upstream/mercurial-mirror Files · tests/sslcerts/README

tests: make output lines conditional for testing with fsmonitor...

tests: make output lines conditional for testing with fsmonitor Repository cloned-bookmark-default and tobundle exist in the working directory of main test repository "repo". We should take care for them, because it is known issue that fsmonitor can't handle nested repositories. These nested repositories are cloned from "repo", and the number of unknown files = files in these repositories (including files under .hg) will be changed easily in the future. But testing with fsmonitor is not ordinary. Therefore, test-bookmarks.t with fsmonitor might be broken silently. This is reason why this patch uses "(glob)" for the number of unknown files in "hg summary" output. BTW, this patch doesn't use .hgignore to make test portable, because .hgignore might cause another issue related to "walk_on_invalidate" configuration of fsmonitor.

Gregory Szorc - - Load All Authors

File last commit:

r29579:43f3c0df default


                r33210:0bec70c1

default

Download file

             README
        
                    45 lines
            
             | 1.8 KiB
            
                | text/plain
            
             |
                TextLexer

/ tests / sslcerts / README

History | Annotation | Raw |Copy content |Copy permalink

				Generate a private key (priv.pem):

				$ openssl genrsa -out priv.pem 2048

				Generate 2 self-signed certificates from this key (pub.pem, pub-other.pem):

				$ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
				-out pub.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
				$ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
				-out pub-other.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'

				Now generate an expired certificate by turning back the system time:

				$ faketime 2016-01-01T00:00:00Z \
				openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
				-out pub-expired.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'

				Generate a certificate not yet active by advancing the system time:

				$ faketime 2030-01-1T00:00:00Z \
				openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
				-out pub-not-yet.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'

				Generate a passphrase protected client certificate private key:

				$ openssl genrsa -aes256 -passout pass:1234 -out client-key.pem 2048

				Create a copy of the private key without a passphrase:

				$ openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem

				Create a CSR and sign the key using the server keypair:

				$ printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' \| \
				openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem
				$ openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \
				-set_serial 01 -out client-cert.pem

				When replacing the certificates, references to certificate fingerprints will
				need to be updated in test files.

				Fingerprints for certs can be obtained by running:

				$ openssl x509 -in pub.pem -noout -sha1 -fingerprint
				$ openssl x509 -in pub.pem -noout -sha256 -fingerprint

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages