##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

sslutil: allow fingerprints to be specified in [hostsecurity]...
Gregory Szorc -
r29267:f0ccb6cd default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,2092 +1,2127
1 1 The Mercurial system uses a set of configuration files to control
2 2 aspects of its behavior.
3 3
4 4 Troubleshooting
5 5 ===============
6 6
7 7 If you're having problems with your configuration,
8 8 :hg:`config --debug` can help you understand what is introducing
9 9 a setting into your environment.
10 10
11 11 See :hg:`help config.syntax` and :hg:`help config.files`
12 12 for information about how and where to override things.
13 13
14 14 Structure
15 15 =========
16 16
17 17 The configuration files use a simple ini-file format. A configuration
18 18 file consists of sections, led by a ``[section]`` header and followed
19 19 by ``name = value`` entries::
20 20
21 21 [ui]
22 22 username = Firstname Lastname <firstname.lastname@example.net>
23 23 verbose = True
24 24
25 25 The above entries will be referred to as ``ui.username`` and
26 26 ``ui.verbose``, respectively. See :hg:`help config.syntax`.
27 27
28 28 Files
29 29 =====
30 30
31 31 Mercurial reads configuration data from several files, if they exist.
32 32 These files do not exist by default and you will have to create the
33 33 appropriate configuration files yourself:
34 34
35 35 Local configuration is put into the per-repository ``<repo>/.hg/hgrc`` file.
36 36
37 37 Global configuration like the username setting is typically put into:
38 38
39 39 .. container:: windows
40 40
41 41 - ``%USERPROFILE%\mercurial.ini`` (on Windows)
42 42
43 43 .. container:: unix.plan9
44 44
45 45 - ``$HOME/.hgrc`` (on Unix, Plan9)
46 46
47 47 The names of these files depend on the system on which Mercurial is
48 48 installed. ``*.rc`` files from a single directory are read in
49 49 alphabetical order, later ones overriding earlier ones. Where multiple
50 50 paths are given below, settings from earlier paths override later
51 51 ones.
52 52
53 53 .. container:: verbose.unix
54 54
55 55 On Unix, the following files are consulted:
56 56
57 57 - ``<repo>/.hg/hgrc`` (per-repository)
58 58 - ``$HOME/.hgrc`` (per-user)
59 59 - ``<install-root>/etc/mercurial/hgrc`` (per-installation)
60 60 - ``<install-root>/etc/mercurial/hgrc.d/*.rc`` (per-installation)
61 61 - ``/etc/mercurial/hgrc`` (per-system)
62 62 - ``/etc/mercurial/hgrc.d/*.rc`` (per-system)
63 63 - ``<internal>/default.d/*.rc`` (defaults)
64 64
65 65 .. container:: verbose.windows
66 66
67 67 On Windows, the following files are consulted:
68 68
69 69 - ``<repo>/.hg/hgrc`` (per-repository)
70 70 - ``%USERPROFILE%\.hgrc`` (per-user)
71 71 - ``%USERPROFILE%\Mercurial.ini`` (per-user)
72 72 - ``%HOME%\.hgrc`` (per-user)
73 73 - ``%HOME%\Mercurial.ini`` (per-user)
74 74 - ``HKEY_LOCAL_MACHINE\SOFTWARE\Mercurial`` (per-installation)
75 75 - ``<install-dir>\hgrc.d\*.rc`` (per-installation)
76 76 - ``<install-dir>\Mercurial.ini`` (per-installation)
77 77 - ``<internal>/default.d/*.rc`` (defaults)
78 78
79 79 .. note::
80 80
81 81 The registry key ``HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mercurial``
82 82 is used when running 32-bit Python on 64-bit Windows.
83 83
84 84 .. container:: windows
85 85
86 86 On Windows 9x, ``%HOME%`` is replaced by ``%APPDATA%``.
87 87
88 88 .. container:: verbose.plan9
89 89
90 90 On Plan9, the following files are consulted:
91 91
92 92 - ``<repo>/.hg/hgrc`` (per-repository)
93 93 - ``$home/lib/hgrc`` (per-user)
94 94 - ``<install-root>/lib/mercurial/hgrc`` (per-installation)
95 95 - ``<install-root>/lib/mercurial/hgrc.d/*.rc`` (per-installation)
96 96 - ``/lib/mercurial/hgrc`` (per-system)
97 97 - ``/lib/mercurial/hgrc.d/*.rc`` (per-system)
98 98 - ``<internal>/default.d/*.rc`` (defaults)
99 99
100 100 Per-repository configuration options only apply in a
101 101 particular repository. This file is not version-controlled, and
102 102 will not get transferred during a "clone" operation. Options in
103 103 this file override options in all other configuration files.
104 104
105 105 .. container:: unix.plan9
106 106
107 107 On Plan 9 and Unix, most of this file will be ignored if it doesn't
108 108 belong to a trusted user or to a trusted group. See
109 109 :hg:`help config.trusted` for more details.
110 110
111 111 Per-user configuration file(s) are for the user running Mercurial. Options
112 112 in these files apply to all Mercurial commands executed by this user in any
113 113 directory. Options in these files override per-system and per-installation
114 114 options.
115 115
116 116 Per-installation configuration files are searched for in the
117 117 directory where Mercurial is installed. ``<install-root>`` is the
118 118 parent directory of the **hg** executable (or symlink) being run.
119 119
120 120 .. container:: unix.plan9
121 121
122 122 For example, if installed in ``/shared/tools/bin/hg``, Mercurial
123 123 will look in ``/shared/tools/etc/mercurial/hgrc``. Options in these
124 124 files apply to all Mercurial commands executed by any user in any
125 125 directory.
126 126
127 127 Per-installation configuration files are for the system on
128 128 which Mercurial is running. Options in these files apply to all
129 129 Mercurial commands executed by any user in any directory. Registry
130 130 keys contain PATH-like strings, every part of which must reference
131 131 a ``Mercurial.ini`` file or be a directory where ``*.rc`` files will
132 132 be read. Mercurial checks each of these locations in the specified
133 133 order until one or more configuration files are detected.
134 134
135 135 Per-system configuration files are for the system on which Mercurial
136 136 is running. Options in these files apply to all Mercurial commands
137 137 executed by any user in any directory. Options in these files
138 138 override per-installation options.
139 139
140 140 Mercurial comes with some default configuration. The default configuration
141 141 files are installed with Mercurial and will be overwritten on upgrades. Default
142 142 configuration files should never be edited by users or administrators but can
143 143 be overridden in other configuration files. So far the directory only contains
144 144 merge tool configuration but packagers can also put other default configuration
145 145 there.
146 146
147 147 Syntax
148 148 ======
149 149
150 150 A configuration file consists of sections, led by a ``[section]`` header
151 151 and followed by ``name = value`` entries (sometimes called
152 152 ``configuration keys``)::
153 153
154 154 [spam]
155 155 eggs=ham
156 156 green=
157 157 eggs
158 158
159 159 Each line contains one entry. If the lines that follow are indented,
160 160 they are treated as continuations of that entry. Leading whitespace is
161 161 removed from values. Empty lines are skipped. Lines beginning with
162 162 ``#`` or ``;`` are ignored and may be used to provide comments.
163 163
164 164 Configuration keys can be set multiple times, in which case Mercurial
165 165 will use the value that was configured last. As an example::
166 166
167 167 [spam]
168 168 eggs=large
169 169 ham=serrano
170 170 eggs=small
171 171
172 172 This would set the configuration key named ``eggs`` to ``small``.
173 173
174 174 It is also possible to define a section multiple times. A section can
175 175 be redefined on the same and/or on different configuration files. For
176 176 example::
177 177
178 178 [foo]
179 179 eggs=large
180 180 ham=serrano
181 181 eggs=small
182 182
183 183 [bar]
184 184 eggs=ham
185 185 green=
186 186 eggs
187 187
188 188 [foo]
189 189 ham=prosciutto
190 190 eggs=medium
191 191 bread=toasted
192 192
193 193 This would set the ``eggs``, ``ham``, and ``bread`` configuration keys
194 194 of the ``foo`` section to ``medium``, ``prosciutto``, and ``toasted``,
195 195 respectively. As you can see there only thing that matters is the last
196 196 value that was set for each of the configuration keys.
197 197
198 198 If a configuration key is set multiple times in different
199 199 configuration files the final value will depend on the order in which
200 200 the different configuration files are read, with settings from earlier
201 201 paths overriding later ones as described on the ``Files`` section
202 202 above.
203 203
204 204 A line of the form ``%include file`` will include ``file`` into the
205 205 current configuration file. The inclusion is recursive, which means
206 206 that included files can include other files. Filenames are relative to
207 207 the configuration file in which the ``%include`` directive is found.
208 208 Environment variables and ``~user`` constructs are expanded in
209 209 ``file``. This lets you do something like::
210 210
211 211 %include ~/.hgrc.d/$HOST.rc
212 212
213 213 to include a different configuration file on each computer you use.
214 214
215 215 A line with ``%unset name`` will remove ``name`` from the current
216 216 section, if it has been set previously.
217 217
218 218 The values are either free-form text strings, lists of text strings,
219 219 or Boolean values. Boolean values can be set to true using any of "1",
220 220 "yes", "true", or "on" and to false using "0", "no", "false", or "off"
221 221 (all case insensitive).
222 222
223 223 List values are separated by whitespace or comma, except when values are
224 224 placed in double quotation marks::
225 225
226 226 allow_read = "John Doe, PhD", brian, betty
227 227
228 228 Quotation marks can be escaped by prefixing them with a backslash. Only
229 229 quotation marks at the beginning of a word is counted as a quotation
230 230 (e.g., ``foo"bar baz`` is the list of ``foo"bar`` and ``baz``).
231 231
232 232 Sections
233 233 ========
234 234
235 235 This section describes the different sections that may appear in a
236 236 Mercurial configuration file, the purpose of each section, its possible
237 237 keys, and their possible values.
238 238
239 239 ``alias``
240 240 ---------
241 241
242 242 Defines command aliases.
243 243
244 244 Aliases allow you to define your own commands in terms of other
245 245 commands (or aliases), optionally including arguments. Positional
246 246 arguments in the form of ``$1``, ``$2``, etc. in the alias definition
247 247 are expanded by Mercurial before execution. Positional arguments not
248 248 already used by ``$N`` in the definition are put at the end of the
249 249 command to be executed.
250 250
251 251 Alias definitions consist of lines of the form::
252 252
253 253 <alias> = <command> [<argument>]...
254 254
255 255 For example, this definition::
256 256
257 257 latest = log --limit 5
258 258
259 259 creates a new command ``latest`` that shows only the five most recent
260 260 changesets. You can define subsequent aliases using earlier ones::
261 261
262 262 stable5 = latest -b stable
263 263
264 264 .. note::
265 265
266 266 It is possible to create aliases with the same names as
267 267 existing commands, which will then override the original
268 268 definitions. This is almost always a bad idea!
269 269
270 270 An alias can start with an exclamation point (``!``) to make it a
271 271 shell alias. A shell alias is executed with the shell and will let you
272 272 run arbitrary commands. As an example, ::
273 273
274 274 echo = !echo $@
275 275
276 276 will let you do ``hg echo foo`` to have ``foo`` printed in your
277 277 terminal. A better example might be::
278 278
279 279 purge = !$HG status --no-status --unknown -0 re: | xargs -0 rm
280 280
281 281 which will make ``hg purge`` delete all unknown files in the
282 282 repository in the same manner as the purge extension.
283 283
284 284 Positional arguments like ``$1``, ``$2``, etc. in the alias definition
285 285 expand to the command arguments. Unmatched arguments are
286 286 removed. ``$0`` expands to the alias name and ``$@`` expands to all
287 287 arguments separated by a space. ``"$@"`` (with quotes) expands to all
288 288 arguments quoted individually and separated by a space. These expansions
289 289 happen before the command is passed to the shell.
290 290
291 291 Shell aliases are executed in an environment where ``$HG`` expands to
292 292 the path of the Mercurial that was used to execute the alias. This is
293 293 useful when you want to call further Mercurial commands in a shell
294 294 alias, as was done above for the purge alias. In addition,
295 295 ``$HG_ARGS`` expands to the arguments given to Mercurial. In the ``hg
296 296 echo foo`` call above, ``$HG_ARGS`` would expand to ``echo foo``.
297 297
298 298 .. note::
299 299
300 300 Some global configuration options such as ``-R`` are
301 301 processed before shell aliases and will thus not be passed to
302 302 aliases.
303 303
304 304
305 305 ``annotate``
306 306 ------------
307 307
308 308 Settings used when displaying file annotations. All values are
309 309 Booleans and default to False. See :hg:`help config.diff` for
310 310 related options for the diff command.
311 311
312 312 ``ignorews``
313 313 Ignore white space when comparing lines.
314 314
315 315 ``ignorewsamount``
316 316 Ignore changes in the amount of white space.
317 317
318 318 ``ignoreblanklines``
319 319 Ignore changes whose lines are all blank.
320 320
321 321
322 322 ``auth``
323 323 --------
324 324
325 325 Authentication credentials for HTTP authentication. This section
326 326 allows you to store usernames and passwords for use when logging
327 327 *into* HTTP servers. See :hg:`help config.web` if
328 328 you want to configure *who* can login to your HTTP server.
329 329
330 330 Each line has the following format::
331 331
332 332 <name>.<argument> = <value>
333 333
334 334 where ``<name>`` is used to group arguments into authentication
335 335 entries. Example::
336 336
337 337 foo.prefix = hg.intevation.de/mercurial
338 338 foo.username = foo
339 339 foo.password = bar
340 340 foo.schemes = http https
341 341
342 342 bar.prefix = secure.example.org
343 343 bar.key = path/to/file.key
344 344 bar.cert = path/to/file.cert
345 345 bar.schemes = https
346 346
347 347 Supported arguments:
348 348
349 349 ``prefix``
350 350 Either ``*`` or a URI prefix with or without the scheme part.
351 351 The authentication entry with the longest matching prefix is used
352 352 (where ``*`` matches everything and counts as a match of length
353 353 1). If the prefix doesn't include a scheme, the match is performed
354 354 against the URI with its scheme stripped as well, and the schemes
355 355 argument, q.v., is then subsequently consulted.
356 356
357 357 ``username``
358 358 Optional. Username to authenticate with. If not given, and the
359 359 remote site requires basic or digest authentication, the user will
360 360 be prompted for it. Environment variables are expanded in the
361 361 username letting you do ``foo.username = $USER``. If the URI
362 362 includes a username, only ``[auth]`` entries with a matching
363 363 username or without a username will be considered.
364 364
365 365 ``password``
366 366 Optional. Password to authenticate with. If not given, and the
367 367 remote site requires basic or digest authentication, the user
368 368 will be prompted for it.
369 369
370 370 ``key``
371 371 Optional. PEM encoded client certificate key file. Environment
372 372 variables are expanded in the filename.
373 373
374 374 ``cert``
375 375 Optional. PEM encoded client certificate chain file. Environment
376 376 variables are expanded in the filename.
377 377
378 378 ``schemes``
379 379 Optional. Space separated list of URI schemes to use this
380 380 authentication entry with. Only used if the prefix doesn't include
381 381 a scheme. Supported schemes are http and https. They will match
382 382 static-http and static-https respectively, as well.
383 383 (default: https)
384 384
385 385 If no suitable authentication entry is found, the user is prompted
386 386 for credentials as usual if required by the remote.
387 387
388 388
389 389 ``committemplate``
390 390 ------------------
391 391
392 392 ``changeset``
393 393 String: configuration in this section is used as the template to
394 394 customize the text shown in the editor when committing.
395 395
396 396 In addition to pre-defined template keywords, commit log specific one
397 397 below can be used for customization:
398 398
399 399 ``extramsg``
400 400 String: Extra message (typically 'Leave message empty to abort
401 401 commit.'). This may be changed by some commands or extensions.
402 402
403 403 For example, the template configuration below shows as same text as
404 404 one shown by default::
405 405
406 406 [committemplate]
407 407 changeset = {desc}\n\n
408 408 HG: Enter commit message. Lines beginning with 'HG:' are removed.
409 409 HG: {extramsg}
410 410 HG: --
411 411 HG: user: {author}\n{ifeq(p2rev, "-1", "",
412 412 "HG: branch merge\n")
413 413 }HG: branch '{branch}'\n{if(activebookmark,
414 414 "HG: bookmark '{activebookmark}'\n") }{subrepos %
415 415 "HG: subrepo {subrepo}\n" }{file_adds %
416 416 "HG: added {file}\n" }{file_mods %
417 417 "HG: changed {file}\n" }{file_dels %
418 418 "HG: removed {file}\n" }{if(files, "",
419 419 "HG: no files changed\n")}
420 420
421 421 .. note::
422 422
423 423 For some problematic encodings (see :hg:`help win32mbcs` for
424 424 detail), this customization should be configured carefully, to
425 425 avoid showing broken characters.
426 426
427 427 For example, if a multibyte character ending with backslash (0x5c) is
428 428 followed by the ASCII character 'n' in the customized template,
429 429 the sequence of backslash and 'n' is treated as line-feed unexpectedly
430 430 (and the multibyte character is broken, too).
431 431
432 432 Customized template is used for commands below (``--edit`` may be
433 433 required):
434 434
435 435 - :hg:`backout`
436 436 - :hg:`commit`
437 437 - :hg:`fetch` (for merge commit only)
438 438 - :hg:`graft`
439 439 - :hg:`histedit`
440 440 - :hg:`import`
441 441 - :hg:`qfold`, :hg:`qnew` and :hg:`qrefresh`
442 442 - :hg:`rebase`
443 443 - :hg:`shelve`
444 444 - :hg:`sign`
445 445 - :hg:`tag`
446 446 - :hg:`transplant`
447 447
448 448 Configuring items below instead of ``changeset`` allows showing
449 449 customized message only for specific actions, or showing different
450 450 messages for each action.
451 451
452 452 - ``changeset.backout`` for :hg:`backout`
453 453 - ``changeset.commit.amend.merge`` for :hg:`commit --amend` on merges
454 454 - ``changeset.commit.amend.normal`` for :hg:`commit --amend` on other
455 455 - ``changeset.commit.normal.merge`` for :hg:`commit` on merges
456 456 - ``changeset.commit.normal.normal`` for :hg:`commit` on other
457 457 - ``changeset.fetch`` for :hg:`fetch` (impling merge commit)
458 458 - ``changeset.gpg.sign`` for :hg:`sign`
459 459 - ``changeset.graft`` for :hg:`graft`
460 460 - ``changeset.histedit.edit`` for ``edit`` of :hg:`histedit`
461 461 - ``changeset.histedit.fold`` for ``fold`` of :hg:`histedit`
462 462 - ``changeset.histedit.mess`` for ``mess`` of :hg:`histedit`
463 463 - ``changeset.histedit.pick`` for ``pick`` of :hg:`histedit`
464 464 - ``changeset.import.bypass`` for :hg:`import --bypass`
465 465 - ``changeset.import.normal.merge`` for :hg:`import` on merges
466 466 - ``changeset.import.normal.normal`` for :hg:`import` on other
467 467 - ``changeset.mq.qnew`` for :hg:`qnew`
468 468 - ``changeset.mq.qfold`` for :hg:`qfold`
469 469 - ``changeset.mq.qrefresh`` for :hg:`qrefresh`
470 470 - ``changeset.rebase.collapse`` for :hg:`rebase --collapse`
471 471 - ``changeset.rebase.merge`` for :hg:`rebase` on merges
472 472 - ``changeset.rebase.normal`` for :hg:`rebase` on other
473 473 - ``changeset.shelve.shelve`` for :hg:`shelve`
474 474 - ``changeset.tag.add`` for :hg:`tag` without ``--remove``
475 475 - ``changeset.tag.remove`` for :hg:`tag --remove`
476 476 - ``changeset.transplant.merge`` for :hg:`transplant` on merges
477 477 - ``changeset.transplant.normal`` for :hg:`transplant` on other
478 478
479 479 These dot-separated lists of names are treated as hierarchical ones.
480 480 For example, ``changeset.tag.remove`` customizes the commit message
481 481 only for :hg:`tag --remove`, but ``changeset.tag`` customizes the
482 482 commit message for :hg:`tag` regardless of ``--remove`` option.
483 483
484 484 When the external editor is invoked for a commit, the corresponding
485 485 dot-separated list of names without the ``changeset.`` prefix
486 486 (e.g. ``commit.normal.normal``) is in the ``HGEDITFORM`` environment
487 487 variable.
488 488
489 489 In this section, items other than ``changeset`` can be referred from
490 490 others. For example, the configuration to list committed files up
491 491 below can be referred as ``{listupfiles}``::
492 492
493 493 [committemplate]
494 494 listupfiles = {file_adds %
495 495 "HG: added {file}\n" }{file_mods %
496 496 "HG: changed {file}\n" }{file_dels %
497 497 "HG: removed {file}\n" }{if(files, "",
498 498 "HG: no files changed\n")}
499 499
500 500 ``decode/encode``
501 501 -----------------
502 502
503 503 Filters for transforming files on checkout/checkin. This would
504 504 typically be used for newline processing or other
505 505 localization/canonicalization of files.
506 506
507 507 Filters consist of a filter pattern followed by a filter command.
508 508 Filter patterns are globs by default, rooted at the repository root.
509 509 For example, to match any file ending in ``.txt`` in the root
510 510 directory only, use the pattern ``*.txt``. To match any file ending
511 511 in ``.c`` anywhere in the repository, use the pattern ``**.c``.
512 512 For each file only the first matching filter applies.
513 513
514 514 The filter command can start with a specifier, either ``pipe:`` or
515 515 ``tempfile:``. If no specifier is given, ``pipe:`` is used by default.
516 516
517 517 A ``pipe:`` command must accept data on stdin and return the transformed
518 518 data on stdout.
519 519
520 520 Pipe example::
521 521
522 522 [encode]
523 523 # uncompress gzip files on checkin to improve delta compression
524 524 # note: not necessarily a good idea, just an example
525 525 *.gz = pipe: gunzip
526 526
527 527 [decode]
528 528 # recompress gzip files when writing them to the working dir (we
529 529 # can safely omit "pipe:", because it's the default)
530 530 *.gz = gzip
531 531
532 532 A ``tempfile:`` command is a template. The string ``INFILE`` is replaced
533 533 with the name of a temporary file that contains the data to be
534 534 filtered by the command. The string ``OUTFILE`` is replaced with the name
535 535 of an empty temporary file, where the filtered data must be written by
536 536 the command.
537 537
538 538 .. container:: windows
539 539
540 540 .. note::
541 541
542 542 The tempfile mechanism is recommended for Windows systems,
543 543 where the standard shell I/O redirection operators often have
544 544 strange effects and may corrupt the contents of your files.
545 545
546 546 This filter mechanism is used internally by the ``eol`` extension to
547 547 translate line ending characters between Windows (CRLF) and Unix (LF)
548 548 format. We suggest you use the ``eol`` extension for convenience.
549 549
550 550
551 551 ``defaults``
552 552 ------------
553 553
554 554 (defaults are deprecated. Don't use them. Use aliases instead.)
555 555
556 556 Use the ``[defaults]`` section to define command defaults, i.e. the
557 557 default options/arguments to pass to the specified commands.
558 558
559 559 The following example makes :hg:`log` run in verbose mode, and
560 560 :hg:`status` show only the modified files, by default::
561 561
562 562 [defaults]
563 563 log = -v
564 564 status = -m
565 565
566 566 The actual commands, instead of their aliases, must be used when
567 567 defining command defaults. The command defaults will also be applied
568 568 to the aliases of the commands defined.
569 569
570 570
571 571 ``diff``
572 572 --------
573 573
574 574 Settings used when displaying diffs. Everything except for ``unified``
575 575 is a Boolean and defaults to False. See :hg:`help config.annotate`
576 576 for related options for the annotate command.
577 577
578 578 ``git``
579 579 Use git extended diff format.
580 580
581 581 ``nobinary``
582 582 Omit git binary patches.
583 583
584 584 ``nodates``
585 585 Don't include dates in diff headers.
586 586
587 587 ``noprefix``
588 588 Omit 'a/' and 'b/' prefixes from filenames. Ignored in plain mode.
589 589
590 590 ``showfunc``
591 591 Show which function each change is in.
592 592
593 593 ``ignorews``
594 594 Ignore white space when comparing lines.
595 595
596 596 ``ignorewsamount``
597 597 Ignore changes in the amount of white space.
598 598
599 599 ``ignoreblanklines``
600 600 Ignore changes whose lines are all blank.
601 601
602 602 ``unified``
603 603 Number of lines of context to show.
604 604
605 605 ``email``
606 606 ---------
607 607
608 608 Settings for extensions that send email messages.
609 609
610 610 ``from``
611 611 Optional. Email address to use in "From" header and SMTP envelope
612 612 of outgoing messages.
613 613
614 614 ``to``
615 615 Optional. Comma-separated list of recipients' email addresses.
616 616
617 617 ``cc``
618 618 Optional. Comma-separated list of carbon copy recipients'
619 619 email addresses.
620 620
621 621 ``bcc``
622 622 Optional. Comma-separated list of blind carbon copy recipients'
623 623 email addresses.
624 624
625 625 ``method``
626 626 Optional. Method to use to send email messages. If value is ``smtp``
627 627 (default), use SMTP (see the ``[smtp]`` section for configuration).
628 628 Otherwise, use as name of program to run that acts like sendmail
629 629 (takes ``-f`` option for sender, list of recipients on command line,
630 630 message on stdin). Normally, setting this to ``sendmail`` or
631 631 ``/usr/sbin/sendmail`` is enough to use sendmail to send messages.
632 632
633 633 ``charsets``
634 634 Optional. Comma-separated list of character sets considered
635 635 convenient for recipients. Addresses, headers, and parts not
636 636 containing patches of outgoing messages will be encoded in the
637 637 first character set to which conversion from local encoding
638 638 (``$HGENCODING``, ``ui.fallbackencoding``) succeeds. If correct
639 639 conversion fails, the text in question is sent as is.
640 640 (default: '')
641 641
642 642 Order of outgoing email character sets:
643 643
644 644 1. ``us-ascii``: always first, regardless of settings
645 645 2. ``email.charsets``: in order given by user
646 646 3. ``ui.fallbackencoding``: if not in email.charsets
647 647 4. ``$HGENCODING``: if not in email.charsets
648 648 5. ``utf-8``: always last, regardless of settings
649 649
650 650 Email example::
651 651
652 652 [email]
653 653 from = Joseph User <joe.user@example.com>
654 654 method = /usr/sbin/sendmail
655 655 # charsets for western Europeans
656 656 # us-ascii, utf-8 omitted, as they are tried first and last
657 657 charsets = iso-8859-1, iso-8859-15, windows-1252
658 658
659 659
660 660 ``extensions``
661 661 --------------
662 662
663 663 Mercurial has an extension mechanism for adding new features. To
664 664 enable an extension, create an entry for it in this section.
665 665
666 666 If you know that the extension is already in Python's search path,
667 667 you can give the name of the module, followed by ``=``, with nothing
668 668 after the ``=``.
669 669
670 670 Otherwise, give a name that you choose, followed by ``=``, followed by
671 671 the path to the ``.py`` file (including the file name extension) that
672 672 defines the extension.
673 673
674 674 To explicitly disable an extension that is enabled in an hgrc of
675 675 broader scope, prepend its path with ``!``, as in ``foo = !/ext/path``
676 676 or ``foo = !`` when path is not supplied.
677 677
678 678 Example for ``~/.hgrc``::
679 679
680 680 [extensions]
681 681 # (the color extension will get loaded from Mercurial's path)
682 682 color =
683 683 # (this extension will get loaded from the file specified)
684 684 myfeature = ~/.hgext/myfeature.py
685 685
686 686
687 687 ``format``
688 688 ----------
689 689
690 690 ``usegeneraldelta``
691 691 Enable or disable the "generaldelta" repository format which improves
692 692 repository compression by allowing "revlog" to store delta against arbitrary
693 693 revision instead of the previous stored one. This provides significant
694 694 improvement for repositories with branches.
695 695
696 696 Repositories with this on-disk format require Mercurial version 1.9.
697 697
698 698 Enabled by default.
699 699
700 700 ``dotencode``
701 701 Enable or disable the "dotencode" repository format which enhances
702 702 the "fncache" repository format (which has to be enabled to use
703 703 dotencode) to avoid issues with filenames starting with ._ on
704 704 Mac OS X and spaces on Windows.
705 705
706 706 Repositories with this on-disk format require Mercurial version 1.7.
707 707
708 708 Enabled by default.
709 709
710 710 ``usefncache``
711 711 Enable or disable the "fncache" repository format which enhances
712 712 the "store" repository format (which has to be enabled to use
713 713 fncache) to allow longer filenames and avoids using Windows
714 714 reserved names, e.g. "nul".
715 715
716 716 Repositories with this on-disk format require Mercurial version 1.1.
717 717
718 718 Enabled by default.
719 719
720 720 ``usestore``
721 721 Enable or disable the "store" repository format which improves
722 722 compatibility with systems that fold case or otherwise mangle
723 723 filenames. Disabling this option will allow you to store longer filenames
724 724 in some situations at the expense of compatibility.
725 725
726 726 Repositories with this on-disk format require Mercurial version 0.9.4.
727 727
728 728 Enabled by default.
729 729
730 730 ``graph``
731 731 ---------
732 732
733 733 Web graph view configuration. This section let you change graph
734 734 elements display properties by branches, for instance to make the
735 735 ``default`` branch stand out.
736 736
737 737 Each line has the following format::
738 738
739 739 <branch>.<argument> = <value>
740 740
741 741 where ``<branch>`` is the name of the branch being
742 742 customized. Example::
743 743
744 744 [graph]
745 745 # 2px width
746 746 default.width = 2
747 747 # red color
748 748 default.color = FF0000
749 749
750 750 Supported arguments:
751 751
752 752 ``width``
753 753 Set branch edges width in pixels.
754 754
755 755 ``color``
756 756 Set branch edges color in hexadecimal RGB notation.
757 757
758 758 ``hooks``
759 759 ---------
760 760
761 761 Commands or Python functions that get automatically executed by
762 762 various actions such as starting or finishing a commit. Multiple
763 763 hooks can be run for the same action by appending a suffix to the
764 764 action. Overriding a site-wide hook can be done by changing its
765 765 value or setting it to an empty string. Hooks can be prioritized
766 766 by adding a prefix of ``priority.`` to the hook name on a new line
767 767 and setting the priority. The default priority is 0.
768 768
769 769 Example ``.hg/hgrc``::
770 770
771 771 [hooks]
772 772 # update working directory after adding changesets
773 773 changegroup.update = hg update
774 774 # do not use the site-wide hook
775 775 incoming =
776 776 incoming.email = /my/email/hook
777 777 incoming.autobuild = /my/build/hook
778 778 # force autobuild hook to run before other incoming hooks
779 779 priority.incoming.autobuild = 1
780 780
781 781 Most hooks are run with environment variables set that give useful
782 782 additional information. For each hook below, the environment
783 783 variables it is passed are listed with names of the form ``$HG_foo``.
784 784
785 785 ``changegroup``
786 786 Run after a changegroup has been added via push, pull or unbundle. ID of the
787 787 first new changeset is in ``$HG_NODE`` and last in ``$HG_NODE_LAST``. URL
788 788 from which changes came is in ``$HG_URL``.
789 789
790 790 ``commit``
791 791 Run after a changeset has been created in the local repository. ID
792 792 of the newly created changeset is in ``$HG_NODE``. Parent changeset
793 793 IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``.
794 794
795 795 ``incoming``
796 796 Run after a changeset has been pulled, pushed, or unbundled into
797 797 the local repository. The ID of the newly arrived changeset is in
798 798 ``$HG_NODE``. URL that was source of changes came is in ``$HG_URL``.
799 799
800 800 ``outgoing``
801 801 Run after sending changes from local repository to another. ID of
802 802 first changeset sent is in ``$HG_NODE``. Source of operation is in
803 803 ``$HG_SOURCE``; Also see :hg:`help config.hooks.preoutgoing` hook.
804 804
805 805 ``post-<command>``
806 806 Run after successful invocations of the associated command. The
807 807 contents of the command line are passed as ``$HG_ARGS`` and the result
808 808 code in ``$HG_RESULT``. Parsed command line arguments are passed as
809 809 ``$HG_PATS`` and ``$HG_OPTS``. These contain string representations of
810 810 the python data internally passed to <command>. ``$HG_OPTS`` is a
811 811 dictionary of options (with unspecified options set to their defaults).
812 812 ``$HG_PATS`` is a list of arguments. Hook failure is ignored.
813 813
814 814 ``fail-<command>``
815 815 Run after a failed invocation of an associated command. The contents
816 816 of the command line are passed as ``$HG_ARGS``. Parsed command line
817 817 arguments are passed as ``$HG_PATS`` and ``$HG_OPTS``. These contain
818 818 string representations of the python data internally passed to
819 819 <command>. ``$HG_OPTS`` is a dictionary of options (with unspecified
820 820 options set to their defaults). ``$HG_PATS`` is a list of arguments.
821 821 Hook failure is ignored.
822 822
823 823 ``pre-<command>``
824 824 Run before executing the associated command. The contents of the
825 825 command line are passed as ``$HG_ARGS``. Parsed command line arguments
826 826 are passed as ``$HG_PATS`` and ``$HG_OPTS``. These contain string
827 827 representations of the data internally passed to <command>. ``$HG_OPTS``
828 828 is a dictionary of options (with unspecified options set to their
829 829 defaults). ``$HG_PATS`` is a list of arguments. If the hook returns
830 830 failure, the command doesn't execute and Mercurial returns the failure
831 831 code.
832 832
833 833 ``prechangegroup``
834 834 Run before a changegroup is added via push, pull or unbundle. Exit
835 835 status 0 allows the changegroup to proceed. Non-zero status will
836 836 cause the push, pull or unbundle to fail. URL from which changes
837 837 will come is in ``$HG_URL``.
838 838
839 839 ``precommit``
840 840 Run before starting a local commit. Exit status 0 allows the
841 841 commit to proceed. Non-zero status will cause the commit to fail.
842 842 Parent changeset IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``.
843 843
844 844 ``prelistkeys``
845 845 Run before listing pushkeys (like bookmarks) in the
846 846 repository. Non-zero status will cause failure. The key namespace is
847 847 in ``$HG_NAMESPACE``.
848 848
849 849 ``preoutgoing``
850 850 Run before collecting changes to send from the local repository to
851 851 another. Non-zero status will cause failure. This lets you prevent
852 852 pull over HTTP or SSH. Also prevents against local pull, push
853 853 (outbound) or bundle commands, but not effective, since you can
854 854 just copy files instead then. Source of operation is in
855 855 ``$HG_SOURCE``. If "serve", operation is happening on behalf of remote
856 856 SSH or HTTP repository. If "push", "pull" or "bundle", operation
857 857 is happening on behalf of repository on same system.
858 858
859 859 ``prepushkey``
860 860 Run before a pushkey (like a bookmark) is added to the
861 861 repository. Non-zero status will cause the key to be rejected. The
862 862 key namespace is in ``$HG_NAMESPACE``, the key is in ``$HG_KEY``,
863 863 the old value (if any) is in ``$HG_OLD``, and the new value is in
864 864 ``$HG_NEW``.
865 865
866 866 ``pretag``
867 867 Run before creating a tag. Exit status 0 allows the tag to be
868 868 created. Non-zero status will cause the tag to fail. ID of
869 869 changeset to tag is in ``$HG_NODE``. Name of tag is in ``$HG_TAG``. Tag is
870 870 local if ``$HG_LOCAL=1``, in repository if ``$HG_LOCAL=0``.
871 871
872 872 ``pretxnopen``
873 873 Run before any new repository transaction is open. The reason for the
874 874 transaction will be in ``$HG_TXNNAME`` and a unique identifier for the
875 875 transaction will be in ``HG_TXNID``. A non-zero status will prevent the
876 876 transaction from being opened.
877 877
878 878 ``pretxnclose``
879 879 Run right before the transaction is actually finalized. Any repository change
880 880 will be visible to the hook program. This lets you validate the transaction
881 881 content or change it. Exit status 0 allows the commit to proceed. Non-zero
882 882 status will cause the transaction to be rolled back. The reason for the
883 883 transaction opening will be in ``$HG_TXNNAME`` and a unique identifier for
884 884 the transaction will be in ``HG_TXNID``. The rest of the available data will
885 885 vary according the transaction type. New changesets will add ``$HG_NODE`` (id
886 886 of the first added changeset), ``$HG_NODE_LAST`` (id of the last added
887 887 changeset), ``$HG_URL`` and ``$HG_SOURCE`` variables, bookmarks and phases
888 888 changes will set ``HG_BOOKMARK_MOVED`` and ``HG_PHASES_MOVED`` to ``1``, etc.
889 889
890 890 ``txnclose``
891 891 Run after any repository transaction has been committed. At this
892 892 point, the transaction can no longer be rolled back. The hook will run
893 893 after the lock is released. See :hg:`help config.hooks.pretxnclose` docs for
894 894 details about available variables.
895 895
896 896 ``txnabort``
897 897 Run when a transaction is aborted. See :hg:`help config.hooks.pretxnclose`
898 898 docs for details about available variables.
899 899
900 900 ``pretxnchangegroup``
901 901 Run after a changegroup has been added via push, pull or unbundle, but before
902 902 the transaction has been committed. Changegroup is visible to hook program.
903 903 This lets you validate incoming changes before accepting them. Passed the ID
904 904 of the first new changeset in ``$HG_NODE`` and last in ``$HG_NODE_LAST``.
905 905 Exit status 0 allows the transaction to commit. Non-zero status will cause
906 906 the transaction to be rolled back and the push, pull or unbundle will fail.
907 907 URL that was source of changes is in ``$HG_URL``.
908 908
909 909 ``pretxncommit``
910 910 Run after a changeset has been created but the transaction not yet
911 911 committed. Changeset is visible to hook program. This lets you
912 912 validate commit message and changes. Exit status 0 allows the
913 913 commit to proceed. Non-zero status will cause the transaction to
914 914 be rolled back. ID of changeset is in ``$HG_NODE``. Parent changeset
915 915 IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``.
916 916
917 917 ``preupdate``
918 918 Run before updating the working directory. Exit status 0 allows
919 919 the update to proceed. Non-zero status will prevent the update.
920 920 Changeset ID of first new parent is in ``$HG_PARENT1``. If merge, ID
921 921 of second new parent is in ``$HG_PARENT2``.
922 922
923 923 ``listkeys``
924 924 Run after listing pushkeys (like bookmarks) in the repository. The
925 925 key namespace is in ``$HG_NAMESPACE``. ``$HG_VALUES`` is a
926 926 dictionary containing the keys and values.
927 927
928 928 ``pushkey``
929 929 Run after a pushkey (like a bookmark) is added to the
930 930 repository. The key namespace is in ``$HG_NAMESPACE``, the key is in
931 931 ``$HG_KEY``, the old value (if any) is in ``$HG_OLD``, and the new
932 932 value is in ``$HG_NEW``.
933 933
934 934 ``tag``
935 935 Run after a tag is created. ID of tagged changeset is in ``$HG_NODE``.
936 936 Name of tag is in ``$HG_TAG``. Tag is local if ``$HG_LOCAL=1``, in
937 937 repository if ``$HG_LOCAL=0``.
938 938
939 939 ``update``
940 940 Run after updating the working directory. Changeset ID of first
941 941 new parent is in ``$HG_PARENT1``. If merge, ID of second new parent is
942 942 in ``$HG_PARENT2``. If the update succeeded, ``$HG_ERROR=0``. If the
943 943 update failed (e.g. because conflicts not resolved), ``$HG_ERROR=1``.
944 944
945 945 .. note::
946 946
947 947 It is generally better to use standard hooks rather than the
948 948 generic pre- and post- command hooks as they are guaranteed to be
949 949 called in the appropriate contexts for influencing transactions.
950 950 Also, hooks like "commit" will be called in all contexts that
951 951 generate a commit (e.g. tag) and not just the commit command.
952 952
953 953 .. note::
954 954
955 955 Environment variables with empty values may not be passed to
956 956 hooks on platforms such as Windows. As an example, ``$HG_PARENT2``
957 957 will have an empty value under Unix-like platforms for non-merge
958 958 changesets, while it will not be available at all under Windows.
959 959
960 960 The syntax for Python hooks is as follows::
961 961
962 962 hookname = python:modulename.submodule.callable
963 963 hookname = python:/path/to/python/module.py:callable
964 964
965 965 Python hooks are run within the Mercurial process. Each hook is
966 966 called with at least three keyword arguments: a ui object (keyword
967 967 ``ui``), a repository object (keyword ``repo``), and a ``hooktype``
968 968 keyword that tells what kind of hook is used. Arguments listed as
969 969 environment variables above are passed as keyword arguments, with no
970 970 ``HG_`` prefix, and names in lower case.
971 971
972 972 If a Python hook returns a "true" value or raises an exception, this
973 973 is treated as a failure.
974 974
975 975
976 976 ``hostfingerprints``
977 977 --------------------
978 978
979 (Deprecated. Use ``[hostsecurity]``'s ``fingerprints`` options instead.)
980
979 981 Fingerprints of the certificates of known HTTPS servers.
980 982
981 983 A HTTPS connection to a server with a fingerprint configured here will
982 984 only succeed if the servers certificate matches the fingerprint.
983 985 This is very similar to how ssh known hosts works.
984 986
985 987 The fingerprint is the SHA-1 hash value of the DER encoded certificate.
986 988 Multiple values can be specified (separated by spaces or commas). This can
987 989 be used to define both old and new fingerprints while a host transitions
988 990 to a new certificate.
989 991
990 992 The CA chain and web.cacerts is not used for servers with a fingerprint.
991 993
992 994 For example::
993 995
994 996 [hostfingerprints]
995 997 hg.intevation.de = fc:e2:8d:d9:51:cd:cb:c1:4d:18:6b:b7:44:8d:49:72:57:e6:cd:33
996 998 hg.intevation.org = fc:e2:8d:d9:51:cd:cb:c1:4d:18:6b:b7:44:8d:49:72:57:e6:cd:33
997 999
1000 ``hostsecurity``
1001 ----------------
1002
1003 Used to specify per-host security settings.
1004
1005 Options in this section have the form ``hostname``:``setting``. This allows
1006 multiple settings to be defined on a per-host basis.
1007
1008 The following per-host settings can be defined.
1009
1010 ``fingerprints``
1011 A list of hashes of the DER encoded peer/remote certificate. Values have
1012 the form ``algorithm``:``fingerprint``. e.g.
1013 ``sha256:c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2``.
1014
1015 The following algorithms/prefixes are supported: ``sha1``, ``sha256``,
1016 ``sha512``.
1017
1018 Use of ``sha256`` or ``sha512`` is preferred.
1019
1020 If a fingerprint is specified, the CA chain is not validated for this
1021 host and Mercurial will require the remote certificate to match one
1022 of the fingerprints specified. This means if the server updates its
1023 certificate, Mercurial will abort until a new fingerprint is defined.
1024 This can provide stronger security than traditional CA-based validation
1025 at the expense of convenience.
1026
1027 For example::
1028
1029 [hostsecurity]
1030 hg.example.com:fingerprints = sha256:c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2
1031 hg2.example.com:fingerprints = sha1:914f1aff87249c09b6859b88b1906d30756491ca, sha1:fc:e2:8d:d9:51:cd:cb:c1:4d:18:6b:b7:44:8d:49:72:57:e6:cd:33
1032
998 1033 ``http_proxy``
999 1034 --------------
1000 1035
1001 1036 Used to access web-based Mercurial repositories through a HTTP
1002 1037 proxy.
1003 1038
1004 1039 ``host``
1005 1040 Host name and (optional) port of the proxy server, for example
1006 1041 "myproxy:8000".
1007 1042
1008 1043 ``no``
1009 1044 Optional. Comma-separated list of host names that should bypass
1010 1045 the proxy.
1011 1046
1012 1047 ``passwd``
1013 1048 Optional. Password to authenticate with at the proxy server.
1014 1049
1015 1050 ``user``
1016 1051 Optional. User name to authenticate with at the proxy server.
1017 1052
1018 1053 ``always``
1019 1054 Optional. Always use the proxy, even for localhost and any entries
1020 1055 in ``http_proxy.no``. (default: False)
1021 1056
1022 1057 ``merge``
1023 1058 ---------
1024 1059
1025 1060 This section specifies behavior during merges and updates.
1026 1061
1027 1062 ``checkignored``
1028 1063 Controls behavior when an ignored file on disk has the same name as a tracked
1029 1064 file in the changeset being merged or updated to, and has different
1030 1065 contents. Options are ``abort``, ``warn`` and ``ignore``. With ``abort``,
1031 1066 abort on such files. With ``warn``, warn on such files and back them up as
1032 1067 ``.orig``. With ``ignore``, don't print a warning and back them up as
1033 1068 ``.orig``. (default: ``abort``)
1034 1069
1035 1070 ``checkunknown``
1036 1071 Controls behavior when an unknown file that isn't ignored has the same name
1037 1072 as a tracked file in the changeset being merged or updated to, and has
1038 1073 different contents. Similar to ``merge.checkignored``, except for files that
1039 1074 are not ignored. (default: ``abort``)
1040 1075
1041 1076 ``merge-patterns``
1042 1077 ------------------
1043 1078
1044 1079 This section specifies merge tools to associate with particular file
1045 1080 patterns. Tools matched here will take precedence over the default
1046 1081 merge tool. Patterns are globs by default, rooted at the repository
1047 1082 root.
1048 1083
1049 1084 Example::
1050 1085
1051 1086 [merge-patterns]
1052 1087 **.c = kdiff3
1053 1088 **.jpg = myimgmerge
1054 1089
1055 1090 ``merge-tools``
1056 1091 ---------------
1057 1092
1058 1093 This section configures external merge tools to use for file-level
1059 1094 merges. This section has likely been preconfigured at install time.
1060 1095 Use :hg:`config merge-tools` to check the existing configuration.
1061 1096 Also see :hg:`help merge-tools` for more details.
1062 1097
1063 1098 Example ``~/.hgrc``::
1064 1099
1065 1100 [merge-tools]
1066 1101 # Override stock tool location
1067 1102 kdiff3.executable = ~/bin/kdiff3
1068 1103 # Specify command line
1069 1104 kdiff3.args = $base $local $other -o $output
1070 1105 # Give higher priority
1071 1106 kdiff3.priority = 1
1072 1107
1073 1108 # Changing the priority of preconfigured tool
1074 1109 meld.priority = 0
1075 1110
1076 1111 # Disable a preconfigured tool
1077 1112 vimdiff.disabled = yes
1078 1113
1079 1114 # Define new tool
1080 1115 myHtmlTool.args = -m $local $other $base $output
1081 1116 myHtmlTool.regkey = Software\FooSoftware\HtmlMerge
1082 1117 myHtmlTool.priority = 1
1083 1118
1084 1119 Supported arguments:
1085 1120
1086 1121 ``priority``
1087 1122 The priority in which to evaluate this tool.
1088 1123 (default: 0)
1089 1124
1090 1125 ``executable``
1091 1126 Either just the name of the executable or its pathname.
1092 1127
1093 1128 .. container:: windows
1094 1129
1095 1130 On Windows, the path can use environment variables with ${ProgramFiles}
1096 1131 syntax.
1097 1132
1098 1133 (default: the tool name)
1099 1134
1100 1135 ``args``
1101 1136 The arguments to pass to the tool executable. You can refer to the
1102 1137 files being merged as well as the output file through these
1103 1138 variables: ``$base``, ``$local``, ``$other``, ``$output``. The meaning
1104 1139 of ``$local`` and ``$other`` can vary depending on which action is being
1105 1140 performed. During and update or merge, ``$local`` represents the original
1106 1141 state of the file, while ``$other`` represents the commit you are updating
1107 1142 to or the commit you are merging with. During a rebase ``$local``
1108 1143 represents the destination of the rebase, and ``$other`` represents the
1109 1144 commit being rebased.
1110 1145 (default: ``$local $base $other``)
1111 1146
1112 1147 ``premerge``
1113 1148 Attempt to run internal non-interactive 3-way merge tool before
1114 1149 launching external tool. Options are ``true``, ``false``, ``keep`` or
1115 1150 ``keep-merge3``. The ``keep`` option will leave markers in the file if the
1116 1151 premerge fails. The ``keep-merge3`` will do the same but include information
1117 1152 about the base of the merge in the marker (see internal :merge3 in
1118 1153 :hg:`help merge-tools`).
1119 1154 (default: True)
1120 1155
1121 1156 ``binary``
1122 1157 This tool can merge binary files. (default: False, unless tool
1123 1158 was selected by file pattern match)
1124 1159
1125 1160 ``symlink``
1126 1161 This tool can merge symlinks. (default: False)
1127 1162
1128 1163 ``check``
1129 1164 A list of merge success-checking options:
1130 1165
1131 1166 ``changed``
1132 1167 Ask whether merge was successful when the merged file shows no changes.
1133 1168 ``conflicts``
1134 1169 Check whether there are conflicts even though the tool reported success.
1135 1170 ``prompt``
1136 1171 Always prompt for merge success, regardless of success reported by tool.
1137 1172
1138 1173 ``fixeol``
1139 1174 Attempt to fix up EOL changes caused by the merge tool.
1140 1175 (default: False)
1141 1176
1142 1177 ``gui``
1143 1178 This tool requires a graphical interface to run. (default: False)
1144 1179
1145 1180 .. container:: windows
1146 1181
1147 1182 ``regkey``
1148 1183 Windows registry key which describes install location of this
1149 1184 tool. Mercurial will search for this key first under
1150 1185 ``HKEY_CURRENT_USER`` and then under ``HKEY_LOCAL_MACHINE``.
1151 1186 (default: None)
1152 1187
1153 1188 ``regkeyalt``
1154 1189 An alternate Windows registry key to try if the first key is not
1155 1190 found. The alternate key uses the same ``regname`` and ``regappend``
1156 1191 semantics of the primary key. The most common use for this key
1157 1192 is to search for 32bit applications on 64bit operating systems.
1158 1193 (default: None)
1159 1194
1160 1195 ``regname``
1161 1196 Name of value to read from specified registry key.
1162 1197 (default: the unnamed (default) value)
1163 1198
1164 1199 ``regappend``
1165 1200 String to append to the value read from the registry, typically
1166 1201 the executable name of the tool.
1167 1202 (default: None)
1168 1203
1169 1204
1170 1205 ``patch``
1171 1206 ---------
1172 1207
1173 1208 Settings used when applying patches, for instance through the 'import'
1174 1209 command or with Mercurial Queues extension.
1175 1210
1176 1211 ``eol``
1177 1212 When set to 'strict' patch content and patched files end of lines
1178 1213 are preserved. When set to ``lf`` or ``crlf``, both files end of
1179 1214 lines are ignored when patching and the result line endings are
1180 1215 normalized to either LF (Unix) or CRLF (Windows). When set to
1181 1216 ``auto``, end of lines are again ignored while patching but line
1182 1217 endings in patched files are normalized to their original setting
1183 1218 on a per-file basis. If target file does not exist or has no end
1184 1219 of line, patch line endings are preserved.
1185 1220 (default: strict)
1186 1221
1187 1222 ``fuzz``
1188 1223 The number of lines of 'fuzz' to allow when applying patches. This
1189 1224 controls how much context the patcher is allowed to ignore when
1190 1225 trying to apply a patch.
1191 1226 (default: 2)
1192 1227
1193 1228 ``paths``
1194 1229 ---------
1195 1230
1196 1231 Assigns symbolic names and behavior to repositories.
1197 1232
1198 1233 Options are symbolic names defining the URL or directory that is the
1199 1234 location of the repository. Example::
1200 1235
1201 1236 [paths]
1202 1237 my_server = https://example.com/my_repo
1203 1238 local_path = /home/me/repo
1204 1239
1205 1240 These symbolic names can be used from the command line. To pull
1206 1241 from ``my_server``: :hg:`pull my_server`. To push to ``local_path``:
1207 1242 :hg:`push local_path`.
1208 1243
1209 1244 Options containing colons (``:``) denote sub-options that can influence
1210 1245 behavior for that specific path. Example::
1211 1246
1212 1247 [paths]
1213 1248 my_server = https://example.com/my_path
1214 1249 my_server:pushurl = ssh://example.com/my_path
1215 1250
1216 1251 The following sub-options can be defined:
1217 1252
1218 1253 ``pushurl``
1219 1254 The URL to use for push operations. If not defined, the location
1220 1255 defined by the path's main entry is used.
1221 1256
1222 1257 The following special named paths exist:
1223 1258
1224 1259 ``default``
1225 1260 The URL or directory to use when no source or remote is specified.
1226 1261
1227 1262 :hg:`clone` will automatically define this path to the location the
1228 1263 repository was cloned from.
1229 1264
1230 1265 ``default-push``
1231 1266 (deprecated) The URL or directory for the default :hg:`push` location.
1232 1267 ``default:pushurl`` should be used instead.
1233 1268
1234 1269 ``phases``
1235 1270 ----------
1236 1271
1237 1272 Specifies default handling of phases. See :hg:`help phases` for more
1238 1273 information about working with phases.
1239 1274
1240 1275 ``publish``
1241 1276 Controls draft phase behavior when working as a server. When true,
1242 1277 pushed changesets are set to public in both client and server and
1243 1278 pulled or cloned changesets are set to public in the client.
1244 1279 (default: True)
1245 1280
1246 1281 ``new-commit``
1247 1282 Phase of newly-created commits.
1248 1283 (default: draft)
1249 1284
1250 1285 ``checksubrepos``
1251 1286 Check the phase of the current revision of each subrepository. Allowed
1252 1287 values are "ignore", "follow" and "abort". For settings other than
1253 1288 "ignore", the phase of the current revision of each subrepository is
1254 1289 checked before committing the parent repository. If any of those phases is
1255 1290 greater than the phase of the parent repository (e.g. if a subrepo is in a
1256 1291 "secret" phase while the parent repo is in "draft" phase), the commit is
1257 1292 either aborted (if checksubrepos is set to "abort") or the higher phase is
1258 1293 used for the parent repository commit (if set to "follow").
1259 1294 (default: follow)
1260 1295
1261 1296
1262 1297 ``profiling``
1263 1298 -------------
1264 1299
1265 1300 Specifies profiling type, format, and file output. Two profilers are
1266 1301 supported: an instrumenting profiler (named ``ls``), and a sampling
1267 1302 profiler (named ``stat``).
1268 1303
1269 1304 In this section description, 'profiling data' stands for the raw data
1270 1305 collected during profiling, while 'profiling report' stands for a
1271 1306 statistical text report generated from the profiling data. The
1272 1307 profiling is done using lsprof.
1273 1308
1274 1309 ``type``
1275 1310 The type of profiler to use.
1276 1311 (default: ls)
1277 1312
1278 1313 ``ls``
1279 1314 Use Python's built-in instrumenting profiler. This profiler
1280 1315 works on all platforms, but each line number it reports is the
1281 1316 first line of a function. This restriction makes it difficult to
1282 1317 identify the expensive parts of a non-trivial function.
1283 1318 ``stat``
1284 1319 Use a third-party statistical profiler, statprof. This profiler
1285 1320 currently runs only on Unix systems, and is most useful for
1286 1321 profiling commands that run for longer than about 0.1 seconds.
1287 1322
1288 1323 ``format``
1289 1324 Profiling format. Specific to the ``ls`` instrumenting profiler.
1290 1325 (default: text)
1291 1326
1292 1327 ``text``
1293 1328 Generate a profiling report. When saving to a file, it should be
1294 1329 noted that only the report is saved, and the profiling data is
1295 1330 not kept.
1296 1331 ``kcachegrind``
1297 1332 Format profiling data for kcachegrind use: when saving to a
1298 1333 file, the generated file can directly be loaded into
1299 1334 kcachegrind.
1300 1335
1301 1336 ``frequency``
1302 1337 Sampling frequency. Specific to the ``stat`` sampling profiler.
1303 1338 (default: 1000)
1304 1339
1305 1340 ``output``
1306 1341 File path where profiling data or report should be saved. If the
1307 1342 file exists, it is replaced. (default: None, data is printed on
1308 1343 stderr)
1309 1344
1310 1345 ``sort``
1311 1346 Sort field. Specific to the ``ls`` instrumenting profiler.
1312 1347 One of ``callcount``, ``reccallcount``, ``totaltime`` and
1313 1348 ``inlinetime``.
1314 1349 (default: inlinetime)
1315 1350
1316 1351 ``limit``
1317 1352 Number of lines to show. Specific to the ``ls`` instrumenting profiler.
1318 1353 (default: 30)
1319 1354
1320 1355 ``nested``
1321 1356 Show at most this number of lines of drill-down info after each main entry.
1322 1357 This can help explain the difference between Total and Inline.
1323 1358 Specific to the ``ls`` instrumenting profiler.
1324 1359 (default: 5)
1325 1360
1326 1361 ``progress``
1327 1362 ------------
1328 1363
1329 1364 Mercurial commands can draw progress bars that are as informative as
1330 1365 possible. Some progress bars only offer indeterminate information, while others
1331 1366 have a definite end point.
1332 1367
1333 1368 ``delay``
1334 1369 Number of seconds (float) before showing the progress bar. (default: 3)
1335 1370
1336 1371 ``changedelay``
1337 1372 Minimum delay before showing a new topic. When set to less than 3 * refresh,
1338 1373 that value will be used instead. (default: 1)
1339 1374
1340 1375 ``refresh``
1341 1376 Time in seconds between refreshes of the progress bar. (default: 0.1)
1342 1377
1343 1378 ``format``
1344 1379 Format of the progress bar.
1345 1380
1346 1381 Valid entries for the format field are ``topic``, ``bar``, ``number``,
1347 1382 ``unit``, ``estimate``, ``speed``, and ``item``. ``item`` defaults to the
1348 1383 last 20 characters of the item, but this can be changed by adding either
1349 1384 ``-<num>`` which would take the last num characters, or ``+<num>`` for the
1350 1385 first num characters.
1351 1386
1352 1387 (default: topic bar number estimate)
1353 1388
1354 1389 ``width``
1355 1390 If set, the maximum width of the progress information (that is, min(width,
1356 1391 term width) will be used).
1357 1392
1358 1393 ``clear-complete``
1359 1394 Clear the progress bar after it's done. (default: True)
1360 1395
1361 1396 ``disable``
1362 1397 If true, don't show a progress bar.
1363 1398
1364 1399 ``assume-tty``
1365 1400 If true, ALWAYS show a progress bar, unless disable is given.
1366 1401
1367 1402 ``rebase``
1368 1403 ----------
1369 1404
1370 1405 ``allowdivergence``
1371 1406 Default to False, when True allow creating divergence when performing
1372 1407 rebase of obsolete changesets.
1373 1408
1374 1409 ``revsetalias``
1375 1410 ---------------
1376 1411
1377 1412 Alias definitions for revsets. See :hg:`help revsets` for details.
1378 1413
1379 1414 ``server``
1380 1415 ----------
1381 1416
1382 1417 Controls generic server settings.
1383 1418
1384 1419 ``uncompressed``
1385 1420 Whether to allow clients to clone a repository using the
1386 1421 uncompressed streaming protocol. This transfers about 40% more
1387 1422 data than a regular clone, but uses less memory and CPU on both
1388 1423 server and client. Over a LAN (100 Mbps or better) or a very fast
1389 1424 WAN, an uncompressed streaming clone is a lot faster (~10x) than a
1390 1425 regular clone. Over most WAN connections (anything slower than
1391 1426 about 6 Mbps), uncompressed streaming is slower, because of the
1392 1427 extra data transfer overhead. This mode will also temporarily hold
1393 1428 the write lock while determining what data to transfer.
1394 1429 (default: True)
1395 1430
1396 1431 ``preferuncompressed``
1397 1432 When set, clients will try to use the uncompressed streaming
1398 1433 protocol. (default: False)
1399 1434
1400 1435 ``validate``
1401 1436 Whether to validate the completeness of pushed changesets by
1402 1437 checking that all new file revisions specified in manifests are
1403 1438 present. (default: False)
1404 1439
1405 1440 ``maxhttpheaderlen``
1406 1441 Instruct HTTP clients not to send request headers longer than this
1407 1442 many bytes. (default: 1024)
1408 1443
1409 1444 ``bundle1``
1410 1445 Whether to allow clients to push and pull using the legacy bundle1
1411 1446 exchange format. (default: True)
1412 1447
1413 1448 ``bundle1gd``
1414 1449 Like ``bundle1`` but only used if the repository is using the
1415 1450 *generaldelta* storage format. (default: True)
1416 1451
1417 1452 ``bundle1.push``
1418 1453 Whether to allow clients to push using the legacy bundle1 exchange
1419 1454 format. (default: True)
1420 1455
1421 1456 ``bundle1gd.push``
1422 1457 Like ``bundle1.push`` but only used if the repository is using the
1423 1458 *generaldelta* storage format. (default: True)
1424 1459
1425 1460 ``bundle1.pull``
1426 1461 Whether to allow clients to pull using the legacy bundle1 exchange
1427 1462 format. (default: True)
1428 1463
1429 1464 ``bundle1gd.pull``
1430 1465 Like ``bundle1.pull`` but only used if the repository is using the
1431 1466 *generaldelta* storage format. (default: True)
1432 1467
1433 1468 Large repositories using the *generaldelta* storage format should
1434 1469 consider setting this option because converting *generaldelta*
1435 1470 repositories to the exchange format required by the bundle1 data
1436 1471 format can consume a lot of CPU.
1437 1472
1438 1473 ``smtp``
1439 1474 --------
1440 1475
1441 1476 Configuration for extensions that need to send email messages.
1442 1477
1443 1478 ``host``
1444 1479 Host name of mail server, e.g. "mail.example.com".
1445 1480
1446 1481 ``port``
1447 1482 Optional. Port to connect to on mail server. (default: 465 if
1448 1483 ``tls`` is smtps; 25 otherwise)
1449 1484
1450 1485 ``tls``
1451 1486 Optional. Method to enable TLS when connecting to mail server: starttls,
1452 1487 smtps or none. (default: none)
1453 1488
1454 1489 ``verifycert``
1455 1490 Optional. Verification for the certificate of mail server, when
1456 1491 ``tls`` is starttls or smtps. "strict", "loose" or False. For
1457 1492 "strict" or "loose", the certificate is verified as same as the
1458 1493 verification for HTTPS connections (see ``[hostfingerprints]`` and
1459 1494 ``[web] cacerts`` also). For "strict", sending email is also
1460 1495 aborted, if there is no configuration for mail server in
1461 1496 ``[hostfingerprints]`` and ``[web] cacerts``. --insecure for
1462 1497 :hg:`email` overwrites this as "loose". (default: strict)
1463 1498
1464 1499 ``username``
1465 1500 Optional. User name for authenticating with the SMTP server.
1466 1501 (default: None)
1467 1502
1468 1503 ``password``
1469 1504 Optional. Password for authenticating with the SMTP server. If not
1470 1505 specified, interactive sessions will prompt the user for a
1471 1506 password; non-interactive sessions will fail. (default: None)
1472 1507
1473 1508 ``local_hostname``
1474 1509 Optional. The hostname that the sender can use to identify
1475 1510 itself to the MTA.
1476 1511
1477 1512
1478 1513 ``subpaths``
1479 1514 ------------
1480 1515
1481 1516 Subrepository source URLs can go stale if a remote server changes name
1482 1517 or becomes temporarily unavailable. This section lets you define
1483 1518 rewrite rules of the form::
1484 1519
1485 1520 <pattern> = <replacement>
1486 1521
1487 1522 where ``pattern`` is a regular expression matching a subrepository
1488 1523 source URL and ``replacement`` is the replacement string used to
1489 1524 rewrite it. Groups can be matched in ``pattern`` and referenced in
1490 1525 ``replacements``. For instance::
1491 1526
1492 1527 http://server/(.*)-hg/ = http://hg.server/\1/
1493 1528
1494 1529 rewrites ``http://server/foo-hg/`` into ``http://hg.server/foo/``.
1495 1530
1496 1531 Relative subrepository paths are first made absolute, and the
1497 1532 rewrite rules are then applied on the full (absolute) path. The rules
1498 1533 are applied in definition order.
1499 1534
1500 1535 ``templatealias``
1501 1536 -----------------
1502 1537
1503 1538 Alias definitions for templates. See :hg:`help templates` for details.
1504 1539
1505 1540 ``trusted``
1506 1541 -----------
1507 1542
1508 1543 Mercurial will not use the settings in the
1509 1544 ``.hg/hgrc`` file from a repository if it doesn't belong to a trusted
1510 1545 user or to a trusted group, as various hgrc features allow arbitrary
1511 1546 commands to be run. This issue is often encountered when configuring
1512 1547 hooks or extensions for shared repositories or servers. However,
1513 1548 the web interface will use some safe settings from the ``[web]``
1514 1549 section.
1515 1550
1516 1551 This section specifies what users and groups are trusted. The
1517 1552 current user is always trusted. To trust everybody, list a user or a
1518 1553 group with name ``*``. These settings must be placed in an
1519 1554 *already-trusted file* to take effect, such as ``$HOME/.hgrc`` of the
1520 1555 user or service running Mercurial.
1521 1556
1522 1557 ``users``
1523 1558 Comma-separated list of trusted users.
1524 1559
1525 1560 ``groups``
1526 1561 Comma-separated list of trusted groups.
1527 1562
1528 1563
1529 1564 ``ui``
1530 1565 ------
1531 1566
1532 1567 User interface controls.
1533 1568
1534 1569 ``archivemeta``
1535 1570 Whether to include the .hg_archival.txt file containing meta data
1536 1571 (hashes for the repository base and for tip) in archives created
1537 1572 by the :hg:`archive` command or downloaded via hgweb.
1538 1573 (default: True)
1539 1574
1540 1575 ``askusername``
1541 1576 Whether to prompt for a username when committing. If True, and
1542 1577 neither ``$HGUSER`` nor ``$EMAIL`` has been specified, then the user will
1543 1578 be prompted to enter a username. If no username is entered, the
1544 1579 default ``USER@HOST`` is used instead.
1545 1580 (default: False)
1546 1581
1547 1582 ``clonebundles``
1548 1583 Whether the "clone bundles" feature is enabled.
1549 1584
1550 1585 When enabled, :hg:`clone` may download and apply a server-advertised
1551 1586 bundle file from a URL instead of using the normal exchange mechanism.
1552 1587
1553 1588 This can likely result in faster and more reliable clones.
1554 1589
1555 1590 (default: True)
1556 1591
1557 1592 ``clonebundlefallback``
1558 1593 Whether failure to apply an advertised "clone bundle" from a server
1559 1594 should result in fallback to a regular clone.
1560 1595
1561 1596 This is disabled by default because servers advertising "clone
1562 1597 bundles" often do so to reduce server load. If advertised bundles
1563 1598 start mass failing and clients automatically fall back to a regular
1564 1599 clone, this would add significant and unexpected load to the server
1565 1600 since the server is expecting clone operations to be offloaded to
1566 1601 pre-generated bundles. Failing fast (the default behavior) ensures
1567 1602 clients don't overwhelm the server when "clone bundle" application
1568 1603 fails.
1569 1604
1570 1605 (default: False)
1571 1606
1572 1607 ``clonebundleprefers``
1573 1608 Defines preferences for which "clone bundles" to use.
1574 1609
1575 1610 Servers advertising "clone bundles" may advertise multiple available
1576 1611 bundles. Each bundle may have different attributes, such as the bundle
1577 1612 type and compression format. This option is used to prefer a particular
1578 1613 bundle over another.
1579 1614
1580 1615 The following keys are defined by Mercurial:
1581 1616
1582 1617 BUNDLESPEC
1583 1618 A bundle type specifier. These are strings passed to :hg:`bundle -t`.
1584 1619 e.g. ``gzip-v2`` or ``bzip2-v1``.
1585 1620
1586 1621 COMPRESSION
1587 1622 The compression format of the bundle. e.g. ``gzip`` and ``bzip2``.
1588 1623
1589 1624 Server operators may define custom keys.
1590 1625
1591 1626 Example values: ``COMPRESSION=bzip2``,
1592 1627 ``BUNDLESPEC=gzip-v2, COMPRESSION=gzip``.
1593 1628
1594 1629 By default, the first bundle advertised by the server is used.
1595 1630
1596 1631 ``commitsubrepos``
1597 1632 Whether to commit modified subrepositories when committing the
1598 1633 parent repository. If False and one subrepository has uncommitted
1599 1634 changes, abort the commit.
1600 1635 (default: False)
1601 1636
1602 1637 ``debug``
1603 1638 Print debugging information. (default: False)
1604 1639
1605 1640 ``editor``
1606 1641 The editor to use during a commit. (default: ``$EDITOR`` or ``vi``)
1607 1642
1608 1643 ``fallbackencoding``
1609 1644 Encoding to try if it's not possible to decode the changelog using
1610 1645 UTF-8. (default: ISO-8859-1)
1611 1646
1612 1647 ``graphnodetemplate``
1613 1648 The template used to print changeset nodes in an ASCII revision graph.
1614 1649 (default: ``{graphnode}``)
1615 1650
1616 1651 ``ignore``
1617 1652 A file to read per-user ignore patterns from. This file should be
1618 1653 in the same format as a repository-wide .hgignore file. Filenames
1619 1654 are relative to the repository root. This option supports hook syntax,
1620 1655 so if you want to specify multiple ignore files, you can do so by
1621 1656 setting something like ``ignore.other = ~/.hgignore2``. For details
1622 1657 of the ignore file format, see the ``hgignore(5)`` man page.
1623 1658
1624 1659 ``interactive``
1625 1660 Allow to prompt the user. (default: True)
1626 1661
1627 1662 ``interface``
1628 1663 Select the default interface for interactive features (default: text).
1629 1664 Possible values are 'text' and 'curses'.
1630 1665
1631 1666 ``interface.chunkselector``
1632 1667 Select the interface for change recording (e.g. :hg:`commit` -i).
1633 1668 Possible values are 'text' and 'curses'.
1634 1669 This config overrides the interface specified by ui.interface.
1635 1670
1636 1671 ``logtemplate``
1637 1672 Template string for commands that print changesets.
1638 1673
1639 1674 ``merge``
1640 1675 The conflict resolution program to use during a manual merge.
1641 1676 For more information on merge tools see :hg:`help merge-tools`.
1642 1677 For configuring merge tools see the ``[merge-tools]`` section.
1643 1678
1644 1679 ``mergemarkers``
1645 1680 Sets the merge conflict marker label styling. The ``detailed``
1646 1681 style uses the ``mergemarkertemplate`` setting to style the labels.
1647 1682 The ``basic`` style just uses 'local' and 'other' as the marker label.
1648 1683 One of ``basic`` or ``detailed``.
1649 1684 (default: ``basic``)
1650 1685
1651 1686 ``mergemarkertemplate``
1652 1687 The template used to print the commit description next to each conflict
1653 1688 marker during merge conflicts. See :hg:`help templates` for the template
1654 1689 format.
1655 1690
1656 1691 Defaults to showing the hash, tags, branches, bookmarks, author, and
1657 1692 the first line of the commit description.
1658 1693
1659 1694 If you use non-ASCII characters in names for tags, branches, bookmarks,
1660 1695 authors, and/or commit descriptions, you must pay attention to encodings of
1661 1696 managed files. At template expansion, non-ASCII characters use the encoding
1662 1697 specified by the ``--encoding`` global option, ``HGENCODING`` or other
1663 1698 environment variables that govern your locale. If the encoding of the merge
1664 1699 markers is different from the encoding of the merged files,
1665 1700 serious problems may occur.
1666 1701
1667 1702 ``origbackuppath``
1668 1703 The path to a directory used to store generated .orig files. If the path is
1669 1704 not a directory, one will be created.
1670 1705
1671 1706 ``patch``
1672 1707 An optional external tool that ``hg import`` and some extensions
1673 1708 will use for applying patches. By default Mercurial uses an
1674 1709 internal patch utility. The external tool must work as the common
1675 1710 Unix ``patch`` program. In particular, it must accept a ``-p``
1676 1711 argument to strip patch headers, a ``-d`` argument to specify the
1677 1712 current directory, a file name to patch, and a patch file to take
1678 1713 from stdin.
1679 1714
1680 1715 It is possible to specify a patch tool together with extra
1681 1716 arguments. For example, setting this option to ``patch --merge``
1682 1717 will use the ``patch`` program with its 2-way merge option.
1683 1718
1684 1719 ``portablefilenames``
1685 1720 Check for portable filenames. Can be ``warn``, ``ignore`` or ``abort``.
1686 1721 (default: ``warn``)
1687 1722
1688 1723 ``warn``
1689 1724 Print a warning message on POSIX platforms, if a file with a non-portable
1690 1725 filename is added (e.g. a file with a name that can't be created on
1691 1726 Windows because it contains reserved parts like ``AUX``, reserved
1692 1727 characters like ``:``, or would cause a case collision with an existing
1693 1728 file).
1694 1729
1695 1730 ``ignore``
1696 1731 Don't print a warning.
1697 1732
1698 1733 ``abort``
1699 1734 The command is aborted.
1700 1735
1701 1736 ``true``
1702 1737 Alias for ``warn``.
1703 1738
1704 1739 ``false``
1705 1740 Alias for ``ignore``.
1706 1741
1707 1742 .. container:: windows
1708 1743
1709 1744 On Windows, this configuration option is ignored and the command aborted.
1710 1745
1711 1746 ``quiet``
1712 1747 Reduce the amount of output printed.
1713 1748 (default: False)
1714 1749
1715 1750 ``remotecmd``
1716 1751 Remote command to use for clone/push/pull operations.
1717 1752 (default: ``hg``)
1718 1753
1719 1754 ``report_untrusted``
1720 1755 Warn if a ``.hg/hgrc`` file is ignored due to not being owned by a
1721 1756 trusted user or group.
1722 1757 (default: True)
1723 1758
1724 1759 ``slash``
1725 1760 Display paths using a slash (``/``) as the path separator. This
1726 1761 only makes a difference on systems where the default path
1727 1762 separator is not the slash character (e.g. Windows uses the
1728 1763 backslash character (``\``)).
1729 1764 (default: False)
1730 1765
1731 1766 ``statuscopies``
1732 1767 Display copies in the status command.
1733 1768
1734 1769 ``ssh``
1735 1770 Command to use for SSH connections. (default: ``ssh``)
1736 1771
1737 1772 ``strict``
1738 1773 Require exact command names, instead of allowing unambiguous
1739 1774 abbreviations. (default: False)
1740 1775
1741 1776 ``style``
1742 1777 Name of style to use for command output.
1743 1778
1744 1779 ``supportcontact``
1745 1780 A URL where users should report a Mercurial traceback. Use this if you are a
1746 1781 large organisation with its own Mercurial deployment process and crash
1747 1782 reports should be addressed to your internal support.
1748 1783
1749 1784 ``textwidth``
1750 1785 Maximum width of help text. A longer line generated by ``hg help`` or
1751 1786 ``hg subcommand --help`` will be broken after white space to get this
1752 1787 width or the terminal width, whichever comes first.
1753 1788 A non-positive value will disable this and the terminal width will be
1754 1789 used. (default: 78)
1755 1790
1756 1791 ``timeout``
1757 1792 The timeout used when a lock is held (in seconds), a negative value
1758 1793 means no timeout. (default: 600)
1759 1794
1760 1795 ``traceback``
1761 1796 Mercurial always prints a traceback when an unknown exception
1762 1797 occurs. Setting this to True will make Mercurial print a traceback
1763 1798 on all exceptions, even those recognized by Mercurial (such as
1764 1799 IOError or MemoryError). (default: False)
1765 1800
1766 1801 ``username``
1767 1802 The committer of a changeset created when running "commit".
1768 1803 Typically a person's name and email address, e.g. ``Fred Widget
1769 1804 <fred@example.com>``. Environment variables in the
1770 1805 username are expanded.
1771 1806
1772 1807 (default: ``$EMAIL`` or ``username@hostname``. If the username in
1773 1808 hgrc is empty, e.g. if the system admin set ``username =`` in the
1774 1809 system hgrc, it has to be specified manually or in a different
1775 1810 hgrc file)
1776 1811
1777 1812 ``verbose``
1778 1813 Increase the amount of output printed. (default: False)
1779 1814
1780 1815
1781 1816 ``web``
1782 1817 -------
1783 1818
1784 1819 Web interface configuration. The settings in this section apply to
1785 1820 both the builtin webserver (started by :hg:`serve`) and the script you
1786 1821 run through a webserver (``hgweb.cgi`` and the derivatives for FastCGI
1787 1822 and WSGI).
1788 1823
1789 1824 The Mercurial webserver does no authentication (it does not prompt for
1790 1825 usernames and passwords to validate *who* users are), but it does do
1791 1826 authorization (it grants or denies access for *authenticated users*
1792 1827 based on settings in this section). You must either configure your
1793 1828 webserver to do authentication for you, or disable the authorization
1794 1829 checks.
1795 1830
1796 1831 For a quick setup in a trusted environment, e.g., a private LAN, where
1797 1832 you want it to accept pushes from anybody, you can use the following
1798 1833 command line::
1799 1834
1800 1835 $ hg --config web.allow_push=* --config web.push_ssl=False serve
1801 1836
1802 1837 Note that this will allow anybody to push anything to the server and
1803 1838 that this should not be used for public servers.
1804 1839
1805 1840 The full set of options is:
1806 1841
1807 1842 ``accesslog``
1808 1843 Where to output the access log. (default: stdout)
1809 1844
1810 1845 ``address``
1811 1846 Interface address to bind to. (default: all)
1812 1847
1813 1848 ``allow_archive``
1814 1849 List of archive format (bz2, gz, zip) allowed for downloading.
1815 1850 (default: empty)
1816 1851
1817 1852 ``allowbz2``
1818 1853 (DEPRECATED) Whether to allow .tar.bz2 downloading of repository
1819 1854 revisions.
1820 1855 (default: False)
1821 1856
1822 1857 ``allowgz``
1823 1858 (DEPRECATED) Whether to allow .tar.gz downloading of repository
1824 1859 revisions.
1825 1860 (default: False)
1826 1861
1827 1862 ``allowpull``
1828 1863 Whether to allow pulling from the repository. (default: True)
1829 1864
1830 1865 ``allow_push``
1831 1866 Whether to allow pushing to the repository. If empty or not set,
1832 1867 pushing is not allowed. If the special value ``*``, any remote
1833 1868 user can push, including unauthenticated users. Otherwise, the
1834 1869 remote user must have been authenticated, and the authenticated
1835 1870 user name must be present in this list. The contents of the
1836 1871 allow_push list are examined after the deny_push list.
1837 1872
1838 1873 ``allow_read``
1839 1874 If the user has not already been denied repository access due to
1840 1875 the contents of deny_read, this list determines whether to grant
1841 1876 repository access to the user. If this list is not empty, and the
1842 1877 user is unauthenticated or not present in the list, then access is
1843 1878 denied for the user. If the list is empty or not set, then access
1844 1879 is permitted to all users by default. Setting allow_read to the
1845 1880 special value ``*`` is equivalent to it not being set (i.e. access
1846 1881 is permitted to all users). The contents of the allow_read list are
1847 1882 examined after the deny_read list.
1848 1883
1849 1884 ``allowzip``
1850 1885 (DEPRECATED) Whether to allow .zip downloading of repository
1851 1886 revisions. This feature creates temporary files.
1852 1887 (default: False)
1853 1888
1854 1889 ``archivesubrepos``
1855 1890 Whether to recurse into subrepositories when archiving.
1856 1891 (default: False)
1857 1892
1858 1893 ``baseurl``
1859 1894 Base URL to use when publishing URLs in other locations, so
1860 1895 third-party tools like email notification hooks can construct
1861 1896 URLs. Example: ``http://hgserver/repos/``.
1862 1897
1863 1898 ``cacerts``
1864 1899 Path to file containing a list of PEM encoded certificate
1865 1900 authority certificates. Environment variables and ``~user``
1866 1901 constructs are expanded in the filename. If specified on the
1867 1902 client, then it will verify the identity of remote HTTPS servers
1868 1903 with these certificates.
1869 1904
1870 1905 To disable SSL verification temporarily, specify ``--insecure`` from
1871 1906 command line.
1872 1907
1873 1908 You can use OpenSSL's CA certificate file if your platform has
1874 1909 one. On most Linux systems this will be
1875 1910 ``/etc/ssl/certs/ca-certificates.crt``. Otherwise you will have to
1876 1911 generate this file manually. The form must be as follows::
1877 1912
1878 1913 -----BEGIN CERTIFICATE-----
1879 1914 ... (certificate in base64 PEM encoding) ...
1880 1915 -----END CERTIFICATE-----
1881 1916 -----BEGIN CERTIFICATE-----
1882 1917 ... (certificate in base64 PEM encoding) ...
1883 1918 -----END CERTIFICATE-----
1884 1919
1885 1920 ``cache``
1886 1921 Whether to support caching in hgweb. (default: True)
1887 1922
1888 1923 ``certificate``
1889 1924 Certificate to use when running :hg:`serve`.
1890 1925
1891 1926 ``collapse``
1892 1927 With ``descend`` enabled, repositories in subdirectories are shown at
1893 1928 a single level alongside repositories in the current path. With
1894 1929 ``collapse`` also enabled, repositories residing at a deeper level than
1895 1930 the current path are grouped behind navigable directory entries that
1896 1931 lead to the locations of these repositories. In effect, this setting
1897 1932 collapses each collection of repositories found within a subdirectory
1898 1933 into a single entry for that subdirectory. (default: False)
1899 1934
1900 1935 ``comparisoncontext``
1901 1936 Number of lines of context to show in side-by-side file comparison. If
1902 1937 negative or the value ``full``, whole files are shown. (default: 5)
1903 1938
1904 1939 This setting can be overridden by a ``context`` request parameter to the
1905 1940 ``comparison`` command, taking the same values.
1906 1941
1907 1942 ``contact``
1908 1943 Name or email address of the person in charge of the repository.
1909 1944 (default: ui.username or ``$EMAIL`` or "unknown" if unset or empty)
1910 1945
1911 1946 ``deny_push``
1912 1947 Whether to deny pushing to the repository. If empty or not set,
1913 1948 push is not denied. If the special value ``*``, all remote users are
1914 1949 denied push. Otherwise, unauthenticated users are all denied, and
1915 1950 any authenticated user name present in this list is also denied. The
1916 1951 contents of the deny_push list are examined before the allow_push list.
1917 1952
1918 1953 ``deny_read``
1919 1954 Whether to deny reading/viewing of the repository. If this list is
1920 1955 not empty, unauthenticated users are all denied, and any
1921 1956 authenticated user name present in this list is also denied access to
1922 1957 the repository. If set to the special value ``*``, all remote users
1923 1958 are denied access (rarely needed ;). If deny_read is empty or not set,
1924 1959 the determination of repository access depends on the presence and
1925 1960 content of the allow_read list (see description). If both
1926 1961 deny_read and allow_read are empty or not set, then access is
1927 1962 permitted to all users by default. If the repository is being
1928 1963 served via hgwebdir, denied users will not be able to see it in
1929 1964 the list of repositories. The contents of the deny_read list have
1930 1965 priority over (are examined before) the contents of the allow_read
1931 1966 list.
1932 1967
1933 1968 ``descend``
1934 1969 hgwebdir indexes will not descend into subdirectories. Only repositories
1935 1970 directly in the current path will be shown (other repositories are still
1936 1971 available from the index corresponding to their containing path).
1937 1972
1938 1973 ``description``
1939 1974 Textual description of the repository's purpose or contents.
1940 1975 (default: "unknown")
1941 1976
1942 1977 ``encoding``
1943 1978 Character encoding name. (default: the current locale charset)
1944 1979 Example: "UTF-8".
1945 1980
1946 1981 ``errorlog``
1947 1982 Where to output the error log. (default: stderr)
1948 1983
1949 1984 ``guessmime``
1950 1985 Control MIME types for raw download of file content.
1951 1986 Set to True to let hgweb guess the content type from the file
1952 1987 extension. This will serve HTML files as ``text/html`` and might
1953 1988 allow cross-site scripting attacks when serving untrusted
1954 1989 repositories. (default: False)
1955 1990
1956 1991 ``hidden``
1957 1992 Whether to hide the repository in the hgwebdir index.
1958 1993 (default: False)
1959 1994
1960 1995 ``ipv6``
1961 1996 Whether to use IPv6. (default: False)
1962 1997
1963 1998 ``logoimg``
1964 1999 File name of the logo image that some templates display on each page.
1965 2000 The file name is relative to ``staticurl``. That is, the full path to
1966 2001 the logo image is "staticurl/logoimg".
1967 2002 If unset, ``hglogo.png`` will be used.
1968 2003
1969 2004 ``logourl``
1970 2005 Base URL to use for logos. If unset, ``https://mercurial-scm.org/``
1971 2006 will be used.
1972 2007
1973 2008 ``maxchanges``
1974 2009 Maximum number of changes to list on the changelog. (default: 10)
1975 2010
1976 2011 ``maxfiles``
1977 2012 Maximum number of files to list per changeset. (default: 10)
1978 2013
1979 2014 ``maxshortchanges``
1980 2015 Maximum number of changes to list on the shortlog, graph or filelog
1981 2016 pages. (default: 60)
1982 2017
1983 2018 ``name``
1984 2019 Repository name to use in the web interface.
1985 2020 (default: current working directory)
1986 2021
1987 2022 ``port``
1988 2023 Port to listen on. (default: 8000)
1989 2024
1990 2025 ``prefix``
1991 2026 Prefix path to serve from. (default: '' (server root))
1992 2027
1993 2028 ``push_ssl``
1994 2029 Whether to require that inbound pushes be transported over SSL to
1995 2030 prevent password sniffing. (default: True)
1996 2031
1997 2032 ``refreshinterval``
1998 2033 How frequently directory listings re-scan the filesystem for new
1999 2034 repositories, in seconds. This is relevant when wildcards are used
2000 2035 to define paths. Depending on how much filesystem traversal is
2001 2036 required, refreshing may negatively impact performance.
2002 2037
2003 2038 Values less than or equal to 0 always refresh.
2004 2039 (default: 20)
2005 2040
2006 2041 ``staticurl``
2007 2042 Base URL to use for static files. If unset, static files (e.g. the
2008 2043 hgicon.png favicon) will be served by the CGI script itself. Use
2009 2044 this setting to serve them directly with the HTTP server.
2010 2045 Example: ``http://hgserver/static/``.
2011 2046
2012 2047 ``stripes``
2013 2048 How many lines a "zebra stripe" should span in multi-line output.
2014 2049 Set to 0 to disable. (default: 1)
2015 2050
2016 2051 ``style``
2017 2052 Which template map style to use. The available options are the names of
2018 2053 subdirectories in the HTML templates path. (default: ``paper``)
2019 2054 Example: ``monoblue``.
2020 2055
2021 2056 ``templates``
2022 2057 Where to find the HTML templates. The default path to the HTML templates
2023 2058 can be obtained from ``hg debuginstall``.
2024 2059
2025 2060 ``websub``
2026 2061 ----------
2027 2062
2028 2063 Web substitution filter definition. You can use this section to
2029 2064 define a set of regular expression substitution patterns which
2030 2065 let you automatically modify the hgweb server output.
2031 2066
2032 2067 The default hgweb templates only apply these substitution patterns
2033 2068 on the revision description fields. You can apply them anywhere
2034 2069 you want when you create your own templates by adding calls to the
2035 2070 "websub" filter (usually after calling the "escape" filter).
2036 2071
2037 2072 This can be used, for example, to convert issue references to links
2038 2073 to your issue tracker, or to convert "markdown-like" syntax into
2039 2074 HTML (see the examples below).
2040 2075
2041 2076 Each entry in this section names a substitution filter.
2042 2077 The value of each entry defines the substitution expression itself.
2043 2078 The websub expressions follow the old interhg extension syntax,
2044 2079 which in turn imitates the Unix sed replacement syntax::
2045 2080
2046 2081 patternname = s/SEARCH_REGEX/REPLACE_EXPRESSION/[i]
2047 2082
2048 2083 You can use any separator other than "/". The final "i" is optional
2049 2084 and indicates that the search must be case insensitive.
2050 2085
2051 2086 Examples::
2052 2087
2053 2088 [websub]
2054 2089 issues = s|issue(\d+)|<a href="http://bts.example.org/issue\1">issue\1</a>|i
2055 2090 italic = s/\b_(\S+)_\b/<i>\1<\/i>/
2056 2091 bold = s/\*\b(\S+)\b\*/<b>\1<\/b>/
2057 2092
2058 2093 ``worker``
2059 2094 ----------
2060 2095
2061 2096 Parallel master/worker configuration. We currently perform working
2062 2097 directory updates in parallel on Unix-like systems, which greatly
2063 2098 helps performance.
2064 2099
2065 2100 ``numcpus``
2066 2101 Number of CPUs to use for parallel operations. A zero or
2067 2102 negative value is treated as ``use the default``.
2068 2103 (default: 4 or the number of CPUs on the system, whichever is larger)
2069 2104
2070 2105 ``backgroundclose``
2071 2106 Whether to enable closing file handles on background threads during certain
2072 2107 operations. Some platforms aren't very efficient at closing file
2073 2108 handles that have been written or appended to. By performing file closing
2074 2109 on background threads, file write rate can increase substantially.
2075 2110 (default: true on Windows, false elsewhere)
2076 2111
2077 2112 ``backgroundcloseminfilecount``
2078 2113 Minimum number of files required to trigger background file closing.
2079 2114 Operations not writing this many files won't start background close
2080 2115 threads.
2081 2116 (default: 2048)
2082 2117
2083 2118 ``backgroundclosemaxqueue``
2084 2119 The maximum number of opened file handles waiting to be closed in the
2085 2120 background. This option only has an effect if ``backgroundclose`` is
2086 2121 enabled.
2087 2122 (default: 384)
2088 2123
2089 2124 ``backgroundclosethreadcount``
2090 2125 Number of threads to process background file closes. Only relevant if
2091 2126 ``backgroundclose`` is enabled.
2092 2127 (default: 4)
Show file before | Show file after | Hide comments
@@ -1,384 +1,399
1 1 # sslutil.py - SSL handling for mercurial
2 2 #
3 3 # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com>
4 4 # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br>
5 5 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
6 6 #
7 7 # This software may be used and distributed according to the terms of the
8 8 # GNU General Public License version 2 or any later version.
9 9
10 10 from __future__ import absolute_import
11 11
12 12 import os
13 13 import ssl
14 14 import sys
15 15
16 16 from .i18n import _
17 17 from . import (
18 18 error,
19 19 util,
20 20 )
21 21
22 22 # Python 2.7.9+ overhauled the built-in SSL/TLS features of Python. It added
23 23 # support for TLS 1.1, TLS 1.2, SNI, system CA stores, etc. These features are
24 24 # all exposed via the "ssl" module.
25 25 #
26 26 # Depending on the version of Python being used, SSL/TLS support is either
27 27 # modern/secure or legacy/insecure. Many operations in this module have
28 28 # separate code paths depending on support in Python.
29 29
30 30 hassni = getattr(ssl, 'HAS_SNI', False)
31 31
32 32 try:
33 33 OP_NO_SSLv2 = ssl.OP_NO_SSLv2
34 34 OP_NO_SSLv3 = ssl.OP_NO_SSLv3
35 35 except AttributeError:
36 36 OP_NO_SSLv2 = 0x1000000
37 37 OP_NO_SSLv3 = 0x2000000
38 38
39 39 try:
40 40 # ssl.SSLContext was added in 2.7.9 and presence indicates modern
41 41 # SSL/TLS features are available.
42 42 SSLContext = ssl.SSLContext
43 43 modernssl = True
44 44 _canloaddefaultcerts = util.safehasattr(SSLContext, 'load_default_certs')
45 45 except AttributeError:
46 46 modernssl = False
47 47 _canloaddefaultcerts = False
48 48
49 49 # We implement SSLContext using the interface from the standard library.
50 50 class SSLContext(object):
51 51 # ssl.wrap_socket gained the "ciphers" named argument in 2.7.
52 52 _supportsciphers = sys.version_info >= (2, 7)
53 53
54 54 def __init__(self, protocol):
55 55 # From the public interface of SSLContext
56 56 self.protocol = protocol
57 57 self.check_hostname = False
58 58 self.options = 0
59 59 self.verify_mode = ssl.CERT_NONE
60 60
61 61 # Used by our implementation.
62 62 self._certfile = None
63 63 self._keyfile = None
64 64 self._certpassword = None
65 65 self._cacerts = None
66 66 self._ciphers = None
67 67
68 68 def load_cert_chain(self, certfile, keyfile=None, password=None):
69 69 self._certfile = certfile
70 70 self._keyfile = keyfile
71 71 self._certpassword = password
72 72
73 73 def load_default_certs(self, purpose=None):
74 74 pass
75 75
76 76 def load_verify_locations(self, cafile=None, capath=None, cadata=None):
77 77 if capath:
78 78 raise error.Abort('capath not supported')
79 79 if cadata:
80 80 raise error.Abort('cadata not supported')
81 81
82 82 self._cacerts = cafile
83 83
84 84 def set_ciphers(self, ciphers):
85 85 if not self._supportsciphers:
86 86 raise error.Abort('setting ciphers not supported')
87 87
88 88 self._ciphers = ciphers
89 89
90 90 def wrap_socket(self, socket, server_hostname=None, server_side=False):
91 91 # server_hostname is unique to SSLContext.wrap_socket and is used
92 92 # for SNI in that context. So there's nothing for us to do with it
93 93 # in this legacy code since we don't support SNI.
94 94
95 95 args = {
96 96 'keyfile': self._keyfile,
97 97 'certfile': self._certfile,
98 98 'server_side': server_side,
99 99 'cert_reqs': self.verify_mode,
100 100 'ssl_version': self.protocol,
101 101 'ca_certs': self._cacerts,
102 102 }
103 103
104 104 if self._supportsciphers:
105 105 args['ciphers'] = self._ciphers
106 106
107 107 return ssl.wrap_socket(socket, **args)
108 108
109 109 def _hostsettings(ui, hostname):
110 110 """Obtain security settings for a hostname.
111 111
112 112 Returns a dict of settings relevant to that hostname.
113 113 """
114 114 s = {
115 115 # List of 2-tuple of (hash algorithm, hash).
116 116 'certfingerprints': [],
117 117 # Path to file containing concatenated CA certs. Used by
118 118 # SSLContext.load_verify_locations().
119 119 'cafile': None,
120 120 # ssl.CERT_* constant used by SSLContext.verify_mode.
121 121 'verifymode': None,
122 122 }
123 123
124 # Look for fingerprints in [hostsecurity] section. Value is a list
125 # of <alg>:<fingerprint> strings.
126 fingerprints = ui.configlist('hostsecurity', '%s:fingerprints' % hostname,
127 [])
128 for fingerprint in fingerprints:
129 if not (fingerprint.startswith(('sha1:', 'sha256:', 'sha512:'))):
130 raise error.Abort(_('invalid fingerprint for %s: %s') % (
131 hostname, fingerprint),
132 hint=_('must begin with "sha1:", "sha256:", '
133 'or "sha512:"'))
134
135 alg, fingerprint = fingerprint.split(':', 1)
136 fingerprint = fingerprint.replace(':', '').lower()
137 s['certfingerprints'].append((alg, fingerprint))
138
124 139 # Fingerprints from [hostfingerprints] are always SHA-1.
125 140 for fingerprint in ui.configlist('hostfingerprints', hostname, []):
126 141 fingerprint = fingerprint.replace(':', '').lower()
127 142 s['certfingerprints'].append(('sha1', fingerprint))
128 143
129 144 # If a host cert fingerprint is defined, it is the only thing that
130 145 # matters. No need to validate CA certs.
131 146 if s['certfingerprints']:
132 147 s['verifymode'] = ssl.CERT_NONE
133 148
134 149 # If --insecure is used, don't take CAs into consideration.
135 150 elif ui.insecureconnections:
136 151 s['verifymode'] = ssl.CERT_NONE
137 152
138 153 # Try to hook up CA certificate validation unless something above
139 154 # makes it not necessary.
140 155 if s['verifymode'] is None:
141 156 # Find global certificates file in config.
142 157 cafile = ui.config('web', 'cacerts')
143 158
144 159 if cafile:
145 160 cafile = util.expandpath(cafile)
146 161 if not os.path.exists(cafile):
147 162 raise error.Abort(_('could not find web.cacerts: %s') % cafile)
148 163 else:
149 164 # No global CA certs. See if we can load defaults.
150 165 cafile = _defaultcacerts()
151 166 if cafile:
152 167 ui.debug('using %s to enable OS X system CA\n' % cafile)
153 168
154 169 s['cafile'] = cafile
155 170
156 171 # Require certificate validation if CA certs are being loaded and
157 172 # verification hasn't been disabled above.
158 173 if cafile or _canloaddefaultcerts:
159 174 s['verifymode'] = ssl.CERT_REQUIRED
160 175 else:
161 176 # At this point we don't have a fingerprint, aren't being
162 177 # explicitly insecure, and can't load CA certs. Connecting
163 178 # at this point is insecure. But we do it for BC reasons.
164 179 # TODO abort here to make secure by default.
165 180 s['verifymode'] = ssl.CERT_NONE
166 181
167 182 assert s['verifymode'] is not None
168 183
169 184 return s
170 185
171 186 def wrapsocket(sock, keyfile, certfile, ui, serverhostname=None):
172 187 """Add SSL/TLS to a socket.
173 188
174 189 This is a glorified wrapper for ``ssl.wrap_socket()``. It makes sane
175 190 choices based on what security options are available.
176 191
177 192 In addition to the arguments supported by ``ssl.wrap_socket``, we allow
178 193 the following additional arguments:
179 194
180 195 * serverhostname - The expected hostname of the remote server. If the
181 196 server (and client) support SNI, this tells the server which certificate
182 197 to use.
183 198 """
184 199 if not serverhostname:
185 200 raise error.Abort('serverhostname argument is required')
186 201
187 202 settings = _hostsettings(ui, serverhostname)
188 203
189 204 # Despite its name, PROTOCOL_SSLv23 selects the highest protocol
190 205 # that both ends support, including TLS protocols. On legacy stacks,
191 206 # the highest it likely goes in TLS 1.0. On modern stacks, it can
192 207 # support TLS 1.2.
193 208 #
194 209 # The PROTOCOL_TLSv* constants select a specific TLS version
195 210 # only (as opposed to multiple versions). So the method for
196 211 # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and
197 212 # disable protocols via SSLContext.options and OP_NO_* constants.
198 213 # However, SSLContext.options doesn't work unless we have the
199 214 # full/real SSLContext available to us.
200 215 #
201 216 # SSLv2 and SSLv3 are broken. We ban them outright.
202 217 if modernssl:
203 218 protocol = ssl.PROTOCOL_SSLv23
204 219 else:
205 220 protocol = ssl.PROTOCOL_TLSv1
206 221
207 222 # TODO use ssl.create_default_context() on modernssl.
208 223 sslcontext = SSLContext(protocol)
209 224
210 225 # This is a no-op on old Python.
211 226 sslcontext.options |= OP_NO_SSLv2 | OP_NO_SSLv3
212 227
213 228 # This still works on our fake SSLContext.
214 229 sslcontext.verify_mode = settings['verifymode']
215 230
216 231 if certfile is not None:
217 232 def password():
218 233 f = keyfile or certfile
219 234 return ui.getpass(_('passphrase for %s: ') % f, '')
220 235 sslcontext.load_cert_chain(certfile, keyfile, password)
221 236
222 237 if settings['cafile'] is not None:
223 238 sslcontext.load_verify_locations(cafile=settings['cafile'])
224 239 caloaded = True
225 240 else:
226 241 # This is a no-op on old Python.
227 242 sslcontext.load_default_certs()
228 243 caloaded = _canloaddefaultcerts
229 244
230 245 sslsocket = sslcontext.wrap_socket(sock, server_hostname=serverhostname)
231 246 # check if wrap_socket failed silently because socket had been
232 247 # closed
233 248 # - see http://bugs.python.org/issue13721
234 249 if not sslsocket.cipher():
235 250 raise error.Abort(_('ssl connection failed'))
236 251
237 252 sslsocket._hgstate = {
238 253 'caloaded': caloaded,
239 254 'hostname': serverhostname,
240 255 'settings': settings,
241 256 'ui': ui,
242 257 }
243 258
244 259 return sslsocket
245 260
246 261 def _verifycert(cert, hostname):
247 262 '''Verify that cert (in socket.getpeercert() format) matches hostname.
248 263 CRLs is not handled.
249 264
250 265 Returns error message if any problems are found and None on success.
251 266 '''
252 267 if not cert:
253 268 return _('no certificate received')
254 269 dnsname = hostname.lower()
255 270 def matchdnsname(certname):
256 271 return (certname == dnsname or
257 272 '.' in dnsname and certname == '*.' + dnsname.split('.', 1)[1])
258 273
259 274 san = cert.get('subjectAltName', [])
260 275 if san:
261 276 certnames = [value.lower() for key, value in san if key == 'DNS']
262 277 for name in certnames:
263 278 if matchdnsname(name):
264 279 return None
265 280 if certnames:
266 281 return _('certificate is for %s') % ', '.join(certnames)
267 282
268 283 # subject is only checked when subjectAltName is empty
269 284 for s in cert.get('subject', []):
270 285 key, value = s[0]
271 286 if key == 'commonName':
272 287 try:
273 288 # 'subject' entries are unicode
274 289 certname = value.lower().encode('ascii')
275 290 except UnicodeEncodeError:
276 291 return _('IDN in certificate not supported')
277 292 if matchdnsname(certname):
278 293 return None
279 294 return _('certificate is for %s') % certname
280 295 return _('no commonName or subjectAltName found in certificate')
281 296
282 297
283 298 # CERT_REQUIRED means fetch the cert from the server all the time AND
284 299 # validate it against the CA store provided in web.cacerts.
285 300
286 301 def _plainapplepython():
287 302 """return true if this seems to be a pure Apple Python that
288 303 * is unfrozen and presumably has the whole mercurial module in the file
289 304 system
290 305 * presumably is an Apple Python that uses Apple OpenSSL which has patches
291 306 for using system certificate store CAs in addition to the provided
292 307 cacerts file
293 308 """
294 309 if sys.platform != 'darwin' or util.mainfrozen() or not sys.executable:
295 310 return False
296 311 exe = os.path.realpath(sys.executable).lower()
297 312 return (exe.startswith('/usr/bin/python') or
298 313 exe.startswith('/system/library/frameworks/python.framework/'))
299 314
300 315 def _defaultcacerts():
301 316 """return path to default CA certificates or None."""
302 317 if _plainapplepython():
303 318 dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem')
304 319 if os.path.exists(dummycert):
305 320 return dummycert
306 321
307 322 return None
308 323
309 324 def validatesocket(sock, strict=False):
310 325 """Validate a socket meets security requiremnets.
311 326
312 327 The passed socket must have been created with ``wrapsocket()``.
313 328 """
314 329 host = sock._hgstate['hostname']
315 330 ui = sock._hgstate['ui']
316 331 settings = sock._hgstate['settings']
317 332
318 333 try:
319 334 peercert = sock.getpeercert(True)
320 335 peercert2 = sock.getpeercert()
321 336 except AttributeError:
322 337 raise error.Abort(_('%s ssl connection error') % host)
323 338
324 339 if not peercert:
325 340 raise error.Abort(_('%s certificate error: '
326 341 'no certificate received') % host)
327 342
328 343 # If a certificate fingerprint is pinned, use it and only it to
329 344 # validate the remote cert.
330 345 peerfingerprints = {
331 346 'sha1': util.sha1(peercert).hexdigest(),
332 347 'sha256': util.sha256(peercert).hexdigest(),
333 348 'sha512': util.sha512(peercert).hexdigest(),
334 349 }
335 350 nicefingerprint = ':'.join([peerfingerprints['sha1'][x:x + 2]
336 351 for x in range(0, len(peerfingerprints['sha1']), 2)])
337 352
338 353 if settings['certfingerprints']:
339 354 fingerprintmatch = False
340 355 for hash, fingerprint in settings['certfingerprints']:
341 356 if peerfingerprints[hash].lower() == fingerprint:
342 357 fingerprintmatch = True
343 358 break
344 359 if not fingerprintmatch:
345 360 raise error.Abort(_('certificate for %s has unexpected '
346 361 'fingerprint %s') % (host, nicefingerprint),
347 362 hint=_('check hostfingerprint configuration'))
348 363 ui.debug('%s certificate matched fingerprint %s\n' %
349 364 (host, nicefingerprint))
350 365 return
351 366
352 367 # If insecure connections were explicitly requested via --insecure,
353 368 # print a warning and do no verification.
354 369 #
355 370 # It may seem odd that this is checked *after* host fingerprint pinning.
356 371 # This is for backwards compatibility (for now). The message is also
357 372 # the same as below for BC.
358 373 if ui.insecureconnections:
359 374 ui.warn(_('warning: %s certificate with fingerprint %s not '
360 375 'verified (check hostfingerprints or web.cacerts '
361 376 'config setting)\n') %
362 377 (host, nicefingerprint))
363 378 return
364 379
365 380 if not sock._hgstate['caloaded']:
366 381 if strict:
367 382 raise error.Abort(_('%s certificate with fingerprint %s not '
368 383 'verified') % (host, nicefingerprint),
369 384 hint=_('check hostfingerprints or '
370 385 'web.cacerts config setting'))
371 386 else:
372 387 ui.warn(_('warning: %s certificate with fingerprint %s '
373 388 'not verified (check hostfingerprints or '
374 389 'web.cacerts config setting)\n') %
375 390 (host, nicefingerprint))
376 391
377 392 return
378 393
379 394 msg = _verifycert(peercert2, host)
380 395 if msg:
381 396 raise error.Abort(_('%s certificate error: %s') % (host, msg),
382 397 hint=_('configure hostfingerprint %s or use '
383 398 '--insecure to connect insecurely') %
384 399 nicefingerprint)
Show file before | Show file after | Hide comments
@@ -1,414 +1,432
1 1 #require serve ssl
2 2
3 3 Proper https client requires the built-in ssl from Python 2.6.
4 4
5 5 Certificates created with:
6 6 printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \
7 7 openssl req -newkey rsa:512 -keyout priv.pem -nodes -x509 -days 9000 -out pub.pem
8 8 Can be dumped with:
9 9 openssl x509 -in pub.pem -text
10 10
11 11 $ cat << EOT > priv.pem
12 12 > -----BEGIN PRIVATE KEY-----
13 13 > MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEApjCWeYGrIa/Vo7LH
14 14 > aRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8
15 15 > j/xgSwIDAQABAkBxHC6+Qlf0VJXGlb6NL16yEVVTQxqDS6hA9zqu6TZjrr0YMfzc
16 16 > EGNIiZGt7HCBL0zO+cPDg/LeCZc6HQhf0KrhAiEAzlJq4hWWzvguWFIJWSoBeBUG
17 17 > MF1ACazQO7PYE8M0qfECIQDONHHP0SKZzz/ZwBZcAveC5K61f/v9hONFwbeYulzR
18 18 > +wIgc9SvbtgB/5Yzpp//4ZAEnR7oh5SClCvyB+KSx52K3nECICbhQphhoXmI10wy
19 19 > aMTellaq0bpNMHFDziqH9RsqAHhjAiEAgYGxfzkftt5IUUn/iFK89aaIpyrpuaAh
20 20 > HY8gUVkVRVs=
21 21 > -----END PRIVATE KEY-----
22 22 > EOT
23 23
24 24 $ cat << EOT > pub.pem
25 25 > -----BEGIN CERTIFICATE-----
26 26 > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV
27 27 > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw
28 28 > MTAxNDIwMzAxNFoXDTM1MDYwNTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0
29 29 > MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL
30 30 > ADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX
31 31 > 6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA+amm
32 32 > r24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQw
33 33 > DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAFArvQFiAZJgQczRsbYlG1xl
34 34 > t+truk37w5B3m3Ick1ntRcQrqs+hf0CO1q6Squ144geYaQ8CDirSR92fICELI1c=
35 35 > -----END CERTIFICATE-----
36 36 > EOT
37 37 $ cat priv.pem pub.pem >> server.pem
38 38 $ PRIV=`pwd`/server.pem
39 39
40 40 $ cat << EOT > pub-other.pem
41 41 > -----BEGIN CERTIFICATE-----
42 42 > MIIBqzCCAVWgAwIBAgIJALwZS731c/ORMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV
43 43 > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw
44 44 > MTAxNDIwNDUxNloXDTM1MDYwNTIwNDUxNlowMTESMBAGA1UEAwwJbG9jYWxob3N0
45 45 > MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL
46 46 > ADBIAkEAsxsapLbHrqqUKuQBxdpK4G3m2LjtyrTSdpzzzFlecxd5yhNP6AyWrufo
47 47 > K4VMGo2xlu9xOo88nDSUNSKPuD09MwIDAQABo1AwTjAdBgNVHQ4EFgQUoIB1iMhN
48 48 > y868rpQ2qk9dHnU6ebswHwYDVR0jBBgwFoAUoIB1iMhNy868rpQ2qk9dHnU6ebsw
49 49 > DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJ544f125CsE7J2t55PdFaF6
50 50 > bBlNBb91FCywBgSjhBjf+GG3TNPwrPdc3yqeq+hzJiuInqbOBv9abmMyq8Wsoig=
51 51 > -----END CERTIFICATE-----
52 52 > EOT
53 53
54 54 pub.pem patched with other notBefore / notAfter:
55 55
56 56 $ cat << EOT > pub-not-yet.pem
57 57 > -----BEGIN CERTIFICATE-----
58 58 > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs
59 59 > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTM1MDYwNTIwMzAxNFoXDTM1MDYw
60 60 > NTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv
61 61 > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK
62 62 > EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA
63 63 > +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T
64 64 > BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJXV41gWnkgC7jcpPpFRSUSZaxyzrXmD1CIqQf0WgVDb
65 65 > /12E0vR2DuZitgzUYtBaofM81aTtc0a2/YsrmqePGm0=
66 66 > -----END CERTIFICATE-----
67 67 > EOT
68 68 $ cat priv.pem pub-not-yet.pem > server-not-yet.pem
69 69
70 70 $ cat << EOT > pub-expired.pem
71 71 > -----BEGIN CERTIFICATE-----
72 72 > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs
73 73 > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEwMTAxNDIwMzAxNFoXDTEwMTAx
74 74 > NDIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv
75 75 > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK
76 76 > EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA
77 77 > +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T
78 78 > BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJfk57DTRf2nUbYaMSlVAARxMNbFGOjQhAUtY400GhKt
79 79 > 2uiKCNGKXVXD3AHWe13yHc5KttzbHQStE5Nm/DlWBWQ=
80 80 > -----END CERTIFICATE-----
81 81 > EOT
82 82 $ cat priv.pem pub-expired.pem > server-expired.pem
83 83
84 84 Client certificates created with:
85 85 openssl genrsa -aes128 -passout pass:1234 -out client-key.pem 512
86 86 openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem
87 87 printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' | \
88 88 openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem
89 89 openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \
90 90 -set_serial 01 -out client-cert.pem
91 91
92 92 $ cat << EOT > client-key.pem
93 93 > -----BEGIN RSA PRIVATE KEY-----
94 94 > Proc-Type: 4,ENCRYPTED
95 95 > DEK-Info: AES-128-CBC,C8B8F103A61A336FB0716D1C0F8BB2E8
96 96 >
97 97 > JolMlCFjEW3q3JJjO9z99NJWeJbFgF5DpUOkfSCxH56hxxtZb9x++rBvBZkxX1bF
98 98 > BAIe+iI90+jdCLwxbILWuFcrJUaLC5WmO14XDKYVmr2eW9e4MiCYOlO0Q6a9rDFS
99 99 > jctRCfvubOXFHbBGLH8uKEMpXEkP7Lc60FiIukqjuQEivJjrQirVtZCGwyk3qUi7
100 100 > Eyh4Lo63IKGu8T1Bkmn2kaMvFhu7nC/CQLBjSq0YYI1tmCOkVb/3tPrz8oqgDJp2
101 101 > u7bLS3q0xDNZ52nVrKIoZC/UlRXGlPyzPpa70/jPIdfCbkwDaBpRVXc+62Pj2n5/
102 102 > CnO2xaKwfOG6pDvanBhFD72vuBOkAYlFZPiEku4sc2WlNggsSWCPCIFwzmiHjKIl
103 103 > bWmdoTq3nb7sNfnBbV0OCa7fS1dFwCm4R1NC7ELENu0=
104 104 > -----END RSA PRIVATE KEY-----
105 105 > EOT
106 106
107 107 $ cat << EOT > client-key-decrypted.pem
108 108 > -----BEGIN RSA PRIVATE KEY-----
109 109 > MIIBOgIBAAJBAJs4LS3glAYU92bg5kPgRPNW84ewB0fWJfAKccCp1ACHAdZPeaKb
110 110 > FCinVMYKAVbVqBkyrZ/Tyr8aSfMz4xO4+KsCAwEAAQJAeKDr25+Q6jkZHEbkLRP6
111 111 > AfMtR+Ixhk6TJT24sbZKIC2V8KuJTDEvUhLU0CAr1nH79bDqiSsecOiVCr2HHyfT
112 112 > AQIhAM2C5rHbTs9R3PkywFEqq1gU3ztCnpiWglO7/cIkuGBhAiEAwVpMSAf77kop
113 113 > 4h/1kWsgMALQTJNsXd4CEUK4BOxvJIsCIQCbarVAKBQvoT81jfX27AfscsxnKnh5
114 114 > +MjSvkanvdFZwQIgbbcTefwt1LV4trtz2SR0i0nNcOZmo40Kl0jIquKO3qkCIH01
115 115 > mJHzZr3+jQqeIFtr5P+Xqi30DJxgrnEobbJ0KFjY
116 116 > -----END RSA PRIVATE KEY-----
117 117 > EOT
118 118
119 119 $ cat << EOT > client-cert.pem
120 120 > -----BEGIN CERTIFICATE-----
121 121 > MIIBPjCB6QIBATANBgkqhkiG9w0BAQsFADAxMRIwEAYDVQQDDAlsb2NhbGhvc3Qx
122 122 > GzAZBgkqhkiG9w0BCQEWDGhnQGxvY2FsaG9zdDAeFw0xNTA1MDcwNjI5NDVaFw0z
123 123 > OTEyMjcwNjI5NDVaMCQxIjAgBgkqhkiG9w0BCQEWE2hnLWNsaWVudEBsb2NhbGhv
124 124 > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAmzgtLeCUBhT3ZuDmQ+BE81bzh7AH
125 125 > R9Yl8ApxwKnUAIcB1k95opsUKKdUxgoBVtWoGTKtn9PKvxpJ8zPjE7j4qwIDAQAB
126 126 > MA0GCSqGSIb3DQEBCwUAA0EAfBTqBG5pYhuGk+ZnyUufgS+d7Nk/sZAZjNdCAEj/
127 127 > NFPo5fR1jM6jlEWoWbeg298+SkjV7tfO+2nt0otUFkdM6A==
128 128 > -----END CERTIFICATE-----
129 129 > EOT
130 130
131 131 $ hg init test
132 132 $ cd test
133 133 $ echo foo>foo
134 134 $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg
135 135 $ echo foo>foo.d/foo
136 136 $ echo bar>foo.d/bAr.hg.d/BaR
137 137 $ echo bar>foo.d/baR.d.hg/bAR
138 138 $ hg commit -A -m 1
139 139 adding foo
140 140 adding foo.d/bAr.hg.d/BaR
141 141 adding foo.d/baR.d.hg/bAR
142 142 adding foo.d/foo
143 143 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV
144 144 $ cat ../hg0.pid >> $DAEMON_PIDS
145 145
146 146 cacert not found
147 147
148 148 $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/
149 149 abort: could not find web.cacerts: no-such.pem
150 150 [255]
151 151
152 152 Test server address cannot be reused
153 153
154 154 #if windows
155 155 $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
156 156 abort: cannot start server at ':$HGPORT':
157 157 [255]
158 158 #else
159 159 $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
160 160 abort: cannot start server at ':$HGPORT': Address already in use
161 161 [255]
162 162 #endif
163 163 $ cd ..
164 164
165 165 OS X has a dummy CA cert that enables use of the system CA store when using
166 166 Apple's OpenSSL. This trick do not work with plain OpenSSL.
167 167
168 168 $ DISABLEOSXDUMMYCERT=
169 169 #if defaultcacerts
170 170 $ hg clone https://localhost:$HGPORT/ copy-pull
171 171 abort: error: *certificate verify failed* (glob)
172 172 [255]
173 173
174 174 $ DISABLEOSXDUMMYCERT="--insecure"
175 175 #endif
176 176
177 177 clone via pull
178 178
179 179 $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLEOSXDUMMYCERT
180 180 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
181 181 requesting all changes
182 182 adding changesets
183 183 adding manifests
184 184 adding file changes
185 185 added 1 changesets with 4 changes to 4 files
186 186 updating to branch default
187 187 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
188 188 $ hg verify -R copy-pull
189 189 checking changesets
190 190 checking manifests
191 191 crosschecking files in changesets and manifests
192 192 checking files
193 193 4 files, 1 changesets, 4 total revisions
194 194 $ cd test
195 195 $ echo bar > bar
196 196 $ hg commit -A -d '1 0' -m 2
197 197 adding bar
198 198 $ cd ..
199 199
200 200 pull without cacert
201 201
202 202 $ cd copy-pull
203 203 $ echo '[hooks]' >> .hg/hgrc
204 204 $ echo "changegroup = printenv.py changegroup" >> .hg/hgrc
205 205 $ hg pull $DISABLEOSXDUMMYCERT
206 206 pulling from https://localhost:$HGPORT/
207 207 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
208 208 searching for changes
209 209 adding changesets
210 210 adding manifests
211 211 adding file changes
212 212 added 1 changesets with 1 changes to 1 files
213 213 changegroup hook: HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_TXNID=TXN:* HG_URL=https://localhost:$HGPORT/ (glob)
214 214 (run 'hg update' to get a working copy)
215 215 $ cd ..
216 216
217 217 cacert configured in local repo
218 218
219 219 $ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu
220 220 $ echo "[web]" >> copy-pull/.hg/hgrc
221 221 $ echo "cacerts=`pwd`/pub.pem" >> copy-pull/.hg/hgrc
222 222 $ hg -R copy-pull pull --traceback
223 223 pulling from https://localhost:$HGPORT/
224 224 searching for changes
225 225 no changes found
226 226 $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc
227 227
228 228 cacert configured globally, also testing expansion of environment
229 229 variables in the filename
230 230
231 231 $ echo "[web]" >> $HGRCPATH
232 232 $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH
233 233 $ P=`pwd` hg -R copy-pull pull
234 234 pulling from https://localhost:$HGPORT/
235 235 searching for changes
236 236 no changes found
237 237 $ P=`pwd` hg -R copy-pull pull --insecure
238 238 pulling from https://localhost:$HGPORT/
239 239 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
240 240 searching for changes
241 241 no changes found
242 242
243 243 cacert mismatch
244 244
245 245 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/
246 246 pulling from https://127.0.0.1:$HGPORT/
247 247 abort: 127.0.0.1 certificate error: certificate is for localhost
248 248 (configure hostfingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca or use --insecure to connect insecurely)
249 249 [255]
250 250 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure
251 251 pulling from https://127.0.0.1:$HGPORT/
252 252 warning: 127.0.0.1 certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
253 253 searching for changes
254 254 no changes found
255 255 $ hg -R copy-pull pull --config web.cacerts=pub-other.pem
256 256 pulling from https://localhost:$HGPORT/
257 257 abort: error: *certificate verify failed* (glob)
258 258 [255]
259 259 $ hg -R copy-pull pull --config web.cacerts=pub-other.pem --insecure
260 260 pulling from https://localhost:$HGPORT/
261 261 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
262 262 searching for changes
263 263 no changes found
264 264
265 265 Test server cert which isn't valid yet
266 266
267 267 $ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem
268 268 $ cat hg1.pid >> $DAEMON_PIDS
269 269 $ hg -R copy-pull pull --config web.cacerts=pub-not-yet.pem https://localhost:$HGPORT1/
270 270 pulling from https://localhost:$HGPORT1/
271 271 abort: error: *certificate verify failed* (glob)
272 272 [255]
273 273
274 274 Test server cert which no longer is valid
275 275
276 276 $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
277 277 $ cat hg2.pid >> $DAEMON_PIDS
278 278 $ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/
279 279 pulling from https://localhost:$HGPORT2/
280 280 abort: error: *certificate verify failed* (glob)
281 281 [255]
282 282
283 283 Fingerprints
284 284
285 - works without cacerts
285 - works without cacerts (hostkeyfingerprints)
286 286 $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca
287 287 5fed3813f7f5
288 288
289 - works without cacerts (hostsecurity)
290 $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:914f1aff87249c09b6859b88b1906d30756491ca
291 5fed3813f7f5
292
293 $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30
294 5fed3813f7f5
295
289 296 - multiple fingerprints specified and first matches
290 297 $ hg --config 'hostfingerprints.localhost=914f1aff87249c09b6859b88b1906d30756491ca, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
291 298 5fed3813f7f5
292 299
300 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:914f1aff87249c09b6859b88b1906d30756491ca, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
301 5fed3813f7f5
302
293 303 - multiple fingerprints specified and last matches
294 304 $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, 914f1aff87249c09b6859b88b1906d30756491ca' -R copy-pull id https://localhost:$HGPORT/ --insecure
295 305 5fed3813f7f5
296 306
307 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:914f1aff87249c09b6859b88b1906d30756491ca' -R copy-pull id https://localhost:$HGPORT/
308 5fed3813f7f5
309
297 310 - multiple fingerprints specified and none match
298 311
299 312 $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
300 313 abort: certificate for localhost has unexpected fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca
301 314 (check hostfingerprint configuration)
302 315 [255]
303 316
317 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
318 abort: certificate for localhost has unexpected fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca
319 (check hostfingerprint configuration)
320 [255]
321
304 322 - fails when cert doesn't match hostname (port is ignored)
305 323 $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=914f1aff87249c09b6859b88b1906d30756491ca
306 324 abort: certificate for localhost has unexpected fingerprint 28:ff:71:bf:65:31:14:23:ad:62:92:b4:0e:31:99:18:fc:83:e3:9b
307 325 (check hostfingerprint configuration)
308 326 [255]
309 327
310 328
311 329 - ignores that certificate doesn't match hostname
312 330 $ hg -R copy-pull id https://127.0.0.1:$HGPORT/ --config hostfingerprints.127.0.0.1=914f1aff87249c09b6859b88b1906d30756491ca
313 331 5fed3813f7f5
314 332
315 333 HGPORT1 is reused below for tinyproxy tests. Kill that server.
316 334 $ killdaemons.py hg1.pid
317 335
318 336 Prepare for connecting through proxy
319 337
320 338 $ tinyproxy.py $HGPORT1 localhost >proxy.log </dev/null 2>&1 &
321 339 $ while [ ! -f proxy.pid ]; do sleep 0; done
322 340 $ cat proxy.pid >> $DAEMON_PIDS
323 341
324 342 $ echo "[http_proxy]" >> copy-pull/.hg/hgrc
325 343 $ echo "always=True" >> copy-pull/.hg/hgrc
326 344 $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc
327 345 $ echo "localhost =" >> copy-pull/.hg/hgrc
328 346
329 347 Test unvalidated https through proxy
330 348
331 349 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure --traceback
332 350 pulling from https://localhost:$HGPORT/
333 351 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
334 352 searching for changes
335 353 no changes found
336 354
337 355 Test https with cacert and fingerprint through proxy
338 356
339 357 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub.pem
340 358 pulling from https://localhost:$HGPORT/
341 359 searching for changes
342 360 no changes found
343 361 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://127.0.0.1:$HGPORT/ --config hostfingerprints.127.0.0.1=914f1aff87249c09b6859b88b1906d30756491ca
344 362 pulling from https://127.0.0.1:$HGPORT/
345 363 searching for changes
346 364 no changes found
347 365
348 366 Test https with cert problems through proxy
349 367
350 368 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-other.pem
351 369 pulling from https://localhost:$HGPORT/
352 370 abort: error: *certificate verify failed* (glob)
353 371 [255]
354 372 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/
355 373 pulling from https://localhost:$HGPORT2/
356 374 abort: error: *certificate verify failed* (glob)
357 375 [255]
358 376
359 377
360 378 $ killdaemons.py hg0.pid
361 379
362 380 #if sslcontext
363 381
364 382 Start patched hgweb that requires client certificates:
365 383
366 384 $ cat << EOT > reqclientcert.py
367 385 > import ssl
368 386 > from mercurial.hgweb import server
369 387 > class _httprequesthandlersslclientcert(server._httprequesthandlerssl):
370 388 > @staticmethod
371 389 > def preparehttpserver(httpserver, ssl_cert):
372 390 > sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
373 391 > sslcontext.verify_mode = ssl.CERT_REQUIRED
374 392 > sslcontext.load_cert_chain(ssl_cert)
375 393 > # verify clients by server certificate
376 394 > sslcontext.load_verify_locations(ssl_cert)
377 395 > httpserver.socket = sslcontext.wrap_socket(httpserver.socket,
378 396 > server_side=True)
379 397 > server._httprequesthandlerssl = _httprequesthandlersslclientcert
380 398 > EOT
381 399 $ cd test
382 400 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
383 401 > --config extensions.reqclientcert=../reqclientcert.py
384 402 $ cat ../hg0.pid >> $DAEMON_PIDS
385 403 $ cd ..
386 404
387 405 without client certificate:
388 406
389 407 $ P=`pwd` hg id https://localhost:$HGPORT/
390 408 abort: error: *handshake failure* (glob)
391 409 [255]
392 410
393 411 with client certificate:
394 412
395 413 $ cat << EOT >> $HGRCPATH
396 414 > [auth]
397 415 > l.prefix = localhost
398 416 > l.cert = client-cert.pem
399 417 > l.key = client-key.pem
400 418 > EOT
401 419
402 420 $ P=`pwd` hg id https://localhost:$HGPORT/ \
403 421 > --config auth.l.key=client-key-decrypted.pem
404 422 5fed3813f7f5
405 423
406 424 $ printf '1234\n' | env P=`pwd` hg id https://localhost:$HGPORT/ \
407 425 > --config ui.interactive=True --config ui.nontty=True
408 426 passphrase for client-key.pem: 5fed3813f7f5
409 427
410 428 $ env P=`pwd` hg id https://localhost:$HGPORT/
411 429 abort: error: * (glob)
412 430 [255]
413 431
414 432 #endif
General Comments 0
You need to be logged in to leave comments. Login now