Summary:
johansglock pointed out that Hyper is affected by CVE-2021-21299. Let's update
to a fixed version.
Reviewed By: farnz
Differential Revision: D26313854
fbshipit-source-id: 4db04d3044fb9f22a037bda0a88a5314f62f9dfc
Summary:
See the earlier diff for what flag controls.
When booting SCS, we poll a lot of nested FuturesUnordered. This results in
very inefficient behavior in Tokio's cooperative scheduling, and results in us
spending 50% of total our CPU (in fact, a full thread) on just yielding, with
most other threads being idle.
With this change, we use 20+ threads running work that is scheduled by the main
thread, which is what we want.
Note that this applies to all Mononoke binaries. This has only been especially
bad in SCS startup, but we've also not benefited from this feature anywhere,
so rather than leaving this footgun in other apps, let's take it out
everywhere.
Reviewed By: markbt, StanislavGlebik
Differential Revision: D26399889
fbshipit-source-id: 0a13e1275d367e49c2342cb85cb6cd0047cda224
Summary: Instead of doing per-repo rate-limiting checks, let's do total ones. All of the business logic stays the same, with the exception of a different counter used.
Reviewed By: farnz
Differential Revision: D26374353
fbshipit-source-id: 92006cd3e5dd194ac9e6531cbb19289fa73a63d2
Summary: This imports D26374072. See that diff for details.
Reviewed By: farnz
Differential Revision: D26374352
fbshipit-source-id: 71f39b5c606915bfbf421b366812fd40ebb6b4f9
Summary: The Python `readauthforuri` method will include *any* fields specified in the `[auth]` section for a given auth group, even if those fields aren't one of the expect ones (such as `cert`, `key`, etc). This is sometimes used in tests to attach additional information to an auth group. To support this in Rust, let's just collect all unknown fields into a `HashMap`.
Reviewed By: quark-zju
Differential Revision: D26416086
fbshipit-source-id: 0252e340e38850a54e24d54810e9abd77c566f63
Summary:
The auth crate is now able to check the presence and expiration of client certificates (D26009207 (9f7d4447fd)). When a problem is detected, it emits an `X509Error`, which specifies exactly what the problem is. Since this error always indicates a certificate issue, we can print out the message configured in `help.tlsauthhelp` (which is more specific than `help.tlshelp` from the previous diff).
Previously, Mercurial would attempt to use the certificate anyway, resulting in a difficult to understand error message. Although the previous diffs in this stack improved the error messages on any TLS failure, the `X509Error` messages are even more helpful.
Users can opt in to this certificate validation with `edenapi.validate-certs`. The functionality is gated on a config option to prevent Mercurial from crashing if certificates are misconfigured, but EdenAPI isn't being used.
Reviewed By: quark-zju
Differential Revision: D26385843
fbshipit-source-id: 9809f612f8aab3f2dd442d6dd8dc348f1af45296
Summary: Print out the help text configured in `help.tlshelp` upon hitting a `TlsError`. Note that in this case, we use `help.tlshelp` rather than `help.tlsauthhelp` since all we know in this case is that *some* kind of TLS error occurred.
Reviewed By: quark-zju
Differential Revision: D26385844
fbshipit-source-id: 1fb5280195de75107ecdfc9203ef8ddda2a04052
Summary: Add a new `TlsError` Python exception type corresponding to `HttpClientError::Tls`.
Reviewed By: quark-zju
Differential Revision: D26385846
fbshipit-source-id: c0df543032461de650a4d24c26c6b8aaab1abbb9
Summary:
Add a new `HttpClientError::Tls` variant specifically for TLS errors, separating them from other `curl::Error`s from libcurl.
To determine whether a particular `curl::Error` is a TLS error, we check both the error code and the contents of the error message.
Reviewed By: quark-zju
Differential Revision: D26385845
fbshipit-source-id: fd58f86a3a61fcfb845d19e262fdcb132dc7ec9f
Summary: This diff adds auto-generated test cases to checkout code. It generates partially overlapping trees and tests transitions between them
Reviewed By: quark-zju
Differential Revision: D26384962
fbshipit-source-id: 6140bbb7ff8b87843a2235f8325f57829cdd8cae
Summary: Currently PathComponentBuf::arbitrary generates any characters. Those characters are ok for unit tests on hg abstractions where they are currently used, but many of them do not work with real filesystems
Reviewed By: quark-zju
Differential Revision: D26384961
fbshipit-source-id: dde1e9276114b30262bc477a3e0f828645f1f32a
Summary:
Currently if VFS overwrites executable file with regular, it preserves exec bit[see added test].
This diff makes sure that file has correct permissions after overwrite
This diff also slightly optimizes write_executable, by calling set_mode on the file handle, instead of path
TODO - we can check if calling stats() before set_permissions will save some time
Reviewed By: quark-zju
Differential Revision: D26379824
fbshipit-source-id: 42d0b2fb79ed860ac37b2de077388002ade69449
Summary:
Before this diff VFS::write_regular did not handle correctly use case when file already existed as as symlink - it would write into symlink location, instead of replacing symlink with a regular file (see updated test_symlink_overwrite that is failing on old implementation)
This diff adds O_NOFOLLOW option on unix when overwriting the file. When destination is a symlink, attempt to write fails with E_LOOP and triggers clear_conflict that removes symlink and allows retry write to succeed.
This also allows one of test cases in checkout that previously did not work
Reviewed By: quark-zju
Differential Revision: D26378893
fbshipit-source-id: 28bcdaba78db283ac7a25bb232c198d3d8f73e5d
Summary: This diff contains basic test setup for checkout tests - we compare transition between two trees without dirty changes
Reviewed By: quark-zju
Differential Revision: D26359502
fbshipit-source-id: ef670c944200bae1652863c91ada92c6fecce4ac
Summary:
Update the dirsync code to allow mirror and exclude rules to match individual
files rather than just directory prefixes.
This simply appends `/` to all filenames when looking for rule matches. This
allows us to efficiently match individual filenames in addition to directory
prefixes.
Reviewed By: quark-zju
Differential Revision: D26294583
fbshipit-source-id: 83b283f344f6e0bc0fe53b9068e7e0170f53504b
Summary:
One of the primary use cases for hash_to_location is translating user provided
hashes. It is then perfectly valid for the hashes that are provided to not
exist. Where we would previously return an error for the full request if a
hash was invalid, we now omit the hash from the response.
Reviewed By: quark-zju
Differential Revision: D26389472
fbshipit-source-id: c59529d43f44bed7cdb2af0e9babc96160e0c4a7
Summary:
The approach is very similar to what commitrevlogdata does. You could say
that it's cargo culted.
I am not sure how appropriate it is to return CommitLocationToHashResponse
but I think that it's fine for now.
Reviewed By: quark-zju
Differential Revision: D26374219
fbshipit-source-id: 61d851d5a4fc4223c65078ef434a0c67314a90cd
Summary: It's totally valid to get a zero ctime_age if storage is quick (e.g. local integration tests), or a negative age if running vs storage without synchronized clocks.
Reviewed By: krallin
Differential Revision: D26404237
fbshipit-source-id: 8a479be8cac8adc81f39eabe0f73048f701a146c
Summary: This is defined else where in Python 3, so let's get rid of it here.
Reviewed By: quark-zju
Differential Revision: D26381054
fbshipit-source-id: 9746d2c53f83209d9c795ffdd5841d58ef1153ef
Summary: These are just a few one-liners to fix Python 3 on Windows.
Reviewed By: sfilipco
Differential Revision: D26381055
fbshipit-source-id: d9257f2cf35c05f931d74b7d26bdc79f5bf34185
Summary:
We've rolled both of these out to 100%. Let's make this the default so
we can delete those configs.
Reviewed By: quark-zju
Differential Revision: D26233645
fbshipit-source-id: cd7a08c404483f78ab714763870f5bf0fa801e7a
Summary:
We're seeing cases where Mercurial is creating unused .tmp pack files
and leaving them around. It looks like there are two places this can happen, 1)
in the treemanifest python code we manually instantiate some mutable packs, and
2) when doing a read from the rust data store, when it does a read against the
mutable pack store it will unnecessarily create the MutableDataPackInner struct,
which creates the temp file.
Let's fix those.
Reviewed By: quark-zju
Differential Revision: D26387205
fbshipit-source-id: 5a567c886849084bcc8121949dd2fb0f9e66d570
Summary:
For whatever reason, the metadata and vendored sources do not match
the actual upstream sources. I deleted all of third-party/rust/vendor/** and
revendored.
Notable changes:
- libra-crypto and libra-canonical-serialization picked up changes from D25098952 (Nov 2020)
D25986058 updated the source location of z3, but didn't update the sources.
Unfortunately the updated location seems completely unbuildable, so for now
this doesn't update any of z3 until jagill can fix it.
Reviewed By: wangbj
Differential Revision: D26377549
fbshipit-source-id: d30dbaa7502c82c4b7cd64f8c80ab978a5646271
Summary: It was failing because caching was not initialized. This diff fixes it
Reviewed By: mitrandir77
Differential Revision: D26374106
fbshipit-source-id: 7481c145c56db9080e065908a4b5e9b136a18317
Summary: Change from .map_ok() to async move to shift code left a bit
Differential Revision: D26366419
fbshipit-source-id: 833066b45702f36a4ce8d579994d1abb2d739f9e
Summary:
While I was fixing the cli_test I realized that the rest of the tests didn't
enforce strict type checking, let's make sure it is enabled so `pyre -l eden`
works for all the tests now and in the future.
Reviewed By: chadaustin
Differential Revision: D26356267
fbshipit-source-id: 4f026b6f96c410115a6a38d772f8e06ab977293b
Summary:
The default filesystem on macOS (APFS) is case-insensitive, but EdenFS has so
far been case-sensitive except on Windows. Some of the native tools (Unity for
instance), expect macOS to always be case-insensitive, and is thus breaking due
to that.
The safe behavior would be to have EdenFS behave exactly the same as APFS: be
case insensitive. For now, to avoid breaking users this will be done on new
mounts only, and once fully validated, this will be made the default and forced
on.
Reviewed By: chadaustin
Differential Revision: D26356269
fbshipit-source-id: 96ca331d8c9726213520dff3e3563019d0400a95
Summary:
In our upcoming migration away from chef/static rc files, we'll be
marking certain files as "allowed". Our hope is that that list only includes
things like .hg/hgrc, ~/.hgrc, etc.
There are cases however where it's convienent to continue to use chef, for
instance when we condition on machine type. To support this, let's add an
allowed_config option, which will allow configs from non-supported locations.
This will also be useful when remediating issues that come up when we start
enforcing allow_location, without rolling back the entire thing.
Reviewed By: quark-zju
Differential Revision: D26233451
fbshipit-source-id: 71789e0361923a6f80de4aef7f012afc0269440d
Summary:
Copied from D17312417 (e1f4dbeb3d), because that did what I needed done, but incremented by 1.
I would like to change the length of the displayed hash in scm-prompt
to 9. Why such an impactful diff? Because hg sl shows 9 characters, and I
always get confused when the hash in my prompt doesn't match hg sl
Reviewed By: kulshrax
Differential Revision: D25934253
fbshipit-source-id: 15f2bc8bc7d666de1a077d2bafd74ab3c9753341