Show More
@@ -1,2092 +1,2127 | |||||
1 | The Mercurial system uses a set of configuration files to control |
|
1 | The Mercurial system uses a set of configuration files to control | |
2 | aspects of its behavior. |
|
2 | aspects of its behavior. | |
3 |
|
3 | |||
4 | Troubleshooting |
|
4 | Troubleshooting | |
5 | =============== |
|
5 | =============== | |
6 |
|
6 | |||
7 | If you're having problems with your configuration, |
|
7 | If you're having problems with your configuration, | |
8 | :hg:`config --debug` can help you understand what is introducing |
|
8 | :hg:`config --debug` can help you understand what is introducing | |
9 | a setting into your environment. |
|
9 | a setting into your environment. | |
10 |
|
10 | |||
11 | See :hg:`help config.syntax` and :hg:`help config.files` |
|
11 | See :hg:`help config.syntax` and :hg:`help config.files` | |
12 | for information about how and where to override things. |
|
12 | for information about how and where to override things. | |
13 |
|
13 | |||
14 | Structure |
|
14 | Structure | |
15 | ========= |
|
15 | ========= | |
16 |
|
16 | |||
17 | The configuration files use a simple ini-file format. A configuration |
|
17 | The configuration files use a simple ini-file format. A configuration | |
18 | file consists of sections, led by a ``[section]`` header and followed |
|
18 | file consists of sections, led by a ``[section]`` header and followed | |
19 | by ``name = value`` entries:: |
|
19 | by ``name = value`` entries:: | |
20 |
|
20 | |||
21 | [ui] |
|
21 | [ui] | |
22 | username = Firstname Lastname <firstname.lastname@example.net> |
|
22 | username = Firstname Lastname <firstname.lastname@example.net> | |
23 | verbose = True |
|
23 | verbose = True | |
24 |
|
24 | |||
25 | The above entries will be referred to as ``ui.username`` and |
|
25 | The above entries will be referred to as ``ui.username`` and | |
26 | ``ui.verbose``, respectively. See :hg:`help config.syntax`. |
|
26 | ``ui.verbose``, respectively. See :hg:`help config.syntax`. | |
27 |
|
27 | |||
28 | Files |
|
28 | Files | |
29 | ===== |
|
29 | ===== | |
30 |
|
30 | |||
31 | Mercurial reads configuration data from several files, if they exist. |
|
31 | Mercurial reads configuration data from several files, if they exist. | |
32 | These files do not exist by default and you will have to create the |
|
32 | These files do not exist by default and you will have to create the | |
33 | appropriate configuration files yourself: |
|
33 | appropriate configuration files yourself: | |
34 |
|
34 | |||
35 | Local configuration is put into the per-repository ``<repo>/.hg/hgrc`` file. |
|
35 | Local configuration is put into the per-repository ``<repo>/.hg/hgrc`` file. | |
36 |
|
36 | |||
37 | Global configuration like the username setting is typically put into: |
|
37 | Global configuration like the username setting is typically put into: | |
38 |
|
38 | |||
39 | .. container:: windows |
|
39 | .. container:: windows | |
40 |
|
40 | |||
41 | - ``%USERPROFILE%\mercurial.ini`` (on Windows) |
|
41 | - ``%USERPROFILE%\mercurial.ini`` (on Windows) | |
42 |
|
42 | |||
43 | .. container:: unix.plan9 |
|
43 | .. container:: unix.plan9 | |
44 |
|
44 | |||
45 | - ``$HOME/.hgrc`` (on Unix, Plan9) |
|
45 | - ``$HOME/.hgrc`` (on Unix, Plan9) | |
46 |
|
46 | |||
47 | The names of these files depend on the system on which Mercurial is |
|
47 | The names of these files depend on the system on which Mercurial is | |
48 | installed. ``*.rc`` files from a single directory are read in |
|
48 | installed. ``*.rc`` files from a single directory are read in | |
49 | alphabetical order, later ones overriding earlier ones. Where multiple |
|
49 | alphabetical order, later ones overriding earlier ones. Where multiple | |
50 | paths are given below, settings from earlier paths override later |
|
50 | paths are given below, settings from earlier paths override later | |
51 | ones. |
|
51 | ones. | |
52 |
|
52 | |||
53 | .. container:: verbose.unix |
|
53 | .. container:: verbose.unix | |
54 |
|
54 | |||
55 | On Unix, the following files are consulted: |
|
55 | On Unix, the following files are consulted: | |
56 |
|
56 | |||
57 | - ``<repo>/.hg/hgrc`` (per-repository) |
|
57 | - ``<repo>/.hg/hgrc`` (per-repository) | |
58 | - ``$HOME/.hgrc`` (per-user) |
|
58 | - ``$HOME/.hgrc`` (per-user) | |
59 | - ``<install-root>/etc/mercurial/hgrc`` (per-installation) |
|
59 | - ``<install-root>/etc/mercurial/hgrc`` (per-installation) | |
60 | - ``<install-root>/etc/mercurial/hgrc.d/*.rc`` (per-installation) |
|
60 | - ``<install-root>/etc/mercurial/hgrc.d/*.rc`` (per-installation) | |
61 | - ``/etc/mercurial/hgrc`` (per-system) |
|
61 | - ``/etc/mercurial/hgrc`` (per-system) | |
62 | - ``/etc/mercurial/hgrc.d/*.rc`` (per-system) |
|
62 | - ``/etc/mercurial/hgrc.d/*.rc`` (per-system) | |
63 | - ``<internal>/default.d/*.rc`` (defaults) |
|
63 | - ``<internal>/default.d/*.rc`` (defaults) | |
64 |
|
64 | |||
65 | .. container:: verbose.windows |
|
65 | .. container:: verbose.windows | |
66 |
|
66 | |||
67 | On Windows, the following files are consulted: |
|
67 | On Windows, the following files are consulted: | |
68 |
|
68 | |||
69 | - ``<repo>/.hg/hgrc`` (per-repository) |
|
69 | - ``<repo>/.hg/hgrc`` (per-repository) | |
70 | - ``%USERPROFILE%\.hgrc`` (per-user) |
|
70 | - ``%USERPROFILE%\.hgrc`` (per-user) | |
71 | - ``%USERPROFILE%\Mercurial.ini`` (per-user) |
|
71 | - ``%USERPROFILE%\Mercurial.ini`` (per-user) | |
72 | - ``%HOME%\.hgrc`` (per-user) |
|
72 | - ``%HOME%\.hgrc`` (per-user) | |
73 | - ``%HOME%\Mercurial.ini`` (per-user) |
|
73 | - ``%HOME%\Mercurial.ini`` (per-user) | |
74 | - ``HKEY_LOCAL_MACHINE\SOFTWARE\Mercurial`` (per-installation) |
|
74 | - ``HKEY_LOCAL_MACHINE\SOFTWARE\Mercurial`` (per-installation) | |
75 | - ``<install-dir>\hgrc.d\*.rc`` (per-installation) |
|
75 | - ``<install-dir>\hgrc.d\*.rc`` (per-installation) | |
76 | - ``<install-dir>\Mercurial.ini`` (per-installation) |
|
76 | - ``<install-dir>\Mercurial.ini`` (per-installation) | |
77 | - ``<internal>/default.d/*.rc`` (defaults) |
|
77 | - ``<internal>/default.d/*.rc`` (defaults) | |
78 |
|
78 | |||
79 | .. note:: |
|
79 | .. note:: | |
80 |
|
80 | |||
81 | The registry key ``HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mercurial`` |
|
81 | The registry key ``HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mercurial`` | |
82 | is used when running 32-bit Python on 64-bit Windows. |
|
82 | is used when running 32-bit Python on 64-bit Windows. | |
83 |
|
83 | |||
84 | .. container:: windows |
|
84 | .. container:: windows | |
85 |
|
85 | |||
86 | On Windows 9x, ``%HOME%`` is replaced by ``%APPDATA%``. |
|
86 | On Windows 9x, ``%HOME%`` is replaced by ``%APPDATA%``. | |
87 |
|
87 | |||
88 | .. container:: verbose.plan9 |
|
88 | .. container:: verbose.plan9 | |
89 |
|
89 | |||
90 | On Plan9, the following files are consulted: |
|
90 | On Plan9, the following files are consulted: | |
91 |
|
91 | |||
92 | - ``<repo>/.hg/hgrc`` (per-repository) |
|
92 | - ``<repo>/.hg/hgrc`` (per-repository) | |
93 | - ``$home/lib/hgrc`` (per-user) |
|
93 | - ``$home/lib/hgrc`` (per-user) | |
94 | - ``<install-root>/lib/mercurial/hgrc`` (per-installation) |
|
94 | - ``<install-root>/lib/mercurial/hgrc`` (per-installation) | |
95 | - ``<install-root>/lib/mercurial/hgrc.d/*.rc`` (per-installation) |
|
95 | - ``<install-root>/lib/mercurial/hgrc.d/*.rc`` (per-installation) | |
96 | - ``/lib/mercurial/hgrc`` (per-system) |
|
96 | - ``/lib/mercurial/hgrc`` (per-system) | |
97 | - ``/lib/mercurial/hgrc.d/*.rc`` (per-system) |
|
97 | - ``/lib/mercurial/hgrc.d/*.rc`` (per-system) | |
98 | - ``<internal>/default.d/*.rc`` (defaults) |
|
98 | - ``<internal>/default.d/*.rc`` (defaults) | |
99 |
|
99 | |||
100 | Per-repository configuration options only apply in a |
|
100 | Per-repository configuration options only apply in a | |
101 | particular repository. This file is not version-controlled, and |
|
101 | particular repository. This file is not version-controlled, and | |
102 | will not get transferred during a "clone" operation. Options in |
|
102 | will not get transferred during a "clone" operation. Options in | |
103 | this file override options in all other configuration files. |
|
103 | this file override options in all other configuration files. | |
104 |
|
104 | |||
105 | .. container:: unix.plan9 |
|
105 | .. container:: unix.plan9 | |
106 |
|
106 | |||
107 | On Plan 9 and Unix, most of this file will be ignored if it doesn't |
|
107 | On Plan 9 and Unix, most of this file will be ignored if it doesn't | |
108 | belong to a trusted user or to a trusted group. See |
|
108 | belong to a trusted user or to a trusted group. See | |
109 | :hg:`help config.trusted` for more details. |
|
109 | :hg:`help config.trusted` for more details. | |
110 |
|
110 | |||
111 | Per-user configuration file(s) are for the user running Mercurial. Options |
|
111 | Per-user configuration file(s) are for the user running Mercurial. Options | |
112 | in these files apply to all Mercurial commands executed by this user in any |
|
112 | in these files apply to all Mercurial commands executed by this user in any | |
113 | directory. Options in these files override per-system and per-installation |
|
113 | directory. Options in these files override per-system and per-installation | |
114 | options. |
|
114 | options. | |
115 |
|
115 | |||
116 | Per-installation configuration files are searched for in the |
|
116 | Per-installation configuration files are searched for in the | |
117 | directory where Mercurial is installed. ``<install-root>`` is the |
|
117 | directory where Mercurial is installed. ``<install-root>`` is the | |
118 | parent directory of the **hg** executable (or symlink) being run. |
|
118 | parent directory of the **hg** executable (or symlink) being run. | |
119 |
|
119 | |||
120 | .. container:: unix.plan9 |
|
120 | .. container:: unix.plan9 | |
121 |
|
121 | |||
122 | For example, if installed in ``/shared/tools/bin/hg``, Mercurial |
|
122 | For example, if installed in ``/shared/tools/bin/hg``, Mercurial | |
123 | will look in ``/shared/tools/etc/mercurial/hgrc``. Options in these |
|
123 | will look in ``/shared/tools/etc/mercurial/hgrc``. Options in these | |
124 | files apply to all Mercurial commands executed by any user in any |
|
124 | files apply to all Mercurial commands executed by any user in any | |
125 | directory. |
|
125 | directory. | |
126 |
|
126 | |||
127 | Per-installation configuration files are for the system on |
|
127 | Per-installation configuration files are for the system on | |
128 | which Mercurial is running. Options in these files apply to all |
|
128 | which Mercurial is running. Options in these files apply to all | |
129 | Mercurial commands executed by any user in any directory. Registry |
|
129 | Mercurial commands executed by any user in any directory. Registry | |
130 | keys contain PATH-like strings, every part of which must reference |
|
130 | keys contain PATH-like strings, every part of which must reference | |
131 | a ``Mercurial.ini`` file or be a directory where ``*.rc`` files will |
|
131 | a ``Mercurial.ini`` file or be a directory where ``*.rc`` files will | |
132 | be read. Mercurial checks each of these locations in the specified |
|
132 | be read. Mercurial checks each of these locations in the specified | |
133 | order until one or more configuration files are detected. |
|
133 | order until one or more configuration files are detected. | |
134 |
|
134 | |||
135 | Per-system configuration files are for the system on which Mercurial |
|
135 | Per-system configuration files are for the system on which Mercurial | |
136 | is running. Options in these files apply to all Mercurial commands |
|
136 | is running. Options in these files apply to all Mercurial commands | |
137 | executed by any user in any directory. Options in these files |
|
137 | executed by any user in any directory. Options in these files | |
138 | override per-installation options. |
|
138 | override per-installation options. | |
139 |
|
139 | |||
140 | Mercurial comes with some default configuration. The default configuration |
|
140 | Mercurial comes with some default configuration. The default configuration | |
141 | files are installed with Mercurial and will be overwritten on upgrades. Default |
|
141 | files are installed with Mercurial and will be overwritten on upgrades. Default | |
142 | configuration files should never be edited by users or administrators but can |
|
142 | configuration files should never be edited by users or administrators but can | |
143 | be overridden in other configuration files. So far the directory only contains |
|
143 | be overridden in other configuration files. So far the directory only contains | |
144 | merge tool configuration but packagers can also put other default configuration |
|
144 | merge tool configuration but packagers can also put other default configuration | |
145 | there. |
|
145 | there. | |
146 |
|
146 | |||
147 | Syntax |
|
147 | Syntax | |
148 | ====== |
|
148 | ====== | |
149 |
|
149 | |||
150 | A configuration file consists of sections, led by a ``[section]`` header |
|
150 | A configuration file consists of sections, led by a ``[section]`` header | |
151 | and followed by ``name = value`` entries (sometimes called |
|
151 | and followed by ``name = value`` entries (sometimes called | |
152 | ``configuration keys``):: |
|
152 | ``configuration keys``):: | |
153 |
|
153 | |||
154 | [spam] |
|
154 | [spam] | |
155 | eggs=ham |
|
155 | eggs=ham | |
156 | green= |
|
156 | green= | |
157 | eggs |
|
157 | eggs | |
158 |
|
158 | |||
159 | Each line contains one entry. If the lines that follow are indented, |
|
159 | Each line contains one entry. If the lines that follow are indented, | |
160 | they are treated as continuations of that entry. Leading whitespace is |
|
160 | they are treated as continuations of that entry. Leading whitespace is | |
161 | removed from values. Empty lines are skipped. Lines beginning with |
|
161 | removed from values. Empty lines are skipped. Lines beginning with | |
162 | ``#`` or ``;`` are ignored and may be used to provide comments. |
|
162 | ``#`` or ``;`` are ignored and may be used to provide comments. | |
163 |
|
163 | |||
164 | Configuration keys can be set multiple times, in which case Mercurial |
|
164 | Configuration keys can be set multiple times, in which case Mercurial | |
165 | will use the value that was configured last. As an example:: |
|
165 | will use the value that was configured last. As an example:: | |
166 |
|
166 | |||
167 | [spam] |
|
167 | [spam] | |
168 | eggs=large |
|
168 | eggs=large | |
169 | ham=serrano |
|
169 | ham=serrano | |
170 | eggs=small |
|
170 | eggs=small | |
171 |
|
171 | |||
172 | This would set the configuration key named ``eggs`` to ``small``. |
|
172 | This would set the configuration key named ``eggs`` to ``small``. | |
173 |
|
173 | |||
174 | It is also possible to define a section multiple times. A section can |
|
174 | It is also possible to define a section multiple times. A section can | |
175 | be redefined on the same and/or on different configuration files. For |
|
175 | be redefined on the same and/or on different configuration files. For | |
176 | example:: |
|
176 | example:: | |
177 |
|
177 | |||
178 | [foo] |
|
178 | [foo] | |
179 | eggs=large |
|
179 | eggs=large | |
180 | ham=serrano |
|
180 | ham=serrano | |
181 | eggs=small |
|
181 | eggs=small | |
182 |
|
182 | |||
183 | [bar] |
|
183 | [bar] | |
184 | eggs=ham |
|
184 | eggs=ham | |
185 | green= |
|
185 | green= | |
186 | eggs |
|
186 | eggs | |
187 |
|
187 | |||
188 | [foo] |
|
188 | [foo] | |
189 | ham=prosciutto |
|
189 | ham=prosciutto | |
190 | eggs=medium |
|
190 | eggs=medium | |
191 | bread=toasted |
|
191 | bread=toasted | |
192 |
|
192 | |||
193 | This would set the ``eggs``, ``ham``, and ``bread`` configuration keys |
|
193 | This would set the ``eggs``, ``ham``, and ``bread`` configuration keys | |
194 | of the ``foo`` section to ``medium``, ``prosciutto``, and ``toasted``, |
|
194 | of the ``foo`` section to ``medium``, ``prosciutto``, and ``toasted``, | |
195 | respectively. As you can see there only thing that matters is the last |
|
195 | respectively. As you can see there only thing that matters is the last | |
196 | value that was set for each of the configuration keys. |
|
196 | value that was set for each of the configuration keys. | |
197 |
|
197 | |||
198 | If a configuration key is set multiple times in different |
|
198 | If a configuration key is set multiple times in different | |
199 | configuration files the final value will depend on the order in which |
|
199 | configuration files the final value will depend on the order in which | |
200 | the different configuration files are read, with settings from earlier |
|
200 | the different configuration files are read, with settings from earlier | |
201 | paths overriding later ones as described on the ``Files`` section |
|
201 | paths overriding later ones as described on the ``Files`` section | |
202 | above. |
|
202 | above. | |
203 |
|
203 | |||
204 | A line of the form ``%include file`` will include ``file`` into the |
|
204 | A line of the form ``%include file`` will include ``file`` into the | |
205 | current configuration file. The inclusion is recursive, which means |
|
205 | current configuration file. The inclusion is recursive, which means | |
206 | that included files can include other files. Filenames are relative to |
|
206 | that included files can include other files. Filenames are relative to | |
207 | the configuration file in which the ``%include`` directive is found. |
|
207 | the configuration file in which the ``%include`` directive is found. | |
208 | Environment variables and ``~user`` constructs are expanded in |
|
208 | Environment variables and ``~user`` constructs are expanded in | |
209 | ``file``. This lets you do something like:: |
|
209 | ``file``. This lets you do something like:: | |
210 |
|
210 | |||
211 | %include ~/.hgrc.d/$HOST.rc |
|
211 | %include ~/.hgrc.d/$HOST.rc | |
212 |
|
212 | |||
213 | to include a different configuration file on each computer you use. |
|
213 | to include a different configuration file on each computer you use. | |
214 |
|
214 | |||
215 | A line with ``%unset name`` will remove ``name`` from the current |
|
215 | A line with ``%unset name`` will remove ``name`` from the current | |
216 | section, if it has been set previously. |
|
216 | section, if it has been set previously. | |
217 |
|
217 | |||
218 | The values are either free-form text strings, lists of text strings, |
|
218 | The values are either free-form text strings, lists of text strings, | |
219 | or Boolean values. Boolean values can be set to true using any of "1", |
|
219 | or Boolean values. Boolean values can be set to true using any of "1", | |
220 | "yes", "true", or "on" and to false using "0", "no", "false", or "off" |
|
220 | "yes", "true", or "on" and to false using "0", "no", "false", or "off" | |
221 | (all case insensitive). |
|
221 | (all case insensitive). | |
222 |
|
222 | |||
223 | List values are separated by whitespace or comma, except when values are |
|
223 | List values are separated by whitespace or comma, except when values are | |
224 | placed in double quotation marks:: |
|
224 | placed in double quotation marks:: | |
225 |
|
225 | |||
226 | allow_read = "John Doe, PhD", brian, betty |
|
226 | allow_read = "John Doe, PhD", brian, betty | |
227 |
|
227 | |||
228 | Quotation marks can be escaped by prefixing them with a backslash. Only |
|
228 | Quotation marks can be escaped by prefixing them with a backslash. Only | |
229 | quotation marks at the beginning of a word is counted as a quotation |
|
229 | quotation marks at the beginning of a word is counted as a quotation | |
230 | (e.g., ``foo"bar baz`` is the list of ``foo"bar`` and ``baz``). |
|
230 | (e.g., ``foo"bar baz`` is the list of ``foo"bar`` and ``baz``). | |
231 |
|
231 | |||
232 | Sections |
|
232 | Sections | |
233 | ======== |
|
233 | ======== | |
234 |
|
234 | |||
235 | This section describes the different sections that may appear in a |
|
235 | This section describes the different sections that may appear in a | |
236 | Mercurial configuration file, the purpose of each section, its possible |
|
236 | Mercurial configuration file, the purpose of each section, its possible | |
237 | keys, and their possible values. |
|
237 | keys, and their possible values. | |
238 |
|
238 | |||
239 | ``alias`` |
|
239 | ``alias`` | |
240 | --------- |
|
240 | --------- | |
241 |
|
241 | |||
242 | Defines command aliases. |
|
242 | Defines command aliases. | |
243 |
|
243 | |||
244 | Aliases allow you to define your own commands in terms of other |
|
244 | Aliases allow you to define your own commands in terms of other | |
245 | commands (or aliases), optionally including arguments. Positional |
|
245 | commands (or aliases), optionally including arguments. Positional | |
246 | arguments in the form of ``$1``, ``$2``, etc. in the alias definition |
|
246 | arguments in the form of ``$1``, ``$2``, etc. in the alias definition | |
247 | are expanded by Mercurial before execution. Positional arguments not |
|
247 | are expanded by Mercurial before execution. Positional arguments not | |
248 | already used by ``$N`` in the definition are put at the end of the |
|
248 | already used by ``$N`` in the definition are put at the end of the | |
249 | command to be executed. |
|
249 | command to be executed. | |
250 |
|
250 | |||
251 | Alias definitions consist of lines of the form:: |
|
251 | Alias definitions consist of lines of the form:: | |
252 |
|
252 | |||
253 | <alias> = <command> [<argument>]... |
|
253 | <alias> = <command> [<argument>]... | |
254 |
|
254 | |||
255 | For example, this definition:: |
|
255 | For example, this definition:: | |
256 |
|
256 | |||
257 | latest = log --limit 5 |
|
257 | latest = log --limit 5 | |
258 |
|
258 | |||
259 | creates a new command ``latest`` that shows only the five most recent |
|
259 | creates a new command ``latest`` that shows only the five most recent | |
260 | changesets. You can define subsequent aliases using earlier ones:: |
|
260 | changesets. You can define subsequent aliases using earlier ones:: | |
261 |
|
261 | |||
262 | stable5 = latest -b stable |
|
262 | stable5 = latest -b stable | |
263 |
|
263 | |||
264 | .. note:: |
|
264 | .. note:: | |
265 |
|
265 | |||
266 | It is possible to create aliases with the same names as |
|
266 | It is possible to create aliases with the same names as | |
267 | existing commands, which will then override the original |
|
267 | existing commands, which will then override the original | |
268 | definitions. This is almost always a bad idea! |
|
268 | definitions. This is almost always a bad idea! | |
269 |
|
269 | |||
270 | An alias can start with an exclamation point (``!``) to make it a |
|
270 | An alias can start with an exclamation point (``!``) to make it a | |
271 | shell alias. A shell alias is executed with the shell and will let you |
|
271 | shell alias. A shell alias is executed with the shell and will let you | |
272 | run arbitrary commands. As an example, :: |
|
272 | run arbitrary commands. As an example, :: | |
273 |
|
273 | |||
274 | echo = !echo $@ |
|
274 | echo = !echo $@ | |
275 |
|
275 | |||
276 | will let you do ``hg echo foo`` to have ``foo`` printed in your |
|
276 | will let you do ``hg echo foo`` to have ``foo`` printed in your | |
277 | terminal. A better example might be:: |
|
277 | terminal. A better example might be:: | |
278 |
|
278 | |||
279 | purge = !$HG status --no-status --unknown -0 re: | xargs -0 rm |
|
279 | purge = !$HG status --no-status --unknown -0 re: | xargs -0 rm | |
280 |
|
280 | |||
281 | which will make ``hg purge`` delete all unknown files in the |
|
281 | which will make ``hg purge`` delete all unknown files in the | |
282 | repository in the same manner as the purge extension. |
|
282 | repository in the same manner as the purge extension. | |
283 |
|
283 | |||
284 | Positional arguments like ``$1``, ``$2``, etc. in the alias definition |
|
284 | Positional arguments like ``$1``, ``$2``, etc. in the alias definition | |
285 | expand to the command arguments. Unmatched arguments are |
|
285 | expand to the command arguments. Unmatched arguments are | |
286 | removed. ``$0`` expands to the alias name and ``$@`` expands to all |
|
286 | removed. ``$0`` expands to the alias name and ``$@`` expands to all | |
287 | arguments separated by a space. ``"$@"`` (with quotes) expands to all |
|
287 | arguments separated by a space. ``"$@"`` (with quotes) expands to all | |
288 | arguments quoted individually and separated by a space. These expansions |
|
288 | arguments quoted individually and separated by a space. These expansions | |
289 | happen before the command is passed to the shell. |
|
289 | happen before the command is passed to the shell. | |
290 |
|
290 | |||
291 | Shell aliases are executed in an environment where ``$HG`` expands to |
|
291 | Shell aliases are executed in an environment where ``$HG`` expands to | |
292 | the path of the Mercurial that was used to execute the alias. This is |
|
292 | the path of the Mercurial that was used to execute the alias. This is | |
293 | useful when you want to call further Mercurial commands in a shell |
|
293 | useful when you want to call further Mercurial commands in a shell | |
294 | alias, as was done above for the purge alias. In addition, |
|
294 | alias, as was done above for the purge alias. In addition, | |
295 | ``$HG_ARGS`` expands to the arguments given to Mercurial. In the ``hg |
|
295 | ``$HG_ARGS`` expands to the arguments given to Mercurial. In the ``hg | |
296 | echo foo`` call above, ``$HG_ARGS`` would expand to ``echo foo``. |
|
296 | echo foo`` call above, ``$HG_ARGS`` would expand to ``echo foo``. | |
297 |
|
297 | |||
298 | .. note:: |
|
298 | .. note:: | |
299 |
|
299 | |||
300 | Some global configuration options such as ``-R`` are |
|
300 | Some global configuration options such as ``-R`` are | |
301 | processed before shell aliases and will thus not be passed to |
|
301 | processed before shell aliases and will thus not be passed to | |
302 | aliases. |
|
302 | aliases. | |
303 |
|
303 | |||
304 |
|
304 | |||
305 | ``annotate`` |
|
305 | ``annotate`` | |
306 | ------------ |
|
306 | ------------ | |
307 |
|
307 | |||
308 | Settings used when displaying file annotations. All values are |
|
308 | Settings used when displaying file annotations. All values are | |
309 | Booleans and default to False. See :hg:`help config.diff` for |
|
309 | Booleans and default to False. See :hg:`help config.diff` for | |
310 | related options for the diff command. |
|
310 | related options for the diff command. | |
311 |
|
311 | |||
312 | ``ignorews`` |
|
312 | ``ignorews`` | |
313 | Ignore white space when comparing lines. |
|
313 | Ignore white space when comparing lines. | |
314 |
|
314 | |||
315 | ``ignorewsamount`` |
|
315 | ``ignorewsamount`` | |
316 | Ignore changes in the amount of white space. |
|
316 | Ignore changes in the amount of white space. | |
317 |
|
317 | |||
318 | ``ignoreblanklines`` |
|
318 | ``ignoreblanklines`` | |
319 | Ignore changes whose lines are all blank. |
|
319 | Ignore changes whose lines are all blank. | |
320 |
|
320 | |||
321 |
|
321 | |||
322 | ``auth`` |
|
322 | ``auth`` | |
323 | -------- |
|
323 | -------- | |
324 |
|
324 | |||
325 | Authentication credentials for HTTP authentication. This section |
|
325 | Authentication credentials for HTTP authentication. This section | |
326 | allows you to store usernames and passwords for use when logging |
|
326 | allows you to store usernames and passwords for use when logging | |
327 | *into* HTTP servers. See :hg:`help config.web` if |
|
327 | *into* HTTP servers. See :hg:`help config.web` if | |
328 | you want to configure *who* can login to your HTTP server. |
|
328 | you want to configure *who* can login to your HTTP server. | |
329 |
|
329 | |||
330 | Each line has the following format:: |
|
330 | Each line has the following format:: | |
331 |
|
331 | |||
332 | <name>.<argument> = <value> |
|
332 | <name>.<argument> = <value> | |
333 |
|
333 | |||
334 | where ``<name>`` is used to group arguments into authentication |
|
334 | where ``<name>`` is used to group arguments into authentication | |
335 | entries. Example:: |
|
335 | entries. Example:: | |
336 |
|
336 | |||
337 | foo.prefix = hg.intevation.de/mercurial |
|
337 | foo.prefix = hg.intevation.de/mercurial | |
338 | foo.username = foo |
|
338 | foo.username = foo | |
339 | foo.password = bar |
|
339 | foo.password = bar | |
340 | foo.schemes = http https |
|
340 | foo.schemes = http https | |
341 |
|
341 | |||
342 | bar.prefix = secure.example.org |
|
342 | bar.prefix = secure.example.org | |
343 | bar.key = path/to/file.key |
|
343 | bar.key = path/to/file.key | |
344 | bar.cert = path/to/file.cert |
|
344 | bar.cert = path/to/file.cert | |
345 | bar.schemes = https |
|
345 | bar.schemes = https | |
346 |
|
346 | |||
347 | Supported arguments: |
|
347 | Supported arguments: | |
348 |
|
348 | |||
349 | ``prefix`` |
|
349 | ``prefix`` | |
350 | Either ``*`` or a URI prefix with or without the scheme part. |
|
350 | Either ``*`` or a URI prefix with or without the scheme part. | |
351 | The authentication entry with the longest matching prefix is used |
|
351 | The authentication entry with the longest matching prefix is used | |
352 | (where ``*`` matches everything and counts as a match of length |
|
352 | (where ``*`` matches everything and counts as a match of length | |
353 | 1). If the prefix doesn't include a scheme, the match is performed |
|
353 | 1). If the prefix doesn't include a scheme, the match is performed | |
354 | against the URI with its scheme stripped as well, and the schemes |
|
354 | against the URI with its scheme stripped as well, and the schemes | |
355 | argument, q.v., is then subsequently consulted. |
|
355 | argument, q.v., is then subsequently consulted. | |
356 |
|
356 | |||
357 | ``username`` |
|
357 | ``username`` | |
358 | Optional. Username to authenticate with. If not given, and the |
|
358 | Optional. Username to authenticate with. If not given, and the | |
359 | remote site requires basic or digest authentication, the user will |
|
359 | remote site requires basic or digest authentication, the user will | |
360 | be prompted for it. Environment variables are expanded in the |
|
360 | be prompted for it. Environment variables are expanded in the | |
361 | username letting you do ``foo.username = $USER``. If the URI |
|
361 | username letting you do ``foo.username = $USER``. If the URI | |
362 | includes a username, only ``[auth]`` entries with a matching |
|
362 | includes a username, only ``[auth]`` entries with a matching | |
363 | username or without a username will be considered. |
|
363 | username or without a username will be considered. | |
364 |
|
364 | |||
365 | ``password`` |
|
365 | ``password`` | |
366 | Optional. Password to authenticate with. If not given, and the |
|
366 | Optional. Password to authenticate with. If not given, and the | |
367 | remote site requires basic or digest authentication, the user |
|
367 | remote site requires basic or digest authentication, the user | |
368 | will be prompted for it. |
|
368 | will be prompted for it. | |
369 |
|
369 | |||
370 | ``key`` |
|
370 | ``key`` | |
371 | Optional. PEM encoded client certificate key file. Environment |
|
371 | Optional. PEM encoded client certificate key file. Environment | |
372 | variables are expanded in the filename. |
|
372 | variables are expanded in the filename. | |
373 |
|
373 | |||
374 | ``cert`` |
|
374 | ``cert`` | |
375 | Optional. PEM encoded client certificate chain file. Environment |
|
375 | Optional. PEM encoded client certificate chain file. Environment | |
376 | variables are expanded in the filename. |
|
376 | variables are expanded in the filename. | |
377 |
|
377 | |||
378 | ``schemes`` |
|
378 | ``schemes`` | |
379 | Optional. Space separated list of URI schemes to use this |
|
379 | Optional. Space separated list of URI schemes to use this | |
380 | authentication entry with. Only used if the prefix doesn't include |
|
380 | authentication entry with. Only used if the prefix doesn't include | |
381 | a scheme. Supported schemes are http and https. They will match |
|
381 | a scheme. Supported schemes are http and https. They will match | |
382 | static-http and static-https respectively, as well. |
|
382 | static-http and static-https respectively, as well. | |
383 | (default: https) |
|
383 | (default: https) | |
384 |
|
384 | |||
385 | If no suitable authentication entry is found, the user is prompted |
|
385 | If no suitable authentication entry is found, the user is prompted | |
386 | for credentials as usual if required by the remote. |
|
386 | for credentials as usual if required by the remote. | |
387 |
|
387 | |||
388 |
|
388 | |||
389 | ``committemplate`` |
|
389 | ``committemplate`` | |
390 | ------------------ |
|
390 | ------------------ | |
391 |
|
391 | |||
392 | ``changeset`` |
|
392 | ``changeset`` | |
393 | String: configuration in this section is used as the template to |
|
393 | String: configuration in this section is used as the template to | |
394 | customize the text shown in the editor when committing. |
|
394 | customize the text shown in the editor when committing. | |
395 |
|
395 | |||
396 | In addition to pre-defined template keywords, commit log specific one |
|
396 | In addition to pre-defined template keywords, commit log specific one | |
397 | below can be used for customization: |
|
397 | below can be used for customization: | |
398 |
|
398 | |||
399 | ``extramsg`` |
|
399 | ``extramsg`` | |
400 | String: Extra message (typically 'Leave message empty to abort |
|
400 | String: Extra message (typically 'Leave message empty to abort | |
401 | commit.'). This may be changed by some commands or extensions. |
|
401 | commit.'). This may be changed by some commands or extensions. | |
402 |
|
402 | |||
403 | For example, the template configuration below shows as same text as |
|
403 | For example, the template configuration below shows as same text as | |
404 | one shown by default:: |
|
404 | one shown by default:: | |
405 |
|
405 | |||
406 | [committemplate] |
|
406 | [committemplate] | |
407 | changeset = {desc}\n\n |
|
407 | changeset = {desc}\n\n | |
408 | HG: Enter commit message. Lines beginning with 'HG:' are removed. |
|
408 | HG: Enter commit message. Lines beginning with 'HG:' are removed. | |
409 | HG: {extramsg} |
|
409 | HG: {extramsg} | |
410 | HG: -- |
|
410 | HG: -- | |
411 | HG: user: {author}\n{ifeq(p2rev, "-1", "", |
|
411 | HG: user: {author}\n{ifeq(p2rev, "-1", "", | |
412 | "HG: branch merge\n") |
|
412 | "HG: branch merge\n") | |
413 | }HG: branch '{branch}'\n{if(activebookmark, |
|
413 | }HG: branch '{branch}'\n{if(activebookmark, | |
414 | "HG: bookmark '{activebookmark}'\n") }{subrepos % |
|
414 | "HG: bookmark '{activebookmark}'\n") }{subrepos % | |
415 | "HG: subrepo {subrepo}\n" }{file_adds % |
|
415 | "HG: subrepo {subrepo}\n" }{file_adds % | |
416 | "HG: added {file}\n" }{file_mods % |
|
416 | "HG: added {file}\n" }{file_mods % | |
417 | "HG: changed {file}\n" }{file_dels % |
|
417 | "HG: changed {file}\n" }{file_dels % | |
418 | "HG: removed {file}\n" }{if(files, "", |
|
418 | "HG: removed {file}\n" }{if(files, "", | |
419 | "HG: no files changed\n")} |
|
419 | "HG: no files changed\n")} | |
420 |
|
420 | |||
421 | .. note:: |
|
421 | .. note:: | |
422 |
|
422 | |||
423 | For some problematic encodings (see :hg:`help win32mbcs` for |
|
423 | For some problematic encodings (see :hg:`help win32mbcs` for | |
424 | detail), this customization should be configured carefully, to |
|
424 | detail), this customization should be configured carefully, to | |
425 | avoid showing broken characters. |
|
425 | avoid showing broken characters. | |
426 |
|
426 | |||
427 | For example, if a multibyte character ending with backslash (0x5c) is |
|
427 | For example, if a multibyte character ending with backslash (0x5c) is | |
428 | followed by the ASCII character 'n' in the customized template, |
|
428 | followed by the ASCII character 'n' in the customized template, | |
429 | the sequence of backslash and 'n' is treated as line-feed unexpectedly |
|
429 | the sequence of backslash and 'n' is treated as line-feed unexpectedly | |
430 | (and the multibyte character is broken, too). |
|
430 | (and the multibyte character is broken, too). | |
431 |
|
431 | |||
432 | Customized template is used for commands below (``--edit`` may be |
|
432 | Customized template is used for commands below (``--edit`` may be | |
433 | required): |
|
433 | required): | |
434 |
|
434 | |||
435 | - :hg:`backout` |
|
435 | - :hg:`backout` | |
436 | - :hg:`commit` |
|
436 | - :hg:`commit` | |
437 | - :hg:`fetch` (for merge commit only) |
|
437 | - :hg:`fetch` (for merge commit only) | |
438 | - :hg:`graft` |
|
438 | - :hg:`graft` | |
439 | - :hg:`histedit` |
|
439 | - :hg:`histedit` | |
440 | - :hg:`import` |
|
440 | - :hg:`import` | |
441 | - :hg:`qfold`, :hg:`qnew` and :hg:`qrefresh` |
|
441 | - :hg:`qfold`, :hg:`qnew` and :hg:`qrefresh` | |
442 | - :hg:`rebase` |
|
442 | - :hg:`rebase` | |
443 | - :hg:`shelve` |
|
443 | - :hg:`shelve` | |
444 | - :hg:`sign` |
|
444 | - :hg:`sign` | |
445 | - :hg:`tag` |
|
445 | - :hg:`tag` | |
446 | - :hg:`transplant` |
|
446 | - :hg:`transplant` | |
447 |
|
447 | |||
448 | Configuring items below instead of ``changeset`` allows showing |
|
448 | Configuring items below instead of ``changeset`` allows showing | |
449 | customized message only for specific actions, or showing different |
|
449 | customized message only for specific actions, or showing different | |
450 | messages for each action. |
|
450 | messages for each action. | |
451 |
|
451 | |||
452 | - ``changeset.backout`` for :hg:`backout` |
|
452 | - ``changeset.backout`` for :hg:`backout` | |
453 | - ``changeset.commit.amend.merge`` for :hg:`commit --amend` on merges |
|
453 | - ``changeset.commit.amend.merge`` for :hg:`commit --amend` on merges | |
454 | - ``changeset.commit.amend.normal`` for :hg:`commit --amend` on other |
|
454 | - ``changeset.commit.amend.normal`` for :hg:`commit --amend` on other | |
455 | - ``changeset.commit.normal.merge`` for :hg:`commit` on merges |
|
455 | - ``changeset.commit.normal.merge`` for :hg:`commit` on merges | |
456 | - ``changeset.commit.normal.normal`` for :hg:`commit` on other |
|
456 | - ``changeset.commit.normal.normal`` for :hg:`commit` on other | |
457 | - ``changeset.fetch`` for :hg:`fetch` (impling merge commit) |
|
457 | - ``changeset.fetch`` for :hg:`fetch` (impling merge commit) | |
458 | - ``changeset.gpg.sign`` for :hg:`sign` |
|
458 | - ``changeset.gpg.sign`` for :hg:`sign` | |
459 | - ``changeset.graft`` for :hg:`graft` |
|
459 | - ``changeset.graft`` for :hg:`graft` | |
460 | - ``changeset.histedit.edit`` for ``edit`` of :hg:`histedit` |
|
460 | - ``changeset.histedit.edit`` for ``edit`` of :hg:`histedit` | |
461 | - ``changeset.histedit.fold`` for ``fold`` of :hg:`histedit` |
|
461 | - ``changeset.histedit.fold`` for ``fold`` of :hg:`histedit` | |
462 | - ``changeset.histedit.mess`` for ``mess`` of :hg:`histedit` |
|
462 | - ``changeset.histedit.mess`` for ``mess`` of :hg:`histedit` | |
463 | - ``changeset.histedit.pick`` for ``pick`` of :hg:`histedit` |
|
463 | - ``changeset.histedit.pick`` for ``pick`` of :hg:`histedit` | |
464 | - ``changeset.import.bypass`` for :hg:`import --bypass` |
|
464 | - ``changeset.import.bypass`` for :hg:`import --bypass` | |
465 | - ``changeset.import.normal.merge`` for :hg:`import` on merges |
|
465 | - ``changeset.import.normal.merge`` for :hg:`import` on merges | |
466 | - ``changeset.import.normal.normal`` for :hg:`import` on other |
|
466 | - ``changeset.import.normal.normal`` for :hg:`import` on other | |
467 | - ``changeset.mq.qnew`` for :hg:`qnew` |
|
467 | - ``changeset.mq.qnew`` for :hg:`qnew` | |
468 | - ``changeset.mq.qfold`` for :hg:`qfold` |
|
468 | - ``changeset.mq.qfold`` for :hg:`qfold` | |
469 | - ``changeset.mq.qrefresh`` for :hg:`qrefresh` |
|
469 | - ``changeset.mq.qrefresh`` for :hg:`qrefresh` | |
470 | - ``changeset.rebase.collapse`` for :hg:`rebase --collapse` |
|
470 | - ``changeset.rebase.collapse`` for :hg:`rebase --collapse` | |
471 | - ``changeset.rebase.merge`` for :hg:`rebase` on merges |
|
471 | - ``changeset.rebase.merge`` for :hg:`rebase` on merges | |
472 | - ``changeset.rebase.normal`` for :hg:`rebase` on other |
|
472 | - ``changeset.rebase.normal`` for :hg:`rebase` on other | |
473 | - ``changeset.shelve.shelve`` for :hg:`shelve` |
|
473 | - ``changeset.shelve.shelve`` for :hg:`shelve` | |
474 | - ``changeset.tag.add`` for :hg:`tag` without ``--remove`` |
|
474 | - ``changeset.tag.add`` for :hg:`tag` without ``--remove`` | |
475 | - ``changeset.tag.remove`` for :hg:`tag --remove` |
|
475 | - ``changeset.tag.remove`` for :hg:`tag --remove` | |
476 | - ``changeset.transplant.merge`` for :hg:`transplant` on merges |
|
476 | - ``changeset.transplant.merge`` for :hg:`transplant` on merges | |
477 | - ``changeset.transplant.normal`` for :hg:`transplant` on other |
|
477 | - ``changeset.transplant.normal`` for :hg:`transplant` on other | |
478 |
|
478 | |||
479 | These dot-separated lists of names are treated as hierarchical ones. |
|
479 | These dot-separated lists of names are treated as hierarchical ones. | |
480 | For example, ``changeset.tag.remove`` customizes the commit message |
|
480 | For example, ``changeset.tag.remove`` customizes the commit message | |
481 | only for :hg:`tag --remove`, but ``changeset.tag`` customizes the |
|
481 | only for :hg:`tag --remove`, but ``changeset.tag`` customizes the | |
482 | commit message for :hg:`tag` regardless of ``--remove`` option. |
|
482 | commit message for :hg:`tag` regardless of ``--remove`` option. | |
483 |
|
483 | |||
484 | When the external editor is invoked for a commit, the corresponding |
|
484 | When the external editor is invoked for a commit, the corresponding | |
485 | dot-separated list of names without the ``changeset.`` prefix |
|
485 | dot-separated list of names without the ``changeset.`` prefix | |
486 | (e.g. ``commit.normal.normal``) is in the ``HGEDITFORM`` environment |
|
486 | (e.g. ``commit.normal.normal``) is in the ``HGEDITFORM`` environment | |
487 | variable. |
|
487 | variable. | |
488 |
|
488 | |||
489 | In this section, items other than ``changeset`` can be referred from |
|
489 | In this section, items other than ``changeset`` can be referred from | |
490 | others. For example, the configuration to list committed files up |
|
490 | others. For example, the configuration to list committed files up | |
491 | below can be referred as ``{listupfiles}``:: |
|
491 | below can be referred as ``{listupfiles}``:: | |
492 |
|
492 | |||
493 | [committemplate] |
|
493 | [committemplate] | |
494 | listupfiles = {file_adds % |
|
494 | listupfiles = {file_adds % | |
495 | "HG: added {file}\n" }{file_mods % |
|
495 | "HG: added {file}\n" }{file_mods % | |
496 | "HG: changed {file}\n" }{file_dels % |
|
496 | "HG: changed {file}\n" }{file_dels % | |
497 | "HG: removed {file}\n" }{if(files, "", |
|
497 | "HG: removed {file}\n" }{if(files, "", | |
498 | "HG: no files changed\n")} |
|
498 | "HG: no files changed\n")} | |
499 |
|
499 | |||
500 | ``decode/encode`` |
|
500 | ``decode/encode`` | |
501 | ----------------- |
|
501 | ----------------- | |
502 |
|
502 | |||
503 | Filters for transforming files on checkout/checkin. This would |
|
503 | Filters for transforming files on checkout/checkin. This would | |
504 | typically be used for newline processing or other |
|
504 | typically be used for newline processing or other | |
505 | localization/canonicalization of files. |
|
505 | localization/canonicalization of files. | |
506 |
|
506 | |||
507 | Filters consist of a filter pattern followed by a filter command. |
|
507 | Filters consist of a filter pattern followed by a filter command. | |
508 | Filter patterns are globs by default, rooted at the repository root. |
|
508 | Filter patterns are globs by default, rooted at the repository root. | |
509 | For example, to match any file ending in ``.txt`` in the root |
|
509 | For example, to match any file ending in ``.txt`` in the root | |
510 | directory only, use the pattern ``*.txt``. To match any file ending |
|
510 | directory only, use the pattern ``*.txt``. To match any file ending | |
511 | in ``.c`` anywhere in the repository, use the pattern ``**.c``. |
|
511 | in ``.c`` anywhere in the repository, use the pattern ``**.c``. | |
512 | For each file only the first matching filter applies. |
|
512 | For each file only the first matching filter applies. | |
513 |
|
513 | |||
514 | The filter command can start with a specifier, either ``pipe:`` or |
|
514 | The filter command can start with a specifier, either ``pipe:`` or | |
515 | ``tempfile:``. If no specifier is given, ``pipe:`` is used by default. |
|
515 | ``tempfile:``. If no specifier is given, ``pipe:`` is used by default. | |
516 |
|
516 | |||
517 | A ``pipe:`` command must accept data on stdin and return the transformed |
|
517 | A ``pipe:`` command must accept data on stdin and return the transformed | |
518 | data on stdout. |
|
518 | data on stdout. | |
519 |
|
519 | |||
520 | Pipe example:: |
|
520 | Pipe example:: | |
521 |
|
521 | |||
522 | [encode] |
|
522 | [encode] | |
523 | # uncompress gzip files on checkin to improve delta compression |
|
523 | # uncompress gzip files on checkin to improve delta compression | |
524 | # note: not necessarily a good idea, just an example |
|
524 | # note: not necessarily a good idea, just an example | |
525 | *.gz = pipe: gunzip |
|
525 | *.gz = pipe: gunzip | |
526 |
|
526 | |||
527 | [decode] |
|
527 | [decode] | |
528 | # recompress gzip files when writing them to the working dir (we |
|
528 | # recompress gzip files when writing them to the working dir (we | |
529 | # can safely omit "pipe:", because it's the default) |
|
529 | # can safely omit "pipe:", because it's the default) | |
530 | *.gz = gzip |
|
530 | *.gz = gzip | |
531 |
|
531 | |||
532 | A ``tempfile:`` command is a template. The string ``INFILE`` is replaced |
|
532 | A ``tempfile:`` command is a template. The string ``INFILE`` is replaced | |
533 | with the name of a temporary file that contains the data to be |
|
533 | with the name of a temporary file that contains the data to be | |
534 | filtered by the command. The string ``OUTFILE`` is replaced with the name |
|
534 | filtered by the command. The string ``OUTFILE`` is replaced with the name | |
535 | of an empty temporary file, where the filtered data must be written by |
|
535 | of an empty temporary file, where the filtered data must be written by | |
536 | the command. |
|
536 | the command. | |
537 |
|
537 | |||
538 | .. container:: windows |
|
538 | .. container:: windows | |
539 |
|
539 | |||
540 | .. note:: |
|
540 | .. note:: | |
541 |
|
541 | |||
542 | The tempfile mechanism is recommended for Windows systems, |
|
542 | The tempfile mechanism is recommended for Windows systems, | |
543 | where the standard shell I/O redirection operators often have |
|
543 | where the standard shell I/O redirection operators often have | |
544 | strange effects and may corrupt the contents of your files. |
|
544 | strange effects and may corrupt the contents of your files. | |
545 |
|
545 | |||
546 | This filter mechanism is used internally by the ``eol`` extension to |
|
546 | This filter mechanism is used internally by the ``eol`` extension to | |
547 | translate line ending characters between Windows (CRLF) and Unix (LF) |
|
547 | translate line ending characters between Windows (CRLF) and Unix (LF) | |
548 | format. We suggest you use the ``eol`` extension for convenience. |
|
548 | format. We suggest you use the ``eol`` extension for convenience. | |
549 |
|
549 | |||
550 |
|
550 | |||
551 | ``defaults`` |
|
551 | ``defaults`` | |
552 | ------------ |
|
552 | ------------ | |
553 |
|
553 | |||
554 | (defaults are deprecated. Don't use them. Use aliases instead.) |
|
554 | (defaults are deprecated. Don't use them. Use aliases instead.) | |
555 |
|
555 | |||
556 | Use the ``[defaults]`` section to define command defaults, i.e. the |
|
556 | Use the ``[defaults]`` section to define command defaults, i.e. the | |
557 | default options/arguments to pass to the specified commands. |
|
557 | default options/arguments to pass to the specified commands. | |
558 |
|
558 | |||
559 | The following example makes :hg:`log` run in verbose mode, and |
|
559 | The following example makes :hg:`log` run in verbose mode, and | |
560 | :hg:`status` show only the modified files, by default:: |
|
560 | :hg:`status` show only the modified files, by default:: | |
561 |
|
561 | |||
562 | [defaults] |
|
562 | [defaults] | |
563 | log = -v |
|
563 | log = -v | |
564 | status = -m |
|
564 | status = -m | |
565 |
|
565 | |||
566 | The actual commands, instead of their aliases, must be used when |
|
566 | The actual commands, instead of their aliases, must be used when | |
567 | defining command defaults. The command defaults will also be applied |
|
567 | defining command defaults. The command defaults will also be applied | |
568 | to the aliases of the commands defined. |
|
568 | to the aliases of the commands defined. | |
569 |
|
569 | |||
570 |
|
570 | |||
571 | ``diff`` |
|
571 | ``diff`` | |
572 | -------- |
|
572 | -------- | |
573 |
|
573 | |||
574 | Settings used when displaying diffs. Everything except for ``unified`` |
|
574 | Settings used when displaying diffs. Everything except for ``unified`` | |
575 | is a Boolean and defaults to False. See :hg:`help config.annotate` |
|
575 | is a Boolean and defaults to False. See :hg:`help config.annotate` | |
576 | for related options for the annotate command. |
|
576 | for related options for the annotate command. | |
577 |
|
577 | |||
578 | ``git`` |
|
578 | ``git`` | |
579 | Use git extended diff format. |
|
579 | Use git extended diff format. | |
580 |
|
580 | |||
581 | ``nobinary`` |
|
581 | ``nobinary`` | |
582 | Omit git binary patches. |
|
582 | Omit git binary patches. | |
583 |
|
583 | |||
584 | ``nodates`` |
|
584 | ``nodates`` | |
585 | Don't include dates in diff headers. |
|
585 | Don't include dates in diff headers. | |
586 |
|
586 | |||
587 | ``noprefix`` |
|
587 | ``noprefix`` | |
588 | Omit 'a/' and 'b/' prefixes from filenames. Ignored in plain mode. |
|
588 | Omit 'a/' and 'b/' prefixes from filenames. Ignored in plain mode. | |
589 |
|
589 | |||
590 | ``showfunc`` |
|
590 | ``showfunc`` | |
591 | Show which function each change is in. |
|
591 | Show which function each change is in. | |
592 |
|
592 | |||
593 | ``ignorews`` |
|
593 | ``ignorews`` | |
594 | Ignore white space when comparing lines. |
|
594 | Ignore white space when comparing lines. | |
595 |
|
595 | |||
596 | ``ignorewsamount`` |
|
596 | ``ignorewsamount`` | |
597 | Ignore changes in the amount of white space. |
|
597 | Ignore changes in the amount of white space. | |
598 |
|
598 | |||
599 | ``ignoreblanklines`` |
|
599 | ``ignoreblanklines`` | |
600 | Ignore changes whose lines are all blank. |
|
600 | Ignore changes whose lines are all blank. | |
601 |
|
601 | |||
602 | ``unified`` |
|
602 | ``unified`` | |
603 | Number of lines of context to show. |
|
603 | Number of lines of context to show. | |
604 |
|
604 | |||
605 | ``email`` |
|
605 | ``email`` | |
606 | --------- |
|
606 | --------- | |
607 |
|
607 | |||
608 | Settings for extensions that send email messages. |
|
608 | Settings for extensions that send email messages. | |
609 |
|
609 | |||
610 | ``from`` |
|
610 | ``from`` | |
611 | Optional. Email address to use in "From" header and SMTP envelope |
|
611 | Optional. Email address to use in "From" header and SMTP envelope | |
612 | of outgoing messages. |
|
612 | of outgoing messages. | |
613 |
|
613 | |||
614 | ``to`` |
|
614 | ``to`` | |
615 | Optional. Comma-separated list of recipients' email addresses. |
|
615 | Optional. Comma-separated list of recipients' email addresses. | |
616 |
|
616 | |||
617 | ``cc`` |
|
617 | ``cc`` | |
618 | Optional. Comma-separated list of carbon copy recipients' |
|
618 | Optional. Comma-separated list of carbon copy recipients' | |
619 | email addresses. |
|
619 | email addresses. | |
620 |
|
620 | |||
621 | ``bcc`` |
|
621 | ``bcc`` | |
622 | Optional. Comma-separated list of blind carbon copy recipients' |
|
622 | Optional. Comma-separated list of blind carbon copy recipients' | |
623 | email addresses. |
|
623 | email addresses. | |
624 |
|
624 | |||
625 | ``method`` |
|
625 | ``method`` | |
626 | Optional. Method to use to send email messages. If value is ``smtp`` |
|
626 | Optional. Method to use to send email messages. If value is ``smtp`` | |
627 | (default), use SMTP (see the ``[smtp]`` section for configuration). |
|
627 | (default), use SMTP (see the ``[smtp]`` section for configuration). | |
628 | Otherwise, use as name of program to run that acts like sendmail |
|
628 | Otherwise, use as name of program to run that acts like sendmail | |
629 | (takes ``-f`` option for sender, list of recipients on command line, |
|
629 | (takes ``-f`` option for sender, list of recipients on command line, | |
630 | message on stdin). Normally, setting this to ``sendmail`` or |
|
630 | message on stdin). Normally, setting this to ``sendmail`` or | |
631 | ``/usr/sbin/sendmail`` is enough to use sendmail to send messages. |
|
631 | ``/usr/sbin/sendmail`` is enough to use sendmail to send messages. | |
632 |
|
632 | |||
633 | ``charsets`` |
|
633 | ``charsets`` | |
634 | Optional. Comma-separated list of character sets considered |
|
634 | Optional. Comma-separated list of character sets considered | |
635 | convenient for recipients. Addresses, headers, and parts not |
|
635 | convenient for recipients. Addresses, headers, and parts not | |
636 | containing patches of outgoing messages will be encoded in the |
|
636 | containing patches of outgoing messages will be encoded in the | |
637 | first character set to which conversion from local encoding |
|
637 | first character set to which conversion from local encoding | |
638 | (``$HGENCODING``, ``ui.fallbackencoding``) succeeds. If correct |
|
638 | (``$HGENCODING``, ``ui.fallbackencoding``) succeeds. If correct | |
639 | conversion fails, the text in question is sent as is. |
|
639 | conversion fails, the text in question is sent as is. | |
640 | (default: '') |
|
640 | (default: '') | |
641 |
|
641 | |||
642 | Order of outgoing email character sets: |
|
642 | Order of outgoing email character sets: | |
643 |
|
643 | |||
644 | 1. ``us-ascii``: always first, regardless of settings |
|
644 | 1. ``us-ascii``: always first, regardless of settings | |
645 | 2. ``email.charsets``: in order given by user |
|
645 | 2. ``email.charsets``: in order given by user | |
646 | 3. ``ui.fallbackencoding``: if not in email.charsets |
|
646 | 3. ``ui.fallbackencoding``: if not in email.charsets | |
647 | 4. ``$HGENCODING``: if not in email.charsets |
|
647 | 4. ``$HGENCODING``: if not in email.charsets | |
648 | 5. ``utf-8``: always last, regardless of settings |
|
648 | 5. ``utf-8``: always last, regardless of settings | |
649 |
|
649 | |||
650 | Email example:: |
|
650 | Email example:: | |
651 |
|
651 | |||
652 | [email] |
|
652 | [email] | |
653 | from = Joseph User <joe.user@example.com> |
|
653 | from = Joseph User <joe.user@example.com> | |
654 | method = /usr/sbin/sendmail |
|
654 | method = /usr/sbin/sendmail | |
655 | # charsets for western Europeans |
|
655 | # charsets for western Europeans | |
656 | # us-ascii, utf-8 omitted, as they are tried first and last |
|
656 | # us-ascii, utf-8 omitted, as they are tried first and last | |
657 | charsets = iso-8859-1, iso-8859-15, windows-1252 |
|
657 | charsets = iso-8859-1, iso-8859-15, windows-1252 | |
658 |
|
658 | |||
659 |
|
659 | |||
660 | ``extensions`` |
|
660 | ``extensions`` | |
661 | -------------- |
|
661 | -------------- | |
662 |
|
662 | |||
663 | Mercurial has an extension mechanism for adding new features. To |
|
663 | Mercurial has an extension mechanism for adding new features. To | |
664 | enable an extension, create an entry for it in this section. |
|
664 | enable an extension, create an entry for it in this section. | |
665 |
|
665 | |||
666 | If you know that the extension is already in Python's search path, |
|
666 | If you know that the extension is already in Python's search path, | |
667 | you can give the name of the module, followed by ``=``, with nothing |
|
667 | you can give the name of the module, followed by ``=``, with nothing | |
668 | after the ``=``. |
|
668 | after the ``=``. | |
669 |
|
669 | |||
670 | Otherwise, give a name that you choose, followed by ``=``, followed by |
|
670 | Otherwise, give a name that you choose, followed by ``=``, followed by | |
671 | the path to the ``.py`` file (including the file name extension) that |
|
671 | the path to the ``.py`` file (including the file name extension) that | |
672 | defines the extension. |
|
672 | defines the extension. | |
673 |
|
673 | |||
674 | To explicitly disable an extension that is enabled in an hgrc of |
|
674 | To explicitly disable an extension that is enabled in an hgrc of | |
675 | broader scope, prepend its path with ``!``, as in ``foo = !/ext/path`` |
|
675 | broader scope, prepend its path with ``!``, as in ``foo = !/ext/path`` | |
676 | or ``foo = !`` when path is not supplied. |
|
676 | or ``foo = !`` when path is not supplied. | |
677 |
|
677 | |||
678 | Example for ``~/.hgrc``:: |
|
678 | Example for ``~/.hgrc``:: | |
679 |
|
679 | |||
680 | [extensions] |
|
680 | [extensions] | |
681 | # (the color extension will get loaded from Mercurial's path) |
|
681 | # (the color extension will get loaded from Mercurial's path) | |
682 | color = |
|
682 | color = | |
683 | # (this extension will get loaded from the file specified) |
|
683 | # (this extension will get loaded from the file specified) | |
684 | myfeature = ~/.hgext/myfeature.py |
|
684 | myfeature = ~/.hgext/myfeature.py | |
685 |
|
685 | |||
686 |
|
686 | |||
687 | ``format`` |
|
687 | ``format`` | |
688 | ---------- |
|
688 | ---------- | |
689 |
|
689 | |||
690 | ``usegeneraldelta`` |
|
690 | ``usegeneraldelta`` | |
691 | Enable or disable the "generaldelta" repository format which improves |
|
691 | Enable or disable the "generaldelta" repository format which improves | |
692 | repository compression by allowing "revlog" to store delta against arbitrary |
|
692 | repository compression by allowing "revlog" to store delta against arbitrary | |
693 | revision instead of the previous stored one. This provides significant |
|
693 | revision instead of the previous stored one. This provides significant | |
694 | improvement for repositories with branches. |
|
694 | improvement for repositories with branches. | |
695 |
|
695 | |||
696 | Repositories with this on-disk format require Mercurial version 1.9. |
|
696 | Repositories with this on-disk format require Mercurial version 1.9. | |
697 |
|
697 | |||
698 | Enabled by default. |
|
698 | Enabled by default. | |
699 |
|
699 | |||
700 | ``dotencode`` |
|
700 | ``dotencode`` | |
701 | Enable or disable the "dotencode" repository format which enhances |
|
701 | Enable or disable the "dotencode" repository format which enhances | |
702 | the "fncache" repository format (which has to be enabled to use |
|
702 | the "fncache" repository format (which has to be enabled to use | |
703 | dotencode) to avoid issues with filenames starting with ._ on |
|
703 | dotencode) to avoid issues with filenames starting with ._ on | |
704 | Mac OS X and spaces on Windows. |
|
704 | Mac OS X and spaces on Windows. | |
705 |
|
705 | |||
706 | Repositories with this on-disk format require Mercurial version 1.7. |
|
706 | Repositories with this on-disk format require Mercurial version 1.7. | |
707 |
|
707 | |||
708 | Enabled by default. |
|
708 | Enabled by default. | |
709 |
|
709 | |||
710 | ``usefncache`` |
|
710 | ``usefncache`` | |
711 | Enable or disable the "fncache" repository format which enhances |
|
711 | Enable or disable the "fncache" repository format which enhances | |
712 | the "store" repository format (which has to be enabled to use |
|
712 | the "store" repository format (which has to be enabled to use | |
713 | fncache) to allow longer filenames and avoids using Windows |
|
713 | fncache) to allow longer filenames and avoids using Windows | |
714 | reserved names, e.g. "nul". |
|
714 | reserved names, e.g. "nul". | |
715 |
|
715 | |||
716 | Repositories with this on-disk format require Mercurial version 1.1. |
|
716 | Repositories with this on-disk format require Mercurial version 1.1. | |
717 |
|
717 | |||
718 | Enabled by default. |
|
718 | Enabled by default. | |
719 |
|
719 | |||
720 | ``usestore`` |
|
720 | ``usestore`` | |
721 | Enable or disable the "store" repository format which improves |
|
721 | Enable or disable the "store" repository format which improves | |
722 | compatibility with systems that fold case or otherwise mangle |
|
722 | compatibility with systems that fold case or otherwise mangle | |
723 | filenames. Disabling this option will allow you to store longer filenames |
|
723 | filenames. Disabling this option will allow you to store longer filenames | |
724 | in some situations at the expense of compatibility. |
|
724 | in some situations at the expense of compatibility. | |
725 |
|
725 | |||
726 | Repositories with this on-disk format require Mercurial version 0.9.4. |
|
726 | Repositories with this on-disk format require Mercurial version 0.9.4. | |
727 |
|
727 | |||
728 | Enabled by default. |
|
728 | Enabled by default. | |
729 |
|
729 | |||
730 | ``graph`` |
|
730 | ``graph`` | |
731 | --------- |
|
731 | --------- | |
732 |
|
732 | |||
733 | Web graph view configuration. This section let you change graph |
|
733 | Web graph view configuration. This section let you change graph | |
734 | elements display properties by branches, for instance to make the |
|
734 | elements display properties by branches, for instance to make the | |
735 | ``default`` branch stand out. |
|
735 | ``default`` branch stand out. | |
736 |
|
736 | |||
737 | Each line has the following format:: |
|
737 | Each line has the following format:: | |
738 |
|
738 | |||
739 | <branch>.<argument> = <value> |
|
739 | <branch>.<argument> = <value> | |
740 |
|
740 | |||
741 | where ``<branch>`` is the name of the branch being |
|
741 | where ``<branch>`` is the name of the branch being | |
742 | customized. Example:: |
|
742 | customized. Example:: | |
743 |
|
743 | |||
744 | [graph] |
|
744 | [graph] | |
745 | # 2px width |
|
745 | # 2px width | |
746 | default.width = 2 |
|
746 | default.width = 2 | |
747 | # red color |
|
747 | # red color | |
748 | default.color = FF0000 |
|
748 | default.color = FF0000 | |
749 |
|
749 | |||
750 | Supported arguments: |
|
750 | Supported arguments: | |
751 |
|
751 | |||
752 | ``width`` |
|
752 | ``width`` | |
753 | Set branch edges width in pixels. |
|
753 | Set branch edges width in pixels. | |
754 |
|
754 | |||
755 | ``color`` |
|
755 | ``color`` | |
756 | Set branch edges color in hexadecimal RGB notation. |
|
756 | Set branch edges color in hexadecimal RGB notation. | |
757 |
|
757 | |||
758 | ``hooks`` |
|
758 | ``hooks`` | |
759 | --------- |
|
759 | --------- | |
760 |
|
760 | |||
761 | Commands or Python functions that get automatically executed by |
|
761 | Commands or Python functions that get automatically executed by | |
762 | various actions such as starting or finishing a commit. Multiple |
|
762 | various actions such as starting or finishing a commit. Multiple | |
763 | hooks can be run for the same action by appending a suffix to the |
|
763 | hooks can be run for the same action by appending a suffix to the | |
764 | action. Overriding a site-wide hook can be done by changing its |
|
764 | action. Overriding a site-wide hook can be done by changing its | |
765 | value or setting it to an empty string. Hooks can be prioritized |
|
765 | value or setting it to an empty string. Hooks can be prioritized | |
766 | by adding a prefix of ``priority.`` to the hook name on a new line |
|
766 | by adding a prefix of ``priority.`` to the hook name on a new line | |
767 | and setting the priority. The default priority is 0. |
|
767 | and setting the priority. The default priority is 0. | |
768 |
|
768 | |||
769 | Example ``.hg/hgrc``:: |
|
769 | Example ``.hg/hgrc``:: | |
770 |
|
770 | |||
771 | [hooks] |
|
771 | [hooks] | |
772 | # update working directory after adding changesets |
|
772 | # update working directory after adding changesets | |
773 | changegroup.update = hg update |
|
773 | changegroup.update = hg update | |
774 | # do not use the site-wide hook |
|
774 | # do not use the site-wide hook | |
775 | incoming = |
|
775 | incoming = | |
776 | incoming.email = /my/email/hook |
|
776 | incoming.email = /my/email/hook | |
777 | incoming.autobuild = /my/build/hook |
|
777 | incoming.autobuild = /my/build/hook | |
778 | # force autobuild hook to run before other incoming hooks |
|
778 | # force autobuild hook to run before other incoming hooks | |
779 | priority.incoming.autobuild = 1 |
|
779 | priority.incoming.autobuild = 1 | |
780 |
|
780 | |||
781 | Most hooks are run with environment variables set that give useful |
|
781 | Most hooks are run with environment variables set that give useful | |
782 | additional information. For each hook below, the environment |
|
782 | additional information. For each hook below, the environment | |
783 | variables it is passed are listed with names of the form ``$HG_foo``. |
|
783 | variables it is passed are listed with names of the form ``$HG_foo``. | |
784 |
|
784 | |||
785 | ``changegroup`` |
|
785 | ``changegroup`` | |
786 | Run after a changegroup has been added via push, pull or unbundle. ID of the |
|
786 | Run after a changegroup has been added via push, pull or unbundle. ID of the | |
787 | first new changeset is in ``$HG_NODE`` and last in ``$HG_NODE_LAST``. URL |
|
787 | first new changeset is in ``$HG_NODE`` and last in ``$HG_NODE_LAST``. URL | |
788 | from which changes came is in ``$HG_URL``. |
|
788 | from which changes came is in ``$HG_URL``. | |
789 |
|
789 | |||
790 | ``commit`` |
|
790 | ``commit`` | |
791 | Run after a changeset has been created in the local repository. ID |
|
791 | Run after a changeset has been created in the local repository. ID | |
792 | of the newly created changeset is in ``$HG_NODE``. Parent changeset |
|
792 | of the newly created changeset is in ``$HG_NODE``. Parent changeset | |
793 | IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``. |
|
793 | IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``. | |
794 |
|
794 | |||
795 | ``incoming`` |
|
795 | ``incoming`` | |
796 | Run after a changeset has been pulled, pushed, or unbundled into |
|
796 | Run after a changeset has been pulled, pushed, or unbundled into | |
797 | the local repository. The ID of the newly arrived changeset is in |
|
797 | the local repository. The ID of the newly arrived changeset is in | |
798 | ``$HG_NODE``. URL that was source of changes came is in ``$HG_URL``. |
|
798 | ``$HG_NODE``. URL that was source of changes came is in ``$HG_URL``. | |
799 |
|
799 | |||
800 | ``outgoing`` |
|
800 | ``outgoing`` | |
801 | Run after sending changes from local repository to another. ID of |
|
801 | Run after sending changes from local repository to another. ID of | |
802 | first changeset sent is in ``$HG_NODE``. Source of operation is in |
|
802 | first changeset sent is in ``$HG_NODE``. Source of operation is in | |
803 | ``$HG_SOURCE``; Also see :hg:`help config.hooks.preoutgoing` hook. |
|
803 | ``$HG_SOURCE``; Also see :hg:`help config.hooks.preoutgoing` hook. | |
804 |
|
804 | |||
805 | ``post-<command>`` |
|
805 | ``post-<command>`` | |
806 | Run after successful invocations of the associated command. The |
|
806 | Run after successful invocations of the associated command. The | |
807 | contents of the command line are passed as ``$HG_ARGS`` and the result |
|
807 | contents of the command line are passed as ``$HG_ARGS`` and the result | |
808 | code in ``$HG_RESULT``. Parsed command line arguments are passed as |
|
808 | code in ``$HG_RESULT``. Parsed command line arguments are passed as | |
809 | ``$HG_PATS`` and ``$HG_OPTS``. These contain string representations of |
|
809 | ``$HG_PATS`` and ``$HG_OPTS``. These contain string representations of | |
810 | the python data internally passed to <command>. ``$HG_OPTS`` is a |
|
810 | the python data internally passed to <command>. ``$HG_OPTS`` is a | |
811 | dictionary of options (with unspecified options set to their defaults). |
|
811 | dictionary of options (with unspecified options set to their defaults). | |
812 | ``$HG_PATS`` is a list of arguments. Hook failure is ignored. |
|
812 | ``$HG_PATS`` is a list of arguments. Hook failure is ignored. | |
813 |
|
813 | |||
814 | ``fail-<command>`` |
|
814 | ``fail-<command>`` | |
815 | Run after a failed invocation of an associated command. The contents |
|
815 | Run after a failed invocation of an associated command. The contents | |
816 | of the command line are passed as ``$HG_ARGS``. Parsed command line |
|
816 | of the command line are passed as ``$HG_ARGS``. Parsed command line | |
817 | arguments are passed as ``$HG_PATS`` and ``$HG_OPTS``. These contain |
|
817 | arguments are passed as ``$HG_PATS`` and ``$HG_OPTS``. These contain | |
818 | string representations of the python data internally passed to |
|
818 | string representations of the python data internally passed to | |
819 | <command>. ``$HG_OPTS`` is a dictionary of options (with unspecified |
|
819 | <command>. ``$HG_OPTS`` is a dictionary of options (with unspecified | |
820 | options set to their defaults). ``$HG_PATS`` is a list of arguments. |
|
820 | options set to their defaults). ``$HG_PATS`` is a list of arguments. | |
821 | Hook failure is ignored. |
|
821 | Hook failure is ignored. | |
822 |
|
822 | |||
823 | ``pre-<command>`` |
|
823 | ``pre-<command>`` | |
824 | Run before executing the associated command. The contents of the |
|
824 | Run before executing the associated command. The contents of the | |
825 | command line are passed as ``$HG_ARGS``. Parsed command line arguments |
|
825 | command line are passed as ``$HG_ARGS``. Parsed command line arguments | |
826 | are passed as ``$HG_PATS`` and ``$HG_OPTS``. These contain string |
|
826 | are passed as ``$HG_PATS`` and ``$HG_OPTS``. These contain string | |
827 | representations of the data internally passed to <command>. ``$HG_OPTS`` |
|
827 | representations of the data internally passed to <command>. ``$HG_OPTS`` | |
828 | is a dictionary of options (with unspecified options set to their |
|
828 | is a dictionary of options (with unspecified options set to their | |
829 | defaults). ``$HG_PATS`` is a list of arguments. If the hook returns |
|
829 | defaults). ``$HG_PATS`` is a list of arguments. If the hook returns | |
830 | failure, the command doesn't execute and Mercurial returns the failure |
|
830 | failure, the command doesn't execute and Mercurial returns the failure | |
831 | code. |
|
831 | code. | |
832 |
|
832 | |||
833 | ``prechangegroup`` |
|
833 | ``prechangegroup`` | |
834 | Run before a changegroup is added via push, pull or unbundle. Exit |
|
834 | Run before a changegroup is added via push, pull or unbundle. Exit | |
835 | status 0 allows the changegroup to proceed. Non-zero status will |
|
835 | status 0 allows the changegroup to proceed. Non-zero status will | |
836 | cause the push, pull or unbundle to fail. URL from which changes |
|
836 | cause the push, pull or unbundle to fail. URL from which changes | |
837 | will come is in ``$HG_URL``. |
|
837 | will come is in ``$HG_URL``. | |
838 |
|
838 | |||
839 | ``precommit`` |
|
839 | ``precommit`` | |
840 | Run before starting a local commit. Exit status 0 allows the |
|
840 | Run before starting a local commit. Exit status 0 allows the | |
841 | commit to proceed. Non-zero status will cause the commit to fail. |
|
841 | commit to proceed. Non-zero status will cause the commit to fail. | |
842 | Parent changeset IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``. |
|
842 | Parent changeset IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``. | |
843 |
|
843 | |||
844 | ``prelistkeys`` |
|
844 | ``prelistkeys`` | |
845 | Run before listing pushkeys (like bookmarks) in the |
|
845 | Run before listing pushkeys (like bookmarks) in the | |
846 | repository. Non-zero status will cause failure. The key namespace is |
|
846 | repository. Non-zero status will cause failure. The key namespace is | |
847 | in ``$HG_NAMESPACE``. |
|
847 | in ``$HG_NAMESPACE``. | |
848 |
|
848 | |||
849 | ``preoutgoing`` |
|
849 | ``preoutgoing`` | |
850 | Run before collecting changes to send from the local repository to |
|
850 | Run before collecting changes to send from the local repository to | |
851 | another. Non-zero status will cause failure. This lets you prevent |
|
851 | another. Non-zero status will cause failure. This lets you prevent | |
852 | pull over HTTP or SSH. Also prevents against local pull, push |
|
852 | pull over HTTP or SSH. Also prevents against local pull, push | |
853 | (outbound) or bundle commands, but not effective, since you can |
|
853 | (outbound) or bundle commands, but not effective, since you can | |
854 | just copy files instead then. Source of operation is in |
|
854 | just copy files instead then. Source of operation is in | |
855 | ``$HG_SOURCE``. If "serve", operation is happening on behalf of remote |
|
855 | ``$HG_SOURCE``. If "serve", operation is happening on behalf of remote | |
856 | SSH or HTTP repository. If "push", "pull" or "bundle", operation |
|
856 | SSH or HTTP repository. If "push", "pull" or "bundle", operation | |
857 | is happening on behalf of repository on same system. |
|
857 | is happening on behalf of repository on same system. | |
858 |
|
858 | |||
859 | ``prepushkey`` |
|
859 | ``prepushkey`` | |
860 | Run before a pushkey (like a bookmark) is added to the |
|
860 | Run before a pushkey (like a bookmark) is added to the | |
861 | repository. Non-zero status will cause the key to be rejected. The |
|
861 | repository. Non-zero status will cause the key to be rejected. The | |
862 | key namespace is in ``$HG_NAMESPACE``, the key is in ``$HG_KEY``, |
|
862 | key namespace is in ``$HG_NAMESPACE``, the key is in ``$HG_KEY``, | |
863 | the old value (if any) is in ``$HG_OLD``, and the new value is in |
|
863 | the old value (if any) is in ``$HG_OLD``, and the new value is in | |
864 | ``$HG_NEW``. |
|
864 | ``$HG_NEW``. | |
865 |
|
865 | |||
866 | ``pretag`` |
|
866 | ``pretag`` | |
867 | Run before creating a tag. Exit status 0 allows the tag to be |
|
867 | Run before creating a tag. Exit status 0 allows the tag to be | |
868 | created. Non-zero status will cause the tag to fail. ID of |
|
868 | created. Non-zero status will cause the tag to fail. ID of | |
869 | changeset to tag is in ``$HG_NODE``. Name of tag is in ``$HG_TAG``. Tag is |
|
869 | changeset to tag is in ``$HG_NODE``. Name of tag is in ``$HG_TAG``. Tag is | |
870 | local if ``$HG_LOCAL=1``, in repository if ``$HG_LOCAL=0``. |
|
870 | local if ``$HG_LOCAL=1``, in repository if ``$HG_LOCAL=0``. | |
871 |
|
871 | |||
872 | ``pretxnopen`` |
|
872 | ``pretxnopen`` | |
873 | Run before any new repository transaction is open. The reason for the |
|
873 | Run before any new repository transaction is open. The reason for the | |
874 | transaction will be in ``$HG_TXNNAME`` and a unique identifier for the |
|
874 | transaction will be in ``$HG_TXNNAME`` and a unique identifier for the | |
875 | transaction will be in ``HG_TXNID``. A non-zero status will prevent the |
|
875 | transaction will be in ``HG_TXNID``. A non-zero status will prevent the | |
876 | transaction from being opened. |
|
876 | transaction from being opened. | |
877 |
|
877 | |||
878 | ``pretxnclose`` |
|
878 | ``pretxnclose`` | |
879 | Run right before the transaction is actually finalized. Any repository change |
|
879 | Run right before the transaction is actually finalized. Any repository change | |
880 | will be visible to the hook program. This lets you validate the transaction |
|
880 | will be visible to the hook program. This lets you validate the transaction | |
881 | content or change it. Exit status 0 allows the commit to proceed. Non-zero |
|
881 | content or change it. Exit status 0 allows the commit to proceed. Non-zero | |
882 | status will cause the transaction to be rolled back. The reason for the |
|
882 | status will cause the transaction to be rolled back. The reason for the | |
883 | transaction opening will be in ``$HG_TXNNAME`` and a unique identifier for |
|
883 | transaction opening will be in ``$HG_TXNNAME`` and a unique identifier for | |
884 | the transaction will be in ``HG_TXNID``. The rest of the available data will |
|
884 | the transaction will be in ``HG_TXNID``. The rest of the available data will | |
885 | vary according the transaction type. New changesets will add ``$HG_NODE`` (id |
|
885 | vary according the transaction type. New changesets will add ``$HG_NODE`` (id | |
886 | of the first added changeset), ``$HG_NODE_LAST`` (id of the last added |
|
886 | of the first added changeset), ``$HG_NODE_LAST`` (id of the last added | |
887 | changeset), ``$HG_URL`` and ``$HG_SOURCE`` variables, bookmarks and phases |
|
887 | changeset), ``$HG_URL`` and ``$HG_SOURCE`` variables, bookmarks and phases | |
888 | changes will set ``HG_BOOKMARK_MOVED`` and ``HG_PHASES_MOVED`` to ``1``, etc. |
|
888 | changes will set ``HG_BOOKMARK_MOVED`` and ``HG_PHASES_MOVED`` to ``1``, etc. | |
889 |
|
889 | |||
890 | ``txnclose`` |
|
890 | ``txnclose`` | |
891 | Run after any repository transaction has been committed. At this |
|
891 | Run after any repository transaction has been committed. At this | |
892 | point, the transaction can no longer be rolled back. The hook will run |
|
892 | point, the transaction can no longer be rolled back. The hook will run | |
893 | after the lock is released. See :hg:`help config.hooks.pretxnclose` docs for |
|
893 | after the lock is released. See :hg:`help config.hooks.pretxnclose` docs for | |
894 | details about available variables. |
|
894 | details about available variables. | |
895 |
|
895 | |||
896 | ``txnabort`` |
|
896 | ``txnabort`` | |
897 | Run when a transaction is aborted. See :hg:`help config.hooks.pretxnclose` |
|
897 | Run when a transaction is aborted. See :hg:`help config.hooks.pretxnclose` | |
898 | docs for details about available variables. |
|
898 | docs for details about available variables. | |
899 |
|
899 | |||
900 | ``pretxnchangegroup`` |
|
900 | ``pretxnchangegroup`` | |
901 | Run after a changegroup has been added via push, pull or unbundle, but before |
|
901 | Run after a changegroup has been added via push, pull or unbundle, but before | |
902 | the transaction has been committed. Changegroup is visible to hook program. |
|
902 | the transaction has been committed. Changegroup is visible to hook program. | |
903 | This lets you validate incoming changes before accepting them. Passed the ID |
|
903 | This lets you validate incoming changes before accepting them. Passed the ID | |
904 | of the first new changeset in ``$HG_NODE`` and last in ``$HG_NODE_LAST``. |
|
904 | of the first new changeset in ``$HG_NODE`` and last in ``$HG_NODE_LAST``. | |
905 | Exit status 0 allows the transaction to commit. Non-zero status will cause |
|
905 | Exit status 0 allows the transaction to commit. Non-zero status will cause | |
906 | the transaction to be rolled back and the push, pull or unbundle will fail. |
|
906 | the transaction to be rolled back and the push, pull or unbundle will fail. | |
907 | URL that was source of changes is in ``$HG_URL``. |
|
907 | URL that was source of changes is in ``$HG_URL``. | |
908 |
|
908 | |||
909 | ``pretxncommit`` |
|
909 | ``pretxncommit`` | |
910 | Run after a changeset has been created but the transaction not yet |
|
910 | Run after a changeset has been created but the transaction not yet | |
911 | committed. Changeset is visible to hook program. This lets you |
|
911 | committed. Changeset is visible to hook program. This lets you | |
912 | validate commit message and changes. Exit status 0 allows the |
|
912 | validate commit message and changes. Exit status 0 allows the | |
913 | commit to proceed. Non-zero status will cause the transaction to |
|
913 | commit to proceed. Non-zero status will cause the transaction to | |
914 | be rolled back. ID of changeset is in ``$HG_NODE``. Parent changeset |
|
914 | be rolled back. ID of changeset is in ``$HG_NODE``. Parent changeset | |
915 | IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``. |
|
915 | IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``. | |
916 |
|
916 | |||
917 | ``preupdate`` |
|
917 | ``preupdate`` | |
918 | Run before updating the working directory. Exit status 0 allows |
|
918 | Run before updating the working directory. Exit status 0 allows | |
919 | the update to proceed. Non-zero status will prevent the update. |
|
919 | the update to proceed. Non-zero status will prevent the update. | |
920 | Changeset ID of first new parent is in ``$HG_PARENT1``. If merge, ID |
|
920 | Changeset ID of first new parent is in ``$HG_PARENT1``. If merge, ID | |
921 | of second new parent is in ``$HG_PARENT2``. |
|
921 | of second new parent is in ``$HG_PARENT2``. | |
922 |
|
922 | |||
923 | ``listkeys`` |
|
923 | ``listkeys`` | |
924 | Run after listing pushkeys (like bookmarks) in the repository. The |
|
924 | Run after listing pushkeys (like bookmarks) in the repository. The | |
925 | key namespace is in ``$HG_NAMESPACE``. ``$HG_VALUES`` is a |
|
925 | key namespace is in ``$HG_NAMESPACE``. ``$HG_VALUES`` is a | |
926 | dictionary containing the keys and values. |
|
926 | dictionary containing the keys and values. | |
927 |
|
927 | |||
928 | ``pushkey`` |
|
928 | ``pushkey`` | |
929 | Run after a pushkey (like a bookmark) is added to the |
|
929 | Run after a pushkey (like a bookmark) is added to the | |
930 | repository. The key namespace is in ``$HG_NAMESPACE``, the key is in |
|
930 | repository. The key namespace is in ``$HG_NAMESPACE``, the key is in | |
931 | ``$HG_KEY``, the old value (if any) is in ``$HG_OLD``, and the new |
|
931 | ``$HG_KEY``, the old value (if any) is in ``$HG_OLD``, and the new | |
932 | value is in ``$HG_NEW``. |
|
932 | value is in ``$HG_NEW``. | |
933 |
|
933 | |||
934 | ``tag`` |
|
934 | ``tag`` | |
935 | Run after a tag is created. ID of tagged changeset is in ``$HG_NODE``. |
|
935 | Run after a tag is created. ID of tagged changeset is in ``$HG_NODE``. | |
936 | Name of tag is in ``$HG_TAG``. Tag is local if ``$HG_LOCAL=1``, in |
|
936 | Name of tag is in ``$HG_TAG``. Tag is local if ``$HG_LOCAL=1``, in | |
937 | repository if ``$HG_LOCAL=0``. |
|
937 | repository if ``$HG_LOCAL=0``. | |
938 |
|
938 | |||
939 | ``update`` |
|
939 | ``update`` | |
940 | Run after updating the working directory. Changeset ID of first |
|
940 | Run after updating the working directory. Changeset ID of first | |
941 | new parent is in ``$HG_PARENT1``. If merge, ID of second new parent is |
|
941 | new parent is in ``$HG_PARENT1``. If merge, ID of second new parent is | |
942 | in ``$HG_PARENT2``. If the update succeeded, ``$HG_ERROR=0``. If the |
|
942 | in ``$HG_PARENT2``. If the update succeeded, ``$HG_ERROR=0``. If the | |
943 | update failed (e.g. because conflicts not resolved), ``$HG_ERROR=1``. |
|
943 | update failed (e.g. because conflicts not resolved), ``$HG_ERROR=1``. | |
944 |
|
944 | |||
945 | .. note:: |
|
945 | .. note:: | |
946 |
|
946 | |||
947 | It is generally better to use standard hooks rather than the |
|
947 | It is generally better to use standard hooks rather than the | |
948 | generic pre- and post- command hooks as they are guaranteed to be |
|
948 | generic pre- and post- command hooks as they are guaranteed to be | |
949 | called in the appropriate contexts for influencing transactions. |
|
949 | called in the appropriate contexts for influencing transactions. | |
950 | Also, hooks like "commit" will be called in all contexts that |
|
950 | Also, hooks like "commit" will be called in all contexts that | |
951 | generate a commit (e.g. tag) and not just the commit command. |
|
951 | generate a commit (e.g. tag) and not just the commit command. | |
952 |
|
952 | |||
953 | .. note:: |
|
953 | .. note:: | |
954 |
|
954 | |||
955 | Environment variables with empty values may not be passed to |
|
955 | Environment variables with empty values may not be passed to | |
956 | hooks on platforms such as Windows. As an example, ``$HG_PARENT2`` |
|
956 | hooks on platforms such as Windows. As an example, ``$HG_PARENT2`` | |
957 | will have an empty value under Unix-like platforms for non-merge |
|
957 | will have an empty value under Unix-like platforms for non-merge | |
958 | changesets, while it will not be available at all under Windows. |
|
958 | changesets, while it will not be available at all under Windows. | |
959 |
|
959 | |||
960 | The syntax for Python hooks is as follows:: |
|
960 | The syntax for Python hooks is as follows:: | |
961 |
|
961 | |||
962 | hookname = python:modulename.submodule.callable |
|
962 | hookname = python:modulename.submodule.callable | |
963 | hookname = python:/path/to/python/module.py:callable |
|
963 | hookname = python:/path/to/python/module.py:callable | |
964 |
|
964 | |||
965 | Python hooks are run within the Mercurial process. Each hook is |
|
965 | Python hooks are run within the Mercurial process. Each hook is | |
966 | called with at least three keyword arguments: a ui object (keyword |
|
966 | called with at least three keyword arguments: a ui object (keyword | |
967 | ``ui``), a repository object (keyword ``repo``), and a ``hooktype`` |
|
967 | ``ui``), a repository object (keyword ``repo``), and a ``hooktype`` | |
968 | keyword that tells what kind of hook is used. Arguments listed as |
|
968 | keyword that tells what kind of hook is used. Arguments listed as | |
969 | environment variables above are passed as keyword arguments, with no |
|
969 | environment variables above are passed as keyword arguments, with no | |
970 | ``HG_`` prefix, and names in lower case. |
|
970 | ``HG_`` prefix, and names in lower case. | |
971 |
|
971 | |||
972 | If a Python hook returns a "true" value or raises an exception, this |
|
972 | If a Python hook returns a "true" value or raises an exception, this | |
973 | is treated as a failure. |
|
973 | is treated as a failure. | |
974 |
|
974 | |||
975 |
|
975 | |||
976 | ``hostfingerprints`` |
|
976 | ``hostfingerprints`` | |
977 | -------------------- |
|
977 | -------------------- | |
978 |
|
978 | |||
|
979 | (Deprecated. Use ``[hostsecurity]``'s ``fingerprints`` options instead.) | |||
|
980 | ||||
979 | Fingerprints of the certificates of known HTTPS servers. |
|
981 | Fingerprints of the certificates of known HTTPS servers. | |
980 |
|
982 | |||
981 | A HTTPS connection to a server with a fingerprint configured here will |
|
983 | A HTTPS connection to a server with a fingerprint configured here will | |
982 | only succeed if the servers certificate matches the fingerprint. |
|
984 | only succeed if the servers certificate matches the fingerprint. | |
983 | This is very similar to how ssh known hosts works. |
|
985 | This is very similar to how ssh known hosts works. | |
984 |
|
986 | |||
985 | The fingerprint is the SHA-1 hash value of the DER encoded certificate. |
|
987 | The fingerprint is the SHA-1 hash value of the DER encoded certificate. | |
986 | Multiple values can be specified (separated by spaces or commas). This can |
|
988 | Multiple values can be specified (separated by spaces or commas). This can | |
987 | be used to define both old and new fingerprints while a host transitions |
|
989 | be used to define both old and new fingerprints while a host transitions | |
988 | to a new certificate. |
|
990 | to a new certificate. | |
989 |
|
991 | |||
990 | The CA chain and web.cacerts is not used for servers with a fingerprint. |
|
992 | The CA chain and web.cacerts is not used for servers with a fingerprint. | |
991 |
|
993 | |||
992 | For example:: |
|
994 | For example:: | |
993 |
|
995 | |||
994 | [hostfingerprints] |
|
996 | [hostfingerprints] | |
995 | hg.intevation.de = fc:e2:8d:d9:51:cd:cb:c1:4d:18:6b:b7:44:8d:49:72:57:e6:cd:33 |
|
997 | hg.intevation.de = fc:e2:8d:d9:51:cd:cb:c1:4d:18:6b:b7:44:8d:49:72:57:e6:cd:33 | |
996 | hg.intevation.org = fc:e2:8d:d9:51:cd:cb:c1:4d:18:6b:b7:44:8d:49:72:57:e6:cd:33 |
|
998 | hg.intevation.org = fc:e2:8d:d9:51:cd:cb:c1:4d:18:6b:b7:44:8d:49:72:57:e6:cd:33 | |
997 |
|
999 | |||
|
1000 | ``hostsecurity`` | |||
|
1001 | ---------------- | |||
|
1002 | ||||
|
1003 | Used to specify per-host security settings. | |||
|
1004 | ||||
|
1005 | Options in this section have the form ``hostname``:``setting``. This allows | |||
|
1006 | multiple settings to be defined on a per-host basis. | |||
|
1007 | ||||
|
1008 | The following per-host settings can be defined. | |||
|
1009 | ||||
|
1010 | ``fingerprints`` | |||
|
1011 | A list of hashes of the DER encoded peer/remote certificate. Values have | |||
|
1012 | the form ``algorithm``:``fingerprint``. e.g. | |||
|
1013 | ``sha256:c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2``. | |||
|
1014 | ||||
|
1015 | The following algorithms/prefixes are supported: ``sha1``, ``sha256``, | |||
|
1016 | ``sha512``. | |||
|
1017 | ||||
|
1018 | Use of ``sha256`` or ``sha512`` is preferred. | |||
|
1019 | ||||
|
1020 | If a fingerprint is specified, the CA chain is not validated for this | |||
|
1021 | host and Mercurial will require the remote certificate to match one | |||
|
1022 | of the fingerprints specified. This means if the server updates its | |||
|
1023 | certificate, Mercurial will abort until a new fingerprint is defined. | |||
|
1024 | This can provide stronger security than traditional CA-based validation | |||
|
1025 | at the expense of convenience. | |||
|
1026 | ||||
|
1027 | For example:: | |||
|
1028 | ||||
|
1029 | [hostsecurity] | |||
|
1030 | hg.example.com:fingerprints = sha256:c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2 | |||
|
1031 | hg2.example.com:fingerprints = sha1:914f1aff87249c09b6859b88b1906d30756491ca, sha1:fc:e2:8d:d9:51:cd:cb:c1:4d:18:6b:b7:44:8d:49:72:57:e6:cd:33 | |||
|
1032 | ||||
998 | ``http_proxy`` |
|
1033 | ``http_proxy`` | |
999 | -------------- |
|
1034 | -------------- | |
1000 |
|
1035 | |||
1001 | Used to access web-based Mercurial repositories through a HTTP |
|
1036 | Used to access web-based Mercurial repositories through a HTTP | |
1002 | proxy. |
|
1037 | proxy. | |
1003 |
|
1038 | |||
1004 | ``host`` |
|
1039 | ``host`` | |
1005 | Host name and (optional) port of the proxy server, for example |
|
1040 | Host name and (optional) port of the proxy server, for example | |
1006 | "myproxy:8000". |
|
1041 | "myproxy:8000". | |
1007 |
|
1042 | |||
1008 | ``no`` |
|
1043 | ``no`` | |
1009 | Optional. Comma-separated list of host names that should bypass |
|
1044 | Optional. Comma-separated list of host names that should bypass | |
1010 | the proxy. |
|
1045 | the proxy. | |
1011 |
|
1046 | |||
1012 | ``passwd`` |
|
1047 | ``passwd`` | |
1013 | Optional. Password to authenticate with at the proxy server. |
|
1048 | Optional. Password to authenticate with at the proxy server. | |
1014 |
|
1049 | |||
1015 | ``user`` |
|
1050 | ``user`` | |
1016 | Optional. User name to authenticate with at the proxy server. |
|
1051 | Optional. User name to authenticate with at the proxy server. | |
1017 |
|
1052 | |||
1018 | ``always`` |
|
1053 | ``always`` | |
1019 | Optional. Always use the proxy, even for localhost and any entries |
|
1054 | Optional. Always use the proxy, even for localhost and any entries | |
1020 | in ``http_proxy.no``. (default: False) |
|
1055 | in ``http_proxy.no``. (default: False) | |
1021 |
|
1056 | |||
1022 | ``merge`` |
|
1057 | ``merge`` | |
1023 | --------- |
|
1058 | --------- | |
1024 |
|
1059 | |||
1025 | This section specifies behavior during merges and updates. |
|
1060 | This section specifies behavior during merges and updates. | |
1026 |
|
1061 | |||
1027 | ``checkignored`` |
|
1062 | ``checkignored`` | |
1028 | Controls behavior when an ignored file on disk has the same name as a tracked |
|
1063 | Controls behavior when an ignored file on disk has the same name as a tracked | |
1029 | file in the changeset being merged or updated to, and has different |
|
1064 | file in the changeset being merged or updated to, and has different | |
1030 | contents. Options are ``abort``, ``warn`` and ``ignore``. With ``abort``, |
|
1065 | contents. Options are ``abort``, ``warn`` and ``ignore``. With ``abort``, | |
1031 | abort on such files. With ``warn``, warn on such files and back them up as |
|
1066 | abort on such files. With ``warn``, warn on such files and back them up as | |
1032 | ``.orig``. With ``ignore``, don't print a warning and back them up as |
|
1067 | ``.orig``. With ``ignore``, don't print a warning and back them up as | |
1033 | ``.orig``. (default: ``abort``) |
|
1068 | ``.orig``. (default: ``abort``) | |
1034 |
|
1069 | |||
1035 | ``checkunknown`` |
|
1070 | ``checkunknown`` | |
1036 | Controls behavior when an unknown file that isn't ignored has the same name |
|
1071 | Controls behavior when an unknown file that isn't ignored has the same name | |
1037 | as a tracked file in the changeset being merged or updated to, and has |
|
1072 | as a tracked file in the changeset being merged or updated to, and has | |
1038 | different contents. Similar to ``merge.checkignored``, except for files that |
|
1073 | different contents. Similar to ``merge.checkignored``, except for files that | |
1039 | are not ignored. (default: ``abort``) |
|
1074 | are not ignored. (default: ``abort``) | |
1040 |
|
1075 | |||
1041 | ``merge-patterns`` |
|
1076 | ``merge-patterns`` | |
1042 | ------------------ |
|
1077 | ------------------ | |
1043 |
|
1078 | |||
1044 | This section specifies merge tools to associate with particular file |
|
1079 | This section specifies merge tools to associate with particular file | |
1045 | patterns. Tools matched here will take precedence over the default |
|
1080 | patterns. Tools matched here will take precedence over the default | |
1046 | merge tool. Patterns are globs by default, rooted at the repository |
|
1081 | merge tool. Patterns are globs by default, rooted at the repository | |
1047 | root. |
|
1082 | root. | |
1048 |
|
1083 | |||
1049 | Example:: |
|
1084 | Example:: | |
1050 |
|
1085 | |||
1051 | [merge-patterns] |
|
1086 | [merge-patterns] | |
1052 | **.c = kdiff3 |
|
1087 | **.c = kdiff3 | |
1053 | **.jpg = myimgmerge |
|
1088 | **.jpg = myimgmerge | |
1054 |
|
1089 | |||
1055 | ``merge-tools`` |
|
1090 | ``merge-tools`` | |
1056 | --------------- |
|
1091 | --------------- | |
1057 |
|
1092 | |||
1058 | This section configures external merge tools to use for file-level |
|
1093 | This section configures external merge tools to use for file-level | |
1059 | merges. This section has likely been preconfigured at install time. |
|
1094 | merges. This section has likely been preconfigured at install time. | |
1060 | Use :hg:`config merge-tools` to check the existing configuration. |
|
1095 | Use :hg:`config merge-tools` to check the existing configuration. | |
1061 | Also see :hg:`help merge-tools` for more details. |
|
1096 | Also see :hg:`help merge-tools` for more details. | |
1062 |
|
1097 | |||
1063 | Example ``~/.hgrc``:: |
|
1098 | Example ``~/.hgrc``:: | |
1064 |
|
1099 | |||
1065 | [merge-tools] |
|
1100 | [merge-tools] | |
1066 | # Override stock tool location |
|
1101 | # Override stock tool location | |
1067 | kdiff3.executable = ~/bin/kdiff3 |
|
1102 | kdiff3.executable = ~/bin/kdiff3 | |
1068 | # Specify command line |
|
1103 | # Specify command line | |
1069 | kdiff3.args = $base $local $other -o $output |
|
1104 | kdiff3.args = $base $local $other -o $output | |
1070 | # Give higher priority |
|
1105 | # Give higher priority | |
1071 | kdiff3.priority = 1 |
|
1106 | kdiff3.priority = 1 | |
1072 |
|
1107 | |||
1073 | # Changing the priority of preconfigured tool |
|
1108 | # Changing the priority of preconfigured tool | |
1074 | meld.priority = 0 |
|
1109 | meld.priority = 0 | |
1075 |
|
1110 | |||
1076 | # Disable a preconfigured tool |
|
1111 | # Disable a preconfigured tool | |
1077 | vimdiff.disabled = yes |
|
1112 | vimdiff.disabled = yes | |
1078 |
|
1113 | |||
1079 | # Define new tool |
|
1114 | # Define new tool | |
1080 | myHtmlTool.args = -m $local $other $base $output |
|
1115 | myHtmlTool.args = -m $local $other $base $output | |
1081 | myHtmlTool.regkey = Software\FooSoftware\HtmlMerge |
|
1116 | myHtmlTool.regkey = Software\FooSoftware\HtmlMerge | |
1082 | myHtmlTool.priority = 1 |
|
1117 | myHtmlTool.priority = 1 | |
1083 |
|
1118 | |||
1084 | Supported arguments: |
|
1119 | Supported arguments: | |
1085 |
|
1120 | |||
1086 | ``priority`` |
|
1121 | ``priority`` | |
1087 | The priority in which to evaluate this tool. |
|
1122 | The priority in which to evaluate this tool. | |
1088 | (default: 0) |
|
1123 | (default: 0) | |
1089 |
|
1124 | |||
1090 | ``executable`` |
|
1125 | ``executable`` | |
1091 | Either just the name of the executable or its pathname. |
|
1126 | Either just the name of the executable or its pathname. | |
1092 |
|
1127 | |||
1093 | .. container:: windows |
|
1128 | .. container:: windows | |
1094 |
|
1129 | |||
1095 | On Windows, the path can use environment variables with ${ProgramFiles} |
|
1130 | On Windows, the path can use environment variables with ${ProgramFiles} | |
1096 | syntax. |
|
1131 | syntax. | |
1097 |
|
1132 | |||
1098 | (default: the tool name) |
|
1133 | (default: the tool name) | |
1099 |
|
1134 | |||
1100 | ``args`` |
|
1135 | ``args`` | |
1101 | The arguments to pass to the tool executable. You can refer to the |
|
1136 | The arguments to pass to the tool executable. You can refer to the | |
1102 | files being merged as well as the output file through these |
|
1137 | files being merged as well as the output file through these | |
1103 | variables: ``$base``, ``$local``, ``$other``, ``$output``. The meaning |
|
1138 | variables: ``$base``, ``$local``, ``$other``, ``$output``. The meaning | |
1104 | of ``$local`` and ``$other`` can vary depending on which action is being |
|
1139 | of ``$local`` and ``$other`` can vary depending on which action is being | |
1105 | performed. During and update or merge, ``$local`` represents the original |
|
1140 | performed. During and update or merge, ``$local`` represents the original | |
1106 | state of the file, while ``$other`` represents the commit you are updating |
|
1141 | state of the file, while ``$other`` represents the commit you are updating | |
1107 | to or the commit you are merging with. During a rebase ``$local`` |
|
1142 | to or the commit you are merging with. During a rebase ``$local`` | |
1108 | represents the destination of the rebase, and ``$other`` represents the |
|
1143 | represents the destination of the rebase, and ``$other`` represents the | |
1109 | commit being rebased. |
|
1144 | commit being rebased. | |
1110 | (default: ``$local $base $other``) |
|
1145 | (default: ``$local $base $other``) | |
1111 |
|
1146 | |||
1112 | ``premerge`` |
|
1147 | ``premerge`` | |
1113 | Attempt to run internal non-interactive 3-way merge tool before |
|
1148 | Attempt to run internal non-interactive 3-way merge tool before | |
1114 | launching external tool. Options are ``true``, ``false``, ``keep`` or |
|
1149 | launching external tool. Options are ``true``, ``false``, ``keep`` or | |
1115 | ``keep-merge3``. The ``keep`` option will leave markers in the file if the |
|
1150 | ``keep-merge3``. The ``keep`` option will leave markers in the file if the | |
1116 | premerge fails. The ``keep-merge3`` will do the same but include information |
|
1151 | premerge fails. The ``keep-merge3`` will do the same but include information | |
1117 | about the base of the merge in the marker (see internal :merge3 in |
|
1152 | about the base of the merge in the marker (see internal :merge3 in | |
1118 | :hg:`help merge-tools`). |
|
1153 | :hg:`help merge-tools`). | |
1119 | (default: True) |
|
1154 | (default: True) | |
1120 |
|
1155 | |||
1121 | ``binary`` |
|
1156 | ``binary`` | |
1122 | This tool can merge binary files. (default: False, unless tool |
|
1157 | This tool can merge binary files. (default: False, unless tool | |
1123 | was selected by file pattern match) |
|
1158 | was selected by file pattern match) | |
1124 |
|
1159 | |||
1125 | ``symlink`` |
|
1160 | ``symlink`` | |
1126 | This tool can merge symlinks. (default: False) |
|
1161 | This tool can merge symlinks. (default: False) | |
1127 |
|
1162 | |||
1128 | ``check`` |
|
1163 | ``check`` | |
1129 | A list of merge success-checking options: |
|
1164 | A list of merge success-checking options: | |
1130 |
|
1165 | |||
1131 | ``changed`` |
|
1166 | ``changed`` | |
1132 | Ask whether merge was successful when the merged file shows no changes. |
|
1167 | Ask whether merge was successful when the merged file shows no changes. | |
1133 | ``conflicts`` |
|
1168 | ``conflicts`` | |
1134 | Check whether there are conflicts even though the tool reported success. |
|
1169 | Check whether there are conflicts even though the tool reported success. | |
1135 | ``prompt`` |
|
1170 | ``prompt`` | |
1136 | Always prompt for merge success, regardless of success reported by tool. |
|
1171 | Always prompt for merge success, regardless of success reported by tool. | |
1137 |
|
1172 | |||
1138 | ``fixeol`` |
|
1173 | ``fixeol`` | |
1139 | Attempt to fix up EOL changes caused by the merge tool. |
|
1174 | Attempt to fix up EOL changes caused by the merge tool. | |
1140 | (default: False) |
|
1175 | (default: False) | |
1141 |
|
1176 | |||
1142 | ``gui`` |
|
1177 | ``gui`` | |
1143 | This tool requires a graphical interface to run. (default: False) |
|
1178 | This tool requires a graphical interface to run. (default: False) | |
1144 |
|
1179 | |||
1145 | .. container:: windows |
|
1180 | .. container:: windows | |
1146 |
|
1181 | |||
1147 | ``regkey`` |
|
1182 | ``regkey`` | |
1148 | Windows registry key which describes install location of this |
|
1183 | Windows registry key which describes install location of this | |
1149 | tool. Mercurial will search for this key first under |
|
1184 | tool. Mercurial will search for this key first under | |
1150 | ``HKEY_CURRENT_USER`` and then under ``HKEY_LOCAL_MACHINE``. |
|
1185 | ``HKEY_CURRENT_USER`` and then under ``HKEY_LOCAL_MACHINE``. | |
1151 | (default: None) |
|
1186 | (default: None) | |
1152 |
|
1187 | |||
1153 | ``regkeyalt`` |
|
1188 | ``regkeyalt`` | |
1154 | An alternate Windows registry key to try if the first key is not |
|
1189 | An alternate Windows registry key to try if the first key is not | |
1155 | found. The alternate key uses the same ``regname`` and ``regappend`` |
|
1190 | found. The alternate key uses the same ``regname`` and ``regappend`` | |
1156 | semantics of the primary key. The most common use for this key |
|
1191 | semantics of the primary key. The most common use for this key | |
1157 | is to search for 32bit applications on 64bit operating systems. |
|
1192 | is to search for 32bit applications on 64bit operating systems. | |
1158 | (default: None) |
|
1193 | (default: None) | |
1159 |
|
1194 | |||
1160 | ``regname`` |
|
1195 | ``regname`` | |
1161 | Name of value to read from specified registry key. |
|
1196 | Name of value to read from specified registry key. | |
1162 | (default: the unnamed (default) value) |
|
1197 | (default: the unnamed (default) value) | |
1163 |
|
1198 | |||
1164 | ``regappend`` |
|
1199 | ``regappend`` | |
1165 | String to append to the value read from the registry, typically |
|
1200 | String to append to the value read from the registry, typically | |
1166 | the executable name of the tool. |
|
1201 | the executable name of the tool. | |
1167 | (default: None) |
|
1202 | (default: None) | |
1168 |
|
1203 | |||
1169 |
|
1204 | |||
1170 | ``patch`` |
|
1205 | ``patch`` | |
1171 | --------- |
|
1206 | --------- | |
1172 |
|
1207 | |||
1173 | Settings used when applying patches, for instance through the 'import' |
|
1208 | Settings used when applying patches, for instance through the 'import' | |
1174 | command or with Mercurial Queues extension. |
|
1209 | command or with Mercurial Queues extension. | |
1175 |
|
1210 | |||
1176 | ``eol`` |
|
1211 | ``eol`` | |
1177 | When set to 'strict' patch content and patched files end of lines |
|
1212 | When set to 'strict' patch content and patched files end of lines | |
1178 | are preserved. When set to ``lf`` or ``crlf``, both files end of |
|
1213 | are preserved. When set to ``lf`` or ``crlf``, both files end of | |
1179 | lines are ignored when patching and the result line endings are |
|
1214 | lines are ignored when patching and the result line endings are | |
1180 | normalized to either LF (Unix) or CRLF (Windows). When set to |
|
1215 | normalized to either LF (Unix) or CRLF (Windows). When set to | |
1181 | ``auto``, end of lines are again ignored while patching but line |
|
1216 | ``auto``, end of lines are again ignored while patching but line | |
1182 | endings in patched files are normalized to their original setting |
|
1217 | endings in patched files are normalized to their original setting | |
1183 | on a per-file basis. If target file does not exist or has no end |
|
1218 | on a per-file basis. If target file does not exist or has no end | |
1184 | of line, patch line endings are preserved. |
|
1219 | of line, patch line endings are preserved. | |
1185 | (default: strict) |
|
1220 | (default: strict) | |
1186 |
|
1221 | |||
1187 | ``fuzz`` |
|
1222 | ``fuzz`` | |
1188 | The number of lines of 'fuzz' to allow when applying patches. This |
|
1223 | The number of lines of 'fuzz' to allow when applying patches. This | |
1189 | controls how much context the patcher is allowed to ignore when |
|
1224 | controls how much context the patcher is allowed to ignore when | |
1190 | trying to apply a patch. |
|
1225 | trying to apply a patch. | |
1191 | (default: 2) |
|
1226 | (default: 2) | |
1192 |
|
1227 | |||
1193 | ``paths`` |
|
1228 | ``paths`` | |
1194 | --------- |
|
1229 | --------- | |
1195 |
|
1230 | |||
1196 | Assigns symbolic names and behavior to repositories. |
|
1231 | Assigns symbolic names and behavior to repositories. | |
1197 |
|
1232 | |||
1198 | Options are symbolic names defining the URL or directory that is the |
|
1233 | Options are symbolic names defining the URL or directory that is the | |
1199 | location of the repository. Example:: |
|
1234 | location of the repository. Example:: | |
1200 |
|
1235 | |||
1201 | [paths] |
|
1236 | [paths] | |
1202 | my_server = https://example.com/my_repo |
|
1237 | my_server = https://example.com/my_repo | |
1203 | local_path = /home/me/repo |
|
1238 | local_path = /home/me/repo | |
1204 |
|
1239 | |||
1205 | These symbolic names can be used from the command line. To pull |
|
1240 | These symbolic names can be used from the command line. To pull | |
1206 | from ``my_server``: :hg:`pull my_server`. To push to ``local_path``: |
|
1241 | from ``my_server``: :hg:`pull my_server`. To push to ``local_path``: | |
1207 | :hg:`push local_path`. |
|
1242 | :hg:`push local_path`. | |
1208 |
|
1243 | |||
1209 | Options containing colons (``:``) denote sub-options that can influence |
|
1244 | Options containing colons (``:``) denote sub-options that can influence | |
1210 | behavior for that specific path. Example:: |
|
1245 | behavior for that specific path. Example:: | |
1211 |
|
1246 | |||
1212 | [paths] |
|
1247 | [paths] | |
1213 | my_server = https://example.com/my_path |
|
1248 | my_server = https://example.com/my_path | |
1214 | my_server:pushurl = ssh://example.com/my_path |
|
1249 | my_server:pushurl = ssh://example.com/my_path | |
1215 |
|
1250 | |||
1216 | The following sub-options can be defined: |
|
1251 | The following sub-options can be defined: | |
1217 |
|
1252 | |||
1218 | ``pushurl`` |
|
1253 | ``pushurl`` | |
1219 | The URL to use for push operations. If not defined, the location |
|
1254 | The URL to use for push operations. If not defined, the location | |
1220 | defined by the path's main entry is used. |
|
1255 | defined by the path's main entry is used. | |
1221 |
|
1256 | |||
1222 | The following special named paths exist: |
|
1257 | The following special named paths exist: | |
1223 |
|
1258 | |||
1224 | ``default`` |
|
1259 | ``default`` | |
1225 | The URL or directory to use when no source or remote is specified. |
|
1260 | The URL or directory to use when no source or remote is specified. | |
1226 |
|
1261 | |||
1227 | :hg:`clone` will automatically define this path to the location the |
|
1262 | :hg:`clone` will automatically define this path to the location the | |
1228 | repository was cloned from. |
|
1263 | repository was cloned from. | |
1229 |
|
1264 | |||
1230 | ``default-push`` |
|
1265 | ``default-push`` | |
1231 | (deprecated) The URL or directory for the default :hg:`push` location. |
|
1266 | (deprecated) The URL or directory for the default :hg:`push` location. | |
1232 | ``default:pushurl`` should be used instead. |
|
1267 | ``default:pushurl`` should be used instead. | |
1233 |
|
1268 | |||
1234 | ``phases`` |
|
1269 | ``phases`` | |
1235 | ---------- |
|
1270 | ---------- | |
1236 |
|
1271 | |||
1237 | Specifies default handling of phases. See :hg:`help phases` for more |
|
1272 | Specifies default handling of phases. See :hg:`help phases` for more | |
1238 | information about working with phases. |
|
1273 | information about working with phases. | |
1239 |
|
1274 | |||
1240 | ``publish`` |
|
1275 | ``publish`` | |
1241 | Controls draft phase behavior when working as a server. When true, |
|
1276 | Controls draft phase behavior when working as a server. When true, | |
1242 | pushed changesets are set to public in both client and server and |
|
1277 | pushed changesets are set to public in both client and server and | |
1243 | pulled or cloned changesets are set to public in the client. |
|
1278 | pulled or cloned changesets are set to public in the client. | |
1244 | (default: True) |
|
1279 | (default: True) | |
1245 |
|
1280 | |||
1246 | ``new-commit`` |
|
1281 | ``new-commit`` | |
1247 | Phase of newly-created commits. |
|
1282 | Phase of newly-created commits. | |
1248 | (default: draft) |
|
1283 | (default: draft) | |
1249 |
|
1284 | |||
1250 | ``checksubrepos`` |
|
1285 | ``checksubrepos`` | |
1251 | Check the phase of the current revision of each subrepository. Allowed |
|
1286 | Check the phase of the current revision of each subrepository. Allowed | |
1252 | values are "ignore", "follow" and "abort". For settings other than |
|
1287 | values are "ignore", "follow" and "abort". For settings other than | |
1253 | "ignore", the phase of the current revision of each subrepository is |
|
1288 | "ignore", the phase of the current revision of each subrepository is | |
1254 | checked before committing the parent repository. If any of those phases is |
|
1289 | checked before committing the parent repository. If any of those phases is | |
1255 | greater than the phase of the parent repository (e.g. if a subrepo is in a |
|
1290 | greater than the phase of the parent repository (e.g. if a subrepo is in a | |
1256 | "secret" phase while the parent repo is in "draft" phase), the commit is |
|
1291 | "secret" phase while the parent repo is in "draft" phase), the commit is | |
1257 | either aborted (if checksubrepos is set to "abort") or the higher phase is |
|
1292 | either aborted (if checksubrepos is set to "abort") or the higher phase is | |
1258 | used for the parent repository commit (if set to "follow"). |
|
1293 | used for the parent repository commit (if set to "follow"). | |
1259 | (default: follow) |
|
1294 | (default: follow) | |
1260 |
|
1295 | |||
1261 |
|
1296 | |||
1262 | ``profiling`` |
|
1297 | ``profiling`` | |
1263 | ------------- |
|
1298 | ------------- | |
1264 |
|
1299 | |||
1265 | Specifies profiling type, format, and file output. Two profilers are |
|
1300 | Specifies profiling type, format, and file output. Two profilers are | |
1266 | supported: an instrumenting profiler (named ``ls``), and a sampling |
|
1301 | supported: an instrumenting profiler (named ``ls``), and a sampling | |
1267 | profiler (named ``stat``). |
|
1302 | profiler (named ``stat``). | |
1268 |
|
1303 | |||
1269 | In this section description, 'profiling data' stands for the raw data |
|
1304 | In this section description, 'profiling data' stands for the raw data | |
1270 | collected during profiling, while 'profiling report' stands for a |
|
1305 | collected during profiling, while 'profiling report' stands for a | |
1271 | statistical text report generated from the profiling data. The |
|
1306 | statistical text report generated from the profiling data. The | |
1272 | profiling is done using lsprof. |
|
1307 | profiling is done using lsprof. | |
1273 |
|
1308 | |||
1274 | ``type`` |
|
1309 | ``type`` | |
1275 | The type of profiler to use. |
|
1310 | The type of profiler to use. | |
1276 | (default: ls) |
|
1311 | (default: ls) | |
1277 |
|
1312 | |||
1278 | ``ls`` |
|
1313 | ``ls`` | |
1279 | Use Python's built-in instrumenting profiler. This profiler |
|
1314 | Use Python's built-in instrumenting profiler. This profiler | |
1280 | works on all platforms, but each line number it reports is the |
|
1315 | works on all platforms, but each line number it reports is the | |
1281 | first line of a function. This restriction makes it difficult to |
|
1316 | first line of a function. This restriction makes it difficult to | |
1282 | identify the expensive parts of a non-trivial function. |
|
1317 | identify the expensive parts of a non-trivial function. | |
1283 | ``stat`` |
|
1318 | ``stat`` | |
1284 | Use a third-party statistical profiler, statprof. This profiler |
|
1319 | Use a third-party statistical profiler, statprof. This profiler | |
1285 | currently runs only on Unix systems, and is most useful for |
|
1320 | currently runs only on Unix systems, and is most useful for | |
1286 | profiling commands that run for longer than about 0.1 seconds. |
|
1321 | profiling commands that run for longer than about 0.1 seconds. | |
1287 |
|
1322 | |||
1288 | ``format`` |
|
1323 | ``format`` | |
1289 | Profiling format. Specific to the ``ls`` instrumenting profiler. |
|
1324 | Profiling format. Specific to the ``ls`` instrumenting profiler. | |
1290 | (default: text) |
|
1325 | (default: text) | |
1291 |
|
1326 | |||
1292 | ``text`` |
|
1327 | ``text`` | |
1293 | Generate a profiling report. When saving to a file, it should be |
|
1328 | Generate a profiling report. When saving to a file, it should be | |
1294 | noted that only the report is saved, and the profiling data is |
|
1329 | noted that only the report is saved, and the profiling data is | |
1295 | not kept. |
|
1330 | not kept. | |
1296 | ``kcachegrind`` |
|
1331 | ``kcachegrind`` | |
1297 | Format profiling data for kcachegrind use: when saving to a |
|
1332 | Format profiling data for kcachegrind use: when saving to a | |
1298 | file, the generated file can directly be loaded into |
|
1333 | file, the generated file can directly be loaded into | |
1299 | kcachegrind. |
|
1334 | kcachegrind. | |
1300 |
|
1335 | |||
1301 | ``frequency`` |
|
1336 | ``frequency`` | |
1302 | Sampling frequency. Specific to the ``stat`` sampling profiler. |
|
1337 | Sampling frequency. Specific to the ``stat`` sampling profiler. | |
1303 | (default: 1000) |
|
1338 | (default: 1000) | |
1304 |
|
1339 | |||
1305 | ``output`` |
|
1340 | ``output`` | |
1306 | File path where profiling data or report should be saved. If the |
|
1341 | File path where profiling data or report should be saved. If the | |
1307 | file exists, it is replaced. (default: None, data is printed on |
|
1342 | file exists, it is replaced. (default: None, data is printed on | |
1308 | stderr) |
|
1343 | stderr) | |
1309 |
|
1344 | |||
1310 | ``sort`` |
|
1345 | ``sort`` | |
1311 | Sort field. Specific to the ``ls`` instrumenting profiler. |
|
1346 | Sort field. Specific to the ``ls`` instrumenting profiler. | |
1312 | One of ``callcount``, ``reccallcount``, ``totaltime`` and |
|
1347 | One of ``callcount``, ``reccallcount``, ``totaltime`` and | |
1313 | ``inlinetime``. |
|
1348 | ``inlinetime``. | |
1314 | (default: inlinetime) |
|
1349 | (default: inlinetime) | |
1315 |
|
1350 | |||
1316 | ``limit`` |
|
1351 | ``limit`` | |
1317 | Number of lines to show. Specific to the ``ls`` instrumenting profiler. |
|
1352 | Number of lines to show. Specific to the ``ls`` instrumenting profiler. | |
1318 | (default: 30) |
|
1353 | (default: 30) | |
1319 |
|
1354 | |||
1320 | ``nested`` |
|
1355 | ``nested`` | |
1321 | Show at most this number of lines of drill-down info after each main entry. |
|
1356 | Show at most this number of lines of drill-down info after each main entry. | |
1322 | This can help explain the difference between Total and Inline. |
|
1357 | This can help explain the difference between Total and Inline. | |
1323 | Specific to the ``ls`` instrumenting profiler. |
|
1358 | Specific to the ``ls`` instrumenting profiler. | |
1324 | (default: 5) |
|
1359 | (default: 5) | |
1325 |
|
1360 | |||
1326 | ``progress`` |
|
1361 | ``progress`` | |
1327 | ------------ |
|
1362 | ------------ | |
1328 |
|
1363 | |||
1329 | Mercurial commands can draw progress bars that are as informative as |
|
1364 | Mercurial commands can draw progress bars that are as informative as | |
1330 | possible. Some progress bars only offer indeterminate information, while others |
|
1365 | possible. Some progress bars only offer indeterminate information, while others | |
1331 | have a definite end point. |
|
1366 | have a definite end point. | |
1332 |
|
1367 | |||
1333 | ``delay`` |
|
1368 | ``delay`` | |
1334 | Number of seconds (float) before showing the progress bar. (default: 3) |
|
1369 | Number of seconds (float) before showing the progress bar. (default: 3) | |
1335 |
|
1370 | |||
1336 | ``changedelay`` |
|
1371 | ``changedelay`` | |
1337 | Minimum delay before showing a new topic. When set to less than 3 * refresh, |
|
1372 | Minimum delay before showing a new topic. When set to less than 3 * refresh, | |
1338 | that value will be used instead. (default: 1) |
|
1373 | that value will be used instead. (default: 1) | |
1339 |
|
1374 | |||
1340 | ``refresh`` |
|
1375 | ``refresh`` | |
1341 | Time in seconds between refreshes of the progress bar. (default: 0.1) |
|
1376 | Time in seconds between refreshes of the progress bar. (default: 0.1) | |
1342 |
|
1377 | |||
1343 | ``format`` |
|
1378 | ``format`` | |
1344 | Format of the progress bar. |
|
1379 | Format of the progress bar. | |
1345 |
|
1380 | |||
1346 | Valid entries for the format field are ``topic``, ``bar``, ``number``, |
|
1381 | Valid entries for the format field are ``topic``, ``bar``, ``number``, | |
1347 | ``unit``, ``estimate``, ``speed``, and ``item``. ``item`` defaults to the |
|
1382 | ``unit``, ``estimate``, ``speed``, and ``item``. ``item`` defaults to the | |
1348 | last 20 characters of the item, but this can be changed by adding either |
|
1383 | last 20 characters of the item, but this can be changed by adding either | |
1349 | ``-<num>`` which would take the last num characters, or ``+<num>`` for the |
|
1384 | ``-<num>`` which would take the last num characters, or ``+<num>`` for the | |
1350 | first num characters. |
|
1385 | first num characters. | |
1351 |
|
1386 | |||
1352 | (default: topic bar number estimate) |
|
1387 | (default: topic bar number estimate) | |
1353 |
|
1388 | |||
1354 | ``width`` |
|
1389 | ``width`` | |
1355 | If set, the maximum width of the progress information (that is, min(width, |
|
1390 | If set, the maximum width of the progress information (that is, min(width, | |
1356 | term width) will be used). |
|
1391 | term width) will be used). | |
1357 |
|
1392 | |||
1358 | ``clear-complete`` |
|
1393 | ``clear-complete`` | |
1359 | Clear the progress bar after it's done. (default: True) |
|
1394 | Clear the progress bar after it's done. (default: True) | |
1360 |
|
1395 | |||
1361 | ``disable`` |
|
1396 | ``disable`` | |
1362 | If true, don't show a progress bar. |
|
1397 | If true, don't show a progress bar. | |
1363 |
|
1398 | |||
1364 | ``assume-tty`` |
|
1399 | ``assume-tty`` | |
1365 | If true, ALWAYS show a progress bar, unless disable is given. |
|
1400 | If true, ALWAYS show a progress bar, unless disable is given. | |
1366 |
|
1401 | |||
1367 | ``rebase`` |
|
1402 | ``rebase`` | |
1368 | ---------- |
|
1403 | ---------- | |
1369 |
|
1404 | |||
1370 | ``allowdivergence`` |
|
1405 | ``allowdivergence`` | |
1371 | Default to False, when True allow creating divergence when performing |
|
1406 | Default to False, when True allow creating divergence when performing | |
1372 | rebase of obsolete changesets. |
|
1407 | rebase of obsolete changesets. | |
1373 |
|
1408 | |||
1374 | ``revsetalias`` |
|
1409 | ``revsetalias`` | |
1375 | --------------- |
|
1410 | --------------- | |
1376 |
|
1411 | |||
1377 | Alias definitions for revsets. See :hg:`help revsets` for details. |
|
1412 | Alias definitions for revsets. See :hg:`help revsets` for details. | |
1378 |
|
1413 | |||
1379 | ``server`` |
|
1414 | ``server`` | |
1380 | ---------- |
|
1415 | ---------- | |
1381 |
|
1416 | |||
1382 | Controls generic server settings. |
|
1417 | Controls generic server settings. | |
1383 |
|
1418 | |||
1384 | ``uncompressed`` |
|
1419 | ``uncompressed`` | |
1385 | Whether to allow clients to clone a repository using the |
|
1420 | Whether to allow clients to clone a repository using the | |
1386 | uncompressed streaming protocol. This transfers about 40% more |
|
1421 | uncompressed streaming protocol. This transfers about 40% more | |
1387 | data than a regular clone, but uses less memory and CPU on both |
|
1422 | data than a regular clone, but uses less memory and CPU on both | |
1388 | server and client. Over a LAN (100 Mbps or better) or a very fast |
|
1423 | server and client. Over a LAN (100 Mbps or better) or a very fast | |
1389 | WAN, an uncompressed streaming clone is a lot faster (~10x) than a |
|
1424 | WAN, an uncompressed streaming clone is a lot faster (~10x) than a | |
1390 | regular clone. Over most WAN connections (anything slower than |
|
1425 | regular clone. Over most WAN connections (anything slower than | |
1391 | about 6 Mbps), uncompressed streaming is slower, because of the |
|
1426 | about 6 Mbps), uncompressed streaming is slower, because of the | |
1392 | extra data transfer overhead. This mode will also temporarily hold |
|
1427 | extra data transfer overhead. This mode will also temporarily hold | |
1393 | the write lock while determining what data to transfer. |
|
1428 | the write lock while determining what data to transfer. | |
1394 | (default: True) |
|
1429 | (default: True) | |
1395 |
|
1430 | |||
1396 | ``preferuncompressed`` |
|
1431 | ``preferuncompressed`` | |
1397 | When set, clients will try to use the uncompressed streaming |
|
1432 | When set, clients will try to use the uncompressed streaming | |
1398 | protocol. (default: False) |
|
1433 | protocol. (default: False) | |
1399 |
|
1434 | |||
1400 | ``validate`` |
|
1435 | ``validate`` | |
1401 | Whether to validate the completeness of pushed changesets by |
|
1436 | Whether to validate the completeness of pushed changesets by | |
1402 | checking that all new file revisions specified in manifests are |
|
1437 | checking that all new file revisions specified in manifests are | |
1403 | present. (default: False) |
|
1438 | present. (default: False) | |
1404 |
|
1439 | |||
1405 | ``maxhttpheaderlen`` |
|
1440 | ``maxhttpheaderlen`` | |
1406 | Instruct HTTP clients not to send request headers longer than this |
|
1441 | Instruct HTTP clients not to send request headers longer than this | |
1407 | many bytes. (default: 1024) |
|
1442 | many bytes. (default: 1024) | |
1408 |
|
1443 | |||
1409 | ``bundle1`` |
|
1444 | ``bundle1`` | |
1410 | Whether to allow clients to push and pull using the legacy bundle1 |
|
1445 | Whether to allow clients to push and pull using the legacy bundle1 | |
1411 | exchange format. (default: True) |
|
1446 | exchange format. (default: True) | |
1412 |
|
1447 | |||
1413 | ``bundle1gd`` |
|
1448 | ``bundle1gd`` | |
1414 | Like ``bundle1`` but only used if the repository is using the |
|
1449 | Like ``bundle1`` but only used if the repository is using the | |
1415 | *generaldelta* storage format. (default: True) |
|
1450 | *generaldelta* storage format. (default: True) | |
1416 |
|
1451 | |||
1417 | ``bundle1.push`` |
|
1452 | ``bundle1.push`` | |
1418 | Whether to allow clients to push using the legacy bundle1 exchange |
|
1453 | Whether to allow clients to push using the legacy bundle1 exchange | |
1419 | format. (default: True) |
|
1454 | format. (default: True) | |
1420 |
|
1455 | |||
1421 | ``bundle1gd.push`` |
|
1456 | ``bundle1gd.push`` | |
1422 | Like ``bundle1.push`` but only used if the repository is using the |
|
1457 | Like ``bundle1.push`` but only used if the repository is using the | |
1423 | *generaldelta* storage format. (default: True) |
|
1458 | *generaldelta* storage format. (default: True) | |
1424 |
|
1459 | |||
1425 | ``bundle1.pull`` |
|
1460 | ``bundle1.pull`` | |
1426 | Whether to allow clients to pull using the legacy bundle1 exchange |
|
1461 | Whether to allow clients to pull using the legacy bundle1 exchange | |
1427 | format. (default: True) |
|
1462 | format. (default: True) | |
1428 |
|
1463 | |||
1429 | ``bundle1gd.pull`` |
|
1464 | ``bundle1gd.pull`` | |
1430 | Like ``bundle1.pull`` but only used if the repository is using the |
|
1465 | Like ``bundle1.pull`` but only used if the repository is using the | |
1431 | *generaldelta* storage format. (default: True) |
|
1466 | *generaldelta* storage format. (default: True) | |
1432 |
|
1467 | |||
1433 | Large repositories using the *generaldelta* storage format should |
|
1468 | Large repositories using the *generaldelta* storage format should | |
1434 | consider setting this option because converting *generaldelta* |
|
1469 | consider setting this option because converting *generaldelta* | |
1435 | repositories to the exchange format required by the bundle1 data |
|
1470 | repositories to the exchange format required by the bundle1 data | |
1436 | format can consume a lot of CPU. |
|
1471 | format can consume a lot of CPU. | |
1437 |
|
1472 | |||
1438 | ``smtp`` |
|
1473 | ``smtp`` | |
1439 | -------- |
|
1474 | -------- | |
1440 |
|
1475 | |||
1441 | Configuration for extensions that need to send email messages. |
|
1476 | Configuration for extensions that need to send email messages. | |
1442 |
|
1477 | |||
1443 | ``host`` |
|
1478 | ``host`` | |
1444 | Host name of mail server, e.g. "mail.example.com". |
|
1479 | Host name of mail server, e.g. "mail.example.com". | |
1445 |
|
1480 | |||
1446 | ``port`` |
|
1481 | ``port`` | |
1447 | Optional. Port to connect to on mail server. (default: 465 if |
|
1482 | Optional. Port to connect to on mail server. (default: 465 if | |
1448 | ``tls`` is smtps; 25 otherwise) |
|
1483 | ``tls`` is smtps; 25 otherwise) | |
1449 |
|
1484 | |||
1450 | ``tls`` |
|
1485 | ``tls`` | |
1451 | Optional. Method to enable TLS when connecting to mail server: starttls, |
|
1486 | Optional. Method to enable TLS when connecting to mail server: starttls, | |
1452 | smtps or none. (default: none) |
|
1487 | smtps or none. (default: none) | |
1453 |
|
1488 | |||
1454 | ``verifycert`` |
|
1489 | ``verifycert`` | |
1455 | Optional. Verification for the certificate of mail server, when |
|
1490 | Optional. Verification for the certificate of mail server, when | |
1456 | ``tls`` is starttls or smtps. "strict", "loose" or False. For |
|
1491 | ``tls`` is starttls or smtps. "strict", "loose" or False. For | |
1457 | "strict" or "loose", the certificate is verified as same as the |
|
1492 | "strict" or "loose", the certificate is verified as same as the | |
1458 | verification for HTTPS connections (see ``[hostfingerprints]`` and |
|
1493 | verification for HTTPS connections (see ``[hostfingerprints]`` and | |
1459 | ``[web] cacerts`` also). For "strict", sending email is also |
|
1494 | ``[web] cacerts`` also). For "strict", sending email is also | |
1460 | aborted, if there is no configuration for mail server in |
|
1495 | aborted, if there is no configuration for mail server in | |
1461 | ``[hostfingerprints]`` and ``[web] cacerts``. --insecure for |
|
1496 | ``[hostfingerprints]`` and ``[web] cacerts``. --insecure for | |
1462 | :hg:`email` overwrites this as "loose". (default: strict) |
|
1497 | :hg:`email` overwrites this as "loose". (default: strict) | |
1463 |
|
1498 | |||
1464 | ``username`` |
|
1499 | ``username`` | |
1465 | Optional. User name for authenticating with the SMTP server. |
|
1500 | Optional. User name for authenticating with the SMTP server. | |
1466 | (default: None) |
|
1501 | (default: None) | |
1467 |
|
1502 | |||
1468 | ``password`` |
|
1503 | ``password`` | |
1469 | Optional. Password for authenticating with the SMTP server. If not |
|
1504 | Optional. Password for authenticating with the SMTP server. If not | |
1470 | specified, interactive sessions will prompt the user for a |
|
1505 | specified, interactive sessions will prompt the user for a | |
1471 | password; non-interactive sessions will fail. (default: None) |
|
1506 | password; non-interactive sessions will fail. (default: None) | |
1472 |
|
1507 | |||
1473 | ``local_hostname`` |
|
1508 | ``local_hostname`` | |
1474 | Optional. The hostname that the sender can use to identify |
|
1509 | Optional. The hostname that the sender can use to identify | |
1475 | itself to the MTA. |
|
1510 | itself to the MTA. | |
1476 |
|
1511 | |||
1477 |
|
1512 | |||
1478 | ``subpaths`` |
|
1513 | ``subpaths`` | |
1479 | ------------ |
|
1514 | ------------ | |
1480 |
|
1515 | |||
1481 | Subrepository source URLs can go stale if a remote server changes name |
|
1516 | Subrepository source URLs can go stale if a remote server changes name | |
1482 | or becomes temporarily unavailable. This section lets you define |
|
1517 | or becomes temporarily unavailable. This section lets you define | |
1483 | rewrite rules of the form:: |
|
1518 | rewrite rules of the form:: | |
1484 |
|
1519 | |||
1485 | <pattern> = <replacement> |
|
1520 | <pattern> = <replacement> | |
1486 |
|
1521 | |||
1487 | where ``pattern`` is a regular expression matching a subrepository |
|
1522 | where ``pattern`` is a regular expression matching a subrepository | |
1488 | source URL and ``replacement`` is the replacement string used to |
|
1523 | source URL and ``replacement`` is the replacement string used to | |
1489 | rewrite it. Groups can be matched in ``pattern`` and referenced in |
|
1524 | rewrite it. Groups can be matched in ``pattern`` and referenced in | |
1490 | ``replacements``. For instance:: |
|
1525 | ``replacements``. For instance:: | |
1491 |
|
1526 | |||
1492 | http://server/(.*)-hg/ = http://hg.server/\1/ |
|
1527 | http://server/(.*)-hg/ = http://hg.server/\1/ | |
1493 |
|
1528 | |||
1494 | rewrites ``http://server/foo-hg/`` into ``http://hg.server/foo/``. |
|
1529 | rewrites ``http://server/foo-hg/`` into ``http://hg.server/foo/``. | |
1495 |
|
1530 | |||
1496 | Relative subrepository paths are first made absolute, and the |
|
1531 | Relative subrepository paths are first made absolute, and the | |
1497 | rewrite rules are then applied on the full (absolute) path. The rules |
|
1532 | rewrite rules are then applied on the full (absolute) path. The rules | |
1498 | are applied in definition order. |
|
1533 | are applied in definition order. | |
1499 |
|
1534 | |||
1500 | ``templatealias`` |
|
1535 | ``templatealias`` | |
1501 | ----------------- |
|
1536 | ----------------- | |
1502 |
|
1537 | |||
1503 | Alias definitions for templates. See :hg:`help templates` for details. |
|
1538 | Alias definitions for templates. See :hg:`help templates` for details. | |
1504 |
|
1539 | |||
1505 | ``trusted`` |
|
1540 | ``trusted`` | |
1506 | ----------- |
|
1541 | ----------- | |
1507 |
|
1542 | |||
1508 | Mercurial will not use the settings in the |
|
1543 | Mercurial will not use the settings in the | |
1509 | ``.hg/hgrc`` file from a repository if it doesn't belong to a trusted |
|
1544 | ``.hg/hgrc`` file from a repository if it doesn't belong to a trusted | |
1510 | user or to a trusted group, as various hgrc features allow arbitrary |
|
1545 | user or to a trusted group, as various hgrc features allow arbitrary | |
1511 | commands to be run. This issue is often encountered when configuring |
|
1546 | commands to be run. This issue is often encountered when configuring | |
1512 | hooks or extensions for shared repositories or servers. However, |
|
1547 | hooks or extensions for shared repositories or servers. However, | |
1513 | the web interface will use some safe settings from the ``[web]`` |
|
1548 | the web interface will use some safe settings from the ``[web]`` | |
1514 | section. |
|
1549 | section. | |
1515 |
|
1550 | |||
1516 | This section specifies what users and groups are trusted. The |
|
1551 | This section specifies what users and groups are trusted. The | |
1517 | current user is always trusted. To trust everybody, list a user or a |
|
1552 | current user is always trusted. To trust everybody, list a user or a | |
1518 | group with name ``*``. These settings must be placed in an |
|
1553 | group with name ``*``. These settings must be placed in an | |
1519 | *already-trusted file* to take effect, such as ``$HOME/.hgrc`` of the |
|
1554 | *already-trusted file* to take effect, such as ``$HOME/.hgrc`` of the | |
1520 | user or service running Mercurial. |
|
1555 | user or service running Mercurial. | |
1521 |
|
1556 | |||
1522 | ``users`` |
|
1557 | ``users`` | |
1523 | Comma-separated list of trusted users. |
|
1558 | Comma-separated list of trusted users. | |
1524 |
|
1559 | |||
1525 | ``groups`` |
|
1560 | ``groups`` | |
1526 | Comma-separated list of trusted groups. |
|
1561 | Comma-separated list of trusted groups. | |
1527 |
|
1562 | |||
1528 |
|
1563 | |||
1529 | ``ui`` |
|
1564 | ``ui`` | |
1530 | ------ |
|
1565 | ------ | |
1531 |
|
1566 | |||
1532 | User interface controls. |
|
1567 | User interface controls. | |
1533 |
|
1568 | |||
1534 | ``archivemeta`` |
|
1569 | ``archivemeta`` | |
1535 | Whether to include the .hg_archival.txt file containing meta data |
|
1570 | Whether to include the .hg_archival.txt file containing meta data | |
1536 | (hashes for the repository base and for tip) in archives created |
|
1571 | (hashes for the repository base and for tip) in archives created | |
1537 | by the :hg:`archive` command or downloaded via hgweb. |
|
1572 | by the :hg:`archive` command or downloaded via hgweb. | |
1538 | (default: True) |
|
1573 | (default: True) | |
1539 |
|
1574 | |||
1540 | ``askusername`` |
|
1575 | ``askusername`` | |
1541 | Whether to prompt for a username when committing. If True, and |
|
1576 | Whether to prompt for a username when committing. If True, and | |
1542 | neither ``$HGUSER`` nor ``$EMAIL`` has been specified, then the user will |
|
1577 | neither ``$HGUSER`` nor ``$EMAIL`` has been specified, then the user will | |
1543 | be prompted to enter a username. If no username is entered, the |
|
1578 | be prompted to enter a username. If no username is entered, the | |
1544 | default ``USER@HOST`` is used instead. |
|
1579 | default ``USER@HOST`` is used instead. | |
1545 | (default: False) |
|
1580 | (default: False) | |
1546 |
|
1581 | |||
1547 | ``clonebundles`` |
|
1582 | ``clonebundles`` | |
1548 | Whether the "clone bundles" feature is enabled. |
|
1583 | Whether the "clone bundles" feature is enabled. | |
1549 |
|
1584 | |||
1550 | When enabled, :hg:`clone` may download and apply a server-advertised |
|
1585 | When enabled, :hg:`clone` may download and apply a server-advertised | |
1551 | bundle file from a URL instead of using the normal exchange mechanism. |
|
1586 | bundle file from a URL instead of using the normal exchange mechanism. | |
1552 |
|
1587 | |||
1553 | This can likely result in faster and more reliable clones. |
|
1588 | This can likely result in faster and more reliable clones. | |
1554 |
|
1589 | |||
1555 | (default: True) |
|
1590 | (default: True) | |
1556 |
|
1591 | |||
1557 | ``clonebundlefallback`` |
|
1592 | ``clonebundlefallback`` | |
1558 | Whether failure to apply an advertised "clone bundle" from a server |
|
1593 | Whether failure to apply an advertised "clone bundle" from a server | |
1559 | should result in fallback to a regular clone. |
|
1594 | should result in fallback to a regular clone. | |
1560 |
|
1595 | |||
1561 | This is disabled by default because servers advertising "clone |
|
1596 | This is disabled by default because servers advertising "clone | |
1562 | bundles" often do so to reduce server load. If advertised bundles |
|
1597 | bundles" often do so to reduce server load. If advertised bundles | |
1563 | start mass failing and clients automatically fall back to a regular |
|
1598 | start mass failing and clients automatically fall back to a regular | |
1564 | clone, this would add significant and unexpected load to the server |
|
1599 | clone, this would add significant and unexpected load to the server | |
1565 | since the server is expecting clone operations to be offloaded to |
|
1600 | since the server is expecting clone operations to be offloaded to | |
1566 | pre-generated bundles. Failing fast (the default behavior) ensures |
|
1601 | pre-generated bundles. Failing fast (the default behavior) ensures | |
1567 | clients don't overwhelm the server when "clone bundle" application |
|
1602 | clients don't overwhelm the server when "clone bundle" application | |
1568 | fails. |
|
1603 | fails. | |
1569 |
|
1604 | |||
1570 | (default: False) |
|
1605 | (default: False) | |
1571 |
|
1606 | |||
1572 | ``clonebundleprefers`` |
|
1607 | ``clonebundleprefers`` | |
1573 | Defines preferences for which "clone bundles" to use. |
|
1608 | Defines preferences for which "clone bundles" to use. | |
1574 |
|
1609 | |||
1575 | Servers advertising "clone bundles" may advertise multiple available |
|
1610 | Servers advertising "clone bundles" may advertise multiple available | |
1576 | bundles. Each bundle may have different attributes, such as the bundle |
|
1611 | bundles. Each bundle may have different attributes, such as the bundle | |
1577 | type and compression format. This option is used to prefer a particular |
|
1612 | type and compression format. This option is used to prefer a particular | |
1578 | bundle over another. |
|
1613 | bundle over another. | |
1579 |
|
1614 | |||
1580 | The following keys are defined by Mercurial: |
|
1615 | The following keys are defined by Mercurial: | |
1581 |
|
1616 | |||
1582 | BUNDLESPEC |
|
1617 | BUNDLESPEC | |
1583 | A bundle type specifier. These are strings passed to :hg:`bundle -t`. |
|
1618 | A bundle type specifier. These are strings passed to :hg:`bundle -t`. | |
1584 | e.g. ``gzip-v2`` or ``bzip2-v1``. |
|
1619 | e.g. ``gzip-v2`` or ``bzip2-v1``. | |
1585 |
|
1620 | |||
1586 | COMPRESSION |
|
1621 | COMPRESSION | |
1587 | The compression format of the bundle. e.g. ``gzip`` and ``bzip2``. |
|
1622 | The compression format of the bundle. e.g. ``gzip`` and ``bzip2``. | |
1588 |
|
1623 | |||
1589 | Server operators may define custom keys. |
|
1624 | Server operators may define custom keys. | |
1590 |
|
1625 | |||
1591 | Example values: ``COMPRESSION=bzip2``, |
|
1626 | Example values: ``COMPRESSION=bzip2``, | |
1592 | ``BUNDLESPEC=gzip-v2, COMPRESSION=gzip``. |
|
1627 | ``BUNDLESPEC=gzip-v2, COMPRESSION=gzip``. | |
1593 |
|
1628 | |||
1594 | By default, the first bundle advertised by the server is used. |
|
1629 | By default, the first bundle advertised by the server is used. | |
1595 |
|
1630 | |||
1596 | ``commitsubrepos`` |
|
1631 | ``commitsubrepos`` | |
1597 | Whether to commit modified subrepositories when committing the |
|
1632 | Whether to commit modified subrepositories when committing the | |
1598 | parent repository. If False and one subrepository has uncommitted |
|
1633 | parent repository. If False and one subrepository has uncommitted | |
1599 | changes, abort the commit. |
|
1634 | changes, abort the commit. | |
1600 | (default: False) |
|
1635 | (default: False) | |
1601 |
|
1636 | |||
1602 | ``debug`` |
|
1637 | ``debug`` | |
1603 | Print debugging information. (default: False) |
|
1638 | Print debugging information. (default: False) | |
1604 |
|
1639 | |||
1605 | ``editor`` |
|
1640 | ``editor`` | |
1606 | The editor to use during a commit. (default: ``$EDITOR`` or ``vi``) |
|
1641 | The editor to use during a commit. (default: ``$EDITOR`` or ``vi``) | |
1607 |
|
1642 | |||
1608 | ``fallbackencoding`` |
|
1643 | ``fallbackencoding`` | |
1609 | Encoding to try if it's not possible to decode the changelog using |
|
1644 | Encoding to try if it's not possible to decode the changelog using | |
1610 | UTF-8. (default: ISO-8859-1) |
|
1645 | UTF-8. (default: ISO-8859-1) | |
1611 |
|
1646 | |||
1612 | ``graphnodetemplate`` |
|
1647 | ``graphnodetemplate`` | |
1613 | The template used to print changeset nodes in an ASCII revision graph. |
|
1648 | The template used to print changeset nodes in an ASCII revision graph. | |
1614 | (default: ``{graphnode}``) |
|
1649 | (default: ``{graphnode}``) | |
1615 |
|
1650 | |||
1616 | ``ignore`` |
|
1651 | ``ignore`` | |
1617 | A file to read per-user ignore patterns from. This file should be |
|
1652 | A file to read per-user ignore patterns from. This file should be | |
1618 | in the same format as a repository-wide .hgignore file. Filenames |
|
1653 | in the same format as a repository-wide .hgignore file. Filenames | |
1619 | are relative to the repository root. This option supports hook syntax, |
|
1654 | are relative to the repository root. This option supports hook syntax, | |
1620 | so if you want to specify multiple ignore files, you can do so by |
|
1655 | so if you want to specify multiple ignore files, you can do so by | |
1621 | setting something like ``ignore.other = ~/.hgignore2``. For details |
|
1656 | setting something like ``ignore.other = ~/.hgignore2``. For details | |
1622 | of the ignore file format, see the ``hgignore(5)`` man page. |
|
1657 | of the ignore file format, see the ``hgignore(5)`` man page. | |
1623 |
|
1658 | |||
1624 | ``interactive`` |
|
1659 | ``interactive`` | |
1625 | Allow to prompt the user. (default: True) |
|
1660 | Allow to prompt the user. (default: True) | |
1626 |
|
1661 | |||
1627 | ``interface`` |
|
1662 | ``interface`` | |
1628 | Select the default interface for interactive features (default: text). |
|
1663 | Select the default interface for interactive features (default: text). | |
1629 | Possible values are 'text' and 'curses'. |
|
1664 | Possible values are 'text' and 'curses'. | |
1630 |
|
1665 | |||
1631 | ``interface.chunkselector`` |
|
1666 | ``interface.chunkselector`` | |
1632 | Select the interface for change recording (e.g. :hg:`commit` -i). |
|
1667 | Select the interface for change recording (e.g. :hg:`commit` -i). | |
1633 | Possible values are 'text' and 'curses'. |
|
1668 | Possible values are 'text' and 'curses'. | |
1634 | This config overrides the interface specified by ui.interface. |
|
1669 | This config overrides the interface specified by ui.interface. | |
1635 |
|
1670 | |||
1636 | ``logtemplate`` |
|
1671 | ``logtemplate`` | |
1637 | Template string for commands that print changesets. |
|
1672 | Template string for commands that print changesets. | |
1638 |
|
1673 | |||
1639 | ``merge`` |
|
1674 | ``merge`` | |
1640 | The conflict resolution program to use during a manual merge. |
|
1675 | The conflict resolution program to use during a manual merge. | |
1641 | For more information on merge tools see :hg:`help merge-tools`. |
|
1676 | For more information on merge tools see :hg:`help merge-tools`. | |
1642 | For configuring merge tools see the ``[merge-tools]`` section. |
|
1677 | For configuring merge tools see the ``[merge-tools]`` section. | |
1643 |
|
1678 | |||
1644 | ``mergemarkers`` |
|
1679 | ``mergemarkers`` | |
1645 | Sets the merge conflict marker label styling. The ``detailed`` |
|
1680 | Sets the merge conflict marker label styling. The ``detailed`` | |
1646 | style uses the ``mergemarkertemplate`` setting to style the labels. |
|
1681 | style uses the ``mergemarkertemplate`` setting to style the labels. | |
1647 | The ``basic`` style just uses 'local' and 'other' as the marker label. |
|
1682 | The ``basic`` style just uses 'local' and 'other' as the marker label. | |
1648 | One of ``basic`` or ``detailed``. |
|
1683 | One of ``basic`` or ``detailed``. | |
1649 | (default: ``basic``) |
|
1684 | (default: ``basic``) | |
1650 |
|
1685 | |||
1651 | ``mergemarkertemplate`` |
|
1686 | ``mergemarkertemplate`` | |
1652 | The template used to print the commit description next to each conflict |
|
1687 | The template used to print the commit description next to each conflict | |
1653 | marker during merge conflicts. See :hg:`help templates` for the template |
|
1688 | marker during merge conflicts. See :hg:`help templates` for the template | |
1654 | format. |
|
1689 | format. | |
1655 |
|
1690 | |||
1656 | Defaults to showing the hash, tags, branches, bookmarks, author, and |
|
1691 | Defaults to showing the hash, tags, branches, bookmarks, author, and | |
1657 | the first line of the commit description. |
|
1692 | the first line of the commit description. | |
1658 |
|
1693 | |||
1659 | If you use non-ASCII characters in names for tags, branches, bookmarks, |
|
1694 | If you use non-ASCII characters in names for tags, branches, bookmarks, | |
1660 | authors, and/or commit descriptions, you must pay attention to encodings of |
|
1695 | authors, and/or commit descriptions, you must pay attention to encodings of | |
1661 | managed files. At template expansion, non-ASCII characters use the encoding |
|
1696 | managed files. At template expansion, non-ASCII characters use the encoding | |
1662 | specified by the ``--encoding`` global option, ``HGENCODING`` or other |
|
1697 | specified by the ``--encoding`` global option, ``HGENCODING`` or other | |
1663 | environment variables that govern your locale. If the encoding of the merge |
|
1698 | environment variables that govern your locale. If the encoding of the merge | |
1664 | markers is different from the encoding of the merged files, |
|
1699 | markers is different from the encoding of the merged files, | |
1665 | serious problems may occur. |
|
1700 | serious problems may occur. | |
1666 |
|
1701 | |||
1667 | ``origbackuppath`` |
|
1702 | ``origbackuppath`` | |
1668 | The path to a directory used to store generated .orig files. If the path is |
|
1703 | The path to a directory used to store generated .orig files. If the path is | |
1669 | not a directory, one will be created. |
|
1704 | not a directory, one will be created. | |
1670 |
|
1705 | |||
1671 | ``patch`` |
|
1706 | ``patch`` | |
1672 | An optional external tool that ``hg import`` and some extensions |
|
1707 | An optional external tool that ``hg import`` and some extensions | |
1673 | will use for applying patches. By default Mercurial uses an |
|
1708 | will use for applying patches. By default Mercurial uses an | |
1674 | internal patch utility. The external tool must work as the common |
|
1709 | internal patch utility. The external tool must work as the common | |
1675 | Unix ``patch`` program. In particular, it must accept a ``-p`` |
|
1710 | Unix ``patch`` program. In particular, it must accept a ``-p`` | |
1676 | argument to strip patch headers, a ``-d`` argument to specify the |
|
1711 | argument to strip patch headers, a ``-d`` argument to specify the | |
1677 | current directory, a file name to patch, and a patch file to take |
|
1712 | current directory, a file name to patch, and a patch file to take | |
1678 | from stdin. |
|
1713 | from stdin. | |
1679 |
|
1714 | |||
1680 | It is possible to specify a patch tool together with extra |
|
1715 | It is possible to specify a patch tool together with extra | |
1681 | arguments. For example, setting this option to ``patch --merge`` |
|
1716 | arguments. For example, setting this option to ``patch --merge`` | |
1682 | will use the ``patch`` program with its 2-way merge option. |
|
1717 | will use the ``patch`` program with its 2-way merge option. | |
1683 |
|
1718 | |||
1684 | ``portablefilenames`` |
|
1719 | ``portablefilenames`` | |
1685 | Check for portable filenames. Can be ``warn``, ``ignore`` or ``abort``. |
|
1720 | Check for portable filenames. Can be ``warn``, ``ignore`` or ``abort``. | |
1686 | (default: ``warn``) |
|
1721 | (default: ``warn``) | |
1687 |
|
1722 | |||
1688 | ``warn`` |
|
1723 | ``warn`` | |
1689 | Print a warning message on POSIX platforms, if a file with a non-portable |
|
1724 | Print a warning message on POSIX platforms, if a file with a non-portable | |
1690 | filename is added (e.g. a file with a name that can't be created on |
|
1725 | filename is added (e.g. a file with a name that can't be created on | |
1691 | Windows because it contains reserved parts like ``AUX``, reserved |
|
1726 | Windows because it contains reserved parts like ``AUX``, reserved | |
1692 | characters like ``:``, or would cause a case collision with an existing |
|
1727 | characters like ``:``, or would cause a case collision with an existing | |
1693 | file). |
|
1728 | file). | |
1694 |
|
1729 | |||
1695 | ``ignore`` |
|
1730 | ``ignore`` | |
1696 | Don't print a warning. |
|
1731 | Don't print a warning. | |
1697 |
|
1732 | |||
1698 | ``abort`` |
|
1733 | ``abort`` | |
1699 | The command is aborted. |
|
1734 | The command is aborted. | |
1700 |
|
1735 | |||
1701 | ``true`` |
|
1736 | ``true`` | |
1702 | Alias for ``warn``. |
|
1737 | Alias for ``warn``. | |
1703 |
|
1738 | |||
1704 | ``false`` |
|
1739 | ``false`` | |
1705 | Alias for ``ignore``. |
|
1740 | Alias for ``ignore``. | |
1706 |
|
1741 | |||
1707 | .. container:: windows |
|
1742 | .. container:: windows | |
1708 |
|
1743 | |||
1709 | On Windows, this configuration option is ignored and the command aborted. |
|
1744 | On Windows, this configuration option is ignored and the command aborted. | |
1710 |
|
1745 | |||
1711 | ``quiet`` |
|
1746 | ``quiet`` | |
1712 | Reduce the amount of output printed. |
|
1747 | Reduce the amount of output printed. | |
1713 | (default: False) |
|
1748 | (default: False) | |
1714 |
|
1749 | |||
1715 | ``remotecmd`` |
|
1750 | ``remotecmd`` | |
1716 | Remote command to use for clone/push/pull operations. |
|
1751 | Remote command to use for clone/push/pull operations. | |
1717 | (default: ``hg``) |
|
1752 | (default: ``hg``) | |
1718 |
|
1753 | |||
1719 | ``report_untrusted`` |
|
1754 | ``report_untrusted`` | |
1720 | Warn if a ``.hg/hgrc`` file is ignored due to not being owned by a |
|
1755 | Warn if a ``.hg/hgrc`` file is ignored due to not being owned by a | |
1721 | trusted user or group. |
|
1756 | trusted user or group. | |
1722 | (default: True) |
|
1757 | (default: True) | |
1723 |
|
1758 | |||
1724 | ``slash`` |
|
1759 | ``slash`` | |
1725 | Display paths using a slash (``/``) as the path separator. This |
|
1760 | Display paths using a slash (``/``) as the path separator. This | |
1726 | only makes a difference on systems where the default path |
|
1761 | only makes a difference on systems where the default path | |
1727 | separator is not the slash character (e.g. Windows uses the |
|
1762 | separator is not the slash character (e.g. Windows uses the | |
1728 | backslash character (``\``)). |
|
1763 | backslash character (``\``)). | |
1729 | (default: False) |
|
1764 | (default: False) | |
1730 |
|
1765 | |||
1731 | ``statuscopies`` |
|
1766 | ``statuscopies`` | |
1732 | Display copies in the status command. |
|
1767 | Display copies in the status command. | |
1733 |
|
1768 | |||
1734 | ``ssh`` |
|
1769 | ``ssh`` | |
1735 | Command to use for SSH connections. (default: ``ssh``) |
|
1770 | Command to use for SSH connections. (default: ``ssh``) | |
1736 |
|
1771 | |||
1737 | ``strict`` |
|
1772 | ``strict`` | |
1738 | Require exact command names, instead of allowing unambiguous |
|
1773 | Require exact command names, instead of allowing unambiguous | |
1739 | abbreviations. (default: False) |
|
1774 | abbreviations. (default: False) | |
1740 |
|
1775 | |||
1741 | ``style`` |
|
1776 | ``style`` | |
1742 | Name of style to use for command output. |
|
1777 | Name of style to use for command output. | |
1743 |
|
1778 | |||
1744 | ``supportcontact`` |
|
1779 | ``supportcontact`` | |
1745 | A URL where users should report a Mercurial traceback. Use this if you are a |
|
1780 | A URL where users should report a Mercurial traceback. Use this if you are a | |
1746 | large organisation with its own Mercurial deployment process and crash |
|
1781 | large organisation with its own Mercurial deployment process and crash | |
1747 | reports should be addressed to your internal support. |
|
1782 | reports should be addressed to your internal support. | |
1748 |
|
1783 | |||
1749 | ``textwidth`` |
|
1784 | ``textwidth`` | |
1750 | Maximum width of help text. A longer line generated by ``hg help`` or |
|
1785 | Maximum width of help text. A longer line generated by ``hg help`` or | |
1751 | ``hg subcommand --help`` will be broken after white space to get this |
|
1786 | ``hg subcommand --help`` will be broken after white space to get this | |
1752 | width or the terminal width, whichever comes first. |
|
1787 | width or the terminal width, whichever comes first. | |
1753 | A non-positive value will disable this and the terminal width will be |
|
1788 | A non-positive value will disable this and the terminal width will be | |
1754 | used. (default: 78) |
|
1789 | used. (default: 78) | |
1755 |
|
1790 | |||
1756 | ``timeout`` |
|
1791 | ``timeout`` | |
1757 | The timeout used when a lock is held (in seconds), a negative value |
|
1792 | The timeout used when a lock is held (in seconds), a negative value | |
1758 | means no timeout. (default: 600) |
|
1793 | means no timeout. (default: 600) | |
1759 |
|
1794 | |||
1760 | ``traceback`` |
|
1795 | ``traceback`` | |
1761 | Mercurial always prints a traceback when an unknown exception |
|
1796 | Mercurial always prints a traceback when an unknown exception | |
1762 | occurs. Setting this to True will make Mercurial print a traceback |
|
1797 | occurs. Setting this to True will make Mercurial print a traceback | |
1763 | on all exceptions, even those recognized by Mercurial (such as |
|
1798 | on all exceptions, even those recognized by Mercurial (such as | |
1764 | IOError or MemoryError). (default: False) |
|
1799 | IOError or MemoryError). (default: False) | |
1765 |
|
1800 | |||
1766 | ``username`` |
|
1801 | ``username`` | |
1767 | The committer of a changeset created when running "commit". |
|
1802 | The committer of a changeset created when running "commit". | |
1768 | Typically a person's name and email address, e.g. ``Fred Widget |
|
1803 | Typically a person's name and email address, e.g. ``Fred Widget | |
1769 | <fred@example.com>``. Environment variables in the |
|
1804 | <fred@example.com>``. Environment variables in the | |
1770 | username are expanded. |
|
1805 | username are expanded. | |
1771 |
|
1806 | |||
1772 | (default: ``$EMAIL`` or ``username@hostname``. If the username in |
|
1807 | (default: ``$EMAIL`` or ``username@hostname``. If the username in | |
1773 | hgrc is empty, e.g. if the system admin set ``username =`` in the |
|
1808 | hgrc is empty, e.g. if the system admin set ``username =`` in the | |
1774 | system hgrc, it has to be specified manually or in a different |
|
1809 | system hgrc, it has to be specified manually or in a different | |
1775 | hgrc file) |
|
1810 | hgrc file) | |
1776 |
|
1811 | |||
1777 | ``verbose`` |
|
1812 | ``verbose`` | |
1778 | Increase the amount of output printed. (default: False) |
|
1813 | Increase the amount of output printed. (default: False) | |
1779 |
|
1814 | |||
1780 |
|
1815 | |||
1781 | ``web`` |
|
1816 | ``web`` | |
1782 | ------- |
|
1817 | ------- | |
1783 |
|
1818 | |||
1784 | Web interface configuration. The settings in this section apply to |
|
1819 | Web interface configuration. The settings in this section apply to | |
1785 | both the builtin webserver (started by :hg:`serve`) and the script you |
|
1820 | both the builtin webserver (started by :hg:`serve`) and the script you | |
1786 | run through a webserver (``hgweb.cgi`` and the derivatives for FastCGI |
|
1821 | run through a webserver (``hgweb.cgi`` and the derivatives for FastCGI | |
1787 | and WSGI). |
|
1822 | and WSGI). | |
1788 |
|
1823 | |||
1789 | The Mercurial webserver does no authentication (it does not prompt for |
|
1824 | The Mercurial webserver does no authentication (it does not prompt for | |
1790 | usernames and passwords to validate *who* users are), but it does do |
|
1825 | usernames and passwords to validate *who* users are), but it does do | |
1791 | authorization (it grants or denies access for *authenticated users* |
|
1826 | authorization (it grants or denies access for *authenticated users* | |
1792 | based on settings in this section). You must either configure your |
|
1827 | based on settings in this section). You must either configure your | |
1793 | webserver to do authentication for you, or disable the authorization |
|
1828 | webserver to do authentication for you, or disable the authorization | |
1794 | checks. |
|
1829 | checks. | |
1795 |
|
1830 | |||
1796 | For a quick setup in a trusted environment, e.g., a private LAN, where |
|
1831 | For a quick setup in a trusted environment, e.g., a private LAN, where | |
1797 | you want it to accept pushes from anybody, you can use the following |
|
1832 | you want it to accept pushes from anybody, you can use the following | |
1798 | command line:: |
|
1833 | command line:: | |
1799 |
|
1834 | |||
1800 | $ hg --config web.allow_push=* --config web.push_ssl=False serve |
|
1835 | $ hg --config web.allow_push=* --config web.push_ssl=False serve | |
1801 |
|
1836 | |||
1802 | Note that this will allow anybody to push anything to the server and |
|
1837 | Note that this will allow anybody to push anything to the server and | |
1803 | that this should not be used for public servers. |
|
1838 | that this should not be used for public servers. | |
1804 |
|
1839 | |||
1805 | The full set of options is: |
|
1840 | The full set of options is: | |
1806 |
|
1841 | |||
1807 | ``accesslog`` |
|
1842 | ``accesslog`` | |
1808 | Where to output the access log. (default: stdout) |
|
1843 | Where to output the access log. (default: stdout) | |
1809 |
|
1844 | |||
1810 | ``address`` |
|
1845 | ``address`` | |
1811 | Interface address to bind to. (default: all) |
|
1846 | Interface address to bind to. (default: all) | |
1812 |
|
1847 | |||
1813 | ``allow_archive`` |
|
1848 | ``allow_archive`` | |
1814 | List of archive format (bz2, gz, zip) allowed for downloading. |
|
1849 | List of archive format (bz2, gz, zip) allowed for downloading. | |
1815 | (default: empty) |
|
1850 | (default: empty) | |
1816 |
|
1851 | |||
1817 | ``allowbz2`` |
|
1852 | ``allowbz2`` | |
1818 | (DEPRECATED) Whether to allow .tar.bz2 downloading of repository |
|
1853 | (DEPRECATED) Whether to allow .tar.bz2 downloading of repository | |
1819 | revisions. |
|
1854 | revisions. | |
1820 | (default: False) |
|
1855 | (default: False) | |
1821 |
|
1856 | |||
1822 | ``allowgz`` |
|
1857 | ``allowgz`` | |
1823 | (DEPRECATED) Whether to allow .tar.gz downloading of repository |
|
1858 | (DEPRECATED) Whether to allow .tar.gz downloading of repository | |
1824 | revisions. |
|
1859 | revisions. | |
1825 | (default: False) |
|
1860 | (default: False) | |
1826 |
|
1861 | |||
1827 | ``allowpull`` |
|
1862 | ``allowpull`` | |
1828 | Whether to allow pulling from the repository. (default: True) |
|
1863 | Whether to allow pulling from the repository. (default: True) | |
1829 |
|
1864 | |||
1830 | ``allow_push`` |
|
1865 | ``allow_push`` | |
1831 | Whether to allow pushing to the repository. If empty or not set, |
|
1866 | Whether to allow pushing to the repository. If empty or not set, | |
1832 | pushing is not allowed. If the special value ``*``, any remote |
|
1867 | pushing is not allowed. If the special value ``*``, any remote | |
1833 | user can push, including unauthenticated users. Otherwise, the |
|
1868 | user can push, including unauthenticated users. Otherwise, the | |
1834 | remote user must have been authenticated, and the authenticated |
|
1869 | remote user must have been authenticated, and the authenticated | |
1835 | user name must be present in this list. The contents of the |
|
1870 | user name must be present in this list. The contents of the | |
1836 | allow_push list are examined after the deny_push list. |
|
1871 | allow_push list are examined after the deny_push list. | |
1837 |
|
1872 | |||
1838 | ``allow_read`` |
|
1873 | ``allow_read`` | |
1839 | If the user has not already been denied repository access due to |
|
1874 | If the user has not already been denied repository access due to | |
1840 | the contents of deny_read, this list determines whether to grant |
|
1875 | the contents of deny_read, this list determines whether to grant | |
1841 | repository access to the user. If this list is not empty, and the |
|
1876 | repository access to the user. If this list is not empty, and the | |
1842 | user is unauthenticated or not present in the list, then access is |
|
1877 | user is unauthenticated or not present in the list, then access is | |
1843 | denied for the user. If the list is empty or not set, then access |
|
1878 | denied for the user. If the list is empty or not set, then access | |
1844 | is permitted to all users by default. Setting allow_read to the |
|
1879 | is permitted to all users by default. Setting allow_read to the | |
1845 | special value ``*`` is equivalent to it not being set (i.e. access |
|
1880 | special value ``*`` is equivalent to it not being set (i.e. access | |
1846 | is permitted to all users). The contents of the allow_read list are |
|
1881 | is permitted to all users). The contents of the allow_read list are | |
1847 | examined after the deny_read list. |
|
1882 | examined after the deny_read list. | |
1848 |
|
1883 | |||
1849 | ``allowzip`` |
|
1884 | ``allowzip`` | |
1850 | (DEPRECATED) Whether to allow .zip downloading of repository |
|
1885 | (DEPRECATED) Whether to allow .zip downloading of repository | |
1851 | revisions. This feature creates temporary files. |
|
1886 | revisions. This feature creates temporary files. | |
1852 | (default: False) |
|
1887 | (default: False) | |
1853 |
|
1888 | |||
1854 | ``archivesubrepos`` |
|
1889 | ``archivesubrepos`` | |
1855 | Whether to recurse into subrepositories when archiving. |
|
1890 | Whether to recurse into subrepositories when archiving. | |
1856 | (default: False) |
|
1891 | (default: False) | |
1857 |
|
1892 | |||
1858 | ``baseurl`` |
|
1893 | ``baseurl`` | |
1859 | Base URL to use when publishing URLs in other locations, so |
|
1894 | Base URL to use when publishing URLs in other locations, so | |
1860 | third-party tools like email notification hooks can construct |
|
1895 | third-party tools like email notification hooks can construct | |
1861 | URLs. Example: ``http://hgserver/repos/``. |
|
1896 | URLs. Example: ``http://hgserver/repos/``. | |
1862 |
|
1897 | |||
1863 | ``cacerts`` |
|
1898 | ``cacerts`` | |
1864 | Path to file containing a list of PEM encoded certificate |
|
1899 | Path to file containing a list of PEM encoded certificate | |
1865 | authority certificates. Environment variables and ``~user`` |
|
1900 | authority certificates. Environment variables and ``~user`` | |
1866 | constructs are expanded in the filename. If specified on the |
|
1901 | constructs are expanded in the filename. If specified on the | |
1867 | client, then it will verify the identity of remote HTTPS servers |
|
1902 | client, then it will verify the identity of remote HTTPS servers | |
1868 | with these certificates. |
|
1903 | with these certificates. | |
1869 |
|
1904 | |||
1870 | To disable SSL verification temporarily, specify ``--insecure`` from |
|
1905 | To disable SSL verification temporarily, specify ``--insecure`` from | |
1871 | command line. |
|
1906 | command line. | |
1872 |
|
1907 | |||
1873 | You can use OpenSSL's CA certificate file if your platform has |
|
1908 | You can use OpenSSL's CA certificate file if your platform has | |
1874 | one. On most Linux systems this will be |
|
1909 | one. On most Linux systems this will be | |
1875 | ``/etc/ssl/certs/ca-certificates.crt``. Otherwise you will have to |
|
1910 | ``/etc/ssl/certs/ca-certificates.crt``. Otherwise you will have to | |
1876 | generate this file manually. The form must be as follows:: |
|
1911 | generate this file manually. The form must be as follows:: | |
1877 |
|
1912 | |||
1878 | -----BEGIN CERTIFICATE----- |
|
1913 | -----BEGIN CERTIFICATE----- | |
1879 | ... (certificate in base64 PEM encoding) ... |
|
1914 | ... (certificate in base64 PEM encoding) ... | |
1880 | -----END CERTIFICATE----- |
|
1915 | -----END CERTIFICATE----- | |
1881 | -----BEGIN CERTIFICATE----- |
|
1916 | -----BEGIN CERTIFICATE----- | |
1882 | ... (certificate in base64 PEM encoding) ... |
|
1917 | ... (certificate in base64 PEM encoding) ... | |
1883 | -----END CERTIFICATE----- |
|
1918 | -----END CERTIFICATE----- | |
1884 |
|
1919 | |||
1885 | ``cache`` |
|
1920 | ``cache`` | |
1886 | Whether to support caching in hgweb. (default: True) |
|
1921 | Whether to support caching in hgweb. (default: True) | |
1887 |
|
1922 | |||
1888 | ``certificate`` |
|
1923 | ``certificate`` | |
1889 | Certificate to use when running :hg:`serve`. |
|
1924 | Certificate to use when running :hg:`serve`. | |
1890 |
|
1925 | |||
1891 | ``collapse`` |
|
1926 | ``collapse`` | |
1892 | With ``descend`` enabled, repositories in subdirectories are shown at |
|
1927 | With ``descend`` enabled, repositories in subdirectories are shown at | |
1893 | a single level alongside repositories in the current path. With |
|
1928 | a single level alongside repositories in the current path. With | |
1894 | ``collapse`` also enabled, repositories residing at a deeper level than |
|
1929 | ``collapse`` also enabled, repositories residing at a deeper level than | |
1895 | the current path are grouped behind navigable directory entries that |
|
1930 | the current path are grouped behind navigable directory entries that | |
1896 | lead to the locations of these repositories. In effect, this setting |
|
1931 | lead to the locations of these repositories. In effect, this setting | |
1897 | collapses each collection of repositories found within a subdirectory |
|
1932 | collapses each collection of repositories found within a subdirectory | |
1898 | into a single entry for that subdirectory. (default: False) |
|
1933 | into a single entry for that subdirectory. (default: False) | |
1899 |
|
1934 | |||
1900 | ``comparisoncontext`` |
|
1935 | ``comparisoncontext`` | |
1901 | Number of lines of context to show in side-by-side file comparison. If |
|
1936 | Number of lines of context to show in side-by-side file comparison. If | |
1902 | negative or the value ``full``, whole files are shown. (default: 5) |
|
1937 | negative or the value ``full``, whole files are shown. (default: 5) | |
1903 |
|
1938 | |||
1904 | This setting can be overridden by a ``context`` request parameter to the |
|
1939 | This setting can be overridden by a ``context`` request parameter to the | |
1905 | ``comparison`` command, taking the same values. |
|
1940 | ``comparison`` command, taking the same values. | |
1906 |
|
1941 | |||
1907 | ``contact`` |
|
1942 | ``contact`` | |
1908 | Name or email address of the person in charge of the repository. |
|
1943 | Name or email address of the person in charge of the repository. | |
1909 | (default: ui.username or ``$EMAIL`` or "unknown" if unset or empty) |
|
1944 | (default: ui.username or ``$EMAIL`` or "unknown" if unset or empty) | |
1910 |
|
1945 | |||
1911 | ``deny_push`` |
|
1946 | ``deny_push`` | |
1912 | Whether to deny pushing to the repository. If empty or not set, |
|
1947 | Whether to deny pushing to the repository. If empty or not set, | |
1913 | push is not denied. If the special value ``*``, all remote users are |
|
1948 | push is not denied. If the special value ``*``, all remote users are | |
1914 | denied push. Otherwise, unauthenticated users are all denied, and |
|
1949 | denied push. Otherwise, unauthenticated users are all denied, and | |
1915 | any authenticated user name present in this list is also denied. The |
|
1950 | any authenticated user name present in this list is also denied. The | |
1916 | contents of the deny_push list are examined before the allow_push list. |
|
1951 | contents of the deny_push list are examined before the allow_push list. | |
1917 |
|
1952 | |||
1918 | ``deny_read`` |
|
1953 | ``deny_read`` | |
1919 | Whether to deny reading/viewing of the repository. If this list is |
|
1954 | Whether to deny reading/viewing of the repository. If this list is | |
1920 | not empty, unauthenticated users are all denied, and any |
|
1955 | not empty, unauthenticated users are all denied, and any | |
1921 | authenticated user name present in this list is also denied access to |
|
1956 | authenticated user name present in this list is also denied access to | |
1922 | the repository. If set to the special value ``*``, all remote users |
|
1957 | the repository. If set to the special value ``*``, all remote users | |
1923 | are denied access (rarely needed ;). If deny_read is empty or not set, |
|
1958 | are denied access (rarely needed ;). If deny_read is empty or not set, | |
1924 | the determination of repository access depends on the presence and |
|
1959 | the determination of repository access depends on the presence and | |
1925 | content of the allow_read list (see description). If both |
|
1960 | content of the allow_read list (see description). If both | |
1926 | deny_read and allow_read are empty or not set, then access is |
|
1961 | deny_read and allow_read are empty or not set, then access is | |
1927 | permitted to all users by default. If the repository is being |
|
1962 | permitted to all users by default. If the repository is being | |
1928 | served via hgwebdir, denied users will not be able to see it in |
|
1963 | served via hgwebdir, denied users will not be able to see it in | |
1929 | the list of repositories. The contents of the deny_read list have |
|
1964 | the list of repositories. The contents of the deny_read list have | |
1930 | priority over (are examined before) the contents of the allow_read |
|
1965 | priority over (are examined before) the contents of the allow_read | |
1931 | list. |
|
1966 | list. | |
1932 |
|
1967 | |||
1933 | ``descend`` |
|
1968 | ``descend`` | |
1934 | hgwebdir indexes will not descend into subdirectories. Only repositories |
|
1969 | hgwebdir indexes will not descend into subdirectories. Only repositories | |
1935 | directly in the current path will be shown (other repositories are still |
|
1970 | directly in the current path will be shown (other repositories are still | |
1936 | available from the index corresponding to their containing path). |
|
1971 | available from the index corresponding to their containing path). | |
1937 |
|
1972 | |||
1938 | ``description`` |
|
1973 | ``description`` | |
1939 | Textual description of the repository's purpose or contents. |
|
1974 | Textual description of the repository's purpose or contents. | |
1940 | (default: "unknown") |
|
1975 | (default: "unknown") | |
1941 |
|
1976 | |||
1942 | ``encoding`` |
|
1977 | ``encoding`` | |
1943 | Character encoding name. (default: the current locale charset) |
|
1978 | Character encoding name. (default: the current locale charset) | |
1944 | Example: "UTF-8". |
|
1979 | Example: "UTF-8". | |
1945 |
|
1980 | |||
1946 | ``errorlog`` |
|
1981 | ``errorlog`` | |
1947 | Where to output the error log. (default: stderr) |
|
1982 | Where to output the error log. (default: stderr) | |
1948 |
|
1983 | |||
1949 | ``guessmime`` |
|
1984 | ``guessmime`` | |
1950 | Control MIME types for raw download of file content. |
|
1985 | Control MIME types for raw download of file content. | |
1951 | Set to True to let hgweb guess the content type from the file |
|
1986 | Set to True to let hgweb guess the content type from the file | |
1952 | extension. This will serve HTML files as ``text/html`` and might |
|
1987 | extension. This will serve HTML files as ``text/html`` and might | |
1953 | allow cross-site scripting attacks when serving untrusted |
|
1988 | allow cross-site scripting attacks when serving untrusted | |
1954 | repositories. (default: False) |
|
1989 | repositories. (default: False) | |
1955 |
|
1990 | |||
1956 | ``hidden`` |
|
1991 | ``hidden`` | |
1957 | Whether to hide the repository in the hgwebdir index. |
|
1992 | Whether to hide the repository in the hgwebdir index. | |
1958 | (default: False) |
|
1993 | (default: False) | |
1959 |
|
1994 | |||
1960 | ``ipv6`` |
|
1995 | ``ipv6`` | |
1961 | Whether to use IPv6. (default: False) |
|
1996 | Whether to use IPv6. (default: False) | |
1962 |
|
1997 | |||
1963 | ``logoimg`` |
|
1998 | ``logoimg`` | |
1964 | File name of the logo image that some templates display on each page. |
|
1999 | File name of the logo image that some templates display on each page. | |
1965 | The file name is relative to ``staticurl``. That is, the full path to |
|
2000 | The file name is relative to ``staticurl``. That is, the full path to | |
1966 | the logo image is "staticurl/logoimg". |
|
2001 | the logo image is "staticurl/logoimg". | |
1967 | If unset, ``hglogo.png`` will be used. |
|
2002 | If unset, ``hglogo.png`` will be used. | |
1968 |
|
2003 | |||
1969 | ``logourl`` |
|
2004 | ``logourl`` | |
1970 | Base URL to use for logos. If unset, ``https://mercurial-scm.org/`` |
|
2005 | Base URL to use for logos. If unset, ``https://mercurial-scm.org/`` | |
1971 | will be used. |
|
2006 | will be used. | |
1972 |
|
2007 | |||
1973 | ``maxchanges`` |
|
2008 | ``maxchanges`` | |
1974 | Maximum number of changes to list on the changelog. (default: 10) |
|
2009 | Maximum number of changes to list on the changelog. (default: 10) | |
1975 |
|
2010 | |||
1976 | ``maxfiles`` |
|
2011 | ``maxfiles`` | |
1977 | Maximum number of files to list per changeset. (default: 10) |
|
2012 | Maximum number of files to list per changeset. (default: 10) | |
1978 |
|
2013 | |||
1979 | ``maxshortchanges`` |
|
2014 | ``maxshortchanges`` | |
1980 | Maximum number of changes to list on the shortlog, graph or filelog |
|
2015 | Maximum number of changes to list on the shortlog, graph or filelog | |
1981 | pages. (default: 60) |
|
2016 | pages. (default: 60) | |
1982 |
|
2017 | |||
1983 | ``name`` |
|
2018 | ``name`` | |
1984 | Repository name to use in the web interface. |
|
2019 | Repository name to use in the web interface. | |
1985 | (default: current working directory) |
|
2020 | (default: current working directory) | |
1986 |
|
2021 | |||
1987 | ``port`` |
|
2022 | ``port`` | |
1988 | Port to listen on. (default: 8000) |
|
2023 | Port to listen on. (default: 8000) | |
1989 |
|
2024 | |||
1990 | ``prefix`` |
|
2025 | ``prefix`` | |
1991 | Prefix path to serve from. (default: '' (server root)) |
|
2026 | Prefix path to serve from. (default: '' (server root)) | |
1992 |
|
2027 | |||
1993 | ``push_ssl`` |
|
2028 | ``push_ssl`` | |
1994 | Whether to require that inbound pushes be transported over SSL to |
|
2029 | Whether to require that inbound pushes be transported over SSL to | |
1995 | prevent password sniffing. (default: True) |
|
2030 | prevent password sniffing. (default: True) | |
1996 |
|
2031 | |||
1997 | ``refreshinterval`` |
|
2032 | ``refreshinterval`` | |
1998 | How frequently directory listings re-scan the filesystem for new |
|
2033 | How frequently directory listings re-scan the filesystem for new | |
1999 | repositories, in seconds. This is relevant when wildcards are used |
|
2034 | repositories, in seconds. This is relevant when wildcards are used | |
2000 | to define paths. Depending on how much filesystem traversal is |
|
2035 | to define paths. Depending on how much filesystem traversal is | |
2001 | required, refreshing may negatively impact performance. |
|
2036 | required, refreshing may negatively impact performance. | |
2002 |
|
2037 | |||
2003 | Values less than or equal to 0 always refresh. |
|
2038 | Values less than or equal to 0 always refresh. | |
2004 | (default: 20) |
|
2039 | (default: 20) | |
2005 |
|
2040 | |||
2006 | ``staticurl`` |
|
2041 | ``staticurl`` | |
2007 | Base URL to use for static files. If unset, static files (e.g. the |
|
2042 | Base URL to use for static files. If unset, static files (e.g. the | |
2008 | hgicon.png favicon) will be served by the CGI script itself. Use |
|
2043 | hgicon.png favicon) will be served by the CGI script itself. Use | |
2009 | this setting to serve them directly with the HTTP server. |
|
2044 | this setting to serve them directly with the HTTP server. | |
2010 | Example: ``http://hgserver/static/``. |
|
2045 | Example: ``http://hgserver/static/``. | |
2011 |
|
2046 | |||
2012 | ``stripes`` |
|
2047 | ``stripes`` | |
2013 | How many lines a "zebra stripe" should span in multi-line output. |
|
2048 | How many lines a "zebra stripe" should span in multi-line output. | |
2014 | Set to 0 to disable. (default: 1) |
|
2049 | Set to 0 to disable. (default: 1) | |
2015 |
|
2050 | |||
2016 | ``style`` |
|
2051 | ``style`` | |
2017 | Which template map style to use. The available options are the names of |
|
2052 | Which template map style to use. The available options are the names of | |
2018 | subdirectories in the HTML templates path. (default: ``paper``) |
|
2053 | subdirectories in the HTML templates path. (default: ``paper``) | |
2019 | Example: ``monoblue``. |
|
2054 | Example: ``monoblue``. | |
2020 |
|
2055 | |||
2021 | ``templates`` |
|
2056 | ``templates`` | |
2022 | Where to find the HTML templates. The default path to the HTML templates |
|
2057 | Where to find the HTML templates. The default path to the HTML templates | |
2023 | can be obtained from ``hg debuginstall``. |
|
2058 | can be obtained from ``hg debuginstall``. | |
2024 |
|
2059 | |||
2025 | ``websub`` |
|
2060 | ``websub`` | |
2026 | ---------- |
|
2061 | ---------- | |
2027 |
|
2062 | |||
2028 | Web substitution filter definition. You can use this section to |
|
2063 | Web substitution filter definition. You can use this section to | |
2029 | define a set of regular expression substitution patterns which |
|
2064 | define a set of regular expression substitution patterns which | |
2030 | let you automatically modify the hgweb server output. |
|
2065 | let you automatically modify the hgweb server output. | |
2031 |
|
2066 | |||
2032 | The default hgweb templates only apply these substitution patterns |
|
2067 | The default hgweb templates only apply these substitution patterns | |
2033 | on the revision description fields. You can apply them anywhere |
|
2068 | on the revision description fields. You can apply them anywhere | |
2034 | you want when you create your own templates by adding calls to the |
|
2069 | you want when you create your own templates by adding calls to the | |
2035 | "websub" filter (usually after calling the "escape" filter). |
|
2070 | "websub" filter (usually after calling the "escape" filter). | |
2036 |
|
2071 | |||
2037 | This can be used, for example, to convert issue references to links |
|
2072 | This can be used, for example, to convert issue references to links | |
2038 | to your issue tracker, or to convert "markdown-like" syntax into |
|
2073 | to your issue tracker, or to convert "markdown-like" syntax into | |
2039 | HTML (see the examples below). |
|
2074 | HTML (see the examples below). | |
2040 |
|
2075 | |||
2041 | Each entry in this section names a substitution filter. |
|
2076 | Each entry in this section names a substitution filter. | |
2042 | The value of each entry defines the substitution expression itself. |
|
2077 | The value of each entry defines the substitution expression itself. | |
2043 | The websub expressions follow the old interhg extension syntax, |
|
2078 | The websub expressions follow the old interhg extension syntax, | |
2044 | which in turn imitates the Unix sed replacement syntax:: |
|
2079 | which in turn imitates the Unix sed replacement syntax:: | |
2045 |
|
2080 | |||
2046 | patternname = s/SEARCH_REGEX/REPLACE_EXPRESSION/[i] |
|
2081 | patternname = s/SEARCH_REGEX/REPLACE_EXPRESSION/[i] | |
2047 |
|
2082 | |||
2048 | You can use any separator other than "/". The final "i" is optional |
|
2083 | You can use any separator other than "/". The final "i" is optional | |
2049 | and indicates that the search must be case insensitive. |
|
2084 | and indicates that the search must be case insensitive. | |
2050 |
|
2085 | |||
2051 | Examples:: |
|
2086 | Examples:: | |
2052 |
|
2087 | |||
2053 | [websub] |
|
2088 | [websub] | |
2054 | issues = s|issue(\d+)|<a href="http://bts.example.org/issue\1">issue\1</a>|i |
|
2089 | issues = s|issue(\d+)|<a href="http://bts.example.org/issue\1">issue\1</a>|i | |
2055 | italic = s/\b_(\S+)_\b/<i>\1<\/i>/ |
|
2090 | italic = s/\b_(\S+)_\b/<i>\1<\/i>/ | |
2056 | bold = s/\*\b(\S+)\b\*/<b>\1<\/b>/ |
|
2091 | bold = s/\*\b(\S+)\b\*/<b>\1<\/b>/ | |
2057 |
|
2092 | |||
2058 | ``worker`` |
|
2093 | ``worker`` | |
2059 | ---------- |
|
2094 | ---------- | |
2060 |
|
2095 | |||
2061 | Parallel master/worker configuration. We currently perform working |
|
2096 | Parallel master/worker configuration. We currently perform working | |
2062 | directory updates in parallel on Unix-like systems, which greatly |
|
2097 | directory updates in parallel on Unix-like systems, which greatly | |
2063 | helps performance. |
|
2098 | helps performance. | |
2064 |
|
2099 | |||
2065 | ``numcpus`` |
|
2100 | ``numcpus`` | |
2066 | Number of CPUs to use for parallel operations. A zero or |
|
2101 | Number of CPUs to use for parallel operations. A zero or | |
2067 | negative value is treated as ``use the default``. |
|
2102 | negative value is treated as ``use the default``. | |
2068 | (default: 4 or the number of CPUs on the system, whichever is larger) |
|
2103 | (default: 4 or the number of CPUs on the system, whichever is larger) | |
2069 |
|
2104 | |||
2070 | ``backgroundclose`` |
|
2105 | ``backgroundclose`` | |
2071 | Whether to enable closing file handles on background threads during certain |
|
2106 | Whether to enable closing file handles on background threads during certain | |
2072 | operations. Some platforms aren't very efficient at closing file |
|
2107 | operations. Some platforms aren't very efficient at closing file | |
2073 | handles that have been written or appended to. By performing file closing |
|
2108 | handles that have been written or appended to. By performing file closing | |
2074 | on background threads, file write rate can increase substantially. |
|
2109 | on background threads, file write rate can increase substantially. | |
2075 | (default: true on Windows, false elsewhere) |
|
2110 | (default: true on Windows, false elsewhere) | |
2076 |
|
2111 | |||
2077 | ``backgroundcloseminfilecount`` |
|
2112 | ``backgroundcloseminfilecount`` | |
2078 | Minimum number of files required to trigger background file closing. |
|
2113 | Minimum number of files required to trigger background file closing. | |
2079 | Operations not writing this many files won't start background close |
|
2114 | Operations not writing this many files won't start background close | |
2080 | threads. |
|
2115 | threads. | |
2081 | (default: 2048) |
|
2116 | (default: 2048) | |
2082 |
|
2117 | |||
2083 | ``backgroundclosemaxqueue`` |
|
2118 | ``backgroundclosemaxqueue`` | |
2084 | The maximum number of opened file handles waiting to be closed in the |
|
2119 | The maximum number of opened file handles waiting to be closed in the | |
2085 | background. This option only has an effect if ``backgroundclose`` is |
|
2120 | background. This option only has an effect if ``backgroundclose`` is | |
2086 | enabled. |
|
2121 | enabled. | |
2087 | (default: 384) |
|
2122 | (default: 384) | |
2088 |
|
2123 | |||
2089 | ``backgroundclosethreadcount`` |
|
2124 | ``backgroundclosethreadcount`` | |
2090 | Number of threads to process background file closes. Only relevant if |
|
2125 | Number of threads to process background file closes. Only relevant if | |
2091 | ``backgroundclose`` is enabled. |
|
2126 | ``backgroundclose`` is enabled. | |
2092 | (default: 4) |
|
2127 | (default: 4) |
@@ -1,384 +1,399 | |||||
1 | # sslutil.py - SSL handling for mercurial |
|
1 | # sslutil.py - SSL handling for mercurial | |
2 | # |
|
2 | # | |
3 | # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com> |
|
3 | # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com> | |
4 | # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br> |
|
4 | # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br> | |
5 | # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> |
|
5 | # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> | |
6 | # |
|
6 | # | |
7 | # This software may be used and distributed according to the terms of the |
|
7 | # This software may be used and distributed according to the terms of the | |
8 | # GNU General Public License version 2 or any later version. |
|
8 | # GNU General Public License version 2 or any later version. | |
9 |
|
9 | |||
10 | from __future__ import absolute_import |
|
10 | from __future__ import absolute_import | |
11 |
|
11 | |||
12 | import os |
|
12 | import os | |
13 | import ssl |
|
13 | import ssl | |
14 | import sys |
|
14 | import sys | |
15 |
|
15 | |||
16 | from .i18n import _ |
|
16 | from .i18n import _ | |
17 | from . import ( |
|
17 | from . import ( | |
18 | error, |
|
18 | error, | |
19 | util, |
|
19 | util, | |
20 | ) |
|
20 | ) | |
21 |
|
21 | |||
22 | # Python 2.7.9+ overhauled the built-in SSL/TLS features of Python. It added |
|
22 | # Python 2.7.9+ overhauled the built-in SSL/TLS features of Python. It added | |
23 | # support for TLS 1.1, TLS 1.2, SNI, system CA stores, etc. These features are |
|
23 | # support for TLS 1.1, TLS 1.2, SNI, system CA stores, etc. These features are | |
24 | # all exposed via the "ssl" module. |
|
24 | # all exposed via the "ssl" module. | |
25 | # |
|
25 | # | |
26 | # Depending on the version of Python being used, SSL/TLS support is either |
|
26 | # Depending on the version of Python being used, SSL/TLS support is either | |
27 | # modern/secure or legacy/insecure. Many operations in this module have |
|
27 | # modern/secure or legacy/insecure. Many operations in this module have | |
28 | # separate code paths depending on support in Python. |
|
28 | # separate code paths depending on support in Python. | |
29 |
|
29 | |||
30 | hassni = getattr(ssl, 'HAS_SNI', False) |
|
30 | hassni = getattr(ssl, 'HAS_SNI', False) | |
31 |
|
31 | |||
32 | try: |
|
32 | try: | |
33 | OP_NO_SSLv2 = ssl.OP_NO_SSLv2 |
|
33 | OP_NO_SSLv2 = ssl.OP_NO_SSLv2 | |
34 | OP_NO_SSLv3 = ssl.OP_NO_SSLv3 |
|
34 | OP_NO_SSLv3 = ssl.OP_NO_SSLv3 | |
35 | except AttributeError: |
|
35 | except AttributeError: | |
36 | OP_NO_SSLv2 = 0x1000000 |
|
36 | OP_NO_SSLv2 = 0x1000000 | |
37 | OP_NO_SSLv3 = 0x2000000 |
|
37 | OP_NO_SSLv3 = 0x2000000 | |
38 |
|
38 | |||
39 | try: |
|
39 | try: | |
40 | # ssl.SSLContext was added in 2.7.9 and presence indicates modern |
|
40 | # ssl.SSLContext was added in 2.7.9 and presence indicates modern | |
41 | # SSL/TLS features are available. |
|
41 | # SSL/TLS features are available. | |
42 | SSLContext = ssl.SSLContext |
|
42 | SSLContext = ssl.SSLContext | |
43 | modernssl = True |
|
43 | modernssl = True | |
44 | _canloaddefaultcerts = util.safehasattr(SSLContext, 'load_default_certs') |
|
44 | _canloaddefaultcerts = util.safehasattr(SSLContext, 'load_default_certs') | |
45 | except AttributeError: |
|
45 | except AttributeError: | |
46 | modernssl = False |
|
46 | modernssl = False | |
47 | _canloaddefaultcerts = False |
|
47 | _canloaddefaultcerts = False | |
48 |
|
48 | |||
49 | # We implement SSLContext using the interface from the standard library. |
|
49 | # We implement SSLContext using the interface from the standard library. | |
50 | class SSLContext(object): |
|
50 | class SSLContext(object): | |
51 | # ssl.wrap_socket gained the "ciphers" named argument in 2.7. |
|
51 | # ssl.wrap_socket gained the "ciphers" named argument in 2.7. | |
52 | _supportsciphers = sys.version_info >= (2, 7) |
|
52 | _supportsciphers = sys.version_info >= (2, 7) | |
53 |
|
53 | |||
54 | def __init__(self, protocol): |
|
54 | def __init__(self, protocol): | |
55 | # From the public interface of SSLContext |
|
55 | # From the public interface of SSLContext | |
56 | self.protocol = protocol |
|
56 | self.protocol = protocol | |
57 | self.check_hostname = False |
|
57 | self.check_hostname = False | |
58 | self.options = 0 |
|
58 | self.options = 0 | |
59 | self.verify_mode = ssl.CERT_NONE |
|
59 | self.verify_mode = ssl.CERT_NONE | |
60 |
|
60 | |||
61 | # Used by our implementation. |
|
61 | # Used by our implementation. | |
62 | self._certfile = None |
|
62 | self._certfile = None | |
63 | self._keyfile = None |
|
63 | self._keyfile = None | |
64 | self._certpassword = None |
|
64 | self._certpassword = None | |
65 | self._cacerts = None |
|
65 | self._cacerts = None | |
66 | self._ciphers = None |
|
66 | self._ciphers = None | |
67 |
|
67 | |||
68 | def load_cert_chain(self, certfile, keyfile=None, password=None): |
|
68 | def load_cert_chain(self, certfile, keyfile=None, password=None): | |
69 | self._certfile = certfile |
|
69 | self._certfile = certfile | |
70 | self._keyfile = keyfile |
|
70 | self._keyfile = keyfile | |
71 | self._certpassword = password |
|
71 | self._certpassword = password | |
72 |
|
72 | |||
73 | def load_default_certs(self, purpose=None): |
|
73 | def load_default_certs(self, purpose=None): | |
74 | pass |
|
74 | pass | |
75 |
|
75 | |||
76 | def load_verify_locations(self, cafile=None, capath=None, cadata=None): |
|
76 | def load_verify_locations(self, cafile=None, capath=None, cadata=None): | |
77 | if capath: |
|
77 | if capath: | |
78 | raise error.Abort('capath not supported') |
|
78 | raise error.Abort('capath not supported') | |
79 | if cadata: |
|
79 | if cadata: | |
80 | raise error.Abort('cadata not supported') |
|
80 | raise error.Abort('cadata not supported') | |
81 |
|
81 | |||
82 | self._cacerts = cafile |
|
82 | self._cacerts = cafile | |
83 |
|
83 | |||
84 | def set_ciphers(self, ciphers): |
|
84 | def set_ciphers(self, ciphers): | |
85 | if not self._supportsciphers: |
|
85 | if not self._supportsciphers: | |
86 | raise error.Abort('setting ciphers not supported') |
|
86 | raise error.Abort('setting ciphers not supported') | |
87 |
|
87 | |||
88 | self._ciphers = ciphers |
|
88 | self._ciphers = ciphers | |
89 |
|
89 | |||
90 | def wrap_socket(self, socket, server_hostname=None, server_side=False): |
|
90 | def wrap_socket(self, socket, server_hostname=None, server_side=False): | |
91 | # server_hostname is unique to SSLContext.wrap_socket and is used |
|
91 | # server_hostname is unique to SSLContext.wrap_socket and is used | |
92 | # for SNI in that context. So there's nothing for us to do with it |
|
92 | # for SNI in that context. So there's nothing for us to do with it | |
93 | # in this legacy code since we don't support SNI. |
|
93 | # in this legacy code since we don't support SNI. | |
94 |
|
94 | |||
95 | args = { |
|
95 | args = { | |
96 | 'keyfile': self._keyfile, |
|
96 | 'keyfile': self._keyfile, | |
97 | 'certfile': self._certfile, |
|
97 | 'certfile': self._certfile, | |
98 | 'server_side': server_side, |
|
98 | 'server_side': server_side, | |
99 | 'cert_reqs': self.verify_mode, |
|
99 | 'cert_reqs': self.verify_mode, | |
100 | 'ssl_version': self.protocol, |
|
100 | 'ssl_version': self.protocol, | |
101 | 'ca_certs': self._cacerts, |
|
101 | 'ca_certs': self._cacerts, | |
102 | } |
|
102 | } | |
103 |
|
103 | |||
104 | if self._supportsciphers: |
|
104 | if self._supportsciphers: | |
105 | args['ciphers'] = self._ciphers |
|
105 | args['ciphers'] = self._ciphers | |
106 |
|
106 | |||
107 | return ssl.wrap_socket(socket, **args) |
|
107 | return ssl.wrap_socket(socket, **args) | |
108 |
|
108 | |||
109 | def _hostsettings(ui, hostname): |
|
109 | def _hostsettings(ui, hostname): | |
110 | """Obtain security settings for a hostname. |
|
110 | """Obtain security settings for a hostname. | |
111 |
|
111 | |||
112 | Returns a dict of settings relevant to that hostname. |
|
112 | Returns a dict of settings relevant to that hostname. | |
113 | """ |
|
113 | """ | |
114 | s = { |
|
114 | s = { | |
115 | # List of 2-tuple of (hash algorithm, hash). |
|
115 | # List of 2-tuple of (hash algorithm, hash). | |
116 | 'certfingerprints': [], |
|
116 | 'certfingerprints': [], | |
117 | # Path to file containing concatenated CA certs. Used by |
|
117 | # Path to file containing concatenated CA certs. Used by | |
118 | # SSLContext.load_verify_locations(). |
|
118 | # SSLContext.load_verify_locations(). | |
119 | 'cafile': None, |
|
119 | 'cafile': None, | |
120 | # ssl.CERT_* constant used by SSLContext.verify_mode. |
|
120 | # ssl.CERT_* constant used by SSLContext.verify_mode. | |
121 | 'verifymode': None, |
|
121 | 'verifymode': None, | |
122 | } |
|
122 | } | |
123 |
|
123 | |||
|
124 | # Look for fingerprints in [hostsecurity] section. Value is a list | |||
|
125 | # of <alg>:<fingerprint> strings. | |||
|
126 | fingerprints = ui.configlist('hostsecurity', '%s:fingerprints' % hostname, | |||
|
127 | []) | |||
|
128 | for fingerprint in fingerprints: | |||
|
129 | if not (fingerprint.startswith(('sha1:', 'sha256:', 'sha512:'))): | |||
|
130 | raise error.Abort(_('invalid fingerprint for %s: %s') % ( | |||
|
131 | hostname, fingerprint), | |||
|
132 | hint=_('must begin with "sha1:", "sha256:", ' | |||
|
133 | 'or "sha512:"')) | |||
|
134 | ||||
|
135 | alg, fingerprint = fingerprint.split(':', 1) | |||
|
136 | fingerprint = fingerprint.replace(':', '').lower() | |||
|
137 | s['certfingerprints'].append((alg, fingerprint)) | |||
|
138 | ||||
124 | # Fingerprints from [hostfingerprints] are always SHA-1. |
|
139 | # Fingerprints from [hostfingerprints] are always SHA-1. | |
125 | for fingerprint in ui.configlist('hostfingerprints', hostname, []): |
|
140 | for fingerprint in ui.configlist('hostfingerprints', hostname, []): | |
126 | fingerprint = fingerprint.replace(':', '').lower() |
|
141 | fingerprint = fingerprint.replace(':', '').lower() | |
127 | s['certfingerprints'].append(('sha1', fingerprint)) |
|
142 | s['certfingerprints'].append(('sha1', fingerprint)) | |
128 |
|
143 | |||
129 | # If a host cert fingerprint is defined, it is the only thing that |
|
144 | # If a host cert fingerprint is defined, it is the only thing that | |
130 | # matters. No need to validate CA certs. |
|
145 | # matters. No need to validate CA certs. | |
131 | if s['certfingerprints']: |
|
146 | if s['certfingerprints']: | |
132 | s['verifymode'] = ssl.CERT_NONE |
|
147 | s['verifymode'] = ssl.CERT_NONE | |
133 |
|
148 | |||
134 | # If --insecure is used, don't take CAs into consideration. |
|
149 | # If --insecure is used, don't take CAs into consideration. | |
135 | elif ui.insecureconnections: |
|
150 | elif ui.insecureconnections: | |
136 | s['verifymode'] = ssl.CERT_NONE |
|
151 | s['verifymode'] = ssl.CERT_NONE | |
137 |
|
152 | |||
138 | # Try to hook up CA certificate validation unless something above |
|
153 | # Try to hook up CA certificate validation unless something above | |
139 | # makes it not necessary. |
|
154 | # makes it not necessary. | |
140 | if s['verifymode'] is None: |
|
155 | if s['verifymode'] is None: | |
141 | # Find global certificates file in config. |
|
156 | # Find global certificates file in config. | |
142 | cafile = ui.config('web', 'cacerts') |
|
157 | cafile = ui.config('web', 'cacerts') | |
143 |
|
158 | |||
144 | if cafile: |
|
159 | if cafile: | |
145 | cafile = util.expandpath(cafile) |
|
160 | cafile = util.expandpath(cafile) | |
146 | if not os.path.exists(cafile): |
|
161 | if not os.path.exists(cafile): | |
147 | raise error.Abort(_('could not find web.cacerts: %s') % cafile) |
|
162 | raise error.Abort(_('could not find web.cacerts: %s') % cafile) | |
148 | else: |
|
163 | else: | |
149 | # No global CA certs. See if we can load defaults. |
|
164 | # No global CA certs. See if we can load defaults. | |
150 | cafile = _defaultcacerts() |
|
165 | cafile = _defaultcacerts() | |
151 | if cafile: |
|
166 | if cafile: | |
152 | ui.debug('using %s to enable OS X system CA\n' % cafile) |
|
167 | ui.debug('using %s to enable OS X system CA\n' % cafile) | |
153 |
|
168 | |||
154 | s['cafile'] = cafile |
|
169 | s['cafile'] = cafile | |
155 |
|
170 | |||
156 | # Require certificate validation if CA certs are being loaded and |
|
171 | # Require certificate validation if CA certs are being loaded and | |
157 | # verification hasn't been disabled above. |
|
172 | # verification hasn't been disabled above. | |
158 | if cafile or _canloaddefaultcerts: |
|
173 | if cafile or _canloaddefaultcerts: | |
159 | s['verifymode'] = ssl.CERT_REQUIRED |
|
174 | s['verifymode'] = ssl.CERT_REQUIRED | |
160 | else: |
|
175 | else: | |
161 | # At this point we don't have a fingerprint, aren't being |
|
176 | # At this point we don't have a fingerprint, aren't being | |
162 | # explicitly insecure, and can't load CA certs. Connecting |
|
177 | # explicitly insecure, and can't load CA certs. Connecting | |
163 | # at this point is insecure. But we do it for BC reasons. |
|
178 | # at this point is insecure. But we do it for BC reasons. | |
164 | # TODO abort here to make secure by default. |
|
179 | # TODO abort here to make secure by default. | |
165 | s['verifymode'] = ssl.CERT_NONE |
|
180 | s['verifymode'] = ssl.CERT_NONE | |
166 |
|
181 | |||
167 | assert s['verifymode'] is not None |
|
182 | assert s['verifymode'] is not None | |
168 |
|
183 | |||
169 | return s |
|
184 | return s | |
170 |
|
185 | |||
171 | def wrapsocket(sock, keyfile, certfile, ui, serverhostname=None): |
|
186 | def wrapsocket(sock, keyfile, certfile, ui, serverhostname=None): | |
172 | """Add SSL/TLS to a socket. |
|
187 | """Add SSL/TLS to a socket. | |
173 |
|
188 | |||
174 | This is a glorified wrapper for ``ssl.wrap_socket()``. It makes sane |
|
189 | This is a glorified wrapper for ``ssl.wrap_socket()``. It makes sane | |
175 | choices based on what security options are available. |
|
190 | choices based on what security options are available. | |
176 |
|
191 | |||
177 | In addition to the arguments supported by ``ssl.wrap_socket``, we allow |
|
192 | In addition to the arguments supported by ``ssl.wrap_socket``, we allow | |
178 | the following additional arguments: |
|
193 | the following additional arguments: | |
179 |
|
194 | |||
180 | * serverhostname - The expected hostname of the remote server. If the |
|
195 | * serverhostname - The expected hostname of the remote server. If the | |
181 | server (and client) support SNI, this tells the server which certificate |
|
196 | server (and client) support SNI, this tells the server which certificate | |
182 | to use. |
|
197 | to use. | |
183 | """ |
|
198 | """ | |
184 | if not serverhostname: |
|
199 | if not serverhostname: | |
185 | raise error.Abort('serverhostname argument is required') |
|
200 | raise error.Abort('serverhostname argument is required') | |
186 |
|
201 | |||
187 | settings = _hostsettings(ui, serverhostname) |
|
202 | settings = _hostsettings(ui, serverhostname) | |
188 |
|
203 | |||
189 | # Despite its name, PROTOCOL_SSLv23 selects the highest protocol |
|
204 | # Despite its name, PROTOCOL_SSLv23 selects the highest protocol | |
190 | # that both ends support, including TLS protocols. On legacy stacks, |
|
205 | # that both ends support, including TLS protocols. On legacy stacks, | |
191 | # the highest it likely goes in TLS 1.0. On modern stacks, it can |
|
206 | # the highest it likely goes in TLS 1.0. On modern stacks, it can | |
192 | # support TLS 1.2. |
|
207 | # support TLS 1.2. | |
193 | # |
|
208 | # | |
194 | # The PROTOCOL_TLSv* constants select a specific TLS version |
|
209 | # The PROTOCOL_TLSv* constants select a specific TLS version | |
195 | # only (as opposed to multiple versions). So the method for |
|
210 | # only (as opposed to multiple versions). So the method for | |
196 | # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and |
|
211 | # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and | |
197 | # disable protocols via SSLContext.options and OP_NO_* constants. |
|
212 | # disable protocols via SSLContext.options and OP_NO_* constants. | |
198 | # However, SSLContext.options doesn't work unless we have the |
|
213 | # However, SSLContext.options doesn't work unless we have the | |
199 | # full/real SSLContext available to us. |
|
214 | # full/real SSLContext available to us. | |
200 | # |
|
215 | # | |
201 | # SSLv2 and SSLv3 are broken. We ban them outright. |
|
216 | # SSLv2 and SSLv3 are broken. We ban them outright. | |
202 | if modernssl: |
|
217 | if modernssl: | |
203 | protocol = ssl.PROTOCOL_SSLv23 |
|
218 | protocol = ssl.PROTOCOL_SSLv23 | |
204 | else: |
|
219 | else: | |
205 | protocol = ssl.PROTOCOL_TLSv1 |
|
220 | protocol = ssl.PROTOCOL_TLSv1 | |
206 |
|
221 | |||
207 | # TODO use ssl.create_default_context() on modernssl. |
|
222 | # TODO use ssl.create_default_context() on modernssl. | |
208 | sslcontext = SSLContext(protocol) |
|
223 | sslcontext = SSLContext(protocol) | |
209 |
|
224 | |||
210 | # This is a no-op on old Python. |
|
225 | # This is a no-op on old Python. | |
211 | sslcontext.options |= OP_NO_SSLv2 | OP_NO_SSLv3 |
|
226 | sslcontext.options |= OP_NO_SSLv2 | OP_NO_SSLv3 | |
212 |
|
227 | |||
213 | # This still works on our fake SSLContext. |
|
228 | # This still works on our fake SSLContext. | |
214 | sslcontext.verify_mode = settings['verifymode'] |
|
229 | sslcontext.verify_mode = settings['verifymode'] | |
215 |
|
230 | |||
216 | if certfile is not None: |
|
231 | if certfile is not None: | |
217 | def password(): |
|
232 | def password(): | |
218 | f = keyfile or certfile |
|
233 | f = keyfile or certfile | |
219 | return ui.getpass(_('passphrase for %s: ') % f, '') |
|
234 | return ui.getpass(_('passphrase for %s: ') % f, '') | |
220 | sslcontext.load_cert_chain(certfile, keyfile, password) |
|
235 | sslcontext.load_cert_chain(certfile, keyfile, password) | |
221 |
|
236 | |||
222 | if settings['cafile'] is not None: |
|
237 | if settings['cafile'] is not None: | |
223 | sslcontext.load_verify_locations(cafile=settings['cafile']) |
|
238 | sslcontext.load_verify_locations(cafile=settings['cafile']) | |
224 | caloaded = True |
|
239 | caloaded = True | |
225 | else: |
|
240 | else: | |
226 | # This is a no-op on old Python. |
|
241 | # This is a no-op on old Python. | |
227 | sslcontext.load_default_certs() |
|
242 | sslcontext.load_default_certs() | |
228 | caloaded = _canloaddefaultcerts |
|
243 | caloaded = _canloaddefaultcerts | |
229 |
|
244 | |||
230 | sslsocket = sslcontext.wrap_socket(sock, server_hostname=serverhostname) |
|
245 | sslsocket = sslcontext.wrap_socket(sock, server_hostname=serverhostname) | |
231 | # check if wrap_socket failed silently because socket had been |
|
246 | # check if wrap_socket failed silently because socket had been | |
232 | # closed |
|
247 | # closed | |
233 | # - see http://bugs.python.org/issue13721 |
|
248 | # - see http://bugs.python.org/issue13721 | |
234 | if not sslsocket.cipher(): |
|
249 | if not sslsocket.cipher(): | |
235 | raise error.Abort(_('ssl connection failed')) |
|
250 | raise error.Abort(_('ssl connection failed')) | |
236 |
|
251 | |||
237 | sslsocket._hgstate = { |
|
252 | sslsocket._hgstate = { | |
238 | 'caloaded': caloaded, |
|
253 | 'caloaded': caloaded, | |
239 | 'hostname': serverhostname, |
|
254 | 'hostname': serverhostname, | |
240 | 'settings': settings, |
|
255 | 'settings': settings, | |
241 | 'ui': ui, |
|
256 | 'ui': ui, | |
242 | } |
|
257 | } | |
243 |
|
258 | |||
244 | return sslsocket |
|
259 | return sslsocket | |
245 |
|
260 | |||
246 | def _verifycert(cert, hostname): |
|
261 | def _verifycert(cert, hostname): | |
247 | '''Verify that cert (in socket.getpeercert() format) matches hostname. |
|
262 | '''Verify that cert (in socket.getpeercert() format) matches hostname. | |
248 | CRLs is not handled. |
|
263 | CRLs is not handled. | |
249 |
|
264 | |||
250 | Returns error message if any problems are found and None on success. |
|
265 | Returns error message if any problems are found and None on success. | |
251 | ''' |
|
266 | ''' | |
252 | if not cert: |
|
267 | if not cert: | |
253 | return _('no certificate received') |
|
268 | return _('no certificate received') | |
254 | dnsname = hostname.lower() |
|
269 | dnsname = hostname.lower() | |
255 | def matchdnsname(certname): |
|
270 | def matchdnsname(certname): | |
256 | return (certname == dnsname or |
|
271 | return (certname == dnsname or | |
257 | '.' in dnsname and certname == '*.' + dnsname.split('.', 1)[1]) |
|
272 | '.' in dnsname and certname == '*.' + dnsname.split('.', 1)[1]) | |
258 |
|
273 | |||
259 | san = cert.get('subjectAltName', []) |
|
274 | san = cert.get('subjectAltName', []) | |
260 | if san: |
|
275 | if san: | |
261 | certnames = [value.lower() for key, value in san if key == 'DNS'] |
|
276 | certnames = [value.lower() for key, value in san if key == 'DNS'] | |
262 | for name in certnames: |
|
277 | for name in certnames: | |
263 | if matchdnsname(name): |
|
278 | if matchdnsname(name): | |
264 | return None |
|
279 | return None | |
265 | if certnames: |
|
280 | if certnames: | |
266 | return _('certificate is for %s') % ', '.join(certnames) |
|
281 | return _('certificate is for %s') % ', '.join(certnames) | |
267 |
|
282 | |||
268 | # subject is only checked when subjectAltName is empty |
|
283 | # subject is only checked when subjectAltName is empty | |
269 | for s in cert.get('subject', []): |
|
284 | for s in cert.get('subject', []): | |
270 | key, value = s[0] |
|
285 | key, value = s[0] | |
271 | if key == 'commonName': |
|
286 | if key == 'commonName': | |
272 | try: |
|
287 | try: | |
273 | # 'subject' entries are unicode |
|
288 | # 'subject' entries are unicode | |
274 | certname = value.lower().encode('ascii') |
|
289 | certname = value.lower().encode('ascii') | |
275 | except UnicodeEncodeError: |
|
290 | except UnicodeEncodeError: | |
276 | return _('IDN in certificate not supported') |
|
291 | return _('IDN in certificate not supported') | |
277 | if matchdnsname(certname): |
|
292 | if matchdnsname(certname): | |
278 | return None |
|
293 | return None | |
279 | return _('certificate is for %s') % certname |
|
294 | return _('certificate is for %s') % certname | |
280 | return _('no commonName or subjectAltName found in certificate') |
|
295 | return _('no commonName or subjectAltName found in certificate') | |
281 |
|
296 | |||
282 |
|
297 | |||
283 | # CERT_REQUIRED means fetch the cert from the server all the time AND |
|
298 | # CERT_REQUIRED means fetch the cert from the server all the time AND | |
284 | # validate it against the CA store provided in web.cacerts. |
|
299 | # validate it against the CA store provided in web.cacerts. | |
285 |
|
300 | |||
286 | def _plainapplepython(): |
|
301 | def _plainapplepython(): | |
287 | """return true if this seems to be a pure Apple Python that |
|
302 | """return true if this seems to be a pure Apple Python that | |
288 | * is unfrozen and presumably has the whole mercurial module in the file |
|
303 | * is unfrozen and presumably has the whole mercurial module in the file | |
289 | system |
|
304 | system | |
290 | * presumably is an Apple Python that uses Apple OpenSSL which has patches |
|
305 | * presumably is an Apple Python that uses Apple OpenSSL which has patches | |
291 | for using system certificate store CAs in addition to the provided |
|
306 | for using system certificate store CAs in addition to the provided | |
292 | cacerts file |
|
307 | cacerts file | |
293 | """ |
|
308 | """ | |
294 | if sys.platform != 'darwin' or util.mainfrozen() or not sys.executable: |
|
309 | if sys.platform != 'darwin' or util.mainfrozen() or not sys.executable: | |
295 | return False |
|
310 | return False | |
296 | exe = os.path.realpath(sys.executable).lower() |
|
311 | exe = os.path.realpath(sys.executable).lower() | |
297 | return (exe.startswith('/usr/bin/python') or |
|
312 | return (exe.startswith('/usr/bin/python') or | |
298 | exe.startswith('/system/library/frameworks/python.framework/')) |
|
313 | exe.startswith('/system/library/frameworks/python.framework/')) | |
299 |
|
314 | |||
300 | def _defaultcacerts(): |
|
315 | def _defaultcacerts(): | |
301 | """return path to default CA certificates or None.""" |
|
316 | """return path to default CA certificates or None.""" | |
302 | if _plainapplepython(): |
|
317 | if _plainapplepython(): | |
303 | dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem') |
|
318 | dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem') | |
304 | if os.path.exists(dummycert): |
|
319 | if os.path.exists(dummycert): | |
305 | return dummycert |
|
320 | return dummycert | |
306 |
|
321 | |||
307 | return None |
|
322 | return None | |
308 |
|
323 | |||
309 | def validatesocket(sock, strict=False): |
|
324 | def validatesocket(sock, strict=False): | |
310 | """Validate a socket meets security requiremnets. |
|
325 | """Validate a socket meets security requiremnets. | |
311 |
|
326 | |||
312 | The passed socket must have been created with ``wrapsocket()``. |
|
327 | The passed socket must have been created with ``wrapsocket()``. | |
313 | """ |
|
328 | """ | |
314 | host = sock._hgstate['hostname'] |
|
329 | host = sock._hgstate['hostname'] | |
315 | ui = sock._hgstate['ui'] |
|
330 | ui = sock._hgstate['ui'] | |
316 | settings = sock._hgstate['settings'] |
|
331 | settings = sock._hgstate['settings'] | |
317 |
|
332 | |||
318 | try: |
|
333 | try: | |
319 | peercert = sock.getpeercert(True) |
|
334 | peercert = sock.getpeercert(True) | |
320 | peercert2 = sock.getpeercert() |
|
335 | peercert2 = sock.getpeercert() | |
321 | except AttributeError: |
|
336 | except AttributeError: | |
322 | raise error.Abort(_('%s ssl connection error') % host) |
|
337 | raise error.Abort(_('%s ssl connection error') % host) | |
323 |
|
338 | |||
324 | if not peercert: |
|
339 | if not peercert: | |
325 | raise error.Abort(_('%s certificate error: ' |
|
340 | raise error.Abort(_('%s certificate error: ' | |
326 | 'no certificate received') % host) |
|
341 | 'no certificate received') % host) | |
327 |
|
342 | |||
328 | # If a certificate fingerprint is pinned, use it and only it to |
|
343 | # If a certificate fingerprint is pinned, use it and only it to | |
329 | # validate the remote cert. |
|
344 | # validate the remote cert. | |
330 | peerfingerprints = { |
|
345 | peerfingerprints = { | |
331 | 'sha1': util.sha1(peercert).hexdigest(), |
|
346 | 'sha1': util.sha1(peercert).hexdigest(), | |
332 | 'sha256': util.sha256(peercert).hexdigest(), |
|
347 | 'sha256': util.sha256(peercert).hexdigest(), | |
333 | 'sha512': util.sha512(peercert).hexdigest(), |
|
348 | 'sha512': util.sha512(peercert).hexdigest(), | |
334 | } |
|
349 | } | |
335 | nicefingerprint = ':'.join([peerfingerprints['sha1'][x:x + 2] |
|
350 | nicefingerprint = ':'.join([peerfingerprints['sha1'][x:x + 2] | |
336 | for x in range(0, len(peerfingerprints['sha1']), 2)]) |
|
351 | for x in range(0, len(peerfingerprints['sha1']), 2)]) | |
337 |
|
352 | |||
338 | if settings['certfingerprints']: |
|
353 | if settings['certfingerprints']: | |
339 | fingerprintmatch = False |
|
354 | fingerprintmatch = False | |
340 | for hash, fingerprint in settings['certfingerprints']: |
|
355 | for hash, fingerprint in settings['certfingerprints']: | |
341 | if peerfingerprints[hash].lower() == fingerprint: |
|
356 | if peerfingerprints[hash].lower() == fingerprint: | |
342 | fingerprintmatch = True |
|
357 | fingerprintmatch = True | |
343 | break |
|
358 | break | |
344 | if not fingerprintmatch: |
|
359 | if not fingerprintmatch: | |
345 | raise error.Abort(_('certificate for %s has unexpected ' |
|
360 | raise error.Abort(_('certificate for %s has unexpected ' | |
346 | 'fingerprint %s') % (host, nicefingerprint), |
|
361 | 'fingerprint %s') % (host, nicefingerprint), | |
347 | hint=_('check hostfingerprint configuration')) |
|
362 | hint=_('check hostfingerprint configuration')) | |
348 | ui.debug('%s certificate matched fingerprint %s\n' % |
|
363 | ui.debug('%s certificate matched fingerprint %s\n' % | |
349 | (host, nicefingerprint)) |
|
364 | (host, nicefingerprint)) | |
350 | return |
|
365 | return | |
351 |
|
366 | |||
352 | # If insecure connections were explicitly requested via --insecure, |
|
367 | # If insecure connections were explicitly requested via --insecure, | |
353 | # print a warning and do no verification. |
|
368 | # print a warning and do no verification. | |
354 | # |
|
369 | # | |
355 | # It may seem odd that this is checked *after* host fingerprint pinning. |
|
370 | # It may seem odd that this is checked *after* host fingerprint pinning. | |
356 | # This is for backwards compatibility (for now). The message is also |
|
371 | # This is for backwards compatibility (for now). The message is also | |
357 | # the same as below for BC. |
|
372 | # the same as below for BC. | |
358 | if ui.insecureconnections: |
|
373 | if ui.insecureconnections: | |
359 | ui.warn(_('warning: %s certificate with fingerprint %s not ' |
|
374 | ui.warn(_('warning: %s certificate with fingerprint %s not ' | |
360 | 'verified (check hostfingerprints or web.cacerts ' |
|
375 | 'verified (check hostfingerprints or web.cacerts ' | |
361 | 'config setting)\n') % |
|
376 | 'config setting)\n') % | |
362 | (host, nicefingerprint)) |
|
377 | (host, nicefingerprint)) | |
363 | return |
|
378 | return | |
364 |
|
379 | |||
365 | if not sock._hgstate['caloaded']: |
|
380 | if not sock._hgstate['caloaded']: | |
366 | if strict: |
|
381 | if strict: | |
367 | raise error.Abort(_('%s certificate with fingerprint %s not ' |
|
382 | raise error.Abort(_('%s certificate with fingerprint %s not ' | |
368 | 'verified') % (host, nicefingerprint), |
|
383 | 'verified') % (host, nicefingerprint), | |
369 | hint=_('check hostfingerprints or ' |
|
384 | hint=_('check hostfingerprints or ' | |
370 | 'web.cacerts config setting')) |
|
385 | 'web.cacerts config setting')) | |
371 | else: |
|
386 | else: | |
372 | ui.warn(_('warning: %s certificate with fingerprint %s ' |
|
387 | ui.warn(_('warning: %s certificate with fingerprint %s ' | |
373 | 'not verified (check hostfingerprints or ' |
|
388 | 'not verified (check hostfingerprints or ' | |
374 | 'web.cacerts config setting)\n') % |
|
389 | 'web.cacerts config setting)\n') % | |
375 | (host, nicefingerprint)) |
|
390 | (host, nicefingerprint)) | |
376 |
|
391 | |||
377 | return |
|
392 | return | |
378 |
|
393 | |||
379 | msg = _verifycert(peercert2, host) |
|
394 | msg = _verifycert(peercert2, host) | |
380 | if msg: |
|
395 | if msg: | |
381 | raise error.Abort(_('%s certificate error: %s') % (host, msg), |
|
396 | raise error.Abort(_('%s certificate error: %s') % (host, msg), | |
382 | hint=_('configure hostfingerprint %s or use ' |
|
397 | hint=_('configure hostfingerprint %s or use ' | |
383 | '--insecure to connect insecurely') % |
|
398 | '--insecure to connect insecurely') % | |
384 | nicefingerprint) |
|
399 | nicefingerprint) |
@@ -1,414 +1,432 | |||||
1 | #require serve ssl |
|
1 | #require serve ssl | |
2 |
|
2 | |||
3 | Proper https client requires the built-in ssl from Python 2.6. |
|
3 | Proper https client requires the built-in ssl from Python 2.6. | |
4 |
|
4 | |||
5 | Certificates created with: |
|
5 | Certificates created with: | |
6 | printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \ |
|
6 | printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \ | |
7 | openssl req -newkey rsa:512 -keyout priv.pem -nodes -x509 -days 9000 -out pub.pem |
|
7 | openssl req -newkey rsa:512 -keyout priv.pem -nodes -x509 -days 9000 -out pub.pem | |
8 | Can be dumped with: |
|
8 | Can be dumped with: | |
9 | openssl x509 -in pub.pem -text |
|
9 | openssl x509 -in pub.pem -text | |
10 |
|
10 | |||
11 | $ cat << EOT > priv.pem |
|
11 | $ cat << EOT > priv.pem | |
12 | > -----BEGIN PRIVATE KEY----- |
|
12 | > -----BEGIN PRIVATE KEY----- | |
13 | > MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEApjCWeYGrIa/Vo7LH |
|
13 | > MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEApjCWeYGrIa/Vo7LH | |
14 | > aRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8 |
|
14 | > aRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8 | |
15 | > j/xgSwIDAQABAkBxHC6+Qlf0VJXGlb6NL16yEVVTQxqDS6hA9zqu6TZjrr0YMfzc |
|
15 | > j/xgSwIDAQABAkBxHC6+Qlf0VJXGlb6NL16yEVVTQxqDS6hA9zqu6TZjrr0YMfzc | |
16 | > EGNIiZGt7HCBL0zO+cPDg/LeCZc6HQhf0KrhAiEAzlJq4hWWzvguWFIJWSoBeBUG |
|
16 | > EGNIiZGt7HCBL0zO+cPDg/LeCZc6HQhf0KrhAiEAzlJq4hWWzvguWFIJWSoBeBUG | |
17 | > MF1ACazQO7PYE8M0qfECIQDONHHP0SKZzz/ZwBZcAveC5K61f/v9hONFwbeYulzR |
|
17 | > MF1ACazQO7PYE8M0qfECIQDONHHP0SKZzz/ZwBZcAveC5K61f/v9hONFwbeYulzR | |
18 | > +wIgc9SvbtgB/5Yzpp//4ZAEnR7oh5SClCvyB+KSx52K3nECICbhQphhoXmI10wy |
|
18 | > +wIgc9SvbtgB/5Yzpp//4ZAEnR7oh5SClCvyB+KSx52K3nECICbhQphhoXmI10wy | |
19 | > aMTellaq0bpNMHFDziqH9RsqAHhjAiEAgYGxfzkftt5IUUn/iFK89aaIpyrpuaAh |
|
19 | > aMTellaq0bpNMHFDziqH9RsqAHhjAiEAgYGxfzkftt5IUUn/iFK89aaIpyrpuaAh | |
20 | > HY8gUVkVRVs= |
|
20 | > HY8gUVkVRVs= | |
21 | > -----END PRIVATE KEY----- |
|
21 | > -----END PRIVATE KEY----- | |
22 | > EOT |
|
22 | > EOT | |
23 |
|
23 | |||
24 | $ cat << EOT > pub.pem |
|
24 | $ cat << EOT > pub.pem | |
25 | > -----BEGIN CERTIFICATE----- |
|
25 | > -----BEGIN CERTIFICATE----- | |
26 | > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV |
|
26 | > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV | |
27 | > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw |
|
27 | > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw | |
28 | > MTAxNDIwMzAxNFoXDTM1MDYwNTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0 |
|
28 | > MTAxNDIwMzAxNFoXDTM1MDYwNTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0 | |
29 | > MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL |
|
29 | > MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL | |
30 | > ADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX |
|
30 | > ADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX | |
31 | > 6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA+amm |
|
31 | > 6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA+amm | |
32 | > r24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQw |
|
32 | > r24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQw | |
33 | > DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAFArvQFiAZJgQczRsbYlG1xl |
|
33 | > DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAFArvQFiAZJgQczRsbYlG1xl | |
34 | > t+truk37w5B3m3Ick1ntRcQrqs+hf0CO1q6Squ144geYaQ8CDirSR92fICELI1c= |
|
34 | > t+truk37w5B3m3Ick1ntRcQrqs+hf0CO1q6Squ144geYaQ8CDirSR92fICELI1c= | |
35 | > -----END CERTIFICATE----- |
|
35 | > -----END CERTIFICATE----- | |
36 | > EOT |
|
36 | > EOT | |
37 | $ cat priv.pem pub.pem >> server.pem |
|
37 | $ cat priv.pem pub.pem >> server.pem | |
38 | $ PRIV=`pwd`/server.pem |
|
38 | $ PRIV=`pwd`/server.pem | |
39 |
|
39 | |||
40 | $ cat << EOT > pub-other.pem |
|
40 | $ cat << EOT > pub-other.pem | |
41 | > -----BEGIN CERTIFICATE----- |
|
41 | > -----BEGIN CERTIFICATE----- | |
42 | > MIIBqzCCAVWgAwIBAgIJALwZS731c/ORMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV |
|
42 | > MIIBqzCCAVWgAwIBAgIJALwZS731c/ORMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV | |
43 | > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw |
|
43 | > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw | |
44 | > MTAxNDIwNDUxNloXDTM1MDYwNTIwNDUxNlowMTESMBAGA1UEAwwJbG9jYWxob3N0 |
|
44 | > MTAxNDIwNDUxNloXDTM1MDYwNTIwNDUxNlowMTESMBAGA1UEAwwJbG9jYWxob3N0 | |
45 | > MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL |
|
45 | > MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL | |
46 | > ADBIAkEAsxsapLbHrqqUKuQBxdpK4G3m2LjtyrTSdpzzzFlecxd5yhNP6AyWrufo |
|
46 | > ADBIAkEAsxsapLbHrqqUKuQBxdpK4G3m2LjtyrTSdpzzzFlecxd5yhNP6AyWrufo | |
47 | > K4VMGo2xlu9xOo88nDSUNSKPuD09MwIDAQABo1AwTjAdBgNVHQ4EFgQUoIB1iMhN |
|
47 | > K4VMGo2xlu9xOo88nDSUNSKPuD09MwIDAQABo1AwTjAdBgNVHQ4EFgQUoIB1iMhN | |
48 | > y868rpQ2qk9dHnU6ebswHwYDVR0jBBgwFoAUoIB1iMhNy868rpQ2qk9dHnU6ebsw |
|
48 | > y868rpQ2qk9dHnU6ebswHwYDVR0jBBgwFoAUoIB1iMhNy868rpQ2qk9dHnU6ebsw | |
49 | > DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJ544f125CsE7J2t55PdFaF6 |
|
49 | > DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJ544f125CsE7J2t55PdFaF6 | |
50 | > bBlNBb91FCywBgSjhBjf+GG3TNPwrPdc3yqeq+hzJiuInqbOBv9abmMyq8Wsoig= |
|
50 | > bBlNBb91FCywBgSjhBjf+GG3TNPwrPdc3yqeq+hzJiuInqbOBv9abmMyq8Wsoig= | |
51 | > -----END CERTIFICATE----- |
|
51 | > -----END CERTIFICATE----- | |
52 | > EOT |
|
52 | > EOT | |
53 |
|
53 | |||
54 | pub.pem patched with other notBefore / notAfter: |
|
54 | pub.pem patched with other notBefore / notAfter: | |
55 |
|
55 | |||
56 | $ cat << EOT > pub-not-yet.pem |
|
56 | $ cat << EOT > pub-not-yet.pem | |
57 | > -----BEGIN CERTIFICATE----- |
|
57 | > -----BEGIN CERTIFICATE----- | |
58 | > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs |
|
58 | > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs | |
59 | > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTM1MDYwNTIwMzAxNFoXDTM1MDYw |
|
59 | > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTM1MDYwNTIwMzAxNFoXDTM1MDYw | |
60 | > NTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv |
|
60 | > NTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv | |
61 | > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK |
|
61 | > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK | |
62 | > EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA |
|
62 | > EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA | |
63 | > +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T |
|
63 | > +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T | |
64 | > BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJXV41gWnkgC7jcpPpFRSUSZaxyzrXmD1CIqQf0WgVDb |
|
64 | > BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJXV41gWnkgC7jcpPpFRSUSZaxyzrXmD1CIqQf0WgVDb | |
65 | > /12E0vR2DuZitgzUYtBaofM81aTtc0a2/YsrmqePGm0= |
|
65 | > /12E0vR2DuZitgzUYtBaofM81aTtc0a2/YsrmqePGm0= | |
66 | > -----END CERTIFICATE----- |
|
66 | > -----END CERTIFICATE----- | |
67 | > EOT |
|
67 | > EOT | |
68 | $ cat priv.pem pub-not-yet.pem > server-not-yet.pem |
|
68 | $ cat priv.pem pub-not-yet.pem > server-not-yet.pem | |
69 |
|
69 | |||
70 | $ cat << EOT > pub-expired.pem |
|
70 | $ cat << EOT > pub-expired.pem | |
71 | > -----BEGIN CERTIFICATE----- |
|
71 | > -----BEGIN CERTIFICATE----- | |
72 | > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs |
|
72 | > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs | |
73 | > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEwMTAxNDIwMzAxNFoXDTEwMTAx |
|
73 | > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEwMTAxNDIwMzAxNFoXDTEwMTAx | |
74 | > NDIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv |
|
74 | > NDIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv | |
75 | > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK |
|
75 | > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK | |
76 | > EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA |
|
76 | > EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA | |
77 | > +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T |
|
77 | > +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T | |
78 | > BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJfk57DTRf2nUbYaMSlVAARxMNbFGOjQhAUtY400GhKt |
|
78 | > BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJfk57DTRf2nUbYaMSlVAARxMNbFGOjQhAUtY400GhKt | |
79 | > 2uiKCNGKXVXD3AHWe13yHc5KttzbHQStE5Nm/DlWBWQ= |
|
79 | > 2uiKCNGKXVXD3AHWe13yHc5KttzbHQStE5Nm/DlWBWQ= | |
80 | > -----END CERTIFICATE----- |
|
80 | > -----END CERTIFICATE----- | |
81 | > EOT |
|
81 | > EOT | |
82 | $ cat priv.pem pub-expired.pem > server-expired.pem |
|
82 | $ cat priv.pem pub-expired.pem > server-expired.pem | |
83 |
|
83 | |||
84 | Client certificates created with: |
|
84 | Client certificates created with: | |
85 | openssl genrsa -aes128 -passout pass:1234 -out client-key.pem 512 |
|
85 | openssl genrsa -aes128 -passout pass:1234 -out client-key.pem 512 | |
86 | openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem |
|
86 | openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem | |
87 | printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' | \ |
|
87 | printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' | \ | |
88 | openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem |
|
88 | openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem | |
89 | openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \ |
|
89 | openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \ | |
90 | -set_serial 01 -out client-cert.pem |
|
90 | -set_serial 01 -out client-cert.pem | |
91 |
|
91 | |||
92 | $ cat << EOT > client-key.pem |
|
92 | $ cat << EOT > client-key.pem | |
93 | > -----BEGIN RSA PRIVATE KEY----- |
|
93 | > -----BEGIN RSA PRIVATE KEY----- | |
94 | > Proc-Type: 4,ENCRYPTED |
|
94 | > Proc-Type: 4,ENCRYPTED | |
95 | > DEK-Info: AES-128-CBC,C8B8F103A61A336FB0716D1C0F8BB2E8 |
|
95 | > DEK-Info: AES-128-CBC,C8B8F103A61A336FB0716D1C0F8BB2E8 | |
96 | > |
|
96 | > | |
97 | > JolMlCFjEW3q3JJjO9z99NJWeJbFgF5DpUOkfSCxH56hxxtZb9x++rBvBZkxX1bF |
|
97 | > JolMlCFjEW3q3JJjO9z99NJWeJbFgF5DpUOkfSCxH56hxxtZb9x++rBvBZkxX1bF | |
98 | > BAIe+iI90+jdCLwxbILWuFcrJUaLC5WmO14XDKYVmr2eW9e4MiCYOlO0Q6a9rDFS |
|
98 | > BAIe+iI90+jdCLwxbILWuFcrJUaLC5WmO14XDKYVmr2eW9e4MiCYOlO0Q6a9rDFS | |
99 | > jctRCfvubOXFHbBGLH8uKEMpXEkP7Lc60FiIukqjuQEivJjrQirVtZCGwyk3qUi7 |
|
99 | > jctRCfvubOXFHbBGLH8uKEMpXEkP7Lc60FiIukqjuQEivJjrQirVtZCGwyk3qUi7 | |
100 | > Eyh4Lo63IKGu8T1Bkmn2kaMvFhu7nC/CQLBjSq0YYI1tmCOkVb/3tPrz8oqgDJp2 |
|
100 | > Eyh4Lo63IKGu8T1Bkmn2kaMvFhu7nC/CQLBjSq0YYI1tmCOkVb/3tPrz8oqgDJp2 | |
101 | > u7bLS3q0xDNZ52nVrKIoZC/UlRXGlPyzPpa70/jPIdfCbkwDaBpRVXc+62Pj2n5/ |
|
101 | > u7bLS3q0xDNZ52nVrKIoZC/UlRXGlPyzPpa70/jPIdfCbkwDaBpRVXc+62Pj2n5/ | |
102 | > CnO2xaKwfOG6pDvanBhFD72vuBOkAYlFZPiEku4sc2WlNggsSWCPCIFwzmiHjKIl |
|
102 | > CnO2xaKwfOG6pDvanBhFD72vuBOkAYlFZPiEku4sc2WlNggsSWCPCIFwzmiHjKIl | |
103 | > bWmdoTq3nb7sNfnBbV0OCa7fS1dFwCm4R1NC7ELENu0= |
|
103 | > bWmdoTq3nb7sNfnBbV0OCa7fS1dFwCm4R1NC7ELENu0= | |
104 | > -----END RSA PRIVATE KEY----- |
|
104 | > -----END RSA PRIVATE KEY----- | |
105 | > EOT |
|
105 | > EOT | |
106 |
|
106 | |||
107 | $ cat << EOT > client-key-decrypted.pem |
|
107 | $ cat << EOT > client-key-decrypted.pem | |
108 | > -----BEGIN RSA PRIVATE KEY----- |
|
108 | > -----BEGIN RSA PRIVATE KEY----- | |
109 | > MIIBOgIBAAJBAJs4LS3glAYU92bg5kPgRPNW84ewB0fWJfAKccCp1ACHAdZPeaKb |
|
109 | > MIIBOgIBAAJBAJs4LS3glAYU92bg5kPgRPNW84ewB0fWJfAKccCp1ACHAdZPeaKb | |
110 | > FCinVMYKAVbVqBkyrZ/Tyr8aSfMz4xO4+KsCAwEAAQJAeKDr25+Q6jkZHEbkLRP6 |
|
110 | > FCinVMYKAVbVqBkyrZ/Tyr8aSfMz4xO4+KsCAwEAAQJAeKDr25+Q6jkZHEbkLRP6 | |
111 | > AfMtR+Ixhk6TJT24sbZKIC2V8KuJTDEvUhLU0CAr1nH79bDqiSsecOiVCr2HHyfT |
|
111 | > AfMtR+Ixhk6TJT24sbZKIC2V8KuJTDEvUhLU0CAr1nH79bDqiSsecOiVCr2HHyfT | |
112 | > AQIhAM2C5rHbTs9R3PkywFEqq1gU3ztCnpiWglO7/cIkuGBhAiEAwVpMSAf77kop |
|
112 | > AQIhAM2C5rHbTs9R3PkywFEqq1gU3ztCnpiWglO7/cIkuGBhAiEAwVpMSAf77kop | |
113 | > 4h/1kWsgMALQTJNsXd4CEUK4BOxvJIsCIQCbarVAKBQvoT81jfX27AfscsxnKnh5 |
|
113 | > 4h/1kWsgMALQTJNsXd4CEUK4BOxvJIsCIQCbarVAKBQvoT81jfX27AfscsxnKnh5 | |
114 | > +MjSvkanvdFZwQIgbbcTefwt1LV4trtz2SR0i0nNcOZmo40Kl0jIquKO3qkCIH01 |
|
114 | > +MjSvkanvdFZwQIgbbcTefwt1LV4trtz2SR0i0nNcOZmo40Kl0jIquKO3qkCIH01 | |
115 | > mJHzZr3+jQqeIFtr5P+Xqi30DJxgrnEobbJ0KFjY |
|
115 | > mJHzZr3+jQqeIFtr5P+Xqi30DJxgrnEobbJ0KFjY | |
116 | > -----END RSA PRIVATE KEY----- |
|
116 | > -----END RSA PRIVATE KEY----- | |
117 | > EOT |
|
117 | > EOT | |
118 |
|
118 | |||
119 | $ cat << EOT > client-cert.pem |
|
119 | $ cat << EOT > client-cert.pem | |
120 | > -----BEGIN CERTIFICATE----- |
|
120 | > -----BEGIN CERTIFICATE----- | |
121 | > MIIBPjCB6QIBATANBgkqhkiG9w0BAQsFADAxMRIwEAYDVQQDDAlsb2NhbGhvc3Qx |
|
121 | > MIIBPjCB6QIBATANBgkqhkiG9w0BAQsFADAxMRIwEAYDVQQDDAlsb2NhbGhvc3Qx | |
122 | > GzAZBgkqhkiG9w0BCQEWDGhnQGxvY2FsaG9zdDAeFw0xNTA1MDcwNjI5NDVaFw0z |
|
122 | > GzAZBgkqhkiG9w0BCQEWDGhnQGxvY2FsaG9zdDAeFw0xNTA1MDcwNjI5NDVaFw0z | |
123 | > OTEyMjcwNjI5NDVaMCQxIjAgBgkqhkiG9w0BCQEWE2hnLWNsaWVudEBsb2NhbGhv |
|
123 | > OTEyMjcwNjI5NDVaMCQxIjAgBgkqhkiG9w0BCQEWE2hnLWNsaWVudEBsb2NhbGhv | |
124 | > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAmzgtLeCUBhT3ZuDmQ+BE81bzh7AH |
|
124 | > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAmzgtLeCUBhT3ZuDmQ+BE81bzh7AH | |
125 | > R9Yl8ApxwKnUAIcB1k95opsUKKdUxgoBVtWoGTKtn9PKvxpJ8zPjE7j4qwIDAQAB |
|
125 | > R9Yl8ApxwKnUAIcB1k95opsUKKdUxgoBVtWoGTKtn9PKvxpJ8zPjE7j4qwIDAQAB | |
126 | > MA0GCSqGSIb3DQEBCwUAA0EAfBTqBG5pYhuGk+ZnyUufgS+d7Nk/sZAZjNdCAEj/ |
|
126 | > MA0GCSqGSIb3DQEBCwUAA0EAfBTqBG5pYhuGk+ZnyUufgS+d7Nk/sZAZjNdCAEj/ | |
127 | > NFPo5fR1jM6jlEWoWbeg298+SkjV7tfO+2nt0otUFkdM6A== |
|
127 | > NFPo5fR1jM6jlEWoWbeg298+SkjV7tfO+2nt0otUFkdM6A== | |
128 | > -----END CERTIFICATE----- |
|
128 | > -----END CERTIFICATE----- | |
129 | > EOT |
|
129 | > EOT | |
130 |
|
130 | |||
131 | $ hg init test |
|
131 | $ hg init test | |
132 | $ cd test |
|
132 | $ cd test | |
133 | $ echo foo>foo |
|
133 | $ echo foo>foo | |
134 | $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg |
|
134 | $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg | |
135 | $ echo foo>foo.d/foo |
|
135 | $ echo foo>foo.d/foo | |
136 | $ echo bar>foo.d/bAr.hg.d/BaR |
|
136 | $ echo bar>foo.d/bAr.hg.d/BaR | |
137 | $ echo bar>foo.d/baR.d.hg/bAR |
|
137 | $ echo bar>foo.d/baR.d.hg/bAR | |
138 | $ hg commit -A -m 1 |
|
138 | $ hg commit -A -m 1 | |
139 | adding foo |
|
139 | adding foo | |
140 | adding foo.d/bAr.hg.d/BaR |
|
140 | adding foo.d/bAr.hg.d/BaR | |
141 | adding foo.d/baR.d.hg/bAR |
|
141 | adding foo.d/baR.d.hg/bAR | |
142 | adding foo.d/foo |
|
142 | adding foo.d/foo | |
143 | $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV |
|
143 | $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV | |
144 | $ cat ../hg0.pid >> $DAEMON_PIDS |
|
144 | $ cat ../hg0.pid >> $DAEMON_PIDS | |
145 |
|
145 | |||
146 | cacert not found |
|
146 | cacert not found | |
147 |
|
147 | |||
148 | $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/ |
|
148 | $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/ | |
149 | abort: could not find web.cacerts: no-such.pem |
|
149 | abort: could not find web.cacerts: no-such.pem | |
150 | [255] |
|
150 | [255] | |
151 |
|
151 | |||
152 | Test server address cannot be reused |
|
152 | Test server address cannot be reused | |
153 |
|
153 | |||
154 | #if windows |
|
154 | #if windows | |
155 | $ hg serve -p $HGPORT --certificate=$PRIV 2>&1 |
|
155 | $ hg serve -p $HGPORT --certificate=$PRIV 2>&1 | |
156 | abort: cannot start server at ':$HGPORT': |
|
156 | abort: cannot start server at ':$HGPORT': | |
157 | [255] |
|
157 | [255] | |
158 | #else |
|
158 | #else | |
159 | $ hg serve -p $HGPORT --certificate=$PRIV 2>&1 |
|
159 | $ hg serve -p $HGPORT --certificate=$PRIV 2>&1 | |
160 | abort: cannot start server at ':$HGPORT': Address already in use |
|
160 | abort: cannot start server at ':$HGPORT': Address already in use | |
161 | [255] |
|
161 | [255] | |
162 | #endif |
|
162 | #endif | |
163 | $ cd .. |
|
163 | $ cd .. | |
164 |
|
164 | |||
165 | OS X has a dummy CA cert that enables use of the system CA store when using |
|
165 | OS X has a dummy CA cert that enables use of the system CA store when using | |
166 | Apple's OpenSSL. This trick do not work with plain OpenSSL. |
|
166 | Apple's OpenSSL. This trick do not work with plain OpenSSL. | |
167 |
|
167 | |||
168 | $ DISABLEOSXDUMMYCERT= |
|
168 | $ DISABLEOSXDUMMYCERT= | |
169 | #if defaultcacerts |
|
169 | #if defaultcacerts | |
170 | $ hg clone https://localhost:$HGPORT/ copy-pull |
|
170 | $ hg clone https://localhost:$HGPORT/ copy-pull | |
171 | abort: error: *certificate verify failed* (glob) |
|
171 | abort: error: *certificate verify failed* (glob) | |
172 | [255] |
|
172 | [255] | |
173 |
|
173 | |||
174 | $ DISABLEOSXDUMMYCERT="--insecure" |
|
174 | $ DISABLEOSXDUMMYCERT="--insecure" | |
175 | #endif |
|
175 | #endif | |
176 |
|
176 | |||
177 | clone via pull |
|
177 | clone via pull | |
178 |
|
178 | |||
179 | $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLEOSXDUMMYCERT |
|
179 | $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLEOSXDUMMYCERT | |
180 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) |
|
180 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | |
181 | requesting all changes |
|
181 | requesting all changes | |
182 | adding changesets |
|
182 | adding changesets | |
183 | adding manifests |
|
183 | adding manifests | |
184 | adding file changes |
|
184 | adding file changes | |
185 | added 1 changesets with 4 changes to 4 files |
|
185 | added 1 changesets with 4 changes to 4 files | |
186 | updating to branch default |
|
186 | updating to branch default | |
187 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
187 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
188 | $ hg verify -R copy-pull |
|
188 | $ hg verify -R copy-pull | |
189 | checking changesets |
|
189 | checking changesets | |
190 | checking manifests |
|
190 | checking manifests | |
191 | crosschecking files in changesets and manifests |
|
191 | crosschecking files in changesets and manifests | |
192 | checking files |
|
192 | checking files | |
193 | 4 files, 1 changesets, 4 total revisions |
|
193 | 4 files, 1 changesets, 4 total revisions | |
194 | $ cd test |
|
194 | $ cd test | |
195 | $ echo bar > bar |
|
195 | $ echo bar > bar | |
196 | $ hg commit -A -d '1 0' -m 2 |
|
196 | $ hg commit -A -d '1 0' -m 2 | |
197 | adding bar |
|
197 | adding bar | |
198 | $ cd .. |
|
198 | $ cd .. | |
199 |
|
199 | |||
200 | pull without cacert |
|
200 | pull without cacert | |
201 |
|
201 | |||
202 | $ cd copy-pull |
|
202 | $ cd copy-pull | |
203 | $ echo '[hooks]' >> .hg/hgrc |
|
203 | $ echo '[hooks]' >> .hg/hgrc | |
204 | $ echo "changegroup = printenv.py changegroup" >> .hg/hgrc |
|
204 | $ echo "changegroup = printenv.py changegroup" >> .hg/hgrc | |
205 | $ hg pull $DISABLEOSXDUMMYCERT |
|
205 | $ hg pull $DISABLEOSXDUMMYCERT | |
206 | pulling from https://localhost:$HGPORT/ |
|
206 | pulling from https://localhost:$HGPORT/ | |
207 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) |
|
207 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | |
208 | searching for changes |
|
208 | searching for changes | |
209 | adding changesets |
|
209 | adding changesets | |
210 | adding manifests |
|
210 | adding manifests | |
211 | adding file changes |
|
211 | adding file changes | |
212 | added 1 changesets with 1 changes to 1 files |
|
212 | added 1 changesets with 1 changes to 1 files | |
213 | changegroup hook: HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_TXNID=TXN:* HG_URL=https://localhost:$HGPORT/ (glob) |
|
213 | changegroup hook: HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_TXNID=TXN:* HG_URL=https://localhost:$HGPORT/ (glob) | |
214 | (run 'hg update' to get a working copy) |
|
214 | (run 'hg update' to get a working copy) | |
215 | $ cd .. |
|
215 | $ cd .. | |
216 |
|
216 | |||
217 | cacert configured in local repo |
|
217 | cacert configured in local repo | |
218 |
|
218 | |||
219 | $ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu |
|
219 | $ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu | |
220 | $ echo "[web]" >> copy-pull/.hg/hgrc |
|
220 | $ echo "[web]" >> copy-pull/.hg/hgrc | |
221 | $ echo "cacerts=`pwd`/pub.pem" >> copy-pull/.hg/hgrc |
|
221 | $ echo "cacerts=`pwd`/pub.pem" >> copy-pull/.hg/hgrc | |
222 | $ hg -R copy-pull pull --traceback |
|
222 | $ hg -R copy-pull pull --traceback | |
223 | pulling from https://localhost:$HGPORT/ |
|
223 | pulling from https://localhost:$HGPORT/ | |
224 | searching for changes |
|
224 | searching for changes | |
225 | no changes found |
|
225 | no changes found | |
226 | $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc |
|
226 | $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc | |
227 |
|
227 | |||
228 | cacert configured globally, also testing expansion of environment |
|
228 | cacert configured globally, also testing expansion of environment | |
229 | variables in the filename |
|
229 | variables in the filename | |
230 |
|
230 | |||
231 | $ echo "[web]" >> $HGRCPATH |
|
231 | $ echo "[web]" >> $HGRCPATH | |
232 | $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH |
|
232 | $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH | |
233 | $ P=`pwd` hg -R copy-pull pull |
|
233 | $ P=`pwd` hg -R copy-pull pull | |
234 | pulling from https://localhost:$HGPORT/ |
|
234 | pulling from https://localhost:$HGPORT/ | |
235 | searching for changes |
|
235 | searching for changes | |
236 | no changes found |
|
236 | no changes found | |
237 | $ P=`pwd` hg -R copy-pull pull --insecure |
|
237 | $ P=`pwd` hg -R copy-pull pull --insecure | |
238 | pulling from https://localhost:$HGPORT/ |
|
238 | pulling from https://localhost:$HGPORT/ | |
239 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) |
|
239 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | |
240 | searching for changes |
|
240 | searching for changes | |
241 | no changes found |
|
241 | no changes found | |
242 |
|
242 | |||
243 | cacert mismatch |
|
243 | cacert mismatch | |
244 |
|
244 | |||
245 | $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ |
|
245 | $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ | |
246 | pulling from https://127.0.0.1:$HGPORT/ |
|
246 | pulling from https://127.0.0.1:$HGPORT/ | |
247 | abort: 127.0.0.1 certificate error: certificate is for localhost |
|
247 | abort: 127.0.0.1 certificate error: certificate is for localhost | |
248 | (configure hostfingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca or use --insecure to connect insecurely) |
|
248 | (configure hostfingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca or use --insecure to connect insecurely) | |
249 | [255] |
|
249 | [255] | |
250 | $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure |
|
250 | $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure | |
251 | pulling from https://127.0.0.1:$HGPORT/ |
|
251 | pulling from https://127.0.0.1:$HGPORT/ | |
252 | warning: 127.0.0.1 certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) |
|
252 | warning: 127.0.0.1 certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | |
253 | searching for changes |
|
253 | searching for changes | |
254 | no changes found |
|
254 | no changes found | |
255 | $ hg -R copy-pull pull --config web.cacerts=pub-other.pem |
|
255 | $ hg -R copy-pull pull --config web.cacerts=pub-other.pem | |
256 | pulling from https://localhost:$HGPORT/ |
|
256 | pulling from https://localhost:$HGPORT/ | |
257 | abort: error: *certificate verify failed* (glob) |
|
257 | abort: error: *certificate verify failed* (glob) | |
258 | [255] |
|
258 | [255] | |
259 | $ hg -R copy-pull pull --config web.cacerts=pub-other.pem --insecure |
|
259 | $ hg -R copy-pull pull --config web.cacerts=pub-other.pem --insecure | |
260 | pulling from https://localhost:$HGPORT/ |
|
260 | pulling from https://localhost:$HGPORT/ | |
261 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) |
|
261 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | |
262 | searching for changes |
|
262 | searching for changes | |
263 | no changes found |
|
263 | no changes found | |
264 |
|
264 | |||
265 | Test server cert which isn't valid yet |
|
265 | Test server cert which isn't valid yet | |
266 |
|
266 | |||
267 | $ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem |
|
267 | $ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem | |
268 | $ cat hg1.pid >> $DAEMON_PIDS |
|
268 | $ cat hg1.pid >> $DAEMON_PIDS | |
269 | $ hg -R copy-pull pull --config web.cacerts=pub-not-yet.pem https://localhost:$HGPORT1/ |
|
269 | $ hg -R copy-pull pull --config web.cacerts=pub-not-yet.pem https://localhost:$HGPORT1/ | |
270 | pulling from https://localhost:$HGPORT1/ |
|
270 | pulling from https://localhost:$HGPORT1/ | |
271 | abort: error: *certificate verify failed* (glob) |
|
271 | abort: error: *certificate verify failed* (glob) | |
272 | [255] |
|
272 | [255] | |
273 |
|
273 | |||
274 | Test server cert which no longer is valid |
|
274 | Test server cert which no longer is valid | |
275 |
|
275 | |||
276 | $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem |
|
276 | $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem | |
277 | $ cat hg2.pid >> $DAEMON_PIDS |
|
277 | $ cat hg2.pid >> $DAEMON_PIDS | |
278 | $ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/ |
|
278 | $ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/ | |
279 | pulling from https://localhost:$HGPORT2/ |
|
279 | pulling from https://localhost:$HGPORT2/ | |
280 | abort: error: *certificate verify failed* (glob) |
|
280 | abort: error: *certificate verify failed* (glob) | |
281 | [255] |
|
281 | [255] | |
282 |
|
282 | |||
283 | Fingerprints |
|
283 | Fingerprints | |
284 |
|
284 | |||
285 | - works without cacerts |
|
285 | - works without cacerts (hostkeyfingerprints) | |
286 | $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca |
|
286 | $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca | |
287 | 5fed3813f7f5 |
|
287 | 5fed3813f7f5 | |
288 |
|
288 | |||
|
289 | - works without cacerts (hostsecurity) | |||
|
290 | $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:914f1aff87249c09b6859b88b1906d30756491ca | |||
|
291 | 5fed3813f7f5 | |||
|
292 | ||||
|
293 | $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 | |||
|
294 | 5fed3813f7f5 | |||
|
295 | ||||
289 | - multiple fingerprints specified and first matches |
|
296 | - multiple fingerprints specified and first matches | |
290 | $ hg --config 'hostfingerprints.localhost=914f1aff87249c09b6859b88b1906d30756491ca, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure |
|
297 | $ hg --config 'hostfingerprints.localhost=914f1aff87249c09b6859b88b1906d30756491ca, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure | |
291 | 5fed3813f7f5 |
|
298 | 5fed3813f7f5 | |
292 |
|
299 | |||
|
300 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:914f1aff87249c09b6859b88b1906d30756491ca, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ | |||
|
301 | 5fed3813f7f5 | |||
|
302 | ||||
293 | - multiple fingerprints specified and last matches |
|
303 | - multiple fingerprints specified and last matches | |
294 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, 914f1aff87249c09b6859b88b1906d30756491ca' -R copy-pull id https://localhost:$HGPORT/ --insecure |
|
304 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, 914f1aff87249c09b6859b88b1906d30756491ca' -R copy-pull id https://localhost:$HGPORT/ --insecure | |
295 | 5fed3813f7f5 |
|
305 | 5fed3813f7f5 | |
296 |
|
306 | |||
|
307 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:914f1aff87249c09b6859b88b1906d30756491ca' -R copy-pull id https://localhost:$HGPORT/ | |||
|
308 | 5fed3813f7f5 | |||
|
309 | ||||
297 | - multiple fingerprints specified and none match |
|
310 | - multiple fingerprints specified and none match | |
298 |
|
311 | |||
299 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure |
|
312 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure | |
300 | abort: certificate for localhost has unexpected fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca |
|
313 | abort: certificate for localhost has unexpected fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca | |
301 | (check hostfingerprint configuration) |
|
314 | (check hostfingerprint configuration) | |
302 | [255] |
|
315 | [255] | |
303 |
|
316 | |||
|
317 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ | |||
|
318 | abort: certificate for localhost has unexpected fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca | |||
|
319 | (check hostfingerprint configuration) | |||
|
320 | [255] | |||
|
321 | ||||
304 | - fails when cert doesn't match hostname (port is ignored) |
|
322 | - fails when cert doesn't match hostname (port is ignored) | |
305 | $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=914f1aff87249c09b6859b88b1906d30756491ca |
|
323 | $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=914f1aff87249c09b6859b88b1906d30756491ca | |
306 | abort: certificate for localhost has unexpected fingerprint 28:ff:71:bf:65:31:14:23:ad:62:92:b4:0e:31:99:18:fc:83:e3:9b |
|
324 | abort: certificate for localhost has unexpected fingerprint 28:ff:71:bf:65:31:14:23:ad:62:92:b4:0e:31:99:18:fc:83:e3:9b | |
307 | (check hostfingerprint configuration) |
|
325 | (check hostfingerprint configuration) | |
308 | [255] |
|
326 | [255] | |
309 |
|
327 | |||
310 |
|
328 | |||
311 | - ignores that certificate doesn't match hostname |
|
329 | - ignores that certificate doesn't match hostname | |
312 | $ hg -R copy-pull id https://127.0.0.1:$HGPORT/ --config hostfingerprints.127.0.0.1=914f1aff87249c09b6859b88b1906d30756491ca |
|
330 | $ hg -R copy-pull id https://127.0.0.1:$HGPORT/ --config hostfingerprints.127.0.0.1=914f1aff87249c09b6859b88b1906d30756491ca | |
313 | 5fed3813f7f5 |
|
331 | 5fed3813f7f5 | |
314 |
|
332 | |||
315 | HGPORT1 is reused below for tinyproxy tests. Kill that server. |
|
333 | HGPORT1 is reused below for tinyproxy tests. Kill that server. | |
316 | $ killdaemons.py hg1.pid |
|
334 | $ killdaemons.py hg1.pid | |
317 |
|
335 | |||
318 | Prepare for connecting through proxy |
|
336 | Prepare for connecting through proxy | |
319 |
|
337 | |||
320 | $ tinyproxy.py $HGPORT1 localhost >proxy.log </dev/null 2>&1 & |
|
338 | $ tinyproxy.py $HGPORT1 localhost >proxy.log </dev/null 2>&1 & | |
321 | $ while [ ! -f proxy.pid ]; do sleep 0; done |
|
339 | $ while [ ! -f proxy.pid ]; do sleep 0; done | |
322 | $ cat proxy.pid >> $DAEMON_PIDS |
|
340 | $ cat proxy.pid >> $DAEMON_PIDS | |
323 |
|
341 | |||
324 | $ echo "[http_proxy]" >> copy-pull/.hg/hgrc |
|
342 | $ echo "[http_proxy]" >> copy-pull/.hg/hgrc | |
325 | $ echo "always=True" >> copy-pull/.hg/hgrc |
|
343 | $ echo "always=True" >> copy-pull/.hg/hgrc | |
326 | $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc |
|
344 | $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc | |
327 | $ echo "localhost =" >> copy-pull/.hg/hgrc |
|
345 | $ echo "localhost =" >> copy-pull/.hg/hgrc | |
328 |
|
346 | |||
329 | Test unvalidated https through proxy |
|
347 | Test unvalidated https through proxy | |
330 |
|
348 | |||
331 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure --traceback |
|
349 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure --traceback | |
332 | pulling from https://localhost:$HGPORT/ |
|
350 | pulling from https://localhost:$HGPORT/ | |
333 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) |
|
351 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | |
334 | searching for changes |
|
352 | searching for changes | |
335 | no changes found |
|
353 | no changes found | |
336 |
|
354 | |||
337 | Test https with cacert and fingerprint through proxy |
|
355 | Test https with cacert and fingerprint through proxy | |
338 |
|
356 | |||
339 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub.pem |
|
357 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub.pem | |
340 | pulling from https://localhost:$HGPORT/ |
|
358 | pulling from https://localhost:$HGPORT/ | |
341 | searching for changes |
|
359 | searching for changes | |
342 | no changes found |
|
360 | no changes found | |
343 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://127.0.0.1:$HGPORT/ --config hostfingerprints.127.0.0.1=914f1aff87249c09b6859b88b1906d30756491ca |
|
361 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://127.0.0.1:$HGPORT/ --config hostfingerprints.127.0.0.1=914f1aff87249c09b6859b88b1906d30756491ca | |
344 | pulling from https://127.0.0.1:$HGPORT/ |
|
362 | pulling from https://127.0.0.1:$HGPORT/ | |
345 | searching for changes |
|
363 | searching for changes | |
346 | no changes found |
|
364 | no changes found | |
347 |
|
365 | |||
348 | Test https with cert problems through proxy |
|
366 | Test https with cert problems through proxy | |
349 |
|
367 | |||
350 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-other.pem |
|
368 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-other.pem | |
351 | pulling from https://localhost:$HGPORT/ |
|
369 | pulling from https://localhost:$HGPORT/ | |
352 | abort: error: *certificate verify failed* (glob) |
|
370 | abort: error: *certificate verify failed* (glob) | |
353 | [255] |
|
371 | [255] | |
354 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/ |
|
372 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/ | |
355 | pulling from https://localhost:$HGPORT2/ |
|
373 | pulling from https://localhost:$HGPORT2/ | |
356 | abort: error: *certificate verify failed* (glob) |
|
374 | abort: error: *certificate verify failed* (glob) | |
357 | [255] |
|
375 | [255] | |
358 |
|
376 | |||
359 |
|
377 | |||
360 | $ killdaemons.py hg0.pid |
|
378 | $ killdaemons.py hg0.pid | |
361 |
|
379 | |||
362 | #if sslcontext |
|
380 | #if sslcontext | |
363 |
|
381 | |||
364 | Start patched hgweb that requires client certificates: |
|
382 | Start patched hgweb that requires client certificates: | |
365 |
|
383 | |||
366 | $ cat << EOT > reqclientcert.py |
|
384 | $ cat << EOT > reqclientcert.py | |
367 | > import ssl |
|
385 | > import ssl | |
368 | > from mercurial.hgweb import server |
|
386 | > from mercurial.hgweb import server | |
369 | > class _httprequesthandlersslclientcert(server._httprequesthandlerssl): |
|
387 | > class _httprequesthandlersslclientcert(server._httprequesthandlerssl): | |
370 | > @staticmethod |
|
388 | > @staticmethod | |
371 | > def preparehttpserver(httpserver, ssl_cert): |
|
389 | > def preparehttpserver(httpserver, ssl_cert): | |
372 | > sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLSv1) |
|
390 | > sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLSv1) | |
373 | > sslcontext.verify_mode = ssl.CERT_REQUIRED |
|
391 | > sslcontext.verify_mode = ssl.CERT_REQUIRED | |
374 | > sslcontext.load_cert_chain(ssl_cert) |
|
392 | > sslcontext.load_cert_chain(ssl_cert) | |
375 | > # verify clients by server certificate |
|
393 | > # verify clients by server certificate | |
376 | > sslcontext.load_verify_locations(ssl_cert) |
|
394 | > sslcontext.load_verify_locations(ssl_cert) | |
377 | > httpserver.socket = sslcontext.wrap_socket(httpserver.socket, |
|
395 | > httpserver.socket = sslcontext.wrap_socket(httpserver.socket, | |
378 | > server_side=True) |
|
396 | > server_side=True) | |
379 | > server._httprequesthandlerssl = _httprequesthandlersslclientcert |
|
397 | > server._httprequesthandlerssl = _httprequesthandlersslclientcert | |
380 | > EOT |
|
398 | > EOT | |
381 | $ cd test |
|
399 | $ cd test | |
382 | $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \ |
|
400 | $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \ | |
383 | > --config extensions.reqclientcert=../reqclientcert.py |
|
401 | > --config extensions.reqclientcert=../reqclientcert.py | |
384 | $ cat ../hg0.pid >> $DAEMON_PIDS |
|
402 | $ cat ../hg0.pid >> $DAEMON_PIDS | |
385 | $ cd .. |
|
403 | $ cd .. | |
386 |
|
404 | |||
387 | without client certificate: |
|
405 | without client certificate: | |
388 |
|
406 | |||
389 | $ P=`pwd` hg id https://localhost:$HGPORT/ |
|
407 | $ P=`pwd` hg id https://localhost:$HGPORT/ | |
390 | abort: error: *handshake failure* (glob) |
|
408 | abort: error: *handshake failure* (glob) | |
391 | [255] |
|
409 | [255] | |
392 |
|
410 | |||
393 | with client certificate: |
|
411 | with client certificate: | |
394 |
|
412 | |||
395 | $ cat << EOT >> $HGRCPATH |
|
413 | $ cat << EOT >> $HGRCPATH | |
396 | > [auth] |
|
414 | > [auth] | |
397 | > l.prefix = localhost |
|
415 | > l.prefix = localhost | |
398 | > l.cert = client-cert.pem |
|
416 | > l.cert = client-cert.pem | |
399 | > l.key = client-key.pem |
|
417 | > l.key = client-key.pem | |
400 | > EOT |
|
418 | > EOT | |
401 |
|
419 | |||
402 | $ P=`pwd` hg id https://localhost:$HGPORT/ \ |
|
420 | $ P=`pwd` hg id https://localhost:$HGPORT/ \ | |
403 | > --config auth.l.key=client-key-decrypted.pem |
|
421 | > --config auth.l.key=client-key-decrypted.pem | |
404 | 5fed3813f7f5 |
|
422 | 5fed3813f7f5 | |
405 |
|
423 | |||
406 | $ printf '1234\n' | env P=`pwd` hg id https://localhost:$HGPORT/ \ |
|
424 | $ printf '1234\n' | env P=`pwd` hg id https://localhost:$HGPORT/ \ | |
407 | > --config ui.interactive=True --config ui.nontty=True |
|
425 | > --config ui.interactive=True --config ui.nontty=True | |
408 | passphrase for client-key.pem: 5fed3813f7f5 |
|
426 | passphrase for client-key.pem: 5fed3813f7f5 | |
409 |
|
427 | |||
410 | $ env P=`pwd` hg id https://localhost:$HGPORT/ |
|
428 | $ env P=`pwd` hg id https://localhost:$HGPORT/ | |
411 | abort: error: * (glob) |
|
429 | abort: error: * (glob) | |
412 | [255] |
|
430 | [255] | |
413 |
|
431 | |||
414 | #endif |
|
432 | #endif |
General Comments 0
You need to be logged in to leave comments.
Login now