##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r23172:e955549c default
r32050:77eaf953 4.1.3 stable
Show More
test-mq-merge.t
177 lines | 3.5 KiB | text/troff | Tads3Lexer
Setup extension:
$ cat <<EOF >> $HGRCPATH
> [extensions]
> mq =
> [mq]
> git = keep
> EOF
Test merge with mq changeset as the second parent:
$ hg init m
$ cd m
$ touch a b c
$ hg add a
$ hg commit -m a
$ hg add b
$ hg qnew -d "0 0" b
$ hg update 0
0 files updated, 0 files merged, 1 files removed, 0 files unresolved
$ hg add c
$ hg commit -m c
created new head
$ hg merge
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
(branch merge, don't forget to commit)
$ hg commit -m merge
abort: cannot commit over an applied mq patch
[255]
$ cd ..
Issue529: mq aborts when merging patch deleting files
$ checkundo()
> {
> if [ -f .hg/store/undo ]; then
> echo ".hg/store/undo still exists"
> fi
> }
Commit two dummy files in "init" changeset:
$ hg init t
$ cd t
$ echo a > a
$ echo b > b
$ hg ci -Am init
adding a
adding b
$ hg tag -l init
Create a patch removing a:
$ hg qnew rm_a
$ hg rm a
$ hg qrefresh -m "rm a"
Save the patch queue so we can merge it later:
$ hg qsave -c -e
copy $TESTTMP/t/.hg/patches to $TESTTMP/t/.hg/patches.1 (glob)
$ checkundo
Update b and commit in an "update" changeset:
$ hg up -C init
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
$ echo b >> b
$ hg st
M b
$ hg ci -m update
created new head
# Here, qpush used to abort with :
# The system cannot find the file specified => a
$ hg manifest
a
b
$ hg qpush -a -m
merging with queue at: $TESTTMP/t/.hg/patches.1 (glob)
applying rm_a
now at: rm_a
$ checkundo
$ hg manifest
b
Ensure status is correct after merge:
$ hg qpop -a
popping rm_a
popping .hg.patches.merge.marker
patch queue now empty
$ cd ..
Classic MQ merge sequence *with an explicit named queue*:
$ hg init t2
$ cd t2
$ echo '[diff]' > .hg/hgrc
$ echo 'nodates = 1' >> .hg/hgrc
$ echo a > a
$ hg ci -Am init
adding a
$ echo b > a
$ hg ci -m changea
$ hg up -C 0
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
$ hg cp a aa
$ echo c >> a
$ hg qnew --git -f -e patcha
$ echo d >> a
$ hg qnew -d '0 0' -f -e patcha2
Create the reference queue:
$ hg qsave -c -e -n refqueue
copy $TESTTMP/t2/.hg/patches to $TESTTMP/t2/.hg/refqueue (glob)
$ hg up -C 1
1 files updated, 0 files merged, 1 files removed, 0 files unresolved
Merge:
$ HGMERGE=internal:other hg qpush -a -m -n refqueue
merging with queue at: $TESTTMP/t2/.hg/refqueue (glob)
applying patcha
patching file a
Hunk #1 succeeded at 2 with fuzz 1 (offset 0 lines).
fuzz found when applying patch, stopping
patch didn't work out, merging patcha
1 files updated, 0 files merged, 1 files removed, 0 files unresolved
0 files updated, 2 files merged, 0 files removed, 0 files unresolved
(branch merge, don't forget to commit)
applying patcha2
now at: patcha2
Check patcha is still a git patch:
$ cat .hg/patches/patcha
# HG changeset patch
# Parent d3873e73d99ef67873dac33fbcc66268d5d2b6f4
diff --git a/a b/a
--- a/a
+++ b/a
@@ -1,1 +1,2 @@
-b
+a
+c
diff --git a/a b/aa
copy from a
copy to aa
--- a/a
+++ b/aa
@@ -1,1 +1,1 @@
-b
+a
Check patcha2 is still a regular patch:
$ cat .hg/patches/patcha2
# HG changeset patch
# Date 0 0
# Parent ???????????????????????????????????????? (glob)
diff -r ???????????? -r ???????????? a (glob)
--- a/a
+++ b/a
@@ -1,2 +1,3 @@
a
c
+d
$ cd ..