##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r26805:e999ed21 default
r32050:77eaf953 4.1.3 stable
Show More
win32-build.txt
130 lines | 4.7 KiB | text/plain | TextLexer
The standalone Windows installer for Mercurial is built in a somewhat
jury-rigged fashion.
It has the following prerequisites. Ensure to take the packages
matching the mercurial version you want to build (32-bit or 64-bit).
Python 2.6 for Windows
http://www.python.org/download/releases/
A compiler:
either MinGW
http://www.mingw.org/
or Microsoft Visual C++ 2008 SP1 Express Edition
http://www.microsoft.com/express/Downloads/Download-2008.aspx
Python for Windows Extensions
http://sourceforge.net/projects/pywin32/
mfc71.dll (just download, don't install; not needed for Python 2.6)
http://starship.python.net/crew/mhammond/win32/
Visual C++ 2008 redistributable package (needed for >= Python 2.6 or if you compile with MSVC)
for 32-bit:
http://www.microsoft.com/downloads/details.aspx?FamilyID=9b2da534-3e03-4391-8a4d-074b9f2bc1bf
for 64-bit:
http://www.microsoft.com/downloads/details.aspx?familyid=bd2a6171-e2d6-4230-b809-9a8d7548c1b6
The py2exe distutils extension
http://sourceforge.net/projects/py2exe/
GnuWin32 gettext utility (if you want to build translations)
http://gnuwin32.sourceforge.net/packages/gettext.htm
Inno Setup
http://www.jrsoftware.org/isdl.php#qsp
Get and install ispack-5.3.10.exe or later (includes Inno Setup Processor),
which is necessary to package Mercurial.
ISTool - optional
http://www.istool.org/default.aspx/
add_path (you need only add_path.exe in the zip file)
http://www.barisione.org/apps.html#add_path
Docutils
http://docutils.sourceforge.net/
CA Certs file
http://curl.haxx.se/ca/cacert.pem
And, of course, Mercurial itself.
Once you have all this installed and built, clone a copy of the
Mercurial repository you want to package, and name the repo
C:\hg\hg-release.
In a shell, build a standalone copy of the hg.exe program.
Building instructions for MinGW:
python setup.py build -c mingw32
python setup.py py2exe -b 2
Note: the previously suggested combined command of "python setup.py build -c
mingw32 py2exe -b 2" doesn't work correctly anymore as it doesn't include the
extensions in the mercurial subdirectory.
If you want to create a file named setup.cfg with the contents:
[build]
compiler=mingw32
you can skip the first build step.
Building instructions with MSVC 2008 Express Edition:
for 32-bit:
"C:\Program Files\Microsoft Visual Studio 9.0\VC\vcvarsall.bat" x86
python setup.py py2exe -b 2
for 64-bit:
"C:\Program Files\Microsoft Visual Studio 9.0\VC\vcvarsall.bat" x86_amd64
python setup.py py2exe -b 3
Copy add_path.exe and cacert.pem files into the dist directory that just got created.
If you are using Python 2.6 or later, or if you are using MSVC 2008 to compile
mercurial, you must include the C runtime libraries in the installer. To do so,
install the Visual C++ 2008 redistributable package. Then in your windows\winsxs
folder, locate the folder containing the dlls version 9.0.21022.8.
For x86, it should be named like x86_Microsoft.VC90.CRT_(...)_9.0.21022.8(...).
For x64, it should be named like amd64_Microsoft.VC90.CRT_(...)_9.0.21022.8(...).
Copy the files named msvcm90.dll, msvcp90.dll and msvcr90.dll into the dist
directory.
Then in the windows\winsxs\manifests folder, locate the corresponding manifest
file (x86_Microsoft.VC90.CRT_(...)_9.0.21022.8(...).manifest for x86,
amd64_Microsoft.VC90.CRT_(...)_9.0.21022.8(...).manifest for x64), copy it in the
dist directory and rename it to Microsoft.VC90.CRT.manifest.
Before building the installer, you have to build Mercurial HTML documentation
(or fix mercurial.iss to not reference the doc directory):
cd doc
mingw32-make html
cd ..
If you use ISTool, you open the C:\hg\hg-release\contrib\win32\mercurial.iss
file and type Ctrl-F9 to compile the installer file.
Otherwise you run the Inno Setup compiler. Assuming it's in the path
you should execute:
iscc contrib\win32\mercurial.iss /dVERSION=foo
Where 'foo' is the version number you would like to see in the
'Add/Remove Applications' tool. The installer will be placed into
a directory named Output/ at the root of your repository.
If the /dVERSION=foo parameter is not given in the command line, the
installer will retrieve the version information from the __version__.py file.
If you want to build an installer for a 64-bit mercurial, add /dARCH=x64 to
your command line:
iscc contrib\win32\mercurial.iss /dARCH=x64
To automate the steps above you may want to create a batchfile based on the
following (MinGW build chain):
echo [build] > setup.cfg
echo compiler=mingw32 >> setup.cfg
python setup.py py2exe -b 2
cd doc
mingw32-make html
cd ..
iscc contrib\win32\mercurial.iss /dVERSION=snapshot
and run it from the root of the hg repository (c:\hg\hg-release).