Mercurial CA Certificates

Alexander Kapshuk alexander.kapshuk at gmail.com
Sat Sep 1 18:12:54 UTC 2012 

On 08/30/12 22:13, Ruslan Mahmatkhanov wrote:
> Alexander Kapshuk wrote on 30.08.2012 00:34:
>> On 08/29/12 22:00, Ruslan Mahmatkhanov wrote:
>>> Hi,
>>>
>>> Alexander Kapshuk wrote on 19.08.2012 21:45:
>>>> How do I add an CA Certificate for Mercurial on FreeBSD please?
>>>>
>>>> :; uname -a
>>>> FreeBSD box2 9.0-RELEASE-p4 FreeBSD 9.0-RELEASE-p4 #0: Fri Aug 17
>>>> 21:53:39 EEST 2012 root at box2:/usr/obj/usr/src/sys/GENERIC i386
>>>>
>>>> :; pkg_info -xc mercurial | sed 1q
>>>> Information for mercurial-2.3:
>>>>
>>>> Thanks.
>>>
>>> As far I understand, FreeBSD doesn't come prepackaged with root CA
>>> certificates like other systems do (it's not 146%, but seems so). So,
>>> I'd follow recommendation from [1] in part "2.7. Other platforms".
>>>
>>> - download CA list from [2]
>>> - put this lines into your ~/.hgrc:
>>>
>>> [web]
>>> cacerts = /place/where/you/put/cacert.pem
>>>
>>> Hope this helps.
>>>
>>> [1] http://mercurial.selenic.com/wiki/CACertificates
>>> [2] http://curl.haxx.se/docs/caextract.html
>>>
>> OK. Thanks. I'll give that a try.
>
> Just realized that there is security/ca_root_nss that installs the 
> certs into /usr/local/share/certs and the port itself asks if you want 
> to create symlink to it in /etc/ssl/cert.pem. You may add any of them 
> into your ~/.hgrc. Please let me know if it works for you, and if it 
> is, it should be added into mercurial's wiki, and maybe to our 
> mercurial port as pkg-message or so.
>
Hello Ruslan,

What I didn't realise what that I'd already had the security/ca_root_nss 
port installed on my system. So, I did as you had suggested, I created 
this symlink, /etc/ssl/cert.pem, to /usr/local/share/certs/ca-root-nss.crt.
Then I put the definition for cacerts in my $HOME/.hgrc:
[web]
cacerts = /etc/ssl/cert.pem
----------
And ran this command line:
hg clone -u release https://code.google.com/p/go
----------
Which ended up spitting out this error output:
:; hg clone -u release https://code.google.com/p/go
warning: code.google.com certificate with fingerprint 
25:a7:a0:0b:85:b1:25:d4:eb:be:05:e0:8b:72:47:9e:c3:4b:22:5b not verified 
(check hostfingerprints or web.cacerts config setting)
destination directory: go
requesting all changes
adding changesets
adding manifests
adding file changes
added 13976 changesets with 51573 changes to 7336 files (+5 heads)
** unknown exception encountered, please report by visiting
** http://mercurial.selenic.com/wiki/BugTracker
** Python 2.7.3 (default, Jul 26 2012, 16:37:41) [GCC 4.2.2 20070831 
prerelease [FreeBSD]]
** Mercurial Distributed SCM (version 2.3)
** Extensions loaded:
Traceback (most recent call last):
   File "/usr/local/bin/hg", line 38, in <module>
     mercurial.dispatch.run()
   File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", 
line 28, in run
     sys.exit((dispatch(request(sys.argv[1:])) or 0) & 255)
   File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", 
line 65, in dispatch
     return _runcatch(req)
   File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", 
line 88, in _runcatch
     return _dispatch(req)
   File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", 
line 740, in _dispatch
     cmdpats, cmdoptions)
   File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", 
line 514, in runcommand
     ret = _runcommand(ui, options, cmd, d)
   File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", 
line 830, in _runcommand
     return checkargs()
   File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", 
line 801, in checkargs
     return cmdfunc()
   File "/usr/local/lib/python2.7/site-packages/mercurial/dispatch.py", 
line 737, in <lambda>
     d = lambda: util.checksignature(func)(ui, *args, **cmdoptions)
   File "/usr/local/lib/python2.7/site-packages/mercurial/util.py", line 
472, in check
     return func(*args, **kwargs)
   File "/usr/local/lib/python2.7/site-packages/mercurial/commands.py", 
line 1206, in clone
     branch=opts.get('branch'))
   File "/usr/local/lib/python2.7/site-packages/mercurial/hg.py", line 
401, in clone
     checkout = srcrepo.lookup(update)
AttributeError: 'NoneType' object has no attribute 'lookup'
-------------------
I went to $HOME/go/.hg/hgrc, and put the definition for cacerts there as 
well.
After removing the contents of $HOME/go/.hg, except for hgrc, I was able 
to successfully pull in the entire go tree and build it without any 
further ado.

Thanks a lot for your suggestion.

Alexander Kapshuk.

More information about the freebsd-python mailing list