Backed out 2 changesets (bug 1895492, bug 1889299) for causing bug 1896944. a=backout

Backed out changeset c35b87066434 (bug 1889299)
Backed out changeset 3fd1528e5f79 (bug 1895492)

browser/branding/aurora/branding.nsi

@@ -24,7 +24,7 @@
 
 # The installer's certificate name and issuer expected by the stub installer
 !define CertNameDownload   "Mozilla Corporation"
-!define CertIssuerDownload "DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"
+!define CertIssuerDownload "DigiCert SHA2 Assured ID Code Signing CA"
 
 # Dialog units are used so the UI displays correctly with the system's DPI
 # settings.

browser/branding/nightly/branding.nsi

@@ -23,7 +23,7 @@
 
 # The installer's certificate name and issuer expected by the stub installer
 !define CertNameDownload   "Mozilla Corporation"
-!define CertIssuerDownload "DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"
+!define CertIssuerDownload "DigiCert SHA2 Assured ID Code Signing CA"
 
 # Dialog units are used so the UI displays correctly with the system's DPI
 # settings.

browser/branding/official/branding.nsi

@@ -28,7 +28,7 @@
 
 # The installer's certificate name and issuer expected by the stub installer
 !define CertNameDownload   "Mozilla Corporation"
-!define CertIssuerDownload "DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"
+!define CertIssuerDownload "DigiCert SHA2 Assured ID Code Signing CA"
 
 # Dialog units are used so the UI displays correctly with the system's DPI
 # settings. These are tweaked to look good with the en-US strings; ideally

browser/branding/unofficial/branding.nsi

@@ -23,7 +23,7 @@
 
 # The installer's certificate name and issuer expected by the stub installer
 !define CertNameDownload   "Mozilla Corporation"
-!define CertIssuerDownload "DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"
+!define CertIssuerDownload "DigiCert SHA2 Assured ID Code Signing CA"
 
 # Dialog units are used so the UI displays correctly with the system's DPI
 # settings.

taskcluster/gecko_taskgraph/transforms/geckodriver_signing.py

@@ -121,7 +121,7 @@ def make_signing_description(config, jobs):
 
 def _craft_upstream_artifacts(dep_job, dependency_kind, build_platform):
     if build_platform.startswith("win"):
-        signing_format = "autograph_authenticode_202404"
+        signing_format = "autograph_authenticode_sha2"
     elif build_platform.startswith("linux"):
         signing_format = "autograph_gpg"
     elif build_platform.startswith("macosx"):

taskcluster/gecko_taskgraph/transforms/openh264_signing.py

@@ -81,7 +81,7 @@ def make_signing_description(config, jobs):
         }
 
         if "win" in build_platform:
-            upstream_artifact["formats"] = ["autograph_authenticode_202404"]
+            upstream_artifact["formats"] = ["autograph_authenticode_sha2"]
         elif "mac" in build_platform:
             upstream_artifact["formats"] = ["mac_single_file"]
             upstream_artifact["singleFileGlobs"] = ["libgmpopenh264.dylib"]

taskcluster/gecko_taskgraph/transforms/repackage_signing.py

@@ -29,10 +29,10 @@ repackage_signing_description_schema = Schema(
 )
 
 SIGNING_FORMATS = {
-    "target.installer.exe": ["autograph_authenticode_202404_stub"],
+    "target.installer.exe": ["autograph_authenticode_sha2_stub"],
-    "target.stub-installer.exe": ["autograph_authenticode_202404_stub"],
+    "target.stub-installer.exe": ["autograph_authenticode_sha2_stub"],
-    "target.installer.msi": ["autograph_authenticode_202404"],
+    "target.installer.msi": ["autograph_authenticode_sha2"],
-    "target.installer.msix": ["autograph_authenticode_202404"],
+    "target.installer.msix": ["autograph_authenticode_sha2"],
 }
 
 transforms = TransformSequence()

taskcluster/gecko_taskgraph/transforms/repackage_signing_partner.py

@@ -93,7 +93,7 @@ def make_repackage_signing_description(config, jobs):
                     "paths": [
                         get_artifact_path(dep_job, f"{repack_id}/target.installer.exe"),
                     ],
-                    "formats": ["autograph_authenticode_202404", "autograph_gpg"],
+                    "formats": ["autograph_authenticode_sha2", "autograph_gpg"],
                 }
             ]
 
@@ -113,7 +113,7 @@ def make_repackage_signing_description(config, jobs):
                                 f"{repack_id}/target.stub-installer.exe",
                             ),
                         ],
-                        "formats": ["autograph_authenticode_202404", "autograph_gpg"],
+                        "formats": ["autograph_authenticode_sha2", "autograph_gpg"],
                     }
                 )
         elif "mac" in build_platform:

taskcluster/gecko_taskgraph/util/signed_artifacts.py

@@ -98,14 +98,14 @@ def generate_specifications_of_artifacts_to_sign(
                 "artifacts": [
                     get_artifact_path(job, "{locale}/setup.exe"),
                 ],
-                "formats": ["autograph_authenticode_202404"],
+                "formats": ["autograph_authenticode_sha2"],
             },
             {
                 "artifacts": [
                     get_artifact_path(job, "{locale}/target.zip"),
                 ],
                 "formats": [
-                    "autograph_authenticode_202404",
+                    "autograph_authenticode_sha2",
                     "autograph_widevine",
                     "autograph_omnija",
                 ],

taskcluster/kinds/repackage-msix/kind.yml

@@ -101,8 +101,8 @@ jobs:
                                 # level 3 repositories, some build types are expected to
                                 # be signed with our fake certificate.
                                 by-build-platform:
-                                    .*-shippable: "CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=San Francisco, S=California, C=US"
+                                    .*-shippable: "CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=Mountain View, S=California, C=US"
-                                    .*-devedition: "CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=San Francisco, S=California, C=US"
+                                    .*-devedition: "CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=Mountain View, S=California, C=US"
                                     default: "CN=Mozilla Fake SPC"
             publisher-display-name:
                 by-package-format:

taskcluster/kinds/repackage-shippable-l10n-msix/kind.yml

@@ -102,8 +102,8 @@ jobs:
                                 # level 3 repositories, some build types are expected to
                                 # be signed with our fake certificate.
                                 by-build-platform:
-                                    .*-shippable: "CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=San Francisco, S=California, C=US"
+                                    .*-shippable: "CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=Mountain View, S=California, C=US"
-                                    .*-devedition: "CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=San Francisco, S=California, C=US"
+                                    .*-devedition: "CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=Mountain View, S=California, C=US"
                                     default: "CN=Mozilla Fake SPC"
             publisher-display-name:
                 by-package-format: