Has FALLBACK_FINGERPRINT (in taskcluster/scripts/run-task) been updated for this change?
- Kyle On Thu, Oct 8, 2020 at 4:00 PM Connor Sheehan <shee...@mozilla.com> wrote: > > tldr; run `mach vcs-setup` to update the pinned SSL certificate in your hgrc > files. > > hg.mozilla.org’s x509 server certificate (AKA an “SSL certificate”) will be > rotated on Monday, October 12th. Bug 1670031 tracks this change. > > You may have the certificate’s fingerprint pinned in your hgrc files. > Automated jobs may pin the fingerprint as well. If you have the fingerprint > pinned, you will need to take action otherwise Mercurial will refuse the > connection to hg.mozilla.org once the certificate is swapped. > > The easiest way to ensure your pinned fingerprint is up-to-date is to run > `mach vcs-setup` from a Mercurial checkout (it can be from an old revision). > Both the old and new fingerprints will be pinned and the transition will > “just work.” Once the new fingerprint is enabled on the server, run mach > vcs-setup again to remove the old fingerprint. > > Fingerprints and details of the new certificate (including hgrc config > snippets you can copy) are located at Bug 1670031. From a certificate level, > this transition is pretty boring: just a standard certificate renewal from > the same CA. > > The Matrix channel for this operational change will be #vcs. Fallout in > Firefox CI should be discussed in #ci. Please track any bugs related to this > change against Bug 1668017. > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
