Date: Sat, 01 Sep 2012 21:12:49 +0300 From: Alexander Kapshuk <alexander.kapshuk@gmail.com> To: Ruslan Mahmatkhanov <cvs-src@yandex.ru> Cc: python@FreeBSD.org Subject: Re: Mercurial CA Certificates Message-ID: <50425021.2070200@gmail.com> In-Reply-To: <503FBB43.2050507@yandex.ru> References: <50312651.7020202@gmail.com> <503E66B5.2020809@yandex.ru> <503E7CF0.3040802@gmail.com> <503FBB43.2050507@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/30/12 22:13, Ruslan Mahmatkhanov wrote: > Alexander Kapshuk wrote on 30.08.2012 00:34: >> On 08/29/12 22:00, Ruslan Mahmatkhanov wrote: >>> Hi, >>> >>> Alexander Kapshuk wrote on 19.08.2012 21:45: >>>> How do I add an CA Certificate for Mercurial on FreeBSD please? >>>> >>>> :; uname -a >>>> FreeBSD box2 9.0-RELEASE-p4 FreeBSD 9.0-RELEASE-p4 #0: Fri Aug 17 >>>> 21:53:39 EEST 2012 root@box2:/usr/obj/usr/src/sys/GENERIC i386 >>>> >>>> :; pkg_info -xc mercurial | sed 1q >>>> Information for mercurial-2.3: >>>> >>>> Thanks. >>> >>> As far I understand, FreeBSD doesn't come prepackaged with root CA >>> certificates like other systems do (it's not 146%, but seems so). So, >>> I'd follow recommendation from [1] in part "2.7. Other platforms". >>> >>> - download CA list from [2] >>> - put this lines into your ~/.hgrc: >>> >>> [web] >>> cacerts = /place/where/you/put/cacert.pem >>> >>> Hope this helps. >>> >>> [1] http://mercurial.selenic.com/wiki/CACertificates >>> [2] http://curl.haxx.se/docs/caextract.html >>> >> OK. Thanks. I'll give that a try. > > Just realized that there is security/ca_root_nss that installs the > certs into /usr/local/share/certs and the port itself asks if you want > to create symlink to it in /etc/ssl/cert.pem. You may add any of them > into your ~/.hgrc. Please let me know if it works for you, and if it > is, it should be added into mercurial's wiki, and maybe to our > mercurial port as pkg-message or so. > Hello Ruslan, What I didn't realise what that I'd already had the security/ca_root_nss port installed on my system. So, I did as you had suggested, I created this symlink, /etc/ssl/cert.pem, to /usr/local/share/certs/ca-root-nss.crt. Then I put the definition for cacerts in my $HOME/.hgrc: [web] cacerts = /etc/ssl/cert.pem ---------- And ran this command line: hg clone -u release https://code.google.com/p/go ---------- Which ended up spitting out this error output: :; hg clone -u release https://code.google.com/p/go warning: code.google.com certificate with fingerprint 25:a7:a0:0b:85:b1:25:d4:eb:be:05:e0:8b:72:47:9e:c3:4b:22:5b not verified (check hostfingerprints or web.cacerts config setting) destination directory: go requesting all changes adding changesets adding manifests adding file changes added 13976 changesets with 51573 changes to 7336 files (+5 heads) ** unknown exception encountered, please report by visiting ** http://mercurial.selenic.com/wiki/BugTracker ** Python 2.7.3 (default, Jul 26 2012, 16:37:41) [GCC 4.2.2 20070831 prerelease [FreeBSD]] ** Mercurial Distributed SCM (version 2.3) ** Extensions loaded: Traceback (most recent call last): File "/usr/local/bin/hg", line 38, in <module> mercurial.dispatch.run() File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", line 28, in run sys.exit((dispatch(request(sys.argv[1:])) or 0) & 255) File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", line 65, in dispatch return _runcatch(req) File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", line 88, in _runcatch return _dispatch(req) File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", line 740, in _dispatch cmdpats, cmdoptions) File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", line 514, in runcommand ret = _runcommand(ui, options, cmd, d) File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", line 830, in _runcommand return checkargs() File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", line 801, in checkargs return cmdfunc() File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", line 737, in <lambda> d = lambda: util.checksignature(func)(ui, *args, **cmdoptions) File "/usr/local/lib/python2.7/site-packages/mercurial/util.py", line 472, in check return func(*args, **kwargs) File "/usr/local/lib/python2.7/site-packages/mercurial/commands.py", line 1206, in clone branch=opts.get('branch')) File "/usr/local/lib/python2.7/site-packages/mercurial/hg.py", line 401, in clone checkout = srcrepo.lookup(update) AttributeError: 'NoneType' object has no attribute 'lookup' ------------------- I went to $HOME/go/.hg/hgrc, and put the definition for cacerts there as well. After removing the contents of $HOME/go/.hg, except for hgrc, I was able to successfully pull in the entire go tree and build it without any further ado. Thanks a lot for your suggestion. Alexander Kapshuk.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50425021.2070200>