From owner-freebsd-python@FreeBSD.ORG Sat Sep 1 18:12:54 2012 Return-Path: Delivered-To: python@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3EF35106566B for ; Sat, 1 Sep 2012 18:12:54 +0000 (UTC) (envelope-from alexander.kapshuk@gmail.com) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com [209.85.217.182]) by mx1.freebsd.org (Postfix) with ESMTP id A8BC28FC14 for ; Sat, 1 Sep 2012 18:12:53 +0000 (UTC) Received: by lbbgg13 with SMTP id gg13so2212797lbb.13 for ; Sat, 01 Sep 2012 11:12:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=Ibyk6rBO21XHwYzvStKqJ2ITbY5/sKEB4F4hz+piqrw=; b=kAU38bKmavqTNKvFm4qvFhveGXsXJdtFrUV7f/Bo346AHYfctt7AiBFVUZ8XsFNzKo 3Ys8GI/XfAZBgVtIdjlAAhhVd2oZ3WD+TW4bvX5LbmHPPo3+KhI/wkM9cSuvPj1u+cXL MbujF536jLWHbmMrxne/7m9ohrsYwLapOSeEnIx+8up1w5Wc0O62VjSjV/Q5EDR2KaHM mslmU3al7BEDJGc+Ygm9UCEdzZWP5jHc3gCiWBuEkcYWsngt9lI8a78pbyR6QcmDRDkf kx94PSiHVMDj4Z9pL+qCct3DYFtVBkm/UQfNySKoj98mhCxPA2JivmJCn1dWiI75wsuq js2g== Received: by 10.152.113.68 with SMTP id iw4mr9717961lab.50.1346523171965; Sat, 01 Sep 2012 11:12:51 -0700 (PDT) Received: from [192.168.1.4] (93-127-96-97.static.vega-ua.net. [93.127.96.97]) by mx.google.com with ESMTPS id lr17sm8251426lab.12.2012.09.01.11.12.50 (version=SSLv3 cipher=OTHER); Sat, 01 Sep 2012 11:12:51 -0700 (PDT) Message-ID: <50425021.2070200@gmail.com> Date: Sat, 01 Sep 2012 21:12:49 +0300 From: Alexander Kapshuk User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:15.0) Gecko/20120831 Thunderbird/15.0 MIME-Version: 1.0 To: Ruslan Mahmatkhanov References: <50312651.7020202@gmail.com> <503E66B5.2020809@yandex.ru> <503E7CF0.3040802@gmail.com> <503FBB43.2050507@yandex.ru> In-Reply-To: <503FBB43.2050507@yandex.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: python@FreeBSD.org Subject: Re: Mercurial CA Certificates X-BeenThere: freebsd-python@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: FreeBSD-specific Python issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Sep 2012 18:12:54 -0000 On 08/30/12 22:13, Ruslan Mahmatkhanov wrote: > Alexander Kapshuk wrote on 30.08.2012 00:34: >> On 08/29/12 22:00, Ruslan Mahmatkhanov wrote: >>> Hi, >>> >>> Alexander Kapshuk wrote on 19.08.2012 21:45: >>>> How do I add an CA Certificate for Mercurial on FreeBSD please? >>>> >>>> :; uname -a >>>> FreeBSD box2 9.0-RELEASE-p4 FreeBSD 9.0-RELEASE-p4 #0: Fri Aug 17 >>>> 21:53:39 EEST 2012 root@box2:/usr/obj/usr/src/sys/GENERIC i386 >>>> >>>> :; pkg_info -xc mercurial | sed 1q >>>> Information for mercurial-2.3: >>>> >>>> Thanks. >>> >>> As far I understand, FreeBSD doesn't come prepackaged with root CA >>> certificates like other systems do (it's not 146%, but seems so). So, >>> I'd follow recommendation from [1] in part "2.7. Other platforms". >>> >>> - download CA list from [2] >>> - put this lines into your ~/.hgrc: >>> >>> [web] >>> cacerts = /place/where/you/put/cacert.pem >>> >>> Hope this helps. >>> >>> [1] http://mercurial.selenic.com/wiki/CACertificates >>> [2] http://curl.haxx.se/docs/caextract.html >>> >> OK. Thanks. I'll give that a try. > > Just realized that there is security/ca_root_nss that installs the > certs into /usr/local/share/certs and the port itself asks if you want > to create symlink to it in /etc/ssl/cert.pem. You may add any of them > into your ~/.hgrc. Please let me know if it works for you, and if it > is, it should be added into mercurial's wiki, and maybe to our > mercurial port as pkg-message or so. > Hello Ruslan, What I didn't realise what that I'd already had the security/ca_root_nss port installed on my system. So, I did as you had suggested, I created this symlink, /etc/ssl/cert.pem, to /usr/local/share/certs/ca-root-nss.crt. Then I put the definition for cacerts in my $HOME/.hgrc: [web] cacerts = /etc/ssl/cert.pem ---------- And ran this command line: hg clone -u release https://code.google.com/p/go ---------- Which ended up spitting out this error output: :; hg clone -u release https://code.google.com/p/go warning: code.google.com certificate with fingerprint 25:a7:a0:0b:85:b1:25:d4:eb:be:05:e0:8b:72:47:9e:c3:4b:22:5b not verified (check hostfingerprints or web.cacerts config setting) destination directory: go requesting all changes adding changesets adding manifests adding file changes added 13976 changesets with 51573 changes to 7336 files (+5 heads) ** unknown exception encountered, please report by visiting ** http://mercurial.selenic.com/wiki/BugTracker ** Python 2.7.3 (default, Jul 26 2012, 16:37:41) [GCC 4.2.2 20070831 prerelease [FreeBSD]] ** Mercurial Distributed SCM (version 2.3) ** Extensions loaded: Traceback (most recent call last): File "/usr/local/bin/hg", line 38, in mercurial.dispatch.run() File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", line 28, in run sys.exit((dispatch(request(sys.argv[1:])) or 0) & 255) File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", line 65, in dispatch return _runcatch(req) File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", line 88, in _runcatch return _dispatch(req) File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", line 740, in _dispatch cmdpats, cmdoptions) File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", line 514, in runcommand ret = _runcommand(ui, options, cmd, d) File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", line 830, in _runcommand return checkargs() File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", line 801, in checkargs return cmdfunc() File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", line 737, in d = lambda: util.checksignature(func)(ui, *args, **cmdoptions) File "/usr/local/lib/python2.7/site-packages/mercurial/util.py", line 472, in check return func(*args, **kwargs) File "/usr/local/lib/python2.7/site-packages/mercurial/commands.py", line 1206, in clone branch=opts.get('branch')) File "/usr/local/lib/python2.7/site-packages/mercurial/hg.py", line 401, in clone checkout = srcrepo.lookup(update) AttributeError: 'NoneType' object has no attribute 'lookup' ------------------- I went to $HOME/go/.hg/hgrc, and put the definition for cacerts there as well. After removing the contents of $HOME/go/.hg, except for hgrc, I was able to successfully pull in the entire go tree and build it without any further ado. Thanks a lot for your suggestion. Alexander Kapshuk.