richard pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits: dccd3115 by Nicolas Vigier at 2023-06-15T23:41:38+00:00 Bug 40836: Deploy mullvad-browser installer bins to dist.torproject.org
- - - - - 176e8382 by Nicolas Vigier at 2023-06-15T23:41:38+00:00 Bug 40851: in do-all-signing, don't ask android password for mullvadbrowser
- - - - - 95291992 by Nicolas Vigier at 2023-06-15T23:41:38+00:00 Bug 40881: Ask for the correct nssdb password when signing mullvadbrowser
- - - - - 1472747b by Nicolas Vigier at 2023-06-15T23:41:38+00:00 Bug 40882: Fix static-update-component command is issue_templates
- - - - -
6 changed files:
- .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md - .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md - .gitlab/issue_templates/Release Prep - Tor Browser Stable.md - tools/signing/do-all-signing - tools/signing/staticiforme-prepare-cdn-dist-upload - tools/signing/sync-local-to-staticiforme
Changes:
===================================== .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md ===================================== @@ -88,12 +88,16 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU - [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run the macOS proxy script: - `cd tor-browser-build/tools/signing/` - `./macos-signer-proxy` -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure mullvad daemon is running with SOCKS5 proxy on the default port 9050 -- [ ] apk signing : copy signed `*multi.apk` files to the unsigned build outputs direcmullvady +- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 - [ ] run do-all-signing script: - `cd tor-browser-build/tools/signing/` - `./do-all-signing.sh` -- **NOTE**: at this point the signed binaries should be in `tor-browser-build/mullvadbrowser/release/signed/$(MULLVAD_BROWSER_VERSION)` +- **NOTE**: at this point the signed binaries should have been copied to `staticiforme` +- [ ] Update `staticiforme.torproject.org`: + - From `screen` session on `staticiforme.torproject.org`: + - [ ] Static update components : `static-update-component dist.torproject.org` + - [ ] Remove old release data from `/srv/dist-master.torproject.org/htdocs/mullvadbrowser` + - [ ] Static update components (again) : `static-update-component dist.torproject.org`
</details>
===================================== .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md ===================================== @@ -185,7 +185,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch - **NOTE** : Skip this step if the current release is Android or Desktop *only* - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` - - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component + - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` - [ ] Publish APKs to Google Play: - Log into https://play.google.com/apps/publish - Select `Tor Browser (Alpha)` app
===================================== .gitlab/issue_templates/Release Prep - Tor Browser Stable.md ===================================== @@ -190,7 +190,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE - **NOTE** : Skip this step if the current release is Android or Desktop *only* - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` -- [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component +- [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` - [ ] Publish APKs to Google Play: - Log into https://play.google.com/apps/publish - Select `Tor Browser` app
===================================== tools/signing/do-all-signing ===================================== @@ -14,12 +14,17 @@ echo test -f "$steps_dir/macos-signer-notarization.done" || read -sp "Enter macos notarization passphrase: " NOTARIZATION_PW echo +is_project torbrowser && nssdb=torbrowser-nssdb7 +is_project mullvadbrowser && nssdb=mullvadbrowser-nssdb-1 test -f "$steps_dir/linux-signer-signmars.done" || - read -sp "Enter nssdb7 (mar signing) passphrase: " NSSPASS -echo -test -f "$steps_dir/linux-signer-sign-android-apks.done" || - read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS + read -sp "Enter $nssdb (mar signing) passphrase: " NSSPASS echo + +if is_project torbrowser; then + test -f "$steps_dir/linux-signer-sign-android-apks.done" || + read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS + echo +fi test -f "$steps_dir/linux-signer-authenticode-signing.done" || read -sp "Enter windows authenticode passphrase: " YUBIPASS echo @@ -227,12 +232,9 @@ do_step sync-after-hash do_step linux-signer-gpg-sign do_step sync-after-gpg-sign do_step download-unsigned-sha256sums-gpg-signatures-from-people-tpo -is_project torbrowser && \ - do_step sync-local-to-staticiforme -is_project torbrowser && \ - do_step sync-scripts-to-staticiforme -is_project torbrowser && \ - do_step staticiforme-prepare-cdn-dist-upload +do_step sync-local-to-staticiforme +do_step sync-scripts-to-staticiforme +do_step staticiforme-prepare-cdn-dist-upload do_step upload-update_responses-to-staticiforme do_step finished-signing-clean-macos-signer do_step finished-signing-clean-linux-signer
===================================== tools/signing/staticiforme-prepare-cdn-dist-upload ===================================== @@ -16,21 +16,29 @@ chmod 775 "$dist_dir" chmod 664 "$dist_dir"/* chmod 664 "$dist_dir/.htaccess"
-cdn_dir="/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser/$tbb_version" -if test -d "$cdn_dir" -then - echo "Error: $cdn_dir already exists" >&2 - exit 1 +if is_project torbrowser; then + cdn_dir="/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser/$tbb_version" + if test -d "$cdn_dir" + then + echo "Error: $cdn_dir already exists" >&2 + exit 1 + fi + mkdir "$cdn_dir" + chgrp tb-release "$cdn_dir" + chmod 775 "$cdn_dir" + cd "$cdn_dir" + for marfile in "$dist_dir"/*.mar; do + ln -f "$marfile" . + done + + dest='cdn.tpo and dist.tpo' + staticupdatecmd='static-update-component cdn.torproject.org && static-update-component dist.torproject.org' +else + dest='dist.tpo' + staticupdatecmd='static-update-component dist.torproject.org' fi -mkdir "$cdn_dir" -chgrp tb-release "$cdn_dir" -chmod 775 "$cdn_dir" -cd "$cdn_dir" -for marfile in "$dist_dir"/*.mar; do - ln -f "$marfile" . -done
-echo "$tbb_version is ready to upload to cdn.tpo and dist.tpo" +echo "$tbb_version is ready to upload to $dest" echo "You should remove the old version(s) before starting the upload with:" -echo ' static-update-component cdn.torproject.org && static-update-component dist.torproject.org' +echo " $staticupdatecmd" echo '(preferably using screen or tmux)'
===================================== tools/signing/sync-local-to-staticiforme ===================================== @@ -3,4 +3,4 @@ set -e script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source "$script_dir/functions"
-rsync $rsync_options "$signed_version_dir/" "$ssh_host_staticiforme:/srv/dist-master.torproject.org/htdocs/torbrowser/$tbb_version/" +rsync $rsync_options "$signed_version_dir/" "$ssh_host_staticiforme:/srv/dist-master.torproject.org/htdocs/$SIGNING_PROJECTNAME/$tbb_version/"
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/0...