Show More
@@ -1,140 +1,144 b'' | |||||
1 | # Copyright (C) 2015 - Mike Edgar <adgar@google.com> |
|
1 | # Copyright (C) 2015 - Mike Edgar <adgar@google.com> | |
2 | # |
|
2 | # | |
3 | # This extension enables removal of file content at a given revision, |
|
3 | # This extension enables removal of file content at a given revision, | |
4 | # rewriting the data/metadata of successive revisions to preserve revision log |
|
4 | # rewriting the data/metadata of successive revisions to preserve revision log | |
5 | # integrity. |
|
5 | # integrity. | |
6 |
|
6 | |||
7 | """erase file content at a given revision |
|
7 | """erase file content at a given revision | |
8 |
|
8 | |||
9 | The censor command instructs Mercurial to erase all content of a file at a given |
|
9 | The censor command instructs Mercurial to erase all content of a file at a given | |
10 | revision *without updating the changeset hash.* This allows existing history to |
|
10 | revision *without updating the changeset hash.* This allows existing history to | |
11 | remain valid while preventing future clones/pulls from receiving the erased |
|
11 | remain valid while preventing future clones/pulls from receiving the erased | |
12 | data. |
|
12 | data. | |
13 |
|
13 | |||
14 | Typical uses for censor are due to security or legal requirements, including:: |
|
14 | Typical uses for censor are due to security or legal requirements, including:: | |
15 |
|
15 | |||
16 | * Passwords, private keys, cryptographic material |
|
16 | * Passwords, private keys, cryptographic material | |
17 | * Licensed data/code/libraries for which the license has expired |
|
17 | * Licensed data/code/libraries for which the license has expired | |
18 | * Personally Identifiable Information or other private data |
|
18 | * Personally Identifiable Information or other private data | |
19 |
|
19 | |||
20 | Censored nodes can interrupt mercurial's typical operation whenever the excised |
|
20 | Censored nodes can interrupt mercurial's typical operation whenever the excised | |
21 | data needs to be materialized. Some commands, like ``hg cat``/``hg revert``, |
|
21 | data needs to be materialized. Some commands, like ``hg cat``/``hg revert``, | |
22 | simply fail when asked to produce censored data. Others, like ``hg verify`` and |
|
22 | simply fail when asked to produce censored data. Others, like ``hg verify`` and | |
23 | ``hg update``, must be capable of tolerating censored data to continue to |
|
23 | ``hg update``, must be capable of tolerating censored data to continue to | |
24 | function in a meaningful way. Such commands only tolerate censored file |
|
24 | function in a meaningful way. Such commands only tolerate censored file | |
25 | As having a censored version in a checkout is impractical. The current head |
|
25 | As having a censored version in a checkout is impractical. The current head | |
26 | revisions of the repository are checked. If the revision to be censored is in |
|
26 | revisions of the repository are checked. If the revision to be censored is in | |
27 | any of them the command will abort. |
|
27 | any of them the command will abort. | |
28 |
|
28 | |||
29 | A few informative commands such as ``hg grep`` will unconditionally |
|
29 | A few informative commands such as ``hg grep`` will unconditionally | |
30 | ignore censored data and merely report that it was encountered. |
|
30 | ignore censored data and merely report that it was encountered. | |
31 | """ |
|
31 | """ | |
32 |
|
32 | |||
33 |
|
33 | |||
34 | from mercurial.i18n import _ |
|
34 | from mercurial.i18n import _ | |
35 | from mercurial.node import short |
|
35 | from mercurial.node import short | |
36 |
|
36 | |||
37 | from mercurial import ( |
|
37 | from mercurial import ( | |
38 | error, |
|
38 | error, | |
39 | logcmdutil, |
|
39 | logcmdutil, | |
40 | registrar, |
|
40 | registrar, | |
41 | scmutil, |
|
41 | scmutil, | |
42 | ) |
|
42 | ) | |
43 |
|
43 | |||
44 | cmdtable = {} |
|
44 | cmdtable = {} | |
45 | command = registrar.command(cmdtable) |
|
45 | command = registrar.command(cmdtable) | |
46 | # Note for extension authors: ONLY specify testedwith = 'ships-with-hg-core' for |
|
46 | # Note for extension authors: ONLY specify testedwith = 'ships-with-hg-core' for | |
47 | # extensions which SHIP WITH MERCURIAL. Non-mainline extensions should |
|
47 | # extensions which SHIP WITH MERCURIAL. Non-mainline extensions should | |
48 | # be specifying the version(s) of Mercurial they are tested with, or |
|
48 | # be specifying the version(s) of Mercurial they are tested with, or | |
49 | # leave the attribute unspecified. |
|
49 | # leave the attribute unspecified. | |
50 | testedwith = b'ships-with-hg-core' |
|
50 | testedwith = b'ships-with-hg-core' | |
51 |
|
51 | |||
52 |
|
52 | |||
53 | @command( |
|
53 | @command( | |
54 | b'censor', |
|
54 | b'censor', | |
55 | [ |
|
55 | [ | |
56 | ( |
|
56 | ( | |
57 | b'r', |
|
57 | b'r', | |
58 | b'rev', |
|
58 | b'rev', | |
59 | b'', |
|
59 | b'', | |
60 | _(b'censor file from specified revision'), |
|
60 | _(b'censor file from specified revision'), | |
61 | _(b'REV'), |
|
61 | _(b'REV'), | |
62 | ), |
|
62 | ), | |
63 | ( |
|
63 | ( | |
64 | b'', |
|
64 | b'', | |
65 | b'check-heads', |
|
65 | b'check-heads', | |
66 | True, |
|
66 | True, | |
67 | _(b'check that repository heads are not affected'), |
|
67 | _(b'check that repository heads are not affected'), | |
68 | ), |
|
68 | ), | |
69 | (b't', b'tombstone', b'', _(b'replacement tombstone data'), _(b'TEXT')), |
|
69 | (b't', b'tombstone', b'', _(b'replacement tombstone data'), _(b'TEXT')), | |
70 | ], |
|
70 | ], | |
71 | _(b'-r REV [-t TEXT] [FILE]'), |
|
71 | _(b'-r REV [-t TEXT] [FILE]'), | |
72 | helpcategory=command.CATEGORY_MAINTENANCE, |
|
72 | helpcategory=command.CATEGORY_MAINTENANCE, | |
73 | ) |
|
73 | ) | |
74 | def censor(ui, repo, path, rev=b'', tombstone=b'', check_heads=True, **opts): |
|
74 | def censor(ui, repo, path, rev=b'', tombstone=b'', check_heads=True, **opts): | |
75 | with repo.wlock(), repo.lock(): |
|
75 | with repo.wlock(), repo.lock(): | |
76 | return _docensor( |
|
76 | return _docensor( | |
77 | ui, |
|
77 | ui, | |
78 | repo, |
|
78 | repo, | |
79 | path, |
|
79 | path, | |
80 | rev, |
|
80 | rev, | |
81 | tombstone, |
|
81 | tombstone, | |
82 | check_heads=check_heads, |
|
82 | check_heads=check_heads, | |
83 | **opts, |
|
83 | **opts, | |
84 | ) |
|
84 | ) | |
85 |
|
85 | |||
86 |
|
86 | |||
87 | def _docensor(ui, repo, path, rev=b'', tombstone=b'', check_heads=True, **opts): |
|
87 | def _docensor(ui, repo, path, rev=b'', tombstone=b'', check_heads=True, **opts): | |
88 | if not path: |
|
88 | if not path: | |
89 | raise error.Abort(_(b'must specify file path to censor')) |
|
89 | raise error.Abort(_(b'must specify file path to censor')) | |
90 | if not rev: |
|
90 | if not rev: | |
91 | raise error.Abort(_(b'must specify revision to censor')) |
|
91 | raise error.Abort(_(b'must specify revision to censor')) | |
92 |
|
92 | |||
93 | wctx = repo[None] |
|
93 | wctx = repo[None] | |
94 |
|
94 | |||
95 | m = scmutil.match(wctx, (path,)) |
|
95 | m = scmutil.match(wctx, (path,)) | |
96 | if m.anypats() or len(m.files()) != 1: |
|
96 | if m.anypats() or len(m.files()) != 1: | |
97 | raise error.Abort(_(b'can only specify an explicit filename')) |
|
97 | raise error.Abort(_(b'can only specify an explicit filename')) | |
98 | path = m.files()[0] |
|
98 | path = m.files()[0] | |
99 | flog = repo.file(path) |
|
99 | flog = repo.file(path) | |
100 | if not len(flog): |
|
100 | if not len(flog): | |
101 | raise error.Abort(_(b'cannot censor file with no history')) |
|
101 | raise error.Abort(_(b'cannot censor file with no history')) | |
102 |
|
102 | |||
103 | rev = logcmdutil.revsingle(repo, rev, rev).rev() |
|
103 | rev = logcmdutil.revsingle(repo, rev, rev).rev() | |
104 | try: |
|
104 | try: | |
105 | ctx = repo[rev] |
|
105 | ctx = repo[rev] | |
106 | except KeyError: |
|
106 | except KeyError: | |
107 | raise error.Abort(_(b'invalid revision identifier %s') % rev) |
|
107 | raise error.Abort(_(b'invalid revision identifier %s') % rev) | |
108 |
|
108 | |||
109 | try: |
|
109 | try: | |
110 | fctx = ctx.filectx(path) |
|
110 | fctx = ctx.filectx(path) | |
111 | except error.LookupError: |
|
111 | except error.LookupError: | |
112 | raise error.Abort(_(b'file does not exist at revision %s') % rev) |
|
112 | raise error.Abort(_(b'file does not exist at revision %s') % rev) | |
113 |
|
113 | |||
114 | fnode = fctx.filenode() |
|
114 | fnode = fctx.filenode() | |
115 | if check_heads: |
|
115 | if check_heads: | |
116 | heads = [] |
|
116 | heads = [] | |
117 | repo_heads = repo.heads() |
|
117 | repo_heads = repo.heads() | |
118 | msg = b'checking for the censored content in %d heads\n' |
|
118 | msg = b'checking for the censored content in %d heads\n' | |
119 | msg %= len(repo_heads) |
|
119 | msg %= len(repo_heads) | |
120 | ui.status(msg) |
|
120 | ui.status(msg) | |
121 | for headnode in repo_heads: |
|
121 | for headnode in repo_heads: | |
122 | hc = repo[headnode] |
|
122 | hc = repo[headnode] | |
123 | if path in hc and hc.filenode(path) == fnode: |
|
123 | if path in hc and hc.filenode(path) == fnode: | |
124 | heads.append(hc) |
|
124 | heads.append(hc) | |
125 | if heads: |
|
125 | if heads: | |
126 | headlist = b', '.join([short(c.node()) for c in heads]) |
|
126 | headlist = b', '.join([short(c.node()) for c in heads]) | |
127 | raise error.Abort( |
|
127 | raise error.Abort( | |
128 | _(b'cannot censor file in heads (%s)') % headlist, |
|
128 | _(b'cannot censor file in heads (%s)') % headlist, | |
129 | hint=_(b'clean/delete and commit first'), |
|
129 | hint=_(b'clean/delete and commit first'), | |
130 | ) |
|
130 | ) | |
131 |
|
131 | |||
|
132 | msg = b'checking for the censored content in the working directory\n' | |||
|
133 | ui.status(msg) | |||
132 | wp = wctx.parents() |
|
134 | wp = wctx.parents() | |
133 | if ctx.node() in [p.node() for p in wp]: |
|
135 | if ctx.node() in [p.node() for p in wp]: | |
134 | raise error.Abort( |
|
136 | raise error.Abort( | |
135 | _(b'cannot censor working directory'), |
|
137 | _(b'cannot censor working directory'), | |
136 | hint=_(b'clean/delete/update first'), |
|
138 | hint=_(b'clean/delete/update first'), | |
137 | ) |
|
139 | ) | |
138 |
|
140 | |||
|
141 | msg = b'censoring 1 file revision\n' | |||
|
142 | ui.status(msg) | |||
139 | with repo.transaction(b'censor') as tr: |
|
143 | with repo.transaction(b'censor') as tr: | |
140 | flog.censorrevision(tr, fnode, tombstone=tombstone) |
|
144 | flog.censorrevision(tr, fnode, tombstone=tombstone) |
@@ -1,636 +1,655 b'' | |||||
1 | #require no-reposimplestore |
|
1 | #require no-reposimplestore | |
2 | #testcases revlogv1 revlogv2 |
|
2 | #testcases revlogv1 revlogv2 | |
3 |
|
3 | |||
4 | #if revlogv2 |
|
4 | #if revlogv2 | |
5 |
|
5 | |||
6 | $ cat >> $HGRCPATH <<EOF |
|
6 | $ cat >> $HGRCPATH <<EOF | |
7 | > [experimental] |
|
7 | > [experimental] | |
8 | > revlogv2=enable-unstable-format-and-corrupt-my-data |
|
8 | > revlogv2=enable-unstable-format-and-corrupt-my-data | |
9 | > EOF |
|
9 | > EOF | |
10 |
|
10 | |||
11 | #endif |
|
11 | #endif | |
12 |
|
12 | |||
13 | $ cp $HGRCPATH $HGRCPATH.orig |
|
13 | $ cp $HGRCPATH $HGRCPATH.orig | |
14 |
|
14 | |||
15 | Create repo with unimpeachable content |
|
15 | Create repo with unimpeachable content | |
16 |
|
16 | |||
17 | $ hg init r |
|
17 | $ hg init r | |
18 | $ cd r |
|
18 | $ cd r | |
19 | $ echo 'Initially untainted file' > target |
|
19 | $ echo 'Initially untainted file' > target | |
20 | $ echo 'Normal file here' > bystander |
|
20 | $ echo 'Normal file here' > bystander | |
21 | $ hg add target bystander |
|
21 | $ hg add target bystander | |
22 | $ hg ci -m init |
|
22 | $ hg ci -m init | |
23 |
|
23 | |||
24 | Clone repo so we can test pull later |
|
24 | Clone repo so we can test pull later | |
25 |
|
25 | |||
26 | $ cd .. |
|
26 | $ cd .. | |
27 | $ hg clone r rpull |
|
27 | $ hg clone r rpull | |
28 | updating to branch default |
|
28 | updating to branch default | |
29 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
29 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
30 | $ cd r |
|
30 | $ cd r | |
31 |
|
31 | |||
32 | Introduce content which will ultimately require censorship. Name the first |
|
32 | Introduce content which will ultimately require censorship. Name the first | |
33 | censored node C1, second C2, and so on |
|
33 | censored node C1, second C2, and so on | |
34 |
|
34 | |||
35 | $ echo 'Tainted file' > target |
|
35 | $ echo 'Tainted file' > target | |
36 | $ echo 'Passwords: hunter2' >> target |
|
36 | $ echo 'Passwords: hunter2' >> target | |
37 | $ hg ci -m taint target |
|
37 | $ hg ci -m taint target | |
38 | $ C1=`hg id --debug -i` |
|
38 | $ C1=`hg id --debug -i` | |
39 |
|
39 | |||
40 | $ echo 'hunter3' >> target |
|
40 | $ echo 'hunter3' >> target | |
41 | $ echo 'Normal file v2' > bystander |
|
41 | $ echo 'Normal file v2' > bystander | |
42 | $ hg ci -m moretaint target bystander |
|
42 | $ hg ci -m moretaint target bystander | |
43 | $ C2=`hg id --debug -i` |
|
43 | $ C2=`hg id --debug -i` | |
44 |
|
44 | |||
45 | Add a new sanitized versions to correct our mistake. Name the first head H1, |
|
45 | Add a new sanitized versions to correct our mistake. Name the first head H1, | |
46 | the second head H2, and so on |
|
46 | the second head H2, and so on | |
47 |
|
47 | |||
48 | $ echo 'Tainted file is now sanitized' > target |
|
48 | $ echo 'Tainted file is now sanitized' > target | |
49 | $ hg ci -m sanitized target |
|
49 | $ hg ci -m sanitized target | |
50 | $ H1=`hg id --debug -i` |
|
50 | $ H1=`hg id --debug -i` | |
51 |
|
51 | |||
52 | $ hg update -r $C2 |
|
52 | $ hg update -r $C2 | |
53 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
53 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
54 | $ echo 'Tainted file now super sanitized' > target |
|
54 | $ echo 'Tainted file now super sanitized' > target | |
55 | $ hg ci -m 'super sanitized' target |
|
55 | $ hg ci -m 'super sanitized' target | |
56 | created new head |
|
56 | created new head | |
57 | $ H2=`hg id --debug -i` |
|
57 | $ H2=`hg id --debug -i` | |
58 |
|
58 | |||
59 | Verify target contents before censorship at each revision |
|
59 | Verify target contents before censorship at each revision | |
60 |
|
60 | |||
61 | $ hg cat -r $H1 target | head -n 10 |
|
61 | $ hg cat -r $H1 target | head -n 10 | |
62 | Tainted file is now sanitized |
|
62 | Tainted file is now sanitized | |
63 | $ hg cat -r $H2 target | head -n 10 |
|
63 | $ hg cat -r $H2 target | head -n 10 | |
64 | Tainted file now super sanitized |
|
64 | Tainted file now super sanitized | |
65 | $ hg cat -r $C2 target | head -n 10 |
|
65 | $ hg cat -r $C2 target | head -n 10 | |
66 | Tainted file |
|
66 | Tainted file | |
67 | Passwords: hunter2 |
|
67 | Passwords: hunter2 | |
68 | hunter3 |
|
68 | hunter3 | |
69 | $ hg cat -r $C1 target | head -n 10 |
|
69 | $ hg cat -r $C1 target | head -n 10 | |
70 | Tainted file |
|
70 | Tainted file | |
71 | Passwords: hunter2 |
|
71 | Passwords: hunter2 | |
72 | $ hg cat -r 0 target | head -n 10 |
|
72 | $ hg cat -r 0 target | head -n 10 | |
73 | Initially untainted file |
|
73 | Initially untainted file | |
74 |
|
74 | |||
75 | Censor revision with 2 offenses |
|
75 | Censor revision with 2 offenses | |
76 |
|
76 | |||
77 | (this also tests file pattern matching: path relative to cwd case) |
|
77 | (this also tests file pattern matching: path relative to cwd case) | |
78 |
|
78 | |||
79 | $ mkdir -p foo/bar/baz |
|
79 | $ mkdir -p foo/bar/baz | |
80 | $ hg --config extensions.censor= --cwd foo/bar/baz censor -r $C2 -t "remove password" ../../../target |
|
80 | $ hg --config extensions.censor= --cwd foo/bar/baz censor -r $C2 -t "remove password" ../../../target | |
81 | checking for the censored content in 2 heads |
|
81 | checking for the censored content in 2 heads | |
|
82 | checking for the censored content in the working directory | |||
|
83 | censoring 1 file revision | |||
82 | $ hg cat -r $H1 target | head -n 10 |
|
84 | $ hg cat -r $H1 target | head -n 10 | |
83 | Tainted file is now sanitized |
|
85 | Tainted file is now sanitized | |
84 | $ hg cat -r $H2 target | head -n 10 |
|
86 | $ hg cat -r $H2 target | head -n 10 | |
85 | Tainted file now super sanitized |
|
87 | Tainted file now super sanitized | |
86 | $ hg cat -r $C2 target | head -n 10 |
|
88 | $ hg cat -r $C2 target | head -n 10 | |
87 | abort: censored node: 1e0247a9a4b7 |
|
89 | abort: censored node: 1e0247a9a4b7 | |
88 | (set censor.policy to ignore errors) |
|
90 | (set censor.policy to ignore errors) | |
89 | $ hg cat -r $C1 target | head -n 10 |
|
91 | $ hg cat -r $C1 target | head -n 10 | |
90 | Tainted file |
|
92 | Tainted file | |
91 | Passwords: hunter2 |
|
93 | Passwords: hunter2 | |
92 | $ hg cat -r 0 target | head -n 10 |
|
94 | $ hg cat -r 0 target | head -n 10 | |
93 | Initially untainted file |
|
95 | Initially untainted file | |
94 |
|
96 | |||
95 | Censor revision with 1 offense |
|
97 | Censor revision with 1 offense | |
96 |
|
98 | |||
97 | (this also tests file pattern matching: with 'path:' scheme) |
|
99 | (this also tests file pattern matching: with 'path:' scheme) | |
98 |
|
100 | |||
99 | $ hg --config extensions.censor= --cwd foo/bar/baz censor -r $C1 path:target |
|
101 | $ hg --config extensions.censor= --cwd foo/bar/baz censor -r $C1 path:target | |
100 | checking for the censored content in 2 heads |
|
102 | checking for the censored content in 2 heads | |
|
103 | checking for the censored content in the working directory | |||
|
104 | censoring 1 file revision | |||
101 | $ hg cat -r $H1 target | head -n 10 |
|
105 | $ hg cat -r $H1 target | head -n 10 | |
102 | Tainted file is now sanitized |
|
106 | Tainted file is now sanitized | |
103 | $ hg cat -r $H2 target | head -n 10 |
|
107 | $ hg cat -r $H2 target | head -n 10 | |
104 | Tainted file now super sanitized |
|
108 | Tainted file now super sanitized | |
105 | $ hg cat -r $C2 target | head -n 10 |
|
109 | $ hg cat -r $C2 target | head -n 10 | |
106 | abort: censored node: 1e0247a9a4b7 |
|
110 | abort: censored node: 1e0247a9a4b7 | |
107 | (set censor.policy to ignore errors) |
|
111 | (set censor.policy to ignore errors) | |
108 | $ hg cat -r $C1 target | head -n 10 |
|
112 | $ hg cat -r $C1 target | head -n 10 | |
109 | abort: censored node: 613bc869fceb |
|
113 | abort: censored node: 613bc869fceb | |
110 | (set censor.policy to ignore errors) |
|
114 | (set censor.policy to ignore errors) | |
111 | $ hg cat -r 0 target | head -n 10 |
|
115 | $ hg cat -r 0 target | head -n 10 | |
112 | Initially untainted file |
|
116 | Initially untainted file | |
113 |
|
117 | |||
114 | Can only checkout target at uncensored revisions, -X is workaround for --all |
|
118 | Can only checkout target at uncensored revisions, -X is workaround for --all | |
115 |
|
119 | |||
116 | $ hg revert -r $C2 target | head -n 10 |
|
120 | $ hg revert -r $C2 target | head -n 10 | |
117 | abort: censored node: 1e0247a9a4b7 |
|
121 | abort: censored node: 1e0247a9a4b7 | |
118 | (set censor.policy to ignore errors) |
|
122 | (set censor.policy to ignore errors) | |
119 | $ hg revert -r $C1 target | head -n 10 |
|
123 | $ hg revert -r $C1 target | head -n 10 | |
120 | abort: censored node: 613bc869fceb |
|
124 | abort: censored node: 613bc869fceb | |
121 | (set censor.policy to ignore errors) |
|
125 | (set censor.policy to ignore errors) | |
122 | $ hg revert -r $C1 --all |
|
126 | $ hg revert -r $C1 --all | |
123 | reverting bystander |
|
127 | reverting bystander | |
124 | reverting target |
|
128 | reverting target | |
125 | abort: censored node: 613bc869fceb |
|
129 | abort: censored node: 613bc869fceb | |
126 | (set censor.policy to ignore errors) |
|
130 | (set censor.policy to ignore errors) | |
127 | [255] |
|
131 | [255] | |
128 | $ hg revert -r $C1 --all -X target |
|
132 | $ hg revert -r $C1 --all -X target | |
129 | $ cat target | head -n 10 |
|
133 | $ cat target | head -n 10 | |
130 | Tainted file now super sanitized |
|
134 | Tainted file now super sanitized | |
131 | $ hg revert -r 0 --all |
|
135 | $ hg revert -r 0 --all | |
132 | reverting target |
|
136 | reverting target | |
133 | $ cat target | head -n 10 |
|
137 | $ cat target | head -n 10 | |
134 | Initially untainted file |
|
138 | Initially untainted file | |
135 | $ hg revert -r $H2 --all |
|
139 | $ hg revert -r $H2 --all | |
136 | reverting bystander |
|
140 | reverting bystander | |
137 | reverting target |
|
141 | reverting target | |
138 | $ cat target | head -n 10 |
|
142 | $ cat target | head -n 10 | |
139 | Tainted file now super sanitized |
|
143 | Tainted file now super sanitized | |
140 |
|
144 | |||
141 | Uncensored file can be viewed at any revision |
|
145 | Uncensored file can be viewed at any revision | |
142 |
|
146 | |||
143 | $ hg cat -r $H1 bystander | head -n 10 |
|
147 | $ hg cat -r $H1 bystander | head -n 10 | |
144 | Normal file v2 |
|
148 | Normal file v2 | |
145 | $ hg cat -r $C2 bystander | head -n 10 |
|
149 | $ hg cat -r $C2 bystander | head -n 10 | |
146 | Normal file v2 |
|
150 | Normal file v2 | |
147 | $ hg cat -r $C1 bystander | head -n 10 |
|
151 | $ hg cat -r $C1 bystander | head -n 10 | |
148 | Normal file here |
|
152 | Normal file here | |
149 | $ hg cat -r 0 bystander | head -n 10 |
|
153 | $ hg cat -r 0 bystander | head -n 10 | |
150 | Normal file here |
|
154 | Normal file here | |
151 |
|
155 | |||
152 | Can update to children of censored revision |
|
156 | Can update to children of censored revision | |
153 |
|
157 | |||
154 | $ hg update -r $H1 |
|
158 | $ hg update -r $H1 | |
155 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
159 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
156 | $ cat target | head -n 10 |
|
160 | $ cat target | head -n 10 | |
157 | Tainted file is now sanitized |
|
161 | Tainted file is now sanitized | |
158 | $ hg update -r $H2 |
|
162 | $ hg update -r $H2 | |
159 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
163 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
160 | $ cat target | head -n 10 |
|
164 | $ cat target | head -n 10 | |
161 | Tainted file now super sanitized |
|
165 | Tainted file now super sanitized | |
162 |
|
166 | |||
163 | Set censor policy to abort in trusted $HGRC so hg verify fails |
|
167 | Set censor policy to abort in trusted $HGRC so hg verify fails | |
164 |
|
168 | |||
165 | $ cp $HGRCPATH.orig $HGRCPATH |
|
169 | $ cp $HGRCPATH.orig $HGRCPATH | |
166 | $ cat >> $HGRCPATH <<EOF |
|
170 | $ cat >> $HGRCPATH <<EOF | |
167 | > [censor] |
|
171 | > [censor] | |
168 | > policy = abort |
|
172 | > policy = abort | |
169 | > EOF |
|
173 | > EOF | |
170 |
|
174 | |||
171 | Repo fails verification due to censorship |
|
175 | Repo fails verification due to censorship | |
172 |
|
176 | |||
173 | $ hg verify |
|
177 | $ hg verify | |
174 | checking changesets |
|
178 | checking changesets | |
175 | checking manifests |
|
179 | checking manifests | |
176 | crosschecking files in changesets and manifests |
|
180 | crosschecking files in changesets and manifests | |
177 | checking files |
|
181 | checking files | |
178 | target@1: censored file data |
|
182 | target@1: censored file data | |
179 | target@2: censored file data |
|
183 | target@2: censored file data | |
180 | not checking dirstate because of previous errors |
|
184 | not checking dirstate because of previous errors | |
181 | checked 5 changesets with 7 changes to 2 files |
|
185 | checked 5 changesets with 7 changes to 2 files | |
182 | 2 integrity errors encountered! |
|
186 | 2 integrity errors encountered! | |
183 | (first damaged changeset appears to be 1) |
|
187 | (first damaged changeset appears to be 1) | |
184 | [1] |
|
188 | [1] | |
185 |
|
189 | |||
186 | Cannot update to revision with censored data |
|
190 | Cannot update to revision with censored data | |
187 |
|
191 | |||
188 | $ hg update -r $C2 |
|
192 | $ hg update -r $C2 | |
189 | abort: censored node: 1e0247a9a4b7 |
|
193 | abort: censored node: 1e0247a9a4b7 | |
190 | (set censor.policy to ignore errors) |
|
194 | (set censor.policy to ignore errors) | |
191 | [255] |
|
195 | [255] | |
192 | $ hg update -r $C1 |
|
196 | $ hg update -r $C1 | |
193 | abort: censored node: 613bc869fceb |
|
197 | abort: censored node: 613bc869fceb | |
194 | (set censor.policy to ignore errors) |
|
198 | (set censor.policy to ignore errors) | |
195 | [255] |
|
199 | [255] | |
196 | $ hg update -r 0 |
|
200 | $ hg update -r 0 | |
197 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
201 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
198 | $ hg update -r $H2 |
|
202 | $ hg update -r $H2 | |
199 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
203 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
200 |
|
204 | |||
201 | Set censor policy to ignore in trusted $HGRC so hg verify passes |
|
205 | Set censor policy to ignore in trusted $HGRC so hg verify passes | |
202 |
|
206 | |||
203 | $ cp $HGRCPATH.orig $HGRCPATH |
|
207 | $ cp $HGRCPATH.orig $HGRCPATH | |
204 | $ cat >> $HGRCPATH <<EOF |
|
208 | $ cat >> $HGRCPATH <<EOF | |
205 | > [censor] |
|
209 | > [censor] | |
206 | > policy = ignore |
|
210 | > policy = ignore | |
207 | > EOF |
|
211 | > EOF | |
208 |
|
212 | |||
209 | Repo passes verification with warnings with explicit config |
|
213 | Repo passes verification with warnings with explicit config | |
210 |
|
214 | |||
211 | $ hg verify -q |
|
215 | $ hg verify -q | |
212 |
|
216 | |||
213 | May update to revision with censored data with explicit config |
|
217 | May update to revision with censored data with explicit config | |
214 |
|
218 | |||
215 | $ hg update -r $C2 |
|
219 | $ hg update -r $C2 | |
216 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
220 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
217 | $ cat target | head -n 10 |
|
221 | $ cat target | head -n 10 | |
218 | $ hg update -r $C1 |
|
222 | $ hg update -r $C1 | |
219 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
223 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
220 | $ cat target | head -n 10 |
|
224 | $ cat target | head -n 10 | |
221 | $ hg update -r 0 |
|
225 | $ hg update -r 0 | |
222 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
226 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
223 | $ cat target | head -n 10 |
|
227 | $ cat target | head -n 10 | |
224 | Initially untainted file |
|
228 | Initially untainted file | |
225 | $ hg update -r $H2 |
|
229 | $ hg update -r $H2 | |
226 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
230 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
227 | $ cat target | head -n 10 |
|
231 | $ cat target | head -n 10 | |
228 | Tainted file now super sanitized |
|
232 | Tainted file now super sanitized | |
229 |
|
233 | |||
230 | Can merge in revision with censored data. Test requires one branch of history |
|
234 | Can merge in revision with censored data. Test requires one branch of history | |
231 | with the file censored, but we can't censor at a head, so advance H1. |
|
235 | with the file censored, but we can't censor at a head, so advance H1. | |
232 |
|
236 | |||
233 | $ hg update -r $H1 |
|
237 | $ hg update -r $H1 | |
234 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
238 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
235 | $ C3=$H1 |
|
239 | $ C3=$H1 | |
236 | $ echo 'advanced head H1' > target |
|
240 | $ echo 'advanced head H1' > target | |
237 | $ hg ci -m 'advance head H1' target |
|
241 | $ hg ci -m 'advance head H1' target | |
238 | $ H1=`hg id --debug -i` |
|
242 | $ H1=`hg id --debug -i` | |
239 | $ hg --config extensions.censor= censor -r $C3 target |
|
243 | $ hg --config extensions.censor= censor -r $C3 target | |
240 | checking for the censored content in 2 heads |
|
244 | checking for the censored content in 2 heads | |
|
245 | checking for the censored content in the working directory | |||
|
246 | censoring 1 file revision | |||
241 | $ hg update -r $H2 |
|
247 | $ hg update -r $H2 | |
242 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
248 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
243 | $ hg merge -r $C3 |
|
249 | $ hg merge -r $C3 | |
244 | merging target |
|
250 | merging target | |
245 | 0 files updated, 1 files merged, 0 files removed, 0 files unresolved |
|
251 | 0 files updated, 1 files merged, 0 files removed, 0 files unresolved | |
246 | (branch merge, don't forget to commit) |
|
252 | (branch merge, don't forget to commit) | |
247 |
|
253 | |||
248 | Revisions present in repository heads may not be censored |
|
254 | Revisions present in repository heads may not be censored | |
249 |
|
255 | |||
250 | $ hg update -C -r $H2 |
|
256 | $ hg update -C -r $H2 | |
251 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
257 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
252 | $ hg --config extensions.censor= censor -r $H2 target |
|
258 | $ hg --config extensions.censor= censor -r $H2 target | |
253 | checking for the censored content in 2 heads |
|
259 | checking for the censored content in 2 heads | |
254 | abort: cannot censor file in heads (78a8fc215e79) |
|
260 | abort: cannot censor file in heads (78a8fc215e79) | |
255 | (clean/delete and commit first) |
|
261 | (clean/delete and commit first) | |
256 | [255] |
|
262 | [255] | |
257 | $ echo 'twiddling thumbs' > bystander |
|
263 | $ echo 'twiddling thumbs' > bystander | |
258 | $ hg ci -m 'bystander commit' |
|
264 | $ hg ci -m 'bystander commit' | |
259 | $ H2=`hg id --debug -i` |
|
265 | $ H2=`hg id --debug -i` | |
260 | $ hg --config extensions.censor= censor -r "$H2^" target |
|
266 | $ hg --config extensions.censor= censor -r "$H2^" target | |
261 | checking for the censored content in 2 heads |
|
267 | checking for the censored content in 2 heads | |
262 | abort: cannot censor file in heads (efbe78065929) |
|
268 | abort: cannot censor file in heads (efbe78065929) | |
263 | (clean/delete and commit first) |
|
269 | (clean/delete and commit first) | |
264 | [255] |
|
270 | [255] | |
265 |
|
271 | |||
266 | Cannot censor working directory |
|
272 | Cannot censor working directory | |
267 |
|
273 | |||
268 | $ echo 'seriously no passwords' > target |
|
274 | $ echo 'seriously no passwords' > target | |
269 | $ hg ci -m 'extend second head arbitrarily' target |
|
275 | $ hg ci -m 'extend second head arbitrarily' target | |
270 | $ H2=`hg id --debug -i` |
|
276 | $ H2=`hg id --debug -i` | |
271 | $ hg update -r "$H2^" |
|
277 | $ hg update -r "$H2^" | |
272 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
278 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
273 | $ hg --config extensions.censor= censor -r . target |
|
279 | $ hg --config extensions.censor= censor -r . target | |
274 | checking for the censored content in 2 heads |
|
280 | checking for the censored content in 2 heads | |
|
281 | checking for the censored content in the working directory | |||
275 | abort: cannot censor working directory |
|
282 | abort: cannot censor working directory | |
276 | (clean/delete/update first) |
|
283 | (clean/delete/update first) | |
277 | [255] |
|
284 | [255] | |
278 | $ hg update -r $H2 |
|
285 | $ hg update -r $H2 | |
279 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
286 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
280 |
|
287 | |||
281 | Can re-add file after being deleted + censored |
|
288 | Can re-add file after being deleted + censored | |
282 |
|
289 | |||
283 | $ C4=$H2 |
|
290 | $ C4=$H2 | |
284 | $ hg rm target |
|
291 | $ hg rm target | |
285 | $ hg ci -m 'delete target so it may be censored' |
|
292 | $ hg ci -m 'delete target so it may be censored' | |
286 | $ H2=`hg id --debug -i` |
|
293 | $ H2=`hg id --debug -i` | |
287 | $ hg --config extensions.censor= censor -r $C4 target |
|
294 | $ hg --config extensions.censor= censor -r $C4 target | |
288 | checking for the censored content in 2 heads |
|
295 | checking for the censored content in 2 heads | |
|
296 | checking for the censored content in the working directory | |||
|
297 | censoring 1 file revision | |||
289 | $ hg cat -r $C4 target | head -n 10 |
|
298 | $ hg cat -r $C4 target | head -n 10 | |
290 | $ hg cat -r "$H2^^" target | head -n 10 |
|
299 | $ hg cat -r "$H2^^" target | head -n 10 | |
291 | Tainted file now super sanitized |
|
300 | Tainted file now super sanitized | |
292 | $ echo 'fresh start' > target |
|
301 | $ echo 'fresh start' > target | |
293 | $ hg add target |
|
302 | $ hg add target | |
294 | $ hg ci -m reincarnated target |
|
303 | $ hg ci -m reincarnated target | |
295 | $ H2=`hg id --debug -i` |
|
304 | $ H2=`hg id --debug -i` | |
296 | $ hg cat -r $H2 target | head -n 10 |
|
305 | $ hg cat -r $H2 target | head -n 10 | |
297 | fresh start |
|
306 | fresh start | |
298 | $ hg cat -r "$H2^" target | head -n 10 |
|
307 | $ hg cat -r "$H2^" target | head -n 10 | |
299 | target: no such file in rev 452ec1762369 |
|
308 | target: no such file in rev 452ec1762369 | |
300 | $ hg cat -r $C4 target | head -n 10 |
|
309 | $ hg cat -r $C4 target | head -n 10 | |
301 | $ hg cat -r "$H2^^^" target | head -n 10 |
|
310 | $ hg cat -r "$H2^^^" target | head -n 10 | |
302 | Tainted file now super sanitized |
|
311 | Tainted file now super sanitized | |
303 |
|
312 | |||
304 | Can censor enough revision to move back to inline storage |
|
313 | Can censor enough revision to move back to inline storage | |
305 |
|
314 | |||
306 | $ hg debugrevlogstats | grep target |
|
315 | $ hg debugrevlogstats | grep target | |
307 | rev-count data-size inl type target |
|
316 | rev-count data-size inl type target | |
308 | 8 ??? no file target (glob) (revlogv2 !) |
|
317 | 8 ??? no file target (glob) (revlogv2 !) | |
309 | 8 ??? yes file target (glob) (revlogv1 !) |
|
318 | 8 ??? yes file target (glob) (revlogv1 !) | |
310 | $ cat /dev/rand?m | dd status=none count=200 | f --hexdump > target |
|
319 | $ cat /dev/rand?m | dd status=none count=200 | f --hexdump > target | |
311 | $ hg ci -m 'add 100k passwords' |
|
320 | $ hg ci -m 'add 100k passwords' | |
312 | $ H2=`hg id --debug -i` |
|
321 | $ H2=`hg id --debug -i` | |
313 | $ C5=$H2 |
|
322 | $ C5=$H2 | |
314 | $ hg revert -r "$H2^" target |
|
323 | $ hg revert -r "$H2^" target | |
315 | $ hg ci -m 'cleaned 100k passwords' |
|
324 | $ hg ci -m 'cleaned 100k passwords' | |
316 | $ H2=`hg id --debug -i` |
|
325 | $ H2=`hg id --debug -i` | |
317 | $ hg debugrevlogstats | grep target |
|
326 | $ hg debugrevlogstats | grep target | |
318 | rev-count data-size inl type target |
|
327 | rev-count data-size inl type target | |
319 | 10 ?????? no file target (glob) |
|
328 | 10 ?????? no file target (glob) | |
320 | $ hg --config extensions.censor= censor -r $C5 target |
|
329 | $ hg --config extensions.censor= censor -r $C5 target | |
321 | checking for the censored content in 2 heads |
|
330 | checking for the censored content in 2 heads | |
|
331 | checking for the censored content in the working directory | |||
|
332 | censoring 1 file revision | |||
322 |
|
333 | |||
323 | The important part is for the censor operation to not crash and the repository |
|
334 | The important part is for the censor operation to not crash and the repository | |
324 | to not be corrupted. Right now this involve keeping the revlog split. |
|
335 | to not be corrupted. Right now this involve keeping the revlog split. | |
325 |
|
336 | |||
326 | $ hg debugrevlogstats | grep target |
|
337 | $ hg debugrevlogstats | grep target | |
327 | rev-count data-size inl type target |
|
338 | rev-count data-size inl type target | |
328 | 10 ??? no file target (glob) |
|
339 | 10 ??? no file target (glob) | |
329 | $ hg cat -r $C5 target | head -n 10 |
|
340 | $ hg cat -r $C5 target | head -n 10 | |
330 | $ hg cat -r $H2 target | head -n 10 |
|
341 | $ hg cat -r $H2 target | head -n 10 | |
331 | fresh start |
|
342 | fresh start | |
332 | $ hg verify |
|
343 | $ hg verify | |
333 | checking changesets |
|
344 | checking changesets | |
334 | checking manifests |
|
345 | checking manifests | |
335 | crosschecking files in changesets and manifests |
|
346 | crosschecking files in changesets and manifests | |
336 | checking files |
|
347 | checking files | |
337 | checking dirstate |
|
348 | checking dirstate | |
338 | checked 12 changesets with 13 changes to 2 files |
|
349 | checked 12 changesets with 13 changes to 2 files | |
339 |
|
350 | |||
340 | Repo with censored nodes can be cloned and cloned nodes are censored |
|
351 | Repo with censored nodes can be cloned and cloned nodes are censored | |
341 |
|
352 | |||
342 | $ cd .. |
|
353 | $ cd .. | |
343 | $ hg clone r rclone |
|
354 | $ hg clone r rclone | |
344 | updating to branch default |
|
355 | updating to branch default | |
345 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
356 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
346 | $ cd rclone |
|
357 | $ cd rclone | |
347 | $ hg cat -r $H1 target | head -n 10 |
|
358 | $ hg cat -r $H1 target | head -n 10 | |
348 | advanced head H1 |
|
359 | advanced head H1 | |
349 | $ hg cat -r $H2~5 target | head -n 10 |
|
360 | $ hg cat -r $H2~5 target | head -n 10 | |
350 | Tainted file now super sanitized |
|
361 | Tainted file now super sanitized | |
351 | $ hg cat -r $C2 target | head -n 10 |
|
362 | $ hg cat -r $C2 target | head -n 10 | |
352 | $ hg cat -r $C1 target | head -n 10 |
|
363 | $ hg cat -r $C1 target | head -n 10 | |
353 | $ hg cat -r 0 target | head -n 10 |
|
364 | $ hg cat -r 0 target | head -n 10 | |
354 | Initially untainted file |
|
365 | Initially untainted file | |
355 | $ hg verify -q |
|
366 | $ hg verify -q | |
356 |
|
367 | |||
357 | Repo cloned before tainted content introduced can pull censored nodes |
|
368 | Repo cloned before tainted content introduced can pull censored nodes | |
358 |
|
369 | |||
359 | $ cd ../rpull |
|
370 | $ cd ../rpull | |
360 | $ hg cat -r tip target | head -n 10 |
|
371 | $ hg cat -r tip target | head -n 10 | |
361 | Initially untainted file |
|
372 | Initially untainted file | |
362 | $ hg verify -q |
|
373 | $ hg verify -q | |
363 | $ hg pull -r $H1 -r $H2 |
|
374 | $ hg pull -r $H1 -r $H2 | |
364 | pulling from $TESTTMP/r |
|
375 | pulling from $TESTTMP/r | |
365 | searching for changes |
|
376 | searching for changes | |
366 | adding changesets |
|
377 | adding changesets | |
367 | adding manifests |
|
378 | adding manifests | |
368 | adding file changes |
|
379 | adding file changes | |
369 | added 11 changesets with 11 changes to 2 files (+1 heads) |
|
380 | added 11 changesets with 11 changes to 2 files (+1 heads) | |
370 | new changesets * (glob) |
|
381 | new changesets * (glob) | |
371 | (run 'hg heads' to see heads, 'hg merge' to merge) |
|
382 | (run 'hg heads' to see heads, 'hg merge' to merge) | |
372 | $ hg update 4 |
|
383 | $ hg update 4 | |
373 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
384 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
374 | $ cat target | head -n 10 |
|
385 | $ cat target | head -n 10 | |
375 | Tainted file now super sanitized |
|
386 | Tainted file now super sanitized | |
376 | $ hg cat -r $H1 target | head -n 10 |
|
387 | $ hg cat -r $H1 target | head -n 10 | |
377 | advanced head H1 |
|
388 | advanced head H1 | |
378 | $ hg cat -r $H2~5 target | head -n 10 |
|
389 | $ hg cat -r $H2~5 target | head -n 10 | |
379 | Tainted file now super sanitized |
|
390 | Tainted file now super sanitized | |
380 | $ hg cat -r $C2 target | head -n 10 |
|
391 | $ hg cat -r $C2 target | head -n 10 | |
381 | $ hg cat -r $C1 target | head -n 10 |
|
392 | $ hg cat -r $C1 target | head -n 10 | |
382 | $ hg cat -r 0 target | head -n 10 |
|
393 | $ hg cat -r 0 target | head -n 10 | |
383 | Initially untainted file |
|
394 | Initially untainted file | |
384 | $ hg verify -q |
|
395 | $ hg verify -q | |
385 |
|
396 | |||
386 | Censored nodes can be pushed if they censor previously unexchanged nodes |
|
397 | Censored nodes can be pushed if they censor previously unexchanged nodes | |
387 |
|
398 | |||
388 | $ echo 'Passwords: hunter2hunter2' > target |
|
399 | $ echo 'Passwords: hunter2hunter2' > target | |
389 | $ hg ci -m 're-add password from clone' target |
|
400 | $ hg ci -m 're-add password from clone' target | |
390 | created new head |
|
401 | created new head | |
391 | $ H3=`hg id --debug -i` |
|
402 | $ H3=`hg id --debug -i` | |
392 | $ REV=$H3 |
|
403 | $ REV=$H3 | |
393 | $ echo 'Re-sanitized; nothing to see here' > target |
|
404 | $ echo 'Re-sanitized; nothing to see here' > target | |
394 | $ hg ci -m 're-sanitized' target |
|
405 | $ hg ci -m 're-sanitized' target | |
395 | $ H2=`hg id --debug -i` |
|
406 | $ H2=`hg id --debug -i` | |
396 | $ CLEANREV=$H2 |
|
407 | $ CLEANREV=$H2 | |
397 | $ hg cat -r $REV target | head -n 10 |
|
408 | $ hg cat -r $REV target | head -n 10 | |
398 | Passwords: hunter2hunter2 |
|
409 | Passwords: hunter2hunter2 | |
399 | $ hg --config extensions.censor= censor -r $REV target |
|
410 | $ hg --config extensions.censor= censor -r $REV target | |
400 | checking for the censored content in 3 heads |
|
411 | checking for the censored content in 3 heads | |
|
412 | checking for the censored content in the working directory | |||
|
413 | censoring 1 file revision | |||
401 | $ hg cat -r $REV target | head -n 10 |
|
414 | $ hg cat -r $REV target | head -n 10 | |
402 | $ hg cat -r $CLEANREV target | head -n 10 |
|
415 | $ hg cat -r $CLEANREV target | head -n 10 | |
403 | Re-sanitized; nothing to see here |
|
416 | Re-sanitized; nothing to see here | |
404 | $ hg push -f -r $H2 |
|
417 | $ hg push -f -r $H2 | |
405 | pushing to $TESTTMP/r |
|
418 | pushing to $TESTTMP/r | |
406 | searching for changes |
|
419 | searching for changes | |
407 | adding changesets |
|
420 | adding changesets | |
408 | adding manifests |
|
421 | adding manifests | |
409 | adding file changes |
|
422 | adding file changes | |
410 | added 2 changesets with 2 changes to 1 files (+1 heads) |
|
423 | added 2 changesets with 2 changes to 1 files (+1 heads) | |
411 |
|
424 | |||
412 | $ cd ../r |
|
425 | $ cd ../r | |
413 | $ hg cat -r $REV target | head -n 10 |
|
426 | $ hg cat -r $REV target | head -n 10 | |
414 | $ hg cat -r $CLEANREV target | head -n 10 |
|
427 | $ hg cat -r $CLEANREV target | head -n 10 | |
415 | Re-sanitized; nothing to see here |
|
428 | Re-sanitized; nothing to see here | |
416 | $ hg update $CLEANREV |
|
429 | $ hg update $CLEANREV | |
417 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
430 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
418 | $ cat target | head -n 10 |
|
431 | $ cat target | head -n 10 | |
419 | Re-sanitized; nothing to see here |
|
432 | Re-sanitized; nothing to see here | |
420 |
|
433 | |||
421 | Censored nodes can be bundled up and unbundled in another repo |
|
434 | Censored nodes can be bundled up and unbundled in another repo | |
422 |
|
435 | |||
423 | $ hg bundle --base 0 ../pwbundle |
|
436 | $ hg bundle --base 0 ../pwbundle | |
424 | 13 changesets found |
|
437 | 13 changesets found | |
425 | $ cd ../rclone |
|
438 | $ cd ../rclone | |
426 | $ hg unbundle ../pwbundle |
|
439 | $ hg unbundle ../pwbundle | |
427 | adding changesets |
|
440 | adding changesets | |
428 | adding manifests |
|
441 | adding manifests | |
429 | adding file changes |
|
442 | adding file changes | |
430 | added 2 changesets with 2 changes to 2 files (+1 heads) |
|
443 | added 2 changesets with 2 changes to 2 files (+1 heads) | |
431 | new changesets * (glob) |
|
444 | new changesets * (glob) | |
432 | (run 'hg heads .' to see heads, 'hg merge' to merge) |
|
445 | (run 'hg heads .' to see heads, 'hg merge' to merge) | |
433 | $ hg cat -r $REV target | head -n 10 |
|
446 | $ hg cat -r $REV target | head -n 10 | |
434 | $ hg cat -r $CLEANREV target | head -n 10 |
|
447 | $ hg cat -r $CLEANREV target | head -n 10 | |
435 | Re-sanitized; nothing to see here |
|
448 | Re-sanitized; nothing to see here | |
436 | $ hg update $CLEANREV |
|
449 | $ hg update $CLEANREV | |
437 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
450 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
438 | $ cat target | head -n 10 |
|
451 | $ cat target | head -n 10 | |
439 | Re-sanitized; nothing to see here |
|
452 | Re-sanitized; nothing to see here | |
440 | $ hg verify -q |
|
453 | $ hg verify -q | |
441 |
|
454 | |||
442 | Grepping only warns, doesn't error out |
|
455 | Grepping only warns, doesn't error out | |
443 |
|
456 | |||
444 | $ cd ../rpull |
|
457 | $ cd ../rpull | |
445 | $ hg grep 'Normal file' |
|
458 | $ hg grep 'Normal file' | |
446 | bystander:Normal file v2 |
|
459 | bystander:Normal file v2 | |
447 | $ hg grep nothing |
|
460 | $ hg grep nothing | |
448 | target:Re-sanitized; nothing to see here |
|
461 | target:Re-sanitized; nothing to see here | |
449 | $ hg grep --diff 'Normal file' |
|
462 | $ hg grep --diff 'Normal file' | |
450 | cannot search in censored file: target:7 |
|
463 | cannot search in censored file: target:7 | |
451 | cannot search in censored file: target:10 |
|
464 | cannot search in censored file: target:10 | |
452 | cannot search in censored file: target:12 |
|
465 | cannot search in censored file: target:12 | |
453 | bystander:6:-:Normal file v2 |
|
466 | bystander:6:-:Normal file v2 | |
454 | cannot search in censored file: target:1 |
|
467 | cannot search in censored file: target:1 | |
455 | cannot search in censored file: target:2 |
|
468 | cannot search in censored file: target:2 | |
456 | cannot search in censored file: target:3 |
|
469 | cannot search in censored file: target:3 | |
457 | bystander:2:-:Normal file here |
|
470 | bystander:2:-:Normal file here | |
458 | bystander:2:+:Normal file v2 |
|
471 | bystander:2:+:Normal file v2 | |
459 | bystander:0:+:Normal file here |
|
472 | bystander:0:+:Normal file here | |
460 | $ hg grep --diff nothing |
|
473 | $ hg grep --diff nothing | |
461 | cannot search in censored file: target:7 |
|
474 | cannot search in censored file: target:7 | |
462 | cannot search in censored file: target:10 |
|
475 | cannot search in censored file: target:10 | |
463 | cannot search in censored file: target:12 |
|
476 | cannot search in censored file: target:12 | |
464 | target:13:+:Re-sanitized; nothing to see here |
|
477 | target:13:+:Re-sanitized; nothing to see here | |
465 | cannot search in censored file: target:1 |
|
478 | cannot search in censored file: target:1 | |
466 | cannot search in censored file: target:2 |
|
479 | cannot search in censored file: target:2 | |
467 | cannot search in censored file: target:3 |
|
480 | cannot search in censored file: target:3 | |
468 |
|
481 | |||
469 | Censored nodes can be imported on top of censored nodes, consecutively |
|
482 | Censored nodes can be imported on top of censored nodes, consecutively | |
470 |
|
483 | |||
471 | $ hg init ../rimport |
|
484 | $ hg init ../rimport | |
472 | $ hg bundle --base 1 ../rimport/splitbundle |
|
485 | $ hg bundle --base 1 ../rimport/splitbundle | |
473 | 12 changesets found |
|
486 | 12 changesets found | |
474 | $ cd ../rimport |
|
487 | $ cd ../rimport | |
475 | $ hg pull -r $H1 -r $H2 ../r |
|
488 | $ hg pull -r $H1 -r $H2 ../r | |
476 | pulling from ../r |
|
489 | pulling from ../r | |
477 | adding changesets |
|
490 | adding changesets | |
478 | adding manifests |
|
491 | adding manifests | |
479 | adding file changes |
|
492 | adding file changes | |
480 | added 8 changesets with 10 changes to 2 files (+1 heads) |
|
493 | added 8 changesets with 10 changes to 2 files (+1 heads) | |
481 | new changesets e97f55b2665a:dcbaf17bf3a1 |
|
494 | new changesets e97f55b2665a:dcbaf17bf3a1 | |
482 | (run 'hg heads' to see heads, 'hg merge' to merge) |
|
495 | (run 'hg heads' to see heads, 'hg merge' to merge) | |
483 | $ hg unbundle splitbundle |
|
496 | $ hg unbundle splitbundle | |
484 | adding changesets |
|
497 | adding changesets | |
485 | adding manifests |
|
498 | adding manifests | |
486 | adding file changes |
|
499 | adding file changes | |
487 | added 6 changesets with 5 changes to 2 files (+1 heads) |
|
500 | added 6 changesets with 5 changes to 2 files (+1 heads) | |
488 | new changesets * (glob) |
|
501 | new changesets * (glob) | |
489 | (run 'hg heads .' to see heads, 'hg merge' to merge) |
|
502 | (run 'hg heads .' to see heads, 'hg merge' to merge) | |
490 | $ hg update $H2 |
|
503 | $ hg update $H2 | |
491 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
504 | 2 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
492 | $ cat target | head -n 10 |
|
505 | $ cat target | head -n 10 | |
493 | Re-sanitized; nothing to see here |
|
506 | Re-sanitized; nothing to see here | |
494 | $ hg verify -q |
|
507 | $ hg verify -q | |
495 | $ cd ../r |
|
508 | $ cd ../r | |
496 |
|
509 | |||
497 | Can import bundle where first revision of a file is censored |
|
510 | Can import bundle where first revision of a file is censored | |
498 |
|
511 | |||
499 | $ hg init ../rinit |
|
512 | $ hg init ../rinit | |
500 | $ hg --config extensions.censor= censor -r 0 target |
|
513 | $ hg --config extensions.censor= censor -r 0 target | |
501 | checking for the censored content in 3 heads |
|
514 | checking for the censored content in 3 heads | |
|
515 | checking for the censored content in the working directory | |||
|
516 | censoring 1 file revision | |||
502 | $ hg bundle -r 0 --base null ../rinit/initbundle |
|
517 | $ hg bundle -r 0 --base null ../rinit/initbundle | |
503 | 1 changesets found |
|
518 | 1 changesets found | |
504 | $ cd ../rinit |
|
519 | $ cd ../rinit | |
505 | $ hg unbundle initbundle |
|
520 | $ hg unbundle initbundle | |
506 | adding changesets |
|
521 | adding changesets | |
507 | adding manifests |
|
522 | adding manifests | |
508 | adding file changes |
|
523 | adding file changes | |
509 | added 1 changesets with 2 changes to 2 files |
|
524 | added 1 changesets with 2 changes to 2 files | |
510 | new changesets e97f55b2665a (1 drafts) |
|
525 | new changesets e97f55b2665a (1 drafts) | |
511 | (run 'hg update' to get a working copy) |
|
526 | (run 'hg update' to get a working copy) | |
512 | $ hg cat -r 0 target | head -n 10 |
|
527 | $ hg cat -r 0 target | head -n 10 | |
513 |
|
528 | |||
514 | Can skip the head checking steps |
|
529 | Can skip the head checking steps | |
515 |
|
530 | |||
516 | $ hg --config extensions.censor= censor -r 0 --no-check-heads target |
|
531 | $ hg --config extensions.censor= censor -r 0 --no-check-heads target | |
|
532 | checking for the censored content in the working directory | |||
|
533 | censoring 1 file revision | |||
517 |
|
534 | |||
518 | #if revlogv2 |
|
535 | #if revlogv2 | |
519 |
|
536 | |||
520 | Testing feature that does not work in revlog v1 |
|
537 | Testing feature that does not work in revlog v1 | |
521 | =============================================== |
|
538 | =============================================== | |
522 |
|
539 | |||
523 | Censoring a revision that is used as delta base |
|
540 | Censoring a revision that is used as delta base | |
524 | ----------------------------------------------- |
|
541 | ----------------------------------------------- | |
525 |
|
542 | |||
526 | $ cd .. |
|
543 | $ cd .. | |
527 | $ hg init censor-with-delta |
|
544 | $ hg init censor-with-delta | |
528 | $ cd censor-with-delta |
|
545 | $ cd censor-with-delta | |
529 | $ echo root > target |
|
546 | $ echo root > target | |
530 | $ hg add target |
|
547 | $ hg add target | |
531 | $ hg commit -m root |
|
548 | $ hg commit -m root | |
532 | $ B0=`hg id --debug -i` |
|
549 | $ B0=`hg id --debug -i` | |
533 | $ for x in `"$PYTHON" $TESTDIR/seq.py 0 50000` |
|
550 | $ for x in `"$PYTHON" $TESTDIR/seq.py 0 50000` | |
534 | > do |
|
551 | > do | |
535 | > echo "Password: hunter$x" >> target |
|
552 | > echo "Password: hunter$x" >> target | |
536 | > done |
|
553 | > done | |
537 | $ hg ci -m 'write a long file' |
|
554 | $ hg ci -m 'write a long file' | |
538 | $ B1=`hg id --debug -i` |
|
555 | $ B1=`hg id --debug -i` | |
539 | $ echo 'small change (should create a delta)' >> target |
|
556 | $ echo 'small change (should create a delta)' >> target | |
540 | $ hg ci -m 'create a delta over the password' |
|
557 | $ hg ci -m 'create a delta over the password' | |
541 | (should show that the last revision is a delta, not a snapshot) |
|
558 | (should show that the last revision is a delta, not a snapshot) | |
542 | $ B2=`hg id --debug -i` |
|
559 | $ B2=`hg id --debug -i` | |
543 |
|
560 | |||
544 | Make sure the last revision is a delta against the revision we will censor |
|
561 | Make sure the last revision is a delta against the revision we will censor | |
545 |
|
562 | |||
546 | $ hg debugdeltachain target -T '{rev} {chainid} {chainlen} {prevrev}\n' |
|
563 | $ hg debugdeltachain target -T '{rev} {chainid} {chainlen} {prevrev}\n' | |
547 | 0 1 1 -1 |
|
564 | 0 1 1 -1 | |
548 | 1 2 1 -1 |
|
565 | 1 2 1 -1 | |
549 | 2 2 2 1 |
|
566 | 2 2 2 1 | |
550 |
|
567 | |||
551 | Censor the file |
|
568 | Censor the file | |
552 |
|
569 | |||
553 | $ hg cat -r $B1 target | wc -l |
|
570 | $ hg cat -r $B1 target | wc -l | |
554 | *50002 (re) |
|
571 | *50002 (re) | |
555 | $ hg --config extensions.censor= censor -r $B1 target |
|
572 | $ hg --config extensions.censor= censor -r $B1 target | |
556 | checking for the censored content in 1 heads |
|
573 | checking for the censored content in 1 heads | |
|
574 | checking for the censored content in the working directory | |||
|
575 | censoring 1 file revision | |||
557 | $ hg cat -r $B1 target | wc -l |
|
576 | $ hg cat -r $B1 target | wc -l | |
558 | *0 (re) |
|
577 | *0 (re) | |
559 |
|
578 | |||
560 | Check the children is fine |
|
579 | Check the children is fine | |
561 |
|
580 | |||
562 | $ hg cat -r $B2 target | wc -l |
|
581 | $ hg cat -r $B2 target | wc -l | |
563 | *50003 (re) |
|
582 | *50003 (re) | |
564 |
|
583 | |||
565 | #endif |
|
584 | #endif | |
566 |
|
585 | |||
567 | Testing repository upgrade with censors revision |
|
586 | Testing repository upgrade with censors revision | |
568 | ================================================ |
|
587 | ================================================ | |
569 |
|
588 | |||
570 | $ cd ../rclone |
|
589 | $ cd ../rclone | |
571 |
|
590 | |||
572 | With the "abort" policy |
|
591 | With the "abort" policy | |
573 | ======================= |
|
592 | ======================= | |
574 |
|
593 | |||
575 | $ hg verify --config censor.policy=ignore |
|
594 | $ hg verify --config censor.policy=ignore | |
576 | checking changesets |
|
595 | checking changesets | |
577 | checking manifests |
|
596 | checking manifests | |
578 | crosschecking files in changesets and manifests |
|
597 | crosschecking files in changesets and manifests | |
579 | checking files |
|
598 | checking files | |
580 | checking dirstate |
|
599 | checking dirstate | |
581 | checked 14 changesets with 15 changes to 2 files |
|
600 | checked 14 changesets with 15 changes to 2 files | |
582 | $ hg debugupgraderepo --run --quiet \ |
|
601 | $ hg debugupgraderepo --run --quiet \ | |
583 | > --optimize re-delta-parent \ |
|
602 | > --optimize re-delta-parent \ | |
584 | > --config censor.policy=abort |
|
603 | > --config censor.policy=abort | |
585 | upgrade will perform the following actions: |
|
604 | upgrade will perform the following actions: | |
586 |
|
605 | |||
587 | requirements |
|
606 | requirements | |
588 | preserved: * (glob) |
|
607 | preserved: * (glob) | |
589 |
|
608 | |||
590 | optimisations: re-delta-parent |
|
609 | optimisations: re-delta-parent | |
591 |
|
610 | |||
592 | processed revlogs: |
|
611 | processed revlogs: | |
593 | - all-filelogs |
|
612 | - all-filelogs | |
594 | - changelog |
|
613 | - changelog | |
595 | - manifest |
|
614 | - manifest | |
596 |
|
615 | |||
597 | $ hg verify --config censor.policy=ignore |
|
616 | $ hg verify --config censor.policy=ignore | |
598 | checking changesets |
|
617 | checking changesets | |
599 | checking manifests |
|
618 | checking manifests | |
600 | crosschecking files in changesets and manifests |
|
619 | crosschecking files in changesets and manifests | |
601 | checking files |
|
620 | checking files | |
602 | checking dirstate |
|
621 | checking dirstate | |
603 | checked 14 changesets with 15 changes to 2 files |
|
622 | checked 14 changesets with 15 changes to 2 files | |
604 |
|
623 | |||
605 | With the "ignore" policy |
|
624 | With the "ignore" policy | |
606 | ======================== |
|
625 | ======================== | |
607 |
|
626 | |||
608 | $ hg verify --config censor.policy=ignore |
|
627 | $ hg verify --config censor.policy=ignore | |
609 | checking changesets |
|
628 | checking changesets | |
610 | checking manifests |
|
629 | checking manifests | |
611 | crosschecking files in changesets and manifests |
|
630 | crosschecking files in changesets and manifests | |
612 | checking files |
|
631 | checking files | |
613 | checking dirstate |
|
632 | checking dirstate | |
614 | checked 14 changesets with 15 changes to 2 files |
|
633 | checked 14 changesets with 15 changes to 2 files | |
615 | $ hg debugupgraderepo --run --quiet \ |
|
634 | $ hg debugupgraderepo --run --quiet \ | |
616 | > --optimize re-delta-parent \ |
|
635 | > --optimize re-delta-parent \ | |
617 | > --config censor.policy=ignore |
|
636 | > --config censor.policy=ignore | |
618 | upgrade will perform the following actions: |
|
637 | upgrade will perform the following actions: | |
619 |
|
638 | |||
620 | requirements |
|
639 | requirements | |
621 | preserved: * (glob) |
|
640 | preserved: * (glob) | |
622 |
|
641 | |||
623 | optimisations: re-delta-parent |
|
642 | optimisations: re-delta-parent | |
624 |
|
643 | |||
625 | processed revlogs: |
|
644 | processed revlogs: | |
626 | - all-filelogs |
|
645 | - all-filelogs | |
627 | - changelog |
|
646 | - changelog | |
628 | - manifest |
|
647 | - manifest | |
629 |
|
648 | |||
630 | $ hg verify --config censor.policy=ignore |
|
649 | $ hg verify --config censor.policy=ignore | |
631 | checking changesets |
|
650 | checking changesets | |
632 | checking manifests |
|
651 | checking manifests | |
633 | crosschecking files in changesets and manifests |
|
652 | crosschecking files in changesets and manifests | |
634 | checking files |
|
653 | checking files | |
635 | checking dirstate |
|
654 | checking dirstate | |
636 | checked 14 changesets with 15 changes to 2 files |
|
655 | checked 14 changesets with 15 changes to 2 files |
@@ -1,23 +1,25 b'' | |||||
1 | $ cat >> $HGRCPATH <<EOF |
|
1 | $ cat >> $HGRCPATH <<EOF | |
2 | > [censor] |
|
2 | > [censor] | |
3 | > policy=ignore |
|
3 | > policy=ignore | |
4 | > EOF |
|
4 | > EOF | |
5 |
|
5 | |||
6 | $ mkdir r |
|
6 | $ mkdir r | |
7 | $ cd r |
|
7 | $ cd r | |
8 | $ hg init |
|
8 | $ hg init | |
9 | $ echo secret > target |
|
9 | $ echo secret > target | |
10 | $ hg commit -Am "secret" |
|
10 | $ hg commit -Am "secret" | |
11 | adding target |
|
11 | adding target | |
12 | $ touch bystander |
|
12 | $ touch bystander | |
13 | $ hg commit -Am "innocent" |
|
13 | $ hg commit -Am "innocent" | |
14 | adding bystander |
|
14 | adding bystander | |
15 | $ echo erased-secret > target |
|
15 | $ echo erased-secret > target | |
16 | $ hg commit -m "erased secret" |
|
16 | $ hg commit -m "erased secret" | |
17 | $ hg censor target --config extensions.censor= -r ".^^" |
|
17 | $ hg censor target --config extensions.censor= -r ".^^" | |
18 | checking for the censored content in 1 heads |
|
18 | checking for the censored content in 1 heads | |
|
19 | checking for the censored content in the working directory | |||
|
20 | censoring 1 file revision | |||
19 | $ hg update ".^" |
|
21 | $ hg update ".^" | |
20 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
22 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
21 | $ cat target |
|
23 | $ cat target | |
22 | $ hg update tip |
|
24 | $ hg update tip | |
23 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
25 | 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
General Comments 0
You need to be logged in to leave comments.
Login now