##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

ui: optionally quiesce ssl verification warnings on python 2.5...
Steven Stallion -
r16391:9cf7c9d5 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,1388 +1,1392
1 1 The Mercurial system uses a set of configuration files to control
2 2 aspects of its behavior.
3 3
4 4 The configuration files use a simple ini-file format. A configuration
5 5 file consists of sections, led by a ``[section]`` header and followed
6 6 by ``name = value`` entries::
7 7
8 8 [ui]
9 9 username = Firstname Lastname <firstname.lastname@example.net>
10 10 verbose = True
11 11
12 12 The above entries will be referred to as ``ui.username`` and
13 13 ``ui.verbose``, respectively. See the Syntax section below.
14 14
15 15 Files
16 16 -----
17 17
18 18 Mercurial reads configuration data from several files, if they exist.
19 19 These files do not exist by default and you will have to create the
20 20 appropriate configuration files yourself: global configuration like
21 21 the username setting is typically put into
22 22 ``%USERPROFILE%\mercurial.ini`` or ``$HOME/.hgrc`` and local
23 23 configuration is put into the per-repository ``<repo>/.hg/hgrc`` file.
24 24
25 25 The names of these files depend on the system on which Mercurial is
26 26 installed. ``*.rc`` files from a single directory are read in
27 27 alphabetical order, later ones overriding earlier ones. Where multiple
28 28 paths are given below, settings from earlier paths override later
29 29 ones.
30 30
31 31 | (All) ``<repo>/.hg/hgrc``
32 32
33 33 Per-repository configuration options that only apply in a
34 34 particular repository. This file is not version-controlled, and
35 35 will not get transferred during a "clone" operation. Options in
36 36 this file override options in all other configuration files. On
37 37 Plan 9 and Unix, most of this file will be ignored if it doesn't
38 38 belong to a trusted user or to a trusted group. See the documentation
39 39 for the ``[trusted]`` section below for more details.
40 40
41 41 | (Plan 9) ``$home/lib/hgrc``
42 42 | (Unix) ``$HOME/.hgrc``
43 43 | (Windows) ``%USERPROFILE%\.hgrc``
44 44 | (Windows) ``%USERPROFILE%\Mercurial.ini``
45 45 | (Windows) ``%HOME%\.hgrc``
46 46 | (Windows) ``%HOME%\Mercurial.ini``
47 47
48 48 Per-user configuration file(s), for the user running Mercurial. On
49 49 Windows 9x, ``%HOME%`` is replaced by ``%APPDATA%``. Options in these
50 50 files apply to all Mercurial commands executed by this user in any
51 51 directory. Options in these files override per-system and per-installation
52 52 options.
53 53
54 54 | (Plan 9) ``/lib/mercurial/hgrc``
55 55 | (Plan 9) ``/lib/mercurial/hgrc.d/*.rc``
56 56 | (Unix) ``/etc/mercurial/hgrc``
57 57 | (Unix) ``/etc/mercurial/hgrc.d/*.rc``
58 58
59 59 Per-system configuration files, for the system on which Mercurial
60 60 is running. Options in these files apply to all Mercurial commands
61 61 executed by any user in any directory. Options in these files
62 62 override per-installation options.
63 63
64 64 | (Plan 9) ``<install-root>/lib/mercurial/hgrc``
65 65 | (Plan 9) ``<install-root>/lib/mercurial/hgrc.d/*.rc``
66 66 | (Unix) ``<install-root>/etc/mercurial/hgrc``
67 67 | (Unix) ``<install-root>/etc/mercurial/hgrc.d/*.rc``
68 68
69 69 Per-installation configuration files, searched for in the
70 70 directory where Mercurial is installed. ``<install-root>`` is the
71 71 parent directory of the **hg** executable (or symlink) being run. For
72 72 example, if installed in ``/shared/tools/bin/hg``, Mercurial will look
73 73 in ``/shared/tools/etc/mercurial/hgrc``. Options in these files apply
74 74 to all Mercurial commands executed by any user in any directory.
75 75
76 76 | (Windows) ``<install-dir>\Mercurial.ini`` **or**
77 77 | (Windows) ``<install-dir>\hgrc.d\*.rc`` **or**
78 78 | (Windows) ``HKEY_LOCAL_MACHINE\SOFTWARE\Mercurial``
79 79
80 80 Per-installation/system configuration files, for the system on
81 81 which Mercurial is running. Options in these files apply to all
82 82 Mercurial commands executed by any user in any directory. Registry
83 83 keys contain PATH-like strings, every part of which must reference
84 84 a ``Mercurial.ini`` file or be a directory where ``*.rc`` files will
85 85 be read. Mercurial checks each of these locations in the specified
86 86 order until one or more configuration files are detected. If the
87 87 pywin32 extensions are not installed, Mercurial will only look for
88 88 site-wide configuration in ``C:\Mercurial\Mercurial.ini``.
89 89
90 90 Syntax
91 91 ------
92 92
93 93 A configuration file consists of sections, led by a ``[section]`` header
94 94 and followed by ``name = value`` entries (sometimes called
95 95 ``configuration keys``)::
96 96
97 97 [spam]
98 98 eggs=ham
99 99 green=
100 100 eggs
101 101
102 102 Each line contains one entry. If the lines that follow are indented,
103 103 they are treated as continuations of that entry. Leading whitespace is
104 104 removed from values. Empty lines are skipped. Lines beginning with
105 105 ``#`` or ``;`` are ignored and may be used to provide comments.
106 106
107 107 Configuration keys can be set multiple times, in which case Mercurial
108 108 will use the value that was configured last. As an example::
109 109
110 110 [spam]
111 111 eggs=large
112 112 ham=serrano
113 113 eggs=small
114 114
115 115 This would set the configuration key named ``eggs`` to ``small``.
116 116
117 117 It is also possible to define a section multiple times. A section can
118 118 be redefined on the same and/or on different configuration files. For
119 119 example::
120 120
121 121 [foo]
122 122 eggs=large
123 123 ham=serrano
124 124 eggs=small
125 125
126 126 [bar]
127 127 eggs=ham
128 128 green=
129 129 eggs
130 130
131 131 [foo]
132 132 ham=prosciutto
133 133 eggs=medium
134 134 bread=toasted
135 135
136 136 This would set the ``eggs``, ``ham``, and ``bread`` configuration keys
137 137 of the ``foo`` section to ``medium``, ``prosciutto``, and ``toasted``,
138 138 respectively. As you can see there only thing that matters is the last
139 139 value that was set for each of the configuration keys.
140 140
141 141 If a configuration key is set multiple times in different
142 142 configuration files the final value will depend on the order in which
143 143 the different configuration files are read, with settings from earlier
144 144 paths overriding later ones as described on the ``Files`` section
145 145 above.
146 146
147 147 A line of the form ``%include file`` will include ``file`` into the
148 148 current configuration file. The inclusion is recursive, which means
149 149 that included files can include other files. Filenames are relative to
150 150 the configuration file in which the ``%include`` directive is found.
151 151 Environment variables and ``~user`` constructs are expanded in
152 152 ``file``. This lets you do something like::
153 153
154 154 %include ~/.hgrc.d/$HOST.rc
155 155
156 156 to include a different configuration file on each computer you use.
157 157
158 158 A line with ``%unset name`` will remove ``name`` from the current
159 159 section, if it has been set previously.
160 160
161 161 The values are either free-form text strings, lists of text strings,
162 162 or Boolean values. Boolean values can be set to true using any of "1",
163 163 "yes", "true", or "on" and to false using "0", "no", "false", or "off"
164 164 (all case insensitive).
165 165
166 166 List values are separated by whitespace or comma, except when values are
167 167 placed in double quotation marks::
168 168
169 169 allow_read = "John Doe, PhD", brian, betty
170 170
171 171 Quotation marks can be escaped by prefixing them with a backslash. Only
172 172 quotation marks at the beginning of a word is counted as a quotation
173 173 (e.g., ``foo"bar baz`` is the list of ``foo"bar`` and ``baz``).
174 174
175 175 Sections
176 176 --------
177 177
178 178 This section describes the different sections that may appear in a
179 179 Mercurial configuration file, the purpose of each section, its possible
180 180 keys, and their possible values.
181 181
182 182 ``alias``
183 183 """""""""
184 184
185 185 Defines command aliases.
186 186 Aliases allow you to define your own commands in terms of other
187 187 commands (or aliases), optionally including arguments. Positional
188 188 arguments in the form of ``$1``, ``$2``, etc in the alias definition
189 189 are expanded by Mercurial before execution. Positional arguments not
190 190 already used by ``$N`` in the definition are put at the end of the
191 191 command to be executed.
192 192
193 193 Alias definitions consist of lines of the form::
194 194
195 195 <alias> = <command> [<argument>]...
196 196
197 197 For example, this definition::
198 198
199 199 latest = log --limit 5
200 200
201 201 creates a new command ``latest`` that shows only the five most recent
202 202 changesets. You can define subsequent aliases using earlier ones::
203 203
204 204 stable5 = latest -b stable
205 205
206 206 .. note:: It is possible to create aliases with the same names as
207 207 existing commands, which will then override the original
208 208 definitions. This is almost always a bad idea!
209 209
210 210 An alias can start with an exclamation point (``!``) to make it a
211 211 shell alias. A shell alias is executed with the shell and will let you
212 212 run arbitrary commands. As an example, ::
213 213
214 214 echo = !echo
215 215
216 216 will let you do ``hg echo foo`` to have ``foo`` printed in your
217 217 terminal. A better example might be::
218 218
219 219 purge = !$HG status --no-status --unknown -0 | xargs -0 rm
220 220
221 221 which will make ``hg purge`` delete all unknown files in the
222 222 repository in the same manner as the purge extension.
223 223
224 224 Shell aliases are executed in an environment where ``$HG`` expand to
225 225 the path of the Mercurial that was used to execute the alias. This is
226 226 useful when you want to call further Mercurial commands in a shell
227 227 alias, as was done above for the purge alias. In addition,
228 228 ``$HG_ARGS`` expand to the arguments given to Mercurial. In the ``hg
229 229 echo foo`` call above, ``$HG_ARGS`` would expand to ``echo foo``.
230 230
231 231 .. note:: Some global configuration options such as ``-R`` are
232 232 processed before shell aliases and will thus not be passed to
233 233 aliases.
234 234
235 235
236 236 ``annotate``
237 237 """"""""""""
238 238
239 239 Settings used when displaying file annotations. All values are
240 240 Booleans and default to False. See ``diff`` section for related
241 241 options for the diff command.
242 242
243 243 ``ignorews``
244 244 Ignore white space when comparing lines.
245 245
246 246 ``ignorewsamount``
247 247 Ignore changes in the amount of white space.
248 248
249 249 ``ignoreblanklines``
250 250 Ignore changes whose lines are all blank.
251 251
252 252
253 253 ``auth``
254 254 """"""""
255 255
256 256 Authentication credentials for HTTP authentication. This section
257 257 allows you to store usernames and passwords for use when logging
258 258 *into* HTTP servers. See the ``[web]`` configuration section if
259 259 you want to configure *who* can login to your HTTP server.
260 260
261 261 Each line has the following format::
262 262
263 263 <name>.<argument> = <value>
264 264
265 265 where ``<name>`` is used to group arguments into authentication
266 266 entries. Example::
267 267
268 268 foo.prefix = hg.intevation.org/mercurial
269 269 foo.username = foo
270 270 foo.password = bar
271 271 foo.schemes = http https
272 272
273 273 bar.prefix = secure.example.org
274 274 bar.key = path/to/file.key
275 275 bar.cert = path/to/file.cert
276 276 bar.schemes = https
277 277
278 278 Supported arguments:
279 279
280 280 ``prefix``
281 281 Either ``*`` or a URI prefix with or without the scheme part.
282 282 The authentication entry with the longest matching prefix is used
283 283 (where ``*`` matches everything and counts as a match of length
284 284 1). If the prefix doesn't include a scheme, the match is performed
285 285 against the URI with its scheme stripped as well, and the schemes
286 286 argument, q.v., is then subsequently consulted.
287 287
288 288 ``username``
289 289 Optional. Username to authenticate with. If not given, and the
290 290 remote site requires basic or digest authentication, the user will
291 291 be prompted for it. Environment variables are expanded in the
292 292 username letting you do ``foo.username = $USER``. If the URI
293 293 includes a username, only ``[auth]`` entries with a matching
294 294 username or without a username will be considered.
295 295
296 296 ``password``
297 297 Optional. Password to authenticate with. If not given, and the
298 298 remote site requires basic or digest authentication, the user
299 299 will be prompted for it.
300 300
301 301 ``key``
302 302 Optional. PEM encoded client certificate key file. Environment
303 303 variables are expanded in the filename.
304 304
305 305 ``cert``
306 306 Optional. PEM encoded client certificate chain file. Environment
307 307 variables are expanded in the filename.
308 308
309 309 ``schemes``
310 310 Optional. Space separated list of URI schemes to use this
311 311 authentication entry with. Only used if the prefix doesn't include
312 312 a scheme. Supported schemes are http and https. They will match
313 313 static-http and static-https respectively, as well.
314 314 Default: https.
315 315
316 316 If no suitable authentication entry is found, the user is prompted
317 317 for credentials as usual if required by the remote.
318 318
319 319
320 320 ``decode/encode``
321 321 """""""""""""""""
322 322
323 323 Filters for transforming files on checkout/checkin. This would
324 324 typically be used for newline processing or other
325 325 localization/canonicalization of files.
326 326
327 327 Filters consist of a filter pattern followed by a filter command.
328 328 Filter patterns are globs by default, rooted at the repository root.
329 329 For example, to match any file ending in ``.txt`` in the root
330 330 directory only, use the pattern ``*.txt``. To match any file ending
331 331 in ``.c`` anywhere in the repository, use the pattern ``**.c``.
332 332 For each file only the first matching filter applies.
333 333
334 334 The filter command can start with a specifier, either ``pipe:`` or
335 335 ``tempfile:``. If no specifier is given, ``pipe:`` is used by default.
336 336
337 337 A ``pipe:`` command must accept data on stdin and return the transformed
338 338 data on stdout.
339 339
340 340 Pipe example::
341 341
342 342 [encode]
343 343 # uncompress gzip files on checkin to improve delta compression
344 344 # note: not necessarily a good idea, just an example
345 345 *.gz = pipe: gunzip
346 346
347 347 [decode]
348 348 # recompress gzip files when writing them to the working dir (we
349 349 # can safely omit "pipe:", because it's the default)
350 350 *.gz = gzip
351 351
352 352 A ``tempfile:`` command is a template. The string ``INFILE`` is replaced
353 353 with the name of a temporary file that contains the data to be
354 354 filtered by the command. The string ``OUTFILE`` is replaced with the name
355 355 of an empty temporary file, where the filtered data must be written by
356 356 the command.
357 357
358 358 .. note:: The tempfile mechanism is recommended for Windows systems,
359 359 where the standard shell I/O redirection operators often have
360 360 strange effects and may corrupt the contents of your files.
361 361
362 362 This filter mechanism is used internally by the ``eol`` extension to
363 363 translate line ending characters between Windows (CRLF) and Unix (LF)
364 364 format. We suggest you use the ``eol`` extension for convenience.
365 365
366 366
367 367 ``defaults``
368 368 """"""""""""
369 369
370 370 (defaults are deprecated. Don't use them. Use aliases instead)
371 371
372 372 Use the ``[defaults]`` section to define command defaults, i.e. the
373 373 default options/arguments to pass to the specified commands.
374 374
375 375 The following example makes :hg:`log` run in verbose mode, and
376 376 :hg:`status` show only the modified files, by default::
377 377
378 378 [defaults]
379 379 log = -v
380 380 status = -m
381 381
382 382 The actual commands, instead of their aliases, must be used when
383 383 defining command defaults. The command defaults will also be applied
384 384 to the aliases of the commands defined.
385 385
386 386
387 387 ``diff``
388 388 """"""""
389 389
390 390 Settings used when displaying diffs. Everything except for ``unified``
391 391 is a Boolean and defaults to False. See ``annotate`` section for
392 392 related options for the annotate command.
393 393
394 394 ``git``
395 395 Use git extended diff format.
396 396
397 397 ``nodates``
398 398 Don't include dates in diff headers.
399 399
400 400 ``showfunc``
401 401 Show which function each change is in.
402 402
403 403 ``ignorews``
404 404 Ignore white space when comparing lines.
405 405
406 406 ``ignorewsamount``
407 407 Ignore changes in the amount of white space.
408 408
409 409 ``ignoreblanklines``
410 410 Ignore changes whose lines are all blank.
411 411
412 412 ``unified``
413 413 Number of lines of context to show.
414 414
415 415 ``email``
416 416 """""""""
417 417
418 418 Settings for extensions that send email messages.
419 419
420 420 ``from``
421 421 Optional. Email address to use in "From" header and SMTP envelope
422 422 of outgoing messages.
423 423
424 424 ``to``
425 425 Optional. Comma-separated list of recipients' email addresses.
426 426
427 427 ``cc``
428 428 Optional. Comma-separated list of carbon copy recipients'
429 429 email addresses.
430 430
431 431 ``bcc``
432 432 Optional. Comma-separated list of blind carbon copy recipients'
433 433 email addresses.
434 434
435 435 ``method``
436 436 Optional. Method to use to send email messages. If value is ``smtp``
437 437 (default), use SMTP (see the ``[smtp]`` section for configuration).
438 438 Otherwise, use as name of program to run that acts like sendmail
439 439 (takes ``-f`` option for sender, list of recipients on command line,
440 440 message on stdin). Normally, setting this to ``sendmail`` or
441 441 ``/usr/sbin/sendmail`` is enough to use sendmail to send messages.
442 442
443 443 ``charsets``
444 444 Optional. Comma-separated list of character sets considered
445 445 convenient for recipients. Addresses, headers, and parts not
446 446 containing patches of outgoing messages will be encoded in the
447 447 first character set to which conversion from local encoding
448 448 (``$HGENCODING``, ``ui.fallbackencoding``) succeeds. If correct
449 449 conversion fails, the text in question is sent as is. Defaults to
450 450 empty (explicit) list.
451 451
452 452 Order of outgoing email character sets:
453 453
454 454 1. ``us-ascii``: always first, regardless of settings
455 455 2. ``email.charsets``: in order given by user
456 456 3. ``ui.fallbackencoding``: if not in email.charsets
457 457 4. ``$HGENCODING``: if not in email.charsets
458 458 5. ``utf-8``: always last, regardless of settings
459 459
460 460 Email example::
461 461
462 462 [email]
463 463 from = Joseph User <joe.user@example.com>
464 464 method = /usr/sbin/sendmail
465 465 # charsets for western Europeans
466 466 # us-ascii, utf-8 omitted, as they are tried first and last
467 467 charsets = iso-8859-1, iso-8859-15, windows-1252
468 468
469 469
470 470 ``extensions``
471 471 """"""""""""""
472 472
473 473 Mercurial has an extension mechanism for adding new features. To
474 474 enable an extension, create an entry for it in this section.
475 475
476 476 If you know that the extension is already in Python's search path,
477 477 you can give the name of the module, followed by ``=``, with nothing
478 478 after the ``=``.
479 479
480 480 Otherwise, give a name that you choose, followed by ``=``, followed by
481 481 the path to the ``.py`` file (including the file name extension) that
482 482 defines the extension.
483 483
484 484 To explicitly disable an extension that is enabled in an hgrc of
485 485 broader scope, prepend its path with ``!``, as in ``foo = !/ext/path``
486 486 or ``foo = !`` when path is not supplied.
487 487
488 488 Example for ``~/.hgrc``::
489 489
490 490 [extensions]
491 491 # (the mq extension will get loaded from Mercurial's path)
492 492 mq =
493 493 # (this extension will get loaded from the file specified)
494 494 myfeature = ~/.hgext/myfeature.py
495 495
496 496
497 497 ``format``
498 498 """"""""""
499 499
500 500 ``usestore``
501 501 Enable or disable the "store" repository format which improves
502 502 compatibility with systems that fold case or otherwise mangle
503 503 filenames. Enabled by default. Disabling this option will allow
504 504 you to store longer filenames in some situations at the expense of
505 505 compatibility and ensures that the on-disk format of newly created
506 506 repositories will be compatible with Mercurial before version 0.9.4.
507 507
508 508 ``usefncache``
509 509 Enable or disable the "fncache" repository format which enhances
510 510 the "store" repository format (which has to be enabled to use
511 511 fncache) to allow longer filenames and avoids using Windows
512 512 reserved names, e.g. "nul". Enabled by default. Disabling this
513 513 option ensures that the on-disk format of newly created
514 514 repositories will be compatible with Mercurial before version 1.1.
515 515
516 516 ``dotencode``
517 517 Enable or disable the "dotencode" repository format which enhances
518 518 the "fncache" repository format (which has to be enabled to use
519 519 dotencode) to avoid issues with filenames starting with ._ on
520 520 Mac OS X and spaces on Windows. Enabled by default. Disabling this
521 521 option ensures that the on-disk format of newly created
522 522 repositories will be compatible with Mercurial before version 1.7.
523 523
524 524 ``graph``
525 525 """""""""
526 526
527 527 Web graph view configuration. This section let you change graph
528 528 elements display properties by branches, for instance to make the
529 529 ``default`` branch stand out.
530 530
531 531 Each line has the following format::
532 532
533 533 <branch>.<argument> = <value>
534 534
535 535 where ``<branch>`` is the name of the branch being
536 536 customized. Example::
537 537
538 538 [graph]
539 539 # 2px width
540 540 default.width = 2
541 541 # red color
542 542 default.color = FF0000
543 543
544 544 Supported arguments:
545 545
546 546 ``width``
547 547 Set branch edges width in pixels.
548 548
549 549 ``color``
550 550 Set branch edges color in hexadecimal RGB notation.
551 551
552 552 ``hooks``
553 553 """""""""
554 554
555 555 Commands or Python functions that get automatically executed by
556 556 various actions such as starting or finishing a commit. Multiple
557 557 hooks can be run for the same action by appending a suffix to the
558 558 action. Overriding a site-wide hook can be done by changing its
559 559 value or setting it to an empty string. Hooks can be prioritized
560 560 by adding a prefix of ``priority`` to the hook name on a new line
561 561 and setting the priority. The default priority is 0 if
562 562 not specified.
563 563
564 564 Example ``.hg/hgrc``::
565 565
566 566 [hooks]
567 567 # update working directory after adding changesets
568 568 changegroup.update = hg update
569 569 # do not use the site-wide hook
570 570 incoming =
571 571 incoming.email = /my/email/hook
572 572 incoming.autobuild = /my/build/hook
573 573 # force autobuild hook to run before other incoming hooks
574 574 priority.incoming.autobuild = 1
575 575
576 576 Most hooks are run with environment variables set that give useful
577 577 additional information. For each hook below, the environment
578 578 variables it is passed are listed with names of the form ``$HG_foo``.
579 579
580 580 ``changegroup``
581 581 Run after a changegroup has been added via push, pull or unbundle.
582 582 ID of the first new changeset is in ``$HG_NODE``. URL from which
583 583 changes came is in ``$HG_URL``.
584 584
585 585 ``commit``
586 586 Run after a changeset has been created in the local repository. ID
587 587 of the newly created changeset is in ``$HG_NODE``. Parent changeset
588 588 IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``.
589 589
590 590 ``incoming``
591 591 Run after a changeset has been pulled, pushed, or unbundled into
592 592 the local repository. The ID of the newly arrived changeset is in
593 593 ``$HG_NODE``. URL that was source of changes came is in ``$HG_URL``.
594 594
595 595 ``outgoing``
596 596 Run after sending changes from local repository to another. ID of
597 597 first changeset sent is in ``$HG_NODE``. Source of operation is in
598 598 ``$HG_SOURCE``; see "preoutgoing" hook for description.
599 599
600 600 ``post-<command>``
601 601 Run after successful invocations of the associated command. The
602 602 contents of the command line are passed as ``$HG_ARGS`` and the result
603 603 code in ``$HG_RESULT``. Parsed command line arguments are passed as
604 604 ``$HG_PATS`` and ``$HG_OPTS``. These contain string representations of
605 605 the python data internally passed to <command>. ``$HG_OPTS`` is a
606 606 dictionary of options (with unspecified options set to their defaults).
607 607 ``$HG_PATS`` is a list of arguments. Hook failure is ignored.
608 608
609 609 ``pre-<command>``
610 610 Run before executing the associated command. The contents of the
611 611 command line are passed as ``$HG_ARGS``. Parsed command line arguments
612 612 are passed as ``$HG_PATS`` and ``$HG_OPTS``. These contain string
613 613 representations of the data internally passed to <command>. ``$HG_OPTS``
614 614 is a dictionary of options (with unspecified options set to their
615 615 defaults). ``$HG_PATS`` is a list of arguments. If the hook returns
616 616 failure, the command doesn't execute and Mercurial returns the failure
617 617 code.
618 618
619 619 ``prechangegroup``
620 620 Run before a changegroup is added via push, pull or unbundle. Exit
621 621 status 0 allows the changegroup to proceed. Non-zero status will
622 622 cause the push, pull or unbundle to fail. URL from which changes
623 623 will come is in ``$HG_URL``.
624 624
625 625 ``precommit``
626 626 Run before starting a local commit. Exit status 0 allows the
627 627 commit to proceed. Non-zero status will cause the commit to fail.
628 628 Parent changeset IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``.
629 629
630 630 ``prelistkeys``
631 631 Run before listing pushkeys (like bookmarks) in the
632 632 repository. Non-zero status will cause failure. The key namespace is
633 633 in ``$HG_NAMESPACE``.
634 634
635 635 ``preoutgoing``
636 636 Run before collecting changes to send from the local repository to
637 637 another. Non-zero status will cause failure. This lets you prevent
638 638 pull over HTTP or SSH. Also prevents against local pull, push
639 639 (outbound) or bundle commands, but not effective, since you can
640 640 just copy files instead then. Source of operation is in
641 641 ``$HG_SOURCE``. If "serve", operation is happening on behalf of remote
642 642 SSH or HTTP repository. If "push", "pull" or "bundle", operation
643 643 is happening on behalf of repository on same system.
644 644
645 645 ``prepushkey``
646 646 Run before a pushkey (like a bookmark) is added to the
647 647 repository. Non-zero status will cause the key to be rejected. The
648 648 key namespace is in ``$HG_NAMESPACE``, the key is in ``$HG_KEY``,
649 649 the old value (if any) is in ``$HG_OLD``, and the new value is in
650 650 ``$HG_NEW``.
651 651
652 652 ``pretag``
653 653 Run before creating a tag. Exit status 0 allows the tag to be
654 654 created. Non-zero status will cause the tag to fail. ID of
655 655 changeset to tag is in ``$HG_NODE``. Name of tag is in ``$HG_TAG``. Tag is
656 656 local if ``$HG_LOCAL=1``, in repository if ``$HG_LOCAL=0``.
657 657
658 658 ``pretxnchangegroup``
659 659 Run after a changegroup has been added via push, pull or unbundle,
660 660 but before the transaction has been committed. Changegroup is
661 661 visible to hook program. This lets you validate incoming changes
662 662 before accepting them. Passed the ID of the first new changeset in
663 663 ``$HG_NODE``. Exit status 0 allows the transaction to commit. Non-zero
664 664 status will cause the transaction to be rolled back and the push,
665 665 pull or unbundle will fail. URL that was source of changes is in
666 666 ``$HG_URL``.
667 667
668 668 ``pretxncommit``
669 669 Run after a changeset has been created but the transaction not yet
670 670 committed. Changeset is visible to hook program. This lets you
671 671 validate commit message and changes. Exit status 0 allows the
672 672 commit to proceed. Non-zero status will cause the transaction to
673 673 be rolled back. ID of changeset is in ``$HG_NODE``. Parent changeset
674 674 IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``.
675 675
676 676 ``preupdate``
677 677 Run before updating the working directory. Exit status 0 allows
678 678 the update to proceed. Non-zero status will prevent the update.
679 679 Changeset ID of first new parent is in ``$HG_PARENT1``. If merge, ID
680 680 of second new parent is in ``$HG_PARENT2``.
681 681
682 682 ``listkeys``
683 683 Run after listing pushkeys (like bookmarks) in the repository. The
684 684 key namespace is in ``$HG_NAMESPACE``. ``$HG_VALUES`` is a
685 685 dictionary containing the keys and values.
686 686
687 687 ``pushkey``
688 688 Run after a pushkey (like a bookmark) is added to the
689 689 repository. The key namespace is in ``$HG_NAMESPACE``, the key is in
690 690 ``$HG_KEY``, the old value (if any) is in ``$HG_OLD``, and the new
691 691 value is in ``$HG_NEW``.
692 692
693 693 ``tag``
694 694 Run after a tag is created. ID of tagged changeset is in ``$HG_NODE``.
695 695 Name of tag is in ``$HG_TAG``. Tag is local if ``$HG_LOCAL=1``, in
696 696 repository if ``$HG_LOCAL=0``.
697 697
698 698 ``update``
699 699 Run after updating the working directory. Changeset ID of first
700 700 new parent is in ``$HG_PARENT1``. If merge, ID of second new parent is
701 701 in ``$HG_PARENT2``. If the update succeeded, ``$HG_ERROR=0``. If the
702 702 update failed (e.g. because conflicts not resolved), ``$HG_ERROR=1``.
703 703
704 704 .. note:: It is generally better to use standard hooks rather than the
705 705 generic pre- and post- command hooks as they are guaranteed to be
706 706 called in the appropriate contexts for influencing transactions.
707 707 Also, hooks like "commit" will be called in all contexts that
708 708 generate a commit (e.g. tag) and not just the commit command.
709 709
710 710 .. note:: Environment variables with empty values may not be passed to
711 711 hooks on platforms such as Windows. As an example, ``$HG_PARENT2``
712 712 will have an empty value under Unix-like platforms for non-merge
713 713 changesets, while it will not be available at all under Windows.
714 714
715 715 The syntax for Python hooks is as follows::
716 716
717 717 hookname = python:modulename.submodule.callable
718 718 hookname = python:/path/to/python/module.py:callable
719 719
720 720 Python hooks are run within the Mercurial process. Each hook is
721 721 called with at least three keyword arguments: a ui object (keyword
722 722 ``ui``), a repository object (keyword ``repo``), and a ``hooktype``
723 723 keyword that tells what kind of hook is used. Arguments listed as
724 724 environment variables above are passed as keyword arguments, with no
725 725 ``HG_`` prefix, and names in lower case.
726 726
727 727 If a Python hook returns a "true" value or raises an exception, this
728 728 is treated as a failure.
729 729
730 730
731 731 ``hostfingerprints``
732 732 """"""""""""""""""""
733 733
734 734 Fingerprints of the certificates of known HTTPS servers.
735 735 A HTTPS connection to a server with a fingerprint configured here will
736 736 only succeed if the servers certificate matches the fingerprint.
737 737 This is very similar to how ssh known hosts works.
738 738 The fingerprint is the SHA-1 hash value of the DER encoded certificate.
739 739 The CA chain and web.cacerts is not used for servers with a fingerprint.
740 740
741 741 For example::
742 742
743 743 [hostfingerprints]
744 744 hg.intevation.org = 38:76:52:7c:87:26:9a:8f:4a:f8:d3:de:08:45:3b:ea:d6:4b:ee:cc
745 745
746 746 This feature is only supported when using Python 2.6 or later.
747 747
748 748
749 749 ``http_proxy``
750 750 """"""""""""""
751 751
752 752 Used to access web-based Mercurial repositories through a HTTP
753 753 proxy.
754 754
755 755 ``host``
756 756 Host name and (optional) port of the proxy server, for example
757 757 "myproxy:8000".
758 758
759 759 ``no``
760 760 Optional. Comma-separated list of host names that should bypass
761 761 the proxy.
762 762
763 763 ``passwd``
764 764 Optional. Password to authenticate with at the proxy server.
765 765
766 766 ``user``
767 767 Optional. User name to authenticate with at the proxy server.
768 768
769 769 ``always``
770 770 Optional. Always use the proxy, even for localhost and any entries
771 771 in ``http_proxy.no``. True or False. Default: False.
772 772
773 773 ``merge-patterns``
774 774 """"""""""""""""""
775 775
776 776 This section specifies merge tools to associate with particular file
777 777 patterns. Tools matched here will take precedence over the default
778 778 merge tool. Patterns are globs by default, rooted at the repository
779 779 root.
780 780
781 781 Example::
782 782
783 783 [merge-patterns]
784 784 **.c = kdiff3
785 785 **.jpg = myimgmerge
786 786
787 787 ``merge-tools``
788 788 """""""""""""""
789 789
790 790 This section configures external merge tools to use for file-level
791 791 merges.
792 792
793 793 Example ``~/.hgrc``::
794 794
795 795 [merge-tools]
796 796 # Override stock tool location
797 797 kdiff3.executable = ~/bin/kdiff3
798 798 # Specify command line
799 799 kdiff3.args = $base $local $other -o $output
800 800 # Give higher priority
801 801 kdiff3.priority = 1
802 802
803 803 # Define new tool
804 804 myHtmlTool.args = -m $local $other $base $output
805 805 myHtmlTool.regkey = Software\FooSoftware\HtmlMerge
806 806 myHtmlTool.priority = 1
807 807
808 808 Supported arguments:
809 809
810 810 ``priority``
811 811 The priority in which to evaluate this tool.
812 812 Default: 0.
813 813
814 814 ``executable``
815 815 Either just the name of the executable or its pathname. On Windows,
816 816 the path can use environment variables with ${ProgramFiles} syntax.
817 817 Default: the tool name.
818 818
819 819 ``args``
820 820 The arguments to pass to the tool executable. You can refer to the
821 821 files being merged as well as the output file through these
822 822 variables: ``$base``, ``$local``, ``$other``, ``$output``.
823 823 Default: ``$local $base $other``
824 824
825 825 ``premerge``
826 826 Attempt to run internal non-interactive 3-way merge tool before
827 827 launching external tool. Options are ``true``, ``false``, or ``keep``
828 828 to leave markers in the file if the premerge fails.
829 829 Default: True
830 830
831 831 ``binary``
832 832 This tool can merge binary files. Defaults to False, unless tool
833 833 was selected by file pattern match.
834 834
835 835 ``symlink``
836 836 This tool can merge symlinks. Defaults to False, even if tool was
837 837 selected by file pattern match.
838 838
839 839 ``check``
840 840 A list of merge success-checking options:
841 841
842 842 ``changed``
843 843 Ask whether merge was successful when the merged file shows no changes.
844 844 ``conflicts``
845 845 Check whether there are conflicts even though the tool reported success.
846 846 ``prompt``
847 847 Always prompt for merge success, regardless of success reported by tool.
848 848
849 849 ``checkchanged``
850 850 True is equivalent to ``check = changed``.
851 851 Default: False
852 852
853 853 ``checkconflicts``
854 854 True is equivalent to ``check = conflicts``.
855 855 Default: False
856 856
857 857 ``fixeol``
858 858 Attempt to fix up EOL changes caused by the merge tool.
859 859 Default: False
860 860
861 861 ``gui``
862 862 This tool requires a graphical interface to run. Default: False
863 863
864 864 ``regkey``
865 865 Windows registry key which describes install location of this
866 866 tool. Mercurial will search for this key first under
867 867 ``HKEY_CURRENT_USER`` and then under ``HKEY_LOCAL_MACHINE``.
868 868 Default: None
869 869
870 870 ``regkeyalt``
871 871 An alternate Windows registry key to try if the first key is not
872 872 found. The alternate key uses the same ``regname`` and ``regappend``
873 873 semantics of the primary key. The most common use for this key
874 874 is to search for 32bit applications on 64bit operating systems.
875 875 Default: None
876 876
877 877 ``regname``
878 878 Name of value to read from specified registry key. Defaults to the
879 879 unnamed (default) value.
880 880
881 881 ``regappend``
882 882 String to append to the value read from the registry, typically
883 883 the executable name of the tool.
884 884 Default: None
885 885
886 886
887 887 ``patch``
888 888 """""""""
889 889
890 890 Settings used when applying patches, for instance through the 'import'
891 891 command or with Mercurial Queues extension.
892 892
893 893 ``eol``
894 894 When set to 'strict' patch content and patched files end of lines
895 895 are preserved. When set to ``lf`` or ``crlf``, both files end of
896 896 lines are ignored when patching and the result line endings are
897 897 normalized to either LF (Unix) or CRLF (Windows). When set to
898 898 ``auto``, end of lines are again ignored while patching but line
899 899 endings in patched files are normalized to their original setting
900 900 on a per-file basis. If target file does not exist or has no end
901 901 of line, patch line endings are preserved.
902 902 Default: strict.
903 903
904 904
905 905 ``paths``
906 906 """""""""
907 907
908 908 Assigns symbolic names to repositories. The left side is the
909 909 symbolic name, and the right gives the directory or URL that is the
910 910 location of the repository. Default paths can be declared by setting
911 911 the following entries.
912 912
913 913 ``default``
914 914 Directory or URL to use when pulling if no source is specified.
915 915 Default is set to repository from which the current repository was
916 916 cloned.
917 917
918 918 ``default-push``
919 919 Optional. Directory or URL to use when pushing if no destination
920 920 is specified.
921 921
922 922 ``phases``
923 923 """"""""""
924 924
925 925 Specifies default handling of phases. See :hg:`help phases` for more
926 926 information about working with phases.
927 927
928 928 ``publish``
929 929 Controls draft phase behavior when working as a server. When true,
930 930 pushed changesets are set to public in both client and server and
931 931 pulled or cloned changesets are set to public in the client.
932 932 Default: True
933 933
934 934 ``new-commit``
935 935 Phase of newly-created commits.
936 936 Default: draft
937 937
938 938 ``profiling``
939 939 """""""""""""
940 940
941 941 Specifies profiling format and file output. In this section
942 942 description, 'profiling data' stands for the raw data collected
943 943 during profiling, while 'profiling report' stands for a statistical
944 944 text report generated from the profiling data. The profiling is done
945 945 using lsprof.
946 946
947 947 ``format``
948 948 Profiling format.
949 949 Default: text.
950 950
951 951 ``text``
952 952 Generate a profiling report. When saving to a file, it should be
953 953 noted that only the report is saved, and the profiling data is
954 954 not kept.
955 955 ``kcachegrind``
956 956 Format profiling data for kcachegrind use: when saving to a
957 957 file, the generated file can directly be loaded into
958 958 kcachegrind.
959 959
960 960 ``output``
961 961 File path where profiling data or report should be saved. If the
962 962 file exists, it is replaced. Default: None, data is printed on
963 963 stderr
964 964
965 965 ``revsetalias``
966 966 """""""""""""""
967 967
968 968 Alias definitions for revsets. See :hg:`help revsets` for details.
969 969
970 970 ``server``
971 971 """"""""""
972 972
973 973 Controls generic server settings.
974 974
975 975 ``uncompressed``
976 976 Whether to allow clients to clone a repository using the
977 977 uncompressed streaming protocol. This transfers about 40% more
978 978 data than a regular clone, but uses less memory and CPU on both
979 979 server and client. Over a LAN (100 Mbps or better) or a very fast
980 980 WAN, an uncompressed streaming clone is a lot faster (~10x) than a
981 981 regular clone. Over most WAN connections (anything slower than
982 982 about 6 Mbps), uncompressed streaming is slower, because of the
983 983 extra data transfer overhead. This mode will also temporarily hold
984 984 the write lock while determining what data to transfer.
985 985 Default is True.
986 986
987 987 ``preferuncompressed``
988 988 When set, clients will try to use the uncompressed streaming
989 989 protocol. Default is False.
990 990
991 991 ``validate``
992 992 Whether to validate the completeness of pushed changesets by
993 993 checking that all new file revisions specified in manifests are
994 994 present. Default is False.
995 995
996 996 ``smtp``
997 997 """"""""
998 998
999 999 Configuration for extensions that need to send email messages.
1000 1000
1001 1001 ``host``
1002 1002 Host name of mail server, e.g. "mail.example.com".
1003 1003
1004 1004 ``port``
1005 1005 Optional. Port to connect to on mail server. Default: 25.
1006 1006
1007 1007 ``tls``
1008 1008 Optional. Method to enable TLS when connecting to mail server: starttls,
1009 1009 smtps or none. Default: none.
1010 1010
1011 1011 ``username``
1012 1012 Optional. User name for authenticating with the SMTP server.
1013 1013 Default: none.
1014 1014
1015 1015 ``password``
1016 1016 Optional. Password for authenticating with the SMTP server. If not
1017 1017 specified, interactive sessions will prompt the user for a
1018 1018 password; non-interactive sessions will fail. Default: none.
1019 1019
1020 1020 ``local_hostname``
1021 1021 Optional. It's the hostname that the sender can use to identify
1022 1022 itself to the MTA.
1023 1023
1024 1024
1025 1025 ``subpaths``
1026 1026 """"""""""""
1027 1027
1028 1028 Defines subrepositories source locations rewriting rules of the form::
1029 1029
1030 1030 <pattern> = <replacement>
1031 1031
1032 1032 Where ``pattern`` is a regular expression matching the source and
1033 1033 ``replacement`` is the replacement string used to rewrite it. Groups
1034 1034 can be matched in ``pattern`` and referenced in ``replacements``. For
1035 1035 instance::
1036 1036
1037 1037 http://server/(.*)-hg/ = http://hg.server/\1/
1038 1038
1039 1039 rewrites ``http://server/foo-hg/`` into ``http://hg.server/foo/``.
1040 1040
1041 1041 All patterns are applied in definition order.
1042 1042
1043 1043 ``trusted``
1044 1044 """""""""""
1045 1045
1046 1046 Mercurial will not use the settings in the
1047 1047 ``.hg/hgrc`` file from a repository if it doesn't belong to a trusted
1048 1048 user or to a trusted group, as various hgrc features allow arbitrary
1049 1049 commands to be run. This issue is often encountered when configuring
1050 1050 hooks or extensions for shared repositories or servers. However,
1051 1051 the web interface will use some safe settings from the ``[web]``
1052 1052 section.
1053 1053
1054 1054 This section specifies what users and groups are trusted. The
1055 1055 current user is always trusted. To trust everybody, list a user or a
1056 1056 group with name ``*``. These settings must be placed in an
1057 1057 *already-trusted file* to take effect, such as ``$HOME/.hgrc`` of the
1058 1058 user or service running Mercurial.
1059 1059
1060 1060 ``users``
1061 1061 Comma-separated list of trusted users.
1062 1062
1063 1063 ``groups``
1064 1064 Comma-separated list of trusted groups.
1065 1065
1066 1066
1067 1067 ``ui``
1068 1068 """"""
1069 1069
1070 1070 User interface controls.
1071 1071
1072 1072 ``archivemeta``
1073 1073 Whether to include the .hg_archival.txt file containing meta data
1074 1074 (hashes for the repository base and for tip) in archives created
1075 1075 by the :hg:`archive` command or downloaded via hgweb.
1076 1076 Default is True.
1077 1077
1078 1078 ``askusername``
1079 1079 Whether to prompt for a username when committing. If True, and
1080 1080 neither ``$HGUSER`` nor ``$EMAIL`` has been specified, then the user will
1081 1081 be prompted to enter a username. If no username is entered, the
1082 1082 default ``USER@HOST`` is used instead.
1083 1083 Default is False.
1084 1084
1085 1085 ``commitsubrepos``
1086 1086 Whether to commit modified subrepositories when committing the
1087 1087 parent repository. If False and one subrepository has uncommitted
1088 1088 changes, abort the commit.
1089 1089 Default is False.
1090 1090
1091 1091 ``debug``
1092 1092 Print debugging information. True or False. Default is False.
1093 1093
1094 1094 ``editor``
1095 1095 The editor to use during a commit. Default is ``$EDITOR`` or ``vi``.
1096 1096
1097 1097 ``fallbackencoding``
1098 1098 Encoding to try if it's not possible to decode the changelog using
1099 1099 UTF-8. Default is ISO-8859-1.
1100 1100
1101 1101 ``ignore``
1102 1102 A file to read per-user ignore patterns from. This file should be
1103 1103 in the same format as a repository-wide .hgignore file. This
1104 1104 option supports hook syntax, so if you want to specify multiple
1105 1105 ignore files, you can do so by setting something like
1106 1106 ``ignore.other = ~/.hgignore2``. For details of the ignore file
1107 1107 format, see the ``hgignore(5)`` man page.
1108 1108
1109 1109 ``interactive``
1110 1110 Allow to prompt the user. True or False. Default is True.
1111 1111
1112 1112 ``logtemplate``
1113 1113 Template string for commands that print changesets.
1114 1114
1115 1115 ``merge``
1116 1116 The conflict resolution program to use during a manual merge.
1117 1117 For more information on merge tools see :hg:`help merge-tools`.
1118 1118 For configuring merge tools see the ``[merge-tools]`` section.
1119 1119
1120 1120 ``portablefilenames``
1121 1121 Check for portable filenames. Can be ``warn``, ``ignore`` or ``abort``.
1122 1122 Default is ``warn``.
1123 1123 If set to ``warn`` (or ``true``), a warning message is printed on POSIX
1124 1124 platforms, if a file with a non-portable filename is added (e.g. a file
1125 1125 with a name that can't be created on Windows because it contains reserved
1126 1126 parts like ``AUX``, reserved characters like ``:``, or would cause a case
1127 1127 collision with an existing file).
1128 1128 If set to ``ignore`` (or ``false``), no warning is printed.
1129 1129 If set to ``abort``, the command is aborted.
1130 1130 On Windows, this configuration option is ignored and the command aborted.
1131 1131
1132 1132 ``quiet``
1133 1133 Reduce the amount of output printed. True or False. Default is False.
1134 1134
1135 1135 ``remotecmd``
1136 1136 remote command to use for clone/push/pull operations. Default is ``hg``.
1137 1137
1138 ``reportoldssl``
1139 Warn if an SSL certificate is unable to be due to using Python
1140 2.5 or earlier. True or False. Default is True.
1141
1138 1142 ``report_untrusted``
1139 1143 Warn if a ``.hg/hgrc`` file is ignored due to not being owned by a
1140 1144 trusted user or group. True or False. Default is True.
1141 1145
1142 1146 ``slash``
1143 1147 Display paths using a slash (``/``) as the path separator. This
1144 1148 only makes a difference on systems where the default path
1145 1149 separator is not the slash character (e.g. Windows uses the
1146 1150 backslash character (``\``)).
1147 1151 Default is False.
1148 1152
1149 1153 ``ssh``
1150 1154 command to use for SSH connections. Default is ``ssh``.
1151 1155
1152 1156 ``strict``
1153 1157 Require exact command names, instead of allowing unambiguous
1154 1158 abbreviations. True or False. Default is False.
1155 1159
1156 1160 ``style``
1157 1161 Name of style to use for command output.
1158 1162
1159 1163 ``timeout``
1160 1164 The timeout used when a lock is held (in seconds), a negative value
1161 1165 means no timeout. Default is 600.
1162 1166
1163 1167 ``traceback``
1164 1168 Mercurial always prints a traceback when an unknown exception
1165 1169 occurs. Setting this to True will make Mercurial print a traceback
1166 1170 on all exceptions, even those recognized by Mercurial (such as
1167 1171 IOError or MemoryError). Default is False.
1168 1172
1169 1173 ``username``
1170 1174 The committer of a changeset created when running "commit".
1171 1175 Typically a person's name and email address, e.g. ``Fred Widget
1172 1176 <fred@example.com>``. Default is ``$EMAIL`` or ``username@hostname``. If
1173 1177 the username in hgrc is empty, it has to be specified manually or
1174 1178 in a different hgrc file (e.g. ``$HOME/.hgrc``, if the admin set
1175 1179 ``username =`` in the system hgrc). Environment variables in the
1176 1180 username are expanded.
1177 1181
1178 1182 ``verbose``
1179 1183 Increase the amount of output printed. True or False. Default is False.
1180 1184
1181 1185
1182 1186 ``web``
1183 1187 """""""
1184 1188
1185 1189 Web interface configuration. The settings in this section apply to
1186 1190 both the builtin webserver (started by :hg:`serve`) and the script you
1187 1191 run through a webserver (``hgweb.cgi`` and the derivatives for FastCGI
1188 1192 and WSGI).
1189 1193
1190 1194 The Mercurial webserver does no authentication (it does not prompt for
1191 1195 usernames and passwords to validate *who* users are), but it does do
1192 1196 authorization (it grants or denies access for *authenticated users*
1193 1197 based on settings in this section). You must either configure your
1194 1198 webserver to do authentication for you, or disable the authorization
1195 1199 checks.
1196 1200
1197 1201 For a quick setup in a trusted environment, e.g., a private LAN, where
1198 1202 you want it to accept pushes from anybody, you can use the following
1199 1203 command line::
1200 1204
1201 1205 $ hg --config web.allow_push=* --config web.push_ssl=False serve
1202 1206
1203 1207 Note that this will allow anybody to push anything to the server and
1204 1208 that this should not be used for public servers.
1205 1209
1206 1210 The full set of options is:
1207 1211
1208 1212 ``accesslog``
1209 1213 Where to output the access log. Default is stdout.
1210 1214
1211 1215 ``address``
1212 1216 Interface address to bind to. Default is all.
1213 1217
1214 1218 ``allow_archive``
1215 1219 List of archive format (bz2, gz, zip) allowed for downloading.
1216 1220 Default is empty.
1217 1221
1218 1222 ``allowbz2``
1219 1223 (DEPRECATED) Whether to allow .tar.bz2 downloading of repository
1220 1224 revisions.
1221 1225 Default is False.
1222 1226
1223 1227 ``allowgz``
1224 1228 (DEPRECATED) Whether to allow .tar.gz downloading of repository
1225 1229 revisions.
1226 1230 Default is False.
1227 1231
1228 1232 ``allowpull``
1229 1233 Whether to allow pulling from the repository. Default is True.
1230 1234
1231 1235 ``allow_push``
1232 1236 Whether to allow pushing to the repository. If empty or not set,
1233 1237 push is not allowed. If the special value ``*``, any remote user can
1234 1238 push, including unauthenticated users. Otherwise, the remote user
1235 1239 must have been authenticated, and the authenticated user name must
1236 1240 be present in this list. The contents of the allow_push list are
1237 1241 examined after the deny_push list.
1238 1242
1239 1243 ``guessmime``
1240 1244 Control MIME types for raw download of file content.
1241 1245 Set to True to let hgweb guess the content type from the file
1242 1246 extension. This will serve HTML files as ``text/html`` and might
1243 1247 allow cross-site scripting attacks when serving untrusted
1244 1248 repositories. Default is False.
1245 1249
1246 1250 ``allow_read``
1247 1251 If the user has not already been denied repository access due to
1248 1252 the contents of deny_read, this list determines whether to grant
1249 1253 repository access to the user. If this list is not empty, and the
1250 1254 user is unauthenticated or not present in the list, then access is
1251 1255 denied for the user. If the list is empty or not set, then access
1252 1256 is permitted to all users by default. Setting allow_read to the
1253 1257 special value ``*`` is equivalent to it not being set (i.e. access
1254 1258 is permitted to all users). The contents of the allow_read list are
1255 1259 examined after the deny_read list.
1256 1260
1257 1261 ``allowzip``
1258 1262 (DEPRECATED) Whether to allow .zip downloading of repository
1259 1263 revisions. Default is False. This feature creates temporary files.
1260 1264
1261 1265 ``baseurl``
1262 1266 Base URL to use when publishing URLs in other locations, so
1263 1267 third-party tools like email notification hooks can construct
1264 1268 URLs. Example: ``http://hgserver/repos/``.
1265 1269
1266 1270 ``cacerts``
1267 1271 Path to file containing a list of PEM encoded certificate
1268 1272 authority certificates. Environment variables and ``~user``
1269 1273 constructs are expanded in the filename. If specified on the
1270 1274 client, then it will verify the identity of remote HTTPS servers
1271 1275 with these certificates. The form must be as follows::
1272 1276
1273 1277 -----BEGIN CERTIFICATE-----
1274 1278 ... (certificate in base64 PEM encoding) ...
1275 1279 -----END CERTIFICATE-----
1276 1280 -----BEGIN CERTIFICATE-----
1277 1281 ... (certificate in base64 PEM encoding) ...
1278 1282 -----END CERTIFICATE-----
1279 1283
1280 1284 This feature is only supported when using Python 2.6 or later. If you wish
1281 1285 to use it with earlier versions of Python, install the backported
1282 1286 version of the ssl library that is available from
1283 1287 ``http://pypi.python.org``.
1284 1288
1285 1289 You can use OpenSSL's CA certificate file if your platform has one.
1286 1290 On most Linux systems this will be ``/etc/ssl/certs/ca-certificates.crt``.
1287 1291 Otherwise you will have to generate this file manually.
1288 1292
1289 1293 To disable SSL verification temporarily, specify ``--insecure`` from
1290 1294 command line.
1291 1295
1292 1296 ``cache``
1293 1297 Whether to support caching in hgweb. Defaults to True.
1294 1298
1295 1299 ``contact``
1296 1300 Name or email address of the person in charge of the repository.
1297 1301 Defaults to ui.username or ``$EMAIL`` or "unknown" if unset or empty.
1298 1302
1299 1303 ``deny_push``
1300 1304 Whether to deny pushing to the repository. If empty or not set,
1301 1305 push is not denied. If the special value ``*``, all remote users are
1302 1306 denied push. Otherwise, unauthenticated users are all denied, and
1303 1307 any authenticated user name present in this list is also denied. The
1304 1308 contents of the deny_push list are examined before the allow_push list.
1305 1309
1306 1310 ``deny_read``
1307 1311 Whether to deny reading/viewing of the repository. If this list is
1308 1312 not empty, unauthenticated users are all denied, and any
1309 1313 authenticated user name present in this list is also denied access to
1310 1314 the repository. If set to the special value ``*``, all remote users
1311 1315 are denied access (rarely needed ;). If deny_read is empty or not set,
1312 1316 the determination of repository access depends on the presence and
1313 1317 content of the allow_read list (see description). If both
1314 1318 deny_read and allow_read are empty or not set, then access is
1315 1319 permitted to all users by default. If the repository is being
1316 1320 served via hgwebdir, denied users will not be able to see it in
1317 1321 the list of repositories. The contents of the deny_read list have
1318 1322 priority over (are examined before) the contents of the allow_read
1319 1323 list.
1320 1324
1321 1325 ``descend``
1322 1326 hgwebdir indexes will not descend into subdirectories. Only repositories
1323 1327 directly in the current path will be shown (other repositories are still
1324 1328 available from the index corresponding to their containing path).
1325 1329
1326 1330 ``description``
1327 1331 Textual description of the repository's purpose or contents.
1328 1332 Default is "unknown".
1329 1333
1330 1334 ``encoding``
1331 1335 Character encoding name. Default is the current locale charset.
1332 1336 Example: "UTF-8"
1333 1337
1334 1338 ``errorlog``
1335 1339 Where to output the error log. Default is stderr.
1336 1340
1337 1341 ``hidden``
1338 1342 Whether to hide the repository in the hgwebdir index.
1339 1343 Default is False.
1340 1344
1341 1345 ``ipv6``
1342 1346 Whether to use IPv6. Default is False.
1343 1347
1344 1348 ``logoimg``
1345 1349 File name of the logo image that some templates display on each page.
1346 1350 The file name is relative to ``staticurl``. That is, the full path to
1347 1351 the logo image is "staticurl/logoimg".
1348 1352 If unset, ``hglogo.png`` will be used.
1349 1353
1350 1354 ``logourl``
1351 1355 Base URL to use for logos. If unset, ``http://mercurial.selenic.com/``
1352 1356 will be used.
1353 1357
1354 1358 ``name``
1355 1359 Repository name to use in the web interface. Default is current
1356 1360 working directory.
1357 1361
1358 1362 ``maxchanges``
1359 1363 Maximum number of changes to list on the changelog. Default is 10.
1360 1364
1361 1365 ``maxfiles``
1362 1366 Maximum number of files to list per changeset. Default is 10.
1363 1367
1364 1368 ``port``
1365 1369 Port to listen on. Default is 8000.
1366 1370
1367 1371 ``prefix``
1368 1372 Prefix path to serve from. Default is '' (server root).
1369 1373
1370 1374 ``push_ssl``
1371 1375 Whether to require that inbound pushes be transported over SSL to
1372 1376 prevent password sniffing. Default is True.
1373 1377
1374 1378 ``staticurl``
1375 1379 Base URL to use for static files. If unset, static files (e.g. the
1376 1380 hgicon.png favicon) will be served by the CGI script itself. Use
1377 1381 this setting to serve them directly with the HTTP server.
1378 1382 Example: ``http://hgserver/static/``.
1379 1383
1380 1384 ``stripes``
1381 1385 How many lines a "zebra stripe" should span in multiline output.
1382 1386 Default is 1; set to 0 to disable.
1383 1387
1384 1388 ``style``
1385 1389 Which template map style to use.
1386 1390
1387 1391 ``templates``
1388 1392 Where to find the HTML templates. Default is install path.
Show file before | Show file after | Hide comments
@@ -1,142 +1,143
1 1 # sslutil.py - SSL handling for mercurial
2 2 #
3 3 # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com>
4 4 # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br>
5 5 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
6 6 #
7 7 # This software may be used and distributed according to the terms of the
8 8 # GNU General Public License version 2 or any later version.
9 9 import os
10 10
11 11 from mercurial import util
12 12 from mercurial.i18n import _
13 13 try:
14 14 # avoid using deprecated/broken FakeSocket in python 2.6
15 15 import ssl
16 16 CERT_REQUIRED = ssl.CERT_REQUIRED
17 17 def ssl_wrap_socket(sock, keyfile, certfile,
18 18 cert_reqs=ssl.CERT_NONE, ca_certs=None):
19 19 sslsocket = ssl.wrap_socket(sock, keyfile, certfile,
20 20 cert_reqs=cert_reqs, ca_certs=ca_certs)
21 21 # check if wrap_socket failed silently because socket had been closed
22 22 # - see http://bugs.python.org/issue13721
23 23 if not sslsocket.cipher():
24 24 raise util.Abort(_('ssl connection failed'))
25 25 return sslsocket
26 26 except ImportError:
27 27 CERT_REQUIRED = 2
28 28
29 29 import socket, httplib
30 30
31 31 def ssl_wrap_socket(sock, key_file, cert_file,
32 32 cert_reqs=CERT_REQUIRED, ca_certs=None):
33 33 if not util.safehasattr(socket, 'ssl'):
34 34 raise util.Abort(_('Python SSL support not found'))
35 35 if ca_certs:
36 36 raise util.Abort(_(
37 37 'certificate checking requires Python 2.6'))
38 38
39 39 ssl = socket.ssl(sock, key_file, cert_file)
40 40 return httplib.FakeSocket(sock, ssl)
41 41
42 42 def _verifycert(cert, hostname):
43 43 '''Verify that cert (in socket.getpeercert() format) matches hostname.
44 44 CRLs is not handled.
45 45
46 46 Returns error message if any problems are found and None on success.
47 47 '''
48 48 if not cert:
49 49 return _('no certificate received')
50 50 dnsname = hostname.lower()
51 51 def matchdnsname(certname):
52 52 return (certname == dnsname or
53 53 '.' in dnsname and certname == '*.' + dnsname.split('.', 1)[1])
54 54
55 55 san = cert.get('subjectAltName', [])
56 56 if san:
57 57 certnames = [value.lower() for key, value in san if key == 'DNS']
58 58 for name in certnames:
59 59 if matchdnsname(name):
60 60 return None
61 61 if certnames:
62 62 return _('certificate is for %s') % ', '.join(certnames)
63 63
64 64 # subject is only checked when subjectAltName is empty
65 65 for s in cert.get('subject', []):
66 66 key, value = s[0]
67 67 if key == 'commonName':
68 68 try:
69 69 # 'subject' entries are unicode
70 70 certname = value.lower().encode('ascii')
71 71 except UnicodeEncodeError:
72 72 return _('IDN in certificate not supported')
73 73 if matchdnsname(certname):
74 74 return None
75 75 return _('certificate is for %s') % certname
76 76 return _('no commonName or subjectAltName found in certificate')
77 77
78 78
79 79 # CERT_REQUIRED means fetch the cert from the server all the time AND
80 80 # validate it against the CA store provided in web.cacerts.
81 81 #
82 82 # We COMPLETELY ignore CERT_REQUIRED on Python <= 2.5, as it's totally
83 83 # busted on those versions.
84 84
85 85 def sslkwargs(ui, host):
86 86 cacerts = ui.config('web', 'cacerts')
87 87 hostfingerprint = ui.config('hostfingerprints', host)
88 88 if cacerts and not hostfingerprint:
89 89 cacerts = util.expandpath(cacerts)
90 90 if not os.path.exists(cacerts):
91 91 raise util.Abort(_('could not find web.cacerts: %s') % cacerts)
92 92 return {'ca_certs': cacerts,
93 93 'cert_reqs': CERT_REQUIRED,
94 94 }
95 95 return {}
96 96
97 97 class validator(object):
98 98 def __init__(self, ui, host):
99 99 self.ui = ui
100 100 self.host = host
101 101
102 102 def __call__(self, sock):
103 103 host = self.host
104 104 cacerts = self.ui.config('web', 'cacerts')
105 105 hostfingerprint = self.ui.config('hostfingerprints', host)
106 106 if not getattr(sock, 'getpeercert', False): # python 2.5 ?
107 107 if hostfingerprint:
108 108 raise util.Abort(_("host fingerprint for %s can't be "
109 109 "verified (Python too old)") % host)
110 if self.ui.configbool('ui', 'reportoldssl', True):
110 111 self.ui.warn(_("warning: certificate for %s can't be verified "
111 112 "(Python too old)\n") % host)
112 113 return
113 114 if not sock.cipher(): # work around http://bugs.python.org/issue13721
114 115 raise util.Abort(_('%s ssl connection error') % host)
115 116 peercert = sock.getpeercert(True)
116 117 if not peercert:
117 118 raise util.Abort(_('%s certificate error: '
118 119 'no certificate received') % host)
119 120 peerfingerprint = util.sha1(peercert).hexdigest()
120 121 nicefingerprint = ":".join([peerfingerprint[x:x + 2]
121 122 for x in xrange(0, len(peerfingerprint), 2)])
122 123 if hostfingerprint:
123 124 if peerfingerprint.lower() != \
124 125 hostfingerprint.replace(':', '').lower():
125 126 raise util.Abort(_('certificate for %s has unexpected '
126 127 'fingerprint %s') % (host, nicefingerprint),
127 128 hint=_('check hostfingerprint configuration'))
128 129 self.ui.debug('%s certificate matched fingerprint %s\n' %
129 130 (host, nicefingerprint))
130 131 elif cacerts:
131 132 msg = _verifycert(sock.getpeercert(), host)
132 133 if msg:
133 134 raise util.Abort(_('%s certificate error: %s') % (host, msg),
134 135 hint=_('configure hostfingerprint %s or use '
135 136 '--insecure to connect insecurely') %
136 137 nicefingerprint)
137 138 self.ui.debug('%s certificate successfully verified\n' % host)
138 139 else:
139 140 self.ui.warn(_('warning: %s certificate with fingerprint %s not '
140 141 'verified (check hostfingerprints or web.cacerts '
141 142 'config setting)\n') %
142 143 (host, nicefingerprint))
General Comments 0
You need to be logged in to leave comments. Login now