Status

enhancement
RESOLVED FIXED
5 months ago
3 months ago

People

(Reporter: aki, Assigned: aki)

Tracking

(Blocks 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(5 attachments)

  • [X] audit for cot verification falling back to gpg
  • [X] update mobile workerTypes to use the ed25519-enabled AMIs
  • [X] update in-tree chainOfTrust.json.asc download to download chain-of-trust.json
  • [X] remove gpg support from scriptworker
    • [X] remove scriptworker gpg support from puppet
    • [X] remove scriptworker cot gpg keypair from hiera
    • [X] remove rebuild_gpg_homedirs nagios monitoring
    • [X] archive cot-gpg-keys repo
    • [X] remove cot-gpg-keys expiration hook
  • [ ] remove gpg support from docker-worker
  • [X] remove gpg support from generic-worker
Keywords: leave-open
Pushed by asasaki@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4768e2c08459
download chain-of-trust.json instead of chainOfTrust.json.asc r=tomprince

Johan, this task for focus-android is still using an old AMI. Do we need to support that task? If so, could we bump the AMI for that workerType, or switch it to use a valid workerType?

Flags: needinfo?(jlorenzo)

Thank you for pointing this out. I forgot about that worker type, because of the prefix. We eventually want to get rid of it, but not now. I updated the AMIs. Please let me know if this doesn't work tomorrow.

Flags: needinfo?(jlorenzo)

Thanks!

I noticed m-r was still downloading chainOfTrust.json.asc; uplifting.
https://hg.mozilla.org/releases/mozilla-release/rev/7174884ffa0f

Chain of Trust gpg verification is essentially removed. We still have the two generic- and docker-worker PRs to stop generating gpg signatures; those can be reviewed and land at any point.

generic-worker and docker-worker have both merged the remove-gpg PRs.

Status: NEW → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Keywords: leave-open
You need to log in before you can comment on or make changes to this bug.