1452759 - bad cot signature from gecko-3-decision i-0191034f4500f971b

Status: RESOLVED FIXED

(Taskcluster :: Workers, defect)

Description

[Aki Sasaki (not active)]

This is blocking Firefox, Fennec, and Devedition 60.0b11, and potentially any upcoming chemspills.

Looking at https://tools.taskcluster.net/groups/SAbkYTtbTK-djVlCCRmunQ/tasks/FQ2qRYLCQPGpwT4Nz1fjIg/runs/0 : verifying the chainOfTrust.json.asc gives me

10089$ gpg -vvv chainOfTrust.json.asc
gpg: using character set `US-ASCII'
gpg: armor: BEGIN PGP SIGNED MESSAGE
Hash: SHA256
:packet 63: length 19 - gpg control packet
:literal data packet:
        mode t (74), created 0, name="",
        raw data: unknown length
gpg: armor header:
gpg: original file name=''
gpg: armor: BEGIN PGP SIGNATURE
Version: OpenPGP.js v2.4.0
gpg: armor header:
Comment: http://openpgpjs.org
:signature packet: algo 1, keyid 8415F5B895C73212
        version 4, created 1523303337, md5len 0, sigclass 0x01
        digest algo 8, begin of digest 77 b9
        hashed subpkt 2 len 4 (sig created 2018-04-09)
        hashed subpkt 16 len 8 (issuer key ID 8415F5B895C73212)
        data: [2045 bits]
gpg: armor header:
gpg: invalid armor: line longer than 20000 characters
gpg: Signature made Mon Apr  9 12:48:57 2018 PDT
gpg:                using RSA key 0x8415F5B895C73212
gpg: using PGP trust model
gpg: key 0x4654904BB484B6B2: accepted as trusted key
gpg: BAD signature from "Docker-Worker <taskcluster-accounts+gpgsigning@mozilla.com>" [unknown]
gpg: textmode signature, digest algorithm SHA256

I'm wondering if this is the same as bug 1452266 ? Either an AMI rollback or indenting the chainOfTrust.json may both fix if my hunch is correct.

Comment 1

[Aki Sasaki (not active)]

Looks like our partner config slipped in to beta, where we don't need it yet.
I'll take that out, which will probably put us under 20k. However, we should strongly consider landing a fix for bug 1452266 in the near future.

Thanks!