##// END OF EJS Templates
sslutil: issue warning when [hostfingerprint] is used...
sslutil: issue warning when [hostfingerprint] is used Mercurial 3.9 added the [hostsecurity] section, which is better than [hostfingerprints] in every way. One of the ways that [hostsecurity] is better is that it supports SHA-256 and SHA-512 fingerprints, not just SHA-1 fingerprints. The world is moving away from SHA-1 because it is borderline secure. Mercurial should be part of that movement. This patch adds a warning when a valid SHA-1 fingerprint from the [hostfingerprints] section is being used. The warning informs users to switch to [hostsecurity]. It even prints the config option they should set. It uses the SHA-256 fingerprint because recommending a SHA-1 fingerprint in 2017 would be ill-advised. The warning will print itself on every connection to a server until it is fixed. There is no way to suppress the warning. I admit this is annoying. But given the security implications of sticking with SHA-1, I think this is justified. If this patch is accepted, I'll likely send a follow-up to start warning on SHA-1 certificates in [hostsecurity] as well. Then sometime down the road, we can drop support for SHA-1 fingerprints. Credit for this idea comes from timeless in issue 5466.

File last commit:

r30982:08e6f4da default
r31290:f819aa9d default
Show More
extdiff.py
392 lines | 14.5 KiB | text/x-python | PythonLexer
# extdiff.py - external diff program support for mercurial
#
# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
#
# This software may be used and distributed according to the terms of the
# GNU General Public License version 2 or any later version.
'''command to allow external programs to compare revisions
The extdiff Mercurial extension allows you to use external programs
to compare revisions, or revision with working directory. The external
diff programs are called with a configurable set of options and two
non-option arguments: paths to directories containing snapshots of
files to compare.
The extdiff extension also allows you to configure new diff commands, so
you do not need to type :hg:`extdiff -p kdiff3` always. ::
[extdiff]
# add new command that runs GNU diff(1) in 'context diff' mode
cdiff = gdiff -Nprc5
## or the old way:
#cmd.cdiff = gdiff
#opts.cdiff = -Nprc5
# add new command called meld, runs meld (no need to name twice). If
# the meld executable is not available, the meld tool in [merge-tools]
# will be used, if available
meld =
# add new command called vimdiff, runs gvimdiff with DirDiff plugin
# (see http://www.vim.org/scripts/script.php?script_id=102) Non
# English user, be sure to put "let g:DirDiffDynamicDiffText = 1" in
# your .vimrc
vimdiff = gvim -f "+next" \\
"+execute 'DirDiff' fnameescape(argv(0)) fnameescape(argv(1))"
Tool arguments can include variables that are expanded at runtime::
$parent1, $plabel1 - filename, descriptive label of first parent
$child, $clabel - filename, descriptive label of child revision
$parent2, $plabel2 - filename, descriptive label of second parent
$root - repository root
$parent is an alias for $parent1.
The extdiff extension will look in your [diff-tools] and [merge-tools]
sections for diff tool arguments, when none are specified in [extdiff].
::
[extdiff]
kdiff3 =
[diff-tools]
kdiff3.diffargs=--L1 '$plabel1' --L2 '$clabel' $parent $child
You can use -I/-X and list of file or directory names like normal
:hg:`diff` command. The extdiff extension makes snapshots of only
needed files, so running the external diff program will actually be
pretty fast (at least faster than having to compare the entire tree).
'''
from __future__ import absolute_import
import os
import re
import shutil
import tempfile
from mercurial.i18n import _
from mercurial.node import (
nullid,
short,
)
from mercurial import (
archival,
cmdutil,
commands,
error,
filemerge,
pycompat,
scmutil,
util,
)
cmdtable = {}
command = cmdutil.command(cmdtable)
# Note for extension authors: ONLY specify testedwith = 'ships-with-hg-core' for
# extensions which SHIP WITH MERCURIAL. Non-mainline extensions should
# be specifying the version(s) of Mercurial they are tested with, or
# leave the attribute unspecified.
testedwith = 'ships-with-hg-core'
def snapshot(ui, repo, files, node, tmproot, listsubrepos):
'''snapshot files as of some revision
if not using snapshot, -I/-X does not work and recursive diff
in tools like kdiff3 and meld displays too many files.'''
dirname = os.path.basename(repo.root)
if dirname == "":
dirname = "root"
if node is not None:
dirname = '%s.%s' % (dirname, short(node))
base = os.path.join(tmproot, dirname)
os.mkdir(base)
fns_and_mtime = []
if node is not None:
ui.note(_('making snapshot of %d files from rev %s\n') %
(len(files), short(node)))
else:
ui.note(_('making snapshot of %d files from working directory\n') %
(len(files)))
if files:
repo.ui.setconfig("ui", "archivemeta", False)
archival.archive(repo, base, node, 'files',
matchfn=scmutil.matchfiles(repo, files),
subrepos=listsubrepos)
for fn in sorted(files):
wfn = util.pconvert(fn)
ui.note(' %s\n' % wfn)
if node is None:
dest = os.path.join(base, wfn)
fns_and_mtime.append((dest, repo.wjoin(fn),
os.lstat(dest).st_mtime))
return dirname, fns_and_mtime
def dodiff(ui, repo, cmdline, pats, opts):
'''Do the actual diff:
- copy to a temp structure if diffing 2 internal revisions
- copy to a temp structure if diffing working revision with
another one and more than 1 file is changed
- just invoke the diff for a single file in the working dir
'''
revs = opts.get('rev')
change = opts.get('change')
do3way = '$parent2' in cmdline
if revs and change:
msg = _('cannot specify --rev and --change at the same time')
raise error.Abort(msg)
elif change:
node2 = scmutil.revsingle(repo, change, None).node()
node1a, node1b = repo.changelog.parents(node2)
else:
node1a, node2 = scmutil.revpair(repo, revs)
if not revs:
node1b = repo.dirstate.p2()
else:
node1b = nullid
# Disable 3-way merge if there is only one parent
if do3way:
if node1b == nullid:
do3way = False
subrepos=opts.get('subrepos')
matcher = scmutil.match(repo[node2], pats, opts)
if opts.get('patch'):
if subrepos:
raise error.Abort(_('--patch cannot be used with --subrepos'))
if node2 is None:
raise error.Abort(_('--patch requires two revisions'))
else:
mod_a, add_a, rem_a = map(set, repo.status(node1a, node2, matcher,
listsubrepos=subrepos)[:3])
if do3way:
mod_b, add_b, rem_b = map(set,
repo.status(node1b, node2, matcher,
listsubrepos=subrepos)[:3])
else:
mod_b, add_b, rem_b = set(), set(), set()
modadd = mod_a | add_a | mod_b | add_b
common = modadd | rem_a | rem_b
if not common:
return 0
tmproot = tempfile.mkdtemp(prefix='extdiff.')
try:
if not opts.get('patch'):
# Always make a copy of node1a (and node1b, if applicable)
dir1a_files = mod_a | rem_a | ((mod_b | add_b) - add_a)
dir1a = snapshot(ui, repo, dir1a_files, node1a, tmproot,
subrepos)[0]
rev1a = '@%d' % repo[node1a].rev()
if do3way:
dir1b_files = mod_b | rem_b | ((mod_a | add_a) - add_b)
dir1b = snapshot(ui, repo, dir1b_files, node1b, tmproot,
subrepos)[0]
rev1b = '@%d' % repo[node1b].rev()
else:
dir1b = None
rev1b = ''
fns_and_mtime = []
# If node2 in not the wc or there is >1 change, copy it
dir2root = ''
rev2 = ''
if node2:
dir2 = snapshot(ui, repo, modadd, node2, tmproot, subrepos)[0]
rev2 = '@%d' % repo[node2].rev()
elif len(common) > 1:
#we only actually need to get the files to copy back to
#the working dir in this case (because the other cases
#are: diffing 2 revisions or single file -- in which case
#the file is already directly passed to the diff tool).
dir2, fns_and_mtime = snapshot(ui, repo, modadd, None, tmproot,
subrepos)
else:
# This lets the diff tool open the changed file directly
dir2 = ''
dir2root = repo.root
label1a = rev1a
label1b = rev1b
label2 = rev2
# If only one change, diff the files instead of the directories
# Handle bogus modifies correctly by checking if the files exist
if len(common) == 1:
common_file = util.localpath(common.pop())
dir1a = os.path.join(tmproot, dir1a, common_file)
label1a = common_file + rev1a
if not os.path.isfile(dir1a):
dir1a = os.devnull
if do3way:
dir1b = os.path.join(tmproot, dir1b, common_file)
label1b = common_file + rev1b
if not os.path.isfile(dir1b):
dir1b = os.devnull
dir2 = os.path.join(dir2root, dir2, common_file)
label2 = common_file + rev2
else:
template = 'hg-%h.patch'
cmdutil.export(repo, [repo[node1a].rev(), repo[node2].rev()],
template=repo.vfs.reljoin(tmproot, template),
match=matcher)
label1a = cmdutil.makefilename(repo, template, node1a)
label2 = cmdutil.makefilename(repo, template, node2)
dir1a = repo.vfs.reljoin(tmproot, label1a)
dir2 = repo.vfs.reljoin(tmproot, label2)
dir1b = None
label1b = None
fns_and_mtime = []
# Function to quote file/dir names in the argument string.
# When not operating in 3-way mode, an empty string is
# returned for parent2
replace = {'parent': dir1a, 'parent1': dir1a, 'parent2': dir1b,
'plabel1': label1a, 'plabel2': label1b,
'clabel': label2, 'child': dir2,
'root': repo.root}
def quote(match):
pre = match.group(2)
key = match.group(3)
if not do3way and key == 'parent2':
return pre
return pre + util.shellquote(replace[key])
# Match parent2 first, so 'parent1?' will match both parent1 and parent
regex = (r'''(['"]?)([^\s'"$]*)'''
r'\$(parent2|parent1?|child|plabel1|plabel2|clabel|root)\1')
if not do3way and not re.search(regex, cmdline):
cmdline += ' $parent1 $child'
cmdline = re.sub(regex, quote, cmdline)
ui.debug('running %r in %s\n' % (cmdline, tmproot))
ui.system(cmdline, cwd=tmproot, blockedtag='extdiff')
for copy_fn, working_fn, mtime in fns_and_mtime:
if os.lstat(copy_fn).st_mtime != mtime:
ui.debug('file changed while diffing. '
'Overwriting: %s (src: %s)\n' % (working_fn, copy_fn))
util.copyfile(copy_fn, working_fn)
return 1
finally:
ui.note(_('cleaning up temp directory\n'))
shutil.rmtree(tmproot)
extdiffopts = [
('o', 'option', [],
_('pass option to comparison program'), _('OPT')),
('r', 'rev', [], _('revision'), _('REV')),
('c', 'change', '', _('change made by revision'), _('REV')),
('', 'patch', None, _('compare patches for two revisions'))
] + commands.walkopts + commands.subrepoopts
@command('extdiff',
[('p', 'program', '', _('comparison program to run'), _('CMD')),
] + extdiffopts,
_('hg extdiff [OPT]... [FILE]...'),
inferrepo=True)
def extdiff(ui, repo, *pats, **opts):
'''use external program to diff repository (or selected files)
Show differences between revisions for the specified files, using
an external program. The default program used is diff, with
default options "-Npru".
To select a different program, use the -p/--program option. The
program will be passed the names of two directories to compare. To
pass additional options to the program, use -o/--option. These
will be passed before the names of the directories to compare.
When two revision arguments are given, then changes are shown
between those revisions. If only one revision is specified then
that revision is compared to the working directory, and, when no
revisions are specified, the working directory files are compared
to its parent.'''
program = opts.get('program')
option = opts.get('option')
if not program:
program = 'diff'
option = option or ['-Npru']
cmdline = ' '.join(map(util.shellquote, [program] + option))
return dodiff(ui, repo, cmdline, pats, opts)
class savedcmd(object):
"""use external program to diff repository (or selected files)
Show differences between revisions for the specified files, using
the following program::
%(path)s
When two revision arguments are given, then changes are shown
between those revisions. If only one revision is specified then
that revision is compared to the working directory, and, when no
revisions are specified, the working directory files are compared
to its parent.
"""
def __init__(self, path, cmdline):
# We can't pass non-ASCII through docstrings (and path is
# in an unknown encoding anyway)
docpath = path.encode("string-escape")
self.__doc__ = self.__doc__ % {'path': util.uirepr(docpath)}
self._cmdline = cmdline
def __call__(self, ui, repo, *pats, **opts):
options = ' '.join(map(util.shellquote, opts['option']))
if options:
options = ' ' + options
return dodiff(ui, repo, self._cmdline + options, pats, opts)
def uisetup(ui):
for cmd, path in ui.configitems('extdiff'):
path = util.expandpath(path)
if cmd.startswith('cmd.'):
cmd = cmd[4:]
if not path:
path = util.findexe(cmd)
if path is None:
path = filemerge.findexternaltool(ui, cmd) or cmd
diffopts = ui.config('extdiff', 'opts.' + cmd, '')
cmdline = util.shellquote(path)
if diffopts:
cmdline += ' ' + diffopts
elif cmd.startswith('opts.'):
continue
else:
if path:
# case "cmd = path opts"
cmdline = path
diffopts = len(pycompat.shlexsplit(cmdline)) > 1
else:
# case "cmd ="
path = util.findexe(cmd)
if path is None:
path = filemerge.findexternaltool(ui, cmd) or cmd
cmdline = util.shellquote(path)
diffopts = False
# look for diff arguments in [diff-tools] then [merge-tools]
if not diffopts:
args = ui.config('diff-tools', cmd+'.diffargs') or \
ui.config('merge-tools', cmd+'.diffargs')
if args:
cmdline += ' ' + args
command(cmd, extdiffopts[:], _('hg %s [OPTION]... [FILE]...') % cmd,
inferrepo=True)(savedcmd(path, cmdline))
# tell hggettext to extract docstrings from these functions:
i18nfunctions = [savedcmd]