packaging: update dulwich to drop the certifi dependency on Windows
The presence of `certifi` causes the system certificate store to be ignored,
which was reported as a bug against TortoiseHg[1]. It was only pulled in on
Windows because of `dulwich`, which was copied from the old TortoiseHg install
scripts, in order to support `hg-git`.
This version of `dulwich` raises the minimum `urllib3` to a version (1.25) that
does certificate verification by default, without the help of `certifi`[2]. We
already bundle a newer version of `urllib3`. Note that `certifi` can still be
imported from the user site directory, if installed there. But the installer no
longer disables the system certificates by default.
[1] https://foss.heptapod.net/mercurial/tortoisehg/thg/-/issues/5825
[2] https://github.com/jelmer/dulwich/issues/1025
#require gpg
Test the GPG extension
$ cat <<EOF >> $HGRCPATH
> [extensions]
> gpg=
>
> [gpg]
> cmd=gpg --no-permission-warning --no-secmem-warning --no-auto-check-trustdb
> EOF
$ GNUPGHOME="$TESTTMP/gpg"; export GNUPGHOME
$ cp -R "$TESTDIR/gpg" "$GNUPGHOME"
Start gpg-agent, which is required by GnuPG v2
#if gpg21
$ gpg-connect-agent -q --subst /serverpid '/echo ${get serverpid}' /bye \
> >> $DAEMON_PIDS
#endif
and migrate secret keys
#if gpg2
$ gpg --no-permission-warning --no-secmem-warning --list-secret-keys \
> > /dev/null 2>&1
#endif
$ hg init r
$ cd r
$ echo foo > foo
$ hg ci -Amfoo
adding foo
$ hg sigs
$ HGEDITOR=cat hg sign -e 0
gpg: error retrieving key fingerprint from card: Invalid name (?)
signing 0:e63c23eaa88a
Added signature for changeset e63c23eaa88a
HG: Enter commit message. Lines beginning with 'HG:' are removed.
HG: Leave message empty to abort commit.
HG: --
HG: user: test
HG: branch 'default'
HG: added .hgsigs
$ hg sigs
hgtest 0:e63c23eaa88ae77967edcf4ea194d31167c478b0
$ hg sigcheck 0
e63c23eaa88a is signed by:
hgtest
$ cd ..