--- a/manifests/moco-nodes.pp
+++ b/manifests/moco-nodes.pp
@@ -891,91 +891,115 @@ node 'buildbot-master140.bb.releng.usw2.
node /log-aggregator\d+\.srv\.releng\.(mdc1|scl3|use1|usw2)\.mozilla\.com/ {
$aspects = [ 'high-security' ]
$is_log_aggregator_host = 'true'
include fw::profiles::log_aggregator
include toplevel::server::log_aggregator
}
# Signing workers
-node /signingworker-.*\.srv\.releng\..*\.mozilla\.com/ {
+node /^signingworker-.*\.srv\.releng\..*\.mozilla\.com$/ {
$aspects = [ 'maximum-security' ]
$only_user_ssh = true
include toplevel::server::signingworker
}
# Signing scriptworkers
-node /signing-linux-\d*\.srv\.releng\..*\.mozilla\.com/ {
+node /^signing-linux-\d*\.srv\.releng\..*\.mozilla\.com$/ {
$aspects = [ 'maximum-security' ]
$signing_scriptworker_env = 'prod'
$timezone = 'UTC'
$only_user_ssh = true
include toplevel::server::signingscriptworker
}
-node /depsigning-worker.*\.srv\.releng\..*\.mozilla\.com/ {
+node /^depsigning-worker.*\.srv\.releng\..*\.mozilla\.com$/ {
$aspects = [ 'maximum-security' ]
$signing_scriptworker_env = 'dep'
$timezone = 'UTC'
$only_user_ssh = true
include toplevel::server::signingscriptworker
}
-node /signing-linux-dev.*\.releng\..*\.mozilla\.com/ {
+node /^signing-linux-dev.*\.releng\..*\.mozilla\.com$/ {
$aspects = [ 'maximum-security' ]
$signing_scriptworker_env = 'dev'
$timezone = 'UTC'
$only_user_ssh = true
include toplevel::server::signingscriptworker
}
+node /^tb-depsigning-worker.*\.srv\.releng\..*\.mozilla\.com$/ {
+ $aspects = [ 'maximum-security' ]
+ $signing_scriptworker_env = 'comm-thunderbird-dep'
+ $timezone = 'UTC'
+ $only_user_ssh = true
+ include toplevel::server::signingscriptworker
+}
+
# Balrog scriptworkers
-node /balrogworker-\d*\.srv\.releng\..*\.mozilla\.com/ {
+node /^balrogworker-\d*\.srv\.releng\..*\.mozilla\.com$/ {
$aspects = [ 'maximum-security' ]
$balrogworker_env = 'prod'
$timezone = 'UTC'
$only_user_ssh = true
include toplevel::server::balrogscriptworker
}
-node /balrogworker-dev\d*\.srv\.releng\..*\.mozilla\.com/ {
+node /^balrogworker-dev\d*\.srv\.releng\..*\.mozilla\.com$/ {
$aspects = [ 'maximum-security' ]
$balrogworker_env = 'dev'
$timezone = 'UTC'
$only_user_ssh = true
include toplevel::server::balrogscriptworker
}
+node /^tb-balrogworker-dev\d*\.srv\.releng\..*\.mozilla\.com$/ {
+ $aspects = [ 'maximum-security' ]
+ $balrogworker_env = 'comm-thunderbird-dev'
+ $timezone = 'UTC'
+ $only_user_ssh = true
+ include toplevel::server::balrogscriptworker
+}
+
# Beetmover scriptworkers
-node /beetmoverworker-.*\.srv\.releng\..*\.mozilla\.com/ {
+node /^beetmoverworker-.*\.srv\.releng\..*\.mozilla\.com$/ {
$aspects = [ 'maximum-security' ]
$beetmoverworker_env = 'prod'
$timezone = 'UTC'
$only_user_ssh = true
include toplevel::server::beetmoverscriptworker
}
-node /beetmover-dev.*\.srv\.releng\..*\.mozilla\.com/ {
+node /^beetmover-dev.*\.srv\.releng\..*\.mozilla\.com$/ {
$aspects = [ 'maximum-security' ]
$beetmoverworker_env = 'dev'
$timezone = 'UTC'
$only_user_ssh = true
include toplevel::server::beetmoverscriptworker
}
+node /^tb-beetmover-dev.*\.srv\.releng\..*\.mozilla\.com$/ {
+ $aspects = [ 'maximum-security' ]
+ $beetmoverworker_env = 'comm-thunderbird-dev'
+ $timezone = 'UTC'
+ $only_user_ssh = true
+ include toplevel::server::beetmoverscriptworker
+}
+
# Pushapk scriptworkers
-node /dep-pushapkworker-.*\.srv\.releng\..*\.mozilla\.com/ {
+node /^dep-pushapkworker-.*\.srv\.releng\..*\.mozilla\.com$/ {
$aspects = [ 'maximum-security' ]
$pushapk_scriptworker_env = 'dep'
$timezone = 'UTC'
$only_user_ssh = true
include toplevel::server::pushapkscriptworker
}
-node /pushapkworker-.*\.srv\.releng\..*\.mozilla\.com/ {
+node /^pushapkworker-.*\.srv\.releng\..*\.mozilla\.com$/ {
$aspects = [ 'maximum-security' ]
$pushapk_scriptworker_env = 'prod'
$timezone = 'UTC'
$only_user_ssh = true
include toplevel::server::pushapkscriptworker
}
# Transparency scriptworkers
--- a/modules/balrog_scriptworker/manifests/settings.pp
+++ b/modules/balrog_scriptworker/manifests/settings.pp
@@ -35,11 +35,25 @@ class balrog_scriptworker::settings {
dummy => false,
tools_repo => 'https://hg.mozilla.org/build/tools',
taskcluster_client_id => 'project/releng/scriptworker/balrogworker',
taskcluster_access_token => secret('balrogworker_prod_taskcluster_access_token'),
worker_type => 'balrogworker-v1',
sign_chain_of_trust => true,
verify_chain_of_trust => true,
verify_cot_signature => true,
- }
+ },
+ 'comm-thunderbird-dev' => {
+ balrog_username => 'balrog-stage-ffxbld',
+ balrog_password => secret('balrog-stage-ffxbld_ldap_password'),
+ balrog_api_root => 'https://balrog-admin.stage.mozaws.net/api',
+
+ dummy => true,
+ tools_repo => 'https://hg.mozilla.org/build/tools',
+ taskcluster_client_id => 'project/comm/thunderbird/scriptworker/balrogworker/dev',
+ taskcluster_access_token => secret('comm_thunderbird_dev_balrogworker_taskcluster_access_token'),
+ worker_type => 'comm-tb-balrog-dev',
+ sign_chain_of_trust => false,
+ verify_chain_of_trust => true,
+ verify_cot_signature => false,
+ },
}
}
--- a/modules/beetmover_scriptworker/manifests/init.pp
+++ b/modules/beetmover_scriptworker/manifests/init.pp
@@ -68,22 +68,23 @@ class beetmover_scriptworker {
task_script => $beetmover_scriptworker::settings::task_script,
task_script_config => $beetmover_scriptworker::settings::task_script_config,
username => $users::builder::username,
group => $users::builder::group,
taskcluster_client_id => $env_config["taskcluster_client_id"],
taskcluster_access_token => $env_config["taskcluster_access_token"],
- worker_group => $beetmover_scriptworker::settings::worker_group,
+ worker_group => $env_config['worker_group'],
worker_type => $env_config["worker_type"],
task_max_timeout => $beetmover_scriptworker::settings::task_max_timeout,
cot_job_type => 'beetmover',
+ cot_product => $env_config['cot_product'],
sign_chain_of_trust => $env_config["sign_chain_of_trust"],
verify_chain_of_trust => $env_config["verify_chain_of_trust"],
verify_cot_signature => $env_config["verify_cot_signature"],
verbose_logging => $beetmover_scriptworker::settings::verbose_logging,
}
--- a/modules/beetmover_scriptworker/manifests/settings.pp
+++ b/modules/beetmover_scriptworker/manifests/settings.pp
@@ -3,62 +3,89 @@
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
class beetmover_scriptworker::settings {
$root = '/builds/scriptworker'
$task_script = "${root}/bin/beetmoverscript"
$task_script_config = "${root}/script_config.json"
$task_max_timeout = 1800
- $worker_group = 'beetmoverworker-v1'
$verbose_logging = true
$env_config = {
'dev' => {
- nightly_beetmover_aws_access_key_id => secret('stage-beetmover-aws_access_key_id'),
- nightly_beetmover_aws_secret_access_key => secret('stage-beetmover-aws_secret_access_key'),
- nightly_beetmover_aws_s3_firefox_bucket => 'net-mozaws-stage-delivery-firefox',
- nightly_beetmover_aws_s3_fennec_bucket => 'net-mozaws-stage-delivery-archive',
-
- release_beetmover_aws_access_key_id => secret('stage-beetmover-aws_access_key_id'),
- release_beetmover_aws_secret_access_key => secret('stage-beetmover-aws_secret_access_key'),
- release_beetmover_aws_s3_firefox_bucket => 'net-mozaws-stage-delivery-firefox',
- release_beetmover_aws_s3_fennec_bucket => 'net-mozaws-stage-delivery-archive',
-
dep_beetmover_aws_access_key_id => secret('stage-beetmover-aws_access_key_id'),
dep_beetmover_aws_secret_access_key => secret('stage-beetmover-aws_secret_access_key'),
- dep_beetmover_aws_s3_firefox_bucket => 'net-mozaws-stage-delivery-firefox',
- dep_beetmover_aws_s3_fennec_bucket => 'net-mozaws-stage-delivery-archive',
+ dep_buckets => {
+ devedition => 'net-mozaws-stage-delivery-firefox',
+ firefox => 'net-mozaws-stage-delivery-firefox',
+ fennec => 'net-mozaws-stage-delivery-archive',
+ mobile => 'net-mozaws-stage-delivery-archive',
+ },
config_template => 'beetmover_scriptworker/dev_script_config.json.erb',
worker_type => 'beetmoverworker-dev',
+ worker_group => 'beetmoverworker-dev',
taskcluster_client_id => 'project/releng/scriptworker/beetmover-dev',
taskcluster_access_token => secret('beetmoverworker_dev_taskcluster_access_token'),
sign_chain_of_trust => false,
verify_chain_of_trust => true,
verify_cot_signature => false,
+ cot_product => 'firefox',
},
'prod' => {
nightly_beetmover_aws_access_key_id => secret('nightly-beetmover-aws_access_key_id'),
nightly_beetmover_aws_secret_access_key => secret('nightly-beetmover-aws_secret_access_key'),
- nightly_beetmover_aws_s3_firefox_bucket => 'net-mozaws-prod-delivery-firefox',
- nightly_beetmover_aws_s3_fennec_bucket => 'net-mozaws-prod-delivery-archive',
+ nightly_buckets => {
+ devedition => 'net-mozaws-prod-delivery-firefox',
+ firefox => 'net-mozaws-prod-delivery-firefox',
+ fennec => 'net-mozaws-prod-delivery-archive',
+ mobile => 'net-mozaws-prod-delivery-archive',
+ },
release_beetmover_aws_access_key_id => secret('beetmover-aws_access_key_id'),
release_beetmover_aws_secret_access_key => secret('beetmover-aws_secret_access_key'),
- release_beetmover_aws_s3_firefox_bucket => 'net-mozaws-prod-delivery-firefox',
- release_beetmover_aws_s3_fennec_bucket => 'net-mozaws-prod-delivery-archive',
+ release_buckets => {
+ devedition => 'net-mozaws-prod-delivery-firefox',
+ firefox => 'net-mozaws-prod-delivery-firefox',
+ fennec => 'net-mozaws-prod-delivery-archive',
+ mobile => 'net-mozaws-prod-delivery-archive',
+ },
dep_beetmover_aws_access_key_id => secret('stage-beetmover-aws_access_key_id'),
dep_beetmover_aws_secret_access_key => secret('stage-beetmover-aws_secret_access_key'),
- dep_beetmover_aws_s3_firefox_bucket => 'net-mozaws-stage-delivery-firefox',
- dep_beetmover_aws_s3_fennec_bucket => 'net-mozaws-stage-delivery-archive',
+ dep_buckets => {
+ devedition => 'net-mozaws-stage-delivery-firefox',
+ firefox => 'net-mozaws-stage-delivery-firefox',
+ fennec => 'net-mozaws-stage-delivery-archive',
+ mobile => 'net-mozaws-stage-delivery-archive',
+ },
config_template => 'beetmover_scriptworker/prod_script_config.json.erb',
worker_type => 'beetmoverworker-v1',
+ worker_group => 'beetmoverworker-v1',
taskcluster_client_id => 'project/releng/scriptworker/beetmoverworker',
taskcluster_access_token => secret('beetmoverworker_prod_taskcluster_access_token'),
sign_chain_of_trust => true,
verify_chain_of_trust => true,
verify_cot_signature => true,
- }
+ cot_product => 'firefox',
+ },
+ 'comm-thunderbird-dev' => {
+ dep_beetmover_aws_access_key_id => secret('comm_thunderbird_dev-beetmover-aws_access_key_id'),
+ dep_beetmover_aws_secret_access_key => secret('comm_thunderbird_dev-beetmover-aws_secret_access_key'),
+ dep_buckets => {
+ # TODO Verify thunderbird bucket name
+ 'thundebird': 'net-mozaws-stage-delivery-comm-thundebird',
+ },
+
+ config_template => 'beetmover_scriptworker/dev_script_config.json.erb',
+ worker_type => 'tb-beetmover-dev',
+ worker_group => 'tb-beetmover-dev',
+ taskcluster_client_id => 'project/comm/thunderbird/scriptworker/beetmover/dev',
+ taskcluster_access_token => secret('beetmoverworker_dev_taskcluster_access_token'),
+ sign_chain_of_trust => false,
+ verify_chain_of_trust => true,
+ verify_cot_signature => false,
+ cot_product => 'thunderbird',
+ },
}
}
--- a/modules/beetmover_scriptworker/templates/dev_script_config.json.erb
+++ b/modules/beetmover_scriptworker/templates/dev_script_config.json.erb
@@ -2,17 +2,12 @@
<%= scope.function_template(["beetmover_scriptworker/base_script_config.json.erb"]) %>
"bucket_config": {
"dep": {
"credentials": {
"id": "<%= @env_config["dep_beetmover_aws_access_key_id"] %>",
"key": "<%= @env_config["dep_beetmover_aws_secret_access_key"] %>"
},
- "buckets": {
- "firefox": "<%= @env_config["dep_beetmover_aws_s3_firefox_bucket"] %>",
- "fennec": "<%= @env_config["dep_beetmover_aws_s3_fennec_bucket"] %>",
- "mobile": "<%= @env_config["dep_beetmover_aws_s3_fennec_bucket"] %>",
- "devedition": "<%= @env_config["dep_beetmover_aws_s3_fennec_bucket"] %>"
- }
+ "buckets": <%= require "json"; JSON.pretty_generate(@env_config["dep_buckets"]) %>
}
}
}
--- a/modules/beetmover_scriptworker/templates/prod_script_config.json.erb
+++ b/modules/beetmover_scriptworker/templates/prod_script_config.json.erb
@@ -2,40 +2,26 @@
<%= scope.function_template(["beetmover_scriptworker/base_script_config.json.erb"]) %>
"bucket_config": {
"nightly": {
"credentials": {
"id": "<%= @env_config["nightly_beetmover_aws_access_key_id"] %>",
"key": "<%= @env_config["nightly_beetmover_aws_secret_access_key"] %>"
},
- "buckets": {
- "firefox": "<%= @env_config["nightly_beetmover_aws_s3_firefox_bucket"] %>",
- "fennec": "<%= @env_config["nightly_beetmover_aws_s3_fennec_bucket"] %>",
- "mobile": "<%= @env_config["nightly_beetmover_aws_s3_fennec_bucket"] %>"
- }
+ "buckets": <%= require "json"; JSON.pretty_generate(@env_config["nightly_buckets"]) %>
},
"release": {
"credentials": {
"id": "<%= @env_config["release_beetmover_aws_access_key_id"] %>",
"key": "<%= @env_config["release_beetmover_aws_secret_access_key"] %>"
},
- "buckets": {
- "firefox": "<%= @env_config["release_beetmover_aws_s3_firefox_bucket"] %>",
- "fennec": "<%= @env_config["release_beetmover_aws_s3_fennec_bucket"] %>",
- "mobile": "<%= @env_config["release_beetmover_aws_s3_fennec_bucket"] %>",
- "devedition": "<%= @env_config["release_beetmover_aws_s3_fennec_bucket"] %>"
- }
+ "buckets": <%= require "json"; JSON.pretty_generate(@env_config["release_buckets"]) %>
},
"dep": {
"credentials": {
"id": "<%= @env_config["dep_beetmover_aws_access_key_id"] %>",
"key": "<%= @env_config["dep_beetmover_aws_secret_access_key"] %>"
},
- "buckets": {
- "firefox": "<%= @env_config["dep_beetmover_aws_s3_firefox_bucket"] %>",
- "fennec": "<%= @env_config["dep_beetmover_aws_s3_fennec_bucket"] %>",
- "mobile": "<%= @env_config["dep_beetmover_aws_s3_fennec_bucket"] %>",
- "devedition": "<%= @env_config["dep_beetmover_aws_s3_fennec_bucket"] %>"
- }
+ "buckets": <%= require "json"; JSON.pretty_generate(@env_config["dep_buckets"]) %>
}
}
}
--- a/modules/scriptworker/manifests/instance.pp
+++ b/modules/scriptworker/manifests/instance.pp
@@ -10,16 +10,17 @@ define scriptworker::instance(
$username,
$group,
$taskcluster_client_id,
$taskcluster_access_token,
$worker_group,
$worker_type,
$cot_job_type,
+ $cot_product = 'firefox',
$work_dir = "${basedir}/work",
$script_worker_config = "${basedir}/scriptworker.yaml",
$task_script_executable = "${basedir}/bin/python",
$task_script_config = "${basedir}/script_config.json",
$worker_id = $hostname,
$task_max_timeout = 3600,
--- a/modules/signing_scriptworker/manifests/init.pp
+++ b/modules/signing_scriptworker/manifests/init.pp
@@ -74,21 +74,22 @@ class signing_scriptworker {
task_script => $signing_scriptworker::settings::task_script,
task_script_config => $signing_scriptworker::settings::task_script_config,
username => $users::signer::username,
group => $users::signer::group,
taskcluster_client_id => $env_config['taskcluster_client_id'],
taskcluster_access_token => $env_config['taskcluster_access_token'],
- worker_group => $signing_scriptworker::settings::worker_group,
+ worker_group => $env_config['worker_group'],
worker_type => $env_config['worker_type'],
task_max_timeout => $signing_scriptworker::settings::task_max_timeout,
cot_job_type => 'signing',
+ cot_product => $env_config['cot_product'],
sign_chain_of_trust => $env_config["sign_chain_of_trust"],
verify_chain_of_trust => $env_config["verify_chain_of_trust"],
verify_cot_signature => $env_config["verify_cot_signature"],
verbose_logging => $signing_scriptworker::settings::verbose
}
--- a/modules/signing_scriptworker/manifests/settings.pp
+++ b/modules/signing_scriptworker/manifests/settings.pp
@@ -4,43 +4,64 @@
class signing_scriptworker::settings {
include ::config
$root = $config::scriptworker_root
$task_max_timeout = 3600
$task_script = "${root}/bin/signingscript"
$task_script_config = "${root}/script_config.json"
$verbose = true
- $worker_group = 'signing-linux-v1'
$env_config = {
'dev' => {
worker_type => 'signing-linux-dev',
+ worker_group => 'signing-linux-dev',
taskcluster_client_id => secret('dev_signing_scriptworker_taskcluster_client_id'),
taskcluster_access_token => secret('dev_signing_scriptworker_taskcluster_access_token'),
passwords_template => 'dep-passwords.json.erb',
+ dep_signing_scope => 'project:releng:signing:cert:dep-signing',
sign_chain_of_trust => false,
verify_chain_of_trust => true,
verify_cot_signature => false,
+ cot_product => 'firefox',
datadog_api_key => secret('scriptworker_datadog_api_key')
},
'dep' => {
worker_type => 'depsigning',
+ worker_group => 'depsigning',
taskcluster_client_id => secret('dep_signing_scriptworker_taskcluster_client_id'),
taskcluster_access_token => secret('dep_signing_scriptworker_taskcluster_access_token'),
passwords_template => 'dep-passwords.json.erb',
+ dep_signing_scope => 'project:releng:signing:cert:dep-signing',
sign_chain_of_trust => false,
verify_chain_of_trust => true,
verify_cot_signature => false,
+ cot_product => 'firefox',
datadog_api_key => secret('scriptworker_datadog_api_key')
},
'prod' => {
worker_type => 'signing-linux-v1',
+ worker_group => 'signing-linux-v1',
taskcluster_client_id => secret('signing_scriptworker_taskcluster_client_id'),
taskcluster_access_token => secret('signing_scriptworker_taskcluster_access_token'),
passwords_template => 'passwords.json.erb',
+ dep_signing_scope => 'project:releng:signing:cert:dep-signing',
sign_chain_of_trust => true,
verify_chain_of_trust => true,
verify_cot_signature => true,
+ cot_product => 'firefox',
datadog_api_key => secret('scriptworker_datadog_api_key')
- }
+ },
+ 'comm-thunderbird-dep' => {
+ worker_type => 'tb-depsigning',
+ worker_group => 'tb-depsigning',
+ taskcluster_client_id => secret('comm_thunderbird_dep_signing_scriptworker_taskcluster_client_id'),
+ taskcluster_access_token => secret('comm_thunderbird_dep_signing_scriptworker_taskcluster_access_token'),
+ passwords_template => 'dep-passwords.json.erb',
+ dep_signing_scope => 'project:comm:thunderbird:signing:cert:dep-signing',
+ sign_chain_of_trust => false,
+ verify_chain_of_trust => true,
+ verify_cot_signature => false,
+ cot_product => 'thunderbird',
+ datadog_api_key => secret('scriptworker_datadog_api_key')
+ },
}
}
--- a/modules/signing_scriptworker/templates/dep-passwords.json.erb
+++ b/modules/signing_scriptworker/templates/dep-passwords.json.erb
@@ -1,13 +1,13 @@
{
- "project:releng:signing:cert:dep-signing": [
- ["signing4.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["gpg", "sha2signcode", "sha2signcodestub", "osslsigncode", "signcode", "mar", "mar_sha384", "mar_sha384", "jar", "emevoucher", "widevine", "widevine_blessed"]],
- ["signing5.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["gpg", "sha2signcode", "sha2signcodestub", "osslsigncode", "signcode", "mar", "mar_sha384", "mar_sha384", "jar", "emevoucher", "widevine", "widevine_blessed"]],
- ["signing6.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["gpg", "sha2signcode", "sha2signcodestub", "osslsigncode", "signcode", "mar", "mar_sha384", "mar_sha384", "jar", "emevoucher", "widevine", "widevine_blessed"]],
+ "<%= @env_config['dep_signing_scope'] %>": [
+ ["signing4.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["gpg", "sha2signcode", "sha2signcodestub", "osslsigncode", "signcode", "mar", "mar_sha384", "jar", "emevoucher", "widevine", "widevine_blessed"]],
+ ["signing5.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["gpg", "sha2signcode", "sha2signcodestub", "osslsigncode", "signcode", "mar", "mar_sha384", "jar", "emevoucher", "widevine", "widevine_blessed"]],
+ ["signing6.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["gpg", "sha2signcode", "sha2signcodestub", "osslsigncode", "signcode", "mar", "mar_sha384", "jar", "emevoucher", "widevine", "widevine_blessed"]],
["mac-v2-signing1.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["macapp"]],
["mac-v2-signing2.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["macapp"]],
["mac-v2-signing3.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["macapp"]],
["mac-v2-signing4.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["macapp"]],
["mac-v2-signing6.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["macapp"]],
["mac-v2-signing7.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["macapp"]]
]
}
--- a/modules/signing_scriptworker/templates/passwords.json.erb
+++ b/modules/signing_scriptworker/templates/passwords.json.erb
@@ -5,17 +5,17 @@
["signing6.srv.releng.scl3.mozilla.com:9100", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_nightly_password"]) %>", ["gpg", "sha2signcode", "sha2signcodestub", "osslsigncode", "signcode", "mar", "mar_sha384", "jar", "emevoucher", "widevine", "widevine_blessed"]],
["mac-v2-signing1.srv.releng.scl3.mozilla.com:9100", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_nightly_password"]) %>", ["macapp"]],
["mac-v2-signing2.srv.releng.scl3.mozilla.com:9100", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_nightly_password"]) %>", ["macapp"]],
["mac-v2-signing3.srv.releng.scl3.mozilla.com:9100", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_nightly_password"]) %>", ["macapp"]],
["mac-v2-signing4.srv.releng.scl3.mozilla.com:9100", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_nightly_password"]) %>", ["macapp"]],
["mac-v2-signing6.srv.releng.scl3.mozilla.com:9100", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_nightly_password"]) %>", ["macapp"]],
["mac-v2-signing7.srv.releng.scl3.mozilla.com:9100", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_nightly_password"]) %>", ["macapp"]]
],
- "project:releng:signing:cert:dep-signing": [
+ "<%= @env_config['dep_signing_scope'] %>": [
["signing4.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["gpg", "sha2signcode", "sha2signcodestub", "osslsigncode", "signcode", "mar", "mar_sha384", "mar_sha384", "jar", "emevoucher", "widevine", "widevine_blessed"]],
["signing5.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["gpg", "sha2signcode", "sha2signcodestub", "osslsigncode", "signcode", "mar", "mar_sha384", "mar_sha384", "jar", "emevoucher", "widevine", "widevine_blessed"]],
["signing6.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["gpg", "sha2signcode", "sha2signcodestub", "osslsigncode", "signcode", "mar", "mar_sha384", "mar_sha384", "jar", "emevoucher", "widevine", "widevine_blessed"]],
["mac-v2-signing1.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["macapp"]],
["mac-v2-signing2.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["macapp"]],
["mac-v2-signing3.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["macapp"]],
["mac-v2-signing4.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["macapp"]],
["mac-v2-signing6.srv.releng.scl3.mozilla.com:9110", "<%= scope.function_secret(["signing_server_username"]) %>", "<%= scope.function_secret(["signing_server_dep_password"]) %>", ["macapp"]],