##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

sslutil: bump the default minimum TLS version of the client to 1.2 (BC)...
sslutil: bump the default minimum TLS version of the client to 1.2 (BC) TLS v1.0 and v1.1 are deprecated by RFC8996[1]: These versions lack support for current and recommended cryptographic algorithms and mechanisms, and various government and industry profiles of applications using TLS now mandate avoiding these old TLS versions. TLS version 1.2 became the recommended version for IETF protocols in 2008 (subsequently being obsoleted by TLS version 1.3 in 2018)... Various browsers have disabled or removed it[2][3][4], as have various internet services, and Windows 11 has it disabled by default[5]. We should move on too. (We should also bump it on the server side, as this config only affects clients not allowing a server to negotiate down. But the only server-side config is a `devel` option to pick exactly one protocol version and is commented as a footgun, so I'm hesitant to touch that. See 7dec5e441bf7 for details, which states that using `hg serve` directly isn't expected for a web service.) I'm not knowledgeable enough in this area to know if we should follow up with disabling certain ciphers too. But this should provide better security on its own. [1] https://datatracker.ietf.org/doc/rfc8996/ [2] https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#sslversionmin [3] https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/ [4] https://security.googleblog.com/2018/10/modernizing-transport-security.html [5] https://techcommunity.microsoft.com/blog/windows-itpro-blog/tls-1-0-and-tls-1-1-soon-to-be-disabled-in-windows/3887947
Matt Harbison -
r53185:085cc409 default
Show More
Name Size Modified Last Commit Author
/ rust / rhg
src
Cargo.toml Loading ...
README.md Loading ...

rhg

The rhg executable implements a subset of the functionnality of hg
using only Rust, to avoid the startup cost of a Python interpreter.
This subset is initially small but grows over time as rhg is improved.
When fallback to the Python implementation is configured (see below),
rhg aims to be a drop-in replacement for hg that should behave the same,
except that some commands run faster.

Building

To compile rhg, either run cargo build --release from this rust/rhg/
directory, or run make build-rhg from the repository root.
The executable can then be found at rust/target/release/rhg.

Mercurial configuration

rhg reads Mercurial configuration from the usual sources:
the user’s ~/.hgrc, a repository’s .hg/hgrc, command line --config, etc.
It has some specific configuration in the [rhg] section.

See hg help config.rhg for details.

Installation and configuration example

For example, to install rhg as hg for the current user with fallback to
the system-wide install of Mercurial, and allow it to run even though the
rebase and absorb extensions are enabled, on a Unix-like platform:

  • Build rhg (see above)
  • Make sure the ~/.local/bin exists and is in $PATH
  • From the repository root, make a symbolic link with
    ln -s rust/target/release/rhg ~/.local/bin/hg
  • Configure ~/.hgrc with:
[rhg]
on-unsupported = fallback
fallback-executable = /usr/bin/hg
allowed-extensions = rebase, absorb

  • Check that the output of running
    hg notarealsubcommand
    starts with hg: unknown command, which indicates fallback.

  • Check that the output of running
    hg notarealsubcommand --config rhg.on-unsupported=abort
    starts with unsupported feature:.