Re: [PATCH 4 of 4 STABLE] manifest: make treemanifestctx store the repo

[Martin von Zweigbergk via Mercurial-devel]

Pushed to committed repo, thanks!

On Tue, Oct 18, 2016 at 5:50 PM, Durham Goode  wrote:
> # HG changeset patch
> # User Durham Goode 
> # Date 1476837882 25200
> #  Tue Oct 18 17:44:42 2016 -0700
> # Branch stable
> # Node ID d5bc7048144e6c9675134b85aadb9d7b69d406aa
> # Parent  3efece5c59853908d65de53635488361dbf20c49
> manifest: make treemanifestctx store the repo
>
> Same as in the last commit, the old treemanifestctx stored a reference to the
> revlog.  If the inmemory revlog became invalid, the ctx now held an old copy 
> and
> would be incorrect. To fix this, we need the ctx to go through the manifestlog
> for each access.
>
> This is the same pattern that changectx already uses (it stores the repo, and
> accesses commit data through self._repo.changelog).
>
> diff --git a/mercurial/manifest.py b/mercurial/manifest.py
> --- a/mercurial/manifest.py
> +++ b/mercurial/manifest.py
> @@ -1274,7 +1274,7 @@ class manifestlog(object):
>  return cachemf
>
>  if self._treeinmem:
> -m = treemanifestctx(self._revlog, '', node)
> +m = treemanifestctx(self._repo, '', node)
>  else:
>  m = manifestctx(self._repo, node)
>  if node != revlog.nullid:
> @@ -1344,9 +1344,8 @@ class manifestctx(object):
>  return manifestdict(d)
>
>  class treemanifestctx(object):
> -def __init__(self, revlog, dir, node):
> -revlog = revlog.dirlog(dir)
> -self._revlog = revlog
> +def __init__(self, repo, dir, node):
> +self._repo = repo
>  self._dir = dir
>  self._data = None
>
> @@ -1359,23 +1358,27 @@ class treemanifestctx(object):
>  #rev = revlog.rev(node)
>  #self.linkrev = revlog.linkrev(rev)
>
> +def _revlog(self):
> +return self._repo.manifestlog._revlog.dirlog(self._dir)
> +
>  def read(self):
>  if not self._data:
> +rl = self._revlog()
>  if self._node == revlog.nullid:
>  self._data = treemanifest()
> -elif self._revlog._treeondisk:
> +elif rl._treeondisk:
>  m = treemanifest(dir=self._dir)
>  def gettext():
> -return self._revlog.revision(self._node)
> +return rl.revision(self._node)
>  def readsubtree(dir, subm):
> -return treemanifestctx(self._revlog, dir, subm).read()
> +return treemanifestctx(self._repo, dir, subm).read()
>  m.read(gettext, readsubtree)
>  m.setnode(self._node)
>  self._data = m
>  else:
> -text = self._revlog.revision(self._node)
> +text = revlog.revision(self._node)
>  arraytext = array.array('c', text)
> -self._revlog.fulltextcache[self._node] = arraytext
> +rl.fulltextcache[self._node] = arraytext
>  self._data = treemanifest(dir=self._dir, text=text)
>
>  return self._data
> @@ -1385,9 +1388,9 @@ class treemanifestctx(object):
>
>  def readdelta(self):
>  # Need to perform a slow delta
> -revlog = self._revlog
> +revlog = self._revlog()
>  r0 = revlog.deltaparent(revlog.rev(self._node))
> -m0 = treemanifestctx(revlog, self._dir, revlog.node(r0)).read()
> +m0 = treemanifestctx(self._repo, self._dir, revlog.node(r0)).read()
>  m1 = self.read()
>  md = treemanifest(dir=self._dir)
>  for f, ((n0, fl0), (n1, fl1)) in m0.diff(m1).iteritems():
> @@ -1398,7 +1401,7 @@ class treemanifestctx(object):
>  return md
>
>  def readfast(self):
> -rl = self._revlog
> +rl = self._revlog()
>  r = rl.rev(self._node)
>  deltaparent = rl.deltaparent(r)
>  if deltaparent != revlog.nullrev and deltaparent in rl.parentrevs(r):
> ___
> Mercurial-devel mailing list
> Mercurial-devel@mercurial-scm.org
> https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

[PATCH STABLE] commands: print security protocol support in debuginstall

[Gregory Szorc]

# HG changeset patch
# User Gregory Szorc 
# Date 1476914831 25200
#  Wed Oct 19 15:07:11 2016 -0700
# Branch stable
# Node ID 37eaf6c2b4ac3c1015965676db89e435a79b45ee
# Parent  e478f11e418288b8308457303d3ddf6a23f874f8
commands: print security protocol support in debuginstall

Over the past ~48 hours I've had to instruct multiple people to run
Python code to query the ssl module to see what TLS protocol support
is present. I think it would be useful for `hg debuginstall` to print
this info to make it easier to access and debug why Mercurial is
complaining about using an insecure TLS 1.0 protocol.

Ideally we'd also print the path to the CA cert bundle. But the APIs
for querying that in sslutil can emit warnings, making it slightly
more difficult to integrate into `hg debuginstall`. That work will
have to wait for another day.

Yes, I realize it is feature freeze. But I think this is useful to
have in the release and it only changes a debug* command, so it
shouldn't be that risky.

diff --git a/mercurial/commands.py b/mercurial/commands.py
--- a/mercurial/commands.py
+++ b/mercurial/commands.py
@@ -63,16 +63,17 @@ from . import (
 pvec,
 repair,
 revlog,
 revset,
 scmutil,
 setdiscovery,
 simplemerge,
 sshserver,
+sslutil,
 streamclone,
 templatekw,
 templater,
 treediscovery,
 ui as uimod,
 util,
 )
 
@@ -2698,16 +2699,34 @@ def debuginstall(ui, **opts):
 # Python
 fm.write('pythonexe', _("checking Python executable (%s)\n"),
  sys.executable)
 fm.write('pythonver', _("checking Python version (%s)\n"),
  ("%s.%s.%s" % sys.version_info[:3]))
 fm.write('pythonlib', _("checking Python lib (%s)...\n"),
  os.path.dirname(os.__file__))
 
+security = set(sslutil.supportedprotocols)
+if sslutil.hassni:
+security.add('sni')
+
+fm.write('pythonsecurity', _("checking Python security support (%s)\n"),
+ ', '.join(sorted(security)))
+
+# These are warnings, not errors. So don't increment problem count. This
+# may change in the future.
+fm.condwrite('tls1.2' not in security, 'tlswarning', '  %s\n',
+ _('TLS 1.2 not supported by Python install; '
+   'network connections lack modern security'))
+fm.condwrite('sni' not in security, 'sniwarning', '  %s\n',
+ _('SNI not supported by Python install; may have '
+   'connectivity issues with some servers'))
+
+# TODO print CA cert info
+
 # hg version
 hgver = util.version()
 fm.write('hgver', _("checking Mercurial version (%s)\n"),
  hgver.split('+')[0])
 fm.write('hgverextra', _("checking Mercurial custom build (%s)\n"),
  '+'.join(hgver.split('+')[1:]))
 
 # compiled modules
diff --git a/tests/test-install.t b/tests/test-install.t
--- a/tests/test-install.t
+++ b/tests/test-install.t
@@ -1,14 +1,17 @@
 hg debuginstall
   $ hg debuginstall
   checking encoding (ascii)...
   checking Python executable (*) (glob)
   checking Python version (2.*) (glob)
   checking Python lib (*lib*)... (glob)
+  checking Python security support (*) (glob)
+TLS 1.2 not supported by Python install; network connections lack modern 
security (?)
+SNI not supported by Python install; may have connectivity issues with 
some servers (?)
   checking Mercurial version (*) (glob)
   checking Mercurial custom build (*) (glob)
   checking module policy (*) (glob)
   checking installed modules (*mercurial)... (glob)
   checking templates (*mercurial?templates)... (glob)
   checking default template (*mercurial?templates?map-cmdline.default) (glob)
   checking commit editor... (* -c "import sys; sys.exit(0)") (glob)
   checking username (test)
@@ -28,30 +31,36 @@ hg debuginstall JSON
 "extensionserror": null,
 "hgmodulepolicy": "*", (glob)
 "hgmodules": "*mercurial", (glob)
 "hgver": "*", (glob)
 "hgverextra": "*", (glob)
 "problems": 0,
 "pythonexe": "*", (glob)
 "pythonlib": "*", (glob)
+"pythonsecurity": "*", (glob)
 "pythonver": "*.*.*", (glob)
+"sniwarning": "SNI not supported by Python install; may have connectivity 
issues with some servers",
 "templatedirs": "*mercurial?templates", (glob)
+"tlswarning": "TLS 1.2 not supported by Python install; network 
connections lack modern security",
 "username": "test",
 "usernameerror": null,
 "vinotfound": false
}
   ]
 
 hg debuginstall with no username
   $ HGUSER= hg debuginstall
   checking encoding (ascii)...
   checking Python executable (*) (glob)
   checking Python version (2.*) (glob)
   checking Python lib (*lib*)... (glob)
+  checking Python security support (*) (glob)
+TLS 1.2 not supported by Python install; network connections lack modern 
security (?)
+SNI not supported by Python install; may have connectivity issues with 
some servers (?)
   checking Mercurial version (*) (glob)
   checkin

RE: [PATCH STABLE] sslutil: guard against broken certifi installations (issue5406)

[Gábor STEFANIK]

>


--
This message, including its attachments, is confidential. For more information 
please read NNG's email policy here:
http://www.nng.com/emailpolicy/
By responding to this email you accept the email policy.


-Original Message-
> From: Kevin Bullock [mailto:kbullock+mercur...@ringworld.org]
> Sent: Wednesday, October 19, 2016 7:46 PM
> To: Gábor STEFANIK 
> Cc: mercurial-devel@mercurial-scm.org
> Subject: Re: [PATCH STABLE] sslutil: guard against broken certifi 
> installations
> (issue5406)
>
> > On Oct 19, 2016, at 12:07, Gábor STEFANIK 
> wrote:
> >
> > -Original Message-
> >> From: Kevin Bullock [mailto:kbullock+mercur...@ringworld.org]
> >> Sent: Wednesday, October 19, 2016 6:18 PM
> >> To: Gábor STEFANIK 
> >> Cc: mercurial-devel@mercurial-scm.org
> >> Subject: Re: [PATCH STABLE] sslutil: guard against broken certifi
> >> installations
> >> (issue5406)
> >>
> >> You've gone from catching an ImportError to swallowing all exceptions.
> >
> > Intentional. ImportError is not the only thing that can be thrown
> > here; e.g. if "certifi" is actually some unrelated module with no "where()"
> method.
> >
> > No reason to let certifi crash Hg under any circumstances.
>
> I have a hard time imagining how another module named "certifi" without a
> where() method would show up on any sane system.
>
> As Greg said, bare `except:` is banned in Mercurial. Catch the exceptions you
> expect might happen, none others.

Would "except Exception:" be acceptable? that one doesn't catch 
KeyboardInterrupt and other problematic exceptions.

>
> pacem in terris / мир / शान्ति / ‎‫سَلاَم‬ / 平和
> Kevin R. Bullock

___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

Re: [PATCH STABLE] sslutil: guard against broken certifi installations (issue5406)

[Kevin Bullock]

> On Oct 19, 2016, at 12:07, Gábor STEFANIK  wrote:
> 
> -Original Message-
>> From: Kevin Bullock [mailto:kbullock+mercur...@ringworld.org]
>> Sent: Wednesday, October 19, 2016 6:18 PM
>> To: Gábor STEFANIK 
>> Cc: mercurial-devel@mercurial-scm.org
>> Subject: Re: [PATCH STABLE] sslutil: guard against broken certifi 
>> installations
>> (issue5406)
>> 
>> You've gone from catching an ImportError to swallowing all exceptions.
> 
> Intentional. ImportError is not the only thing that can be thrown here;
> e.g. if "certifi" is actually some unrelated module with no "where()" method.
> 
> No reason to let certifi crash Hg under any circumstances.

I have a hard time imagining how another module named "certifi" without a 
where() method would show up on any sane system.

As Greg said, bare `except:` is banned in Mercurial. Catch the exceptions you 
expect might happen, none others.

pacem in terris / мир / शान्ति / ‎‫سَلاَم‬ / 平和
Kevin R. Bullock

___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

Re: [PATCH STABLE] sslutil: guard against broken certifi installations (issue5406)

[Gregory Szorc]

On Wed, Oct 19, 2016 at 10:07 AM, Gábor STEFANIK 
wrote:

> >
>
>
> --
> This message, including its attachments, is confidential. For more
> information please read NNG's email policy here:
> http://www.nng.com/emailpolicy/
> By responding to this email you accept the email policy.
>
>
> -Original Message-
> > From: Kevin Bullock [mailto:kbullock+mercur...@ringworld.org]
> > Sent: Wednesday, October 19, 2016 6:18 PM
> > To: Gábor STEFANIK 
> > Cc: mercurial-devel@mercurial-scm.org
> > Subject: Re: [PATCH STABLE] sslutil: guard against broken certifi
> installations
> > (issue5406)
> >
> > > On Oct 19, 2016, at 11:07, Gábor Stefanik 
> > wrote:
> > >
> > > # HG changeset patch
> > > # User Gábor Stefanik  # Date 1476893174 -7200
> > > #  Wed Oct 19 18:06:14 2016 +0200
> > > # Branch stable
> > > # Node ID 77e20e2892a869717db636f56ab1b9664fc8b285
> > > # Parent  e478f11e418288b8308457303d3ddf6a23f874f8
> > > sslutil: guard against broken certifi installations (issue5406)
> > >
> > > Certifi is currently incompatible with py2exe; the Python code for
> > > certifi gets included in library.zip, but not the cacert.pem file -
> > > and even if it were included, SSLContext can't load a cacert.pem file
> from
> > library.zip.
> > > This currently makes it impossible to build a standalone Windows
> > > version of Mercurial.
> > >
> > > Guard against this, and possibly other situations where a module with
> > > the name "certifi" exists, but is not usable.
> > >
> > > diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
> > > --- a/mercurial/sslutil.py
> > > +++ b/mercurial/sslutil.py
> > > @@ -695,9 +695,10 @@
> > > try:
> > > import certifi
> > > certs = certifi.where()
> > > -ui.debug('using ca certificates from certifi\n')
> > > -return certs
> > > -except ImportError:
> > > +if os.path.exists(certs):
> > > +ui.debug('using ca certificates from certifi\n')
> > > +return certs
> > > +except:
> >
> > You've gone from catching an ImportError to swallowing all exceptions.
>
> Intentional. ImportError is not the only thing that can be thrown here;
> e.g. if "certifi" is actually some unrelated module with no "where()"
> method.
>
> No reason to let certifi crash Hg under any circumstances.
>
>
Bareword "except" is evil because it catches all exceptions, including
SystemExit and KeyboardInterrupt. That means that if the process is killed
or the user hits ^C because certifi import is being slow because I/O or
some other badness, Python ignores that signal.

"except:" should be banned by the code checker if it isn't already.
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

RE: [PATCH STABLE] sslutil: guard against broken certifi installations (issue5406)

[Gábor STEFANIK]

>


--
This message, including its attachments, is confidential. For more information 
please read NNG's email policy here:
http://www.nng.com/emailpolicy/
By responding to this email you accept the email policy.


-Original Message-
> From: Kevin Bullock [mailto:kbullock+mercur...@ringworld.org]
> Sent: Wednesday, October 19, 2016 6:18 PM
> To: Gábor STEFANIK 
> Cc: mercurial-devel@mercurial-scm.org
> Subject: Re: [PATCH STABLE] sslutil: guard against broken certifi 
> installations
> (issue5406)
>
> > On Oct 19, 2016, at 11:07, Gábor Stefanik 
> wrote:
> >
> > # HG changeset patch
> > # User Gábor Stefanik  # Date 1476893174 -7200
> > #  Wed Oct 19 18:06:14 2016 +0200
> > # Branch stable
> > # Node ID 77e20e2892a869717db636f56ab1b9664fc8b285
> > # Parent  e478f11e418288b8308457303d3ddf6a23f874f8
> > sslutil: guard against broken certifi installations (issue5406)
> >
> > Certifi is currently incompatible with py2exe; the Python code for
> > certifi gets included in library.zip, but not the cacert.pem file -
> > and even if it were included, SSLContext can't load a cacert.pem file from
> library.zip.
> > This currently makes it impossible to build a standalone Windows
> > version of Mercurial.
> >
> > Guard against this, and possibly other situations where a module with
> > the name "certifi" exists, but is not usable.
> >
> > diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
> > --- a/mercurial/sslutil.py
> > +++ b/mercurial/sslutil.py
> > @@ -695,9 +695,10 @@
> > try:
> > import certifi
> > certs = certifi.where()
> > -ui.debug('using ca certificates from certifi\n')
> > -return certs
> > -except ImportError:
> > +if os.path.exists(certs):
> > +ui.debug('using ca certificates from certifi\n')
> > +return certs
> > +except:
>
> You've gone from catching an ImportError to swallowing all exceptions.

Intentional. ImportError is not the only thing that can be thrown here;
e.g. if "certifi" is actually some unrelated module with no "where()" method.

No reason to let certifi crash Hg under any circumstances.

>
> pacem in terris / мир / शान्ति / ‎‫سَلاَم‬ / 平和
> Kevin R. Bullock

___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

Re: history at diff blocks level

[Jun Wu]

Excerpts from Yuya Nishihara's message of 2016-10-18 23:38:19 +0900:
> On Tue, 18 Oct 2016 08:59:58 +0200, Denis Laxalde wrote:
> > Jun Wu a écrit :
> > > Excerpts from Denis Laxalde's message of 2016-10-03 16:38:17 +0200:
> > >>  From UI point of view, the basic idea is to specify a (file name, line
> > >> range) pair and the simplest solution I could find is something like:
> > >>
> > >>hg log/annotate --line-range fromline,toline FILE
> > >>
> > >> but this does not work well with several files. (Perhaps something like
> > >> hg log FILE:fromline:toline would be better.) I also thought about a
> > >
> > > +1 for "FILE:fromline:toline". It is intuitive and makes sense. A new
> > > boolean flag (like "--line-ranges") that enables the syntax explicitly
> > > may be necessary. The flag can avoid conflicts with existing matcher 
> > > syntax,
> > > and make it clear that some commands like "add" do not support line 
> > > ranges.
> > 
> > "FILE:fromline:toline" is also my favorite option. But I'm not sure I'd
> > like to be forced to specify an extra option to be able to use this
> > syntax. I'd much prefer if this could be avoided, though we'll indeed
> > have to handle conflicts with existing matcher syntax. Or use another
> > separator? Any other idea welcome!
> 
> How about extending the fileset syntax?
> 
>   $ hg log/annotate 'set:FILE:linerange(FROMLINE-TOLINE)'
>  # ':' attr-name '(' args ')'

I think adding new pattern like "(rel)linerange:PATH:L1-L2" is cleaner.

Reasons:

  - It's rare to specify a same line range for different files.
  - If it was added to "set:", how about other patterns like "glob:",
"path:", "include:", ...?
If they all need to support the new syntax. It could introduce ambiguity.

As a user, I want to type commands as short as possible. So "set:" is not
pretty. I think the "default" parameter of match.__init__ could be made to
support a list, like ['glob', 'rellinerange'] and tries them one by one. If
BC is a concern, a config option could be introduced.

Eventually, if it is just so useful, I think it can be made to be the
default behavior. A user can always use a different prefix to explicitly
select a pattern they want to use.

The only concern I have here is to disable the line range pattern by default
as many commands couldn't support it. And it can only be enabled explicitly
by the caller of match().

> We could have a shorthand operator ('%' just for example):
> 
>   $ hg log/annotate set:FILE%FROMLINE-TOLINE
> 
> This might look crazy, and I think it's actually crazy, but it could be
> extended for log --follow (issue4959):
> 
>   $ hg log --follow 'set:FILE:rev(REV)'
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

Re: [PATCH STABLE] sslutil: guard against broken certifi installations (issue5406)

[Kevin Bullock]

> On Oct 19, 2016, at 11:07, Gábor Stefanik  wrote:
> 
> # HG changeset patch
> # User Gábor Stefanik 
> # Date 1476893174 -7200
> #  Wed Oct 19 18:06:14 2016 +0200
> # Branch stable
> # Node ID 77e20e2892a869717db636f56ab1b9664fc8b285
> # Parent  e478f11e418288b8308457303d3ddf6a23f874f8
> sslutil: guard against broken certifi installations (issue5406)
> 
> Certifi is currently incompatible with py2exe; the Python code for certifi 
> gets
> included in library.zip, but not the cacert.pem file - and even if it were
> included, SSLContext can't load a cacert.pem file from library.zip.
> This currently makes it impossible to build a standalone Windows version of
> Mercurial.
> 
> Guard against this, and possibly other situations where a module with the name
> "certifi" exists, but is not usable.
> 
> diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
> --- a/mercurial/sslutil.py
> +++ b/mercurial/sslutil.py
> @@ -695,9 +695,10 @@
> try:
> import certifi
> certs = certifi.where()
> -ui.debug('using ca certificates from certifi\n')
> -return certs
> -except ImportError:
> +if os.path.exists(certs):
> +ui.debug('using ca certificates from certifi\n')
> +return certs
> +except:

You've gone from catching an ImportError to swallowing all exceptions.

pacem in terris / мир / शान्ति / ‎‫سَلاَم‬ / 平和
Kevin R. Bullock

___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

[PATCH STABLE] sslutil: guard against broken certifi installations (issue5406)

[Gábor Stefanik]

# HG changeset patch
# User Gábor Stefanik 
# Date 1476893174 -7200
#  Wed Oct 19 18:06:14 2016 +0200
# Branch stable
# Node ID 77e20e2892a869717db636f56ab1b9664fc8b285
# Parent  e478f11e418288b8308457303d3ddf6a23f874f8
sslutil: guard against broken certifi installations (issue5406)

Certifi is currently incompatible with py2exe; the Python code for certifi gets
included in library.zip, but not the cacert.pem file - and even if it were
included, SSLContext can't load a cacert.pem file from library.zip.
This currently makes it impossible to build a standalone Windows version of
Mercurial.

Guard against this, and possibly other situations where a module with the name
"certifi" exists, but is not usable.

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -695,9 +695,10 @@
 try:
 import certifi
 certs = certifi.where()
-ui.debug('using ca certificates from certifi\n')
-return certs
-except ImportError:
+if os.path.exists(certs):
+ui.debug('using ca certificates from certifi\n')
+return certs
+except:
 pass
 
 # On Windows, only the modern ssl module is capable of loading the system
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

[Bug 5406] New: Mercurial can't access https when a broken version of certifi is installed, even with system store available

[bugzilla]

https://bz.mercurial-scm.org/show_bug.cgi?id=5406

Bug ID: 5406
   Summary: Mercurial can't access https when a broken version of
certifi is installed, even with system store available
   Product: Mercurial
   Version: stable branch
  Hardware: PC
OS: Windows
Status: UNCONFIRMED
  Severity: bug
  Priority: urgent
 Component: Mercurial
  Assignee: bugzi...@selenic.com
  Reporter: gabor.stefa...@nng.com
CC: mercurial-de...@selenic.com

If the certifi module can be loaded, but certifi.where() points to a
nonexistent file (e.g. inside a library.zip when Hg is packaged using py2exe),
all https connections fail due to an IOError when trying to load the cacerts
file.

This means, it's no longer possible to build a Mercurial Windows installer on a
machine with certifi installed. This is a regression from 3.9

(Version = 4.0-rc, but no such choice on Bugzilla yet)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

Re: [PATCH python-hglib] Add feature to allow hglib user to get call backs for prompts and output

[Yuya Nishihara]

On Tue, 18 Oct 2016 20:24:28 +0100, Barry Scott wrote:
> I think I can also have the solution for hglib.clone() and hglib.init().
> I need to test more to be happy with those changes.

They could be switched to use the commandserver on hg 3.0+.

https://www.mercurial-scm.org/wiki/CommandServer#Known_issues

> > > >> When a prompt event happens I found that I cannot rely on figuring out
> > > >> what
> > > >> the last prompt was without a timeline of calls to cdout and cderr.
> > > > 
> > > > or inspect the last lines of both out/err channels? Anyway it's
> > > > unreliable to read the prompt line, so we'll need a better channel
> > > > protocol in future.> > 
> > > >> For example cdout gets the “user:” prompt but cderr gets the
> > > >> “password:”.
> > > >> (Why is “password:” sent to stderr? Bug? Feature?)
> > > > 
> > > > That is considered a feature of hg, but isn't nice in command-server
> > > > session. I made an extension to send more information over the pipe.
> > > > It's just a hack. My current plan is to add an option to send prompt,
> > > > progress, and status messages to a separate (e.g. 'C'-ontrol) channel.
> > > > 
> > > > https://bitbucket.org/tortoisehg/thg/src/3.9.2/tortoisehg/util/pipeui.py
> > > >  > > > py>> 
> > > What I really want to see is a get-credentials call back, lIke subversion
> > > API has.> 
> > >  username, password = cbgetcredentials( URL, realm, username=None )
> > > 
> > > Then I do not need to parse out for messages the URL, I can prompt the
> > > user once for both username and password. I do this with this patch and a
> > > lot of extra logic in my GUI.
> > Yeah, I want it.
> > 
> > For a temporary workaround, I think we can simply extend prompt().
> 
> What do you have in mind? I'm not seeing an easy win here.

Just pass both out and err to prompt():

  if prompt takes 3 args:
  reply = prompt(size, out.getvalue(), err.getvalue())
  else:
  reply = prompt(size, out.getvalue())

and check the last lines of them to guess which stream had a prompt.

Maybe we can strip the used out/err data to make the handling of multiple
prompts slightly better.

  prompt(size, out.getvalue()[p:], ...)
  p = out.pos
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel