Archive for January, 2016

Long overdue, I finally enabled TLS on this blog. It went almost like a breeze.

I used simp_le to get the certificate from Let's Encrypt, along Mozilla's Web Server Configuration generator. SSL Labs now reports a rating of A+.

I just had a few issues:

• I had some hard-coded http:// links in my wordpress theme, that needed changes,
• Since my wordpress instance is reverse-proxied and the real server not behind HTTPS, I had to adjust the wordpress configuration so that it doesn't do an infinite redirect loop,
• Nginx's config for multiple virtualhosts needs SSL configuration to be repeated. Fortunately, one can use include statements,
• Contrary to the suggested configuration, setting ssl_session_tickets off; makes browsers unhappy (at least, it made my Firefox unhappy, with a SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET error message).

I'm glad that there are tools helping to get a proper configuration of SSL. It is sad, though, that the defaults are not better and that we still need to tweak at all. Setting where the certificate and the private key files are should, in 2016, be the only thing to do to have a secure web server.

This is a brown paper bag release. It turns out I managed to break the upgrade
path only 10 commits before the release.

What's new since 0.3.0?

• git cinnabar fsck doesn't fail to upgrade metadata.
• The remote.$remote.cinnabar-draft config works again.
• Don't fail to clone an empty repository.
• Allow to specify mercurial configuration items in a .git/hgrc file.

Git-cinnabar is a git remote helper to interact with mercurial repositories. It allows to clone, pull and push from/to mercurial remote repositories, using git.

Get it on github.

These release notes are also available on the git-cinnabar wiki.

Development had been stalled for a few months, with many improvements in the next branch without any new release. I used some time during the new year break and after in order to straighten things up in order to create a new release, delaying many of the originally planned changes to a future 0.4.0 release.

What's new since 0.2.2?

• Speed and memory usage were improved when doing git push.
• Now works on Windows, at least to some extent. See details.
• Support for pre-0.1.0 git-cinnabar repositories was removed. You must first
  use a git-cinnabar version between 0.1.0 and 0.2.2 to upgrade its metadata.
• It is now possible to attach/graft git-cinnabar metadata to existing commits
  matching mercurial changesets. This allows to migrate from some other
  hg-to-git tool to git-cinnabar while preserving the existing git commits.
  See an example of how this works with the git clone of the Gecko mercurial
  repository
• Avoid mercurial printing its progress bar, messing up with git-cinnabar's
  output.
• It is now possible to fetch from an incremental mercurial bundle (without
  a root changeset).
• It is now possible to push to a new mercurial repository without -f.
• By default, reject pushing a new root to a mercurial repository.
• Make the connection to a mercurial repository through ssh respect the
  GIT_SSH and GIT_SSH_COMMAND environment variables.
• git cinnabar now has a proper argument parser for all its subcommands.
• A new git cinnabar python command allows to run python scripts or open a python shell with the right sys.path to import the cinnabar module.
• All git-cinnabar metadata is now kept under a single ref (although for
  convenience, other refs are created, but they can be derived if necessary).
• Consequently, a new git cinnabar rollback command allows to roll back to
  previous metadata states.
• git-cinnabar metadata now tracks the manifests DAG.
• A new git cinnabar bundle command allows to create mercurial bundles,
  mostly for debugging purposes, without requiring to hit a mercurial server.
• Updated git to 2.7.0 for the native helper.

Development process changes

Up to before this release closing in, the master branch was dedicated to
releases, and development was happening on the next branch, until a new
release happens.

From now on, the release branch will take dot-release fixes and new
releases, while the master branch will receive all changes that are
validated through testing (currently semi-automatically tested with
out-of-tree tests based on four real-life mercurial repositories, with
some automated CI based on in-tree tests used in the future).

The next branch will receive changes to be tested in CI when things
will be hooked up, and may have rewritten history as a consequence of
wanting passing tests on every commit on master.