allow when applying patches. This
1283 1299 controls how much context the patcher is allowed to ignore when
1284 1300 trying to apply a patch.
1285 1301 (default: 2)
1286 1302
1287 1303 ``paths``
1288 1304 ---------
1289 1305
1290 1306 Assigns symbolic names and behavior to repositories.
1291 1307
1292 1308 Options are symbolic names defining the URL or directory that is the
1293 1309 location of the repository. Example::
1294 1310
1295 1311 [paths]
1296 1312 my_server = https://example.com/my_repo
1297 1313 local_path = /home/me/repo
1298 1314
1299 1315 These symbolic names can be used from the command line. To pull
1300 1316 from ``my_server``: :hg:`pull my_server`. To push to ``local_path``:
1301 1317 :hg:`push local_path`.
1302 1318
1303 1319 Options containing colons (``:``) denote sub-options that can influence
1304 1320 behavior for that specific path. Example::
1305 1321
1306 1322 [paths]
1307 1323 my_server = https://example.com/my_path
1308 1324 my_server:pushurl = ssh://example.com/my_path
1309 1325
1310 1326 The following sub-options can be defined:
1311 1327
1312 1328 ``pushurl``
1313 1329 The URL to use for push operations. If not defined, the location
1314 1330 defined by the path's main entry is used.
1315 1331
1316 1332 ``pushrev``
1317 1333 A revset defining which revisions to push by default.
1318 1334
1319 1335 When :hg:`push` is executed without a ``-r`` argument, the revset
1320 1336 defined by this sub-option is evaluated to determine what to push.
1321 1337
1322 1338 For example, a value of ``.`` will push the working directory's
1323 1339 revision by default.
1324 1340
1325 1341 Revsets specifying bookmarks will not result in the bookmark being
1326 1342 pushed.
1327 1343
1328 1344 The following special named paths exist:
1329 1345
1330 1346 ``default``
1331 1347 The URL or directory to use when no source or remote is specified.
1332 1348
1333 1349 :hg:`clone` will automatically define this path to the location the
1334 1350 repository was cloned from.
1335 1351
1336 1352 ``default-push``
1337 1353 (deprecated) The URL or directory for the default :hg:`push` location.
1338 1354 ``default:pushurl`` should be used instead.
1339 1355
1340 1356 ``phases``
1341 1357 ----------
1342 1358
1343 1359 Specifies default handling of phases. See :hg:`help phases` for more
1344 1360 information about working with phases.
1345 1361
1346 1362 ``publish``
1347 1363 Controls draft phase behavior when working as a server. When true,
1348 1364 pushed changesets are set to public in both client and server and
1349 1365 pulled or cloned changesets are set to public in the client.
1350 1366 (default: True)
1351 1367
1352 1368 ``new-commit``
1353 1369 Phase of newly-created commits.
1354 1370 (default: draft)
1355 1371
1356 1372 ``checksubrepos``
1357 1373 Check the phase of the current revision of each subrepository. Allowed
1358 1374 values are "ignore", "follow" and "abort". For settings other than
1359 1375 "ignore", the phase of the current revision of each subrepository is
1360 1376 checked before committing the parent repository. If any of those phases is
1361 1377 greater than the phase of the parent repository (e.g. if a subrepo is in a
1362 1378 "secret" phase while the parent repo is in "draft" phase), the commit is
1363 1379 either aborted (if checksubrepos is set to "abort") or the higher phase is
1364 1380 used for the parent repository commit (if set to "follow").
1365 1381 (default: follow)
1366 1382
1367 1383
1368 1384 ``profiling``
1369 1385 -------------
1370 1386
1371 1387 Specifies profiling type, format, and file output. Two profilers are
1372 1388 supported: an instrumenting profiler (named ``ls``), and a sampling
1373 1389 profiler (named ``stat``).
1374 1390
1375 1391 In this section description, 'profiling data' stands for the raw data
1376 1392 collected during profiling, while 'profiling report' stands for a
1377 1393 statistical text report generated from the profiling data. The
1378 1394 profiling is done using lsprof.
1379 1395
1380 1396 ``type``
1381 1397 The type of profiler to use.
1382 1398 (default: ls)
1383 1399
1384 1400 ``ls``
1385 1401 Use Python's built-in instrumenting profiler. This profiler
1386 1402 works on all platforms, but each line number it reports is the
1387 1403 first line of a function. This restriction makes it difficult to
1388 1404 identify the expensive parts of a non-trivial function.
1389 1405 ``stat``
1390 1406 Use a third-party statistical profiler, statprof. This profiler
1391 1407 currently runs only on Unix systems, and is most useful for
1392 1408 profiling commands that run for longer than about 0.1 seconds.
1393 1409
1394 1410 ``format``
1395 1411 Profiling format. Specific to the ``ls`` instrumenting profiler.
1396 1412 (default: text)
1397 1413
1398 1414 ``text``
1399 1415 Generate a profiling report. When saving to a file, it should be
1400 1416 noted that only the report is saved, and the profiling data is
1401 1417 not kept.
1402 1418 ``kcachegrind``
1403 1419 Format profiling data for kcachegrind use: when saving to a
1404 1420 file, the generated file can directly be loaded into
1405 1421 kcachegrind.
1406 1422
1407 1423 ``frequency``
1408 1424 Sampling frequency. Specific to the ``stat`` sampling profiler.
1409 1425 (default: 1000)
1410 1426
1411 1427 ``output``
1412 1428 File path where profiling data or report should be saved. If the
1413 1429 file exists, it is replaced. (default: None, data is printed on
1414 1430 stderr)
1415 1431
1416 1432 ``sort``
1417 1433 Sort field. Specific to the ``ls`` instrumenting profiler.
1418 1434 One of ``callcount``, ``reccallcount``, ``totaltime`` and
1419 1435 ``inlinetime``.
1420 1436 (default: inlinetime)
1421 1437
1422 1438 ``limit``
1423 1439 Number of lines to show. Specific to the ``ls`` instrumenting profiler.
1424 1440 (default: 30)
1425 1441
1426 1442 ``nested``
1427 1443 Show at most this number of lines of drill-down info after each main entry.
1428 1444 This can help explain the difference between Total and Inline.
1429 1445 Specific to the ``ls`` instrumenting profiler.
1430 1446 (default: 5)
1431 1447
1432 1448 ``progress``
1433 1449 ------------
1434 1450
1435 1451 Mercurial commands can draw progress bars that are as informative as
1436 1452 possible. Some progress bars only offer indeterminate information, while others
1437 1453 have a definite end point.
1438 1454
1439 1455 ``delay``
1440 1456 Number of seconds (float) before showing the progress bar. (default: 3)
1441 1457
1442 1458 ``changedelay``
1443 1459 Minimum delay before showing a new topic. When set to less than 3 * refresh,
1444 1460 that value will be used instead. (default: 1)
1445 1461
1446 1462 ``refresh``
1447 1463 Time in seconds between refreshes of the progress bar. (default: 0.1)
1448 1464
1449 1465 ``format``
1450 1466 Format of the progress bar.
1451 1467
1452 1468 Valid entries for the format field are ``topic``, ``bar``, ``number``,
1453 1469 ``unit``, ``estimate``, ``speed``, and ``item``. ``item`` defaults to the
1454 1470 last 20 characters of the item, but this can be changed by adding either
1455 1471 ``-<num>`` which would take the last num characters, or ``+<num>`` for the
1456 1472 first num characters.
1457 1473
1458 1474 (default: topic bar number estimate)
1459 1475
1460 1476 ``width``
1461 1477 If set, the maximum width of the progress information (that is, min(width,
1462 1478 term width) will be used).
1463 1479
1464 1480 ``clear-complete``
1465 1481 Clear the progress bar after it's done. (default: True)
1466 1482
1467 1483 ``disable``
1468 1484 If true, don't show a progress bar.
1469 1485
1470 1486 ``assume-tty``
1471 1487 If true, ALWAYS show a progress bar, unless disable is given.
1472 1488
1473 1489 ``rebase``
1474 1490 ----------
1475 1491
1476 1492 ``allowdivergence``
1477 1493 Default to False, when True allow creating divergence when performing
1478 1494 rebase of obsolete changesets.
1479 1495
1480 1496 ``revsetalias``
1481 1497 ---------------
1482 1498
1483 1499 Alias definitions for revsets. See :hg:`help revsets` for details.
1484 1500
1485 1501 ``server``
1486 1502 ----------
1487 1503
1488 1504 Controls generic server settings.
1489 1505
1490 1506 ``uncompressed``
1491 1507 Whether to allow clients to clone a repository using the
1492 1508 uncompressed streaming protocol. This transfers about 40% more
1493 1509 data than a regular clone, but uses less memory and CPU on both
1494 1510 server and client. Over a LAN (100 Mbps or better) or a very fast
1495 1511 WAN, an uncompressed streaming clone is a lot faster (~10x) than a
1496 1512 regular clone. Over most WAN connections (anything slower than
1497 1513 about 6 Mbps), uncompressed streaming is slower, because of the
1498 1514 extra data transfer overhead. This mode will also temporarily hold
1499 1515 the write lock while determining what data to transfer.
1500 1516 (default: True)
1501 1517
1502 1518 ``preferuncompressed``
1503 1519 When set, clients will try to use the uncompressed streaming
1504 1520 protocol. (default: False)
1505 1521
1506 1522 ``validate``
1507 1523 Whether to validate the completeness of pushed changesets by
1508 1524 checking that all new file revisions specified in manifests are
1509 1525 present. (default: False)
1510 1526
1511 1527 ``maxhttpheaderlen``
1512 1528 Instruct HTTP clients not to send request headers longer than this
1513 1529 many bytes. (default: 1024)
1514 1530
1515 1531 ``bundle1``
1516 1532 Whether to allow clients to push and pull using the legacy bundle1
1517 1533 exchange format. (default: True)
1518 1534
1519 1535 ``bundle1gd``
1520 1536 Like ``bundle1`` but only used if the repository is using the
1521 1537 *generaldelta* storage format. (default: True)
1522 1538
1523 1539 ``bundle1.push``
1524 1540 Whether to allow clients to push using the legacy bundle1 exchange
1525 1541 format. (default: True)
1526 1542
1527 1543 ``bundle1gd.push``
1528 1544 Like ``bundle1.push`` but only used if the repository is using the
1529 1545 *generaldelta* storage format. (default: True)
1530 1546
1531 1547 ``bundle1.pull``
1532 1548 Whether to allow clients to pull using the legacy bundle1 exchange
1533 1549 format. (default: True)
1534 1550
1535 1551 ``bundle1gd.pull``
1536 1552 Like ``bundle1.pull`` but only used if the repository is using the
1537 1553 *generaldelta* storage format. (default: True)
1538 1554
1539 1555 Large repositories using the *generaldelta* storage format should
1540 1556 consider setting this option because converting *generaldelta*
1541 1557 repositories to the exchange format required by the bundle1 data
1542 1558 format can consume a lot of CPU.
1543 1559
1544 1560 ``smtp``
1545 1561 --------
1546 1562
1547 1563 Configuration for extensions that need to send email messages.
1548 1564
1549 1565 ``host``
1550 1566 Host name of mail server, e.g. "mail.example.com".
1551 1567
1552 1568 ``port``
1553 1569 Optional. Port to connect to on mail server. (default: 465 if
1554 1570 ``tls`` is smtps; 25 otherwise)
1555 1571
1556 1572 ``tls``
1557 1573 Optional. Method to enable TLS when connecting to mail server: starttls,
1558 1574 smtps or none. (default: none)
1559 1575
1560 1576 ``username``
1561 1577 Optional. User name for authenticating with the SMTP server.
1562 1578 (default: None)
1563 1579
1564 1580 ``password``
1565 1581 Optional. Password for authenticating with the SMTP server. If not
1566 1582 specified, interactive sessions will prompt the user for a
1567 1583 password; non-interactive sessions will fail. (default: None)
1568 1584
1569 1585 ``local_hostname``
1570 1586 Optional. The hostname that the sender can use to identify
1571 1587 itself to the MTA.
1572 1588
1573 1589
1574 1590 ``subpaths``
1575 1591 ------------
1576 1592
1577 1593 Subrepository source URLs can go stale if a remote server changes name
1578 1594 or becomes temporarily unavailable. This section lets you define
1579 1595 rewrite rules of the form::
1580 1596
1581 1597 <pattern> = <replacement>
1582 1598
1583 1599 where ``pattern`` is a regular expression matching a subrepository
1584 1600 source URL and ``replacement`` is the replacement string used to
1585 1601 rewrite it. Groups can be matched in ``pattern`` and referenced in
1586 1602 ``replacements``. For instance::
1587 1603
1588 1604 http://server/(.*)-hg/ = http://hg.server/\1/
1589 1605
1590 1606 rewrites ``http://server/foo-hg/`` into ``http://hg.server/foo/``.
1591 1607
1592 1608 Relative subrepository paths are first made absolute, and the
1593 1609 rewrite rules are then applied on the full (absolute) path. If ``pattern``
1594 1610 doesn't match the full path, an attempt is made to apply it on the
1595 1611 relative path alone. The rules are applied in definition order.
1596 1612
1597 1613 ``templatealias``
1598 1614 -----------------
1599 1615
1600 1616 Alias definitions for templates. See :hg:`help templates` for details.
1601 1617
1602 1618 ``trusted``
1603 1619 -----------
1604 1620
1605 1621 Mercurial will not use the settings in the
1606 1622 ``.hg/hgrc`` file from a repository if it doesn't belong to a trusted
1607 1623 user or to a trusted group, as various hgrc features allow arbitrary
1608 1624 commands to be run. This issue is often encountered when configuring
1609 1625 hooks or extensions for shared repositories or servers. However,
1610 1626 the web interface will use some safe settings from the ``[web]``
1611 1627 section.
1612 1628
1613 1629 This section specifies what users and groups are trusted. The
1614 1630 current user is always trusted. To trust everybody, list a user or a
1615 1631 group with name ``*``. These settings must be placed in an
1616 1632 *already-trusted file* to take effect, such as ``$HOME/.hgrc`` of the
1617 1633 user or service running Mercurial.
1618 1634
1619 1635 ``users``
1620 1636 Comma-separated list of trusted users.
1621 1637
1622 1638 ``groups``
1623 1639 Comma-separated list of trusted groups.
1624 1640
1625 1641
1626 1642 ``ui``
1627 1643 ------
1628 1644
1629 1645 User interface controls.
1630 1646
1631 1647 ``archivemeta``
1632 1648 Whether to include the .hg_archival.txt file containing meta data
1633 1649 (hashes for the repository base and for tip) in archives created
1634 1650 by the :hg:`archive` command or downloaded via hgweb.
1635 1651 (default: True)
1636 1652
1637 1653 ``askusername``
1638 1654 Whether to prompt for a username when committing. If True, and
1639 1655 neither ``$HGUSER`` nor ``$EMAIL`` has been specified, then the user will
1640 1656 be prompted to enter a username. If no username is entered, the
1641 1657 default ``USER@HOST`` is used instead.
1642 1658 (default: False)
1643 1659
1644 1660 ``clonebundles``
1645 1661 Whether the "clone bundles" feature is enabled.
1646 1662
1647 1663 When enabled, :hg:`clone` may download and apply a server-advertised
1648 1664 bundle file from a URL instead of using the normal exchange mechanism.
1649 1665
1650 1666 This can likely result in faster and more reliable clones.
1651 1667
1652 1668 (default: True)
1653 1669
1654 1670 ``clonebundlefallback``
1655 1671 Whether failure to apply an advertised "clone bundle" from a server
1656 1672 should result in fallback to a regular clone.
1657 1673
1658 1674 This is disabled by default because servers advertising "clone
1659 1675 bundles" often do so to reduce server load. If advertised bundles
1660 1676 start mass failing and clients automatically fall back to a regular
1661 1677 clone, this would add significant and unexpected load to the server
1662 1678 since the server is expecting clone operations to be offloaded to
1663 1679 pre-generated bundles. Failing fast (the default behavior) ensures
1664 1680 clients don't overwhelm the server when "clone bundle" application
1665 1681 fails.
1666 1682
1667 1683 (default: False)
1668 1684
1669 1685 ``clonebundleprefers``
1670 1686 Defines preferences for which "clone bundles" to use.
1671 1687
1672 1688 Servers advertising "clone bundles" may advertise multiple available
1673 1689 bundles. Each bundle may have different attributes, such as the bundle
1674 1690 type and compression format. This option is used to prefer a particular
1675 1691 bundle over another.
1676 1692
1677 1693 The following keys are defined by Mercurial:
1678 1694
1679 1695 BUNDLESPEC
1680 1696 A bundle type specifier. These are strings passed to :hg:`bundle -t`.
1681 1697 e.g. ``gzip-v2`` or ``bzip2-v1``.
1682 1698
1683 1699 COMPRESSION
1684 1700 The compression format of the bundle. e.g. ``gzip`` and ``bzip2``.
1685 1701
1686 1702 Server operators may define custom keys.
1687 1703
1688 1704 Example values: ``COMPRESSION=bzip2``,
1689 1705 ``BUNDLESPEC=gzip-v2, COMPRESSION=gzip``.
1690 1706
1691 1707 By default, the first bundle advertised by the server is used.
1692 1708
1693 1709 ``commitsubrepos``
1694 1710 Whether to commit modified subrepositories when committing the
1695 1711 parent repository. If False and one subrepository has uncommitted
1696 1712 changes, abort the commit.
1697 1713 (default: False)
1698 1714
1699 1715 ``debug``
1700 1716 Print debugging information. (default: False)
1701 1717
1702 1718 ``editor``
1703 1719 The editor to use during a commit. (default: ``$EDITOR`` or ``vi``)
1704 1720
1705 1721 ``fallbackencoding``
1706 1722 Encoding to try if it's not possible to decode the changelog using
1707 1723 UTF-8. (default: ISO-8859-1)
1708 1724
1709 1725 ``graphnodetemplate``
1710 1726 The template used to print changeset nodes in an ASCII revision graph.
1711 1727 (default: ``{graphnode}``)
1712 1728
1713 1729 ``ignore``
1714 1730 A file to read per-user ignore patterns from. This file should be
1715 1731 in the same format as a repository-wide .hgignore file. Filenames
1716 1732 are relative to the repository root. This option supports hook syntax,
1717 1733 so if you want to specify multiple ignore files, you can do so by
1718 1734 setting something like ``ignore.other = ~/.hgignore2``. For details
1719 1735 of the ignore file format, see the ``hgignore(5)`` man page.
1720 1736
1721 1737 ``interactive``
1722 1738 Allow to prompt the user. (default: True)
1723 1739
1724 1740 ``interface``
1725 1741 Select the default interface for interactive features (default: text).
1726 1742 Possible values are 'text' and 'curses'.
1727 1743
1728 1744 ``interface.chunkselector``
1729 1745 Select the interface for change recording (e.g. :hg:`commit` -i).
1730 1746 Possible values are 'text' and 'curses'.
1731 1747 This config overrides the interface specified by ui.interface.
1732 1748
1733 1749 ``logtemplate``
1734 1750 Template string for commands that print changesets.
1735 1751
1736 1752 ``merge``
1737 1753 The conflict resolution program to use during a manual merge.
1738 1754 For more information on merge tools see :hg:`help merge-tools`.
1739 1755 For configuring merge tools see the ``[merge-tools]`` section.
1740 1756
1741 1757 ``mergemarkers``
1742 1758 Sets the merge conflict marker label styling. The ``detailed``
1743 1759 style uses the ``mergemarkertemplate`` setting to style the labels.
1744 1760 The ``basic`` style just uses 'local' and 'other' as the marker label.
1745 1761 One of ``basic`` or ``detailed``.
1746 1762 (default: ``basic``)
1747 1763
1748 1764 ``mergemarkertemplate``
1749 1765 The template used to print the commit description next to each conflict
1750 1766 marker during merge conflicts. See :hg:`help templates` for the template
1751 1767 format.
1752 1768
1753 1769 Defaults to showing the hash, tags, branches, bookmarks, author, and
1754 1770 the first line of the commit description.
1755 1771
1756 1772 If you use non-ASCII characters in names for tags, branches, bookmarks,
1757 1773 authors, and/or commit descriptions, you must pay attention to encodings of
1758 1774 managed files. At template expansion, non-ASCII characters use the encoding
1759 1775 specified by the ``--encoding`` global option, ``HGENCODING`` or other
1760 1776 environment variables that govern your locale. If the encoding of the merge
1761 1777 markers is different from the encoding of the merged files,
1762 1778 serious problems may occur.
1763 1779
1764 1780 ``origbackuppath``
1765 1781 The path to a directory used to store generated .orig files. If the path is
1766 1782 not a directory, one will be created.
1767 1783
1768 1784 ``patch``
1769 1785 An optional external tool that ``hg import`` and some extensions
1770 1786 will use for applying patches. By default Mercurial uses an
1771 1787 internal patch utility. The external tool must work as the common
1772 1788 Unix ``patch`` program. In particular, it must accept a ``-p``
1773 1789 argument to strip patch headers, a ``-d`` argument to specify the
1774 1790 current directory, a file name to patch, and a patch file to take
1775 1791 from stdin.
1776 1792
1777 1793 It is possible to specify a patch tool together with extra
1778 1794 arguments. For example, setting this option to ``patch --merge``
1779 1795 will use the ``patch`` program with its 2-way merge option.
1780 1796
1781 1797 ``portablefilenames``
1782 1798 Check for portable filenames. Can be ``warn``, ``ignore`` or ``abort``.
1783 1799 (default: ``warn``)
1784 1800
1785 1801 ``warn``
1786 1802 Print a warning message on POSIX platforms, if a file with a non-portable
1787 1803 filename is added (e.g. a file with a name that can't be created on
1788 1804 Windows because it contains reserved parts like ``AUX``, reserved
1789 1805 characters like ``:``, or would cause a case collision with an existing
1790 1806 file).
1791 1807
1792 1808 ``ignore``
1793 1809 Don't print a warning.
1794 1810
1795 1811 ``abort``
1796 1812 The command is aborted.
1797 1813
1798 1814 ``true``
1799 1815 Alias for ``warn``.
1800 1816
1801 1817 ``false``
1802 1818 Alias for ``ignore``.
1803 1819
1804 1820 .. container:: windows
1805 1821
1806 1822 On Windows, this configuration option is ignored and the command aborted.
1807 1823
1808 1824 ``quiet``
1809 1825 Reduce the amount of output printed.
1810 1826 (default: False)
1811 1827
1812 1828 ``remotecmd``
1813 1829 Remote command to use for clone/push/pull operations.
1814 1830 (default: ``hg``)
1815 1831
1816 1832 ``report_untrusted``
1817 1833 Warn if a ``.hg/hgrc`` file is ignored due to not being owned by a
1818 1834 trusted user or group.
1819 1835 (default: True)
1820 1836
1821 1837 ``slash``
1822 1838 Display paths using a slash (``/``) as the path separator. This
1823 1839 only makes a difference on systems where the default path
1824 1840 separator is not the slash character (e.g. Windows uses the
1825 1841 backslash character (``\``)).
1826 1842 (default: False)
1827 1843
1828 1844 ``statuscopies``
1829 1845 Display copies in the status command.
1830 1846
1831 1847 ``ssh``
1832 1848 Command to use for SSH connections. (default: ``ssh``)
1833 1849
1834 1850 ``strict``
1835 1851 Require exact command names, instead of allowing unambiguous
1836 1852 abbreviations. (default: False)
1837 1853
1838 1854 ``style``
1839 1855 Name of style to use for command output.
1840 1856
1841 1857 ``supportcontact``
1842 1858 A URL where users should report a Mercurial traceback. Use this if you are a
1843 1859 large organisation with its own Mercurial deployment process and crash
1844 1860 reports should be addressed to your internal support.
1845 1861
1846 1862 ``textwidth``
1847 1863 Maximum width of help text. A longer line generated by ``hg help`` or
1848 1864 ``hg subcommand --help`` will be broken after white space to get this
1849 1865 width or the terminal width, whichever comes first.
1850 1866 A non-positive value will disable this and the terminal width will be
1851 1867 used. (default: 78)
1852 1868
1853 1869 ``timeout``
1854 1870 The timeout used when a lock is held (in seconds), a negative value
1855 1871 means no timeout. (default: 600)
1856 1872
1857 1873 ``traceback``
1858 1874 Mercurial always prints a traceback when an unknown exception
1859 1875 occurs. Setting this to True will make Mercurial print a traceback
1860 1876 on all exceptions, even those recognized by Mercurial (such as
1861 1877 IOError or MemoryError). (default: False)
1862 1878
1863 1879 ``username``
1864 1880 The committer of a changeset created when running "commit".
1865 1881 Typically a person's name and email address, e.g. ``Fred Widget
1866 1882 <fred@example.com>``. Environment variables in the
1867 1883 username are expanded.
1868 1884
1869 1885 (default: ``$EMAIL`` or ``username@hostname``. If the username in
1870 1886 hgrc is empty, e.g. if the system admin set ``username =`` in the
1871 1887 system hgrc, it has to be specified manually or in a different
1872 1888 hgrc file)
1873 1889
1874 1890 ``verbose``
1875 1891 Increase the amount of output printed. (default: False)
1876 1892
1877 1893
1878 1894 ``web``
1879 1895 -------
1880 1896
1881 1897 Web interface configuration. The settings in this section apply to
1882 1898 both the builtin webserver (started by :hg:`serve`) and the script you
1883 1899 run through a webserver (``hgweb.cgi`` and the derivatives for FastCGI
1884 1900 and WSGI).
1885 1901
1886 1902 The Mercurial webserver does no authentication (it does not prompt for
1887 1903 usernames and passwords to validate *who* users are), but it does do
1888 1904 authorization (it grants or denies access for *authenticated users*
1889 1905 based on settings in this section). You must either configure your
1890 1906 webserver to do authentication for you, or disable the authorization
1891 1907 checks.
1892 1908
1893 1909 For a quick setup in a trusted environment, e.g., a private LAN, where
1894 1910 you want it to accept pushes from anybody, you can use the following
1895 1911 command line::
1896 1912
1897 1913 $ hg --config web.allow_push=* --config web.push_ssl=False serve
1898 1914
1899 1915 Note that this will allow anybody to push anything to the server and
1900 1916 that this should not be used for public servers.
1901 1917
1902 1918 The full set of options is:
1903 1919
1904 1920 ``accesslog``
1905 1921 Where to output the access log. (default: stdout)
1906 1922
1907 1923 ``address``
1908 1924 Interface address to bind to. (default: all)
1909 1925
1910 1926 ``allow_archive``
1911 1927 List of archive format (bz2, gz, zip) allowed for downloading.
1912 1928 (default: empty)
1913 1929
1914 1930 ``allowbz2``
1915 1931 (DEPRECATED) Whether to allow .tar.bz2 downloading of repository
1916 1932 revisions.
1917 1933 (default: False)
1918 1934
1919 1935 ``allowgz``
1920 1936 (DEPRECATED) Whether to allow .tar.gz downloading of repository
1921 1937 revisions.
1922 1938 (default: False)
1923 1939
1924 1940 ``allowpull``
1925 1941 Whether to allow pulling from the repository. (default: True)
1926 1942
1927 1943 ``allow_push``
1928 1944 Whether to allow pushing to the repository. If empty or not set,
1929 1945 pushing is not allowed. If the special value ``*``, any remote
1930 1946 user can push, including unauthenticated users. Otherwise, the
1931 1947 remote user must have been authenticated, and the authenticated
1932 1948 user name must be present in this list. The contents of the
1933 1949 allow_push list are examined after the deny_push list.
1934 1950
1935 1951 ``allow_read``
1936 1952 If the user has not already been denied repository access due to
1937 1953 the contents of deny_read, this list determines whether to grant
1938 1954 repository access to the user. If this list is not empty, and the
1939 1955 user is unauthenticated or not present in the list, then access is
1940 1956 denied for the user. If the list is empty or not set, then access
1941 1957 is permitted to all users by default. Setting allow_read to the
1942 1958 special value ``*`` is equivalent to it not being set (i.e. access
1943 1959 is permitted to all users). The contents of the allow_read list are
1944 1960 examined after the deny_read list.
1945 1961
1946 1962 ``allowzip``
1947 1963 (DEPRECATED) Whether to allow .zip downloading of repository
1948 1964 revisions. This feature creates temporary files.
1949 1965 (default: False)
1950 1966
1951 1967 ``archivesubrepos``
1952 1968 Whether to recurse into subrepositories when archiving.
1953 1969 (default: False)
1954 1970
1955 1971 ``baseurl``
1956 1972 Base URL to use when publishing URLs in other locations, so
1957 1973 third-party tools like email notification hooks can construct
1958 1974 URLs. Example: ``http://hgserver/repos/``.
1959 1975
1960 1976 ``cacerts``
1961 1977 Path to file containing a list of PEM encoded certificate
1962 1978 authority certificates. Environment variables and ``~user``
1963 1979 constructs are expanded in the filename. If specified on the
1964 1980 client, then it will verify the identity of remote HTTPS servers
1965 1981 with these certificates.
1966 1982
1967 1983 To disable SSL verification temporarily, specify ``--insecure`` from
1968 1984 command line.
1969 1985
1970 1986 You can use OpenSSL's CA certificate file if your platform has
1971 1987 one. On most Linux systems this will be
1972 1988 ``/etc/ssl/certs/ca-certificates.crt``. Otherwise you will have to
1973 1989 generate this file manually. The form must be as follows::
1974 1990
1975 1991 -----BEGIN CERTIFICATE-----
1976 1992 ... (certificate in base64 PEM encoding) ...
1977 1993 -----END CERTIFICATE-----
1978 1994 -----BEGIN CERTIFICATE-----
1979 1995 ... (certificate in base64 PEM encoding) ...
1980 1996 -----END CERTIFICATE-----
1981 1997
1982 1998 ``cache``
1983 1999 Whether to support caching in hgweb. (default: True)
1984 2000
1985 2001 ``certificate``
1986 2002 Certificate to use when running :hg:`serve`.
1987 2003
1988 2004 ``collapse``
1989 2005 With ``descend`` enabled, repositories in subdirectories are shown at
1990 2006 a single level alongside repositories in the current path. With
1991 2007 ``collapse`` also enabled, repositories residing at a deeper level than
1992 2008 the current path are grouped behind navigable directory entries that
1993 2009 lead to the locations of these repositories. In effect, this setting
1994 2010 collapses each collection of repositories found within a subdirectory
1995 2011 into a single entry for that subdirectory. (default: False)
1996 2012
1997 2013 ``comparisoncontext``
1998 2014 Number of lines of context to show in side-by-side file comparison. If
1999 2015 negative or the value ``full``, whole files are shown. (default: 5)
2000 2016
2001 2017 This setting can be overridden by a ``context`` request parameter to the
2002 2018 ``comparison`` command, taking the same values.
2003 2019
2004 2020 ``contact``
2005 2021 Name or email address of the person in charge of the repository.
2006 2022 (default: ui.username or ``$EMAIL`` or "unknown" if unset or empty)
2007 2023
2008 2024 ``deny_push``
2009 2025 Whether to deny pushing to the repository. If empty or not set,
2010 2026 push is not denied. If the special value ``*``, all remote users are
2011 2027 denied push. Otherwise, unauthenticated users are all denied, and
2012 2028 any authenticated user name present in this list is also denied. The
2013 2029 contents of the deny_push list are examined before the allow_push list.
2014 2030
2015 2031 ``deny_read``
2016 2032 Whether to deny reading/viewing of the repository. If this list is
2017 2033 not empty, unauthenticated users are all denied, and any
2018 2034 authenticated user name present in this list is also denied access to
2019 2035 the repository. If set to the special value ``*``, all remote users
2020 2036 are denied access (rarely needed ;). If deny_read is empty or not set,
2021 2037 the determination of repository access depends on the presence and
2022 2038 content of the allow_read list (see description). If both
2023 2039 deny_read and allow_read are empty or not set, then access is
2024 2040 permitted to all users by default. If the repository is being
2025 2041 served via hgwebdir, denied users will not be able to see it in
2026 2042 the list of repositories. The contents of the deny_read list have
2027 2043 priority over (are examined before) the contents of the allow_read
2028 2044 list.
2029 2045
2030 2046 ``descend``
2031 2047 hgwebdir indexes will not descend into subdirectories. Only repositories
2032 2048 directly in the current path will be shown (other repositories are still
2033 2049 available from the index corresponding to their containing path).
2034 2050
2035 2051 ``description``
2036 2052 Textual description of the repository's purpose or contents.
2037 2053 (default: "unknown")
2038 2054
2039 2055 ``encoding``
2040 2056 Character encoding name. (default: the current locale charset)
2041 2057 Example: "UTF-8".
2042 2058
2043 2059 ``errorlog``
2044 2060 Where to output the error log. (default: stderr)
2045 2061
2046 2062 ``guessmime``
2047 2063 Control MIME types for raw download of file content.
2048 2064 Set to True to let hgweb guess the content type from the file
2049 2065 extension. This will serve HTML files as ``text/html`` and might
2050 2066 allow cross-site scripting attacks when serving untrusted
2051 2067 repositories. (default: False)
2052 2068
2053 2069 ``hidden``
2054 2070 Whether to hide the repository in the hgwebdir index.
2055 2071 (default: False)
2056 2072
2057 2073 ``ipv6``
2058 2074 Whether to use IPv6. (default: False)
2059 2075
2060 2076 ``labels``
2061 2077 List of string *labels* associated with the repository.
2062 2078
2063 2079 Labels are exposed as a template keyword and can be used to customize
2064 2080 output. e.g. the ``index`` template can group or filter repositories
2065 2081 by labels and the ``summary`` template can display additional content
2066 2082 if a specific label is present.
2067 2083
2068 2084 ``logoimg``
2069 2085 File name of the logo image that some templates display on each page.
2070 2086 The file name is relative to ``staticurl``. That is, the full path to
2071 2087 the logo image is "staticurl/logoimg".
2072 2088 If unset, ``hglogo.png`` will be used.
2073 2089
2074 2090 ``logourl``
2075 2091 Base URL to use for logos. If unset, ``https://mercurial-scm.org/``
2076 2092 will be used.
2077 2093
2078 2094 ``maxchanges``
2079 2095 Maximum number of changes to list on the changelog. (default: 10)
2080 2096
2081 2097 ``maxfiles``
2082 2098 Maximum number of files to list per changeset. (default: 10)
2083 2099
2084 2100 ``maxshortchanges``
2085 2101 Maximum number of changes to list on the shortlog, graph or filelog
2086 2102 pages. (default: 60)
2087 2103
2088 2104 ``name``
2089 2105 Repository name to use in the web interface.
2090 2106 (default: current working directory)
2091 2107
2092 2108 ``port``
2093 2109 Port to listen on. (default: 8000)
2094 2110
2095 2111 ``prefix``
2096 2112 Prefix path to serve from. (default: '' (server root))
2097 2113
2098 2114 ``push_ssl``
2099 2115 Whether to require that inbound pushes be transported over SSL to
2100 2116 prevent password sniffing. (default: True)
2101 2117
2102 2118 ``refreshinterval``
2103 2119 How frequently directory listings re-scan the filesystem for new
2104 2120 repositories, in seconds. This is relevant when wildcards are used
2105 2121 to define paths. Depending on how much filesystem traversal is
2106 2122 required, refreshing may negatively impact performance.
2107 2123
2108 2124 Values less than or equal to 0 always refresh.
2109 2125 (default: 20)
2110 2126
2111 2127 ``staticurl``
2112 2128 Base URL to use for static files. If unset, static files (e.g. the
2113 2129 hgicon.png favicon) will be served by the CGI script itself. Use
2114 2130 this setting to serve them directly with the HTTP server.
2115 2131 Example: ``http://hgserver/static/``.
2116 2132
2117 2133 ``stripes``
2118 2134 How many lines a "zebra stripe" should span in multi-line output.
2119 2135 Set to 0 to disable. (default: 1)
2120 2136
2121 2137 ``style``
2122 2138 Which template map style to use. The available options are the names of
2123 2139 subdirectories in the HTML templates path. (default: ``paper``)
2124 2140 Example: ``monoblue``.
2125 2141
2126 2142 ``templates``
2127 2143 Where to find the HTML templates. The default path to the HTML templates
2128 2144 can be obtained from ``hg debuginstall``.
2129 2145
2130 2146 ``websub``
2131 2147 ----------
2132 2148
2133 2149 Web substitution filter definition. You can use this section to
2134 2150 define a set of regular expression substitution patterns which
2135 2151 let you automatically modify the hgweb server output.
2136 2152
2137 2153 The default hgweb templates only apply these substitution patterns
2138 2154 on the revision description fields. You can apply them anywhere
2139 2155 you want when you create your own templates by adding calls to the
2140 2156 "websub" filter (usually after calling the "escape" filter).
2141 2157
2142 2158 This can be used, for example, to convert issue references to links
2143 2159 to your issue tracker, or to convert "markdown-like" syntax into
2144 2160 HTML (see the examples below).
2145 2161
2146 2162 Each entry in this section names a substitution filter.
2147 2163 The value of each entry defines the substitution expression itself.
2148 2164 The websub expressions follow the old interhg extension syntax,
2149 2165 which in turn imitates the Unix sed replacement syntax::
2150 2166
2151 2167 patternname = s/SEARCH_REGEX/REPLACE_EXPRESSION/[i]
2152 2168
2153 2169 You can use any separator other than "/". The final "i" is optional
2154 2170 and indicates that the search must be case insensitive.
2155 2171
2156 2172 Examples::
2157 2173
2158 2174 [websub]
2159 2175 issues = s|issue(\d+)|<a href="http://bts.example.org/issue\1">issue\1</a>|i
2160 2176 italic = s/\b_(\S+)_\b/<i>\1<\/i>/
2161 2177 bold = s/\*\b(\S+)\b\*/<b>\1<\/b>/
2162 2178
2163 2179 ``worker``
2164 2180 ----------
2165 2181
2166 2182 Parallel master/worker configuration. We currently perform working
2167 2183 directory updates in parallel on Unix-like systems, which greatly
2168 2184 helps performance.
2169 2185
2170 2186 ``numcpus``
2171 2187 Number of CPUs to use for parallel operations. A zero or
2172 2188 negative value is treated as ``use the default``.
2173 2189 (default: 4 or the number of CPUs on the system, whichever is larger)
2174 2190
2175 2191 ``backgroundclose``
2176 2192 Whether to enable closing file handles on background threads during certain
2177 2193 operations. Some platforms aren't very efficient at closing file
2178 2194 handles that have been written or appended to. By performing file closing
2179 2195 on background threads, file write rate can increase substantially.
2180 2196 (default: true on Windows, false elsewhere)
2181 2197
2182 2198 ``backgroundcloseminfilecount``
2183 2199 Minimum number of files required to trigger background file closing.
2184 2200 Operations not writing this many files won't start background close
2185 2201 threads.
2186 2202 (default: 2048)
2187 2203
2188 2204 ``backgroundclosemaxqueue``
2189 2205 The maximum number of opened file handles waiting to be closed in the
2190 2206 background. This option only has an effect if ``backgroundclose`` is
2191 2207 enabled.
2192 2208 (default: 384)
2193 2209
2194 2210 ``backgroundclosethreadcount``
2195 2211 Number of threads to process background file closes. Only relevant if
2196 2212 ``backgroundclose`` is enabled.
2197 2213 (default: 4)
Show file before | Show file after | Hide comments
@@ -1,751 +1,769
1 1 # sslutil.py - SSL handling for mercurial
2 2 #
3 3 # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com>
4 4 # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br>
5 5 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
6 6 #
7 7 # This software may be used and distributed according to the terms of the
8 8 # GNU General Public License version 2 or any later version.
9 9
10 10 from __future__ import absolute_import
11 11
12 12 import hashlib
13 13 import os
14 14 import re
15 15 import ssl
16 16 import sys
17 17
18 18 from .i18n import _
19 19 from . import (
20 20 error,
21 21 util,
22 22 )
23 23
24 24 # Python 2.7.9+ overhauled the built-in SSL/TLS features of Python. It added
25 25 # support for TLS 1.1, TLS 1.2, SNI, system CA stores, etc. These features are
26 26 # all exposed via the "ssl" module.
27 27 #
28 28 # Depending on the version of Python being used, SSL/TLS support is either
29 29 # modern/secure or legacy/insecure. Many operations in this module have
30 30 # separate code paths depending on support in Python.
31 31
32 32 configprotocols = set([
33 33 'tls1.0',
34 34 'tls1.1',
35 35 'tls1.2',
36 36 ])
37 37
38 38 hassni = getattr(ssl, 'HAS_SNI', False)
39 39
40 40 try:
41 41 # ssl.SSLContext was added in 2.7.9 and presence indicates modern
42 42 # SSL/TLS features are available.
43 43 SSLContext = ssl.SSLContext
44 44 modernssl = True
45 45 _canloaddefaultcerts = util.safehasattr(SSLContext, 'load_default_certs')
46 46 except AttributeError:
47 47 modernssl = False
48 48 _canloaddefaultcerts = False
49 49
50 50 # We implement SSLContext using the interface from the standard library.
51 51 class SSLContext(object):
52 52 # ssl.wrap_socket gained the "ciphers" named argument in 2.7.
53 53 _supportsciphers = sys.version_info >= (2, 7)
54 54
55 55 def __init__(self, protocol):
56 56 # From the public interface of SSLContext
57 57 self.protocol = protocol
58 58 self.check_hostname = False
59 59 self.options = 0
60 60 self.verify_mode = ssl.CERT_NONE
61 61
62 62 # Used by our implementation.
63 63 self._certfile = None
64 64 self._keyfile = None
65 65 self._certpassword = None
66 66 self._cacerts = None
67 67 self._ciphers = None
68 68
69 69 def load_cert_chain(self, certfile, keyfile=None, password=None):
70 70 self._certfile = certfile
71 71 self._keyfile = keyfile
72 72 self._certpassword = password
73 73
74 74 def load_default_certs(self, purpose=None):
75 75 pass
76 76
77 77 def load_verify_locations(self, cafile=None, capath=None, cadata=None):
78 78 if capath:
79 79 raise error.Abort(_('capath not supported'))
80 80 if cadata:
81 81 raise error.Abort(_('cadata not supported'))
82 82
83 83 self._cacerts = cafile
84 84
85 85 def set_ciphers(self, ciphers):
86 86 if not self._supportsciphers:
87 raise error.Abort(_('setting ciphers not supported'))
87 raise error.Abort(_('setting ciphers in [hostsecurity] is not '
88 'supported by this version of Python'),
89 hint=_('remove the config option or run '
90 'Mercurial with a modern Python '
91 'version (preferred)'))
88 92
89 93 self._ciphers = ciphers
90 94
91 95 def wrap_socket(self, socket, server_hostname=None, server_side=False):
92 96 # server_hostname is unique to SSLContext.wrap_socket and is used
93 97 # for SNI in that context. So there's nothing for us to do with it
94 98 # in this legacy code since we don't support SNI.
95 99
96 100 args = {
97 101 'keyfile': self._keyfile,
98 102 'certfile': self._certfile,
99 103 'server_side': server_side,
100 104 'cert_reqs': self.verify_mode,
101 105 'ssl_version': self.protocol,
102 106 'ca_certs': self._cacerts,
103 107 }
104 108
105 109 if self._supportsciphers:
106 110 args['ciphers'] = self._ciphers
107 111
108 112 return ssl.wrap_socket(socket, **args)
109 113
110 114 def _hostsettings(ui, hostname):
111 115 """Obtain security settings for a hostname.
112 116
113 117 Returns a dict of settings relevant to that hostname.
114 118 """
115 119 s = {
116 120 # Whether we should attempt to load default/available CA certs
117 121 # if an explicit ``cafile`` is not defined.
118 122 'allowloaddefaultcerts': True,
119 123 # List of 2-tuple of (hash algorithm, hash).
120 124 'certfingerprints': [],
121 125 # Path to file containing concatenated CA certs. Used by
122 126 # SSLContext.load_verify_locations().
123 127 'cafile': None,
124 128 # Whether certificate verification should be disabled.
125 129 'disablecertverification': False,
126 130 # Whether the legacy [hostfingerprints] section has data for this host.
127 131 'legacyfingerprint': False,
128 132 # PROTOCOL_* constant to use for SSLContext.__init__.
129 133 'protocol': None,
130 134 # ssl.CERT_* constant used by SSLContext.verify_mode.
131 135 'verifymode': None,
132 136 # Defines extra ssl.OP* bitwise options to set.
133 137 'ctxoptions': None,
138 # OpenSSL Cipher List to use (instead of default).
139 'ciphers': None,
134 140 }
135 141
136 142 # Despite its name, PROTOCOL_SSLv23 selects the highest protocol
137 143 # that both ends support, including TLS protocols. On legacy stacks,
138 144 # the highest it likely goes is TLS 1.0. On modern stacks, it can
139 145 # support TLS 1.2.
140 146 #
141 147 # The PROTOCOL_TLSv* constants select a specific TLS version
142 148 # only (as opposed to multiple versions). So the method for
143 149 # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and
144 150 # disable protocols via SSLContext.options and OP_NO_* constants.
145 151 # However, SSLContext.options doesn't work unless we have the
146 152 # full/real SSLContext available to us.
147 153
148 154 # Allow minimum TLS protocol to be specified in the config.
149 155 def validateprotocol(protocol, key):
150 156 if protocol not in configprotocols:
151 157 raise error.Abort(
152 158 _('unsupported protocol from hostsecurity.%s: %s') %
153 159 (key, protocol),
154 160 hint=_('valid protocols: %s') %
155 161 ' '.join(sorted(configprotocols)))
156 162
157 163 # Legacy Python can only do TLS 1.0. We default to TLS 1.1+ where we
158 164 # can because TLS 1.0 has known vulnerabilities (like BEAST and POODLE).
159 165 # We allow users to downgrade to TLS 1.0+ via config options in case a
160 166 # legacy server is encountered.
161 167 if modernssl:
162 168 defaultprotocol = 'tls1.1'
163 169 else:
164 170 # Let people on legacy Python versions know they are borderline
165 171 # secure.
166 172 # We don't document this config option because we want people to see
167 173 # the bold warnings on the web site.
168 174 # internal config: hostsecurity.disabletls10warning
169 175 if not ui.configbool('hostsecurity', 'disabletls10warning'):
170 176 ui.warn(_('warning: connecting to %s using legacy security '
171 177 'technology (TLS 1.0); see '
172 178 'https://mercurial-scm.org/wiki/SecureConnections for '
173 179 'more info\n') % hostname)
174 180 defaultprotocol = 'tls1.0'
175 181
176 182 key = 'minimumprotocol'
177 183 protocol = ui.config('hostsecurity', key, defaultprotocol)
178 184 validateprotocol(protocol, key)
179 185
180 186 key = '%s:minimumprotocol' % hostname
181 187 protocol = ui.config('hostsecurity', key, protocol)
182 188 validateprotocol(protocol, key)
183 189
184 190 s['protocol'], s['ctxoptions'] = protocolsettings(protocol)
185 191
192 ciphers = ui.config('hostsecurity', 'ciphers')
193 ciphers = ui.config('hostsecurity', '%s:ciphers' % hostname, ciphers)
194 s['ciphers'] = ciphers
195
186 196 # Look for fingerprints in [hostsecurity] section. Value is a list
187 197 # of <alg>:<fingerprint> strings.
188 198 fingerprints = ui.configlist('hostsecurity', '%s:fingerprints' % hostname,
189 199 [])
190 200 for fingerprint in fingerprints:
191 201 if not (fingerprint.startswith(('sha1:', 'sha256:', 'sha512:'))):
192 202 raise error.Abort(_('invalid fingerprint for %s: %s') % (
193 203 hostname, fingerprint),
194 204 hint=_('must begin with "sha1:", "sha256:", '
195 205 'or "sha512:"'))
196 206
197 207 alg, fingerprint = fingerprint.split(':', 1)
198 208 fingerprint = fingerprint.replace(':', '').lower()
199 209 s['certfingerprints'].append((alg, fingerprint))
200 210
201 211 # Fingerprints from [hostfingerprints] are always SHA-1.
202 212 for fingerprint in ui.configlist('hostfingerprints', hostname, []):
203 213 fingerprint = fingerprint.replace(':', '').lower()
204 214 s['certfingerprints'].append(('sha1', fingerprint))
205 215 s['legacyfingerprint'] = True
206 216
207 217 # If a host cert fingerprint is defined, it is the only thing that
208 218 # matters. No need to validate CA certs.
209 219 if s['certfingerprints']:
210 220 s['verifymode'] = ssl.CERT_NONE
211 221 s['allowloaddefaultcerts'] = False
212 222
213 223 # If --insecure is used, don't take CAs into consideration.
214 224 elif ui.insecureconnections:
215 225 s['disablecertverification'] = True
216 226 s['verifymode'] = ssl.CERT_NONE
217 227 s['allowloaddefaultcerts'] = False
218 228
219 229 if ui.configbool('devel', 'disableloaddefaultcerts'):
220 230 s['allowloaddefaultcerts'] = False
221 231
222 232 # If both fingerprints and a per-host ca file are specified, issue a warning
223 233 # because users should not be surprised about what security is or isn't
224 234 # being performed.
225 235 cafile = ui.config('hostsecurity', '%s:verifycertsfile' % hostname)
226 236 if s['certfingerprints'] and cafile:
227 237 ui.warn(_('(hostsecurity.%s:verifycertsfile ignored when host '
228 238 'fingerprints defined; using host fingerprints for '
229 239 'verification)\n') % hostname)
230 240
231 241 # Try to hook up CA certificate validation unless something above
232 242 # makes it not necessary.
233 243 if s['verifymode'] is None:
234 244 # Look at per-host ca file first.
235 245 if cafile:
236 246 cafile = util.expandpath(cafile)
237 247 if not os.path.exists(cafile):
238 248 raise error.Abort(_('path specified by %s does not exist: %s') %
239 249 ('hostsecurity.%s:verifycertsfile' % hostname,
240 250 cafile))
241 251 s['cafile'] = cafile
242 252 else:
243 253 # Find global certificates file in config.
244 254 cafile = ui.config('web', 'cacerts')
245 255
246 256 if cafile:
247 257 cafile = util.expandpath(cafile)
248 258 if not os.path.exists(cafile):
249 259 raise error.Abort(_('could not find web.cacerts: %s') %
250 260 cafile)
251 261 elif s['allowloaddefaultcerts']:
252 262 # CAs not defined in config. Try to find system bundles.
253 263 cafile = _defaultcacerts(ui)
254 264 if cafile:
255 265 ui.debug('using %s for CA file\n' % cafile)
256 266
257 267 s['cafile'] = cafile
258 268
259 269 # Require certificate validation if CA certs are being loaded and
260 270 # verification hasn't been disabled above.
261 271 if cafile or (_canloaddefaultcerts and s['allowloaddefaultcerts']):
262 272 s['verifymode'] = ssl.CERT_REQUIRED
263 273 else:
264 274 # At this point we don't have a fingerprint, aren't being
265 275 # explicitly insecure, and can't load CA certs. Connecting
266 276 # is insecure. We allow the connection and abort during
267 277 # validation (once we have the fingerprint to print to the
268 278 # user).
269 279 s['verifymode'] = ssl.CERT_NONE
270 280
271 281 assert s['protocol'] is not None
272 282 assert s['ctxoptions'] is not None
273 283 assert s['verifymode'] is not None
274 284
275 285 return s
276 286
277 287 def protocolsettings(protocol):
278 288 """Resolve the protocol and context options for a config value."""
279 289 if protocol not in configprotocols:
280 290 raise ValueError('protocol value not supported: %s' % protocol)
281 291
282 292 # Legacy ssl module only supports up to TLS 1.0. Ideally we'd use
283 293 # PROTOCOL_SSLv23 and options to disable SSLv2 and SSLv3. However,
284 294 # SSLContext.options doesn't work in our implementation since we use
285 295 # a fake SSLContext on these Python versions.
286 296 if not modernssl:
287 297 if protocol != 'tls1.0':
288 298 raise error.Abort(_('current Python does not support protocol '
289 299 'setting %s') % protocol,
290 300 hint=_('upgrade Python or disable setting since '
291 301 'only TLS 1.0 is supported'))
292 302
293 303 return ssl.PROTOCOL_TLSv1, 0
294 304
295 305 # WARNING: returned options don't work unless the modern ssl module
296 306 # is available. Be careful when adding options here.
297 307
298 308 # SSLv2 and SSLv3 are broken. We ban them outright.
299 309 options = ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3
300 310
301 311 if protocol == 'tls1.0':
302 312 # Defaults above are to use TLS 1.0+
303 313 pass
304 314 elif protocol == 'tls1.1':
305 315 options |= ssl.OP_NO_TLSv1
306 316 elif protocol == 'tls1.2':
307 317 options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
308 318 else:
309 319 raise error.Abort(_('this should not happen'))
310 320
311 321 # Prevent CRIME.
312 322 # There is no guarantee this attribute is defined on the module.
313 323 options |= getattr(ssl, 'OP_NO_COMPRESSION', 0)
314 324
315 325 return ssl.PROTOCOL_SSLv23, options
316 326
317 327 def wrapsocket(sock, keyfile, certfile, ui, serverhostname=None):
318 328 """Add SSL/TLS to a socket.
319 329
320 330 This is a glorified wrapper for ``ssl.wrap_socket()``. It makes sane
321 331 choices based on what security options are available.
322 332
323 333 In addition to the arguments supported by ``ssl.wrap_socket``, we allow
324 334 the following additional arguments:
325 335
326 336 * serverhostname - The expected hostname of the remote server. If the
327 337 server (and client) support SNI, this tells the server which certificate
328 338 to use.
329 339 """
330 340 if not serverhostname:
331 341 raise error.Abort(_('serverhostname argument is required'))
332 342
333 343 settings = _hostsettings(ui, serverhostname)
334 344
335 345 # We can't use ssl.create_default_context() because it calls
336 346 # load_default_certs() unless CA arguments are passed to it. We want to
337 347 # have explicit control over CA loading because implicitly loading
338 348 # CAs may undermine the user's intent. For example, a user may define a CA
339 349 # bundle with a specific CA cert removed. If the system/default CA bundle
340 350 # is loaded and contains that removed CA, you've just undone the user's
341 351 # choice.
342 352 sslcontext = SSLContext(settings['protocol'])
343 353
344 354 # This is a no-op unless using modern ssl.
345 355 sslcontext.options |= settings['ctxoptions']
346 356
347 357 # This still works on our fake SSLContext.
348 358 sslcontext.verify_mode = settings['verifymode']
349 359
360 if settings['ciphers']:
361 try:
362 sslcontext.set_ciphers(settings['ciphers'])
363 except ssl.SSLError as e:
364 raise error.Abort(_('could not set ciphers: %s') % e.args[0],
365 hint=_('change cipher string (%s) in config') %
366 settings['ciphers'])
367
350 368 if certfile is not None:
351 369 def password():
352 370 f = keyfile or certfile
353 371 return ui.getpass(_('passphrase for %s: ') % f, '')
354 372 sslcontext.load_cert_chain(certfile, keyfile, password)
355 373
356 374 if settings['cafile'] is not None:
357 375 try:
358 376 sslcontext.load_verify_locations(cafile=settings['cafile'])
359 377 except ssl.SSLError as e:
360 378 raise error.Abort(_('error loading CA file %s: %s') % (
361 379 settings['cafile'], e.args[1]),
362 380 hint=_('file is empty or malformed?'))
363 381 caloaded = True
364 382 elif settings['allowloaddefaultcerts']:
365 383 # This is a no-op on old Python.
366 384 sslcontext.load_default_certs()
367 385 caloaded = True
368 386 else:
369 387 caloaded = False
370 388
371 389 try:
372 390 sslsocket = sslcontext.wrap_socket(sock, server_hostname=serverhostname)
373 391 except ssl.SSLError as e:
374 392 # If we're doing certificate verification and no CA certs are loaded,
375 393 # that is almost certainly the reason why verification failed. Provide
376 394 # a hint to the user.
377 395 # Only modern ssl module exposes SSLContext.get_ca_certs() so we can
378 396 # only show this warning if modern ssl is available.
379 397 if (caloaded and settings['verifymode'] == ssl.CERT_REQUIRED and
380 398 modernssl and not sslcontext.get_ca_certs()):
381 399 ui.warn(_('(an attempt was made to load CA certificates but none '
382 400 'were loaded; see '
383 401 'https://mercurial-scm.org/wiki/SecureConnections for '
384 402 'how to configure Mercurial to avoid this error)\n'))
385 403 # Try to print more helpful error messages for known failures.
386 404 if util.safehasattr(e, 'reason'):
387 405 if e.reason == 'UNSUPPORTED_PROTOCOL':
388 406 ui.warn(_('(could not negotiate a common protocol; see '
389 407 'https://mercurial-scm.org/wiki/SecureConnections '
390 408 'for how to configure Mercurial to avoid this '
391 409 'error)\n'))
392 410 raise
393 411
394 412 # check if wrap_socket failed silently because socket had been
395 413 # closed
396 414 # - see http://bugs.python.org/issue13721
397 415 if not sslsocket.cipher():
398 416 raise error.Abort(_('ssl connection failed'))
399 417
400 418 sslsocket._hgstate = {
401 419 'caloaded': caloaded,
402 420 'hostname': serverhostname,
403 421 'settings': settings,
404 422 'ui': ui,
405 423 }
406 424
407 425 return sslsocket
408 426
409 427 def wrapserversocket(sock, ui, certfile=None, keyfile=None, cafile=None,
410 428 requireclientcert=False):
411 429 """Wrap a socket for use by servers.
412 430
413 431 ``certfile`` and ``keyfile`` specify the files containing the certificate's
414 432 public and private keys, respectively. Both keys can be defined in the same
415 433 file via ``certfile`` (the private key must come first in the file).
416 434
417 435 ``cafile`` defines the path to certificate authorities.
418 436
419 437 ``requireclientcert`` specifies whether to require client certificates.
420 438
421 439 Typically ``cafile`` is only defined if ``requireclientcert`` is true.
422 440 """
423 441 protocol, options = protocolsettings('tls1.0')
424 442
425 443 # This config option is intended for use in tests only. It is a giant
426 444 # footgun to kill security. Don't define it.
427 445 exactprotocol = ui.config('devel', 'serverexactprotocol')
428 446 if exactprotocol == 'tls1.0':
429 447 protocol = ssl.PROTOCOL_TLSv1
430 448 elif exactprotocol == 'tls1.1':
431 449 protocol = ssl.PROTOCOL_TLSv1_1
432 450 elif exactprotocol == 'tls1.2':
433 451 protocol = ssl.PROTOCOL_TLSv1_2
434 452 elif exactprotocol:
435 453 raise error.Abort(_('invalid value for serverexactprotocol: %s') %
436 454 exactprotocol)
437 455
438 456 if modernssl:
439 457 # We /could/ use create_default_context() here since it doesn't load
440 458 # CAs when configured for client auth. However, it is hard-coded to
441 459 # use ssl.PROTOCOL_SSLv23 which may not be appropriate here.
442 460 sslcontext = SSLContext(protocol)
443 461 sslcontext.options |= options
444 462
445 463 # Improve forward secrecy.
446 464 sslcontext.options |= getattr(ssl, 'OP_SINGLE_DH_USE', 0)
447 465 sslcontext.options |= getattr(ssl, 'OP_SINGLE_ECDH_USE', 0)
448 466
449 467 # Use the list of more secure ciphers if found in the ssl module.
450 468 if util.safehasattr(ssl, '_RESTRICTED_SERVER_CIPHERS'):
451 469 sslcontext.options |= getattr(ssl, 'OP_CIPHER_SERVER_PREFERENCE', 0)
452 470 sslcontext.set_ciphers(ssl._RESTRICTED_SERVER_CIPHERS)
453 471 else:
454 472 sslcontext = SSLContext(ssl.PROTOCOL_TLSv1)
455 473
456 474 if requireclientcert:
457 475 sslcontext.verify_mode = ssl.CERT_REQUIRED
458 476 else:
459 477 sslcontext.verify_mode = ssl.CERT_NONE
460 478
461 479 if certfile or keyfile:
462 480 sslcontext.load_cert_chain(certfile=certfile, keyfile=keyfile)
463 481
464 482 if cafile:
465 483 sslcontext.load_verify_locations(cafile=cafile)
466 484
467 485 return sslcontext.wrap_socket(sock, server_side=True)
468 486
469 487 class wildcarderror(Exception):
470 488 """Represents an error parsing wildcards in DNS name."""
471 489
472 490 def _dnsnamematch(dn, hostname, maxwildcards=1):
473 491 """Match DNS names according RFC 6125 section 6.4.3.
474 492
475 493 This code is effectively copied from CPython's ssl._dnsname_match.
476 494
477 495 Returns a bool indicating whether the expected hostname matches
478 496 the value in ``dn``.
479 497 """
480 498 pats = []
481 499 if not dn:
482 500 return False
483 501
484 502 pieces = dn.split(r'.')
485 503 leftmost = pieces[0]
486 504 remainder = pieces[1:]
487 505 wildcards = leftmost.count('*')
488 506 if wildcards > maxwildcards:
489 507 raise wildcarderror(
490 508 _('too many wildcards in certificate DNS name: %s') % dn)
491 509
492 510 # speed up common case w/o wildcards
493 511 if not wildcards:
494 512 return dn.lower() == hostname.lower()
495 513
496 514 # RFC 6125, section 6.4.3, subitem 1.
497 515 # The client SHOULD NOT attempt to match a presented identifier in which
498 516 # the wildcard character comprises a label other than the left-most label.
499 517 if leftmost == '*':
500 518 # When '*' is a fragment by itself, it matches a non-empty dotless
501 519 # fragment.
502 520 pats.append('[^.]+')
503 521 elif leftmost.startswith('xn--') or hostname.startswith('xn--'):
504 522 # RFC 6125, section 6.4.3, subitem 3.
505 523 # The client SHOULD NOT attempt to match a presented identifier
506 524 # where the wildcard character is embedded within an A-label or
507 525 # U-label of an internationalized domain name.
508 526 pats.append(re.escape(leftmost))
509 527 else:
510 528 # Otherwise, '*' matches any dotless string, e.g. www*
511 529 pats.append(re.escape(leftmost).replace(r'\*', '[^.]*'))
512 530
513 531 # add the remaining fragments, ignore any wildcards
514 532 for frag in remainder:
515 533 pats.append(re.escape(frag))
516 534
517 535 pat = re.compile(r'\A' + r'\.'.join(pats) + r'\Z', re.IGNORECASE)
518 536 return pat.match(hostname) is not None
519 537
520 538 def _verifycert(cert, hostname):
521 539 '''Verify that cert (in socket.getpeercert() format) matches hostname.
522 540 CRLs is not handled.
523 541
524 542 Returns error message if any problems are found and None on success.
525 543 '''
526 544 if not cert:
527 545 return _('no certificate received')
528 546
529 547 dnsnames = []
530 548 san = cert.get('subjectAltName', [])
531 549 for key, value in san:
532 550 if key == 'DNS':
533 551 try:
534 552 if _dnsnamematch(value, hostname):
535 553 return
536 554 except wildcarderror as e:
537 555 return e.args[0]
538 556
539 557 dnsnames.append(value)
540 558
541 559 if not dnsnames:
542 560 # The subject is only checked when there is no DNS in subjectAltName.
543 561 for sub in cert.get('subject', []):
544 562 for key, value in sub:
545 563 # According to RFC 2818 the most specific Common Name must
546 564 # be used.
547 565 if key == 'commonName':
548 566 # 'subject' entries are unicide.
549 567 try:
550 568 value = value.encode('ascii')
551 569 except UnicodeEncodeError:
552 570 return _('IDN in certificate not supported')
553 571
554 572 try:
555 573 if _dnsnamematch(value, hostname):
556 574 return
557 575 except wildcarderror as e:
558 576 return e.args[0]
559 577
560 578 dnsnames.append(value)
561 579
562 580 if len(dnsnames) > 1:
563 581 return _('certificate is for %s') % ', '.join(dnsnames)
564 582 elif len(dnsnames) == 1:
565 583 return _('certificate is for %s') % dnsnames[0]
566 584 else:
567 585 return _('no commonName or subjectAltName found in certificate')
568 586
569 587 def _plainapplepython():
570 588 """return true if this seems to be a pure Apple Python that
571 589 * is unfrozen and presumably has the whole mercurial module in the file
572 590 system
573 591 * presumably is an Apple Python that uses Apple OpenSSL which has patches
574 592 for using system certificate store CAs in addition to the provided
575 593 cacerts file
576 594 """
577 595 if sys.platform != 'darwin' or util.mainfrozen() or not sys.executable:
578 596 return False
579 597 exe = os.path.realpath(sys.executable).lower()
580 598 return (exe.startswith('/usr/bin/python') or
581 599 exe.startswith('/system/library/frameworks/python.framework/'))
582 600
583 601 _systemcacertpaths = [
584 602 # RHEL, CentOS, and Fedora
585 603 '/etc/pki/tls/certs/ca-bundle.trust.crt',
586 604 # Debian, Ubuntu, Gentoo
587 605 '/etc/ssl/certs/ca-certificates.crt',
588 606 ]
589 607
590 608 def _defaultcacerts(ui):
591 609 """return path to default CA certificates or None.
592 610
593 611 It is assumed this function is called when the returned certificates
594 612 file will actually be used to validate connections. Therefore this
595 613 function may print warnings or debug messages assuming this usage.
596 614
597 615 We don't print a message when the Python is able to load default
598 616 CA certs because this scenario is detected at socket connect time.
599 617 """
600 618 # The "certifi" Python package provides certificates. If it is installed,
601 619 # assume the user intends it to be used and use it.
602 620 try:
603 621 import certifi
604 622 certs = certifi.where()
605 623 ui.debug('using ca certificates from certifi\n')
606 624 return certs
607 625 except ImportError:
608 626 pass
609 627
610 628 # On Windows, only the modern ssl module is capable of loading the system
611 629 # CA certificates. If we're not capable of doing that, emit a warning
612 630 # because we'll get a certificate verification error later and the lack
613 631 # of loaded CA certificates will be the reason why.
614 632 # Assertion: this code is only called if certificates are being verified.
615 633 if os.name == 'nt':
616 634 if not _canloaddefaultcerts:
617 635 ui.warn(_('(unable to load Windows CA certificates; see '
618 636 'https://mercurial-scm.org/wiki/SecureConnections for '
619 637 'how to configure Mercurial to avoid this message)\n'))
620 638
621 639 return None
622 640
623 641 # Apple's OpenSSL has patches that allow a specially constructed certificate
624 642 # to load the system CA store. If we're running on Apple Python, use this
625 643 # trick.
626 644 if _plainapplepython():
627 645 dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem')
628 646 if os.path.exists(dummycert):
629 647 return dummycert
630 648
631 649 # The Apple OpenSSL trick isn't available to us. If Python isn't able to
632 650 # load system certs, we're out of luck.
633 651 if sys.platform == 'darwin':
634 652 # FUTURE Consider looking for Homebrew or MacPorts installed certs
635 653 # files. Also consider exporting the keychain certs to a file during
636 654 # Mercurial install.
637 655 if not _canloaddefaultcerts:
638 656 ui.warn(_('(unable to load CA certificates; see '
639 657 'https://mercurial-scm.org/wiki/SecureConnections for '
640 658 'how to configure Mercurial to avoid this message)\n'))
641 659 return None
642 660
643 661 # / is writable on Windows. Out of an abundance of caution make sure
644 662 # we're not on Windows because paths from _systemcacerts could be installed
645 663 # by non-admin users.
646 664 assert os.name != 'nt'
647 665
648 666 # Try to find CA certificates in well-known locations. We print a warning
649 667 # when using a found file because we don't want too much silent magic
650 668 # for security settings. The expectation is that proper Mercurial
651 669 # installs will have the CA certs path defined at install time and the
652 670 # installer/packager will make an appropriate decision on the user's
653 671 # behalf. We only get here and perform this setting as a feature of
654 672 # last resort.
655 673 if not _canloaddefaultcerts:
656 674 for path in _systemcacertpaths:
657 675 if os.path.isfile(path):
658 676 ui.warn(_('(using CA certificates from %s; if you see this '
659 677 'message, your Mercurial install is not properly '
660 678 'configured; see '
661 679 'https://mercurial-scm.org/wiki/SecureConnections '
662 680 'for how to configure Mercurial to avoid this '
663 681 'message)\n') % path)
664 682 return path
665 683
666 684 ui.warn(_('(unable to load CA certificates; see '
667 685 'https://mercurial-scm.org/wiki/SecureConnections for '
668 686 'how to configure Mercurial to avoid this message)\n'))
669 687
670 688 return None
671 689
672 690 def validatesocket(sock):
673 691 """Validate a socket meets security requiremnets.
674 692
675 693 The passed socket must have been created with ``wrapsocket()``.
676 694 """
677 695 host = sock._hgstate['hostname']
678 696 ui = sock._hgstate['ui']
679 697 settings = sock._hgstate['settings']
680 698
681 699 try:
682 700 peercert = sock.getpeercert(True)
683 701 peercert2 = sock.getpeercert()
684 702 except AttributeError:
685 703 raise error.Abort(_('%s ssl connection error') % host)
686 704
687 705 if not peercert:
688 706 raise error.Abort(_('%s certificate error: '
689 707 'no certificate received') % host)
690 708
691 709 if settings['disablecertverification']:
692 710 # We don't print the certificate fingerprint because it shouldn't
693 711 # be necessary: if the user requested certificate verification be
694 712 # disabled, they presumably already saw a message about the inability
695 713 # to verify the certificate and this message would have printed the
696 714 # fingerprint. So printing the fingerprint here adds little to no
697 715 # value.
698 716 ui.warn(_('warning: connection security to %s is disabled per current '
699 717 'settings; communication is susceptible to eavesdropping '
700 718 'and tampering\n') % host)
701 719 return
702 720
703 721 # If a certificate fingerprint is pinned, use it and only it to
704 722 # validate the remote cert.
705 723 peerfingerprints = {
706 724 'sha1': hashlib.sha1(peercert).hexdigest(),
707 725 'sha256': hashlib.sha256(peercert).hexdigest(),
708 726 'sha512': hashlib.sha512(peercert).hexdigest(),
709 727 }
710 728
711 729 def fmtfingerprint(s):
712 730 return ':'.join([s[x:x + 2] for x in range(0, len(s), 2)])
713 731
714 732 nicefingerprint = 'sha256:%s' % fmtfingerprint(peerfingerprints['sha256'])
715 733
716 734 if settings['certfingerprints']:
717 735 for hash, fingerprint in settings['certfingerprints']:
718 736 if peerfingerprints[hash].lower() == fingerprint:
719 737 ui.debug('%s certificate matched fingerprint %s:%s\n' %
720 738 (host, hash, fmtfingerprint(fingerprint)))
721 739 return
722 740
723 741 # Pinned fingerprint didn't match. This is a fatal error.
724 742 if settings['legacyfingerprint']:
725 743 section = 'hostfingerprint'
726 744 nice = fmtfingerprint(peerfingerprints['sha1'])
727 745 else:
728 746 section = 'hostsecurity'
729 747 nice = '%s:%s' % (hash, fmtfingerprint(peerfingerprints[hash]))
730 748 raise error.Abort(_('certificate for %s has unexpected '
731 749 'fingerprint %s') % (host, nice),
732 750 hint=_('check %s configuration') % section)
733 751
734 752 # Security is enabled but no CAs are loaded. We can't establish trust
735 753 # for the cert so abort.
736 754 if not sock._hgstate['caloaded']:
737 755 raise error.Abort(
738 756 _('unable to verify security of %s (no loaded CA certificates); '
739 757 'refusing to connect') % host,
740 758 hint=_('see https://mercurial-scm.org/wiki/SecureConnections for '
741 759 'how to configure Mercurial to avoid this error or set '
742 760 'hostsecurity.%s:fingerprints=%s to trust this server') %
743 761 (host, nicefingerprint))
744 762
745 763 msg = _verifycert(peercert2, host)
746 764 if msg:
747 765 raise error.Abort(_('%s certificate error: %s') % (host, msg),
748 766 hint=_('set hostsecurity.%s:certfingerprints=%s '
749 767 'config setting or use --insecure to connect '
750 768 'insecurely') %
751 769 (host, nicefingerprint))
Show file before | Show file after | Hide comments
@@ -1,555 +1,597
1 1 #require serve ssl
2 2
3 3 Proper https client requires the built-in ssl from Python 2.6.
4 4
5 5 Make server certificates:
6 6
7 7 $ CERTSDIR="$TESTDIR/sslcerts"
8 8 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem
9 9 $ PRIV=`pwd`/server.pem
10 10 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-not-yet.pem" > server-not-yet.pem
11 11 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-expired.pem" > server-expired.pem
12 12
13 13 $ hg init test
14 14 $ cd test
15 15 $ echo foo>foo
16 16 $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg
17 17 $ echo foo>foo.d/foo
18 18 $ echo bar>foo.d/bAr.hg.d/BaR
19 19 $ echo bar>foo.d/baR.d.hg/bAR
20 20 $ hg commit -A -m 1
21 21 adding foo
22 22 adding foo.d/bAr.hg.d/BaR
23 23 adding foo.d/baR.d.hg/bAR
24 24 adding foo.d/foo
25 25 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV
26 26 $ cat ../hg0.pid >> $DAEMON_PIDS
27 27
28 28 cacert not found
29 29
30 30 $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/
31 31 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
32 32 abort: could not find web.cacerts: no-such.pem
33 33 [255]
34 34
35 35 Test server address cannot be reused
36 36
37 37 #if windows
38 38 $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
39 39 abort: cannot start server at ':$HGPORT':
40 40 [255]
41 41 #else
42 42 $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
43 43 abort: cannot start server at ':$HGPORT': Address already in use
44 44 [255]
45 45 #endif
46 46 $ cd ..
47 47
48 48 Our test cert is not signed by a trusted CA. It should fail to verify if
49 49 we are able to load CA certs.
50 50
51 51 #if sslcontext defaultcacerts no-defaultcacertsloaded
52 52 $ hg clone https://localhost:$HGPORT/ copy-pull
53 53 (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
54 54 abort: error: *certificate verify failed* (glob)
55 55 [255]
56 56 #endif
57 57
58 58 #if no-sslcontext defaultcacerts
59 59 $ hg clone https://localhost:$HGPORT/ copy-pull
60 60 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
61 61 (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
62 62 abort: error: *certificate verify failed* (glob)
63 63 [255]
64 64 #endif
65 65
66 66 #if no-sslcontext windows
67 67 $ hg clone https://localhost:$HGPORT/ copy-pull
68 68 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
69 69 (unable to load Windows CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message)
70 70 abort: error: *certificate verify failed* (glob)
71 71 [255]
72 72 #endif
73 73
74 74 #if no-sslcontext osx
75 75 $ hg clone https://localhost:$HGPORT/ copy-pull
76 76 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
77 77 (unable to load CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message)
78 78 abort: localhost certificate error: no certificate received
79 79 (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely)
80 80 [255]
81 81 #endif
82 82
83 83 #if defaultcacertsloaded
84 84 $ hg clone https://localhost:$HGPORT/ copy-pull
85 85 (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
86 86 abort: error: *certificate verify failed* (glob)
87 87 [255]
88 88 #endif
89 89
90 90 #if no-defaultcacerts
91 91 $ hg clone https://localhost:$HGPORT/ copy-pull
92 92 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
93 93 (unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
94 94 abort: localhost certificate error: no certificate received
95 95 (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely)
96 96 [255]
97 97 #endif
98 98
99 99 Specifying a per-host certificate file that doesn't exist will abort
100 100
101 101 $ hg --config hostsecurity.localhost:verifycertsfile=/does/not/exist clone https://localhost:$HGPORT/
102 102 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
103 103 abort: path specified by hostsecurity.localhost:verifycertsfile does not exist: /does/not/exist
104 104 [255]
105 105
106 106 A malformed per-host certificate file will raise an error
107 107
108 108 $ echo baddata > badca.pem
109 109 #if sslcontext
110 110 $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/
111 111 abort: error loading CA file badca.pem: * (glob)
112 112 (file is empty or malformed?)
113 113 [255]
114 114 #else
115 115 $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/
116 116 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
117 117 abort: error: * (glob)
118 118 [255]
119 119 #endif
120 120
121 121 A per-host certificate mismatching the server will fail verification
122 122
123 123 (modern ssl is able to discern whether the loaded cert is a CA cert)
124 124 #if sslcontext
125 125 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
126 126 (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
127 127 abort: error: *certificate verify failed* (glob)
128 128 [255]
129 129 #else
130 130 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
131 131 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
132 132 abort: error: *certificate verify failed* (glob)
133 133 [255]
134 134 #endif
135 135
136 136 A per-host certificate matching the server's cert will be accepted
137 137
138 138 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" clone -U https://localhost:$HGPORT/ perhostgood1
139 139 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
140 140 requesting all changes
141 141 adding changesets
142 142 adding manifests
143 143 adding file changes
144 144 added 1 changesets with 4 changes to 4 files
145 145
146 146 A per-host certificate with multiple certs and one matching will be accepted
147 147
148 148 $ cat "$CERTSDIR/client-cert.pem" "$CERTSDIR/pub.pem" > perhost.pem
149 149 $ hg --config hostsecurity.localhost:verifycertsfile=perhost.pem clone -U https://localhost:$HGPORT/ perhostgood2
150 150 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
151 151 requesting all changes
152 152 adding changesets
153 153 adding manifests
154 154 adding file changes
155 155 added 1 changesets with 4 changes to 4 files
156 156
157 157 Defining both per-host certificate and a fingerprint will print a warning
158 158
159 159 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 clone -U https://localhost:$HGPORT/ caandfingerwarning
160 160 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
161 161 (hostsecurity.localhost:verifycertsfile ignored when host fingerprints defined; using host fingerprints for verification)
162 162 requesting all changes
163 163 adding changesets
164 164 adding manifests
165 165 adding file changes
166 166 added 1 changesets with 4 changes to 4 files
167 167
168 168 $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
169 169
170 170 Inability to verify peer certificate will result in abort
171 171
172 172 $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS
173 173 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
174 174 abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
175 175 (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
176 176 [255]
177 177
178 178 $ hg clone --insecure https://localhost:$HGPORT/ copy-pull
179 179 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
180 180 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
181 181 requesting all changes
182 182 adding changesets
183 183 adding manifests
184 184 adding file changes
185 185 added 1 changesets with 4 changes to 4 files
186 186 updating to branch default
187 187 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
188 188 $ hg verify -R copy-pull
189 189 checking changesets
190 190 checking manifests
191 191 crosschecking files in changesets and manifests
192 192 checking files
193 193 4 files, 1 changesets, 4 total revisions
194 194 $ cd test
195 195 $ echo bar > bar
196 196 $ hg commit -A -d '1 0' -m 2
197 197 adding bar
198 198 $ cd ..
199 199
200 200 pull without cacert
201 201
202 202 $ cd copy-pull
203 203 $ echo '[hooks]' >> .hg/hgrc
204 204 $ echo "changegroup = printenv.py changegroup" >> .hg/hgrc
205 205 $ hg pull $DISABLECACERTS
206 206 pulling from https://localhost:$HGPORT/
207 207 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
208 208 abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
209 209 (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
210 210 [255]
211 211
212 212 $ hg pull --insecure
213 213 pulling from https://localhost:$HGPORT/
214 214 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
215 215 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
216 216 searching for changes
217 217 adding changesets
218 218 adding manifests
219 219 adding file changes
220 220 added 1 changesets with 1 changes to 1 files
221 221 changegroup hook: HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_TXNID=TXN:* HG_URL=https://localhost:$HGPORT/ (glob)
222 222 (run 'hg update' to get a working copy)
223 223 $ cd ..
224 224
225 225 cacert configured in local repo
226 226
227 227 $ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu
228 228 $ echo "[web]" >> copy-pull/.hg/hgrc
229 229 $ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc
230 230 $ hg -R copy-pull pull --traceback
231 231 pulling from https://localhost:$HGPORT/
232 232 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
233 233 searching for changes
234 234 no changes found
235 235 $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc
236 236
237 237 cacert configured globally, also testing expansion of environment
238 238 variables in the filename
239 239
240 240 $ echo "[web]" >> $HGRCPATH
241 241 $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH
242 242 $ P="$CERTSDIR" hg -R copy-pull pull
243 243 pulling from https://localhost:$HGPORT/
244 244 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
245 245 searching for changes
246 246 no changes found
247 247 $ P="$CERTSDIR" hg -R copy-pull pull --insecure
248 248 pulling from https://localhost:$HGPORT/
249 249 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
250 250 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
251 251 searching for changes
252 252 no changes found
253 253
254 254 empty cacert file
255 255
256 256 $ touch emptycafile
257 257
258 258 #if sslcontext
259 259 $ hg --config web.cacerts=emptycafile -R copy-pull pull
260 260 pulling from https://localhost:$HGPORT/
261 261 abort: error loading CA file emptycafile: * (glob)
262 262 (file is empty or malformed?)
263 263 [255]
264 264 #else
265 265 $ hg --config web.cacerts=emptycafile -R copy-pull pull
266 266 pulling from https://localhost:$HGPORT/
267 267 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
268 268 abort: error: * (glob)
269 269 [255]
270 270 #endif
271 271
272 272 cacert mismatch
273 273
274 274 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
275 275 > https://127.0.0.1:$HGPORT/
276 276 pulling from https://127.0.0.1:$HGPORT/ (glob)
277 277 warning: connecting to 127.0.0.1 using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
278 278 abort: 127.0.0.1 certificate error: certificate is for localhost (glob)
279 279 (set hostsecurity.127.0.0.1:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely) (glob)
280 280 [255]
281 281 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
282 282 > https://127.0.0.1:$HGPORT/ --insecure
283 283 pulling from https://127.0.0.1:$HGPORT/ (glob)
284 284 warning: connecting to 127.0.0.1 using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
285 285 warning: connection security to 127.0.0.1 is disabled per current settings; communication is susceptible to eavesdropping and tampering (glob)
286 286 searching for changes
287 287 no changes found
288 288 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem"
289 289 pulling from https://localhost:$HGPORT/
290 290 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
291 291 abort: error: *certificate verify failed* (glob)
292 292 [255]
293 293 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \
294 294 > --insecure
295 295 pulling from https://localhost:$HGPORT/
296 296 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
297 297 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
298 298 searching for changes
299 299 no changes found
300 300
301 301 Test server cert which isn't valid yet
302 302
303 303 $ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem
304 304 $ cat hg1.pid >> $DAEMON_PIDS
305 305 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \
306 306 > https://localhost:$HGPORT1/
307 307 pulling from https://localhost:$HGPORT1/
308 308 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
309 309 abort: error: *certificate verify failed* (glob)
310 310 [255]
311 311
312 312 Test server cert which no longer is valid
313 313
314 314 $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
315 315 $ cat hg2.pid >> $DAEMON_PIDS
316 316 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \
317 317 > https://localhost:$HGPORT2/
318 318 pulling from https://localhost:$HGPORT2/
319 319 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
320 320 abort: error: *certificate verify failed* (glob)
321 321 [255]
322 322
323 323 Disabling the TLS 1.0 warning works
324 324 $ hg -R copy-pull id https://localhost:$HGPORT/ \
325 325 > --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 \
326 326 > --config hostsecurity.disabletls10warning=true
327 327 5fed3813f7f5
328 328
329 #if no-sslcontext no-py27+
330 Setting ciphers doesn't work in Python 2.6
331 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/
332 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
333 abort: setting ciphers in [hostsecurity] is not supported by this version of Python
334 (remove the config option or run Mercurial with a modern Python version (preferred))
335 [255]
336 #endif
337
338 Setting ciphers works in Python 2.7+ but the error message is different on
339 legacy ssl. We test legacy once and do more feature checking on modern
340 configs.
341
342 #if py27+ no-sslcontext
343 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
344 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
345 abort: *No cipher can be selected. (glob)
346 [255]
347
348 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/
349 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
350 5fed3813f7f5
351 #endif
352
353 #if sslcontext
354 Setting ciphers to an invalid value aborts
355 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
356 abort: could not set ciphers: No cipher can be selected.
357 (change cipher string (invalid) in config)
358 [255]
359
360 $ P="$CERTSDIR" hg --config hostsecurity.localhost:ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
361 abort: could not set ciphers: No cipher can be selected.
362 (change cipher string (invalid) in config)
363 [255]
364
365 Changing the cipher string works
366
367 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/
368 5fed3813f7f5
369 #endif
370
329 371 Fingerprints
330 372
331 373 - works without cacerts (hostkeyfingerprints)
332 374 $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
333 375 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
334 376 5fed3813f7f5
335 377
336 378 - works without cacerts (hostsecurity)
337 379 $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
338 380 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
339 381 5fed3813f7f5
340 382
341 383 $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e
342 384 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
343 385 5fed3813f7f5
344 386
345 387 - multiple fingerprints specified and first matches
346 388 $ hg --config 'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
347 389 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
348 390 5fed3813f7f5
349 391
350 392 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
351 393 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
352 394 5fed3813f7f5
353 395
354 396 - multiple fingerprints specified and last matches
355 397 $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ --insecure
356 398 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
357 399 5fed3813f7f5
358 400
359 401 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/
360 402 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
361 403 5fed3813f7f5
362 404
363 405 - multiple fingerprints specified and none match
364 406
365 407 $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
366 408 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
367 409 abort: certificate for localhost has unexpected fingerprint ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
368 410 (check hostfingerprint configuration)
369 411 [255]
370 412
371 413 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
372 414 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
373 415 abort: certificate for localhost has unexpected fingerprint sha1:ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
374 416 (check hostsecurity configuration)
375 417 [255]
376 418
377 419 - fails when cert doesn't match hostname (port is ignored)
378 420 $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
379 421 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
380 422 abort: certificate for localhost has unexpected fingerprint f4:2f:5a:0c:3e:52:5b:db:e7:24:a8:32:1d:18:97:6d:69:b5:87:84
381 423 (check hostfingerprint configuration)
382 424 [255]
383 425
384 426
385 427 - ignores that certificate doesn't match hostname
386 428 $ hg -R copy-pull id https://127.0.0.1:$HGPORT/ --config hostfingerprints.127.0.0.1=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
387 429 warning: connecting to 127.0.0.1 using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
388 430 5fed3813f7f5
389 431
390 432 Ports used by next test. Kill servers.
391 433
392 434 $ killdaemons.py hg0.pid
393 435 $ killdaemons.py hg1.pid
394 436 $ killdaemons.py hg2.pid
395 437
396 438 #if sslcontext
397 439 Start servers running supported TLS versions
398 440
399 441 $ cd test
400 442 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
401 443 > --config devel.serverexactprotocol=tls1.0
402 444 $ cat ../hg0.pid >> $DAEMON_PIDS
403 445 $ hg serve -p $HGPORT1 -d --pid-file=../hg1.pid --certificate=$PRIV \
404 446 > --config devel.serverexactprotocol=tls1.1
405 447 $ cat ../hg1.pid >> $DAEMON_PIDS
406 448 $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \
407 449 > --config devel.serverexactprotocol=tls1.2
408 450 $ cat ../hg2.pid >> $DAEMON_PIDS
409 451 $ cd ..
410 452
411 453 Clients talking same TLS versions work
412 454
413 455 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 id https://localhost:$HGPORT/
414 456 5fed3813f7f5
415 457 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT1/
416 458 5fed3813f7f5
417 459 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/
418 460 5fed3813f7f5
419 461
420 462 Clients requiring newer TLS version than what server supports fail
421 463
422 464 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
423 465 (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
424 466 abort: error: *unsupported protocol* (glob)
425 467 [255]
426 468
427 469 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT/
428 470 (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
429 471 abort: error: *unsupported protocol* (glob)
430 472 [255]
431 473 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT/
432 474 (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
433 475 abort: error: *unsupported protocol* (glob)
434 476 [255]
435 477 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT1/
436 478 (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
437 479 abort: error: *unsupported protocol* (glob)
438 480 [255]
439 481
440 482 The per-host config option overrides the default
441 483
442 484 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
443 485 > --config hostsecurity.minimumprotocol=tls1.2 \
444 486 > --config hostsecurity.localhost:minimumprotocol=tls1.0
445 487 5fed3813f7f5
446 488
447 489 The per-host config option by itself works
448 490
449 491 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
450 492 > --config hostsecurity.localhost:minimumprotocol=tls1.2
451 493 (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
452 494 abort: error: *unsupported protocol* (glob)
453 495 [255]
454 496
455 497 $ killdaemons.py hg0.pid
456 498 $ killdaemons.py hg1.pid
457 499 $ killdaemons.py hg2.pid
458 500 #endif
459 501
460 502 Prepare for connecting through proxy
461 503
462 504 $ hg serve -R test -p $HGPORT -d --pid-file=hg0.pid --certificate=$PRIV
463 505 $ cat hg0.pid >> $DAEMON_PIDS
464 506 $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
465 507 $ cat hg2.pid >> $DAEMON_PIDS
466 508 tinyproxy.py doesn't fully detach, so killing it may result in extra output
467 509 from the shell. So don't kill it.
468 510 $ tinyproxy.py $HGPORT1 localhost >proxy.log </dev/null 2>&1 &
469 511 $ while [ ! -f proxy.pid ]; do sleep 0; done
470 512 $ cat proxy.pid >> $DAEMON_PIDS
471 513
472 514 $ echo "[http_proxy]" >> copy-pull/.hg/hgrc
473 515 $ echo "always=True" >> copy-pull/.hg/hgrc
474 516 $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc
475 517 $ echo "localhost =" >> copy-pull/.hg/hgrc
476 518
477 519 Test unvalidated https through proxy
478 520
479 521 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure --traceback
480 522 pulling from https://localhost:$HGPORT/
481 523 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
482 524 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
483 525 searching for changes
484 526 no changes found
485 527
486 528 Test https with cacert and fingerprint through proxy
487 529
488 530 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
489 531 > --config web.cacerts="$CERTSDIR/pub.pem"
490 532 pulling from https://localhost:$HGPORT/
491 533 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
492 534 searching for changes
493 535 no changes found
494 536 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://127.0.0.1:$HGPORT/ --config hostfingerprints.127.0.0.1=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
495 537 pulling from https://127.0.0.1:$HGPORT/ (glob)
496 538 warning: connecting to 127.0.0.1 using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
497 539 searching for changes
498 540 no changes found
499 541
500 542 Test https with cert problems through proxy
501 543
502 544 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
503 545 > --config web.cacerts="$CERTSDIR/pub-other.pem"
504 546 pulling from https://localhost:$HGPORT/
505 547 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
506 548 abort: error: *certificate verify failed* (glob)
507 549 [255]
508 550 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
509 551 > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/
510 552 pulling from https://localhost:$HGPORT2/
511 553 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
512 554 abort: error: *certificate verify failed* (glob)
513 555 [255]
514 556
515 557
516 558 $ killdaemons.py hg0.pid
517 559
518 560 #if sslcontext
519 561
520 562 Start hgweb that requires client certificates:
521 563
522 564 $ cd test
523 565 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
524 566 > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true
525 567 $ cat ../hg0.pid >> $DAEMON_PIDS
526 568 $ cd ..
527 569
528 570 without client certificate:
529 571
530 572 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
531 573 abort: error: *handshake failure* (glob)
532 574 [255]
533 575
534 576 with client certificate:
535 577
536 578 $ cat << EOT >> $HGRCPATH
537 579 > [auth]
538 580 > l.prefix = localhost
539 581 > l.cert = $CERTSDIR/client-cert.pem
540 582 > l.key = $CERTSDIR/client-key.pem
541 583 > EOT
542 584
543 585 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
544 586 > --config auth.l.key="$CERTSDIR/client-key-decrypted.pem"
545 587 5fed3813f7f5
546 588
547 589 $ printf '1234\n' | env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
548 590 > --config ui.interactive=True --config ui.nontty=True
549 591 passphrase for */client-key.pem: 5fed3813f7f5 (glob)
550 592
551 593 $ env P="$CERTSDIR" hg id https://localhost:$HGPORT/
552 594 abort: error: * (glob)
553 595 [255]
554 596
555 597 #endif
General Comments 0
You need to be logged in to leave comments. Login now