From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
To: Jeff King <peff@peff.net>,
Matthew Rollings <admin@stealthcopter.com>,
Stelian Pop <stelian@popies.net>
Cc: git@vger.kernel.org
Subject: Re: [PATCH] contrib: drop hg-to-git script
Date: Fri, 22 Mar 2024 08:31:28 +0100 (CET) [thread overview]
Message-ID: <01de5e16-a4ee-47df-03e6-67f5f0d601a7@gmx.de> (raw)
In-Reply-To: <20240320094824.GA2445978@coredump.intra.peff.net>
Hi Jeff,
I Cc:ed Mat (who reported the issue) and Stelian (who added this script in
2007 and whose email address hopefully still works).
While I have no objection to dropping this script, I am reluctant to drop
it without leaving anything helpful in place. I am thinking about
something like a `README.md` that would contain helpful information for
any interested reader. I am not good writing such things, so I asked
Copilot, and it came up with this:
The `hg-to-git` script, which was used to integrate Mercurial
repositories into Git, has been dropped due to lack of
maintenance. There have been many past endeavors to integrate
Mercurial repositories into Git, but not all of them have been
successful. For those who are interested in this topic, there is
still an active project called Cinnabar, which can be found on
GitHub. You can learn more about it by visiting the Cinnabar
repository at https://github.com/glandium/git-cinnabar.
Ciao,
Johannes
On Wed, 20 Mar 2024, Jeff King wrote:
> The hg-to-git script is full of command injection vulnerabilities
> against malicious branch and tag names. It's also old and largely
> unmaintained; the last commit was over 4 years ago, and the last code
> change before that was from 2013. Users are better off with a modern
> remote-helper tool like cinnabar or remote-hg.
>
> So rather than spending time to fix it, let's just get rid of it.
>
> Reported-by: Matthew Rollings <admin@stealthcopter.com>
> Signed-off-by: Jeff King <peff@peff.net>
> ---
> This was reported to the security list in December. I suggested there
> that we should just get rid of it, but there was no follow-up. Until
> now. ;) Speak now if anybody wants to volunteer to fix the script
> instead.
>
> contrib/hg-to-git/hg-to-git.py | 254 --------------------------------
> contrib/hg-to-git/hg-to-git.txt | 21 ---
> 2 files changed, 275 deletions(-)
> delete mode 100755 contrib/hg-to-git/hg-to-git.py
> delete mode 100644 contrib/hg-to-git/hg-to-git.txt
>
> diff --git a/contrib/hg-to-git/hg-to-git.py b/contrib/hg-to-git/hg-to-git.py
> deleted file mode 100755
> index 7eb1b24cc7..0000000000
> --- a/contrib/hg-to-git/hg-to-git.py
> +++ /dev/null
> @@ -1,254 +0,0 @@
> -#!/usr/bin/env python
> -
> -""" hg-to-git.py - A Mercurial to GIT converter
> -
> - Copyright (C)2007 Stelian Pop <stelian@popies.net>
> -
> - This program is free software; you can redistribute it and/or modify
> - it under the terms of the GNU General Public License as published by
> - the Free Software Foundation; either version 2, or (at your option)
> - any later version.
> -
> - This program is distributed in the hope that it will be useful,
> - but WITHOUT ANY WARRANTY; without even the implied warranty of
> - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - GNU General Public License for more details.
> -
> - You should have received a copy of the GNU General Public License
> - along with this program; if not, see <http://www.gnu.org/licenses/>.
> -"""
> -
> -import os, os.path, sys
> -import tempfile, pickle, getopt
> -import re
> -
> -if sys.hexversion < 0x02030000:
> - # The behavior of the pickle module changed significantly in 2.3
> - sys.stderr.write("hg-to-git.py: requires Python 2.3 or later.\n")
> - sys.exit(1)
> -
> -# Maps hg version -> git version
> -hgvers = {}
> -# List of children for each hg revision
> -hgchildren = {}
> -# List of parents for each hg revision
> -hgparents = {}
> -# Current branch for each hg revision
> -hgbranch = {}
> -# Number of new changesets converted from hg
> -hgnewcsets = 0
> -
> -#------------------------------------------------------------------------------
> -
> -def usage():
> -
> - print("""\
> -%s: [OPTIONS] <hgprj>
> -
> -options:
> - -s, --gitstate=FILE: name of the state to be saved/read
> - for incrementals
> - -n, --nrepack=INT: number of changesets that will trigger
> - a repack (default=0, -1 to deactivate)
> - -v, --verbose: be verbose
> -
> -required:
> - hgprj: name of the HG project to import (directory)
> -""" % sys.argv[0])
> -
> -#------------------------------------------------------------------------------
> -
> -def getgitenv(user, date):
> - env = ''
> - elems = re.compile('(.*?)\s+<(.*)>').match(user)
> - if elems:
> - env += 'export GIT_AUTHOR_NAME="%s" ;' % elems.group(1)
> - env += 'export GIT_COMMITTER_NAME="%s" ;' % elems.group(1)
> - env += 'export GIT_AUTHOR_EMAIL="%s" ;' % elems.group(2)
> - env += 'export GIT_COMMITTER_EMAIL="%s" ;' % elems.group(2)
> - else:
> - env += 'export GIT_AUTHOR_NAME="%s" ;' % user
> - env += 'export GIT_COMMITTER_NAME="%s" ;' % user
> - env += 'export GIT_AUTHOR_EMAIL= ;'
> - env += 'export GIT_COMMITTER_EMAIL= ;'
> -
> - env += 'export GIT_AUTHOR_DATE="%s" ;' % date
> - env += 'export GIT_COMMITTER_DATE="%s" ;' % date
> - return env
> -
> -#------------------------------------------------------------------------------
> -
> -state = ''
> -opt_nrepack = 0
> -verbose = False
> -
> -try:
> - opts, args = getopt.getopt(sys.argv[1:], 's:t:n:v', ['gitstate=', 'tempdir=', 'nrepack=', 'verbose'])
> - for o, a in opts:
> - if o in ('-s', '--gitstate'):
> - state = a
> - state = os.path.abspath(state)
> - if o in ('-n', '--nrepack'):
> - opt_nrepack = int(a)
> - if o in ('-v', '--verbose'):
> - verbose = True
> - if len(args) != 1:
> - raise Exception('params')
> -except:
> - usage()
> - sys.exit(1)
> -
> -hgprj = args[0]
> -os.chdir(hgprj)
> -
> -if state:
> - if os.path.exists(state):
> - if verbose:
> - print('State does exist, reading')
> - f = open(state, 'r')
> - hgvers = pickle.load(f)
> - else:
> - print('State does not exist, first run')
> -
> -sock = os.popen('hg tip --template "{rev}"')
> -tip = sock.read()
> -if sock.close():
> - sys.exit(1)
> -if verbose:
> - print('tip is', tip)
> -
> -# Calculate the branches
> -if verbose:
> - print('analysing the branches...')
> -hgchildren["0"] = ()
> -hgparents["0"] = (None, None)
> -hgbranch["0"] = "master"
> -for cset in range(1, int(tip) + 1):
> - hgchildren[str(cset)] = ()
> - prnts = os.popen('hg log -r %d --template "{parents}"' % cset).read().strip().split(' ')
> - prnts = map(lambda x: x[:x.find(':')], prnts)
> - if prnts[0] != '':
> - parent = prnts[0].strip()
> - else:
> - parent = str(cset - 1)
> - hgchildren[parent] += ( str(cset), )
> - if len(prnts) > 1:
> - mparent = prnts[1].strip()
> - hgchildren[mparent] += ( str(cset), )
> - else:
> - mparent = None
> -
> - hgparents[str(cset)] = (parent, mparent)
> -
> - if mparent:
> - # For merge changesets, take either one, preferably the 'master' branch
> - if hgbranch[mparent] == 'master':
> - hgbranch[str(cset)] = 'master'
> - else:
> - hgbranch[str(cset)] = hgbranch[parent]
> - else:
> - # Normal changesets
> - # For first children, take the parent branch, for the others create a new branch
> - if hgchildren[parent][0] == str(cset):
> - hgbranch[str(cset)] = hgbranch[parent]
> - else:
> - hgbranch[str(cset)] = "branch-" + str(cset)
> -
> -if "0" not in hgvers:
> - print('creating repository')
> - os.system('git init')
> -
> -# loop through every hg changeset
> -for cset in range(int(tip) + 1):
> -
> - # incremental, already seen
> - if str(cset) in hgvers:
> - continue
> - hgnewcsets += 1
> -
> - # get info
> - log_data = os.popen('hg log -r %d --template "{tags}\n{date|date}\n{author}\n"' % cset).readlines()
> - tag = log_data[0].strip()
> - date = log_data[1].strip()
> - user = log_data[2].strip()
> - parent = hgparents[str(cset)][0]
> - mparent = hgparents[str(cset)][1]
> -
> - #get comment
> - (fdcomment, filecomment) = tempfile.mkstemp()
> - csetcomment = os.popen('hg log -r %d --template "{desc}"' % cset).read().strip()
> - os.write(fdcomment, csetcomment)
> - os.close(fdcomment)
> -
> - print('-----------------------------------------')
> - print('cset:', cset)
> - print('branch:', hgbranch[str(cset)])
> - print('user:', user)
> - print('date:', date)
> - print('comment:', csetcomment)
> - if parent:
> - print('parent:', parent)
> - if mparent:
> - print('mparent:', mparent)
> - if tag:
> - print('tag:', tag)
> - print('-----------------------------------------')
> -
> - # checkout the parent if necessary
> - if cset != 0:
> - if hgbranch[str(cset)] == "branch-" + str(cset):
> - print('creating new branch', hgbranch[str(cset)])
> - os.system('git checkout -b %s %s' % (hgbranch[str(cset)], hgvers[parent]))
> - else:
> - print('checking out branch', hgbranch[str(cset)])
> - os.system('git checkout %s' % hgbranch[str(cset)])
> -
> - # merge
> - if mparent:
> - if hgbranch[parent] == hgbranch[str(cset)]:
> - otherbranch = hgbranch[mparent]
> - else:
> - otherbranch = hgbranch[parent]
> - print('merging', otherbranch, 'into', hgbranch[str(cset)])
> - os.system(getgitenv(user, date) + 'git merge --no-commit -s ours "" %s %s' % (hgbranch[str(cset)], otherbranch))
> -
> - # remove everything except .git and .hg directories
> - os.system('find . \( -path "./.hg" -o -path "./.git" \) -prune -o ! -name "." -print | xargs rm -rf')
> -
> - # repopulate with checkouted files
> - os.system('hg update -C %d' % cset)
> -
> - # add new files
> - os.system('git ls-files -x .hg --others | git update-index --add --stdin')
> - # delete removed files
> - os.system('git ls-files -x .hg --deleted | git update-index --remove --stdin')
> -
> - # commit
> - os.system(getgitenv(user, date) + 'git commit --allow-empty --allow-empty-message -a -F %s' % filecomment)
> - os.unlink(filecomment)
> -
> - # tag
> - if tag and tag != 'tip':
> - os.system(getgitenv(user, date) + 'git tag %s' % tag)
> -
> - # delete branch if not used anymore...
> - if mparent and len(hgchildren[str(cset)]):
> - print("Deleting unused branch:", otherbranch)
> - os.system('git branch -d %s' % otherbranch)
> -
> - # retrieve and record the version
> - vvv = os.popen('git show --quiet --pretty=format:%H').read()
> - print('record', cset, '->', vvv)
> - hgvers[str(cset)] = vvv
> -
> -if hgnewcsets >= opt_nrepack and opt_nrepack != -1:
> - os.system('git repack -a -d')
> -
> -# write the state for incrementals
> -if state:
> - if verbose:
> - print('Writing state')
> - f = open(state, 'w')
> - pickle.dump(hgvers, f)
> -
> -# vim: et ts=8 sw=4 sts=4
> diff --git a/contrib/hg-to-git/hg-to-git.txt b/contrib/hg-to-git/hg-to-git.txt
> deleted file mode 100644
> index 91f8fe6410..0000000000
> --- a/contrib/hg-to-git/hg-to-git.txt
> +++ /dev/null
> @@ -1,21 +0,0 @@
> -hg-to-git.py is able to convert a Mercurial repository into a git one,
> -and preserves the branches in the process (unlike tailor)
> -
> -hg-to-git.py can probably be greatly improved (it's a rather crude
> -combination of shell and python) but it does already work quite well for
> -me. Features:
> - - supports incremental conversion
> - (for keeping a git repo in sync with a hg one)
> - - supports hg branches
> - - converts hg tags
> -
> -Note that the git repository will be created 'in place' (at the same
> -location as the source hg repo). You will have to manually remove the
> -'.hg' directory after the conversion.
> -
> -Also note that the incremental conversion uses 'simple' hg changesets
> -identifiers (ordinals, as opposed to SHA-1 ids), and since these ids
> -are not stable across different repositories the hg-to-git.py state file
> -is forever tied to one hg repository.
> -
> -Stelian Pop <stelian@popies.net>
> --
> 2.44.0.650.g4615f65fe0
>
>
next prev parent reply other threads:[~2024-03-22 7:32 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-20 9:48 [PATCH] contrib: drop hg-to-git script Jeff King
2024-03-20 14:39 ` Junio C Hamano
2024-03-22 7:31 ` Johannes Schindelin [this message]
2024-03-22 8:36 ` Stelian Pop
2024-03-22 16:48 ` Junio C Hamano
2024-03-22 15:58 ` Junio C Hamano
2024-03-22 23:43 ` Jeff King
2024-03-23 18:49 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=01de5e16-a4ee-47df-03e6-67f5f0d601a7@gmx.de \
--to=johannes.schindelin@gmx.de \
--cc=admin@stealthcopter.com \
--cc=git@vger.kernel.org \
--cc=peff@peff.net \
--cc=stelian@popies.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).