packaging: update dulwich to drop the certifi dependency on Windows
The presence of `certifi` causes the system certificate store to be ignored,
which was reported as a bug against TortoiseHg[1]. It was only pulled in on
Windows because of `dulwich`, which was copied from the old TortoiseHg install
scripts, in order to support `hg-git`.
This version of `dulwich` raises the minimum `urllib3` to a version (1.25) that
does certificate verification by default, without the help of `certifi`[2]. We
already bundle a newer version of `urllib3`. Note that `certifi` can still be
imported from the user site directory, if installed there. But the installer no
longer disables the system certificates by default.
[1] https://foss.heptapod.net/mercurial/tortoisehg/thg/-/issues/5825
[2] https://github.com/jelmer/dulwich/issues/1025
#if no-windows
For debugging: this is a pretty simple test that is a good candidate
for tracking down network-related bugs. Sometimes a command in this
hangs, so having showstack pre-loaded is sometimes helpful. This also
gives us a test that at least proves showstack can be loaded.
$ cat >> $HGRCPATH <<EOF
> [extensions]
> showstack = $TESTDIR/../contrib/showstack.py
> EOF
#endif
$ hg init test
$ cd test
$ echo a > a
$ hg ci -Ama
adding a
$ cd ..
$ hg clone test test2
updating to branch default
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
$ cd test2
$ echo a >> a
$ hg ci -mb
Cloning with a password in the URL should not save the password in .hg/hgrc:
$ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
$ cat hg.pid >> $DAEMON_PIDS
$ hg clone http://foo:xyzzy@localhost:$HGPORT/ test3
requesting all changes
adding changesets
adding manifests
adding file changes
added 2 changesets with 2 changes to 1 files
new changesets cb9a9f314b8b:ba677d0156c1
updating to branch default
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
$ cat test3/.hg/hgrc
# example repository config (see 'hg help config' for more info)
[paths]
default = http://foo@localhost:$HGPORT/
# path aliases to other clones of this repo in URLs or filesystem paths
# (see 'hg help config.paths' for more info)
#
# default:pushurl = ssh://jdoe@example.net/hg/jdoes-fork
# my-fork = ssh://jdoe@example.net/hg/jdoes-fork
# my-clone = /home/jdoe/jdoes-clone
[ui]
# name and email (local to this repository, optional), e.g.
# username = Jane Doe <jdoe@example.com>
$ killdaemons.py
expect error, cloning not allowed
$ echo '[web]' > .hg/hgrc
$ echo 'allowpull = false' >> .hg/hgrc
$ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
$ cat hg.pid >> $DAEMON_PIDS
$ hg clone http://localhost:$HGPORT/ test4 # bundle2+
abort: authorization failed
[255]
$ hg clone http://localhost:$HGPORT/ test4 --config devel.legacy.exchange=bundle1
abort: authorization failed
[255]
$ killdaemons.py
serve errors
$ cat errors.log
$ req() {
> hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
> cat hg.pid >> $DAEMON_PIDS
> hg --cwd ../test pull http://localhost:$HGPORT/
> killdaemons.py hg.pid
> echo % serve errors
> cat errors.log
> }
expect error, pulling not allowed
$ req
pulling from http://localhost:$HGPORT/
abort: authorization failed
% serve errors
$ cd ..