##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

censor: be more verbose about the other steps too...
marmoute -
r52162:db121ddd default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,140 +1,144 b''
1 1 # Copyright (C) 2015 - Mike Edgar <adgar@google.com>
2 2 #
3 3 # This extension enables removal of file content at a given revision,
4 4 # rewriting the data/metadata of successive revisions to preserve revision log
5 5 # integrity.
6 6
7 7 """erase file content at a given revision
8 8
9 9 The censor command instructs Mercurial to erase all content of a file at a given
10 10 revision *without updating the changeset hash.* This allows existing history to
11 11 remain valid while preventing future clones/pulls from receiving the erased
12 12 data.
13 13
14 14 Typical uses for censor are due to security or legal requirements, including::
15 15
16 16 * Passwords, private keys, cryptographic material
17 17 * Licensed data/code/libraries for which the license has expired
18 18 * Personally Identifiable Information or other private data
19 19
20 20 Censored nodes can interrupt mercurial's typical operation whenever the excised
21 21 data needs to be materialized. Some commands, like ``hg cat``/``hg revert``,
22 22 simply fail when asked to produce censored data. Others, like ``hg verify`` and
23 23 ``hg update``, must be capable of tolerating censored data to continue to
24 24 function in a meaningful way. Such commands only tolerate censored file
25 25 As having a censored version in a checkout is impractical. The current head
26 26 revisions of the repository are checked. If the revision to be censored is in
27 27 any of them the command will abort.
28 28
29 29 A few informative commands such as ``hg grep`` will unconditionally
30 30 ignore censored data and merely report that it was encountered.
31 31 """
32 32
33 33
34 34 from mercurial.i18n import _
35 35 from mercurial.node import short
36 36
37 37 from mercurial import (
38 38 error,
39 39 logcmdutil,
40 40 registrar,
41 41 scmutil,
42 42 )
43 43
44 44 cmdtable = {}
45 45 command = registrar.command(cmdtable)
46 46 # Note for extension authors: ONLY specify testedwith = 'ships-with-hg-core' for
47 47 # extensions which SHIP WITH MERCURIAL. Non-mainline extensions should
48 48 # be specifying the version(s) of Mercurial they are tested with, or
49 49 # leave the attribute unspecified.
50 50 testedwith = b'ships-with-hg-core'
51 51
52 52
53 53 @command(
54 54 b'censor',
55 55 [
56 56 (
57 57 b'r',
58 58 b'rev',
59 59 b'',
60 60 _(b'censor file from specified revision'),
61 61 _(b'REV'),
62 62 ),
63 63 (
64 64 b'',
65 65 b'check-heads',
66 66 True,
67 67 _(b'check that repository heads are not affected'),
68 68 ),
69 69 (b't', b'tombstone', b'', _(b'replacement tombstone data'), _(b'TEXT')),
70 70 ],
71 71 _(b'-r REV [-t TEXT] [FILE]'),
72 72 helpcategory=command.CATEGORY_MAINTENANCE,
73 73 )
74 74 def censor(ui, repo, path, rev=b'', tombstone=b'', check_heads=True, **opts):
75 75 with repo.wlock(), repo.lock():
76 76 return _docensor(
77 77 ui,
78 78 repo,
79 79 path,
80 80 rev,
81 81 tombstone,
82 82 check_heads=check_heads,
83 83 **opts,
84 84 )
85 85
86 86
87 87 def _docensor(ui, repo, path, rev=b'', tombstone=b'', check_heads=True, **opts):
88 88 if not path:
89 89 raise error.Abort(_(b'must specify file path to censor'))
90 90 if not rev:
91 91 raise error.Abort(_(b'must specify revision to censor'))
92 92
93 93 wctx = repo[None]
94 94
95 95 m = scmutil.match(wctx, (path,))
96 96 if m.anypats() or len(m.files()) != 1:
97 97 raise error.Abort(_(b'can only specify an explicit filename'))
98 98 path = m.files()[0]
99 99 flog = repo.file(path)
100 100 if not len(flog):
101 101 raise error.Abort(_(b'cannot censor file with no history'))
102 102
103 103 rev = logcmdutil.revsingle(repo, rev, rev).rev()
104 104 try:
105 105 ctx = repo[rev]
106 106 except KeyError:
107 107 raise error.Abort(_(b'invalid revision identifier %s') % rev)
108 108
109 109 try:
110 110 fctx = ctx.filectx(path)
111 111 except error.LookupError:
112 112 raise error.Abort(_(b'file does not exist at revision %s') % rev)
113 113
114 114 fnode = fctx.filenode()
115 115 if check_heads:
116 116 heads = []
117 117 repo_heads = repo.heads()
118 118 msg = b'checking for the censored content in %d heads\n'
119 119 msg %= len(repo_heads)
120 120 ui.status(msg)
121 121 for headnode in repo_heads:
122 122 hc = repo[headnode]
123 123 if path in hc and hc.filenode(path) == fnode:
124 124 heads.append(hc)
125 125 if heads:
126 126 headlist = b', '.join([short(c.node()) for c in heads])
127 127 raise error.Abort(
128 128 _(b'cannot censor file in heads (%s)') % headlist,
129 129 hint=_(b'clean/delete and commit first'),
130 130 )
131 131
132 msg = b'checking for the censored content in the working directory\n'
133 ui.status(msg)
132 134 wp = wctx.parents()
133 135 if ctx.node() in [p.node() for p in wp]:
134 136 raise error.Abort(
135 137 _(b'cannot censor working directory'),
136 138 hint=_(b'clean/delete/update first'),
137 139 )
138 140
141 msg = b'censoring 1 file revision\n'
142 ui.status(msg)
139 143 with repo.transaction(b'censor') as tr:
140 144 flog.censorrevision(tr, fnode, tombstone=tombstone)
Show file before | Show file after | Hide comments
@@ -1,636 +1,655 b''
1 1 #require no-reposimplestore
2 2 #testcases revlogv1 revlogv2
3 3
4 4 #if revlogv2
5 5
6 6 $ cat >> $HGRCPATH <<EOF
7 7 > [experimental]
8 8 > revlogv2=enable-unstable-format-and-corrupt-my-data
9 9 > EOF
10 10
11 11 #endif
12 12
13 13 $ cp $HGRCPATH $HGRCPATH.orig
14 14
15 15 Create repo with unimpeachable content
16 16
17 17 $ hg init r
18 18 $ cd r
19 19 $ echo 'Initially untainted file' > target
20 20 $ echo 'Normal file here' > bystander
21 21 $ hg add target bystander
22 22 $ hg ci -m init
23 23
24 24 Clone repo so we can test pull later
25 25
26 26 $ cd ..
27 27 $ hg clone r rpull
28 28 updating to branch default
29 29 2 files updated, 0 files merged, 0 files removed, 0 files unresolved
30 30 $ cd r
31 31
32 32 Introduce content which will ultimately require censorship. Name the first
33 33 censored node C1, second C2, and so on
34 34
35 35 $ echo 'Tainted file' > target
36 36 $ echo 'Passwords: hunter2' >> target
37 37 $ hg ci -m taint target
38 38 $ C1=`hg id --debug -i`
39 39
40 40 $ echo 'hunter3' >> target
41 41 $ echo 'Normal file v2' > bystander
42 42 $ hg ci -m moretaint target bystander
43 43 $ C2=`hg id --debug -i`
44 44
45 45 Add a new sanitized versions to correct our mistake. Name the first head H1,
46 46 the second head H2, and so on
47 47
48 48 $ echo 'Tainted file is now sanitized' > target
49 49 $ hg ci -m sanitized target
50 50 $ H1=`hg id --debug -i`
51 51
52 52 $ hg update -r $C2
53 53 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
54 54 $ echo 'Tainted file now super sanitized' > target
55 55 $ hg ci -m 'super sanitized' target
56 56 created new head
57 57 $ H2=`hg id --debug -i`
58 58
59 59 Verify target contents before censorship at each revision
60 60
61 61 $ hg cat -r $H1 target | head -n 10
62 62 Tainted file is now sanitized
63 63 $ hg cat -r $H2 target | head -n 10
64 64 Tainted file now super sanitized
65 65 $ hg cat -r $C2 target | head -n 10
66 66 Tainted file
67 67 Passwords: hunter2
68 68 hunter3
69 69 $ hg cat -r $C1 target | head -n 10
70 70 Tainted file
71 71 Passwords: hunter2
72 72 $ hg cat -r 0 target | head -n 10
73 73 Initially untainted file
74 74
75 75 Censor revision with 2 offenses
76 76
77 77 (this also tests file pattern matching: path relative to cwd case)
78 78
79 79 $ mkdir -p foo/bar/baz
80 80 $ hg --config extensions.censor= --cwd foo/bar/baz censor -r $C2 -t "remove password" ../../../target
81 81 checking for the censored content in 2 heads
82 checking for the censored content in the working directory
83 censoring 1 file revision
82 84 $ hg cat -r $H1 target | head -n 10
83 85 Tainted file is now sanitized
84 86 $ hg cat -r $H2 target | head -n 10
85 87 Tainted file now super sanitized
86 88 $ hg cat -r $C2 target | head -n 10
87 89 abort: censored node: 1e0247a9a4b7
88 90 (set censor.policy to ignore errors)
89 91 $ hg cat -r $C1 target | head -n 10
90 92 Tainted file
91 93 Passwords: hunter2
92 94 $ hg cat -r 0 target | head -n 10
93 95 Initially untainted file
94 96
95 97 Censor revision with 1 offense
96 98
97 99 (this also tests file pattern matching: with 'path:' scheme)
98 100
99 101 $ hg --config extensions.censor= --cwd foo/bar/baz censor -r $C1 path:target
100 102 checking for the censored content in 2 heads
103 checking for the censored content in the working directory
104 censoring 1 file revision
101 105 $ hg cat -r $H1 target | head -n 10
102 106 Tainted file is now sanitized
103 107 $ hg cat -r $H2 target | head -n 10
104 108 Tainted file now super sanitized
105 109 $ hg cat -r $C2 target | head -n 10
106 110 abort: censored node: 1e0247a9a4b7
107 111 (set censor.policy to ignore errors)
108 112 $ hg cat -r $C1 target | head -n 10
109 113 abort: censored node: 613bc869fceb
110 114 (set censor.policy to ignore errors)
111 115 $ hg cat -r 0 target | head -n 10
112 116 Initially untainted file
113 117
114 118 Can only checkout target at uncensored revisions, -X is workaround for --all
115 119
116 120 $ hg revert -r $C2 target | head -n 10
117 121 abort: censored node: 1e0247a9a4b7
118 122 (set censor.policy to ignore errors)
119 123 $ hg revert -r $C1 target | head -n 10
120 124 abort: censored node: 613bc869fceb
121 125 (set censor.policy to ignore errors)
122 126 $ hg revert -r $C1 --all
123 127 reverting bystander
124 128 reverting target
125 129 abort: censored node: 613bc869fceb
126 130 (set censor.policy to ignore errors)
127 131 [255]
128 132 $ hg revert -r $C1 --all -X target
129 133 $ cat target | head -n 10
130 134 Tainted file now super sanitized
131 135 $ hg revert -r 0 --all
132 136 reverting target
133 137 $ cat target | head -n 10
134 138 Initially untainted file
135 139 $ hg revert -r $H2 --all
136 140 reverting bystander
137 141 reverting target
138 142 $ cat target | head -n 10
139 143 Tainted file now super sanitized
140 144
141 145 Uncensored file can be viewed at any revision
142 146
143 147 $ hg cat -r $H1 bystander | head -n 10
144 148 Normal file v2
145 149 $ hg cat -r $C2 bystander | head -n 10
146 150 Normal file v2
147 151 $ hg cat -r $C1 bystander | head -n 10
148 152 Normal file here
149 153 $ hg cat -r 0 bystander | head -n 10
150 154 Normal file here
151 155
152 156 Can update to children of censored revision
153 157
154 158 $ hg update -r $H1
155 159 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
156 160 $ cat target | head -n 10
157 161 Tainted file is now sanitized
158 162 $ hg update -r $H2
159 163 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
160 164 $ cat target | head -n 10
161 165 Tainted file now super sanitized
162 166
163 167 Set censor policy to abort in trusted $HGRC so hg verify fails
164 168
165 169 $ cp $HGRCPATH.orig $HGRCPATH
166 170 $ cat >> $HGRCPATH <<EOF
167 171 > [censor]
168 172 > policy = abort
169 173 > EOF
170 174
171 175 Repo fails verification due to censorship
172 176
173 177 $ hg verify
174 178 checking changesets
175 179 checking manifests
176 180 crosschecking files in changesets and manifests
177 181 checking files
178 182 target@1: censored file data
179 183 target@2: censored file data
180 184 not checking dirstate because of previous errors
181 185 checked 5 changesets with 7 changes to 2 files
182 186 2 integrity errors encountered!
183 187 (first damaged changeset appears to be 1)
184 188 [1]
185 189
186 190 Cannot update to revision with censored data
187 191
188 192 $ hg update -r $C2
189 193 abort: censored node: 1e0247a9a4b7
190 194 (set censor.policy to ignore errors)
191 195 [255]
192 196 $ hg update -r $C1
193 197 abort: censored node: 613bc869fceb
194 198 (set censor.policy to ignore errors)
195 199 [255]
196 200 $ hg update -r 0
197 201 2 files updated, 0 files merged, 0 files removed, 0 files unresolved
198 202 $ hg update -r $H2
199 203 2 files updated, 0 files merged, 0 files removed, 0 files unresolved
200 204
201 205 Set censor policy to ignore in trusted $HGRC so hg verify passes
202 206
203 207 $ cp $HGRCPATH.orig $HGRCPATH
204 208 $ cat >> $HGRCPATH <<EOF
205 209 > [censor]
206 210 > policy = ignore
207 211 > EOF
208 212
209 213 Repo passes verification with warnings with explicit config
210 214
211 215 $ hg verify -q
212 216
213 217 May update to revision with censored data with explicit config
214 218
215 219 $ hg update -r $C2
216 220 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
217 221 $ cat target | head -n 10
218 222 $ hg update -r $C1
219 223 2 files updated, 0 files merged, 0 files removed, 0 files unresolved
220 224 $ cat target | head -n 10
221 225 $ hg update -r 0
222 226 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
223 227 $ cat target | head -n 10
224 228 Initially untainted file
225 229 $ hg update -r $H2
226 230 2 files updated, 0 files merged, 0 files removed, 0 files unresolved
227 231 $ cat target | head -n 10
228 232 Tainted file now super sanitized
229 233
230 234 Can merge in revision with censored data. Test requires one branch of history
231 235 with the file censored, but we can't censor at a head, so advance H1.
232 236
233 237 $ hg update -r $H1
234 238 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
235 239 $ C3=$H1
236 240 $ echo 'advanced head H1' > target
237 241 $ hg ci -m 'advance head H1' target
238 242 $ H1=`hg id --debug -i`
239 243 $ hg --config extensions.censor= censor -r $C3 target
240 244 checking for the censored content in 2 heads
245 checking for the censored content in the working directory
246 censoring 1 file revision
241 247 $ hg update -r $H2
242 248 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
243 249 $ hg merge -r $C3
244 250 merging target
245 251 0 files updated, 1 files merged, 0 files removed, 0 files unresolved
246 252 (branch merge, don't forget to commit)
247 253
248 254 Revisions present in repository heads may not be censored
249 255
250 256 $ hg update -C -r $H2
251 257 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
252 258 $ hg --config extensions.censor= censor -r $H2 target
253 259 checking for the censored content in 2 heads
254 260 abort: cannot censor file in heads (78a8fc215e79)
255 261 (clean/delete and commit first)
256 262 [255]
257 263 $ echo 'twiddling thumbs' > bystander
258 264 $ hg ci -m 'bystander commit'
259 265 $ H2=`hg id --debug -i`
260 266 $ hg --config extensions.censor= censor -r "$H2^" target
261 267 checking for the censored content in 2 heads
262 268 abort: cannot censor file in heads (efbe78065929)
263 269 (clean/delete and commit first)
264 270 [255]
265 271
266 272 Cannot censor working directory
267 273
268 274 $ echo 'seriously no passwords' > target
269 275 $ hg ci -m 'extend second head arbitrarily' target
270 276 $ H2=`hg id --debug -i`
271 277 $ hg update -r "$H2^"
272 278 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
273 279 $ hg --config extensions.censor= censor -r . target
274 280 checking for the censored content in 2 heads
281 checking for the censored content in the working directory
275 282 abort: cannot censor working directory
276 283 (clean/delete/update first)
277 284 [255]
278 285 $ hg update -r $H2
279 286 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
280 287
281 288 Can re-add file after being deleted + censored
282 289
283 290 $ C4=$H2
284 291 $ hg rm target
285 292 $ hg ci -m 'delete target so it may be censored'
286 293 $ H2=`hg id --debug -i`
287 294 $ hg --config extensions.censor= censor -r $C4 target
288 295 checking for the censored content in 2 heads
296 checking for the censored content in the working directory
297 censoring 1 file revision
289 298 $ hg cat -r $C4 target | head -n 10
290 299 $ hg cat -r "$H2^^" target | head -n 10
291 300 Tainted file now super sanitized
292 301 $ echo 'fresh start' > target
293 302 $ hg add target
294 303 $ hg ci -m reincarnated target
295 304 $ H2=`hg id --debug -i`
296 305 $ hg cat -r $H2 target | head -n 10
297 306 fresh start
298 307 $ hg cat -r "$H2^" target | head -n 10
299 308 target: no such file in rev 452ec1762369
300 309 $ hg cat -r $C4 target | head -n 10
301 310 $ hg cat -r "$H2^^^" target | head -n 10
302 311 Tainted file now super sanitized
303 312
304 313 Can censor enough revision to move back to inline storage
305 314
306 315 $ hg debugrevlogstats | grep target
307 316 rev-count data-size inl type target
308 317 8 ??? no file target (glob) (revlogv2 !)
309 318 8 ??? yes file target (glob) (revlogv1 !)
310 319 $ cat /dev/rand?m | dd status=none count=200 | f --hexdump > target
311 320 $ hg ci -m 'add 100k passwords'
312 321 $ H2=`hg id --debug -i`
313 322 $ C5=$H2
314 323 $ hg revert -r "$H2^" target
315 324 $ hg ci -m 'cleaned 100k passwords'
316 325 $ H2=`hg id --debug -i`
317 326 $ hg debugrevlogstats | grep target
318 327 rev-count data-size inl type target
319 328 10 ?????? no file target (glob)
320 329 $ hg --config extensions.censor= censor -r $C5 target
321 330 checking for the censored content in 2 heads
331 checking for the censored content in the working directory
332 censoring 1 file revision
322 333
323 334 The important part is for the censor operation to not crash and the repository
324 335 to not be corrupted. Right now this involve keeping the revlog split.
325 336
326 337 $ hg debugrevlogstats | grep target
327 338 rev-count data-size inl type target
328 339 10 ??? no file target (glob)
329 340 $ hg cat -r $C5 target | head -n 10
330 341 $ hg cat -r $H2 target | head -n 10
331 342 fresh start
332 343 $ hg verify
333 344 checking changesets
334 345 checking manifests
335 346 crosschecking files in changesets and manifests
336 347 checking files
337 348 checking dirstate
338 349 checked 12 changesets with 13 changes to 2 files
339 350
340 351 Repo with censored nodes can be cloned and cloned nodes are censored
341 352
342 353 $ cd ..
343 354 $ hg clone r rclone
344 355 updating to branch default
345 356 2 files updated, 0 files merged, 0 files removed, 0 files unresolved
346 357 $ cd rclone
347 358 $ hg cat -r $H1 target | head -n 10
348 359 advanced head H1
349 360 $ hg cat -r $H2~5 target | head -n 10
350 361 Tainted file now super sanitized
351 362 $ hg cat -r $C2 target | head -n 10
352 363 $ hg cat -r $C1 target | head -n 10
353 364 $ hg cat -r 0 target | head -n 10
354 365 Initially untainted file
355 366 $ hg verify -q
356 367
357 368 Repo cloned before tainted content introduced can pull censored nodes
358 369
359 370 $ cd ../rpull
360 371 $ hg cat -r tip target | head -n 10
361 372 Initially untainted file
362 373 $ hg verify -q
363 374 $ hg pull -r $H1 -r $H2
364 375 pulling from $TESTTMP/r
365 376 searching for changes
366 377 adding changesets
367 378 adding manifests
368 379 adding file changes
369 380 added 11 changesets with 11 changes to 2 files (+1 heads)
370 381 new changesets * (glob)
371 382 (run 'hg heads' to see heads, 'hg merge' to merge)
372 383 $ hg update 4
373 384 2 files updated, 0 files merged, 0 files removed, 0 files unresolved
374 385 $ cat target | head -n 10
375 386 Tainted file now super sanitized
376 387 $ hg cat -r $H1 target | head -n 10
377 388 advanced head H1
378 389 $ hg cat -r $H2~5 target | head -n 10
379 390 Tainted file now super sanitized
380 391 $ hg cat -r $C2 target | head -n 10
381 392 $ hg cat -r $C1 target | head -n 10
382 393 $ hg cat -r 0 target | head -n 10
383 394 Initially untainted file
384 395 $ hg verify -q
385 396
386 397 Censored nodes can be pushed if they censor previously unexchanged nodes
387 398
388 399 $ echo 'Passwords: hunter2hunter2' > target
389 400 $ hg ci -m 're-add password from clone' target
390 401 created new head
391 402 $ H3=`hg id --debug -i`
392 403 $ REV=$H3
393 404 $ echo 'Re-sanitized; nothing to see here' > target
394 405 $ hg ci -m 're-sanitized' target
395 406 $ H2=`hg id --debug -i`
396 407 $ CLEANREV=$H2
397 408 $ hg cat -r $REV target | head -n 10
398 409 Passwords: hunter2hunter2
399 410 $ hg --config extensions.censor= censor -r $REV target
400 411 checking for the censored content in 3 heads
412 checking for the censored content in the working directory
413 censoring 1 file revision
401 414 $ hg cat -r $REV target | head -n 10
402 415 $ hg cat -r $CLEANREV target | head -n 10
403 416 Re-sanitized; nothing to see here
404 417 $ hg push -f -r $H2
405 418 pushing to $TESTTMP/r
406 419 searching for changes
407 420 adding changesets
408 421 adding manifests
409 422 adding file changes
410 423 added 2 changesets with 2 changes to 1 files (+1 heads)
411 424
412 425 $ cd ../r
413 426 $ hg cat -r $REV target | head -n 10
414 427 $ hg cat -r $CLEANREV target | head -n 10
415 428 Re-sanitized; nothing to see here
416 429 $ hg update $CLEANREV
417 430 2 files updated, 0 files merged, 0 files removed, 0 files unresolved
418 431 $ cat target | head -n 10
419 432 Re-sanitized; nothing to see here
420 433
421 434 Censored nodes can be bundled up and unbundled in another repo
422 435
423 436 $ hg bundle --base 0 ../pwbundle
424 437 13 changesets found
425 438 $ cd ../rclone
426 439 $ hg unbundle ../pwbundle
427 440 adding changesets
428 441 adding manifests
429 442 adding file changes
430 443 added 2 changesets with 2 changes to 2 files (+1 heads)
431 444 new changesets * (glob)
432 445 (run 'hg heads .' to see heads, 'hg merge' to merge)
433 446 $ hg cat -r $REV target | head -n 10
434 447 $ hg cat -r $CLEANREV target | head -n 10
435 448 Re-sanitized; nothing to see here
436 449 $ hg update $CLEANREV
437 450 2 files updated, 0 files merged, 0 files removed, 0 files unresolved
438 451 $ cat target | head -n 10
439 452 Re-sanitized; nothing to see here
440 453 $ hg verify -q
441 454
442 455 Grepping only warns, doesn't error out
443 456
444 457 $ cd ../rpull
445 458 $ hg grep 'Normal file'
446 459 bystander:Normal file v2
447 460 $ hg grep nothing
448 461 target:Re-sanitized; nothing to see here
449 462 $ hg grep --diff 'Normal file'
450 463 cannot search in censored file: target:7
451 464 cannot search in censored file: target:10
452 465 cannot search in censored file: target:12
453 466 bystander:6:-:Normal file v2
454 467 cannot search in censored file: target:1
455 468 cannot search in censored file: target:2
456 469 cannot search in censored file: target:3
457 470 bystander:2:-:Normal file here
458 471 bystander:2:+:Normal file v2
459 472 bystander:0:+:Normal file here
460 473 $ hg grep --diff nothing
461 474 cannot search in censored file: target:7
462 475 cannot search in censored file: target:10
463 476 cannot search in censored file: target:12
464 477 target:13:+:Re-sanitized; nothing to see here
465 478 cannot search in censored file: target:1
466 479 cannot search in censored file: target:2
467 480 cannot search in censored file: target:3
468 481
469 482 Censored nodes can be imported on top of censored nodes, consecutively
470 483
471 484 $ hg init ../rimport
472 485 $ hg bundle --base 1 ../rimport/splitbundle
473 486 12 changesets found
474 487 $ cd ../rimport
475 488 $ hg pull -r $H1 -r $H2 ../r
476 489 pulling from ../r
477 490 adding changesets
478 491 adding manifests
479 492 adding file changes
480 493 added 8 changesets with 10 changes to 2 files (+1 heads)
481 494 new changesets e97f55b2665a:dcbaf17bf3a1
482 495 (run 'hg heads' to see heads, 'hg merge' to merge)
483 496 $ hg unbundle splitbundle
484 497 adding changesets
485 498 adding manifests
486 499 adding file changes
487 500 added 6 changesets with 5 changes to 2 files (+1 heads)
488 501 new changesets * (glob)
489 502 (run 'hg heads .' to see heads, 'hg merge' to merge)
490 503 $ hg update $H2
491 504 2 files updated, 0 files merged, 0 files removed, 0 files unresolved
492 505 $ cat target | head -n 10
493 506 Re-sanitized; nothing to see here
494 507 $ hg verify -q
495 508 $ cd ../r
496 509
497 510 Can import bundle where first revision of a file is censored
498 511
499 512 $ hg init ../rinit
500 513 $ hg --config extensions.censor= censor -r 0 target
501 514 checking for the censored content in 3 heads
515 checking for the censored content in the working directory
516 censoring 1 file revision
502 517 $ hg bundle -r 0 --base null ../rinit/initbundle
503 518 1 changesets found
504 519 $ cd ../rinit
505 520 $ hg unbundle initbundle
506 521 adding changesets
507 522 adding manifests
508 523 adding file changes
509 524 added 1 changesets with 2 changes to 2 files
510 525 new changesets e97f55b2665a (1 drafts)
511 526 (run 'hg update' to get a working copy)
512 527 $ hg cat -r 0 target | head -n 10
513 528
514 529 Can skip the head checking steps
515 530
516 531 $ hg --config extensions.censor= censor -r 0 --no-check-heads target
532 checking for the censored content in the working directory
533 censoring 1 file revision
517 534
518 535 #if revlogv2
519 536
520 537 Testing feature that does not work in revlog v1
521 538 ===============================================
522 539
523 540 Censoring a revision that is used as delta base
524 541 -----------------------------------------------
525 542
526 543 $ cd ..
527 544 $ hg init censor-with-delta
528 545 $ cd censor-with-delta
529 546 $ echo root > target
530 547 $ hg add target
531 548 $ hg commit -m root
532 549 $ B0=`hg id --debug -i`
533 550 $ for x in `"$PYTHON" $TESTDIR/seq.py 0 50000`
534 551 > do
535 552 > echo "Password: hunter$x" >> target
536 553 > done
537 554 $ hg ci -m 'write a long file'
538 555 $ B1=`hg id --debug -i`
539 556 $ echo 'small change (should create a delta)' >> target
540 557 $ hg ci -m 'create a delta over the password'
541 558 (should show that the last revision is a delta, not a snapshot)
542 559 $ B2=`hg id --debug -i`
543 560
544 561 Make sure the last revision is a delta against the revision we will censor
545 562
546 563 $ hg debugdeltachain target -T '{rev} {chainid} {chainlen} {prevrev}\n'
547 564 0 1 1 -1
548 565 1 2 1 -1
549 566 2 2 2 1
550 567
551 568 Censor the file
552 569
553 570 $ hg cat -r $B1 target | wc -l
554 571 *50002 (re)
555 572 $ hg --config extensions.censor= censor -r $B1 target
556 573 checking for the censored content in 1 heads
574 checking for the censored content in the working directory
575 censoring 1 file revision
557 576 $ hg cat -r $B1 target | wc -l
558 577 *0 (re)
559 578
560 579 Check the children is fine
561 580
562 581 $ hg cat -r $B2 target | wc -l
563 582 *50003 (re)
564 583
565 584 #endif
566 585
567 586 Testing repository upgrade with censors revision
568 587 ================================================
569 588
570 589 $ cd ../rclone
571 590
572 591 With the "abort" policy
573 592 =======================
574 593
575 594 $ hg verify --config censor.policy=ignore
576 595 checking changesets
577 596 checking manifests
578 597 crosschecking files in changesets and manifests
579 598 checking files
580 599 checking dirstate
581 600 checked 14 changesets with 15 changes to 2 files
582 601 $ hg debugupgraderepo --run --quiet \
583 602 > --optimize re-delta-parent \
584 603 > --config censor.policy=abort
585 604 upgrade will perform the following actions:
586 605
587 606 requirements
588 607 preserved: * (glob)
589 608
590 609 optimisations: re-delta-parent
591 610
592 611 processed revlogs:
593 612 - all-filelogs
594 613 - changelog
595 614 - manifest
596 615
597 616 $ hg verify --config censor.policy=ignore
598 617 checking changesets
599 618 checking manifests
600 619 crosschecking files in changesets and manifests
601 620 checking files
602 621 checking dirstate
603 622 checked 14 changesets with 15 changes to 2 files
604 623
605 624 With the "ignore" policy
606 625 ========================
607 626
608 627 $ hg verify --config censor.policy=ignore
609 628 checking changesets
610 629 checking manifests
611 630 crosschecking files in changesets and manifests
612 631 checking files
613 632 checking dirstate
614 633 checked 14 changesets with 15 changes to 2 files
615 634 $ hg debugupgraderepo --run --quiet \
616 635 > --optimize re-delta-parent \
617 636 > --config censor.policy=ignore
618 637 upgrade will perform the following actions:
619 638
620 639 requirements
621 640 preserved: * (glob)
622 641
623 642 optimisations: re-delta-parent
624 643
625 644 processed revlogs:
626 645 - all-filelogs
627 646 - changelog
628 647 - manifest
629 648
630 649 $ hg verify --config censor.policy=ignore
631 650 checking changesets
632 651 checking manifests
633 652 crosschecking files in changesets and manifests
634 653 checking files
635 654 checking dirstate
636 655 checked 14 changesets with 15 changes to 2 files
Show file before | Show file after | Hide comments
@@ -1,23 +1,25 b''
1 1 $ cat >> $HGRCPATH <<EOF
2 2 > [censor]
3 3 > policy=ignore
4 4 > EOF
5 5
6 6 $ mkdir r
7 7 $ cd r
8 8 $ hg init
9 9 $ echo secret > target
10 10 $ hg commit -Am "secret"
11 11 adding target
12 12 $ touch bystander
13 13 $ hg commit -Am "innocent"
14 14 adding bystander
15 15 $ echo erased-secret > target
16 16 $ hg commit -m "erased secret"
17 17 $ hg censor target --config extensions.censor= -r ".^^"
18 18 checking for the censored content in 1 heads
19 checking for the censored content in the working directory
20 censoring 1 file revision
19 21 $ hg update ".^"
20 22 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
21 23 $ cat target
22 24 $ hg update tip
23 25 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
General Comments 0
You need to be logged in to leave comments. Login now