Change Details

**Current status:** Connecting to APNS requires the GeoTrust Global CA certificate which was removed from ca-certificates in recently published version 20200601~deb10u1. We currently have the package pinned to previous version 20190110 in the Blubberfile. A change reverting the removal of the certificate was merged but a new version has not yet been published. We should monitor the upstream bug and use the fixed version when it's available. --- **Original bug:** I've updated the push notifications service in the Beta Cluster (on deployment-push-notifications01) with the commit adding APNS support, and configured it with the `push-toolforge.p12` certificate and `production: true` for testing with the push-notifications-helper tool as described in src/outgoing/apns/readme.md. Problem: Requests to APNS fail with the following response: ``` { "sent": [], "failed": [ { "device": <device token>, "error": { "jse_shortmsg": "stream ended unexpectedly", "jse_info": {}, "message": "stream ended unexpectedly" } } ] } ``` The Beta Cluster push service can be tested locally by SSH'ing into deployment-push-notifications01 and forwarding port 8900: ``` ssh -L 8900:localhost:8900 deployment-push-notifications01.deployment-prep.eqiad1.wikimedia.cloud ```

**Upstream bug:** https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962596 --- **Current status:** Connecting to APNS requires the GeoTrust Global CA certificate which was removed from ca-certificates in recently published version 20200601~deb10u1. We currently have the package pinned to previous version 20190110 in the Blubberfile. A change reverting the removal of the certificate was merged but a new version has not yet been published. We should monitor the upstream bug and use the fixed version when it's available. --- **Original task description:** I've updated the push notifications service in the Beta Cluster (on deployment-push-notifications01) with the commit adding APNS support, and configured it with the `push-toolforge.p12` certificate and `production: true` for testing with the push-notifications-helper tool as described in src/outgoing/apns/readme.md. Problem: Requests to APNS fail with the following response: ``` { "sent": [], "failed": [ { "device": <device token>, "error": { "jse_shortmsg": "stream ended unexpectedly", "jse_info": {}, "message": "stream ended unexpectedly" } } ] } ``` The Beta Cluster push service can be tested locally by SSH'ing into deployment-push-notifications01 and forwarding port 8900: ``` ssh -L 8900:localhost:8900 deployment-push-notifications01.deployment-prep.eqiad1.wikimedia.cloud ```

**Upstream bug:** https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962596 --- **Current status:** Connecting to APNS requires the GeoTrust Global CA certificate which was removed from ca-certificates in recently published version 20200601~deb10u1. We currently have the package pinned to previous version 20190110 in the Blubberfile. A change reverting the removal of the certificate was merged but a new version has not yet been published. We should monitor the upstream bug and use the fixed version when it's available. --- **Original bug:**task description:** I've updated the push notifications service in the Beta Cluster (on deployment-push-notifications01) with the commit adding APNS support, and configured it with the `push-toolforge.p12` certificate and `production: true` for testing with the push-notifications-helper tool as described in src/outgoing/apns/readme.md. Problem: Requests to APNS fail with the following response: ``` { "sent": [], "failed": [ { "device": <device token>, "error": { "jse_shortmsg": "stream ended unexpectedly", "jse_info": {}, "message": "stream ended unexpectedly" } } ] } ``` The Beta Cluster push service can be tested locally by SSH'ing into deployment-push-notifications01 and forwarding port 8900: ``` ssh -L 8900:localhost:8900 deployment-push-notifications01.deployment-prep.eqiad1.wikimedia.cloud ```