Mercurial > mozreview > version-control-tools / changeset / 3ed7d5c8a4830934f0dbb5571e73765d29b7992b
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
docs: update hg.mozilla.org cert fingerprints (bug 1147548); r?dividehex draft
authorGregory Szorc <gps@mozilla.com>
Mon, 26 Sep 2016 09:10:28 -0700
changeset 9635 3ed7d5c8a4830934f0dbb5571e73765d29b7992b
parent 9634 15b2d8f281ef870b64425a9a9e69ec568ace1c72
push id1254
push userbmo:gps@mozilla.com
push dateMon, 26 Sep 2016 16:26:28 +0000
reviewersdividehex
bugs1147548
docs: update hg.mozilla.org cert fingerprints (bug 1147548); r?dividehex We publish a GPG signed document containing the certificate details for hg.mozilla.org. We update this document to describe the just-issued SHA-256 certificate that will be used in a few weeks. We also update the Mercurial config wizard to use the new certs. MozReview-Commit-ID: AuyFM5VY6dS
docs/vcs-server-info file | annotate | diff | comparison | revisions
docs/vcs-server-info.asc file | annotate | diff | comparison | revisions
hgext/configwizard/__init__.py file | annotate | diff | comparison | revisions
hgext/configwizard/tests/test-security.t file | annotate | diff | comparison | revisions 
--- a/docs/vcs-server-info
+++ b/docs/vcs-server-info
@@ -10,14 +10,24 @@ 256 MD5:96:eb:3b:78:f5:ca:19:e2:0c:a0:95
 RSA
 
 4096 SHA256:RX2OK8A1KNWdxyu6ibIPeEGLBzc5vyQW/wd7RKjBehc hg.mozilla.org
 4096 SHA1:p2MGe4wSw8ZnQ5J9ShBk/6VA+Co hg.mozilla.org
 4096 MD5:1c:f9:cf:76:de:b8:46:d6:5a:a3:00:8d:3b:0c:53:77 hg.mozilla.org
 
 
 The x509 certificate for https://hg.mozilla.org/ was last issued on
-2013-11-12 by DigiCert Secure Server CA and has the following
+2016-08-29 by DigiCert Secure Server CA and has the following
 fingerprints:
 
+SHA256:8E:AD:F7:6A:EB:44:06:15:ED:F3:E4:69:A6:64:60:37:2D:FF:98:88:37:BF:D7:B8:40:84:01:48:9C:26:CE:D9
+SHA1:73:7F:EF:AB:68:0F:49:3F:88:91:F0:B7:06:69:FD:8F:F2:55:C9:56
+
+This certificate expires on 2018-11-02.
+
+The previous certificate was issued on 2013-11-12 by DigiCert Secure Server
+CA and has the following fingerprints:
+
 SHA256:81:3D:75:69:E3:76:F8:5B:31:1E:92:C9:CF:56:23:F6:4B:C2:82:77:E3:63:FB:7F:28:65:D0:9A:88:FB:BE:B7
 SHA1:AF:27:B9:34:47:4E:E5:98:01:F6:83:2B:51:C9:AA:D8:DF:FB:1A:27
 
+This certificate expired on 2016-09-28.
+
--- a/docs/vcs-server-info.asc
+++ b/docs/vcs-server-info.asc
@@ -1,10 +1,10 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
+Hash: SHA256
 
 The SSH host keys for hg.mozilla.org have the following fingerprints
 (last changed 2016-04-01).
 
 ED25519 (server preferred key)
 
 256 SHA256:7MBAdqLe8+aSYkv+5/2LUUxd+WdgYcVSV+ZQVEKA7jA hg.mozilla.org
 256 SHA1:Ft++OU96cvaREKNFCJ6AiuCpGac hg.mozilla.org
@@ -13,31 +13,41 @@ 256 MD5:96:eb:3b:78:f5:ca:19:e2:0c:a0:95
 RSA
 
 4096 SHA256:RX2OK8A1KNWdxyu6ibIPeEGLBzc5vyQW/wd7RKjBehc hg.mozilla.org
 4096 SHA1:p2MGe4wSw8ZnQ5J9ShBk/6VA+Co hg.mozilla.org
 4096 MD5:1c:f9:cf:76:de:b8:46:d6:5a:a3:00:8d:3b:0c:53:77 hg.mozilla.org
 
 
 The x509 certificate for https://hg.mozilla.org/ was last issued on
-2013-11-12 by DigiCert Secure Server CA and has the following
+2016-08-29 by DigiCert Secure Server CA and has the following
 fingerprints:
 
+SHA256:8E:AD:F7:6A:EB:44:06:15:ED:F3:E4:69:A6:64:60:37:2D:FF:98:88:37:BF:D7:B8:40:84:01:48:9C:26:CE:D9
+SHA1:73:7F:EF:AB:68:0F:49:3F:88:91:F0:B7:06:69:FD:8F:F2:55:C9:56
+
+This certificate expires on 2018-11-02.
+
+The previous certificate was issued on 2013-11-12 by DigiCert Secure Server
+CA and has the following fingerprints:
+
 SHA256:81:3D:75:69:E3:76:F8:5B:31:1E:92:C9:CF:56:23:F6:4B:C2:82:77:E3:63:FB:7F:28:65:D0:9A:88:FB:BE:B7
 SHA1:AF:27:B9:34:47:4E:E5:98:01:F6:83:2B:51:C9:AA:D8:DF:FB:1A:27
 
+This certificate expired on 2016-09-28.
+
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
+Version: GnuPG v2
 
-iQIcBAEBAgAGBQJW/hhyAAoJEMOR9zuaWl0rLcsQAJ/Vz4N1AItuKmct43L65QlR
-QAGCPM7BJUzjNDoKembWMGp0aEMxbZjy+5pFRm7JTVyYQxYRYXTPyVYIjNXzpMUW
-SFD+c+vK5TZNkHEP86Uof+eXgsQBlh4SCQJ3b54aPK1NRxfAyTBHl7CgKR6GWsQ6
-qx7NpXafW4P+fQaEVtFaQp38d38/42p7WujtpNt2und1HizZJ4/4Z9BWZDq+FGhj
-XTwfRgwvdNBc1Xb4/z/kUVd0qzx+JaotGa3BdukP7Z1jHDxLi2u3Y5kHET4ZmYB5
-MX9lF2Su1VlrZ8JVI+XCYAnq6xaLhp3DO9XLWijVYVPRX7HZXpkztqAU+hfcAu4K
-K605KWe8KL+wSEMETCOOzRLkoHlcjae0raw/apdTFJdbDivB1qnAYsvB23KBIyrA
-VyUfw5SCA6FcZ3+/9iHNluzqO2oMvtcHWAEPBfzGH45sbix6A/c5Wxu3SFYEblgW
-AUlRu0NXGn0kI4STKZ4XFCb56na+Zu654DszFsi6bMbzyrmbo/XVIH9aN9gnJvza
-+rVrFATZhp3HO4JE9N1EPYtCkLeomOr9u92x98Lb6Q/geMLJA5YPZIK6kvKkzRvB
-vAVP3SrftoI8QJmpqDQntDT5ZO5vH95svXujavhW1t9duVNw+cLZszWzDuHjFGr+
-vJim3rv/FGt3iEsXwM0j
-=Ow+1
+iQIcBAEBCAAGBQJX6UhVAAoJEMOR9zuaWl0rY1YP/R+tmarSKROFQP/jPyoHxRC+
+YJqOzkqFIDCx9evLRSXqVcP2VVi61Zz70eK5MHtSnh3j16wUFAHa2HeBq3uWmRQp
+2xm9VKTyZCd+GkiLbXmQeyLWdCuN+XK/LgZx5hLFFYnru1Kf8pc6klekvPLkHeTc
+4qVmw1/05waZNC97vVijRf6TEtBkCWBQsU0RtgTuhHY83B1e6+6yF/0f439GZdd3
+qZlRylZ+GwLzwBNL3q3clGRM/GAsj042vxnBmoPu6nUEeHKQqNvDut1FkC9G+iU/
+g2pxcWGX3d84hg3sqJjGtHDh22bEh35lT+dA3SWk9Dhg2YbebSG/od3YNfSzloSQ
+94hEB9UcKb7V5VcnQ7O5F5sAgasI2Ia+izbSByJNem7f7pTxWEsqcQc79EKtFuDn
+X3qTMPwJcYeKR+cioi1D8Ixhpg9XIGCWJJVgwZMBqKppwjD8RGcaYadgv2IBhW+q
+fg1MM3k0rFooeCanU21OonnyqNxcbxFe0bG0s/Ymvm/thQYDm4PEHXrTrMdRnTm8
+k8hUrdLmGQCUX2ERvTQkZVR8r3pOCmsjJ7T2efSzViF1s1DwMa5JNAmYHhwlvBIH
+zQyUkBvUMxA26OwJjho4NAGUWG/BEhgqE5G1dzQIW4u5bubjGh+QkABgOnkaZkm1
+j38ZOTuy89oguuQd3qUq
+=F/pG
 -----END PGP SIGNATURE-----
--- a/hgext/configwizard/__init__.py
+++ b/hgext/configwizard/__init__.py
@@ -25,23 +25,23 @@ OUR_DIR = os.path.dirname(__file__)
 execfile(os.path.join(OUR_DIR, '..', 'bootstrap.py'))
 
 from configobj import ConfigObj
 
 
 HOST_FINGERPRINTS = {
     'bitbucket.org': '3f:d3:c5:17:23:3c:cd:f5:2d:17:76:06:93:7e:ee:97:42:21:14:aa',
     'bugzilla.mozilla.org': '7c:7a:c4:6c:91:3b:6b:89:cf:f2:8c:13:b8:02:c4:25:bd:1e:25:17',
-    'hg.mozilla.org': 'af:27:b9:34:47:4e:e5:98:01:f6:83:2b:51:c9:aa:d8:df:fb:1a:27',
+    'hg.mozilla.org': '73:7f:ef:ab:68:0f:49:3f:88:91:f0:b7:06:69:fd:8f:f2:55:c9:56',
 }
 
 MODERN_FINGERPRINTS = {
     'bitbucket.org': 'sha256:4e:65:3e:76:0f:81:59:85:5b:50:06:0c:c2:4d:3c:56:53:8b:83:3e:9b:fa:55:26:98:9a:ca:e2:25:03:92:47',
     'bugzilla.mozilla.org': 'sha256:10:95:a8:c1:e1:c3:18:fa:e4:95:40:99:11:07:6d:e3:79:ab:e5:b0:29:50:ff:40:e8:e8:63:c4:fd:f3:9f:cb',
-    'hg.mozilla.org': 'sha256:81:3d:75:69:e3:76:f8:5b:31:1e:92:c9:cf:56:23:f6:4b:c2:82:77:e3:63:fb:7f:28:65:d0:9a:88:fb:be:b7',
+    'hg.mozilla.org': 'sha256:8e:ad:f7:6a:eb:44:06:15:ed:f3:e4:69:a6:64:60:37:2d:ff:98:88:37:bf:d7:b8:40:84:01:48:9c:26:ce:d9',
 }
 
 INITIAL_MESSAGE = '''
 This wizard will guide you through configuring Mercurial for an optimal
 experience contributing to Mozilla projects.
 
 The wizard makes no changes without your permission.
 
--- a/hgext/configwizard/tests/test-security.t
+++ b/hgext/configwizard/tests/test-security.t
@@ -25,17 +25,17 @@ Modern Mercurial doesn't need to pin fin
   To begin, press the enter/return key.
    <RETURN>
   Your config file needs updating.
   Would you like to see a diff of the changes first (Yn)?  y
   --- hgrc.old
   +++ hgrc.new
   @@ -1,1 +1,4 @@
   +[hostfingerprints]
-  +hg.mozilla.org = af:27:b9:34:47:4e:e5:98:01:f6:83:2b:51:c9:aa:d8:df:fb:1a:27
+  +hg.mozilla.org = 73:7f:ef:ab:68:0f:49:3f:88:91:f0:b7:06:69:fd:8f:f2:55:c9:56
   +bitbucket.org = 3f:d3:c5:17:23:3c:cd:f5:2d:17:76:06:93:7e:ee:97:42:21:14:aa
   +bugzilla.mozilla.org = 7c:7a:c4:6c:91:3b:6b:89:cf:f2:8c:13:b8:02:c4:25:bd:1e:25:17
 
   Write changes to hgrc file (Yn)?  y
 
 #endif
 
 #if no-sslcontext hg39+
@@ -50,17 +50,17 @@ Modern Mercurial doesn't need to pin fin
   To begin, press the enter/return key.
    <RETURN>
   Your config file needs updating.
   Would you like to see a diff of the changes first (Yn)?  y
   --- hgrc.old
   +++ hgrc.new
   @@ -1,1 +1,4 @@
   +[hostsecurity]
-  +hg.mozilla.org:fingerprints = sha256:81:3d:75:69:e3:76:f8:5b:31:1e:92:c9:cf:56:23:f6:4b:c2:82:77:e3:63:fb:7f:28:65:d0:9a:88:fb:be:b7
+  +hg.mozilla.org:fingerprints = sha256:8e:ad:f7:6a:eb:44:06:15:ed:f3:e4:69:a6:64:60:37:2d:ff:98:88:37:bf:d7:b8:40:84:01:48:9c:26:ce:d9
   +bitbucket.org:fingerprints = sha256:4e:65:3e:76:0f:81:59:85:5b:50:06:0c:c2:4d:3c:56:53:8b:83:3e:9b:fa:55:26:98:9a:ca:e2:25:03:92:47
   +bugzilla.mozilla.org:fingerprints = sha256:10:95:a8:c1:e1:c3:18:fa:e4:95:40:99:11:07:6d:e3:79:ab:e5:b0:29:50:ff:40:e8:e8:63:c4:fd:f3:9f:cb
 
   Write changes to hgrc file (Yn)?  y
 
 #endif
 
 #if no-hg39+
@@ -81,17 +81,17 @@ Modern Mercurial doesn't need to pin fin
    <RETURN>
   Your config file needs updating.
   Would you like to see a diff of the changes first (Yn)?  y
   --- hgrc.old
   +++ hgrc.new
   @@ -1,2 +1,2 @@
    [hostfingerprints]
   -hg.mozilla.org = aa:bb:cc:dd
-  +hg.mozilla.org = af:27:b9:34:47:4e:e5:98:01:f6:83:2b:51:c9:aa:d8:df:fb:1a:27
+  +hg.mozilla.org = 73:7f:ef:ab:68:0f:49:3f:88:91:f0:b7:06:69:fd:8f:f2:55:c9:56
   
   Write changes to hgrc file (Yn)?  y
 
 #endif
 
 #if hg39+
 [hostfingerprints] deleted and converted to [hostsecurity]
 (Note: no new fingerprints are added)
@@ -112,14 +112,14 @@ Modern Mercurial doesn't need to pin fin
   Your config file needs updating.
   Would you like to see a diff of the changes first (Yn)?  y
   --- hgrc.old
   +++ hgrc.new
   @@ -1,2 +1,2 @@
   -[hostfingerprints]
   -hg.mozilla.org = aa:bb:cc:dd
   +[hostsecurity]
-  +hg.mozilla.org:fingerprints = sha256:81:3d:75:69:e3:76:f8:5b:31:1e:92:c9:cf:56:23:f6:4b:c2:82:77:e3:63:fb:7f:28:65:d0:9a:88:fb:be:b7
+  +hg.mozilla.org:fingerprints = sha256:8e:ad:f7:6a:eb:44:06:15:ed:f3:e4:69:a6:64:60:37:2d:ff:98:88:37:bf:d7:b8:40:84:01:48:9c:26:ce:d9
   
   Write changes to hgrc file (Yn)?  y
 
 
 #endif
version-control-tools
Deployed from 4e825768105f at 2024-04-08T16:23:59Z.