##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

censor: document that some commands simply ignore censored data...
Jordi Gutiérrez Hermoso -
r43623:bec73401 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,116 +1,119 b''
1 # Copyright (C) 2015 - Mike Edgar <adgar@google.com>
1 # Copyright (C) 2015 - Mike Edgar <adgar@google.com>
2 #
2 #
3 # This extension enables removal of file content at a given revision,
3 # This extension enables removal of file content at a given revision,
4 # rewriting the data/metadata of successive revisions to preserve revision log
4 # rewriting the data/metadata of successive revisions to preserve revision log
5 # integrity.
5 # integrity.
6
6
7 """erase file content at a given revision
7 """erase file content at a given revision
8
8
9 The censor command instructs Mercurial to erase all content of a file at a given
9 The censor command instructs Mercurial to erase all content of a file at a given
10 revision *without updating the changeset hash.* This allows existing history to
10 revision *without updating the changeset hash.* This allows existing history to
11 remain valid while preventing future clones/pulls from receiving the erased
11 remain valid while preventing future clones/pulls from receiving the erased
12 data.
12 data.
13
13
14 Typical uses for censor are due to security or legal requirements, including::
14 Typical uses for censor are due to security or legal requirements, including::
15
15
16 * Passwords, private keys, cryptographic material
16 * Passwords, private keys, cryptographic material
17 * Licensed data/code/libraries for which the license has expired
17 * Licensed data/code/libraries for which the license has expired
18 * Personally Identifiable Information or other private data
18 * Personally Identifiable Information or other private data
19
19
20 Censored nodes can interrupt mercurial's typical operation whenever the excised
20 Censored nodes can interrupt mercurial's typical operation whenever the excised
21 data needs to be materialized. Some commands, like ``hg cat``/``hg revert``,
21 data needs to be materialized. Some commands, like ``hg cat``/``hg revert``,
22 simply fail when asked to produce censored data. Others, like ``hg verify`` and
22 simply fail when asked to produce censored data. Others, like ``hg verify`` and
23 ``hg update``, must be capable of tolerating censored data to continue to
23 ``hg update``, must be capable of tolerating censored data to continue to
24 function in a meaningful way. Such commands only tolerate censored file
24 function in a meaningful way. Such commands only tolerate censored file
25 revisions if they are allowed by the "censor.policy=ignore" config option.
25 revisions if they are allowed by the "censor.policy=ignore" config option.
26
27 A few informative commands such as ``hg grep`` will unconditionally
28 ignore censored data and merely report that it was encountered.
26 """
29 """
27
30
28 from __future__ import absolute_import
31 from __future__ import absolute_import
29
32
30 from mercurial.i18n import _
33 from mercurial.i18n import _
31 from mercurial.node import short
34 from mercurial.node import short
32
35
33 from mercurial import (
36 from mercurial import (
34 error,
37 error,
35 registrar,
38 registrar,
36 scmutil,
39 scmutil,
37 )
40 )
38
41
39 cmdtable = {}
42 cmdtable = {}
40 command = registrar.command(cmdtable)
43 command = registrar.command(cmdtable)
41 # Note for extension authors: ONLY specify testedwith = 'ships-with-hg-core' for
44 # Note for extension authors: ONLY specify testedwith = 'ships-with-hg-core' for
42 # extensions which SHIP WITH MERCURIAL. Non-mainline extensions should
45 # extensions which SHIP WITH MERCURIAL. Non-mainline extensions should
43 # be specifying the version(s) of Mercurial they are tested with, or
46 # be specifying the version(s) of Mercurial they are tested with, or
44 # leave the attribute unspecified.
47 # leave the attribute unspecified.
45 testedwith = b'ships-with-hg-core'
48 testedwith = b'ships-with-hg-core'
46
49
47
50
48 @command(
51 @command(
49 b'censor',
52 b'censor',
50 [
53 [
51 (
54 (
52 b'r',
55 b'r',
53 b'rev',
56 b'rev',
54 b'',
57 b'',
55 _(b'censor file from specified revision'),
58 _(b'censor file from specified revision'),
56 _(b'REV'),
59 _(b'REV'),
57 ),
60 ),
58 (b't', b'tombstone', b'', _(b'replacement tombstone data'), _(b'TEXT')),
61 (b't', b'tombstone', b'', _(b'replacement tombstone data'), _(b'TEXT')),
59 ],
62 ],
60 _(b'-r REV [-t TEXT] [FILE]'),
63 _(b'-r REV [-t TEXT] [FILE]'),
61 helpcategory=command.CATEGORY_MAINTENANCE,
64 helpcategory=command.CATEGORY_MAINTENANCE,
62 )
65 )
63 def censor(ui, repo, path, rev=b'', tombstone=b'', **opts):
66 def censor(ui, repo, path, rev=b'', tombstone=b'', **opts):
64 with repo.wlock(), repo.lock():
67 with repo.wlock(), repo.lock():
65 return _docensor(ui, repo, path, rev, tombstone, **opts)
68 return _docensor(ui, repo, path, rev, tombstone, **opts)
66
69
67
70
68 def _docensor(ui, repo, path, rev=b'', tombstone=b'', **opts):
71 def _docensor(ui, repo, path, rev=b'', tombstone=b'', **opts):
69 if not path:
72 if not path:
70 raise error.Abort(_(b'must specify file path to censor'))
73 raise error.Abort(_(b'must specify file path to censor'))
71 if not rev:
74 if not rev:
72 raise error.Abort(_(b'must specify revision to censor'))
75 raise error.Abort(_(b'must specify revision to censor'))
73
76
74 wctx = repo[None]
77 wctx = repo[None]
75
78
76 m = scmutil.match(wctx, (path,))
79 m = scmutil.match(wctx, (path,))
77 if m.anypats() or len(m.files()) != 1:
80 if m.anypats() or len(m.files()) != 1:
78 raise error.Abort(_(b'can only specify an explicit filename'))
81 raise error.Abort(_(b'can only specify an explicit filename'))
79 path = m.files()[0]
82 path = m.files()[0]
80 flog = repo.file(path)
83 flog = repo.file(path)
81 if not len(flog):
84 if not len(flog):
82 raise error.Abort(_(b'cannot censor file with no history'))
85 raise error.Abort(_(b'cannot censor file with no history'))
83
86
84 rev = scmutil.revsingle(repo, rev, rev).rev()
87 rev = scmutil.revsingle(repo, rev, rev).rev()
85 try:
88 try:
86 ctx = repo[rev]
89 ctx = repo[rev]
87 except KeyError:
90 except KeyError:
88 raise error.Abort(_(b'invalid revision identifier %s') % rev)
91 raise error.Abort(_(b'invalid revision identifier %s') % rev)
89
92
90 try:
93 try:
91 fctx = ctx.filectx(path)
94 fctx = ctx.filectx(path)
92 except error.LookupError:
95 except error.LookupError:
93 raise error.Abort(_(b'file does not exist at revision %s') % rev)
96 raise error.Abort(_(b'file does not exist at revision %s') % rev)
94
97
95 fnode = fctx.filenode()
98 fnode = fctx.filenode()
96 heads = []
99 heads = []
97 for headnode in repo.heads():
100 for headnode in repo.heads():
98 hc = repo[headnode]
101 hc = repo[headnode]
99 if path in hc and hc.filenode(path) == fnode:
102 if path in hc and hc.filenode(path) == fnode:
100 heads.append(hc)
103 heads.append(hc)
101 if heads:
104 if heads:
102 headlist = b', '.join([short(c.node()) for c in heads])
105 headlist = b', '.join([short(c.node()) for c in heads])
103 raise error.Abort(
106 raise error.Abort(
104 _(b'cannot censor file in heads (%s)') % headlist,
107 _(b'cannot censor file in heads (%s)') % headlist,
105 hint=_(b'clean/delete and commit first'),
108 hint=_(b'clean/delete and commit first'),
106 )
109 )
107
110
108 wp = wctx.parents()
111 wp = wctx.parents()
109 if ctx.node() in [p.node() for p in wp]:
112 if ctx.node() in [p.node() for p in wp]:
110 raise error.Abort(
113 raise error.Abort(
111 _(b'cannot censor working directory'),
114 _(b'cannot censor working directory'),
112 hint=_(b'clean/delete/update first'),
115 hint=_(b'clean/delete/update first'),
113 )
116 )
114
117
115 with repo.transaction(b'censor') as tr:
118 with repo.transaction(b'censor') as tr:
116 flog.censorrevision(tr, fnode, tombstone=tombstone)
119 flog.censorrevision(tr, fnode, tombstone=tombstone)
General Comments 0
You need to be logged in to leave comments. Login now