upstream/mercurial-mirror Files · tests/sslcerts/README

lookup: add option to disambiguate prefix within revset...

lookup: add option to disambiguate prefix within revset When resolving a nodeid prefix that is not unique within the repo and the user has configured a revset that they want to disambiguate within, we now try to look up within that revset before we fail. If there is a unique match within the revset, we use that. This is of course most effective at allowing a short prefix if the revset contains few nodes. For most of our internal users at Google, "not public()" is sufficiently small that a hex digit or two is enough. The implementation is currently pretty slow, but good enough for small revsets (which is the expected use case). The scan in the revset is linear. We may want to use a prefix tree if we want to allow users to use a larger revset. Credit for the idea goes to Kyle Lippincott. Differential Revision: https://phab.mercurial-scm.org/D4037

Gregory Szorc - - Load All Authors

File last commit:

r29579:43f3c0df default


                r38878:503f9364

default

Download file

             README
        
                    45 lines
            
             | 1.8 KiB
            
                | text/plain
            
             |
                TextLexer

/ tests / sslcerts / README

History | Annotation | Raw |Copy content |Copy permalink

				Generate a private key (priv.pem):

				$ openssl genrsa -out priv.pem 2048

				Generate 2 self-signed certificates from this key (pub.pem, pub-other.pem):

				$ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
				-out pub.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
				$ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
				-out pub-other.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'

				Now generate an expired certificate by turning back the system time:

				$ faketime 2016-01-01T00:00:00Z \
				openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
				-out pub-expired.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'

				Generate a certificate not yet active by advancing the system time:

				$ faketime 2030-01-1T00:00:00Z \
				openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
				-out pub-not-yet.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'

				Generate a passphrase protected client certificate private key:

				$ openssl genrsa -aes256 -passout pass:1234 -out client-key.pem 2048

				Create a copy of the private key without a passphrase:

				$ openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem

				Create a CSR and sign the key using the server keypair:

				$ printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' \| \
				openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem
				$ openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \
				-set_serial 01 -out client-cert.pem

				When replacing the certificates, references to certificate fingerprints will
				need to be updated in test files.

				Fingerprints for certs can be obtained by running:

				$ openssl x509 -in pub.pem -noout -sha1 -fingerprint
				$ openssl x509 -in pub.pem -noout -sha256 -fingerprint

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages