packaging: update dulwich to drop the certifi dependency on Windows
The presence of `certifi` causes the system certificate store to be ignored,
which was reported as a bug against TortoiseHg[1]. It was only pulled in on
Windows because of `dulwich`, which was copied from the old TortoiseHg install
scripts, in order to support `hg-git`.
This version of `dulwich` raises the minimum `urllib3` to a version (1.25) that
does certificate verification by default, without the help of `certifi`[2]. We
already bundle a newer version of `urllib3`. Note that `certifi` can still be
imported from the user site directory, if installed there. But the installer no
longer disables the system certificates by default.
[1] https://foss.heptapod.net/mercurial/tortoisehg/thg/-/issues/5825
[2] https://github.com/jelmer/dulwich/issues/1025
Checking how hg behaves when one side of a pull/push doesn't support
some capability (because it's running an older hg version, usually).
$ hg init repo1
$ cd repo1
$ echo a > a; hg add -q a; hg commit -q -m a
$ hg bookmark a
$ hg clone -q . ../repo2
$ cd ../repo2
$ touch $TESTTMP/disable-lookup.py
$ disable_cap() {
> rm -f $TESTTMP/disable-lookup.pyc # pyc caching is buggy
> cat <<EOF > $TESTTMP/disable-lookup.py
> from mercurial import extensions, wireprotov1server
> def wcapabilities(orig, *args, **kwargs):
> cap = orig(*args, **kwargs)
> cap.remove(b'$1')
> return cap
> extensions.wrapfunction(wireprotov1server, '_capabilities', wcapabilities)
> EOF
> }
$ cat >> ../repo1/.hg/hgrc <<EOF
> [extensions]
> disable-lookup = $TESTTMP/disable-lookup.py
> EOF
$ hg pull ssh://user@dummy/repo1 -r tip -B a
pulling from ssh://user@dummy/repo1
no changes found
$ disable_cap lookup
$ hg pull ssh://user@dummy/repo1 -r tip -B a
pulling from ssh://user@dummy/repo1
abort: other repository doesn't support revision lookup, so a rev cannot be specified.
[255]
$ disable_cap pushkey
$ hg pull ssh://user@dummy/repo1 -r tip -B a
pulling from ssh://user@dummy/repo1
abort: remote bookmark a not found!
[10]