packaging: update dulwich to drop the certifi dependency on Windows
The presence of `certifi` causes the system certificate store to be ignored,
which was reported as a bug against TortoiseHg[1]. It was only pulled in on
Windows because of `dulwich`, which was copied from the old TortoiseHg install
scripts, in order to support `hg-git`.
This version of `dulwich` raises the minimum `urllib3` to a version (1.25) that
does certificate verification by default, without the help of `certifi`[2]. We
already bundle a newer version of `urllib3`. Note that `certifi` can still be
imported from the user site directory, if installed there. But the installer no
longer disables the system certificates by default.
[1] https://foss.heptapod.net/mercurial/tortoisehg/thg/-/issues/5825
[2] https://github.com/jelmer/dulwich/issues/1025
#!/bin/bash
set -eu
if [[ "$PHABRICATOR_TOKEN" == "NO-PHAB" ]]; then
echo 'Skipping Phabricator Step' >&2
exit 0
fi
revision_in_stack=`hg log \
--rev '.#stack and ::. and topic()' \
-T '\nONE-REV\n' \
| grep 'ONE-REV' | wc -l`
revision_on_phab=`hg log \
--rev '.#stack and ::. and topic() and desc("re:\nDifferential Revision: [^\n]+D\d+$")'\
-T '\nONE-REV\n' \
| grep 'ONE-REV' | wc -l`
if [[ $revision_in_stack -eq 0 ]]; then
echo "stack is empty" >&2
exit 0
fi
if [[ $revision_on_phab -eq 0 ]]; then
echo "no tracked diff in this stack" >&2
exit 0
fi
if [[ $revision_on_phab -lt $revision_in_stack ]]; then
echo "not all stack changesets (${revision_in_stack}) have matching Phabricator Diff (${revision_on_phab})" >&2
exit 2
fi
if [[ "$PHABRICATOR_TOKEN" == "" ]]; then
echo 'missing $PHABRICATOR_TOKEN variable' >&2
echo '(use PHABRICATOR_TOKEN="NO-PHAB" to disable this step)' >&2
exit 2
fi
hg \
--config extensions.phabricator= \
--config phabricator.url=https://phab.mercurial-scm.org/ \
--config phabricator.callsign=HG \
--config auth.phabricator.schemes=https \
--config auth.phabricator.prefix=phab.mercurial-scm.org \
--config auth.phabricator.phabtoken=$PHABRICATOR_TOKEN \
phabsend --rev '.#stack and ::. and topic()' \
"$@"