Show More
@@ -1,116 +1,119 b'' | |||
|
1 | 1 | # Copyright (C) 2015 - Mike Edgar <adgar@google.com> |
|
2 | 2 | # |
|
3 | 3 | # This extension enables removal of file content at a given revision, |
|
4 | 4 | # rewriting the data/metadata of successive revisions to preserve revision log |
|
5 | 5 | # integrity. |
|
6 | 6 | |
|
7 | 7 | """erase file content at a given revision |
|
8 | 8 | |
|
9 | 9 | The censor command instructs Mercurial to erase all content of a file at a given |
|
10 | 10 | revision *without updating the changeset hash.* This allows existing history to |
|
11 | 11 | remain valid while preventing future clones/pulls from receiving the erased |
|
12 | 12 | data. |
|
13 | 13 | |
|
14 | 14 | Typical uses for censor are due to security or legal requirements, including:: |
|
15 | 15 | |
|
16 | 16 | * Passwords, private keys, cryptographic material |
|
17 | 17 | * Licensed data/code/libraries for which the license has expired |
|
18 | 18 | * Personally Identifiable Information or other private data |
|
19 | 19 | |
|
20 | 20 | Censored nodes can interrupt mercurial's typical operation whenever the excised |
|
21 | 21 | data needs to be materialized. Some commands, like ``hg cat``/``hg revert``, |
|
22 | 22 | simply fail when asked to produce censored data. Others, like ``hg verify`` and |
|
23 | 23 | ``hg update``, must be capable of tolerating censored data to continue to |
|
24 | 24 | function in a meaningful way. Such commands only tolerate censored file |
|
25 | 25 | revisions if they are allowed by the "censor.policy=ignore" config option. |
|
26 | ||
|
27 | A few informative commands such as ``hg grep`` will unconditionally | |
|
28 | ignore censored data and merely report that it was encountered. | |
|
26 | 29 | """ |
|
27 | 30 | |
|
28 | 31 | from __future__ import absolute_import |
|
29 | 32 | |
|
30 | 33 | from mercurial.i18n import _ |
|
31 | 34 | from mercurial.node import short |
|
32 | 35 | |
|
33 | 36 | from mercurial import ( |
|
34 | 37 | error, |
|
35 | 38 | registrar, |
|
36 | 39 | scmutil, |
|
37 | 40 | ) |
|
38 | 41 | |
|
39 | 42 | cmdtable = {} |
|
40 | 43 | command = registrar.command(cmdtable) |
|
41 | 44 | # Note for extension authors: ONLY specify testedwith = 'ships-with-hg-core' for |
|
42 | 45 | # extensions which SHIP WITH MERCURIAL. Non-mainline extensions should |
|
43 | 46 | # be specifying the version(s) of Mercurial they are tested with, or |
|
44 | 47 | # leave the attribute unspecified. |
|
45 | 48 | testedwith = b'ships-with-hg-core' |
|
46 | 49 | |
|
47 | 50 | |
|
48 | 51 | @command( |
|
49 | 52 | b'censor', |
|
50 | 53 | [ |
|
51 | 54 | ( |
|
52 | 55 | b'r', |
|
53 | 56 | b'rev', |
|
54 | 57 | b'', |
|
55 | 58 | _(b'censor file from specified revision'), |
|
56 | 59 | _(b'REV'), |
|
57 | 60 | ), |
|
58 | 61 | (b't', b'tombstone', b'', _(b'replacement tombstone data'), _(b'TEXT')), |
|
59 | 62 | ], |
|
60 | 63 | _(b'-r REV [-t TEXT] [FILE]'), |
|
61 | 64 | helpcategory=command.CATEGORY_MAINTENANCE, |
|
62 | 65 | ) |
|
63 | 66 | def censor(ui, repo, path, rev=b'', tombstone=b'', **opts): |
|
64 | 67 | with repo.wlock(), repo.lock(): |
|
65 | 68 | return _docensor(ui, repo, path, rev, tombstone, **opts) |
|
66 | 69 | |
|
67 | 70 | |
|
68 | 71 | def _docensor(ui, repo, path, rev=b'', tombstone=b'', **opts): |
|
69 | 72 | if not path: |
|
70 | 73 | raise error.Abort(_(b'must specify file path to censor')) |
|
71 | 74 | if not rev: |
|
72 | 75 | raise error.Abort(_(b'must specify revision to censor')) |
|
73 | 76 | |
|
74 | 77 | wctx = repo[None] |
|
75 | 78 | |
|
76 | 79 | m = scmutil.match(wctx, (path,)) |
|
77 | 80 | if m.anypats() or len(m.files()) != 1: |
|
78 | 81 | raise error.Abort(_(b'can only specify an explicit filename')) |
|
79 | 82 | path = m.files()[0] |
|
80 | 83 | flog = repo.file(path) |
|
81 | 84 | if not len(flog): |
|
82 | 85 | raise error.Abort(_(b'cannot censor file with no history')) |
|
83 | 86 | |
|
84 | 87 | rev = scmutil.revsingle(repo, rev, rev).rev() |
|
85 | 88 | try: |
|
86 | 89 | ctx = repo[rev] |
|
87 | 90 | except KeyError: |
|
88 | 91 | raise error.Abort(_(b'invalid revision identifier %s') % rev) |
|
89 | 92 | |
|
90 | 93 | try: |
|
91 | 94 | fctx = ctx.filectx(path) |
|
92 | 95 | except error.LookupError: |
|
93 | 96 | raise error.Abort(_(b'file does not exist at revision %s') % rev) |
|
94 | 97 | |
|
95 | 98 | fnode = fctx.filenode() |
|
96 | 99 | heads = [] |
|
97 | 100 | for headnode in repo.heads(): |
|
98 | 101 | hc = repo[headnode] |
|
99 | 102 | if path in hc and hc.filenode(path) == fnode: |
|
100 | 103 | heads.append(hc) |
|
101 | 104 | if heads: |
|
102 | 105 | headlist = b', '.join([short(c.node()) for c in heads]) |
|
103 | 106 | raise error.Abort( |
|
104 | 107 | _(b'cannot censor file in heads (%s)') % headlist, |
|
105 | 108 | hint=_(b'clean/delete and commit first'), |
|
106 | 109 | ) |
|
107 | 110 | |
|
108 | 111 | wp = wctx.parents() |
|
109 | 112 | if ctx.node() in [p.node() for p in wp]: |
|
110 | 113 | raise error.Abort( |
|
111 | 114 | _(b'cannot censor working directory'), |
|
112 | 115 | hint=_(b'clean/delete/update first'), |
|
113 | 116 | ) |
|
114 | 117 | |
|
115 | 118 | with repo.transaction(b'censor') as tr: |
|
116 | 119 | flog.censorrevision(tr, fnode, tombstone=tombstone) |
General Comments 0
You need to be logged in to leave comments.
Login now