Page MenuHomePhabricator

Fix Mercurial unable to authenticate with HTTP when pulling
ClosedPublic

Authored by berenm on Sep 10 2015, 12:30 PM.
Referenced Files
F14413729: D14092.diff
Tue, Dec 24, 2:35 PM
Unknown Object (File)
Sun, Dec 22, 12:42 AM
Unknown Object (File)
Fri, Dec 20, 5:52 PM
Unknown Object (File)
Fri, Dec 20, 5:47 PM
Unknown Object (File)
Sun, Dec 8, 5:59 PM
Unknown Object (File)
Fri, Dec 6, 3:59 PM
Unknown Object (File)
Thu, Dec 5, 11:58 AM
Unknown Object (File)
Thu, Nov 28, 4:44 PM
Subscribers

Details

Summary

As described in T7959, it looks like Diffusion does not provide Mercurial the required HTTP credentials when pulling from an external repository.

Test Plan

Add an external Mercurial repository to Diffusion, that requires HTTP authentication. A private BitBucket repository for example.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

berenm retitled this revision from to Fix Mercurial unable to authenticate with HTTP when pulling .
berenm updated this object.
berenm edited the test plan for this revision. (Show Details)
berenm set the repository for this revision to rP Phabricator.
berenm added projects: Mercurial, Diffusion.
epriestley added a reviewer: epriestley.

When adding new usages like this we sometimes run afoul of them not existing in old versions of the software, but it seems likely that hg pull <source> has existed since the command was introduced. I can't find anything in the Mercurial changelog suggesting otherwise, at least.

This revision is now accepted and ready to land.Sep 10 2015, 12:34 PM
src/applications/repository/engine/PhabricatorRepositoryPullEngine.php
434

Oh, this should likely be pull -u -- %P. This is unlikely to matter in practice, but it is vaguely possible that someone could configure a remote URI like --insecure, causing us to run hg pull -u --insecure, which has a different meaning than intended. I'll just fix this in pulling the change.

This revision was automatically updated to reflect the committed changes.

From the Mercurial 1.0 sources, 7 years ago (https://selenic.com/hg/file/bae2e9c838e9/mercurial/commands.py):

pull changes from the specified source

Pull changes from a remote repository to a local one.

This finds all changes from the repository at the specified path
or URL and adds them to the local repository. By default, this
does not update the copy of the project in the working directory.

Valid URLs are of the form:

	local/filesystem/path (or file://local/filesystem/path)
	http://[user@]host[:port]/[path]
	https://[user@]host[:port]/[path]
	ssh://[user@]host[:port]/[path]
	static-http://host[:port]/[path]

Paths in the local filesystem can either point to Mercurial
repositories or to bundle files (as created by 'hg bundle' or
'hg incoming --bundle'). The static-http:// protocol, albeit slow,
allows access to a Mercurial repository where you simply use a web
server to publish the .hg directory as static content.

An optional identifier after # indicates a particular branch, tag,
or changeset to pull.

Some notes about using SSH with Mercurial:
- SSH requires an accessible shell account on the destination machine
  and a copy of hg in the remote path or specified with as remotecmd.
- path is relative to the remote user's home directory by default.
  Use an extra slash at the start of a path to specify an absolute path:
  ssh://example.com//tmp/repository
- Mercurial doesn't use its own compression via SSH; the right thing
  to do is to configure it in your ~/.ssh/config, e.g.:
    Host *.mylocalnetwork.example.com
      Compression no
    Host *
      Compression yes
  Alternatively specify "ssh -C" as your ssh command in your hgrc or
  with the --ssh command line option.

I think we're pretty safe regarding backward compatibility :)