##// END OF EJS Templates
sslutil: introduce a function for determining host-specific settings...
sslutil: introduce a function for determining host-specific settings This patch marks the beginning of a series that introduces a new, more configurable, per-host security settings mechanism. Currently, we have global settings (like web.cacerts and the --insecure argument). We also have per-host settings via [hostfingerprints]. Global security settings are good for defaults, but they don't provide the amount of control often wanted. For example, an organization may want to require a particular CA is used for a particular hostname. [hostfingerprints] is nice. But it currently assumes SHA-1. Furthermore, there is no obvious place to put additional per-host settings. Subsequent patches will be introducing new mechanisms for defining security settings, some on a per-host basis. This commits starts the transition to that world by introducing the _hostsettings function. It takes a ui and hostname and returns a dict of security settings. Currently, it limits itself to returning host fingerprint info. We foreshadow the future support of non-SHA1 hashing algorithms for verifying the host fingerprint by making the "certfingerprints" key a list of tuples instead of a list of hashes. We add this dict to the hgstate property on the socket and use it during socket validation for checking fingerprints. There should be no change in behavior.

File last commit:

r28523:045fe704 default
r29258:6315c1e1 default
Show More
requirements.txt
110 lines | 3.4 KiB | text/plain | TextLexer
Requirements
============
Repositories contain a file (``.hg/requires``) containing a list of
features/capabilities that are *required* for clients to interface
with the repository. This file has been present in Mercurial since
version 0.9.2 (released December 2006).
One of the first things clients do when opening a repository is read
``.hg/requires`` and verify that all listed requirements are supported,
aborting if not. Requirements are therefore a strong mechanism to
prevent incompatible clients from reading from unknown repository
formats or even corrupting them by writing to them.
Extensions may add requirements. When they do this, clients not running
an extension will be unable to read from repositories.
The following sections describe the requirements defined by the
Mercurial core distribution.
revlogv1
--------
When present, revlogs are version 1 (RevlogNG). RevlogNG was introduced
in 2006. The ``revlogv1`` requirement has been enabled by default
since the ``requires`` file was introduced in Mercurial 0.9.2.
If this requirement is not present, version 0 revlogs are assumed.
store
-----
The *store* repository layout should be used.
This requirement has been enabled by default since the ``requires`` file
was introduced in Mercurial 0.9.2.
fncache
-------
The *fncache* repository layout should be used.
The *fncache* layout hash encodes filenames with long paths and
encodes reserved filenames.
This requirement is enabled by default when the *store* requirement is
enabled (which is the default behavior). It was introduced in Mercurial
1.1 (released December 2008).
shared
------
Denotes that the store for a repository is shared from another location
(defined by the ``.hg/sharedpath`` file).
This requirement is set when a repository is created via :hg:`share`.
The requirement was added in Mercurial 1.3 (released July 2009).
dotencode
---------
The *dotencode* repository layout should be used.
The *dotencode* layout encodes the first period or space in filenames
to prevent issues on OS X and Windows.
This requirement is enabled by default when the *store* requirement
is enabled (which is the default behavior). It was introduced in
Mercurial 1.7 (released November 2010).
parentdelta
-----------
Denotes a revlog delta encoding format that was experimental and
replaced by *generaldelta*. It should not be seen in the wild because
it was never enabled by default.
This requirement was added in Mercurial 1.7 and removed in Mercurial
1.9.
generaldelta
------------
Revlogs should be created with the *generaldelta* flag enabled. The
generaldelta flag will cause deltas to be encoded against a parent
revision instead of the previous revision in the revlog.
Support for this requirement was added in Mercurial 1.9 (released
July 2011). The requirement was disabled on new repositories by
default until Mercurial 3.7 (released February 2016).
manifestv2
----------
Denotes that version 2 of manifests are being used.
Support for this requirement was added in Mercurial 3.4 (released
May 2015). The requirement is currently experimental and is disabled
by default.
treemanifest
------------
Denotes that tree manifests are being used. Tree manifests are
one manifest per directory (as opposed to a single flat manifest).
Support for this requirement was added in Mercurial 3.4 (released
August 2015). The requirement is currently experimental and is
disabled by default.