Skip to content

Commit

Permalink
AUT-293: add stage formats for all dev/fake-prod signingscript formats (
Browse files Browse the repository at this point in the history
#1085)

* feat(signingscript): allow for 'stage_' variants of signing formats

We need this to easily allow dev and fake-prod scriptworkers to opt into testing against Autograph stage. Rather than duplicating all of the formats, we add some simple fallback to the non-stage_ version when selecting signing function. (Note that we must pass through the original format to allow `get_autograph_config` to find the correct server configuration deeper down the stack.)

* feat(signingscript): add stage variants for all dev/fake-prod formats

These variants don't necessarily use the same certs as the autograph prod versions, but they are similar enough that they allow us to verify that Autograph works from a functional point of view.

* add some extra logging messages to make it easier to trace signing requests

* remove unnecessary checks for GPG_PUBKEY_PATH

* fix: preserve original format during widevine signing

* fix: preserve original format during omnija signing

* fix a bunch more places that hardcode formats deep in the bowels of signingscript

* formatting pass

* minor improvements to widevine logging
  • Loading branch information
bhearsum authored Dec 3, 2024
1 parent f78fc91 commit 9ada102
Show file tree
Hide file tree
Showing 11 changed files with 421 additions and 155 deletions.
63 changes: 46 additions & 17 deletions signingscript/docker.d/init_worker.sh
Original file line number Diff line number Diff line change
Expand Up @@ -81,57 +81,83 @@ case $ENV in
dev|fake-prod)
case $COT_PRODUCT in
firefox|thunderbird)
test_var_set 'AUTOGRAPH_AUTHENTICODE_SHA2_PASSWORD'
test_var_set 'AUTOGRAPH_AUTHENTICODE_SHA2_USERNAME'
test_var_set 'AUTHENTICODE_CERT_PATH'
test_var_set 'AUTHENTICODE_CA_PATH'
test_var_set 'AUTHENTICODE_CA_TIMESTAMP_PATH'
test_var_set 'AUTHENTICODE_CROSS_CERT_PATH'
test_var_set 'AUTHENTICODE_TIMESTAMP_STYLE'
test_var_set 'AUTOGRAPH_AUTHENTICODE_SHA2_PASSWORD'
test_var_set 'AUTOGRAPH_AUTHENTICODE_SHA2_USERNAME'
test_var_set 'AUTOGRAPH_GPG_PASSWORD'
test_var_set 'AUTOGRAPH_GPG_USERNAME'
test_var_set 'GPG_PUBKEY_PATH'
test_var_set 'AUTOGRAPH_LANGPACK_PASSWORD'
test_var_set 'AUTOGRAPH_LANGPACK_USERNAME'
test_var_set 'AUTOGRAPH_MAR_PASSWORD'
test_var_set 'AUTOGRAPH_MAR_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_MAR_PASSWORD'
test_var_set 'AUTOGRAPH_STAGE_MAR_USERNAME'
test_var_set 'AUTOGRAPH_OMNIJA_PASSWORD'
test_var_set 'AUTOGRAPH_OMNIJA_USERNAME'
test_var_set 'AUTOGRAPH_WIDEVINE_PASSWORD'
test_var_set 'AUTOGRAPH_WIDEVINE_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_AUTHENTICODE_SHA2_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_AUTHENTICODE_SHA2_PASSWORD'
test_var_set 'AUTOGRAPH_STAGE_GPG_PASSWORD'
test_var_set 'AUTOGRAPH_STAGE_GPG_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_LANGPACK_PASSWORD'
test_var_set 'AUTOGRAPH_STAGE_LANGPACK_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_MAR_PASSWORD'
test_var_set 'AUTOGRAPH_STAGE_MAR_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_OMNIJA_PASSWORD'
test_var_set 'AUTOGRAPH_STAGE_OMNIJA_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_WIDEVINE_PASSWORD'
test_var_set 'AUTOGRAPH_STAGE_WIDEVINE_USERNAME'
if [ "$COT_PRODUCT" = "firefox" ]; then
test_var_set 'AUTOGRAPH_FENIX_PASSWORD'
test_var_set 'AUTOGRAPH_FENIX_USERNAME'
test_var_set 'AUTOGRAPH_FOCUS_PASSWORD'
test_var_set 'AUTOGRAPH_FOCUS_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_FENIX_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_FENIX_PASSWORD'
test_var_set 'AUTOGRAPH_STAGE_FOCUS_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_FOCUS_PASSWORD'
fi
;;
mobile)
test_var_set 'AUTOGRAPH_GPG_PASSWORD'
test_var_set 'AUTOGRAPH_GPG_USERNAME'
test_var_set 'GPG_PUBKEY_PATH'
test_var_set 'AUTOGRAPH_REFERENCE_BROWSER_PASSWORD'
test_var_set 'AUTOGRAPH_REFERENCE_BROWSER_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_REFERENCE_BROWSER_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_REFERENCE_BROWSER_PASSWORD'
;;
app-services)
test_var_set 'AUTOGRAPH_GPG_PASSWORD'
test_var_set 'AUTOGRAPH_GPG_USERNAME'
test_var_set 'GPG_PUBKEY_PATH'
test_var_set 'AUTOGRAPH_STAGE_GPG_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_GPG_PASSWORD'
;;
glean)
test_var_set 'AUTOGRAPH_GPG_PASSWORD'
test_var_set 'AUTOGRAPH_GPG_USERNAME'
test_var_set 'GPG_PUBKEY_PATH'
test_var_set 'AUTOGRAPH_STAGE_GPG_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_GPG_PASSWORD'
;;
xpi)
test_var_set 'AUTOGRAPH_XPI_PRIVILEGED_PASSWORD'
test_var_set 'AUTOGRAPH_XPI_PRIVILEGED_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_XPI_PRIVILEGED_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_XPI_PRIVILEGED_PASSWORD'
;;
mozillavpn)
test_var_set 'AUTOGRAPH_AUTHENTICODE_SHA2_PASSWORD'
test_var_set 'AUTOGRAPH_AUTHENTICODE_SHA2_USERNAME'
test_var_set 'AUTOGRAPH_MOZILLAVPN_DEBSIGN_PASSWORD'
test_var_set 'AUTOGRAPH_MOZILLAVPN_DEBSIGN_USERNAME'
test_var_set 'AUTOGRAPH_MOZILLAVPN_ADDONS_PASSWORD'
test_var_set 'AUTOGRAPH_MOZILLAVPN_ADDONS_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_AUTHENTICODE_SHA2_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_AUTHENTICODE_SHA2_PASSWORD'
test_var_set 'AUTOGRAPH_STAGE_MOZILLAVPN_DEBSIGN_PASSWORD'
test_var_set 'AUTOGRAPH_STAGE_MOZILLAVPN_DEBSIGN_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_MOZILLAVPN_ADDONS_PASSWORD'
test_var_set 'AUTOGRAPH_STAGE_MOZILLAVPN_ADDONS_USERNAME'
test_var_set 'AUTHENTICODE_CERT_PATH'
test_var_set 'AUTHENTICODE_CA_PATH'
test_var_set 'AUTHENTICODE_CA_TIMESTAMP_PATH'
Expand All @@ -143,15 +169,22 @@ case $ENV in
test_var_set 'AUTOGRAPH_AUTHENTICODE_SHA2_USERNAME'
test_var_set 'AUTOGRAPH_MAR_PASSWORD'
test_var_set 'AUTOGRAPH_MAR_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_MAR_PASSWORD'
test_var_set 'AUTOGRAPH_STAGE_MAR_USERNAME'
test_var_set 'AUTOGRAPH_GPG_PASSWORD'
test_var_set 'AUTOGRAPH_GPG_USERNAME'
test_var_set 'AUTOGRAPH_XPI_PASSWORD'
test_var_set 'AUTOGRAPH_XPI_USERNAME'
test_var_set 'GPG_PUBKEY_PATH'
test_var_set 'AUTOGRAPH_FENIX_PASSWORD'
test_var_set 'AUTOGRAPH_FENIX_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_AUTHENTICODE_SHA2_PASSWORD'
test_var_set 'AUTOGRAPH_STAGE_AUTHENTICODE_SHA2_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_MAR_PASSWORD'
test_var_set 'AUTOGRAPH_STAGE_MAR_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_GPG_PASSWORD'
test_var_set 'AUTOGRAPH_STAGE_GPG_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_XPI_PASSWORD'
test_var_set 'AUTOGRAPH_STAGE_XPI_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_FENIX_PASSWORD'
test_var_set 'AUTOGRAPH_STAGE_FENIX_USERNAME'
;;
esac
;;
Expand All @@ -167,7 +200,6 @@ case $ENV in
test_var_set 'AUTHENTICODE_TIMESTAMP_STYLE'
test_var_set 'AUTOGRAPH_GPG_PASSWORD'
test_var_set 'AUTOGRAPH_GPG_USERNAME'
test_var_set 'GPG_PUBKEY_PATH'
test_var_set 'AUTOGRAPH_LANGPACK_PASSWORD'
test_var_set 'AUTOGRAPH_LANGPACK_USERNAME'
test_var_set 'AUTOGRAPH_MAR_NIGHTLY_PASSWORD'
Expand All @@ -192,7 +224,6 @@ case $ENV in
mobile)
test_var_set 'AUTOGRAPH_GPG_PASSWORD'
test_var_set 'AUTOGRAPH_GPG_USERNAME'
test_var_set 'GPG_PUBKEY_PATH'
test_var_set 'AUTOGRAPH_REFERENCE_BROWSER_PASSWORD'
test_var_set 'AUTOGRAPH_REFERENCE_BROWSER_USERNAME'
test_var_set 'AUTOGRAPH_STAGE_REFERENCE_BROWSER_PASSWORD'
Expand All @@ -201,12 +232,10 @@ case $ENV in
app-services)
test_var_set 'AUTOGRAPH_GPG_USERNAME'
test_var_set 'AUTOGRAPH_GPG_PASSWORD'
test_var_set 'GPG_PUBKEY_PATH'
;;
glean)
test_var_set 'AUTOGRAPH_GPG_USERNAME'
test_var_set 'AUTOGRAPH_GPG_PASSWORD'
test_var_set 'GPG_PUBKEY_PATH'
;;
xpi)
test_var_set 'AUTOGRAPH_XPI_PRIVILEGED_PASSWORD'
Expand Down
182 changes: 169 additions & 13 deletions signingscript/docker.d/passwords.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,76 @@ in:
$merge:
$match:

# dep-passwords.json
# XXX fake-prod, aka dep, shouldn't point at autograph-external.stage
# for anything but autograph_stage_mar384!!
# We strive to:
# Configure `prod` environments exclusively with production Autograph entries.
#
# Configure `dev` and `fake-prod` environments with entries for production
# Autograph (which is what code in project repositories should be using
# by default), but also have entries for Autograph stage that can be
# opted into by tasks.
#
# The latter is to allow for easy testing of notable changes to Autograph.
# These entries do _not_ need to be exactly the same as the production versions,
# but we should be able to test each type of signature, and have a `stage_` version
# of each format (to make project repo changes simpler). Many of these formats
# will end up sharing credentials and keyids, because Autograph stage does not
# strive to keep a 1:1 mapping between hawkids or signers with production.
# This is OK; as long as we can sign with the same type of signer as production
# it's good enough for stage testing.
'(ENV == "dev" || ENV == "fake-prod") && (COT_PRODUCT == "firefox" || COT_PRODUCT == "thunderbird")':
$let:
firefox_and_thunderbird_nonprod_autograph:
# GCP Autograph stage
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_AUTHENTICODE_SHA2_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_AUTHENTICODE_SHA2_PASSWORD"},
["stage_autograph_authenticode_202404", "stage_autograph_authenticode_202404_stub"],
"authenticode_dep_sha256",
]
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_MAR_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_MAR_PASSWORD"},
["stage_autograph_hash_only_mar384"],
"mar_202411",
]
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_GPG_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_GPG_PASSWORD"},
["stage_autograph_gpg"],
"dummy_gpg2",
]
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_WIDEVINE_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_WIDEVINE_PASSWORD"},
["stage_autograph_widevine"],
"widevine_dummy",
]
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_OMNIJA_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_OMNIJA_PASSWORD"},
["stage_autograph_omnija"],
"cas_new_systemaddon_rsa",
]
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_LANGPACK_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_LANGPACK_PASSWORD"},
["stage_autograph_langpack"],
"cas_new_webextensions_rsa"
]
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_FOCUS_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_FOCUS_PASSWORD"},
["stage_autograph_focus"],
"dummyapp_android",
]
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_FENIX_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_FENIX_PASSWORD"},
["stage_autograph_apk", "stage_autograph_apk_mozillaonline"],
"dummyapp_android",
]

# AWS Autograph; to be removed when production is switched over to GCP by default.
- ["https://autograph-external.prod.autograph.services.mozaws.net",
{"$eval": "AUTOGRAPH_AUTHENTICODE_SHA2_USERNAME"},
{"$eval": "AUTOGRAPH_AUTHENTICODE_SHA2_PASSWORD"},
Expand All @@ -28,11 +92,6 @@ in:
{"$eval": "AUTOGRAPH_MAR_PASSWORD"},
["autograph_hash_only_mar384"]
]
- ["https://autograph-external.stage.autograph.services.mozaws.net",
{"$eval": "AUTOGRAPH_STAGE_MAR_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_MAR_PASSWORD"},
["autograph_stage_mar384"]
]
- ["https://autograph-external.prod.autograph.services.mozaws.net",
{"$eval": "AUTOGRAPH_GPG_USERNAME"},
{"$eval": "AUTOGRAPH_GPG_PASSWORD"},
Expand Down Expand Up @@ -72,6 +131,15 @@ in:
# dep-passwords-mobile.json
'(ENV == "dev" || ENV == "fake-prod") && COT_PRODUCT == "mobile"':
project:mobile:reference-browser:releng:signing:cert:dep-signing:
# GCP Autograph stage
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_REFERENCE_BROWSER_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_REFERENCE_BROWSER_PASSWORD"},
["stage_autograph_apk"],
"dummyapp_android"
]

# AWS Autograph; to be removed when production is switched over to GCP by default.
- ["https://autograph-external.prod.autograph.services.mozaws.net",
{"$eval": "AUTOGRAPH_REFERENCE_BROWSER_USERNAME"},
{"$eval": "AUTOGRAPH_REFERENCE_BROWSER_PASSWORD"},
Expand All @@ -81,6 +149,15 @@ in:
# dep-passwords-appsv.json
'ENV == "fake-prod" && COT_PRODUCT == "app-services"':
'${scope_prefix[0]}cert:dep-signing':
# GCP Autograph stage
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_GPG_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_GPG_PASSWORD"},
["stage_autograph_gpg"],
"dummy_gpg2"
]

# AWS Autograph; to be removed when production is switched over to GCP by default.
- ["https://autograph-external.prod.autograph.services.mozaws.net",
{"$eval": "AUTOGRAPH_GPG_USERNAME"},
{"$eval": "AUTOGRAPH_GPG_PASSWORD"},
Expand All @@ -90,6 +167,15 @@ in:
# dep-passwords-glean.json
'ENV == "fake-prod" && COT_PRODUCT == "glean"':
'${scope_prefix[0]}cert:dep-signing':
# GCP Autograph stage
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_GPG_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_GPG_PASSWORD"},
["stage_autograph_gpg"],
"dummy_gpg2"
]

# AWS Autograph; to be removed when production is switched over to GCP by default.
- ["https://autograph-external.prod.autograph.services.mozaws.net",
{"$eval": "AUTOGRAPH_GPG_USERNAME"},
{"$eval": "AUTOGRAPH_GPG_PASSWORD"},
Expand All @@ -99,6 +185,21 @@ in:
# dep-passwords-xpi.json
'(ENV == "dev" || ENV == "fake-prod") && COT_PRODUCT == "xpi"':
'${scope_prefix[0]}cert:dep-signing':
# GCP Autograph stage
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_XPI_PRIVILEGED_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_XPI_PRIVILEGED_PASSWORD"},
["stage_privileged_webextension"],
"cas_new_extension_rsa"
]
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_XPI_PRIVILEGED_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_XPI_PRIVILEGED_PASSWORD"},
["stage_system_addon"],
"cas_new_systemaddon_rsa"
]

# AWS Autograph; to be removed when production is switched over to GCP by default.
- ["https://autograph-external.prod.autograph.services.mozaws.net",
{"$eval": "AUTOGRAPH_XPI_PRIVILEGED_USERNAME"},
{"$eval": "AUTOGRAPH_XPI_PRIVILEGED_PASSWORD"},
Expand All @@ -115,6 +216,30 @@ in:
# dep-passwords-mozillavpn.json
'(ENV == "dev" || ENV == "fake-prod") && COT_PRODUCT == "mozillavpn"':
'${scope_prefix[0]}cert:dep-signing':
# GCP Autograph stage
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_AUTHENTICODE_SHA2_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_AUTHENTICODE_SHA2_PASSWORD"},
["stage_autograph_authenticode_202404", "stage_autograph_authenticode_202404_stub"],
"authenticode_dep_sha256",
]
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_MOZILLAVPN_DEBSIGN_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_MOZILLAVPN_DEBSIGN_PASSWORD"},
["stage_autograph_debsign"],
"dummy_gpg2_pgpsubkey_debsign",
]
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_MOZILLAVPN_ADDONS_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_MOZILLAVPN_ADDONS_PASSWORD"},
["stage_autograph_rsa"],
# We use authenticode_dep_sha256 for stage because all we care about is testing
# that signing works with a certificate with similar properties to the production
# one; stage does not have a specific vpn addon signing certificate though.
"authenticode_dep_sha256",
]

# AWS Autograph; to be removed when production is switched over to GCP by default.
- ["https://autograph-external.prod.autograph.services.mozaws.net",
{"$eval": "AUTOGRAPH_AUTHENTICODE_SHA2_USERNAME"},
{"$eval": "AUTOGRAPH_AUTHENTICODE_SHA2_PASSWORD"},
Expand All @@ -135,6 +260,42 @@ in:
# dep-passwords-adhoc.json
'(ENV == "dev" || ENV == "fake-prod") && COT_PRODUCT == "adhoc"':
'${scope_prefix[0]}cert:dep-signing':
# GCP Autograph stage
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_AUTHENTICODE_SHA2_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_AUTHENTICODE_SHA2_PASSWORD"},
["stage_autograph_authenticode_ev", "stage_autograph_authenticode_202404",
"stage_autograph_authenticode_202404_stub"],
"authenticode_dep_sha256"
]
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_MAR_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_MAR_PASSWORD"},
["stage_autograph_mar384", "stage_autograph_hash_only_mar384"],
"mar_202411"
]
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_GPG_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_GPG_PASSWORD"},
["stage_autograph_gpg"],
"dummy_gpg2"
]
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_XPI_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_XPI_PASSWORD"},
["stage_autograph_xpi", "stage_autograph_xpi_sha1_es256_es384",
"stage_autograph_xpi_sha1_es256_ps256", "stage_autograph_xpi_sha1_es256",
"stage_autograph_xpi_sha1_ps256"],
"cas_new_webextensions_rsa"
]
- ["https://stage.autograph.nonprod.webservices.mozgcp.net",
{"$eval": "AUTOGRAPH_STAGE_FENIX_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_FENIX_PASSWORD"},
["stage_autograph_apk"],
"dummyapp_android"
]

# AWS Autograph; to be removed when production is switched over to GCP by default.
- ["https://autograph-external.prod.autograph.services.mozaws.net",
{"$eval": "AUTOGRAPH_AUTHENTICODE_SHA2_USERNAME"},
{"$eval": "AUTOGRAPH_AUTHENTICODE_SHA2_PASSWORD"},
Expand All @@ -146,11 +307,6 @@ in:
{"$eval": "AUTOGRAPH_MAR_PASSWORD"},
["autograph_hash_only_mar384"]
]
- ["https://autograph-external.stage.autograph.services.mozaws.net",
{"$eval": "AUTOGRAPH_STAGE_MAR_USERNAME"},
{"$eval": "AUTOGRAPH_STAGE_MAR_PASSWORD"},
["autograph_stage_mar384"]
]
- ["https://autograph-external.prod.autograph.services.mozaws.net",
{"$eval": "AUTOGRAPH_GPG_USERNAME"},
{"$eval": "AUTOGRAPH_GPG_PASSWORD"},
Expand Down
Loading

0 comments on commit 9ada102

Please sign in to comment.