5 months ago
3 months ago


(Reporter: aki, Assigned: aki)


(Blocks 1 bug)

Firefox Tracking Flags

(Not tracked)



(5 attachments)

  • [X] audit for cot verification falling back to gpg
  • [X] update mobile workerTypes to use the ed25519-enabled AMIs
  • [X] update in-tree chainOfTrust.json.asc download to download chain-of-trust.json
  • [X] remove gpg support from scriptworker
    • [X] remove scriptworker gpg support from puppet
    • [X] remove scriptworker cot gpg keypair from hiera
    • [X] remove rebuild_gpg_homedirs nagios monitoring
    • [X] archive cot-gpg-keys repo
    • [X] remove cot-gpg-keys expiration hook
  • [ ] remove gpg support from docker-worker
  • [X] remove gpg support from generic-worker
Keywords: leave-open
Pushed by
download chain-of-trust.json instead of chainOfTrust.json.asc r=tomprince

Johan, this task for focus-android is still using an old AMI. Do we need to support that task? If so, could we bump the AMI for that workerType, or switch it to use a valid workerType?

Flags: needinfo?(jlorenzo)

Thank you for pointing this out. I forgot about that worker type, because of the prefix. We eventually want to get rid of it, but not now. I updated the AMIs. Please let me know if this doesn't work tomorrow.

Flags: needinfo?(jlorenzo)


I noticed m-r was still downloading chainOfTrust.json.asc; uplifting.

Chain of Trust gpg verification is essentially removed. We still have the two generic- and docker-worker PRs to stop generating gpg signatures; those can be reviewed and land at any point.

generic-worker and docker-worker have both merged the remove-gpg PRs.

Closed: 3 months ago
Resolution: --- → FIXED
Keywords: leave-open
You need to log in before you can comment on or make changes to this bug.