| dOxxx | omg it worked | 00:03 |
|---|---|---|
| wgz | dOxxx: you clearly have the magic | 00:05 |
| dOxxx | wgz: clearly. I got the idea from the fedora bug for the same problem. patched the bzr texinfo builder to register itself under a different name so it doesn't clash with the builtin texinfo builder | 00:05 |
| dOxxx | now I have to figure out how to handle this cacert thing | 00:12 |
| wgz | so, you don't actually have to now | 00:16 |
| dOxxx | well I still get that error about the cacerts being wrong | 00:16 |
| wgz | after 2.5b6 the default got flipped so if the certs aren't there it will just not verify | 00:16 |
| wgz | ...urk? | 00:16 |
| dOxxx | oh hmm | 00:17 |
| dOxxx | I see | 00:17 |
| dOxxx | I didn't have 2.5b6 installed when I tested it | 00:17 |
| wgz | it still complains? | 00:17 |
| dOxxx | I get this like 8 times: Not checking SSL certificate for bazaar.launchpad.net: 443 | 00:17 |
| dOxxx | and then the normal command output | 00:17 |
| wgz | https://code.launchpad.net/~vila/bzr/929179-default-ssl-certs/+merge/93177 <- is the mp | 00:18 |
| wgz | ah, okay, so... it doesn't error, but does print something | 00:19 |
| dOxxx | yeah I just had an old version installed when I first tried it | 00:19 |
| wgz | and for whatever reason that https command spams connections | 00:19 |
| dOxxx | correct | 00:19 |
| wgz | so, what I did, which is probably not appropriate for osx | 00:19 |
| wgz | was stick the bundle that the curl guys extract from mozilla and publish on their website in the install directory | 00:20 |
| wgz | but doing the right thing for osx no doubt means writing extra code | 00:21 |
| dOxxx | yeah it means writing extra code that I do not know right now :) | 00:21 |
| dOxxx | I can do the same hack as you | 00:21 |
| wgz | http://curl.haxx.se/docs/caextract.html | 00:21 |
| dOxxx | just tried it by downloading the cacert file from that site and then using `bzr -Ossl.cacert=path/to/file` | 00:22 |
| wgz | will just check what vila left in as the expected location for osx... | 00:22 |
| wgz | ^and that worked? | 00:22 |
| dOxxx | errr... it seems that it worked with the older verison of bzr, but now with 2.5.0 it's still giving me the "not checking ssl certificate" spam | 00:23 |
| wgz | ah, dammit, the code is: | 00:23 |
| wgz | 'pass' | 00:23 |
| dOxxx | oh well, it's not like I don't already have 2 patches for bzr code, one more is not going to hurt | 00:24 |
| wgz | oh, oh dear. it really shouldn't do that with 2.5, the change must have been wrong | 00:24 |
| wgz | okay, so changes three and four: | 00:25 |
| wgz | revert the change from the mp I just linked | 00:25 |
| wgz | change the darwin branch in bzrlib.transport.http._urllib_wrappers.default_ca_certs to the same as the win32 bit above it | 00:26 |
| dOxxx | I was considering storing it in /usr/local/share/bzr just to be nice about it | 00:27 |
| wgz | by all means be superior :) | 00:27 |
| dOxxx | haha | 00:27 |
| dOxxx | aha, so if I do this: `bzr -Ossl.ca_certs=cacert.pem -Ossl.cert_reqs=required` then I don't get the error or the spam | 00:31 |
| dOxxx | which is basically what the patch will accomplish in code instead | 00:31 |
| wgz | right | 00:31 |
| wgz | it seems none was a bad idea. | 00:32 |
| dOxxx | I think I grok this now | 00:32 |
| wgz | what's odd is I'm sure it was vila that explained to me why none was a bad idea | 00:33 |
| dOxxx | hehe | 00:34 |
| dOxxx | so default_ca_reqs should always return 'required'? | 00:34 |
| dOxxx | oh I see, just set the default for ssl.cert_reqs to required in the option definition | 00:35 |
| wgz | yeah, as you're supplying it | 00:35 |
| dOxxx | I can never tell when I should be using single quotes or double quotes for a string... | 00:36 |
| wgz | I change my mind every year or so :) | 00:36 |
| wgz | `bzr merge -r6474..6473 bzrlib/transport/http/_urllib2_wrappers.py` would do... but you're going from the tarball | 00:37 |
| dOxxx | yeah, I'm modifying my bzr 2.5 working tree, generating a patch from that and then apply that patch during the build process | 00:38 |
| dOxxx | the whole process is automated from extracting the source onwards so I have a patching mechanism | 00:38 |
| wgz | next time you do this I need to look over your shoulder and pick up tips | 00:39 |
| dOxxx | http://pastebin.com/pRCswJ67 | 00:40 |
| wgz | lgtm. | 00:40 |
| dOxxx | you're welcome to have a look at lp:bzr-mac-installers to see my build scripts | 00:40 |
| dOxxx | it's inherited code so it's not quite as nice as I would like it to be but I've been making improvements slowly here and there | 00:41 |
| wgz | sticking up the first hunk as a merge proposal against 2.5 wouldn't hurt | 00:41 |
| dOxxx | I guess so... | 00:41 |
| wgz | okay, bed for me I think | 00:49 |
| dOxxx | seeya wgz | 00:51 |
| dOxxx | ssl cacerts hack works :P | 00:57 |
| === lifeless_ is now known as lifeless | ||
| === RickCogley_ is now known as RickCogley | ||
| === Quintasan_ is now known as Quintasan | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!