hooks: prevent subrepositories universally on hg.mozilla.org (
bug 1414373); r?dustin
Subrepositories have had a bad record in terms of security. There are
no significant users of them on hg.mozilla.org.
Let's ban subrepos completely to reduce potential attack surface
area.
MozReview-Commit-ID: GuvMUzjTJHl
--- a/hghooks/mozhghooks/check/prevent_subrepos.py
+++ b/hghooks/mozhghooks/check/prevent_subrepos.py
@@ -15,27 +15,16 @@ SUBREPO_NOT_ALLOWED = """
Subrepositories are not allowed on this repository.
Please remove .hgsub and/or .hgsubstate files from the repository and try your
push again.
"""
-SUBREPO_WARNING = """
-{node} contains subrepositories.
-
-Subrepositories are an advanced Mercurial feature. Subrepositories are not
-allowed by default on non-user repositories. Attempting to push this changeset
-to a non-user repository on this server will result in rejection.
-
-Please consider not using subrepositories.
-"""
-
-
class PreventSubReposCheck(PreTxnChangegroupCheck):
"""Prevents sub-repos from being committed.
Sub-repos are a power user feature. They make it difficult to convert repos
to and from Git. We also tend to prefer vendoring into a repo instead of
creating a "symlink" to another repo.
This check prevents the introduction of sub-repos on incoming changesets
@@ -45,33 +34,27 @@ class PreventSubReposCheck(PreTxnChangeg
@property
def name(self):
return 'prevent_subrepos'
def relevant(self):
return True
def pre(self):
- self.fatal = not self.repo_metadata['user_repo']
self.done = False
def check(self, ctx):
# Since the check can be non-fatal and since it requires a manifest
# (which can be expensive to obtain), no-op if there is no work to do.
if self.done:
return True
if '.hgsub' not in ctx and '.hgsubstate' not in ctx:
return True
self.done = True
- if self.fatal:
- print_banner(self.ui, 'error', SUBREPO_NOT_ALLOWED.format(
- node=ctx.hex()[0:12]))
- return False
- else:
- print_banner(self.ui, 'warning', SUBREPO_WARNING.format(
- node=ctx.hex()[0:12]))
- return True
+ print_banner(self.ui, 'error', SUBREPO_NOT_ALLOWED.format(
+ node=ctx.hex()[0:12]))
+ return False
def post_check(self):
return True
--- a/hghooks/tests/test-prevent-subrepos.t
+++ b/hghooks/tests/test-prevent-subrepos.t
@@ -1,11 +1,11 @@
$ . $TESTDIR/hghooks/tests/common.sh
-We can create subrepos on user repos (but a warning is printed)
+We cannot create subrepos on user repos (but a warning is printed)
$ mkdir -p users/someuser
$ hg init users/someuser/repo
$ hg init users/someuser/repo/subrepo
$ configurehooks users/someuser/repo
$ hg -q clone users/someuser/repo client
$ cd client
@@ -37,26 +37,29 @@ We can create subrepos on user repos (bu
pushing subrepo mysubrepo to $TESTTMP/users/someuser/repo/subrepo
no changes found
searching for changes
adding changesets
adding manifests
adding file changes
added 1 changesets with 2 changes to 2 files
- ********************************** WARNING ***********************************
+ *********************************** ERROR ************************************
5e42dc5815d5 contains subrepositories.
- Subrepositories are an advanced Mercurial feature. Subrepositories are not
- allowed by default on non-user repositories. Attempting to push this changeset
- to a non-user repository on this server will result in rejection.
+ Subrepositories are not allowed on this repository.
- Please consider not using subrepositories.
+ Please remove .hgsub and/or .hgsubstate files from the repository and try your
+ push again.
******************************************************************************
+ transaction abort!
+ rollback completed
+ abort: pretxnchangegroup.mozhooks hook failed
+ [255]
$ cd ..
We cannot create subrepos on non-user repos
$ hg init server
$ configurehooks server
We need this to exist so sub-repo push works
$ hg init server/subrepo
