---------------------
.. _added-17:
Added
~~~~~
- added ``CODE_OF_CONDUCT.md``.
- ``verify_cot`` now has a ``--verify-sigs`` option to test level 3
chains of trust with signature verification on.
- added a ``verify_ed25519_signature`` endpoint helper script.
.. _changed-15:
Changed
~~~~~~~
- Updated documentation to reflect the new ed25519-only chain of trust
world.
- ``docker/run.sh`` no longer points ``/dev/random`` to
``/dev/urandom``, and no longer has hacks to install an old version
of gpg.
- ``public/chain-of-trust.json`` is now a mandatory artifact in cot
verification. ``public/chain-of-trust.json.sig`` is mandatory if
signature verification is on. ``public/chainOfTrust.json.asc`` is no
longer used.
- similarly, ``public/chainOfTrust.json.asc`` is no longer generated or
uploaded by scriptworker.
- ``add_enumerable_item_to_dict`` now uses ``setdefault`` instead of
``try/except``.
.. _fixed-13:
Fixed
~~~~~
- added missing modules to the source documentation.
- restored missing test branch coverage.
- ``get_all_artifacts_per_task_id`` now returns a sorted, unique list
of artifacts, preventing duplicate concurrent downloads of the same
file.
- ``test_verify_production_cot`` now tests win64 repackage-signing
instead of linux64 repackage-signing because linux64 stopped running
repackage-signing. We also test an esr60 index.
.. _removed-5:
Removed
~~~~~~~
- removed gpg support from chain of trust verification.
- removed ``scriptworker.gpg`` module and associated tests.
- removed the ``defusedxml``, ``pexpect``, and ``python-gnupg``
dependencies.
- removed the ``create_gpg_keys.py`` and ``gpg_helper.sh`` helper
scripts.
- removed gpg-specific config.
- removed ``ScriptWorkerGPGException``
- removed the ``rebuild_gpg_homedirs`` endpoint.
- removed the ``check_pubkeys.py`` and ``gen1000keys.py`` test scripts.
.. _section-36: