Closed Bug 941833 Opened 6 years ago Closed 6 years ago

mach mercurial-setup doesn't handle certificate changes well

Categories

(Firefox Build System :: Mach Core, enhancement)

enhancement
Not set

Tracking

(Not tracked)

RESOLVED FIXED
mozilla28

People

(Reporter: gps, Assigned: gps)

References

Details

Attachments

(1 file)

hg.mozilla.org just had its certificate updated. Bug 940454 made `mach mercurial-setup` install the correct certificate. However, if you previously had the old fingerprint and went to run `mach mercurial-setup`, the command would try to pull down changes from extensions hosted on hg.mozilla.org via hg (using the old fingerprint) and verification would fail.

The solution is simple: mach mercurial-setup should add '--config hostfingerprints.hg.mozilla.org=<fingerprint>' to any hg command that talks to a remote server. The fingerprints from the source file should always be current, so they can override whatever is in ~/.hgrc.
Nick: I'd appreciate your review on this.
Attachment #8336317 - Flags: review?(nalexander)
Assignee: nobody → gps
Status: NEW → ASSIGNED
Comment on attachment 8336317 [details] [diff] [review]
mach mercurial-setup should set known host fingerprints, even if config is different

Review of attachment 8336317 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks for the clear explanation in the ticket.

::: python/mozversioncontrol/mozversioncontrol/repoupdate.py
@@ +17,5 @@
> +
> +    args = [hg]
> +
> +    for host, fingerprint in sorted(hostfingerprints.items()):
> +        args.extend(['--config', 'hostfingerprints.%s=%s' % (host,

This doesn't need to be quoted?

::: tools/mercurial/hgsetup/wizard.py
@@ +271,5 @@
>  
>      def update_git_repo(self, git, url, dest, ref, msg):
>          return self._update_repo(git, url, dest, ref, msg, update_git_repo)
>  
> +    def _update_repo(self, binary, url, dest, branch, msg, fn, **kwargs):

Follow suit with *args and pass through below.
Attachment #8336317 - Flags: review?(nalexander) → review+
https://hg.mozilla.org/mozilla-central/rev/7b29554d41e0
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
Product: Core → Firefox Build System
You need to log in before you can comment on or make changes to this bug.