Has FALLBACK_FINGERPRINT (in taskcluster/scripts/run-task) been
updated for this change?
On Thu, Oct 8, 2020 at 4:00 PM Connor Sheehan <firstname.lastname@example.org> wrote:
> tldr; run `mach vcs-setup` to update the pinned SSL certificate in your h=
> hg.mozilla.org=E2=80=99s x509 server certificate (AKA an =E2=80=9CSSL cer=
tificate=E2=80=9D) will be rotated on Monday, October 12th. Bug 1670031 tra=
cks this change.
> You may have the certificate=E2=80=99s fingerprint pinned in your hgrc fi=
les. Automated jobs may pin the fingerprint as well. If you have the finger=
print pinned, you will need to take action otherwise Mercurial will refuse =
the connection to hg.mozilla.org once the certificate is swapped.
> The easiest way to ensure your pinned fingerprint is up-to-date is to run=
`mach vcs-setup` from a Mercurial checkout (it can be from an old revision=
). Both the old and new fingerprints will be pinned and the transition will=
=E2=80=9Cjust work.=E2=80=9D Once the new fingerprint is enabled on the se=
rver, run mach vcs-setup again to remove the old fingerprint.
> Fingerprints and details of the new certificate (including hgrc config sn=
ippets you can copy) are located at Bug 1670031. From a certificate level, =
this transition is pretty boring: just a standard certificate renewal from =
the same CA.
> The Matrix channel for this operational change will be #vcs. Fallout in F=
irefox CI should be discussed in #ci. Please track any bugs related to this=
change against Bug 1668017.
> dev-platform mailing list