FS#36246 - [mercurial] SSL Certificate Authority Default Settings
Attached to Project:
Arch Linux
Opened by Andrew Freeman (alif) - Monday, 22 July 2013, 19:19 GMT
Last edited by Giovanni Scafora (giovanni) - Sunday, 12 January 2014, 14:09 GMT
Opened by Andrew Freeman (alif) - Monday, 22 July 2013, 19:19 GMT
Last edited by Giovanni Scafora (giovanni) - Sunday, 12 January 2014, 14:09 GMT
|
Details
Description:
Mercurial should be able to verify signatures by common certificate authorities without per-user configuration. Upstream has confirmed this, but has been sitting on the bug report [HG:3453] for more than a year as a portable solution has not been found. The Arch Wiki Mercurial entry demonstrates that users are being affected by the bug as they are advised to implement the patch in their local configuration file. [HG:3453] http://bz.selenic.com/show_bug.cgi?id=3453 Additional info: /etc/mercurial/hgrc - does not contain any default SSL settings. Steps to reproduce: $ hg clone https://re2.googlecode.com/hg re2 #...or any other SSL repo with reasonable signatures. warning: re2.googlecode.com certificate with fingerprint 22:ff:da:a9:55:f4:40:00:5e:1d:b5:7a:93:71:42:55:bd:9f:f3:8a not verified (check hostfingerprints or web.cacerts config setting) ... Proposed solution: Add a post-install script checking for the optional dependency (of openssl, requisite for python2 thus mercurial) ca-certificates that appends as follows, if so: echo "### Set trusted certificate authorities\n" >> ${pkgdir}/etc/mercurial/hgrc echo "[web]" >> ${pkgdir}/etc/mercurial/hgrc echo "cacerts = /etc/ssl/certs/ca-certificates.crt" >> ${pkgdir}/etc/mercurial/hgrc |
This task depends upon
Closed by Giovanni Scafora (giovanni)
Sunday, 12 January 2014, 14:09 GMT
Reason for closing: Upstream
Sunday, 12 January 2014, 14:09 GMT
Reason for closing: Upstream