Bug 1317783 - Turn on CoT on pushapk_scriptworker r=aki
authorJohan Lorenzo <jlorenzo@mozilla.com>
Thu, 30 Mar 2017 20:17:43 +0200
changeset 5054 68ac5090fcb24f45e7338eb7abc1411addec5bf2
parent 5053 50e2241d009ac5d622f5c7c8faac76480390337d
child 5055 98b351800c18e16361b1161f3f2d9b9cca8329bf
child 5871 d7f33c0b68d538a9a0c2bfce207a066b416ff894
push id2624
push userbmo:jlorenzo@mozilla.com
push dateFri, 31 Mar 2017 07:54:12 +0000
reviewersaki
bugs1317783
Bug 1317783 - Turn on CoT on pushapk_scriptworker r=aki MozReview-Commit-ID: 1bTCVYKvKKd
modules/pushapk_scriptworker/manifests/init.pp
--- a/modules/pushapk_scriptworker/manifests/init.pp
+++ b/modules/pushapk_scriptworker/manifests/init.pp
@@ -12,52 +12,52 @@ class pushapk_scriptworker {
     python35::virtualenv {
         $pushapk_scriptworker::settings::root:
             python3  => $packages::mozilla::python35::python3,
             require  => Class['packages::mozilla::python35'],
             user     => $pushapk_scriptworker::settings::user,
             group    => $pushapk_scriptworker::settings::group,
             mode     => 700,
             packages => [
-                'aiohttp==1.1.2',
-                'arrow==0.8.0',
-                'async-timeout==1.1.0',
+                'aiohttp==2.0.4',
+                'arrow==0.10.0',
+                'async-timeout==1.2.0',
                 'cffi==1.8.3',
                 'chardet==2.3.0',
                 'cryptography==1.5.2',
-                'defusedxml==0.4.1',
+                'defusedxml==0.5.0',
                 'frozendict==1.2',
                 'google-api-python-client==1.5.3',
                 'httplib2==0.9.2',
                 'idna==2.1',
-                'jsonschema==2.5.1',
-                'mohawk==0.3.3',
-                'mozapkpublisher==0.2.1',
-                'multidict==2.1.2',
+                'jsonschema==2.6.0',
+                'mohawk==0.3.4',
+                'mozapkpublisher==0.2.2',
+                'multidict==2.1.4',
                 'oauth2client==3.0.0',
                 'pexpect==4.2.1',
                 'ptyprocess==0.5.1',
-                'pushapkscript==0.2.2',
+                'pushapkscript==0.3.0',
                 'pyasn1==0.1.9',
                 'pyasn1-modules==0.0.8',
                 'pycparser==2.14',
                 'pyOpenSSL==16.2.0',
-                'python-dateutil==2.5.3',
-                'python-gnupg==0.3.9',
+                'python-dateutil==2.6.0',
+                'python-gnupg==0.4.0',
                 'PyYAML==3.12',
-                'requests==2.12.4',
+                'requests==2.13.0',
                 'rsa==3.4.2',
-                'scriptworker==2.0.0',
+                'scriptworker==3.0.0',
                 'simplejson==3.8.2',
                 'six==1.10.0',
                 'slugid==1.0.7',
-                'taskcluster==0.3.4',
+                'taskcluster==1.2.0',
                 'uritemplate==0.6',
-                'virtualenv==15.0.3',
-                'yarl==0.7.0',
+                'virtualenv==15.1.0',
+                'yarl==0.10.0',
             ];
     }
 
     scriptworker::instance {
         "${pushapk_scriptworker::settings::root}":
             instance_name            => $module_name,
             basedir                  => $pushapk_scriptworker::settings::root,
             work_dir                 => $pushapk_scriptworker::settings::work_dir,
@@ -67,20 +67,16 @@ class pushapk_scriptworker {
             username                 => $pushapk_scriptworker::settings::user,
             group                    => $pushapk_scriptworker::settings::group,
 
             taskcluster_client_id    => $pushapk_scriptworker::settings::taskcluster_client_id,
             taskcluster_access_token => $pushapk_scriptworker::settings::taskcluster_access_token,
             worker_group             => $pushapk_scriptworker::settings::worker_group,
             worker_type              => $pushapk_scriptworker::settings::worker_type,
 
-            # TODO Enable one of the next 3 lines to turn on Chain of Trust (bug 1317783)
-            sign_chain_of_trust      => false,
-            verify_chain_of_trust    => false,
-            verify_cot_signature     => false,
             cot_job_type             => 'pushapk',
 
             verbose_logging          => $pushapk_scriptworker::settings::verbose_logging,
     }
 
     File {
         ensure      => present,
         mode        => 600,