Closed Bug 828140 Opened 13 years ago Closed 12 years ago

repos should be accessed via https, even hg.m.o

Categories

(Release Engineering :: General, defect)

Product:
Release Engineering
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: hwine, Unassigned)

References

Details

OpSec recommends using https for pulls, even for inside the firewall connections. Changing the URL is trivial - the work is to find the configuration tweaks such that the vcs apps won't complain about certs from the repo hosts we care about.
http://kiln.stackexchange.com/questions/2816/mercurial-certificate-warning-certificate-not-verified-web-cacerts I'm solving this in mozharness by aliasing 'hg' to ['hg', '--config', 'web.cacerts=/src/vcs_conversion/dummycert.pem'] after creating that bogus certificate. It looks like on linux we can just point to /etc/pki/tls/certs/ca-bundle.crt or /etc/ssl/certs/ca-certificates.crt depending if it's RHEL or Debian based.
That's one way. We can also just add the following to hgrc files or ~/.hgrc: [hostfingerprints] hg.mozilla.org = 10:78:e8:57:2d:95:de:7c:de:90:bd:22:e1:38:17:67:c5:a7:9c:14
I just added the above to the ~vcs2vcs/.hgrc file on github-sync3 to see if that was related to the job08 problems
Product: mozilla.org → Release Engineering
This is fixed in the new system, which we're pushing to get live.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Component: Tools → General
You need to log in before you can comment on or make changes to this bug.