tldr; run `mach vcs-setup` to update the pinned SSL certificate in your hgrc files.
hg.mozilla.org’s x509 server certificate (AKA an “SSL certificate”) will be rotated on Monday, October 12th. Bug 1670031 tracks this change. You may have the certificate’s fingerprint pinned in your hgrc files. Automated jobs may pin the fingerprint as well. If you have the fingerprint pinned, you will need to take action otherwise Mercurial will refuse the connection to hg.mozilla.org once the certificate is swapped. The easiest way to ensure your pinned fingerprint is up-to-date is to run `mach vcs-setup` from a Mercurial checkout (it can be from an old revision). Both the old and new fingerprints will be pinned and the transition will “just work.” Once the new fingerprint is enabled on the server, run mach vcs-setup again to remove the old fingerprint. Fingerprints and details of the new certificate (including hgrc config snippets you can copy) are located at Bug 1670031. From a certificate level, this transition is pretty boring: just a standard certificate renewal from the same CA. The Matrix channel for this operational change will be #vcs. Fallout in Firefox CI should be discussed in #ci. Please track any bugs related to this change against Bug 1668017. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
