##// END OF EJS Templates
win32: add a method to trigger the Crypto API to complete a certificate chain...
win32: add a method to trigger the Crypto API to complete a certificate chain I started a thread[1] on the mailing list awhile ago, but the short version is that Windows doesn't ship with a full list of certificates[2]. Even if the server sends the whole chain, if Windows doesn't have the appropriate certificate pre-installed in its "Third-Party Root Certification Authorities" store, connections mysteriously fail with: abort: error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661) Windows expects the application to call the methods invoked here as part of the certificate verification, triggering a call out to Windows update if necessary, to complete the trust chain. The python bug to add this support[3] hasn't had any recent activity, and isn't targeting py27 anyway. The only work around that I could find (besides figuring out the certificate and walking through the import wizard) is to browse to the site in Internet Explorer. Opening the page with FireFox or Chrome didn't work. That's a pretty obscure way to fix a pretty obscure problem. We go to great lengths to demystify various SSL errors, but this case is clearly lacking. Let's try to make things easier to diagnose and fix. When I had trouble figuring out how to get ctypes to work with all of the API pointers, I found that there are other python projects[4] using this API to achieve the same thing. [1] https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-April/096501.html [2] https://support.microsoft.com/en-us/help/931125/how-to-get-a-root-certificate-update-for-windows [3] https://bugs.python.org/issue20916 [4] https://github.com/nvaccess/nvda/blob/3b86bce2066b1934df14b96f2e83369900860ecf/source/updateCheck.py#L511

File last commit:

r33374:4dc04cdf default
r33492:14af0439 default
Show More
sparse.py
362 lines | 13.9 KiB | text/x-python | PythonLexer
# sparse.py - allow sparse checkouts of the working directory
#
# Copyright 2014 Facebook, Inc.
#
# This software may be used and distributed according to the terms of the
# GNU General Public License version 2 or any later version.
"""allow sparse checkouts of the working directory (EXPERIMENTAL)
(This extension is not yet protected by backwards compatibility
guarantees. Any aspect may break in future releases until this
notice is removed.)
This extension allows the working directory to only consist of a
subset of files for the revision. This allows specific files or
directories to be explicitly included or excluded. Many repository
operations have performance proportional to the number of files in
the working directory. So only realizing a subset of files in the
working directory can improve performance.
Sparse Config Files
-------------------
The set of files that are part of a sparse checkout are defined by
a sparse config file. The file defines 3 things: includes (files to
include in the sparse checkout), excludes (files to exclude from the
sparse checkout), and profiles (links to other config files).
The file format is newline delimited. Empty lines and lines beginning
with ``#`` are ignored.
Lines beginning with ``%include `` denote another sparse config file
to include. e.g. ``%include tests.sparse``. The filename is relative
to the repository root.
The special lines ``[include]`` and ``[exclude]`` denote the section
for includes and excludes that follow, respectively. It is illegal to
have ``[include]`` after ``[exclude]``. If no sections are defined,
entries are assumed to be in the ``[include]`` section.
Non-special lines resemble file patterns to be added to either includes
or excludes. The syntax of these lines is documented by :hg:`help patterns`.
Patterns are interpreted as ``glob:`` by default and match against the
root of the repository.
Exclusion patterns take precedence over inclusion patterns. So even
if a file is explicitly included, an ``[exclude]`` entry can remove it.
For example, say you have a repository with 3 directories, ``frontend/``,
``backend/``, and ``tools/``. ``frontend/`` and ``backend/`` correspond
to different projects and it is uncommon for someone working on one
to need the files for the other. But ``tools/`` contains files shared
between both projects. Your sparse config files may resemble::
# frontend.sparse
frontend/**
tools/**
# backend.sparse
backend/**
tools/**
Say the backend grows in size. Or there's a directory with thousands
of files you wish to exclude. You can modify the profile to exclude
certain files::
[include]
backend/**
tools/**
[exclude]
tools/tests/**
"""
from __future__ import absolute_import
from mercurial.i18n import _
from mercurial import (
cmdutil,
commands,
dirstate,
error,
extensions,
hg,
match as matchmod,
registrar,
sparse,
util,
)
# Note for extension authors: ONLY specify testedwith = 'ships-with-hg-core' for
# extensions which SHIP WITH MERCURIAL. Non-mainline extensions should
# be specifying the version(s) of Mercurial they are tested with, or
# leave the attribute unspecified.
testedwith = 'ships-with-hg-core'
cmdtable = {}
command = registrar.command(cmdtable)
def extsetup(ui):
sparse.enabled = True
_setupclone(ui)
_setuplog(ui)
_setupadd(ui)
_setupdirstate(ui)
def replacefilecache(cls, propname, replacement):
"""Replace a filecache property with a new class. This allows changing the
cache invalidation condition."""
origcls = cls
assert callable(replacement)
while cls is not object:
if propname in cls.__dict__:
orig = cls.__dict__[propname]
setattr(cls, propname, replacement(orig))
break
cls = cls.__bases__[0]
if cls is object:
raise AttributeError(_("type '%s' has no property '%s'") % (origcls,
propname))
def _setuplog(ui):
entry = commands.table['^log|history']
entry[1].append(('', 'sparse', None,
"limit to changesets affecting the sparse checkout"))
def _logrevs(orig, repo, opts):
revs = orig(repo, opts)
if opts.get('sparse'):
sparsematch = sparse.matcher(repo)
def ctxmatch(rev):
ctx = repo[rev]
return any(f for f in ctx.files() if sparsematch(f))
revs = revs.filter(ctxmatch)
return revs
extensions.wrapfunction(cmdutil, '_logrevs', _logrevs)
def _clonesparsecmd(orig, ui, repo, *args, **opts):
include_pat = opts.get('include')
exclude_pat = opts.get('exclude')
enableprofile_pat = opts.get('enable_profile')
include = exclude = enableprofile = False
if include_pat:
pat = include_pat
include = True
if exclude_pat:
pat = exclude_pat
exclude = True
if enableprofile_pat:
pat = enableprofile_pat
enableprofile = True
if sum([include, exclude, enableprofile]) > 1:
raise error.Abort(_("too many flags specified."))
if include or exclude or enableprofile:
def clonesparse(orig, self, node, overwrite, *args, **kwargs):
sparse.updateconfig(self.unfiltered(), pat, {}, include=include,
exclude=exclude, enableprofile=enableprofile)
return orig(self, node, overwrite, *args, **kwargs)
extensions.wrapfunction(hg, 'updaterepo', clonesparse)
return orig(ui, repo, *args, **opts)
def _setupclone(ui):
entry = commands.table['^clone']
entry[1].append(('', 'enable-profile', [],
'enable a sparse profile'))
entry[1].append(('', 'include', [],
'include sparse pattern'))
entry[1].append(('', 'exclude', [],
'exclude sparse pattern'))
extensions.wrapcommand(commands.table, 'clone', _clonesparsecmd)
def _setupadd(ui):
entry = commands.table['^add']
entry[1].append(('s', 'sparse', None,
'also include directories of added files in sparse config'))
def _add(orig, ui, repo, *pats, **opts):
if opts.get('sparse'):
dirs = set()
for pat in pats:
dirname, basename = util.split(pat)
dirs.add(dirname)
sparse.updateconfig(repo, list(dirs), opts, include=True)
return orig(ui, repo, *pats, **opts)
extensions.wrapcommand(commands.table, 'add', _add)
def _setupdirstate(ui):
"""Modify the dirstate to prevent stat'ing excluded files,
and to prevent modifications to files outside the checkout.
"""
# The atrocity below is needed to wrap dirstate._ignore. It is a cached
# property, which means normal function wrapping doesn't work.
class ignorewrapper(object):
def __init__(self, orig):
self.orig = orig
self.origignore = None
self.func = None
self.sparsematch = None
def __get__(self, obj, type=None):
origignore = self.orig.__get__(obj)
sparsematch = obj._sparsematcher
if sparsematch.always():
return origignore
if self.sparsematch != sparsematch or self.origignore != origignore:
self.func = matchmod.unionmatcher([
origignore, matchmod.negatematcher(sparsematch)])
self.sparsematch = sparsematch
self.origignore = origignore
return self.func
def __set__(self, obj, value):
return self.orig.__set__(obj, value)
def __delete__(self, obj):
return self.orig.__delete__(obj)
replacefilecache(dirstate.dirstate, '_ignore', ignorewrapper)
# dirstate.rebuild should not add non-matching files
def _rebuild(orig, self, parent, allfiles, changedfiles=None):
matcher = self._sparsematcher
if not matcher.always():
allfiles = allfiles.matches(matcher)
if changedfiles:
changedfiles = [f for f in changedfiles if matcher(f)]
if changedfiles is not None:
# In _rebuild, these files will be deleted from the dirstate
# when they are not found to be in allfiles
dirstatefilestoremove = set(f for f in self if not matcher(f))
changedfiles = dirstatefilestoremove.union(changedfiles)
return orig(self, parent, allfiles, changedfiles)
extensions.wrapfunction(dirstate.dirstate, 'rebuild', _rebuild)
# Prevent adding files that are outside the sparse checkout
editfuncs = ['normal', 'add', 'normallookup', 'copy', 'remove', 'merge']
hint = _('include file with `hg debugsparse --include <pattern>` or use ' +
'`hg add -s <file>` to include file directory while adding')
for func in editfuncs:
def _wrapper(orig, self, *args):
sparsematch = self._sparsematcher
if not sparsematch.always():
for f in args:
if (f is not None and not sparsematch(f) and
f not in self):
raise error.Abort(_("cannot add '%s' - it is outside "
"the sparse checkout") % f,
hint=hint)
return orig(self, *args)
extensions.wrapfunction(dirstate.dirstate, func, _wrapper)
@command('^debugsparse', [
('I', 'include', False, _('include files in the sparse checkout')),
('X', 'exclude', False, _('exclude files in the sparse checkout')),
('d', 'delete', False, _('delete an include/exclude rule')),
('f', 'force', False, _('allow changing rules even with pending changes')),
('', 'enable-profile', False, _('enables the specified profile')),
('', 'disable-profile', False, _('disables the specified profile')),
('', 'import-rules', False, _('imports rules from a file')),
('', 'clear-rules', False, _('clears local include/exclude rules')),
('', 'refresh', False, _('updates the working after sparseness changes')),
('', 'reset', False, _('makes the repo full again')),
] + commands.templateopts,
_('[--OPTION] PATTERN...'))
def debugsparse(ui, repo, *pats, **opts):
"""make the current checkout sparse, or edit the existing checkout
The sparse command is used to make the current checkout sparse.
This means files that don't meet the sparse condition will not be
written to disk, or show up in any working copy operations. It does
not affect files in history in any way.
Passing no arguments prints the currently applied sparse rules.
--include and --exclude are used to add and remove files from the sparse
checkout. The effects of adding an include or exclude rule are applied
immediately. If applying the new rule would cause a file with pending
changes to be added or removed, the command will fail. Pass --force to
force a rule change even with pending changes (the changes on disk will
be preserved).
--delete removes an existing include/exclude rule. The effects are
immediate.
--refresh refreshes the files on disk based on the sparse rules. This is
only necessary if .hg/sparse was changed by hand.
--enable-profile and --disable-profile accept a path to a .hgsparse file.
This allows defining sparse checkouts and tracking them inside the
repository. This is useful for defining commonly used sparse checkouts for
many people to use. As the profile definition changes over time, the sparse
checkout will automatically be updated appropriately, depending on which
changeset is checked out. Changes to .hgsparse are not applied until they
have been committed.
--import-rules accepts a path to a file containing rules in the .hgsparse
format, allowing you to add --include, --exclude and --enable-profile rules
in bulk. Like the --include, --exclude and --enable-profile switches, the
changes are applied immediately.
--clear-rules removes all local include and exclude rules, while leaving
any enabled profiles in place.
Returns 0 if editing the sparse checkout succeeds.
"""
include = opts.get('include')
exclude = opts.get('exclude')
force = opts.get('force')
enableprofile = opts.get('enable_profile')
disableprofile = opts.get('disable_profile')
importrules = opts.get('import_rules')
clearrules = opts.get('clear_rules')
delete = opts.get('delete')
refresh = opts.get('refresh')
reset = opts.get('reset')
count = sum([include, exclude, enableprofile, disableprofile, delete,
importrules, refresh, clearrules, reset])
if count > 1:
raise error.Abort(_("too many flags specified"))
if count == 0:
if repo.vfs.exists('sparse'):
ui.status(repo.vfs.read("sparse") + "\n")
temporaryincludes = sparse.readtemporaryincludes(repo)
if temporaryincludes:
ui.status(_("Temporarily Included Files (for merge/rebase):\n"))
ui.status(("\n".join(temporaryincludes) + "\n"))
else:
ui.status(_('repo is not sparse\n'))
return
if include or exclude or delete or reset or enableprofile or disableprofile:
sparse.updateconfig(repo, pats, opts, include=include, exclude=exclude,
reset=reset, delete=delete,
enableprofile=enableprofile,
disableprofile=disableprofile, force=force)
if importrules:
sparse.importfromfiles(repo, opts, pats, force=force)
if clearrules:
sparse.clearrules(repo, force=force)
if refresh:
try:
wlock = repo.wlock()
fcounts = map(
len,
sparse.refreshwdir(repo, repo.status(), sparse.matcher(repo),
force=force))
sparse.printchanges(ui, opts, added=fcounts[0], dropped=fcounts[1],
conflicting=fcounts[2])
finally:
wlock.release()