packaging: update dulwich to drop the certifi dependency on Windows
The presence of `certifi` causes the system certificate store to be ignored,
which was reported as a bug against TortoiseHg[1]. It was only pulled in on
Windows because of `dulwich`, which was copied from the old TortoiseHg install
scripts, in order to support `hg-git`.
This version of `dulwich` raises the minimum `urllib3` to a version (1.25) that
does certificate verification by default, without the help of `certifi`[2]. We
already bundle a newer version of `urllib3`. Note that `certifi` can still be
imported from the user site directory, if installed there. But the installer no
longer disables the system certificates by default.
[1] https://foss.heptapod.net/mercurial/tortoisehg/thg/-/issues/5825
[2] https://github.com/jelmer/dulwich/issues/1025
How to add fuzzers (partially cribbed from oss-fuzz[0]):
1) git clone https://github.com/google/oss-fuzz
2) cd oss-fuzz
3) python infra/helper.py build_image mercurial
4) docker run --cap-add=SYS_PTRACE -it -v $HG_REPO_PATH:/hg-new \
gcr.io/oss-fuzz/mercurial bash
5) cd /src
6) rm -r mercurial
7) ln -s /hg-new mercurial
8) cd mercurial
9) compile
10) ls $OUT
Step 9 is literally running the command "compile", which is part of
the docker container. Once you have that working, you can build the
fuzzers like this (in the oss-fuzz repo):
python infra/helper.py build_fuzzers --sanitizer address mercurial $HG_REPO_PATH
(you can also say "memory", "undefined" or "coverage" for
sanitizer). Then run the built fuzzers like this:
python infra/helper.py run_fuzzer mercurial -- $FUZZER
0: https://github.com/google/oss-fuzz/blob/master/docs/new_project_guide.md