Closed
Bug 1259456
Opened 8 years ago
Closed 7 years ago
desktop-build should have a better .hgrc
Categories
(Taskcluster Graveyard :: Docker Images, defect)
Taskcluster Graveyard
Docker Images
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dustin, Unassigned, Mentored)
References
Details
(Whiteboard: [good-first-bug])
In Buildbot, we include specific fingerprints for servers that hg will talk to: https://github.com/mozilla/build-puppet/blob/master/modules/mercurial/templates/hgrc.erb#L32hg.mozilla.org = af:27:b9:34:47:4e:e5:98:01:f6:83:2b:51:c9:aa:d8:df:fb:1a:27 s3-external-1.amazonaws.com = 44:ae:c0:4d:9e:8d:50:13:fc:c3:0c:27:8c:06:f0:53:8a:ad:d2:22 s3-us-west-2.amazonaws.com = ad:ab:0d:1e:fe:1c:78:5b:94:f9:76:b2:5a:12:51:9a:12:7b:66:a2 ftp-ssl.mozilla.org = 9d:8e:3e:7c:4a:33:6f:53:c6:64:a8:48:d3:ea:72:05:f0:73:a4:90 We should do the same in the desktop-build image (even at the expense of failures when one of those fingerprints changes..)
|
Reporter | |
Comment 1•8 years ago
|
||
Note that we can ship an update to this much more quickly (in-tree!) than bug 1259457
|
|
Reporter | |
Comment 2•8 years ago
|
||
Currently, hgrc is isntalled in the centos6-build image, but it should instead be installed in the desktop-build image. It should probably have some other things from the hgrc linked in comment 0, too.
Summary: desktop-build should have a secure .hgrc → desktop-build should have a better .hgrc
|
||
Comment 4•8 years ago
|
||
This is partially addressed in bug 1247168. However, I removed desktop-build from the scope of that bug because it's a bit of work. Let's keep this bug open for now. It will likely get duped to a to-be-filed bug tracking moving desktop-build off tc-vcs.
|
|
Reporter | |
Comment 5•7 years ago
|
||
Builds now use the fingerprint from secrets.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
|
||
Updated•6 years ago
|
Product: Taskcluster → Taskcluster Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•