Hi everyone, FWIW, I have no objection to this removal ! Signed-off-by: Stelian Pop Best, Stelian. Le 22/03/2024 à 08:31, Johannes Schindelin a écrit : > Hi Jeff, > > I Cc:ed Mat (who reported the issue) and Stelian (who added this script in > 2007 and whose email address hopefully still works). > > While I have no objection to dropping this script, I am reluctant to drop > it without leaving anything helpful in place. I am thinking about > something like a `README.md` that would contain helpful information for > any interested reader. I am not good writing such things, so I asked > Copilot, and it came up with this: > > The `hg-to-git` script, which was used to integrate Mercurial > repositories into Git, has been dropped due to lack of > maintenance. There have been many past endeavors to integrate > Mercurial repositories into Git, but not all of them have been > successful. For those who are interested in this topic, there is > still an active project called Cinnabar, which can be found on > GitHub. You can learn more about it by visiting the Cinnabar > repository at https://github.com/glandium/git-cinnabar. > > Ciao, > Johannes > > On Wed, 20 Mar 2024, Jeff King wrote: > >> The hg-to-git script is full of command injection vulnerabilities >> against malicious branch and tag names. It's also old and largely >> unmaintained; the last commit was over 4 years ago, and the last code >> change before that was from 2013. Users are better off with a modern >> remote-helper tool like cinnabar or remote-hg. >> >> So rather than spending time to fix it, let's just get rid of it. >> >> Reported-by: Matthew Rollings >> Signed-off-by: Jeff King >> --- >> This was reported to the security list in December. I suggested there >> that we should just get rid of it, but there was no follow-up. Until >> now. ;) Speak now if anybody wants to volunteer to fix the script >> instead. >> >> contrib/hg-to-git/hg-to-git.py | 254 -------------------------------- >> contrib/hg-to-git/hg-to-git.txt | 21 --- >> 2 files changed, 275 deletions(-) >> delete mode 100755 contrib/hg-to-git/hg-to-git.py >> delete mode 100644 contrib/hg-to-git/hg-to-git.txt >> >> diff --git a/contrib/hg-to-git/hg-to-git.py b/contrib/hg-to-git/hg-to-git.py >> deleted file mode 100755 >> index 7eb1b24cc7..0000000000 >> --- a/contrib/hg-to-git/hg-to-git.py >> +++ /dev/null >> @@ -1,254 +0,0 @@ >> -#!/usr/bin/env python >> - >> -""" hg-to-git.py - A Mercurial to GIT converter >> - >> - Copyright (C)2007 Stelian Pop >> - >> - This program is free software; you can redistribute it and/or modify >> - it under the terms of the GNU General Public License as published by >> - the Free Software Foundation; either version 2, or (at your option) >> - any later version. >> - >> - This program is distributed in the hope that it will be useful, >> - but WITHOUT ANY WARRANTY; without even the implied warranty of >> - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >> - GNU General Public License for more details. >> - >> - You should have received a copy of the GNU General Public License >> - along with this program; if not, see . >> -""" >> - >> -import os, os.path, sys >> -import tempfile, pickle, getopt >> -import re >> - >> -if sys.hexversion < 0x02030000: >> - # The behavior of the pickle module changed significantly in 2.3 >> - sys.stderr.write("hg-to-git.py: requires Python 2.3 or later.\n") >> - sys.exit(1) >> - >> -# Maps hg version -> git version >> -hgvers = {} >> -# List of children for each hg revision >> -hgchildren = {} >> -# List of parents for each hg revision >> -hgparents = {} >> -# Current branch for each hg revision >> -hgbranch = {} >> -# Number of new changesets converted from hg >> -hgnewcsets = 0 >> - >> -#------------------------------------------------------------------------------ >> - >> -def usage(): >> - >> - print("""\ >> -%s: [OPTIONS] >> - >> -options: >> - -s, --gitstate=FILE: name of the state to be saved/read >> - for incrementals >> - -n, --nrepack=INT: number of changesets that will trigger >> - a repack (default=0, -1 to deactivate) >> - -v, --verbose: be verbose >> - >> -required: >> - hgprj: name of the HG project to import (directory) >> -""" % sys.argv[0]) >> - >> -#------------------------------------------------------------------------------ >> - >> -def getgitenv(user, date): >> - env = '' >> - elems = re.compile('(.*?)\s+<(.*)>').match(user) >> - if elems: >> - env += 'export GIT_AUTHOR_NAME="%s" ;' % elems.group(1) >> - env += 'export GIT_COMMITTER_NAME="%s" ;' % elems.group(1) >> - env += 'export GIT_AUTHOR_EMAIL="%s" ;' % elems.group(2) >> - env += 'export GIT_COMMITTER_EMAIL="%s" ;' % elems.group(2) >> - else: >> - env += 'export GIT_AUTHOR_NAME="%s" ;' % user >> - env += 'export GIT_COMMITTER_NAME="%s" ;' % user >> - env += 'export GIT_AUTHOR_EMAIL= ;' >> - env += 'export GIT_COMMITTER_EMAIL= ;' >> - >> - env += 'export GIT_AUTHOR_DATE="%s" ;' % date >> - env += 'export GIT_COMMITTER_DATE="%s" ;' % date >> - return env >> - >> -#------------------------------------------------------------------------------ >> - >> -state = '' >> -opt_nrepack = 0 >> -verbose = False >> - >> -try: >> - opts, args = getopt.getopt(sys.argv[1:], 's:t:n:v', ['gitstate=', 'tempdir=', 'nrepack=', 'verbose']) >> - for o, a in opts: >> - if o in ('-s', '--gitstate'): >> - state = a >> - state = os.path.abspath(state) >> - if o in ('-n', '--nrepack'): >> - opt_nrepack = int(a) >> - if o in ('-v', '--verbose'): >> - verbose = True >> - if len(args) != 1: >> - raise Exception('params') >> -except: >> - usage() >> - sys.exit(1) >> - >> -hgprj = args[0] >> -os.chdir(hgprj) >> - >> -if state: >> - if os.path.exists(state): >> - if verbose: >> - print('State does exist, reading') >> - f = open(state, 'r') >> - hgvers = pickle.load(f) >> - else: >> - print('State does not exist, first run') >> - >> -sock = os.popen('hg tip --template "{rev}"') >> -tip = sock.read() >> -if sock.close(): >> - sys.exit(1) >> -if verbose: >> - print('tip is', tip) >> - >> -# Calculate the branches >> -if verbose: >> - print('analysing the branches...') >> -hgchildren["0"] = () >> -hgparents["0"] = (None, None) >> -hgbranch["0"] = "master" >> -for cset in range(1, int(tip) + 1): >> - hgchildren[str(cset)] = () >> - prnts = os.popen('hg log -r %d --template "{parents}"' % cset).read().strip().split(' ') >> - prnts = map(lambda x: x[:x.find(':')], prnts) >> - if prnts[0] != '': >> - parent = prnts[0].strip() >> - else: >> - parent = str(cset - 1) >> - hgchildren[parent] += ( str(cset), ) >> - if len(prnts) > 1: >> - mparent = prnts[1].strip() >> - hgchildren[mparent] += ( str(cset), ) >> - else: >> - mparent = None >> - >> - hgparents[str(cset)] = (parent, mparent) >> - >> - if mparent: >> - # For merge changesets, take either one, preferably the 'master' branch >> - if hgbranch[mparent] == 'master': >> - hgbranch[str(cset)] = 'master' >> - else: >> - hgbranch[str(cset)] = hgbranch[parent] >> - else: >> - # Normal changesets >> - # For first children, take the parent branch, for the others create a new branch >> - if hgchildren[parent][0] == str(cset): >> - hgbranch[str(cset)] = hgbranch[parent] >> - else: >> - hgbranch[str(cset)] = "branch-" + str(cset) >> - >> -if "0" not in hgvers: >> - print('creating repository') >> - os.system('git init') >> - >> -# loop through every hg changeset >> -for cset in range(int(tip) + 1): >> - >> - # incremental, already seen >> - if str(cset) in hgvers: >> - continue >> - hgnewcsets += 1 >> - >> - # get info >> - log_data = os.popen('hg log -r %d --template "{tags}\n{date|date}\n{author}\n"' % cset).readlines() >> - tag = log_data[0].strip() >> - date = log_data[1].strip() >> - user = log_data[2].strip() >> - parent = hgparents[str(cset)][0] >> - mparent = hgparents[str(cset)][1] >> - >> - #get comment >> - (fdcomment, filecomment) = tempfile.mkstemp() >> - csetcomment = os.popen('hg log -r %d --template "{desc}"' % cset).read().strip() >> - os.write(fdcomment, csetcomment) >> - os.close(fdcomment) >> - >> - print('-----------------------------------------') >> - print('cset:', cset) >> - print('branch:', hgbranch[str(cset)]) >> - print('user:', user) >> - print('date:', date) >> - print('comment:', csetcomment) >> - if parent: >> - print('parent:', parent) >> - if mparent: >> - print('mparent:', mparent) >> - if tag: >> - print('tag:', tag) >> - print('-----------------------------------------') >> - >> - # checkout the parent if necessary >> - if cset != 0: >> - if hgbranch[str(cset)] == "branch-" + str(cset): >> - print('creating new branch', hgbranch[str(cset)]) >> - os.system('git checkout -b %s %s' % (hgbranch[str(cset)], hgvers[parent])) >> - else: >> - print('checking out branch', hgbranch[str(cset)]) >> - os.system('git checkout %s' % hgbranch[str(cset)]) >> - >> - # merge >> - if mparent: >> - if hgbranch[parent] == hgbranch[str(cset)]: >> - otherbranch = hgbranch[mparent] >> - else: >> - otherbranch = hgbranch[parent] >> - print('merging', otherbranch, 'into', hgbranch[str(cset)]) >> - os.system(getgitenv(user, date) + 'git merge --no-commit -s ours "" %s %s' % (hgbranch[str(cset)], otherbranch)) >> - >> - # remove everything except .git and .hg directories >> - os.system('find . \( -path "./.hg" -o -path "./.git" \) -prune -o ! -name "." -print | xargs rm -rf') >> - >> - # repopulate with checkouted files >> - os.system('hg update -C %d' % cset) >> - >> - # add new files >> - os.system('git ls-files -x .hg --others | git update-index --add --stdin') >> - # delete removed files >> - os.system('git ls-files -x .hg --deleted | git update-index --remove --stdin') >> - >> - # commit >> - os.system(getgitenv(user, date) + 'git commit --allow-empty --allow-empty-message -a -F %s' % filecomment) >> - os.unlink(filecomment) >> - >> - # tag >> - if tag and tag != 'tip': >> - os.system(getgitenv(user, date) + 'git tag %s' % tag) >> - >> - # delete branch if not used anymore... >> - if mparent and len(hgchildren[str(cset)]): >> - print("Deleting unused branch:", otherbranch) >> - os.system('git branch -d %s' % otherbranch) >> - >> - # retrieve and record the version >> - vvv = os.popen('git show --quiet --pretty=format:%H').read() >> - print('record', cset, '->', vvv) >> - hgvers[str(cset)] = vvv >> - >> -if hgnewcsets >= opt_nrepack and opt_nrepack != -1: >> - os.system('git repack -a -d') >> - >> -# write the state for incrementals >> -if state: >> - if verbose: >> - print('Writing state') >> - f = open(state, 'w') >> - pickle.dump(hgvers, f) >> - >> -# vim: et ts=8 sw=4 sts=4 >> diff --git a/contrib/hg-to-git/hg-to-git.txt b/contrib/hg-to-git/hg-to-git.txt >> deleted file mode 100644 >> index 91f8fe6410..0000000000 >> --- a/contrib/hg-to-git/hg-to-git.txt >> +++ /dev/null >> @@ -1,21 +0,0 @@ >> -hg-to-git.py is able to convert a Mercurial repository into a git one, >> -and preserves the branches in the process (unlike tailor) >> - >> -hg-to-git.py can probably be greatly improved (it's a rather crude >> -combination of shell and python) but it does already work quite well for >> -me. Features: >> - - supports incremental conversion >> - (for keeping a git repo in sync with a hg one) >> - - supports hg branches >> - - converts hg tags >> - >> -Note that the git repository will be created 'in place' (at the same >> -location as the source hg repo). You will have to manually remove the >> -'.hg' directory after the conversion. >> - >> -Also note that the incremental conversion uses 'simple' hg changesets >> -identifiers (ordinals, as opposed to SHA-1 ids), and since these ids >> -are not stable across different repositories the hg-to-git.py state file >> -is forever tied to one hg repository. >> - >> -Stelian Pop >> -- >> 2.44.0.650.g4615f65fe0 >> >> -- Stelian Pop