Mercurial > hg

view mercurial/dummycert.pem @ 27764:dd0c5f4d1b53

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
util: adjust 'datapath' to be correct in a frozen OS X package Apparently unlike py2exe, py2app copies the Mercurial source tree as-is to a Contents/Resources subdirectory of an app bundle, and places its binary stub in Contents/MacOS. (The Windows install has the 'hgext' and 'mercurial' modules in 'lib/library.zip', while the help and templates subdirectories have been moved out of the mercurial directory to the root of the installation. I assume that the python code living in a zip file is why "py2exe doesn't support __file__".) Therefore, prior to this change, Mercurial in a frozen app bundle on OS X would go looking for help *.txt, templates and locale info in Contents/MacOS, where they don't exist. There are only a handful of places that test for frozen, and not all of them are wrong for OS X, so it seems wiser to handle them on a case by case basis, rather that try to change mainfrozen(). The remaining cases are: 1) util.hgexecutable() wrongly points to the bundled python executable, and affects $HG in util.system() launched processes (e.g. external hooks) 2) util.hgcmd() wrongly points to the bundled python executable, but it seems to only affect 'hg serve -d' 3) hook._pythonhook() may be OK, since I didn't see anything outrageous when printing sys.path from an internal hook. I'm not sure if this special case is needed on OS X though. 4) sslutil._plainapplepython() is OK, because sys.executable is not /usr/bin/python, nor is it in /System/Library/Frameworks
author Matt Harbison <matt_harbison@yahoo.com>
date Sun, 10 Jan 2016 17:49:01 -0500
parents d7f7f1860f00
children
line wrap: on
line source

A dummy certificate that will make OS X 10.6+ Python use the system CA
certificate store:

-----BEGIN CERTIFICATE-----
MIIBIzCBzgIJANjmj39sb3FmMA0GCSqGSIb3DQEBBQUAMBkxFzAVBgNVBAMTDmhn
LmV4YW1wbGUuY29tMB4XDTE0MDgzMDA4NDU1OVoXDTE0MDgyOTA4NDU1OVowGTEX
MBUGA1UEAxMOaGcuZXhhbXBsZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
mh/ZySGlcq0ALNLmA1gZqt61HruywPrRk6WyrLJRgt+X7OP9FFlEfl2tzHfzqvmK
CtSQoPINWOdAJMekBYFgKQIDAQABMA0GCSqGSIb3DQEBBQUAA0EAF9h49LkSqJ6a
IlpogZuUHtihXeKZBsiktVIDlDccYsNy0RSh9XxUfhk+XMLw8jBlYvcltSXdJ7We
aKdQRekuMQ==
-----END CERTIFICATE-----

This certificate was generated to be syntactically valid but never be usable;
it expired before it became valid.

Created as:

  $ cat > cn.conf << EOT
  > [req]
  > distinguished_name = req_distinguished_name
  > [req_distinguished_name]
  > commonName = Common Name
  > commonName_default = no.example.com
  > EOT
  $ openssl req -nodes -new -x509 -keyout /dev/null \
  >   -out dummycert.pem -days -1 -config cn.conf -subj '/CN=hg.example.com'

To verify the content of this certificate:

  $ openssl x509 -in dummycert.pem -noout -text
  Certificate:
      Data:
          Version: 1 (0x0)
          Serial Number: 15629337334278746470 (0xd8e68f7f6c6f7166)
      Signature Algorithm: sha1WithRSAEncryption
          Issuer: CN=hg.example.com
          Validity
              Not Before: Aug 30 08:45:59 2014 GMT
              Not After : Aug 29 08:45:59 2014 GMT
          Subject: CN=hg.example.com
          Subject Public Key Info:
              Public Key Algorithm: rsaEncryption
                  Public-Key: (512 bit)
                  Modulus:
                      00:9a:1f:d9:c9:21:a5:72:ad:00:2c:d2:e6:03:58:
                      19:aa:de:b5:1e:bb:b2:c0:fa:d1:93:a5:b2:ac:b2:
                      51:82:df:97:ec:e3:fd:14:59:44:7e:5d:ad:cc:77:
                      f3:aa:f9:8a:0a:d4:90:a0:f2:0d:58:e7:40:24:c7:
                      a4:05:81:60:29
                  Exponent: 65537 (0x10001)
      Signature Algorithm: sha1WithRSAEncryption
           17:d8:78:f4:b9:12:a8:9e:9a:22:5a:68:81:9b:94:1e:d8:a1:
           5d:e2:99:06:c8:a4:b5:52:03:94:37:1c:62:c3:72:d1:14:a1:
           f5:7c:54:7e:19:3e:5c:c2:f0:f2:30:65:62:f7:25:b5:25:dd:
           27:b5:9e:68:a7:50:45:e9:2e:31