On Thu, May 4, 2017 at 4:52 AM, harshad wadkar <
harshad...@gmail.com>
wrote:
> Respected Madam / Sir,
>
> I would like to use Marionette harness for testing.
>
> For that I have installed marionette harness using
> pip install marionette_harness (
https://pypi.org/project/
> marionette-harness/
> )
>
> The python scripts in the downloaded harness looked outdated.
>
> Tried to pull and update your local copy of mozilla-central using
> hg clone
http://hg.mozilla.org/mozilla-central/
>
> But getting (check hostfingerprints or web.cacerts config setting) warning
> & there is abort operation after sometime. The details given below :
>
> root@ubuntu:/home/harshad# hg clone
http://hg.mozilla.org/mozilla-central/
> warning:
hg.mozilla.org certificate with fingerprint
> 73:7f:ef:ab:68:0f:49:3f:88:91:f0:b7:06:69:fd:8f:f2:55:c9:56 not verified
> (check hostfingerprints or web.cacerts config setting)
>
Mercurial 3.9+ refuses to connect to servers insecurely. The fact you are
getting a warning here tells me you are using an old Mercurial client with
less secure defaults. You should upgrade if possible, otherwise you are
susceptible to MitM attacks.
You must be cloning from within AWS because our servers advertise S3 URLs
for "clone bundles" within AWS IP addresses. That's fine.
What is weird about this (and not related to your original post) is that it
is attempting to clone a gzip-v2 bundle instead of the "streaming" one. The
URL should end with "packed1.hg." I suspect something is setting the
ui.clonebundleprefers config option to override the defaults. This is not
cool!
>
> warning:
s3-us-west-2.amazonaws.com certificate with fingerprint
> 9d:35:10:89:3f:58:cb:5b:7a:89:54:d2:25:9c:67:84:c4:a9:8e:01 not verified
> (check hostfingerprints or web.cacerts config setting)
>
This means that your Mercurial client hasn't loaded the CA certificate for
s3-us-west-2.amazonaws.com and therefore can't trust the connection. (Same
deal as the warning for
hg.mozilla.org above.)
The certificate chains are:
0 s:/C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=*.
s3-us-west-2.amazonaws.com
i:/C=US/O=DigiCert Inc/OU=
www.digicert.com/CN=DigiCert Baltimore CA-2 G2
1 s:/C=US/O=DigiCert Inc/OU=
www.digicert.com/CN=DigiCert Baltimore CA-2 G2
i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
0 s:/C=US/ST=California/L=Mountain View/O=Mozilla Foundation/CN=
hg.mozilla.org
i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
1 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
i:/C=US/O=DigiCert Inc/OU=
www.digicert.com/CN=DigiCert Global Root CA
So your client doesn't have a few DigiCert root CAs loaded. These are
pretty common certificates. So either your Mercurial client isn't
configured to load a CA store (if this happens with a system package then
the package maintainer has failed) or your CA store is out of date.
You can resolve the problem by having your global hgrc (usually
/etc/mercurial/hgrc) have a `[web] cacerts=/path/to/file` pointing to an
up-to-date CA certificate bundle file. This is documented at
https://www.mercurial-scm.org/wiki/SecureConnections
> adding changesets
> adding
> manifests
> adding file
> changes
> transaction
> abort!
> rollback
> completed
> abort: stream ended unexpectedly (got 237434 bytes, expected 359992937)
>
This very poor error message should be fixed in the just-released Mercurial
4.2.
> root@ubuntu:/home/harshad#
>
> I have 02 queries :
> 1. How to solve the above problem?
> 2. When I tried clone process without superuser credentials, I got the
> process abort immediately.
>
> harshad@ubuntu:~$ hg clone
http://hg.mozilla.org/mozilla-central/
> abort: certificate for
hg.mozilla.org has unexpected fingerprint
> 73:7f:ef:ab:68:0f:49:3f:88:91:f0:b7:06:69:fd:8f:f2:55:c9:56
> (check hostfingerprint configuration)
> harshad@ubuntu:~$
>
> My query here is then why the clone process (under superuser credentials),
> added changesets, manifests and downloaded 237434 bytes, ideally it should
> have aborted immediately?
>
> Initially, I have asked Henrik Skupin sir (Senior Software Engineer,
> Mozilla Corporation) about query 1, he suggested me to ask in the
> mozilla.dev.version-controls mailing list for help.
>
> Requesting you to help me in solving the problem.
>
> Waiting for your reply.
>
> Thanks & Regards
>
> Harshad
> _______________________________________________
> dev-version-control mailing list
>
dev-versi...@lists.mozilla.org
>
https://lists.mozilla.org/listinfo/dev-version-control
>