upstream/mercurial-mirror Commit - r24290:b76d8c64

ssl: set explicit symbol "!" to web.cacerts to disable SSL verification (BC)...

Yuya Nishihara -

r24290:b76d8c64 default

parent child

mercurial/dispatch.py

0 +1 -1

             # dispatch.py - command dispatching for mercurial
             #
             # Copyright 2005-2007 Matt Mackall <mpm@selenic.com>
             #
             # This software may be used and distributed according to the terms of the
             # GNU General Public License version 2 or any later version.
             from i18n import _
             import os, sys, atexit, signal, pdb, socket, errno, shlex, time, traceback, re
             import difflib
             import util, commands, hg, fancyopts, extensions, hook, error
             import cmdutil, encoding
             import ui as uimod
             class request(object):
                 def __init__(self, args, ui=None, repo=None, fin=None, fout=None,
                              ferr=None):
                     self.args = args
                     self.ui = ui
                     self.repo = repo
                     # input/output/error streams
                     self.fin = fin
                     self.fout = fout
                     self.ferr = ferr
             def run():
                 "run the command in sys.argv"
                 sys.exit((dispatch(request(sys.argv[1:])) or 0) & 255)
             def _getsimilar(symbols, value):
                 sim = lambda x: difflib.SequenceMatcher(None, value, x).ratio()
                 # The cutoff for similarity here is pretty arbitrary. It should
                 # probably be investigated and tweaked.
                 return [s for s in symbols if sim(s) > 0.6]
             def _formatparse(write, inst):
                 similar = []
                 if isinstance(inst, error.UnknownIdentifier):
                     # make sure to check fileset first, as revset can invoke fileset
                     similar = _getsimilar(inst.symbols, inst.function)
                 if len(inst.args) > 1:
                     write(_("hg: parse error at %s: %s\n") %
                                      (inst.args[1], inst.args[0]))
                     if (inst.args[0][0] == ' '):
                         write(_("unexpected leading whitespace\n"))
                 else:
                     write(_("hg: parse error: %s\n") % inst.args[0])
                     if similar:
                         if len(similar) == 1:
                             write(_("(did you mean %r?)\n") % similar[0])
                         else:
                             ss = ", ".join(sorted(similar))
                             write(_("(did you mean one of %s?)\n") % ss)
             def dispatch(req):
                 "run the command specified in req.args"
                 if req.ferr:
                     ferr = req.ferr
                 elif req.ui:
                     ferr = req.ui.ferr
                 else:
                     ferr = sys.stderr
                 try:
                     if not req.ui:
                         req.ui = uimod.ui()
                     if '--traceback' in req.args:
                         req.ui.setconfig('ui', 'traceback', 'on', '--traceback')
                     # set ui streams from the request
                     if req.fin:
                         req.ui.fin = req.fin
                     if req.fout:
                         req.ui.fout = req.fout
                     if req.ferr:
                         req.ui.ferr = req.ferr
                 except util.Abort, inst:
                     ferr.write(_("abort: %s\n") % inst)
                     if inst.hint:
                         ferr.write(_("(%s)\n") % inst.hint)
                     return -1
                 except error.ParseError, inst:
                     _formatparse(ferr.write, inst)
                     return -1
                 msg = ' '.join(' ' in a and repr(a) or a for a in req.args)
                 starttime = time.time()
                 ret = None
                 try:
                     ret = _runcatch(req)
                     return ret
                 finally:
                     duration = time.time() - starttime
                     req.ui.log("commandfinish", "%s exited %s after %0.2f seconds\n",
                                msg, ret or 0, duration)
             def _runcatch(req):
                 def catchterm(*args):
                     raise error.SignalInterrupt
                 ui = req.ui
                 try:
                     for name in 'SIGBREAK', 'SIGHUP', 'SIGTERM':
                         num = getattr(signal, name, None)
                         if num:
                             signal.signal(num, catchterm)
                 except ValueError:
                     pass # happens if called in a thread
                 try:
                     try:
                         debugger = 'pdb'
                         debugtrace = {
                             'pdb' : pdb.set_trace
                         }
                         debugmortem = {
                             'pdb' : pdb.post_mortem
                         }
                         # read --config before doing anything else
                         # (e.g. to change trust settings for reading .hg/hgrc)
                         cfgs = _parseconfig(req.ui, _earlygetopt(['--config'], req.args))
                         if req.repo:
                             # copy configs that were passed on the cmdline (--config) to
                             # the repo ui
                             for sec, name, val in cfgs:
                                 req.repo.ui.setconfig(sec, name, val, source='--config')
                         # if we are in HGPLAIN mode, then disable custom debugging
                         debugger = ui.config("ui", "debugger")
                         debugmod = pdb
                         if not debugger or ui.plain():
                             debugger = 'pdb'
                         elif '--debugger' in req.args:
                             # This import can be slow for fancy debuggers, so only
                             # do it when absolutely necessary, i.e. when actual
                             # debugging has been requested
                             try:
                                 debugmod = __import__(debugger)
                             except ImportError:
                                 pass # Leave debugmod = pdb
                         debugtrace[debugger] = debugmod.set_trace
                         debugmortem[debugger] = debugmod.post_mortem
                         # enter the debugger before command execution
                         if '--debugger' in req.args:
                             ui.warn(_("entering debugger - "
                                     "type c to continue starting hg or h for help\n"))
                             if (debugger != 'pdb' and
                                 debugtrace[debugger] == debugtrace['pdb']):
                                 ui.warn(_("%s debugger specified "
                                           "but its module was not found\n") % debugger)
                             debugtrace[debugger]()
                         try:
                             return _dispatch(req)
                         finally:
                             ui.flush()
                     except: # re-raises
                         # enter the debugger when we hit an exception
                         if '--debugger' in req.args:
                             traceback.print_exc()
                             debugmortem[debugger](sys.exc_info()[2])
                         ui.traceback()
                         raise
                 # Global exception handling, alphabetically
                 # Mercurial-specific first, followed by built-in and library exceptions
                 except error.AmbiguousCommand, inst:
                     ui.warn(_("hg: command '%s' is ambiguous:\n    %s\n") %
                             (inst.args[0], " ".join(inst.args[1])))
                 except error.ParseError, inst:
                     _formatparse(ui.warn, inst)
                     return -1
                 except error.LockHeld, inst:
                     if inst.errno == errno.ETIMEDOUT:
                         reason = _('timed out waiting for lock held by %s') % inst.locker
                     else:
                         reason = _('lock held by %s') % inst.locker
                     ui.warn(_("abort: %s: %s\n") % (inst.desc or inst.filename, reason))
                 except error.LockUnavailable, inst:
                     ui.warn(_("abort: could not lock %s: %s\n") %
                            (inst.desc or inst.filename, inst.strerror))
                 except error.CommandError, inst:
                     if inst.args[0]:
                         ui.warn(_("hg %s: %s\n") % (inst.args[0], inst.args[1]))
                         commands.help_(ui, inst.args[0], full=False, command=True)
                     else:
                         ui.warn(_("hg: %s\n") % inst.args[1])
                         commands.help_(ui, 'shortlist')
                 except error.OutOfBandError, inst:
                     ui.warn(_("abort: remote error:\n"))
                     ui.warn(''.join(inst.args))
                 except error.RepoError, inst:
                     ui.warn(_("abort: %s!\n") % inst)
                     if inst.hint:
                         ui.warn(_("(%s)\n") % inst.hint)
                 except error.ResponseError, inst:
                     ui.warn(_("abort: %s") % inst.args[0])
                     if not isinstance(inst.args[1], basestring):
                         ui.warn(" %r\n" % (inst.args[1],))
                     elif not inst.args[1]:
                         ui.warn(_(" empty string\n"))
                     else:
                         ui.warn("\n%r\n" % util.ellipsis(inst.args[1]))
                 except error.CensoredNodeError, inst:
                     ui.warn(_("abort: file censored %s!\n") % inst)
                 except error.RevlogError, inst:
                     ui.warn(_("abort: %s!\n") % inst)
                 except error.SignalInterrupt:
                     ui.warn(_("killed!\n"))
                 except error.UnknownCommand, inst:
                     ui.warn(_("hg: unknown command '%s'\n") % inst.args[0])
                     try:
                         # check if the command is in a disabled extension
                         # (but don't check for extensions themselves)
                         commands.help_(ui, inst.args[0], unknowncmd=True)
                     except error.UnknownCommand:
                         suggested = False
                         if len(inst.args) == 2:
                             sim = _getsimilar(inst.args[1], inst.args[0])
                             if sim:
                                 ui.warn(_('(did you mean one of %s?)\n') %
                                         ', '.join(sorted(sim)))
                                 suggested = True
                         if not suggested:
                             commands.help_(ui, 'shortlist')
                 except error.InterventionRequired, inst:
                     ui.warn("%s\n" % inst)
                     return 1
                 except util.Abort, inst:
                     ui.warn(_("abort: %s\n") % inst)
                     if inst.hint:
                         ui.warn(_("(%s)\n") % inst.hint)
                 except ImportError, inst:
                     ui.warn(_("abort: %s!\n") % inst)
                     m = str(inst).split()[-1]
                     if m in "mpatch bdiff".split():
                         ui.warn(_("(did you forget to compile extensions?)\n"))
                     elif m in "zlib".split():
                         ui.warn(_("(is your Python install correct?)\n"))
                 except IOError, inst:
                     if util.safehasattr(inst, "code"):
                         ui.warn(_("abort: %s\n") % inst)
                     elif util.safehasattr(inst, "reason"):
                         try: # usually it is in the form (errno, strerror)
                             reason = inst.reason.args[1]
                         except (AttributeError, IndexError):
                             # it might be anything, for example a string
                             reason = inst.reason
                         if isinstance(reason, unicode):
                             # SSLError of Python 2.7.9 contains a unicode
                             reason = reason.encode(encoding.encoding, 'replace')
                         ui.warn(_("abort: error: %s\n") % reason)
                     elif (util.safehasattr(inst, "args")
                           and inst.args and inst.args[0] == errno.EPIPE):
                         if ui.debugflag:
                             ui.warn(_("broken pipe\n"))
                     elif getattr(inst, "strerror", None):
                         if getattr(inst, "filename", None):
                             ui.warn(_("abort: %s: %s\n") % (inst.strerror, inst.filename))
                         else:
                             ui.warn(_("abort: %s\n") % inst.strerror)
                     else:
                         raise
                 except OSError, inst:
                     if getattr(inst, "filename", None) is not None:
                         ui.warn(_("abort: %s: '%s'\n") % (inst.strerror, inst.filename))
                     else:
                         ui.warn(_("abort: %s\n") % inst.strerror)
                 except KeyboardInterrupt:
                     try:
                         ui.warn(_("interrupted!\n"))
                     except IOError, inst:
                         if inst.errno == errno.EPIPE:
                             if ui.debugflag:
                                 ui.warn(_("\nbroken pipe\n"))
                         else:
                             raise
                 except MemoryError:
                     ui.warn(_("abort: out of memory\n"))
                 except SystemExit, inst:
                     # Commands shouldn't sys.exit directly, but give a return code.
                     # Just in case catch this and and pass exit code to caller.
                     return inst.code
                 except socket.error, inst:
                     ui.warn(_("abort: %s\n") % inst.args[-1])
                 except: # re-raises
                     myver = util.version()
                     # For compatibility checking, we discard the portion of the hg
                     # version after the + on the assumption that if a "normal
                     # user" is running a build with a + in it the packager
                     # probably built from fairly close to a tag and anyone with a
                     # 'make local' copy of hg (where the version number can be out
                     # of date) will be clueful enough to notice the implausible
                     # version number and try updating.
                     compare = myver.split('+')[0]
                     ct = tuplever(compare)
                     worst = None, ct, ''
                     for name, mod in extensions.extensions():
                         testedwith = getattr(mod, 'testedwith', '')
                         report = getattr(mod, 'buglink', _('the extension author.'))
                         if not testedwith.strip():
                             # We found an untested extension. It's likely the culprit.
                             worst = name, 'unknown', report
                             break
                         # Never blame on extensions bundled with Mercurial.
                         if testedwith == 'internal':
                             continue
                         tested = [tuplever(t) for t in testedwith.split()]
                         if ct in tested:
                             continue
                         lower = [t for t in tested if t < ct]
                         nearest = max(lower or tested)
                         if worst[0] is None or nearest < worst[1]:
                             worst = name, nearest, report
                     if worst[0] is not None:
                         name, testedwith, report = worst
                         if not isinstance(testedwith, str):
                             testedwith = '.'.join([str(c) for c in testedwith])
                         warning = (_('** Unknown exception encountered with '
                                      'possibly-broken third-party extension %s\n'
                                      '** which supports versions %s of Mercurial.\n'
                                      '** Please disable %s and try your action again.\n'
                                      '** If that fixes the bug please report it to %s\n')
                                    % (name, testedwith, name, report))
                     else:
                         warning = (_("** unknown exception encountered, "
                                      "please report by visiting\n") +
                                    _("** http://mercurial.selenic.com/wiki/BugTracker\n"))
                     warning += ((_("** Python %s\n") % sys.version.replace('\n', '')) +
                                 (_("** Mercurial Distributed SCM (version %s)\n") % myver) +
                                 (_("** Extensions loaded: %s\n") %
                                  ", ".join([x[0] for x in extensions.extensions()])))
                     ui.log("commandexception", "%s\n%s\n", warning, traceback.format_exc())
                     ui.warn(warning)
                     raise
                 return -1
             def tuplever(v):
                 try:
                     # Assertion: tuplever is only used for extension compatibility
                     # checking. Otherwise, the discarding of extra version fields is
                     # incorrect.
                     return tuple([int(i) for i in v.split('.')[0:2]])
                 except ValueError:
                     return tuple()
             def aliasargs(fn, givenargs):
                 args = getattr(fn, 'args', [])
                 if args:
                     cmd = ' '.join(map(util.shellquote, args))
                     nums = []
                     def replacer(m):
                         num = int(m.group(1)) - 1
                         nums.append(num)
                         if num < len(givenargs):
                             return givenargs[num]
                         raise util.Abort(_('too few arguments for command alias'))
                     cmd = re.sub(r'\$(\d+|\$)', replacer, cmd)
                     givenargs = [x for i, x in enumerate(givenargs)
                                  if i not in nums]
                     args = shlex.split(cmd)
                 return args + givenargs
             def aliasinterpolate(name, args, cmd):
                 '''interpolate args into cmd for shell aliases
                 This also handles $0, $@ and "$@".
                 '''
                 # util.interpolate can't deal with "$@" (with quotes) because it's only
                 # built to match prefix + patterns.
                 replacemap = dict(('$%d' % (i + 1), arg) for i, arg in enumerate(args))
                 replacemap['$0'] = name
                 replacemap['$$'] = '$'
                 replacemap['$@'] = ' '.join(args)
                 # Typical Unix shells interpolate "$@" (with quotes) as all the positional
                 # parameters, separated out into words. Emulate the same behavior here by
                 # quoting the arguments individually. POSIX shells will then typically
                 # tokenize each argument into exactly one word.
                 replacemap['"$@"'] = ' '.join(util.shellquote(arg) for arg in args)
                 # escape '\$' for regex
                 regex = '|'.join(replacemap.keys()).replace('$', r'\$')
                 r = re.compile(regex)
                 return r.sub(lambda x: replacemap[x.group()], cmd)
             class cmdalias(object):
                 def __init__(self, name, definition, cmdtable):
                     self.name = self.cmd = name
                     self.cmdname = ''
                     self.definition = definition
                     self.fn = None
                     self.args = []
                     self.opts = []
                     self.help = ''
                     self.norepo = True
                     self.optionalrepo = False
                     self.badalias = None
                     self.unknowncmd = False
                     try:
                         aliases, entry = cmdutil.findcmd(self.name, cmdtable)
                         for alias, e in cmdtable.iteritems():
                             if e is entry:
                                 self.cmd = alias
                                 break
                         self.shadows = True
                     except error.UnknownCommand:
                         self.shadows = False
                     if not self.definition:
                         self.badalias = _("no definition for alias '%s'") % self.name
                         return
                     if self.definition.startswith('!'):
                         self.shell = True
                         def fn(ui, *args):
                             env = {'HG_ARGS': ' '.join((self.name,) + args)}
                             def _checkvar(m):
                                 if m.groups()[0] == '$':
                                     return m.group()
                                 elif int(m.groups()[0]) <= len(args):
                                     return m.group()
                                 else:
                                     ui.debug("No argument found for substitution "
                                              "of %i variable in alias '%s' definition."
                                              % (int(m.groups()[0]), self.name))
                                     return ''
                             cmd = re.sub(r'\$(\d+|\$)', _checkvar, self.definition[1:])
                             cmd = aliasinterpolate(self.name, args, cmd)
                             return ui.system(cmd, environ=env)
                         self.fn = fn
                         return
                     try:
                         args = shlex.split(self.definition)
                     except ValueError, inst:
                         self.badalias = (_("error in definition for alias '%s': %s")
                                          % (self.name, inst))
                         return
                     self.cmdname = cmd = args.pop(0)
                     args = map(util.expandpath, args)
                     for invalidarg in ("--cwd", "-R", "--repository", "--repo", "--config"):
                         if _earlygetopt([invalidarg], args):
                             self.badalias = (_("error in definition for alias '%s': %s may "
                                                "only be given on the command line")
                                              % (self.name, invalidarg))
                             return
                     try:
                         tableentry = cmdutil.findcmd(cmd, cmdtable, False)[1]
                         if len(tableentry) > 2:
                             self.fn, self.opts, self.help = tableentry
                         else:
                             self.fn, self.opts = tableentry
                         self.args = aliasargs(self.fn, args)
                         if cmd not in commands.norepo.split(' '):
                             self.norepo = False
                         if cmd in commands.optionalrepo.split(' '):
                             self.optionalrepo = True
                         if self.help.startswith("hg " + cmd):
                             # drop prefix in old-style help lines so hg shows the alias
                             self.help = self.help[4 + len(cmd):]
                         self.__doc__ = self.fn.__doc__
                     except error.UnknownCommand:
                         self.badalias = (_("alias '%s' resolves to unknown command '%s'")
                                          % (self.name, cmd))
                         self.unknowncmd = True
                     except error.AmbiguousCommand:
                         self.badalias = (_("alias '%s' resolves to ambiguous command '%s'")
                                          % (self.name, cmd))
                 def __call__(self, ui, *args, **opts):
                     if self.badalias:
                         hint = None
                         if self.unknowncmd:
                             try:
                                 # check if the command is in a disabled extension
                                 cmd, ext = extensions.disabledcmd(ui, self.cmdname)[:2]
                                 hint = _("'%s' is provided by '%s' extension") % (cmd, ext)
                             except error.UnknownCommand:
                                 pass
                         raise util.Abort(self.badalias, hint=hint)
                     if self.shadows:
                         ui.debug("alias '%s' shadows command '%s'\n" %
                                  (self.name, self.cmdname))
                     if util.safehasattr(self, 'shell'):
                         return self.fn(ui, *args, **opts)
                     else:
                         try:
                             return util.checksignature(self.fn)(ui, *args, **opts)
                         except error.SignatureError:
                             args = ' '.join([self.cmdname] + self.args)
                             ui.debug("alias '%s' expands to '%s'\n" % (self.name, args))
                             raise
             def addaliases(ui, cmdtable):
                 # aliases are processed after extensions have been loaded, so they
                 # may use extension commands. Aliases can also use other alias definitions,
                 # but only if they have been defined prior to the current definition.
                 for alias, definition in ui.configitems('alias'):
                     aliasdef = cmdalias(alias, definition, cmdtable)
                     try:
                         olddef = cmdtable[aliasdef.cmd][0]
                         if olddef.definition == aliasdef.definition:
                             continue
                     except (KeyError, AttributeError):
                         # definition might not exist or it might not be a cmdalias
                         pass
                     cmdtable[aliasdef.name] = (aliasdef, aliasdef.opts, aliasdef.help)
                     if aliasdef.norepo:
                         commands.norepo += ' %s' % alias
                     if aliasdef.optionalrepo:
                         commands.optionalrepo += ' %s' % alias
             def _parse(ui, args):
                 options = {}
                 cmdoptions = {}
                 try:
                     args = fancyopts.fancyopts(args, commands.globalopts, options)
                 except fancyopts.getopt.GetoptError, inst:
                     raise error.CommandError(None, inst)
                 if args:
                     cmd, args = args[0], args[1:]
                     aliases, entry = cmdutil.findcmd(cmd, commands.table,
                                                      ui.configbool("ui", "strict"))
                     cmd = aliases[0]
                     args = aliasargs(entry[0], args)
                     defaults = ui.config("defaults", cmd)
                     if defaults:
                         args = map(util.expandpath, shlex.split(defaults)) + args
                     c = list(entry[1])
                 else:
                     cmd = None
                     c = []
                 # combine global options into local
                 for o in commands.globalopts:
                     c.append((o[0], o[1], options[o[1]], o[3]))
                 try:
                     args = fancyopts.fancyopts(args, c, cmdoptions, True)
                 except fancyopts.getopt.GetoptError, inst:
                     raise error.CommandError(cmd, inst)
                 # separate global options back out
                 for o in commands.globalopts:
                     n = o[1]
                     options[n] = cmdoptions[n]
                     del cmdoptions[n]
                 return (cmd, cmd and entry[0] or None, args, options, cmdoptions)
             def _parseconfig(ui, config):
                 """parse the --config options from the command line"""
                 configs = []
                 for cfg in config:
                     try:
                         name, value = cfg.split('=', 1)
                         section, name = name.split('.', 1)
                         if not section or not name:
                             raise IndexError
                         ui.setconfig(section, name, value, '--config')
                         configs.append((section, name, value))
                     except (IndexError, ValueError):
                         raise util.Abort(_('malformed --config option: %r '
                                            '(use --config section.name=value)') % cfg)
                 return configs
             def _earlygetopt(aliases, args):
                 """Return list of values for an option (or aliases).
                 The values are listed in the order they appear in args.
                 The options and values are removed from args.
                 >>> args = ['x', '--cwd', 'foo', 'y']
                 >>> _earlygetopt(['--cwd'], args), args
                 (['foo'], ['x', 'y'])
                 >>> args = ['x', '--cwd=bar', 'y']
                 >>> _earlygetopt(['--cwd'], args), args
                 (['bar'], ['x', 'y'])
                 >>> args = ['x', '-R', 'foo', 'y']
                 >>> _earlygetopt(['-R'], args), args
                 (['foo'], ['x', 'y'])
                 >>> args = ['x', '-Rbar', 'y']
                 >>> _earlygetopt(['-R'], args), args
                 (['bar'], ['x', 'y'])
                 """
                 try:
                     argcount = args.index("--")
                 except ValueError:
                     argcount = len(args)
                 shortopts = [opt for opt in aliases if len(opt) == 2]
                 values = []
                 pos = 0
                 while pos < argcount:
                     fullarg = arg = args[pos]
                     equals = arg.find('=')
                     if equals > -1:
                         arg = arg[:equals]
                     if arg in aliases:
                         del args[pos]
                         if equals > -1:
                             values.append(fullarg[equals + 1:])
                             argcount -= 1
                         else:
                             if pos + 1 >= argcount:
                                 # ignore and let getopt report an error if there is no value
                                 break
                             values.append(args.pop(pos))
                             argcount -= 2
                     elif arg[:2] in shortopts:
                         # short option can have no following space, e.g. hg log -Rfoo
                         values.append(args.pop(pos)[2:])
                         argcount -= 1
                     else:
                         pos += 1
                 return values
             def runcommand(lui, repo, cmd, fullargs, ui, options, d, cmdpats, cmdoptions):
                 # run pre-hook, and abort if it fails
                 hook.hook(lui, repo, "pre-%s" % cmd, True, args=" ".join(fullargs),
                           pats=cmdpats, opts=cmdoptions)
                 ret = _runcommand(ui, options, cmd, d)
                 # run post-hook, passing command result
                 hook.hook(lui, repo, "post-%s" % cmd, False, args=" ".join(fullargs),
                           result=ret, pats=cmdpats, opts=cmdoptions)
                 return ret
             def _getlocal(ui, rpath):
                 """Return (path, local ui object) for the given target path.
                 Takes paths in [cwd]/.hg/hgrc into account."
                 """
                 try:
                     wd = os.getcwd()
                 except OSError, e:
                     raise util.Abort(_("error getting current working directory: %s") %
                                      e.strerror)
                 path = cmdutil.findrepo(wd) or ""
                 if not path:
                     lui = ui
                 else:
                     lui = ui.copy()
                     lui.readconfig(os.path.join(path, ".hg", "hgrc"), path)
                 if rpath and rpath[-1]:
                     path = lui.expandpath(rpath[-1])
                     lui = ui.copy()
                     lui.readconfig(os.path.join(path, ".hg", "hgrc"), path)
                 return path, lui
             def _checkshellalias(lui, ui, args, precheck=True):
                 """Return the function to run the shell alias, if it is required
                 'precheck' is whether this function is invoked before adding
                 aliases or not.
                 """
                 options = {}
                 try:
                     args = fancyopts.fancyopts(args, commands.globalopts, options)
                 except fancyopts.getopt.GetoptError:
                     return
                 if not args:
                     return
                 if precheck:
                     strict = True
                     norepo = commands.norepo
                     optionalrepo = commands.optionalrepo
                     def restorecommands():
                         commands.norepo = norepo
                         commands.optionalrepo = optionalrepo
                     cmdtable = commands.table.copy()
                     addaliases(lui, cmdtable)
                 else:
                     strict = False
                     def restorecommands():
                         pass
                     cmdtable = commands.table
                 cmd = args[0]
                 try:
                     aliases, entry = cmdutil.findcmd(cmd, cmdtable, strict)
                 except (error.AmbiguousCommand, error.UnknownCommand):
                     restorecommands()
                     return
                 cmd = aliases[0]
                 fn = entry[0]
                 if cmd and util.safehasattr(fn, 'shell'):
                     d = lambda: fn(ui, *args[1:])
                     return lambda: runcommand(lui, None, cmd, args[:1], ui, options, d,
                                               [], {})
                 restorecommands()
             _loaded = set()
             def _dispatch(req):
                 args = req.args
                 ui = req.ui
                 # check for cwd
                 cwd = _earlygetopt(['--cwd'], args)
                 if cwd:
                     os.chdir(cwd[-1])
                 rpath = _earlygetopt(["-R", "--repository", "--repo"], args)
                 path, lui = _getlocal(ui, rpath)
                 # Now that we're operating in the right directory/repository with
                 # the right config settings, check for shell aliases
                 shellaliasfn = _checkshellalias(lui, ui, args)
                 if shellaliasfn:
                     return shellaliasfn()
                 # Configure extensions in phases: uisetup, extsetup, cmdtable, and
                 # reposetup. Programs like TortoiseHg will call _dispatch several
                 # times so we keep track of configured extensions in _loaded.
                 extensions.loadall(lui)
                 exts = [ext for ext in extensions.extensions() if ext[0] not in _loaded]
                 # Propagate any changes to lui.__class__ by extensions
                 ui.__class__ = lui.__class__
                 # (uisetup and extsetup are handled in extensions.loadall)
                 for name, module in exts:
                     cmdtable = getattr(module, 'cmdtable', {})
                     overrides = [cmd for cmd in cmdtable if cmd in commands.table]
                     if overrides:
                         ui.warn(_("extension '%s' overrides commands: %s\n")
                                 % (name, " ".join(overrides)))
                     commands.table.update(cmdtable)
                     _loaded.add(name)
                 # (reposetup is handled in hg.repository)
                 addaliases(lui, commands.table)
                 if not lui.configbool("ui", "strict"):
                     # All aliases and commands are completely defined, now.
                     # Check abbreviation/ambiguity of shell alias again, because shell
                     # alias may cause failure of "_parse" (see issue4355)
                     shellaliasfn = _checkshellalias(lui, ui, args, precheck=False)
                     if shellaliasfn:
                         return shellaliasfn()
                 # check for fallback encoding
                 fallback = lui.config('ui', 'fallbackencoding')
                 if fallback:
                     encoding.fallbackencoding = fallback
                 fullargs = args
                 cmd, func, args, options, cmdoptions = _parse(lui, args)
                 if options["config"]:
                     raise util.Abort(_("option --config may not be abbreviated!"))
                 if options["cwd"]:
                     raise util.Abort(_("option --cwd may not be abbreviated!"))
                 if options["repository"]:
                     raise util.Abort(_(
                         "option -R has to be separated from other options (e.g. not -qR) "
                         "and --repository may only be abbreviated as --repo!"))
                 if options["encoding"]:
                     encoding.encoding = options["encoding"]
                 if options["encodingmode"]:
                     encoding.encodingmode = options["encodingmode"]
                 if options["time"]:
                     def get_times():
                         t = os.times()
                         if t[4] == 0.0: # Windows leaves this as zero, so use time.clock()
                             t = (t[0], t[1], t[2], t[3], time.clock())
                         return t
                     s = get_times()
                     def print_time():
                         t = get_times()
                         ui.warn(_("time: real %.3f secs (user %.3f+%.3f sys %.3f+%.3f)\n") %
                             (t[4]-s[4], t[0]-s[0], t[2]-s[2], t[1]-s[1], t[3]-s[3]))
                     atexit.register(print_time)
                 uis = set([ui, lui])
                 if req.repo:
                     uis.add(req.repo.ui)
                 if options['verbose'] or options['debug'] or options['quiet']:
                     for opt in ('verbose', 'debug', 'quiet'):
                         val = str(bool(options[opt]))
                         for ui_ in uis:
                             ui_.setconfig('ui', opt, val, '--' + opt)
                 if options['traceback']:
                     for ui_ in uis:
                         ui_.setconfig('ui', 'traceback', 'on', '--traceback')
                 if options['noninteractive']:
                     for ui_ in uis:
                         ui_.setconfig('ui', 'interactive', 'off', '-y')
                 if cmdoptions.get('insecure', False):
                     for ui_ in uis:
-                        ui_.setconfig('web', 'cacerts', '', '--insecure')
+                        ui_.setconfig('web', 'cacerts', '!', '--insecure')
                 if options['version']:
                     return commands.version_(ui)
                 if options['help']:
                     return commands.help_(ui, cmd, command=True)
                 elif not cmd:
                     return commands.help_(ui, 'shortlist')
                 repo = None
                 cmdpats = args[:]
                 if cmd not in commands.norepo.split():
                     # use the repo from the request only if we don't have -R
                     if not rpath and not cwd:
                         repo = req.repo
                     if repo:
                         # set the descriptors of the repo ui to those of ui
                         repo.ui.fin = ui.fin
                         repo.ui.fout = ui.fout
                         repo.ui.ferr = ui.ferr
                     else:
                         try:
                             repo = hg.repository(ui, path=path)
                             if not repo.local():
                                 raise util.Abort(_("repository '%s' is not local") % path)
                             repo.ui.setconfig("bundle", "mainreporoot", repo.root, 'repo')
                         except error.RequirementError:
                             raise
                         except error.RepoError:
                             if cmd not in commands.optionalrepo.split():
                                 if (cmd in commands.inferrepo.split() and
                                     args and not path): # try to infer -R from command args
                                     repos = map(cmdutil.findrepo, args)
                                     guess = repos[0]
                                     if guess and repos.count(guess) == len(repos):
                                         req.args = ['--repository', guess] + fullargs
                                         return _dispatch(req)
                                 if not path:
                                     raise error.RepoError(_("no repository found in '%s'"
                                                             " (.hg not found)")
                                                           % os.getcwd())
                                 raise
                     if repo:
                         ui = repo.ui
                         if options['hidden']:
                             repo = repo.unfiltered()
                     args.insert(0, repo)
                 elif rpath:
                     ui.warn(_("warning: --repository ignored\n"))
                 msg = ' '.join(' ' in a and repr(a) or a for a in fullargs)
                 ui.log("command", '%s\n', msg)
                 d = lambda: util.checksignature(func)(ui, *args, **cmdoptions)
                 try:
                     return runcommand(lui, repo, cmd, fullargs, ui, options, d,
                                       cmdpats, cmdoptions)
                 finally:
                     if repo and repo != req.repo:
                         repo.close()
             def lsprofile(ui, func, fp):
                 format = ui.config('profiling', 'format', default='text')
                 field = ui.config('profiling', 'sort', default='inlinetime')
                 limit = ui.configint('profiling', 'limit', default=30)
                 climit = ui.configint('profiling', 'nested', default=5)
                 if format not in ['text', 'kcachegrind']:
                     ui.warn(_("unrecognized profiling format '%s'"
                                 " - Ignored\n") % format)
                     format = 'text'
                 try:
                     from mercurial import lsprof
                 except ImportError:
                     raise util.Abort(_(
                         'lsprof not available - install from '
                         'http://codespeak.net/svn/user/arigo/hack/misc/lsprof/'))
                 p = lsprof.Profiler()
                 p.enable(subcalls=True)
                 try:
                     return func()
                 finally:
                     p.disable()
                     if format == 'kcachegrind':
                         import lsprofcalltree
                         calltree = lsprofcalltree.KCacheGrind(p)
                         calltree.output(fp)
                     else:
                         # format == 'text'
                         stats = lsprof.Stats(p.getstats())
                         stats.sort(field)
                         stats.pprint(limit=limit, file=fp, climit=climit)
             def statprofile(ui, func, fp):
                 try:
                     import statprof
                 except ImportError:
                     raise util.Abort(_(
                         'statprof not available - install using "easy_install statprof"'))
                 freq = ui.configint('profiling', 'freq', default=1000)
                 if freq > 0:
                     statprof.reset(freq)
                 else:
                     ui.warn(_("invalid sampling frequency '%s' - ignoring\n") % freq)
                 statprof.start()
                 try:
                     return func()
                 finally:
                     statprof.stop()
                     statprof.display(fp)
             def _runcommand(ui, options, cmd, cmdfunc):
                 def checkargs():
                     try:
                         return cmdfunc()
                     except error.SignatureError:
                         raise error.CommandError(cmd, _("invalid arguments"))
                 if options['profile']:
                     profiler = os.getenv('HGPROF')
                     if profiler is None:
                         profiler = ui.config('profiling', 'type', default='ls')
                     if profiler not in ('ls', 'stat'):
                         ui.warn(_("unrecognized profiler '%s' - ignored\n") % profiler)
                         profiler = 'ls'
                     output = ui.config('profiling', 'output')
                     if output:
                         path = ui.expandpath(output)
                         fp = open(path, 'wb')
                     else:
                         fp = sys.stderr
                     try:
                         if profiler == 'ls':
                             return lsprofile(ui, checkargs, fp)
                         else:
                             return statprofile(ui, checkargs, fp)
                     finally:
                         if output:
                             fp.close()
                 else:
                     return checkargs()

mercurial/hg.py

0 +3 -1

             # hg.py - repository classes for mercurial
             #
             # Copyright 2005-2007 Matt Mackall <mpm@selenic.com>
             # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
             #
             # This software may be used and distributed according to the terms of the
             # GNU General Public License version 2 or any later version.
             from i18n import _
             from lock import release
             from node import nullid
             import localrepo, bundlerepo, unionrepo, httppeer, sshpeer, statichttprepo
             import bookmarks, lock, util, extensions, error, node, scmutil, phases, url
             import cmdutil, discovery, repoview, exchange
             import ui as uimod
             import merge as mergemod
             import verify as verifymod
             import errno, os, shutil
             def _local(path):
                 path = util.expandpath(util.urllocalpath(path))
                 return (os.path.isfile(path) and bundlerepo or localrepo)
             def addbranchrevs(lrepo, other, branches, revs):
                 peer = other.peer() # a courtesy to callers using a localrepo for other
                 hashbranch, branches = branches
                 if not hashbranch and not branches:
                     x = revs or None
                     if util.safehasattr(revs, 'first'):
                         y =  revs.first()
                     elif revs:
                         y = revs[0]
                     else:
                         y = None
                     return x, y
                 revs = revs and list(revs) or []
                 if not peer.capable('branchmap'):
                     if branches:
                         raise util.Abort(_("remote branch lookup not supported"))
                     revs.append(hashbranch)
                     return revs, revs[0]
                 branchmap = peer.branchmap()
                 def primary(branch):
                     if branch == '.':
                         if not lrepo:
                             raise util.Abort(_("dirstate branch not accessible"))
                         branch = lrepo.dirstate.branch()
                     if branch in branchmap:
                         revs.extend(node.hex(r) for r in reversed(branchmap[branch]))
                         return True
                     else:
                         return False
                 for branch in branches:
                     if not primary(branch):
                         raise error.RepoLookupError(_("unknown branch '%s'") % branch)
                 if hashbranch:
                     if not primary(hashbranch):
                         revs.append(hashbranch)
                 return revs, revs[0]
             def parseurl(path, branches=None):
                 '''parse url#branch, returning (url, (branch, branches))'''
                 u = util.url(path)
                 branch = None
                 if u.fragment:
                     branch = u.fragment
                     u.fragment = None
                 return str(u), (branch, branches or [])
             schemes = {
                 'bundle': bundlerepo,
                 'union': unionrepo,
                 'file': _local,
                 'http': httppeer,
                 'https': httppeer,
                 'ssh': sshpeer,
                 'static-http': statichttprepo,
             }
             def _peerlookup(path):
                 u = util.url(path)
                 scheme = u.scheme or 'file'
                 thing = schemes.get(scheme) or schemes['file']
                 try:
                     return thing(path)
                 except TypeError:
                     return thing
             def islocal(repo):
                 '''return true if repo (or path pointing to repo) is local'''
                 if isinstance(repo, str):
                     try:
                         return _peerlookup(repo).islocal(repo)
                     except AttributeError:
                         return False
                 return repo.local()
             def openpath(ui, path):
                 '''open path with open if local, url.open if remote'''
                 pathurl = util.url(path, parsequery=False, parsefragment=False)
                 if pathurl.islocal():
                     return util.posixfile(pathurl.localpath(), 'rb')
                 else:
                     return url.open(ui, path)
             # a list of (ui, repo) functions called for wire peer initialization
             wirepeersetupfuncs = []
             def _peerorrepo(ui, path, create=False):
                 """return a repository object for the specified path"""
                 obj = _peerlookup(path).instance(ui, path, create)
                 ui = getattr(obj, "ui", ui)
                 for name, module in extensions.extensions(ui):
                     hook = getattr(module, 'reposetup', None)
                     if hook:
                         hook(ui, obj)
                 if not obj.local():
                     for f in wirepeersetupfuncs:
                         f(ui, obj)
                 return obj
             def repository(ui, path='', create=False):
                 """return a repository object for the specified path"""
                 peer = _peerorrepo(ui, path, create)
                 repo = peer.local()
                 if not repo:
                     raise util.Abort(_("repository '%s' is not local") %
                                      (path or peer.url()))
                 return repo.filtered('visible')
             def peer(uiorrepo, opts, path, create=False):
                 '''return a repository peer for the specified path'''
                 rui = remoteui(uiorrepo, opts)
                 return _peerorrepo(rui, path, create).peer()
             def defaultdest(source):
                 '''return default destination of clone if none is given
                 >>> defaultdest('foo')
                 'foo'
                 >>> defaultdest('/foo/bar')
                 'bar'
                 >>> defaultdest('/')
                 ''
                 >>> defaultdest('')
                 ''
                 >>> defaultdest('http://example.org/')
                 ''
                 >>> defaultdest('http://example.org/foo/')
                 'foo'
                 '''
                 path = util.url(source).path
                 if not path:
                     return ''
                 return os.path.basename(os.path.normpath(path))
             def share(ui, source, dest=None, update=True, bookmarks=True):
                 '''create a shared repository'''
                 if not islocal(source):
                     raise util.Abort(_('can only share local repositories'))
                 if not dest:
                     dest = defaultdest(source)
                 else:
                     dest = ui.expandpath(dest)
                 if isinstance(source, str):
                     origsource = ui.expandpath(source)
                     source, branches = parseurl(origsource)
                     srcrepo = repository(ui, source)
                     rev, checkout = addbranchrevs(srcrepo, srcrepo, branches, None)
                 else:
                     srcrepo = source.local()
                     origsource = source = srcrepo.url()
                     checkout = None
                 sharedpath = srcrepo.sharedpath # if our source is already sharing
                 destwvfs = scmutil.vfs(dest, realpath=True)
                 destvfs = scmutil.vfs(os.path.join(destwvfs.base, '.hg'), realpath=True)
                 if destvfs.lexists():
                     raise util.Abort(_('destination already exists'))
                 if not destwvfs.isdir():
                     destwvfs.mkdir()
                 destvfs.makedir()
                 requirements = ''
                 try:
                     requirements = srcrepo.vfs.read('requires')
                 except IOError, inst:
                     if inst.errno != errno.ENOENT:
                         raise
                 requirements += 'shared\n'
                 destvfs.write('requires', requirements)
                 destvfs.write('sharedpath', sharedpath)
                 r = repository(ui, destwvfs.base)
                 default = srcrepo.ui.config('paths', 'default')
                 if default:
                     fp = r.vfs("hgrc", "w", text=True)
                     fp.write("[paths]\n")
                     fp.write("default = %s\n" % default)
                     fp.close()
                 if update:
                     r.ui.status(_("updating working directory\n"))
                     if update is not True:
                         checkout = update
                     for test in (checkout, 'default', 'tip'):
                         if test is None:
                             continue
                         try:
                             uprev = r.lookup(test)
                             break
                         except error.RepoLookupError:
                             continue
                     _update(r, uprev)
                 if bookmarks:
                     fp = r.vfs('shared', 'w')
                     fp.write('bookmarks\n')
                     fp.close()
             def copystore(ui, srcrepo, destpath):
                 '''copy files from store of srcrepo in destpath
                 returns destlock
                 '''
                 destlock = None
                 try:
                     hardlink = None
                     num = 0
                     srcpublishing = srcrepo.ui.configbool('phases', 'publish', True)
                     srcvfs = scmutil.vfs(srcrepo.sharedpath)
                     dstvfs = scmutil.vfs(destpath)
                     for f in srcrepo.store.copylist():
                         if srcpublishing and f.endswith('phaseroots'):
                             continue
                         dstbase = os.path.dirname(f)
                         if dstbase and not dstvfs.exists(dstbase):
                             dstvfs.mkdir(dstbase)
                         if srcvfs.exists(f):
                             if f.endswith('data'):
                                 # 'dstbase' may be empty (e.g. revlog format 0)
                                 lockfile = os.path.join(dstbase, "lock")
                                 # lock to avoid premature writing to the target
                                 destlock = lock.lock(dstvfs, lockfile)
                             hardlink, n = util.copyfiles(srcvfs.join(f), dstvfs.join(f),
                                                          hardlink)
                             num += n
                     if hardlink:
                         ui.debug("linked %d files\n" % num)
                     else:
                         ui.debug("copied %d files\n" % num)
                     return destlock
                 except: # re-raises
                     release(destlock)
                     raise
             def clone(ui, peeropts, source, dest=None, pull=False, rev=None,
                       update=True, stream=False, branch=None):
                 """Make a copy of an existing repository.
                 Create a copy of an existing repository in a new directory.  The
                 source and destination are URLs, as passed to the repository
                 function.  Returns a pair of repository peers, the source and
                 newly created destination.
                 The location of the source is added to the new repository's
                 .hg/hgrc file, as the default to be used for future pulls and
                 pushes.
                 If an exception is raised, the partly cloned/updated destination
                 repository will be deleted.
                 Arguments:
                 source: repository object or URL
                 dest: URL of destination repository to create (defaults to base
                 name of source repository)
                 pull: always pull from source repository, even in local case or if the
                 server prefers streaming
                 stream: stream raw data uncompressed from repository (fast over
                 LAN, slow over WAN)
                 rev: revision to clone up to (implies pull=True)
                 update: update working directory after clone completes, if
                 destination is local repository (True means update to default rev,
                 anything else is treated as a revision)
                 branch: branches to clone
                 """
                 if isinstance(source, str):
                     origsource = ui.expandpath(source)
                     source, branch = parseurl(origsource, branch)
                     srcpeer = peer(ui, peeropts, source)
                 else:
                     srcpeer = source.peer() # in case we were called with a localrepo
                     branch = (None, branch or [])
                     origsource = source = srcpeer.url()
                 rev, checkout = addbranchrevs(srcpeer, srcpeer, branch, rev)
                 if dest is None:
                     dest = defaultdest(source)
                     if dest:
                         ui.status(_("destination directory: %s\n") % dest)
                 else:
                     dest = ui.expandpath(dest)
                 dest = util.urllocalpath(dest)
                 source = util.urllocalpath(source)
                 if not dest:
                     raise util.Abort(_("empty destination path is not valid"))
                 destvfs = scmutil.vfs(dest, expandpath=True)
                 if destvfs.lexists():
                     if not destvfs.isdir():
                         raise util.Abort(_("destination '%s' already exists") % dest)
                     elif destvfs.listdir():
                         raise util.Abort(_("destination '%s' is not empty") % dest)
                 srclock = destlock = cleandir = None
                 srcrepo = srcpeer.local()
                 try:
                     abspath = origsource
                     if islocal(origsource):
                         abspath = os.path.abspath(util.urllocalpath(origsource))
                     if islocal(dest):
                         cleandir = dest
                     copy = False
                     if (srcrepo and srcrepo.cancopy() and islocal(dest)
                         and not phases.hassecret(srcrepo)):
                         copy = not pull and not rev
                     if copy:
                         try:
                             # we use a lock here because if we race with commit, we
                             # can end up with extra data in the cloned revlogs that's
                             # not pointed to by changesets, thus causing verify to
                             # fail
                             srclock = srcrepo.lock(wait=False)
                         except error.LockError:
                             copy = False
                     if copy:
                         srcrepo.hook('preoutgoing', throw=True, source='clone')
                         hgdir = os.path.realpath(os.path.join(dest, ".hg"))
                         if not os.path.exists(dest):
                             os.mkdir(dest)
                         else:
                             # only clean up directories we create ourselves
                             cleandir = hgdir
                         try:
                             destpath = hgdir
                             util.makedir(destpath, notindexed=True)
                         except OSError, inst:
                             if inst.errno == errno.EEXIST:
                                 cleandir = None
                                 raise util.Abort(_("destination '%s' already exists")
                                                  % dest)
                             raise
                         destlock = copystore(ui, srcrepo, destpath)
                         # copy bookmarks over
                         srcbookmarks = srcrepo.join('bookmarks')
                         dstbookmarks = os.path.join(destpath, 'bookmarks')
                         if os.path.exists(srcbookmarks):
                             util.copyfile(srcbookmarks, dstbookmarks)
                         # Recomputing branch cache might be slow on big repos,
                         # so just copy it
                         def copybranchcache(fname):
                             srcbranchcache = srcrepo.join('cache/%s' % fname)
                             dstbranchcache = os.path.join(dstcachedir, fname)
                             if os.path.exists(srcbranchcache):
                                 if not os.path.exists(dstcachedir):
                                     os.mkdir(dstcachedir)
                                 util.copyfile(srcbranchcache, dstbranchcache)
                         dstcachedir = os.path.join(destpath, 'cache')
                         # In local clones we're copying all nodes, not just served
                         # ones. Therefore copy all branch caches over.
                         copybranchcache('branch2')
                         for cachename in repoview.filtertable:
                             copybranchcache('branch2-%s' % cachename)
                         # we need to re-init the repo after manually copying the data
                         # into it
                         destpeer = peer(srcrepo, peeropts, dest)
                         srcrepo.hook('outgoing', source='clone',
                                       node=node.hex(node.nullid))
                     else:
                         try:
                             destpeer = peer(srcrepo or ui, peeropts, dest, create=True)
                                             # only pass ui when no srcrepo
                         except OSError, inst:
                             if inst.errno == errno.EEXIST:
                                 cleandir = None
                                 raise util.Abort(_("destination '%s' already exists")
                                                  % dest)
                             raise
                         revs = None
                         if rev:
                             if not srcpeer.capable('lookup'):
                                 raise util.Abort(_("src repository does not support "
                                                    "revision lookup and so doesn't "
                                                    "support clone by revision"))
                             revs = [srcpeer.lookup(r) for r in rev]
                             checkout = revs[0]
                         if destpeer.local():
                             if not stream:
                                 if pull:
                                     stream = False
                                 else:
                                     stream = None
                             destpeer.local().clone(srcpeer, heads=revs, stream=stream)
                         elif srcrepo:
                             exchange.push(srcrepo, destpeer, revs=revs,
                                           bookmarks=srcrepo._bookmarks.keys())
                         else:
                             raise util.Abort(_("clone from remote to remote not supported"))
                     cleandir = None
                     destrepo = destpeer.local()
                     if destrepo:
                         template = uimod.samplehgrcs['cloned']
                         fp = destrepo.vfs("hgrc", "w", text=True)
                         u = util.url(abspath)
                         u.passwd = None
                         defaulturl = str(u)
                         fp.write(template % defaulturl)
                         fp.close()
                         destrepo.ui.setconfig('paths', 'default', defaulturl, 'clone')
                         if update:
                             if update is not True:
                                 checkout = srcpeer.lookup(update)
                             uprev = None
                             status = None
                             if checkout is not None:
                                 try:
                                     uprev = destrepo.lookup(checkout)
                                 except error.RepoLookupError:
                                     pass
                             if uprev is None:
                                 try:
                                     uprev = destrepo._bookmarks['@']
                                     update = '@'
                                     bn = destrepo[uprev].branch()
                                     if bn == 'default':
                                         status = _("updating to bookmark @\n")
                                     else:
                                         status = (_("updating to bookmark @ on branch %s\n")
                                                    % bn)
                                 except KeyError:
                                     try:
                                         uprev = destrepo.branchtip('default')
                                     except error.RepoLookupError:
                                         uprev = destrepo.lookup('tip')
                             if not status:
                                 bn = destrepo[uprev].branch()
                                 status = _("updating to branch %s\n") % bn
                             destrepo.ui.status(status)
                             _update(destrepo, uprev)
                             if update in destrepo._bookmarks:
                                 bookmarks.setcurrent(destrepo, update)
                 finally:
                     release(srclock, destlock)
                     if cleandir is not None:
                         shutil.rmtree(cleandir, True)
                     if srcpeer is not None:
                         srcpeer.close()
                 return srcpeer, destpeer
             def _showstats(repo, stats):
                 repo.ui.status(_("%d files updated, %d files merged, "
                                  "%d files removed, %d files unresolved\n") % stats)
             def updaterepo(repo, node, overwrite):
                 """Update the working directory to node.
                 When overwrite is set, changes are clobbered, merged else
                 returns stats (see pydoc mercurial.merge.applyupdates)"""
                 return mergemod.update(repo, node, False, overwrite, None,
                                        labels=['working copy', 'destination'])
             def update(repo, node):
                 """update the working directory to node, merging linear changes"""
                 stats = updaterepo(repo, node, False)
                 _showstats(repo, stats)
                 if stats[3]:
                     repo.ui.status(_("use 'hg resolve' to retry unresolved file merges\n"))
                 return stats[3] > 0
             # naming conflict in clone()
             _update = update
             def clean(repo, node, show_stats=True):
                 """forcibly switch the working directory to node, clobbering changes"""
                 stats = updaterepo(repo, node, True)
                 util.unlinkpath(repo.join('graftstate'), ignoremissing=True)
                 if show_stats:
                     _showstats(repo, stats)
                 return stats[3] > 0
             def merge(repo, node, force=None, remind=True):
                 """Branch merge with node, resolving changes. Return true if any
                 unresolved conflicts."""
                 stats = mergemod.update(repo, node, True, force, False)
                 _showstats(repo, stats)
                 if stats[3]:
                     repo.ui.status(_("use 'hg resolve' to retry unresolved file merges "
                                      "or 'hg update -C .' to abandon\n"))
                 elif remind:
                     repo.ui.status(_("(branch merge, don't forget to commit)\n"))
                 return stats[3] > 0
             def _incoming(displaychlist, subreporecurse, ui, repo, source,
                     opts, buffered=False):
                 """
                 Helper for incoming / gincoming.
                 displaychlist gets called with
                     (remoterepo, incomingchangesetlist, displayer) parameters,
                 and is supposed to contain only code that can't be unified.
                 """
                 source, branches = parseurl(ui.expandpath(source), opts.get('branch'))
                 other = peer(repo, opts, source)
                 ui.status(_('comparing with %s\n') % util.hidepassword(source))
                 revs, checkout = addbranchrevs(repo, other, branches, opts.get('rev'))
                 if revs:
                     revs = [other.lookup(rev) for rev in revs]
                 other, chlist, cleanupfn = bundlerepo.getremotechanges(ui, repo, other,
                                             revs, opts["bundle"], opts["force"])
                 try:
                     if not chlist:
                         ui.status(_("no changes found\n"))
                         return subreporecurse()
                     displayer = cmdutil.show_changeset(ui, other, opts, buffered)
                     displaychlist(other, chlist, displayer)
                     displayer.close()
                 finally:
                     cleanupfn()
                 subreporecurse()
                 return 0 # exit code is zero since we found incoming changes
             def incoming(ui, repo, source, opts):
                 def subreporecurse():
                     ret = 1
                     if opts.get('subrepos'):
                         ctx = repo[None]
                         for subpath in sorted(ctx.substate):
                             sub = ctx.sub(subpath)
                             ret = min(ret, sub.incoming(ui, source, opts))
                     return ret
                 def display(other, chlist, displayer):
                     limit = cmdutil.loglimit(opts)
                     if opts.get('newest_first'):
                         chlist.reverse()
                     count = 0
                     for n in chlist:
                         if limit is not None and count >= limit:
                             break
                         parents = [p for p in other.changelog.parents(n) if p != nullid]
                         if opts.get('no_merges') and len(parents) == 2:
                             continue
                         count += 1
                         displayer.show(other[n])
                 return _incoming(display, subreporecurse, ui, repo, source, opts)
             def _outgoing(ui, repo, dest, opts):
                 dest = ui.expandpath(dest or 'default-push', dest or 'default')
                 dest, branches = parseurl(dest, opts.get('branch'))
                 ui.status(_('comparing with %s\n') % util.hidepassword(dest))
                 revs, checkout = addbranchrevs(repo, repo, branches, opts.get('rev'))
                 if revs:
                     revs = [repo.lookup(rev) for rev in scmutil.revrange(repo, revs)]
                 other = peer(repo, opts, dest)
                 outgoing = discovery.findcommonoutgoing(repo.unfiltered(), other, revs,
                                                         force=opts.get('force'))
                 o = outgoing.missing
                 if not o:
                     scmutil.nochangesfound(repo.ui, repo, outgoing.excluded)
                 return o, other
             def outgoing(ui, repo, dest, opts):
                 def recurse():
                     ret = 1
                     if opts.get('subrepos'):
                         ctx = repo[None]
                         for subpath in sorted(ctx.substate):
                             sub = ctx.sub(subpath)
                             ret = min(ret, sub.outgoing(ui, dest, opts))
                     return ret
                 limit = cmdutil.loglimit(opts)
                 o, other = _outgoing(ui, repo, dest, opts)
                 if not o:
                     cmdutil.outgoinghooks(ui, repo, other, opts, o)
                     return recurse()
                 if opts.get('newest_first'):
                     o.reverse()
                 displayer = cmdutil.show_changeset(ui, repo, opts)
                 count = 0
                 for n in o:
                     if limit is not None and count >= limit:
                         break
                     parents = [p for p in repo.changelog.parents(n) if p != nullid]
                     if opts.get('no_merges') and len(parents) == 2:
                         continue
                     count += 1
                     displayer.show(repo[n])
                 displayer.close()
                 cmdutil.outgoinghooks(ui, repo, other, opts, o)
                 recurse()
                 return 0 # exit code is zero since we found outgoing changes
             def revert(repo, node, choose):
                 """revert changes to revision in node without updating dirstate"""
                 return mergemod.update(repo, node, False, True, choose)[3] > 0
             def verify(repo):
                 """verify the consistency of a repository"""
                 return verifymod.verify(repo)
             def remoteui(src, opts):
                 'build a remote ui from ui or repo and opts'
                 if util.safehasattr(src, 'baseui'): # looks like a repository
                     dst = src.baseui.copy() # drop repo-specific config
                     src = src.ui # copy target options from repo
                 else: # assume it's a global ui object
                     dst = src.copy() # keep all global options
                 # copy ssh-specific options
                 for o in 'ssh', 'remotecmd':
                     v = opts.get(o) or src.config('ui', o)
                     if v:
                         dst.setconfig("ui", o, v, 'copied')
                 # copy bundle-specific options
                 r = src.config('bundle', 'mainreporoot')
                 if r:
                     dst.setconfig('bundle', 'mainreporoot', r, 'copied')
                 # copy selected local settings to the remote ui
                 for sect in ('auth', 'hostfingerprints', 'http_proxy'):
                     for key, val in src.configitems(sect):
                         dst.setconfig(sect, key, val, 'copied')
                 v = src.config('web', 'cacerts')
-                if v:
+                if v == '!':
+                    dst.setconfig('web', 'cacerts', v, 'copied')
+                elif v:
                     dst.setconfig('web', 'cacerts', util.expandpath(v), 'copied')
                 return dst

mercurial/sslutil.py

0 +11 -10

             # sslutil.py - SSL handling for mercurial
             #
             # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com>
             # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br>
             # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
             #
             # This software may be used and distributed according to the terms of the
             # GNU General Public License version 2 or any later version.
             import os, sys
             from mercurial import util
             from mercurial.i18n import _
             try:
                 # avoid using deprecated/broken FakeSocket in python 2.6
                 import ssl
                 CERT_REQUIRED = ssl.CERT_REQUIRED
                 try:
                     ssl_context = ssl.SSLContext
                     def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=ssl.CERT_NONE,
                                         ca_certs=None, serverhostname=None):
                         # Allow any version of SSL starting with TLSv1 and
                         # up. Note that specifying TLSv1 here prohibits use of
                         # newer standards (like TLSv1_2), so this is the right way
                         # to do this. Note that in the future it'd be better to
                         # support using ssl.create_default_context(), which sets
                         # up a bunch of things in smart ways (strong ciphers,
                         # protocol versions, etc) and is upgraded by Python
                         # maintainers for us, but that breaks too many things to
                         # do it in a hurry.
                         sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
                         sslcontext.options &= ssl.OP_NO_SSLv2 & ssl.OP_NO_SSLv3
                         if certfile is not None:
                             sslcontext.load_cert_chain(certfile, keyfile)
                         sslcontext.verify_mode = cert_reqs
                         if ca_certs is not None:
                             sslcontext.load_verify_locations(cafile=ca_certs)
                         sslsocket = sslcontext.wrap_socket(sock,
                                                            server_hostname=serverhostname)
                         # check if wrap_socket failed silently because socket had been
                         # closed
                         # - see http://bugs.python.org/issue13721
                         if not sslsocket.cipher():
                             raise util.Abort(_('ssl connection failed'))
                         return sslsocket
                 except AttributeError:
                     def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=ssl.CERT_NONE,
                                         ca_certs=None, serverhostname=None):
                         sslsocket = ssl.wrap_socket(sock, keyfile, certfile,
                                                     cert_reqs=cert_reqs, ca_certs=ca_certs,
                                                     ssl_version=ssl.PROTOCOL_TLSv1)
                         # check if wrap_socket failed silently because socket had been
                         # closed
                         # - see http://bugs.python.org/issue13721
                         if not sslsocket.cipher():
                             raise util.Abort(_('ssl connection failed'))
                         return sslsocket
             except ImportError:
                 CERT_REQUIRED = 2
                 import socket, httplib
                 def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=CERT_REQUIRED,
                                     ca_certs=None, serverhostname=None):
                     if not util.safehasattr(socket, 'ssl'):
                         raise util.Abort(_('Python SSL support not found'))
                     if ca_certs:
                         raise util.Abort(_(
                             'certificate checking requires Python 2.6'))
                     ssl = socket.ssl(sock, keyfile, certfile)
                     return httplib.FakeSocket(sock, ssl)
             def _verifycert(cert, hostname):
                 '''Verify that cert (in socket.getpeercert() format) matches hostname.
                 CRLs is not handled.
                 Returns error message if any problems are found and None on success.
                 '''
                 if not cert:
                     return _('no certificate received')
                 dnsname = hostname.lower()
                 def matchdnsname(certname):
                     return (certname == dnsname or
                             '.' in dnsname and certname == '*.' + dnsname.split('.', 1)[1])
                 san = cert.get('subjectAltName', [])
                 if san:
                     certnames = [value.lower() for key, value in san if key == 'DNS']
                     for name in certnames:
                         if matchdnsname(name):
                             return None
                     if certnames:
                         return _('certificate is for %s') % ', '.join(certnames)
                 # subject is only checked when subjectAltName is empty
                 for s in cert.get('subject', []):
                     key, value = s[0]
                     if key == 'commonName':
                         try:
                             # 'subject' entries are unicode
                             certname = value.lower().encode('ascii')
                         except UnicodeEncodeError:
                             return _('IDN in certificate not supported')
                         if matchdnsname(certname):
                             return None
                         return _('certificate is for %s') % certname
                 return _('no commonName or subjectAltName found in certificate')
             # CERT_REQUIRED means fetch the cert from the server all the time AND
             # validate it against the CA store provided in web.cacerts.
             #
             # We COMPLETELY ignore CERT_REQUIRED on Python <= 2.5, as it's totally
             # busted on those versions.
             def _plainapplepython():
                 """return true if this seems to be a pure Apple Python that
                 * is unfrozen and presumably has the whole mercurial module in the file
                   system
                 * presumably is an Apple Python that uses Apple OpenSSL which has patches
                   for using system certificate store CAs in addition to the provided
                   cacerts file
                 """
                 if sys.platform != 'darwin' or util.mainfrozen():
                     return False
                 exe = (sys.executable or '').lower()
                 return (exe.startswith('/usr/bin/python') or
                         exe.startswith('/system/library/frameworks/python.framework/'))
             def _defaultcacerts():
                 if _plainapplepython():
                     dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem')
                     if os.path.exists(dummycert):
                         return dummycert
-                return None
+                return '!'
             def sslkwargs(ui, host):
                 kws = {}
                 hostfingerprint = ui.config('hostfingerprints', host)
                 if hostfingerprint:
                     return kws
                 cacerts = ui.config('web', 'cacerts')
-                if cacerts:
+                if cacerts == '!':
+                    pass
+                elif cacerts:
                     cacerts = util.expandpath(cacerts)
                     if not os.path.exists(cacerts):
                         raise util.Abort(_('could not find web.cacerts: %s') % cacerts)
-                elif cacerts is None:
+                else:
-                    dummycert = _defaultcacerts()
+                    cacerts = _defaultcacerts()
-                    if dummycert:
+                    if cacerts and cacerts != '!':
-                        ui.debug('using %s to enable OS X system CA\n' % dummycert)
+                        ui.debug('using %s to enable OS X system CA\n' % cacerts)
-                        ui.setconfig('web', 'cacerts', dummycert, 'dummy')
+                    ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts')
-                        cacerts = dummycert
+                if cacerts != '!':
-                if cacerts:
                     kws.update({'ca_certs': cacerts,
                                 'cert_reqs': CERT_REQUIRED,
                                 })
                 return kws
             class validator(object):
                 def __init__(self, ui, host):
                     self.ui = ui
                     self.host = host
                 def __call__(self, sock, strict=False):
                     host = self.host
                     cacerts = self.ui.config('web', 'cacerts')
                     hostfingerprint = self.ui.config('hostfingerprints', host)
                     if not getattr(sock, 'getpeercert', False): # python 2.5 ?
                         if hostfingerprint:
                             raise util.Abort(_("host fingerprint for %s can't be "
                                                "verified (Python too old)") % host)
                         if strict:
                             raise util.Abort(_("certificate for %s can't be verified "
                                                "(Python too old)") % host)
                         if self.ui.configbool('ui', 'reportoldssl', True):
                             self.ui.warn(_("warning: certificate for %s can't be verified "
                                            "(Python too old)\n") % host)
                         return
                     if not sock.cipher(): # work around http://bugs.python.org/issue13721
                         raise util.Abort(_('%s ssl connection error') % host)
                     try:
                         peercert = sock.getpeercert(True)
                         peercert2 = sock.getpeercert()
                     except AttributeError:
                         raise util.Abort(_('%s ssl connection error') % host)
                     if not peercert:
                         raise util.Abort(_('%s certificate error: '
                                            'no certificate received') % host)
                     peerfingerprint = util.sha1(peercert).hexdigest()
                     nicefingerprint = ":".join([peerfingerprint[x:x + 2]
                         for x in xrange(0, len(peerfingerprint), 2)])
                     if hostfingerprint:
                         if peerfingerprint.lower() != \
                                 hostfingerprint.replace(':', '').lower():
                             raise util.Abort(_('certificate for %s has unexpected '
                                                'fingerprint %s') % (host, nicefingerprint),
                                              hint=_('check hostfingerprint configuration'))
                         self.ui.debug('%s certificate matched fingerprint %s\n' %
                                       (host, nicefingerprint))
-                    elif cacerts:
+                    elif cacerts != '!':
                         msg = _verifycert(peercert2, host)
                         if msg:
                             raise util.Abort(_('%s certificate error: %s') % (host, msg),
                                              hint=_('configure hostfingerprint %s or use '
                                                     '--insecure to connect insecurely') %
                                                   nicefingerprint)
                         self.ui.debug('%s certificate successfully verified\n' % host)
                     elif strict:
                         raise util.Abort(_('%s certificate with fingerprint %s not '
                                            'verified') % (host, nicefingerprint),
                                          hint=_('check hostfingerprints or web.cacerts '
                                                  'config setting'))
                     else:
                         self.ui.warn(_('warning: %s certificate with fingerprint %s not '
                                        'verified (check hostfingerprints or web.cacerts '
                                        'config setting)\n') %
                                      (host, nicefingerprint))

tests/hghave.py

0 +1 -1

             import os, stat
             import re
             import socket
             import sys
             import tempfile
             tempprefix = 'hg-hghave-'
             checks = {
                 "true": (lambda: True, "yak shaving"),
                 "false": (lambda: False, "nail clipper"),
             }
             def check(name, desc):
                 def decorator(func):
                     checks[name] = (func, desc)
                     return func
                 return decorator
             def matchoutput(cmd, regexp, ignorestatus=False):
                 """Return True if cmd executes successfully and its output
                 is matched by the supplied regular expression.
                 """
                 r = re.compile(regexp)
                 fh = os.popen(cmd)
                 s = fh.read()
                 try:
                     ret = fh.close()
                 except IOError:
                     # Happen in Windows test environment
                     ret = 1
                 return (ignorestatus or ret is None) and r.search(s)
             @check("baz", "GNU Arch baz client")
             def has_baz():
                 return matchoutput('baz --version 2>&1', r'baz Bazaar version')
             @check("bzr", "Canonical's Bazaar client")
             def has_bzr():
                 try:
                     import bzrlib
                     return bzrlib.__doc__ is not None
                 except ImportError:
                     return False
             @check("bzr114", "Canonical's Bazaar client >= 1.14")
             def has_bzr114():
                 try:
                     import bzrlib
                     return (bzrlib.__doc__ is not None
                             and bzrlib.version_info[:2] >= (1, 14))
                 except ImportError:
                     return False
             @check("cvs", "cvs client/server")
             def has_cvs():
                 re = r'Concurrent Versions System.*?server'
                 return matchoutput('cvs --version 2>&1', re) and not has_msys()
             @check("cvs112", "cvs client/server >= 1.12")
             def has_cvs112():
                 re = r'Concurrent Versions System \(CVS\) 1.12.*?server'
                 return matchoutput('cvs --version 2>&1', re) and not has_msys()
             @check("darcs", "darcs client")
             def has_darcs():
                 return matchoutput('darcs --version', r'2\.[2-9]', True)
             @check("mtn", "monotone client (>= 1.0)")
             def has_mtn():
                 return matchoutput('mtn --version', r'monotone', True) and not matchoutput(
                     'mtn --version', r'monotone 0\.', True)
             @check("eol-in-paths", "end-of-lines in paths")
             def has_eol_in_paths():
                 try:
                     fd, path = tempfile.mkstemp(dir='.', prefix=tempprefix, suffix='\n\r')
                     os.close(fd)
                     os.remove(path)
                     return True
                 except (IOError, OSError):
                     return False
             @check("execbit", "executable bit")
             def has_executablebit():
                 try:
                     EXECFLAGS = stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH
                     fh, fn = tempfile.mkstemp(dir='.', prefix=tempprefix)
                     try:
                         os.close(fh)
                         m = os.stat(fn).st_mode & 0777
                         new_file_has_exec = m & EXECFLAGS
                         os.chmod(fn, m ^ EXECFLAGS)
                         exec_flags_cannot_flip = ((os.stat(fn).st_mode & 0777) == m)
                     finally:
                         os.unlink(fn)
                 except (IOError, OSError):
                     # we don't care, the user probably won't be able to commit anyway
                     return False
                 return not (new_file_has_exec or exec_flags_cannot_flip)
             @check("icasefs", "case insensitive file system")
             def has_icasefs():
                 # Stolen from mercurial.util
                 fd, path = tempfile.mkstemp(dir='.', prefix=tempprefix)
                 os.close(fd)
                 try:
                     s1 = os.stat(path)
                     d, b = os.path.split(path)
                     p2 = os.path.join(d, b.upper())
                     if path == p2:
                         p2 = os.path.join(d, b.lower())
                     try:
                         s2 = os.stat(p2)
                         return s2 == s1
                     except OSError:
                         return False
                 finally:
                     os.remove(path)
             @check("fifo", "named pipes")
             def has_fifo():
                 if getattr(os, "mkfifo", None) is None:
                     return False
                 name = tempfile.mktemp(dir='.', prefix=tempprefix)
                 try:
                     os.mkfifo(name)
                     os.unlink(name)
                     return True
                 except OSError:
                     return False
             @check("killdaemons", 'killdaemons.py support')
             def has_killdaemons():
                 return True
             @check("cacheable", "cacheable filesystem")
             def has_cacheable_fs():
                 from mercurial import util
                 fd, path = tempfile.mkstemp(dir='.', prefix=tempprefix)
                 os.close(fd)
                 try:
                     return util.cachestat(path).cacheable()
                 finally:
                     os.remove(path)
             @check("lsprof", "python lsprof module")
             def has_lsprof():
                 try:
                     import _lsprof
                     _lsprof.Profiler # silence unused import warning
                     return True
                 except ImportError:
                     return False
             @check("gettext", "GNU Gettext (msgfmt)")
             def has_gettext():
                 return matchoutput('msgfmt --version', 'GNU gettext-tools')
             @check("git", "git command line client")
             def has_git():
                 return matchoutput('git --version 2>&1', r'^git version')
             @check("docutils", "Docutils text processing library")
             def has_docutils():
                 try:
                     from docutils.core import publish_cmdline
                     publish_cmdline # silence unused import
                     return True
                 except ImportError:
                     return False
             def getsvnversion():
                 m = matchoutput('svn --version --quiet 2>&1', r'^(\d+)\.(\d+)')
                 if not m:
                     return (0, 0)
                 return (int(m.group(1)), int(m.group(2)))
             @check("svn15", "subversion client and admin tools >= 1.5")
             def has_svn15():
                 return getsvnversion() >= (1, 5)
             @check("svn13", "subversion client and admin tools >= 1.3")
             def has_svn13():
                 return getsvnversion() >= (1, 3)
             @check("svn", "subversion client and admin tools")
             def has_svn():
                 return matchoutput('svn --version 2>&1', r'^svn, version') and \
                     matchoutput('svnadmin --version 2>&1', r'^svnadmin, version')
             @check("svn-bindings", "subversion python bindings")
             def has_svn_bindings():
                 try:
                     import svn.core
                     version = svn.core.SVN_VER_MAJOR, svn.core.SVN_VER_MINOR
                     if version < (1, 4):
                         return False
                     return True
                 except ImportError:
                     return False
             @check("p4", "Perforce server and client")
             def has_p4():
                 return (matchoutput('p4 -V', r'Rev\. P4/') and
                         matchoutput('p4d -V', r'Rev\. P4D/'))
             @check("symlink", "symbolic links")
             def has_symlink():
                 if getattr(os, "symlink", None) is None:
                     return False
                 name = tempfile.mktemp(dir='.', prefix=tempprefix)
                 try:
                     os.symlink(".", name)
                     os.unlink(name)
                     return True
                 except (OSError, AttributeError):
                     return False
             @check("hardlink", "hardlinks")
             def has_hardlink():
                 from mercurial import util
                 fh, fn = tempfile.mkstemp(dir='.', prefix=tempprefix)
                 os.close(fh)
                 name = tempfile.mktemp(dir='.', prefix=tempprefix)
                 try:
                     try:
                         util.oslink(fn, name)
                         os.unlink(name)
                         return True
                     except OSError:
                         return False
                 finally:
                     os.unlink(fn)
             @check("tla", "GNU Arch tla client")
             def has_tla():
                 return matchoutput('tla --version 2>&1', r'The GNU Arch Revision')
             @check("gpg", "gpg client")
             def has_gpg():
                 return matchoutput('gpg --version 2>&1', r'GnuPG')
             @check("unix-permissions", "unix-style permissions")
             def has_unix_permissions():
                 d = tempfile.mkdtemp(dir='.', prefix=tempprefix)
                 try:
                     fname = os.path.join(d, 'foo')
                     for umask in (077, 007, 022):
                         os.umask(umask)
                         f = open(fname, 'w')
                         f.close()
                         mode = os.stat(fname).st_mode
                         os.unlink(fname)
                         if mode & 0777 != ~umask & 0666:
                             return False
                     return True
                 finally:
                     os.rmdir(d)
             @check("unix-socket", "AF_UNIX socket family")
             def has_unix_socket():
                 return getattr(socket, 'AF_UNIX', None) is not None
             @check("root", "root permissions")
             def has_root():
                 return getattr(os, 'geteuid', None) and os.geteuid() == 0
             @check("pyflakes", "Pyflakes python linter")
             def has_pyflakes():
                 return matchoutput("sh -c \"echo 'import re' 2>&1 | pyflakes\"",
                                    r"<stdin>:1: 're' imported but unused",
                                    True)
             @check("pygments", "Pygments source highlighting library")
             def has_pygments():
                 try:
                     import pygments
                     pygments.highlight # silence unused import warning
                     return True
                 except ImportError:
                     return False
             @check("python243", "python >= 2.4.3")
             def has_python243():
                 return sys.version_info >= (2, 4, 3)
             @check("json", "some json module available")
             def has_json():
                 try:
                     import json
                     json.dumps
                     return True
                 except ImportError:
                     try:
                         import simplejson as json
                         json.dumps
                         return True
                     except ImportError:
                         pass
                 return False
             @check("outer-repo", "outer repo")
             def has_outer_repo():
                 # failing for other reasons than 'no repo' imply that there is a repo
                 return not matchoutput('hg root 2>&1',
                                        r'abort: no repository found', True)
             @check("ssl", ("(python >= 2.6 ssl module and python OpenSSL) "
                            "OR python >= 2.7.9 ssl"))
             def has_ssl():
                 try:
                     import ssl
                     if getattr(ssl, 'create_default_context', False):
                         return True
                     import OpenSSL
                     OpenSSL.SSL.Context
                     return True
                 except ImportError:
                     return False
             @check("defaultcacerts", "can verify SSL certs by system's CA certs store")
             def has_defaultcacerts():
                 from mercurial import sslutil
-                return sslutil._defaultcacerts()
+                return sslutil._defaultcacerts() != '!'
             @check("windows", "Windows")
             def has_windows():
                 return os.name == 'nt'
             @check("system-sh", "system() uses sh")
             def has_system_sh():
                 return os.name != 'nt'
             @check("serve", "platform and python can manage 'hg serve -d'")
             def has_serve():
                 return os.name != 'nt' # gross approximation
             @check("test-repo", "running tests from repository")
             def has_test_repo():
                 t = os.environ["TESTDIR"]
                 return os.path.isdir(os.path.join(t, "..", ".hg"))
             @check("tic", "terminfo compiler and curses module")
             def has_tic():
                 try:
                     import curses
                     curses.COLOR_BLUE
                     return matchoutput('test -x "`which tic`"', '')
                 except ImportError:
                     return False
             @check("msys", "Windows with MSYS")
             def has_msys():
                 return os.getenv('MSYSTEM')
             @check("aix", "AIX")
             def has_aix():
                 return sys.platform.startswith("aix")
             @check("osx", "OS X")
             def has_osx():
                 return sys.platform == 'darwin'
             @check("absimport", "absolute_import in __future__")
             def has_absimport():
                 import __future__
                 from mercurial import util
                 return util.safehasattr(__future__, "absolute_import")
             @check("py3k", "running with Python 3.x")
             def has_py3k():
                 return 3 == sys.version_info[0]

tests/test-https.t

0 +2 -2

             #require serve ssl
             Proper https client requires the built-in ssl from Python 2.6.
             Certificates created with:
              printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \
              openssl req -newkey rsa:512 -keyout priv.pem -nodes -x509 -days 9000 -out pub.pem
             Can be dumped with:
              openssl x509 -in pub.pem -text
               $ cat << EOT > priv.pem
               > -----BEGIN PRIVATE KEY-----
               > MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEApjCWeYGrIa/Vo7LH
               > aRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8
               > j/xgSwIDAQABAkBxHC6+Qlf0VJXGlb6NL16yEVVTQxqDS6hA9zqu6TZjrr0YMfzc
               > EGNIiZGt7HCBL0zO+cPDg/LeCZc6HQhf0KrhAiEAzlJq4hWWzvguWFIJWSoBeBUG
               > MF1ACazQO7PYE8M0qfECIQDONHHP0SKZzz/ZwBZcAveC5K61f/v9hONFwbeYulzR
               > +wIgc9SvbtgB/5Yzpp//4ZAEnR7oh5SClCvyB+KSx52K3nECICbhQphhoXmI10wy
               > aMTellaq0bpNMHFDziqH9RsqAHhjAiEAgYGxfzkftt5IUUn/iFK89aaIpyrpuaAh
               > HY8gUVkVRVs=
               > -----END PRIVATE KEY-----
               > EOT
               $ cat << EOT > pub.pem
               > -----BEGIN CERTIFICATE-----
               > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV
               > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw
               > MTAxNDIwMzAxNFoXDTM1MDYwNTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0
               > MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL
               > ADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX
               > 6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA+amm
               > r24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQw
               > DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAFArvQFiAZJgQczRsbYlG1xl
               > t+truk37w5B3m3Ick1ntRcQrqs+hf0CO1q6Squ144geYaQ8CDirSR92fICELI1c=
               > -----END CERTIFICATE-----
               > EOT
               $ cat priv.pem pub.pem >> server.pem
               $ PRIV=`pwd`/server.pem
               $ cat << EOT > pub-other.pem
               > -----BEGIN CERTIFICATE-----
               > MIIBqzCCAVWgAwIBAgIJALwZS731c/ORMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV
               > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw
               > MTAxNDIwNDUxNloXDTM1MDYwNTIwNDUxNlowMTESMBAGA1UEAwwJbG9jYWxob3N0
               > MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL
               > ADBIAkEAsxsapLbHrqqUKuQBxdpK4G3m2LjtyrTSdpzzzFlecxd5yhNP6AyWrufo
               > K4VMGo2xlu9xOo88nDSUNSKPuD09MwIDAQABo1AwTjAdBgNVHQ4EFgQUoIB1iMhN
               > y868rpQ2qk9dHnU6ebswHwYDVR0jBBgwFoAUoIB1iMhNy868rpQ2qk9dHnU6ebsw
               > DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJ544f125CsE7J2t55PdFaF6
               > bBlNBb91FCywBgSjhBjf+GG3TNPwrPdc3yqeq+hzJiuInqbOBv9abmMyq8Wsoig=
               > -----END CERTIFICATE-----
               > EOT
             pub.pem patched with other notBefore / notAfter:
               $ cat << EOT > pub-not-yet.pem
               > -----BEGIN CERTIFICATE-----
               > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs
               > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTM1MDYwNTIwMzAxNFoXDTM1MDYw
               > NTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv
               > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK
               > EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA
               > +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T
               > BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJXV41gWnkgC7jcpPpFRSUSZaxyzrXmD1CIqQf0WgVDb
               > /12E0vR2DuZitgzUYtBaofM81aTtc0a2/YsrmqePGm0=
               > -----END CERTIFICATE-----
               > EOT
               $ cat priv.pem pub-not-yet.pem > server-not-yet.pem
               $ cat << EOT > pub-expired.pem
               > -----BEGIN CERTIFICATE-----
               > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs
               > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEwMTAxNDIwMzAxNFoXDTEwMTAx
               > NDIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv
               > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK
               > EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA
               > +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T
               > BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJfk57DTRf2nUbYaMSlVAARxMNbFGOjQhAUtY400GhKt
               > 2uiKCNGKXVXD3AHWe13yHc5KttzbHQStE5Nm/DlWBWQ=
               > -----END CERTIFICATE-----
               > EOT
               $ cat priv.pem pub-expired.pem > server-expired.pem
               $ hg init test
               $ cd test
               $ echo foo>foo
               $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg
               $ echo foo>foo.d/foo
               $ echo bar>foo.d/bAr.hg.d/BaR
               $ echo bar>foo.d/baR.d.hg/bAR
               $ hg commit -A -m 1
               adding foo
               adding foo.d/bAr.hg.d/BaR
               adding foo.d/baR.d.hg/bAR
               adding foo.d/foo
               $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV
               $ cat ../hg0.pid >> $DAEMON_PIDS
             cacert not found
               $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/
               abort: could not find web.cacerts: no-such.pem
               [255]
             Test server address cannot be reused
             #if windows
               $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
               abort: cannot start server at ':$HGPORT':
               [255]
             #else
               $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
               abort: cannot start server at ':$HGPORT': Address already in use
               [255]
             #endif
               $ cd ..
             OS X has a dummy CA cert that enables use of the system CA store when using
             Apple's OpenSSL. This trick do not work with plain OpenSSL.
               $ DISABLEOSXDUMMYCERT=
             #if defaultcacerts
               $ hg clone https://localhost:$HGPORT/ copy-pull
               abort: error: *certificate verify failed* (glob)
               [255]
-              $ DISABLEOSXDUMMYCERT="--config=web.cacerts="
+              $ DISABLEOSXDUMMYCERT="--config=web.cacerts=!"
             #endif
             clone via pull
               $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLEOSXDUMMYCERT
               warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
               $ hg verify -R copy-pull
               checking changesets
               checking manifests
               crosschecking files in changesets and manifests
               checking files
 files, 1 changesets, 4 total revisions
               $ cd test
               $ echo bar > bar
               $ hg commit -A -d '1 0' -m 2
               adding bar
               $ cd ..
             pull without cacert
               $ cd copy-pull
               $ echo '[hooks]' >> .hg/hgrc
               $ echo "changegroup = python \"$TESTDIR/printenv.py\" changegroup" >> .hg/hgrc
               $ hg pull $DISABLEOSXDUMMYCERT
               pulling from https://localhost:$HGPORT/
               warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
               searching for changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 1 changes to 1 files
               changegroup hook: HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_URL=https://localhost:$HGPORT/
               (run 'hg update' to get a working copy)
               $ cd ..
             cacert configured in local repo
               $ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu
               $ echo "[web]" >> copy-pull/.hg/hgrc
               $ echo "cacerts=`pwd`/pub.pem" >> copy-pull/.hg/hgrc
               $ hg -R copy-pull pull --traceback
               pulling from https://localhost:$HGPORT/
               searching for changes
               no changes found
               $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc
             cacert configured globally, also testing expansion of environment
             variables in the filename
               $ echo "[web]" >> $HGRCPATH
               $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH
               $ P=`pwd` hg -R copy-pull pull
               pulling from https://localhost:$HGPORT/
               searching for changes
               no changes found
               $ P=`pwd` hg -R copy-pull pull --insecure
               pulling from https://localhost:$HGPORT/
               warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
               searching for changes
               no changes found
             cacert mismatch
               $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/
               pulling from https://127.0.0.1:$HGPORT/
               abort: 127.0.0.1 certificate error: certificate is for localhost
               (configure hostfingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca or use --insecure to connect insecurely)
               [255]
               $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure
               pulling from https://127.0.0.1:$HGPORT/
               warning: 127.0.0.1 certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
               searching for changes
               no changes found
               $ hg -R copy-pull pull --config web.cacerts=pub-other.pem
               pulling from https://localhost:$HGPORT/
               abort: error: *certificate verify failed* (glob)
               [255]
               $ hg -R copy-pull pull --config web.cacerts=pub-other.pem --insecure
               pulling from https://localhost:$HGPORT/
               warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
               searching for changes
               no changes found
             Test server cert which isn't valid yet
               $ hg -R test serve -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem
               $ cat hg1.pid >> $DAEMON_PIDS
               $ hg -R copy-pull pull --config web.cacerts=pub-not-yet.pem https://localhost:$HGPORT1/
               pulling from https://localhost:$HGPORT1/
               abort: error: *certificate verify failed* (glob)
               [255]
             Test server cert which no longer is valid
               $ hg -R test serve -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
               $ cat hg2.pid >> $DAEMON_PIDS
               $ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/
               pulling from https://localhost:$HGPORT2/
               abort: error: *certificate verify failed* (glob)
               [255]
             Fingerprints
               $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc
               $ echo "localhost = 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca" >> copy-pull/.hg/hgrc
               $ echo "127.0.0.1 = 914f1aff87249c09b6859b88b1906d30756491ca" >> copy-pull/.hg/hgrc
             - works without cacerts
-              $ hg -R copy-pull id https://localhost:$HGPORT/ --config web.cacerts=
+              $ hg -R copy-pull id https://localhost:$HGPORT/ --config web.cacerts=!
 fed3813f7f5
             - fails when cert doesn't match hostname (port is ignored)
               $ hg -R copy-pull id https://localhost:$HGPORT1/
               abort: certificate for localhost has unexpected fingerprint 28:ff:71:bf:65:31:14:23:ad:62:92:b4:0e:31:99:18:fc:83:e3:9b
               (check hostfingerprint configuration)
               [255]
             - ignores that certificate doesn't match hostname
               $ hg -R copy-pull id https://127.0.0.1:$HGPORT/
 fed3813f7f5
             HGPORT1 is reused below for tinyproxy tests. Kill that server.
               $ "$TESTDIR/killdaemons.py" hg1.pid
             Prepare for connecting through proxy
               $ "$TESTDIR/tinyproxy.py" $HGPORT1 localhost >proxy.log </dev/null 2>&1 &
               $ while [ ! -f proxy.pid ]; do sleep 0; done
               $ cat proxy.pid >> $DAEMON_PIDS
               $ echo "[http_proxy]" >> copy-pull/.hg/hgrc
               $ echo "always=True" >> copy-pull/.hg/hgrc
               $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc
               $ echo "localhost =" >> copy-pull/.hg/hgrc
             Test unvalidated https through proxy
               $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure --traceback
               pulling from https://localhost:$HGPORT/
               warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
               searching for changes
               no changes found
             Test https with cacert and fingerprint through proxy
               $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub.pem
               pulling from https://localhost:$HGPORT/
               searching for changes
               no changes found
               $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://127.0.0.1:$HGPORT/
               pulling from https://127.0.0.1:$HGPORT/
               searching for changes
               no changes found
             Test https with cert problems through proxy
               $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-other.pem
               pulling from https://localhost:$HGPORT/
               abort: error: *certificate verify failed* (glob)
               [255]
               $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/
               pulling from https://localhost:$HGPORT2/
               abort: error: *certificate verify failed* (glob)
               [255]

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages