##// END OF EJS Templates
wireprotov2: define and implement "manifestdata" command...
wireprotov2: define and implement "manifestdata" command The added command can be used for obtaining manifest data. Given a manifest path and set of manifest nodes, data about manifests can be retrieved. Unlike changeset data, we wish to emit deltas to describe manifest revisions. So the command uses the relatively new API for building delta requests and emitting them. The code calls into deltaparent(), which I'm not very keen of. There's still work to be done in delta generation land so implementation details of storage (e.g. exactly one delta is stored/available) don't creep into higher levels. But we can worry about this later (there is already a TODO on imanifestorage tracking this). On the subject of parent deltas, the server assumes parent revisions exist on the receiving end. This is obviously wrong for shallow clone. I've added TODOs to add a mechanism to the command to allow clients to specify desired behavior. This shouldn't be too difficult to implement. Another big change is that the client must explicitly request manifest nodes to retrieve. This is a major departure from "getbundle," where the server derives relevant manifests as it iterates changesets and sends them automatically. As implemented, the client must transmit each requested node to the server. At 20 bytes per node, we're looking at 2 MB per 100,000 nodes. Plus wire encoding overhead. This isn't ideal for clients with limited upload bandwidth. I plan to address this in the future by allowing alternate mechanisms for defining the revisions to retrieve. One idea is to define a range of changeset revisions whose manifest revisions to retrieve (similar to how "changesetdata" works). We almost certainly want an API to look up an individual manifest by node. And that's where I've chosen to start with the implementation. Again, a theme of this early exchangev2 work is I want to start by building primitives for accessing raw repository data first and see how far we can get with those before we need more complexity. Differential Revision: https://phab.mercurial-scm.org/D4488

File last commit:

r33494:30f2715b default
r39673:c7a7c7e8 default
Show More
test-patchbomb-tls.t
126 lines | 4.4 KiB | text/troff | Tads3Lexer
/ tests / test-patchbomb-tls.t
#require serve ssl
Set up SMTP server:
$ CERTSDIR="$TESTDIR/sslcerts"
$ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem
$ $PYTHON "$TESTDIR/dummysmtpd.py" -p $HGPORT --pid-file a.pid -d \
> --tls smtps --certificate `pwd`/server.pem
listening at localhost:$HGPORT (?)
$ cat a.pid >> $DAEMON_PIDS
Set up repository:
$ hg init t
$ cd t
$ cat <<EOF >> .hg/hgrc
> [extensions]
> patchbomb =
> [email]
> method = smtp
> [smtp]
> host = localhost
> port = $HGPORT
> tls = smtps
> EOF
$ echo a > a
$ hg commit -Ama -d '1 0'
adding a
Utility functions:
$ DISABLECACERTS=
$ try () {
> hg email $DISABLECACERTS -f quux -t foo -c bar -r tip "$@"
> }
Our test cert is not signed by a trusted CA. It should fail to verify if
we are able to load CA certs:
#if sslcontext defaultcacerts no-defaultcacertsloaded
$ try
this patch series consists of 1 patches.
(an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
(?i)abort: .*?certificate.verify.failed.* (re)
[255]
#endif
#if no-sslcontext defaultcacerts
$ try
this patch series consists of 1 patches.
warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
(using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
(?i)abort: .*?certificate.verify.failed.* (re)
[255]
#endif
#if defaultcacertsloaded
$ try
this patch series consists of 1 patches.
warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
(using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
(the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
(?i)abort: .*?certificate.verify.failed.* (re)
[255]
#endif
#if no-defaultcacerts
$ try
this patch series consists of 1 patches.
(unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
abort: localhost certificate error: no certificate received
(set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 config setting or use --insecure to connect insecurely)
[255]
#endif
$ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
Without certificates:
$ try --debug
this patch series consists of 1 patches.
(using smtps)
sending mail: smtp host localhost, port * (glob)
warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
(verifying remote certificate)
abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
(see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
[255]
With global certificates:
$ try --debug --config web.cacerts="$CERTSDIR/pub.pem"
this patch series consists of 1 patches.
(using smtps)
sending mail: smtp host localhost, port * (glob)
warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
(verifying remote certificate)
sending [PATCH] a ...
With invalid certificates:
$ try --config web.cacerts="$CERTSDIR/pub-other.pem"
this patch series consists of 1 patches.
warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
(the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
(?i)abort: .*?certificate.verify.failed.* (re)
[255]
$ cd ..