Bug 1252765 - Always update Mercurial host fingerprints if present; r=chmanchester
authorGregory Szorc <gps@mozilla.com>
Fri, 11 Mar 2016 13:18:08 -0800
changeset 288392 b9d035d4674401765b22c76280c13f9cef2e4e28
parent 288391 58b542930c53df069d9a742fffc3781c08be07ee
child 288393 c3b28b2e4d0c9f05eb4ec9acbf6ad953ae7476cc
push id30079
push userryanvm@gmail.com
push dateSat, 12 Mar 2016 20:24:19 +0000
treeherdermozilla-central@d1d47ba19ce9 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerschmanchester
bugs1252765
milestone48.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1252765 - Always update Mercurial host fingerprints if present; r=chmanchester Before, we didn't update host fingerprints if old values were present and we were running a modern Mercurial and Python. Now, we unconditionally update existing fingerprints. DONTBUILD (NPOTB) MozReview-Commit-ID: 1yjNGkJ6FAk
tools/mercurial/hgsetup/config.py
tools/mercurial/hgsetup/wizard.py
--- a/tools/mercurial/hgsetup/config.py
+++ b/tools/mercurial/hgsetup/config.py
@@ -91,16 +91,25 @@ class MercurialConfig(object):
     def add_mozilla_host_fingerprints(self):
         """Add host fingerprints so SSL connections don't warn."""
         if 'hostfingerprints' not in self._c:
             self._c['hostfingerprints'] = {}
 
         for k, v in HOST_FINGERPRINTS.items():
             self._c['hostfingerprints'][k] = v
 
+    def update_mozilla_host_fingerprints(self):
+        """Update host fingerprints if they are present."""
+        if 'hostfingerprints' not in self._c:
+            return
+
+        for k, v in HOST_FINGERPRINTS.items():
+            if k in self._c['hostfingerprints']:
+                self._c['hostfingerprints'][k] = v
+
     def set_username(self, name, email):
         """Set the username to use for commits.
 
         The username consists of a name (typically <firstname> <lastname>) and
         a well-formed e-mail address.
         """
         if 'ui' not in self._c:
             self._c['ui'] = {}
--- a/tools/mercurial/hgsetup/wizard.py
+++ b/tools/mercurial/hgsetup/wizard.py
@@ -512,16 +512,21 @@ class MercurialSetupWizard(object):
         # certificates in Mercurial config files. In modern versions of
         # Mercurial, the system CA store is used and old, legacy TLS protocols
         # are disabled. The default connection/security setting should
         # be sufficient and pinning certificates is no longer needed.
         have_modern_ssl = hasattr(ssl, 'SSLContext')
         if hg_version < LooseVersion('3.4') or not have_modern_ssl:
             c.add_mozilla_host_fingerprints()
 
+        # We always update fingerprints if they are present. We /could/ offer to
+        # remove fingerprints if running modern Python and Mercurial. But that
+        # just adds more UI complexity and isn't worth it.
+        c.update_mozilla_host_fingerprints()
+
         # References to multiple version-control-tools checkouts can confuse
         # version-control-tools, since various Mercurial extensions resolve
         # dependencies via __file__ and repos could reference another copy.
         seen_vct = set()
         for k, v in c.config.get('extensions', {}).items():
             if 'version-control-tools' not in v:
                 continue