Closed Bug 1534506 Opened 6 years ago Closed 5 years ago

remove cot gpg support

Categories

(Release Engineering :: Release Automation: Other, enhancement)

Product:
Release Engineering
Component:
Release Automation: Other
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mozilla, Assigned: mozilla)

References

(Blocks 1 open bug)

Details

Attachments

(5 files)

Bug 1534506 - download chain-of-trust.json instead of chainOfTrust.json.asc r=tomprince
(deleted), text/x-phabricator-request
Details
scriptworker - remove cot gpg support
(deleted), text/x-github-pull-request
Details
puppet - roll out scriptworker 23.0.0, remove gpg support
(deleted), text/x-github-pull-request
Details
docker-worker - remove cot gpg support
(deleted), text/x-github-pull-request
Details
generic-worker - remove cot gpg support
(deleted), text/x-github-pull-request
Details
  • [X] audit for cot verification falling back to gpg
  • [X] update mobile workerTypes to use the ed25519-enabled AMIs
  • [X] update in-tree chainOfTrust.json.asc download to download chain-of-trust.json
  • [X] remove gpg support from scriptworker
    • [X] remove scriptworker gpg support from puppet
    • [X] remove scriptworker cot gpg keypair from hiera
    • [X] remove rebuild_gpg_homedirs nagios monitoring
    • [X] archive cot-gpg-keys repo
    • [X] remove cot-gpg-keys expiration hook
  • [ ] remove gpg support from docker-worker
  • [X] remove gpg support from generic-worker
Keywords: leave-open
Pushed by asasaki@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4768e2c08459 download chain-of-trust.json instead of chainOfTrust.json.asc r=tomprince

Johan, this task for focus-android is still using an old AMI. Do we need to support that task? If so, could we bump the AMI for that workerType, or switch it to use a valid workerType?

Flags: needinfo?(jlorenzo)

Thank you for pointing this out. I forgot about that worker type, because of the prefix. We eventually want to get rid of it, but not now. I updated the AMIs. Please let me know if this doesn't work tomorrow.

Flags: needinfo?(jlorenzo)

Thanks!

Attached file scriptworker - remove cot gpg support (deleted) —

I noticed m-r was still downloading chainOfTrust.json.asc; uplifting.
https://hg.mozilla.org/releases/mozilla-release/rev/7174884ffa0f

Chain of Trust gpg verification is essentially removed. We still have the two generic- and docker-worker PRs to stop generating gpg signatures; those can be reviewed and land at any point.

generic-worker and docker-worker have both merged the remove-gpg PRs.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Keywords: leave-open
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: