5589 – Uncompressed clones transfer secret commits

Bug 5589 - Uncompressed clones transfer secret commits

Summary: Uncompressed clones transfer secret commits

Status:	RESOLVED FIXED

Alias:	None

Product:	Mercurial
Classification:	Unclassified
Component:	Mercurial (show other bugs)
Version:	4.2.1
Hardware:	PC Windows

Importance:	normal bug
Assignee:	Bugzilla

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-06-07 14:15 UTC by Matt Harbison
Modified:	2017-07-04 00:00 UTC (History)
CC List:	4 users (show)

See Also:
Python Version:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matt Harbison 2017-06-07 14:15 UTC

$ hg init src && cd src
  $ touch file1.txt
  $ hg ci -Aqm start
  $ echo change > file1.txt
  $ hg ci -m secret --secret
  $ hg up -q .^
  $ echo change2 > file1.txt
  $ hg ci -m public
  created new head
  $ hg log -T "{rev}: {phase}\n" -G
  @  2: draft
  |
  | o  1: secret
  |/
  o  0: draft
  $ hg serve --config server.uncompressed=True --config server.preferuncompressed=True


  $ hg clone http://localhost:8000 dst
  streaming all changes
  3 files to transfer, 1.05 KB of data
  transferred 1.05 KB in 0.1 seconds (9.06 KB/sec)
  searching for changes
  no changes found
  updating to branch default
  1 files updated, 0 files merged, 0 files removed, 0 files unresolved

  $ hg log -T "{rev}: {phase}\n" -G -R dst
  @  2: public
  |
  | o  1: public
  |/
  o  0: public

Comment 1 Yuya Nishihara 2017-06-09 10:39 UTC

It appears this is quite old bug. Reproducible with 3.0. I stopped testing
there.

Comment 2 Gregory Szorc 2017-06-09 13:50 UTC

Just sent some patches to the list.

My guess is this has been a bug since stream clones or phases were introduced, whichever came first.

Comment 3 Matt Harbison 2017-06-09 23:41 UTC

(In reply to Gregory Szorc from comment #2)

Cool, thanks.

I hadn't considered this before, but do stream clones have similar potential interoperability issues that streaming clone bundles do?  My guess is yes.

I saw a warning about the latter in `hg help clonebundles`, but nothing about the former in `hg help config.server.uncompressed`.  Is that because the negotiation will fall back to a supported compression scheme if the client doesn't support the necessary requirements?

Comment 4 Gregory Szorc 2017-06-10 14:29 UTC

Stream clone bundles and streaming clones are basically the same thing.

If a client requests a streaming clone and the server's requirements aren't supported on the client, the client will fail back to a traditional clone. See streamclone.canperformstreamclone() and streamclone.maybeperformlegacystreamclone() and the code in exchange.py that calls the latter.

Comment 5 Pierre-Yves David 2017-06-11 09:29 UTC

Phase came after so this is buggy since phases exists.

There are some logic to prevent secret leak in other cases (I think local clone with hard link) we should be able to reuse this logic for stream clone.

Comment 6 Bugzilla 2017-06-26 00:00 UTC

Bug was set to IN_PROGRESS for 14 days, moving back to confirmed

Comment 7 Yuya Nishihara 2017-06-26 09:58 UTC

Dear bugzilla bot, this should be addressed by 33b7283a3828 and 23734c0e361f.

streamclone: consider secret changesets (BC) (issue5589)
debugcommands: issue warning when repo has secret changesets (issue5589)

Comment 8 Bugzilla 2017-07-04 00:00 UTC

Bug was set to TESTING for 7 days, resolving