On my computer, any live package using mercurial.eclass produces > warning: <host> certificate with fingerprint <fingerprint> not verified (check hostfingerprints or web.cacerts config setting) on emerging, while manual cloning/pulling as root does not. /etc/mercurial/hgrc is set as advised on <http://mercurial.selenic.com/wiki/CACertificates>: > [web] > cacerts = /etc/ssl/certs/ca-certificates.crt Reproducible: Always Steps to Reproduce: 1. # emerge '=games-engines/love-9999' 2. # emerge -1 --nodeps '=games-engines/love-9999' 3. # cd /usr/portage/distfiles/hg-src/love/love; git pull 4. # emerge -C games-engines/love; rm -rf /usr/portage/distfiles/hg-src/love/love 5. # cd /usr/portage/distfiles/hg-src/love; git clone https://bitbucket.org/rude/love Actual Results: 1. warning: bitbucket.org certificate with fingerprint 24:9c:45:8b:9c:aa:ba:55:4e:01:6d:58:ff:e4:28:7d:2a:14:ae:3b not verified (check hostfingerprints or web.cacerts config setting) 2. warning: bitbucket.org certificate with fingerprint 24:9c:45:8b:9c:aa:ba:55:4e:01:6d:58:ff:e4:28:7d:2a:14:ae:3b not verified (check hostfingerprints or web.cacerts config setting) 3. No warning. 5. No warning. Expected Results: No warning for 1, 2, 3 and 5.
s/git/hg/g in my previous post, and sorry for the typo :|
mercurial.eclass sets HGRCPATH to be empty, which basically disables any hgrc. However, I don't understand your problem. You want to get rid of the warning? We could set HGRCPATH to "/etc/mercurial/hgrc:/etc/mercurial/hgrc.d", but then strange stuff could get inherited from there. Or we could add "--config web.cacerts=/etc/ssl/certs/ca-certificates.crt" to the command line of pull and clone.
Thanks for your explanation. I was just looking for a way to eliminate the warning, but did not consider issue about inheritance of other settings from the global hgrc.
(In reply to comment #3) > Thanks for your explanation. I was just looking for a way to eliminate the > warning, but did not consider issue about inheritance of other settings from > the global hgrc. I will add something like "--config web.cacerts=/etc/ssl/certs/ca-certificates.crt" to the options for hg pull/clone in the eclass soon.