Closed
Bug 1362848
Opened 7 years ago
Closed 4 years ago
OSX64 systems having mercurial issues
Categories
(SeaMonkey :: Release Engineering, defect)
SeaMonkey
Release Engineering
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: ewong, Unassigned)
Details
(Keywords: sec-other)
Current OSX64 bustage: warning: connecting to hg.mozilla.org using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info warning: connecting to s3-us-west-2.amazonaws.com using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info applying clone bundle from https://s3-us-west-2.amazonaws.com/moz-hg-bundles-us-west-2/releases/mozilla-beta/4b40534bf2f8bd6a62201bca15649cb613f84f37.gzip-v2.hg (unable to load CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) abort: s3-us-west-2.amazonaws.com certificate error: no certificate received (set hostsecurity.s3-us-west-2.amazonaws.com:certfingerprints=sha256:e0:65:77:43:a5:6f:71:e0:4c:af:81:53:1d:94:22:c2:49:94:5c:95:c8:a6:99:93:5e:c2:1d:d8:46:6c:a1:20 config setting or use --insecure to connect insecurely) The exception was: subprocess.CalledProcessError: Command '['hg', 'clone', 'https://hg.mozilla.org/releases/mozilla-beta', './mozilla']' returned non-zero exit status 255 I'm guessing something changed wrt 3.9.1 osx64 and aws.
Reporter | ||
Updated•7 years ago
|
Group: core-security-release
Reporter | ||
Comment 1•7 years ago
|
||
:Callek, The reason why I'm sec'ing this bug is because it required a slight 'fudge' wrt certificates on our two OsX64 systems. I think I've fixed it but had to do the following (and fixing this brought forth bug 1362913). 1) Modified the mercurial configuration on both macs via "hg config -e" and added the following: [web] cacerts = /Users/seabld/.hg/dummycert.pem #[hostfingerprints] #hg.mozilla.org = 73:7f:ef:ab:68:0f:49:3f:88:91:f0:b7:06:69:fd:8f:f2:55:c9:56 [hostsecurity] disabletls10warning = true hg.mozilla.org:fingerprints = sha256:8e:ad:f7:6a:eb:44:06:15:ed:f3:e4:69:a6:64:60:37:2d:ff:98:88:37:bf:d7:b8:40:84:01:48:9c:26:ce:d9 s3-us-west-2.amazonaws.com:certfingerprints = sha256:e0:65:77:43:a5:6f:71:e0:4c:af:81:53:1d:94:22:c2:49:94:5c:95:c8:a6:99:93:5e:c2:1d:d8:46:6c:a1:20 2) mkdir /Users/seabld/.hgcert 3) ran the following command (so 10 years down the road, we'll need to renew this, though it's probably a moot point since these systems are going away next year ;P) : openssl req -new -x509 -extensions v3_ca -keyout /dev/null -out dummycert.pem -days 3650 4) mv dummycert.pem /Users/seabld/.hgcert Now, they work.
Reporter | ||
Comment 2•7 years ago
|
||
Callek, I doubt what I did was 'right', but it unhorked the cloning.
Reporter | ||
Comment 3•7 years ago
|
||
This is most likely related to bug 1354356. We have python 2.7.1 on our slaves. We need 2.7.9+ (preferably 2.7.13). Callek, might you be able to dig up a 2.7.13 dmg? Or is this not a good idea?
Reporter | ||
Comment 4•4 years ago
|
||
No longer relevant.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → INVALID
Updated•9 months ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•