Open
Bug 1311217
Opened 8 years ago
Updated 8 years ago
mercurial-setup should add fingerprint for hg.cdn.mozilla.net
Categories
(Developer Services :: Mercurial: configwizard, defect)
Developer Services
Mercurial: configwizard
Tracking
(Not tracked)
NEW
People
(Reporter: xidorn, Unassigned)
Details
When I tried to clone the stylo repo in a new machine today, there was an error: > destination directory: stylo > applying clone bundle from https://hg.cdn.mozilla.net/experimental/mozilla-central-gd/56b3f2c6f53e72698fea6c25130efceef2a26548.gzip-v2.hg > error fetching bundle: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) > abort: error applying bundle > (if this error persists, consider contacting the server operator or disable clone bundles via "--config ui.clonebundles=false") Apparently this is because there is no fingerprint listed in .hgrc for hg.cdn.mozilla.net, and I ran "./mach mercurial-setup" which doesn't fix this issue. Then I add > hg.cdn.mozilla.net:fingerprints = sha256:46:87:96:55:18:d1:42:b9:02:aa:fb:11:fe:15:f2:2b:be:90:14:23:f0:29:1e:df:1c:14:77:cc:9a:4b:8a:3e to my .hgrc manually, this is fixed. I think this should be done by mercurial-setup command.
|
||
Comment 1•8 years ago
|
||
I'm curious why the certificate verification failed in the first place. My guess is your CA cert bundle is old? What does `hg debuginstall` say?
Flags: needinfo?(xidorn+moz)
|
Reporter | |
Comment 2•8 years ago
|
||
It says:
> checking encoding (UTF-8)...
> checking Python executable (/usr/local/opt/python/bin/python2.7)
> checking Python version (2.7.12)
> checking Python lib (/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7)...
> checking Mercurial version (3.9.1)
> checking Mercurial custom build ()
> checking module policy (c)
> checking installed modules (/usr/local/Cellar/mercurial/3.9.1/lib/python2.7/site-packages/mercurial)...
> checking templates (/usr/local/Cellar/mercurial/3.9.1/lib/python2.7/site-packages/mercurial/templates)...
> checking default template (/usr/local/Cellar/mercurial/3.9.1/lib/python2.7/site-packages/mercurial/templates/map-cmdline.default)
> checking commit editor... (mvim -f)
> checking username (Xidorn Quan <...>)
> no problems detectedFlags: needinfo?(xidorn+moz)
|
|
Reporter | |
Comment 3•8 years ago
|
||
Oh, probably because my .hgrc has:
> [web]
> cacerts = /etc/hg-dummy-cert.pem
I think it was something necessary before for hg to work properly on Mac, but I guess it is no longer needed and became harmful now?|
|
Reporter | |
Comment 4•8 years ago
|
||
This is a trick documented in https://www.mercurial-scm.org/wiki/CACertificates#Mac_OS_X_10.6_and_higher So it seems it is no longer necessary after Mercurial 3.2. And after I comment out that line, it works as expected.
You need to log in
before you can comment on or make changes to this bug.
Description
•