[blfs-dev] cacerts in Configuring Mercurial

Thu, 21 Feb 2019 18:38:46 -0800 

This was going to be a question jsut about Mercurial, by working
through this I think I'vegot bigger problems (see end of post).

I was cleaning out some additions to my scripts which I had made
when dropping Mozilla::CA.  Symlinks for ca-bundle.crt.  But grep also
found Mercurial, and that is in the book:

install -v -d -m755 /etc/mercurial &&
cat > /etc/mercurial/hgrc << "EOF"
[web]
cacerts = /etc/pki/tls/certs/ca-bundle.crt
EOF

I don't have that.  When I discovered that Mozilla::CA could be
deleted (by people not installing from CPAN) it was because
Try::Tiny (a core perl module) has :

    # cert list copied from golang src/crypto/x509/root_unix.go
    foreach my $ca_bundle (
        "/etc/ssl/certs/ca-certificates.crt",     # Debian/Ubuntu/Gentoo etc.
        "/etc/pki/tls/certs/ca-bundle.crt",       # Fedora/RHEL
        "/etc/ssl/ca-bundle.pem",                 # OpenSUSE
        "/etc/openssl/certs/ca-certificates.crt", # NetBSD
        "/etc/ssl/cert.pem",                      # OpenBSD
        "/usr/local/share/certs/ca-root-nss.crt", # FreeBSD/DragonFly
        "/etc/pki/tls/cacert.pem",                # OpenELEC
        "/etc/certs/ca-certificates.crt",         # Solaris 11.2+
    ) {
        return $ca_bundle if -e $ca_bundle;
    }

    die qq/Couldn't find a CA bundle with which to verify the SSL 
certificate.\n/
      . qq/Try installing Mozilla::CA from CPAN\n/;

The Fedora entry seemed to fit well with what we then had.

But I don't seem to have ANY of those.  Went and looked at the
output from updating the certs to use current mozilla versions.
Seems to have failed, just like when I posted on support hours ago:

lists.linuxfromscratch.org/pipermail/blfs-support/2019-February/080752.html

What _should_ I have for the batched/bundled certificates ?

And any ideas why make-ca is failing so catastrophically ?  I have
used ' || true' on it because in the past things like missing java,
or perhaps expired certificates, caused non-zero status.

Meanwhile, I don't think there is much I can do to test things.

ĸen
-- 
The beauty of reading a page of de Selby is that it leads one
inescapably to the conclusion that one is not, of all nincompoops,
the greates.            -- du Garbandier
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to