Mercurial Over Https

My guide on making Mercurial server left us with http as a protocol of choice. This might be ok in local network but https would be more comfortable choice. This post starts with already running Mercurial server on Ubuntu.

Apache does come with https module which has to be enabled:

sudo a2enmod ssl
 Enabling module ssl.
 See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
 Run '/etc/init.d/apache2 restart' to activate new configuration!

Before restarting Apache we need to create few things (key, certificate signing request, certificate) and easiest way is to create it ourself (write whatever you want for organization details):

openssl genrsa -out https.key 1024
 Generating RSA private key, 1024 bit long modulus
 ..........++++++
 ......++++++
 e is 65537 (0x10001)

openssl req -new -key https.key -out https.csr
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.
 -----
 Country Name (2 letter code) [AU]:
 State or Province Name (full name) [Some-State]:
 Locality Name (eg, city) []:
 Organization Name (eg, company) [Internet Widgits Pty Ltd]:
 Organizational Unit Name (eg, section) []:
 Common Name (eg, YOUR name) []:
 Email Address []:

 Please enter the following 'extra' attributes
 to be sent with your certificate request
 A challenge password []:
 An optional company name []:

openssl x509 -req -days 36500 -in https.csr -signkey https.key -out https.crt
 Signature ok
 subject=...
 Getting Private key

Once keys are created we must enter following lines in “/etc/apache2/sites-available/hg” (I left other stuff for clarity):

NameVirtualHost *
<VirtualHost *>
    ServerAdmin webmaster@localhost
    DocumentRoot /srv/hg/cgi-bin
    <Directory "/srv/hg/cgi-bin/">
        SetHandler cgi-script
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>
    ErrorLog /var/log/apache2/hg.log
    <Location />
        AuthType Basic
        AuthName "Mercurial"
        AuthUserFile  /srv/hg/.htpasswd
        Require valid-user
    </Location>
    RewriteEngine on
    RewriteRule (.*) /srv/hg/cgi-bin/hgweb.cgi/$1
    SSLEngine on
    SSLOptions +StrictRequire
    SSLCertificateFile /srv/hg/https.crt
    SSLCertificateKeyFile /srv/hg/https.key
</VirtualHost>

With this we are ready for restart:

/etc/init.d/apache2 restart
 * Restarting web server apache2
     [warn] NameVirtualHost *:80 has no VirtualHosts
 ... waiting [warn] NameVirtualHost *:80 has no VirtualHosts

After these changes Mercurial is listening ONLY on https. Since we made self-signed certificate, browser will complain about verification, but that is quite normal.

P.S. To use both http and https, read some more.

Childproofing and Live Wires

Illustration

Neon screwdriver is one piece of equipment that I always have somewhere in my house. It is great tool to check power sockets - put it in one hole, then another, if it lights there is some power. But that is not all. It can also double as a screwdriver! :)

Another thing I always have at home are my children. They are reason why all my power sockets these days have childproofing inserts. Since my home uses schuko sockets, insert is just piece of plastic that prevents inserting items in single hole. Only when both holes are touched simultaneously insert rotates a bit and allows for insertion of plug. That enables me to have protection for my kids and to insert plug without any tools or effort. Unfortunately this also means that I cannot easily use my neon screwdriver.

However, if you have two neon screwdrivers, things change dramatically. It is easy to synchronously insert both screwdrivers through holes and thus get reading. If socket is live, both of them will light up. Live one will light because your body is making connection (oven neon screwdriver) with live wire and neutral one will light up since your body is transferring little bit of current from live wire. If you have two identical neon screwdrivers you can see that neutral one is little bit dimmer.

However, you can just as easily remove one from socket in order to test other one. Remember that once screwdriver is in hole, protection will not close. As protection is open, continue tests as you usually would. Once both neon screwdrivers are out of hole child protection will close automatically.

P.S. Be very, very careful when dealing with live wires. Do not trust neon screwdriver. Test both of them on live socket first in order to see whether bulb still works.

From SVN to Mercurial

Moving from SVN to Mercurial is obvious if you don’t want history. Folder copy/paste action is more than enough. If we want to get whole history, that is where things get more involved. This guide is written with assumption of Ubuntu installation of Mercurial. If you are using something other, do adjust a little (yes, it also works on Windows).

First thing that we need is “python-subversion” package installed. For some reason I could not find this through Ubuntu Software Center. It worked from Synaptic Package Manager without issues. Afterward we need to enable Mercurial’s convert extension. Just edit “/home/josip/.hgrc” (do change folder if your name is not Josip) and add these lines to it:

[extensions]
hgext.convert=

Last thing to do is actual conversion:

mkdir TestRepo

hg convert svn://192.168.0.3/TestRepo TestRepo
 initializing destination TestRepo repository
 scanning source...
 sorting...
 converting...
 32 
 31
 ...
 1 
 0

cd TestRepo

hg update
 49 files updated, 0 files merged, 0 files removed, 0 files unresolved

Your Mercurial repository awaits. :)

P.S. If folder with Mercurial repository is empty, you probably forgot to do “hg update”.

How Hard Can It Be to Create ListView

Illustration

In WPF data binding is fairly consistent, I would even dare to say best that I ever saw. It is easy to do fairly complex things at some cost to way how simpler things are done. Internet is full of examples how to do simple WPF data binding but it surprisingly lacks examples for doing background updates. I tried here to make simplest example that will work with dynamic updates.

Everything revolves around ObservableCollection. In my example this class is inherited within ItemViewCollection class and all “filling” should be done to Items property. I opted to do so with hard-coded data but you can imagine it being done with data from database or any other source.

...
this.Items.Clear();
this.Items.Add(new ItemViewData("Primary weapons", 1000));
this.Items.Add(new ItemViewData("Secondary weapons", 1000));
this.Items.Add(new ItemViewData("Shields", 1000));
this.Items.Add(new ItemViewData("Torpedos", 1000));
this.Items.Add(new ItemViewData("Item " + DateTime.Now.ToLongTimeString(), 1000));
this.OnCollectionChanged(new NotifyCollectionChangedEventArgs(NotifyCollectionChangedAction.Reset));
...

Once data is shown, it will not be refreshed unless OnCollectionChanged method gets called. Only then update will propagate around. Above we can see how whole collection should be refreshed once Items get cleared and filled again. If you see that ListView does not respond to your changes (e.g. you added some items) there is chance you forgot to call it.

Data itself is stored within ItemViewData class. That class implements INotifyPropertyChanged interface and thus it enables update notifications for selected properties (e.g. Energy and ImageIndex). You could update all properties but updating only those that you actually changed will improve performance. Again, if you changed property and your ListView does not reflect it, you forgot to do notification.

public void SetEnergy(decimal newEnergy) {
    if (newEnergy < this.Energy) {
        this.ImageIndex = 1; //down
    } else if (newEnergy > this.Energy) {
        this.ImageIndex = 2; //up
    } else {
        this.ImageIndex = 0; //same
    }
    this.Energy = newEnergy;
    this.OnPropertyChanged(new PropertyChangedEventArgs("Energy"));
    this.OnPropertyChanged(new PropertyChangedEventArgs("ImageIndex"));
}

Code that handles data binding is in following (abreviated) XAML:

...
    <Window.Resources>
        <ObjectDataProvider x:Key="parts" ObjectType="{x:Type local:ItemViewCollection}" MethodName="GetInstance" />
    </Window.Resources>

    <ListView Name="List" ItemsSource="{Binding}" DataContext="{Binding Source={StaticResource parts}}">
    ...
    </ListView>
...

What really happens here?

ListView uses binding to “parts” data provider in order to call GetInstance method within item collection (ItemViewCollection). Whatever this method returns get’s treated as rows for ListView control. Our code is responsible for putting right stuff inside (in FillItems method) and for doing it in correct thread (thus Invoke code there). This is all there is to it.

To make things more interesting I added small method (BackUpdate within App.xaml.cs) that updates some values every two seconds (INotifyPropertyChanged.OnPropertyChanged gets triggered here) and every 20 seconds everything gets reloaded from start (thus need for ObservableCollection.OnCollectionChanged).

It might seem complicated when you look at it for first time but once you see full example code these code fragments should make some sense. :)

Nicer Mercurial URL

I already went through motions of installing Mercurial server on Ubuntu. However, that left us with nasty looking URL with hgweb.cgi in it (e.g. http://192.168.0.2/hgweb.cgi/TestRepo). Can we make it nicer?

We need to edit “/etc/apache2/sites-available/hg” in order to add two highlighted lines (I kept all other lines for clarity):

NameVirtualHost *
<VirtualHost *>
    ServerAdmin webmaster@localhost
    DocumentRoot /srv/hg/cgi-bin
    <Directory "/srv/hg/cgi-bin/">
        SetHandler cgi-script
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>
    ErrorLog /var/log/apache2/hg.log
    <Location />
        AuthType Basic
        AuthName "Mercurial"
        AuthUserFile  /srv/hg/.htpasswd
        Require valid-user
    </Location>
    RewriteEngine on
    RewriteRule (.*) /srv/hg/cgi-bin/hgweb.cgi/$1
</VirtualHost>

Next thing to do is enabling Apache’s mod_rewrite module and restarting apache:

sudo a2enmod rewrite
 Enabling module rewrite.
 Run '/etc/init.d/apache2 restart' to activate new configuration!

sudo /etc/init.d/apache2 restart
  * Restarting web server apache2                                                                                                                              apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.0.2 for ServerName
 [Tue Feb 01 09:42:15 2011] [warn] NameVirtualHost *:80 has no VirtualHosts
  ... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.0.2 for ServerName
 [Tue Feb 01 09:42:16 2011] [warn] NameVirtualHost *:80 has no VirtualHosts

If everything went fine you should be access your repositories without hgweb.cgi, e.g. http://192.168.0.2/TestRepo/. Not a big change but it does look much better.