[tbb-commits] [Git][tpo/applications/tor-browser-build][main] 4 commits: Bug 40836: Deploy mullvad-browser installer bins to dist.torproject.org

richard (@richard) git at gitlab.torproject.org
Thu Jun 15 23:44:21 UTC 2023 


richard pushed to branch main at The Tor Project / Applications / tor-browser-build


Commits:
dccd3115 by Nicolas Vigier at 2023-06-15T23:41:38+00:00
Bug 40836: Deploy mullvad-browser installer bins to dist.torproject.org

- - - - -
176e8382 by Nicolas Vigier at 2023-06-15T23:41:38+00:00
Bug 40851: in do-all-signing, don't ask android password for mullvadbrowser

- - - - -
95291992 by Nicolas Vigier at 2023-06-15T23:41:38+00:00
Bug 40881: Ask for the correct nssdb password when signing mullvadbrowser

- - - - -
1472747b by Nicolas Vigier at 2023-06-15T23:41:38+00:00
Bug 40882: Fix static-update-component command is issue_templates

- - - - -


6 changed files:

- .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md
- .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
- .gitlab/issue_templates/Release Prep - Tor Browser Stable.md
- tools/signing/do-all-signing
- tools/signing/staticiforme-prepare-cdn-dist-upload
- tools/signing/sync-local-to-staticiforme


Changes:

=====================================
.gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md
=====================================
@@ -88,12 +88,16 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
 - [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run the macOS proxy script:
     - `cd tor-browser-build/tools/signing/`
     - `./macos-signer-proxy`
-- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure mullvad daemon is running with SOCKS5 proxy on the default port 9050
-- [ ] apk signing : copy signed `*multi.apk` files to the unsigned build outputs direcmullvady
+- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
 - [ ] run do-all-signing script:
     - `cd tor-browser-build/tools/signing/`
     - `./do-all-signing.sh`
-- **NOTE**: at this point the signed binaries should be in `tor-browser-build/mullvadbrowser/release/signed/$(MULLVAD_BROWSER_VERSION)`
+- **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
+- [ ] Update `staticiforme.torproject.org`:
+  - From `screen` session on `staticiforme.torproject.org`:
+  - [ ] Static update components : `static-update-component dist.torproject.org`
+  - [ ] Remove old release data from `/srv/dist-master.torproject.org/htdocs/mullvadbrowser`
+  - [ ] Static update components (again) : `static-update-component dist.torproject.org`
 
 </details>
 


=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
=====================================
@@ -185,7 +185,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
     - **NOTE** : Skip this step if the current release is Android or Desktop *only*
     - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
     - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
-  - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component
+  - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
 - [ ] Publish APKs to Google Play:
   - Log into https://play.google.com/apps/publish
   - Select `Tor Browser (Alpha)` app


=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Stable.md
=====================================
@@ -190,7 +190,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
     - **NOTE** : Skip this step if the current release is Android or Desktop *only*
     - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
     - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
-- [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component
+- [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
 - [ ] Publish APKs to Google Play:
   - Log into https://play.google.com/apps/publish
   - Select `Tor Browser` app


=====================================
tools/signing/do-all-signing
=====================================
@@ -14,12 +14,17 @@ echo
 test -f "$steps_dir/macos-signer-notarization.done" ||
   read -sp "Enter macos notarization passphrase: " NOTARIZATION_PW
 echo
+is_project torbrowser && nssdb=torbrowser-nssdb7
+is_project mullvadbrowser && nssdb=mullvadbrowser-nssdb-1
 test -f "$steps_dir/linux-signer-signmars.done" ||
-  read -sp "Enter nssdb7 (mar signing) passphrase: " NSSPASS
-echo
-test -f "$steps_dir/linux-signer-sign-android-apks.done" ||
-  read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS
+  read -sp "Enter $nssdb (mar signing) passphrase: " NSSPASS
 echo
+
+if is_project torbrowser; then
+  test -f "$steps_dir/linux-signer-sign-android-apks.done" ||
+    read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS
+  echo
+fi
 test -f "$steps_dir/linux-signer-authenticode-signing.done" ||
   read -sp "Enter windows authenticode passphrase: " YUBIPASS
 echo
@@ -227,12 +232,9 @@ do_step sync-after-hash
 do_step linux-signer-gpg-sign
 do_step sync-after-gpg-sign
 do_step download-unsigned-sha256sums-gpg-signatures-from-people-tpo
-is_project torbrowser && \
-  do_step sync-local-to-staticiforme
-is_project torbrowser && \
-  do_step sync-scripts-to-staticiforme
-is_project torbrowser && \
-  do_step staticiforme-prepare-cdn-dist-upload
+do_step sync-local-to-staticiforme
+do_step sync-scripts-to-staticiforme
+do_step staticiforme-prepare-cdn-dist-upload
 do_step upload-update_responses-to-staticiforme
 do_step finished-signing-clean-macos-signer
 do_step finished-signing-clean-linux-signer


=====================================
tools/signing/staticiforme-prepare-cdn-dist-upload
=====================================
@@ -16,21 +16,29 @@ chmod 775 "$dist_dir"
 chmod 664 "$dist_dir"/*
 chmod 664 "$dist_dir/.htaccess"
 
-cdn_dir="/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser/$tbb_version"
-if test -d "$cdn_dir"
-then
-  echo "Error: $cdn_dir already exists" >&2
-  exit 1
+if is_project torbrowser; then
+  cdn_dir="/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser/$tbb_version"
+  if test -d "$cdn_dir"
+  then
+    echo "Error: $cdn_dir already exists" >&2
+    exit 1
+  fi
+  mkdir "$cdn_dir"
+  chgrp tb-release "$cdn_dir"
+  chmod 775 "$cdn_dir"
+  cd "$cdn_dir"
+  for marfile in "$dist_dir"/*.mar; do
+    ln -f "$marfile" .
+  done
+
+  dest='cdn.tpo and dist.tpo'
+  staticupdatecmd='static-update-component cdn.torproject.org && static-update-component dist.torproject.org'
+else
+  dest='dist.tpo'
+  staticupdatecmd='static-update-component dist.torproject.org'
 fi
-mkdir "$cdn_dir"
-chgrp tb-release "$cdn_dir"
-chmod 775 "$cdn_dir"
-cd "$cdn_dir"
-for marfile in "$dist_dir"/*.mar; do
-  ln -f "$marfile" .
-done
 
-echo "$tbb_version is ready to upload to cdn.tpo and dist.tpo"
+echo "$tbb_version is ready to upload to $dest"
 echo "You should remove the old version(s) before starting the upload with:"
-echo '  static-update-component cdn.torproject.org && static-update-component dist.torproject.org'
+echo "  $staticupdatecmd"
 echo '(preferably using screen or tmux)'


=====================================
tools/signing/sync-local-to-staticiforme
=====================================
@@ -3,4 +3,4 @@ set -e
 script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 source "$script_dir/functions"
 
-rsync $rsync_options "$signed_version_dir/" "$ssh_host_staticiforme:/srv/dist-master.torproject.org/htdocs/torbrowser/$tbb_version/"
+rsync $rsync_options "$signed_version_dir/" "$ssh_host_staticiforme:/srv/dist-master.torproject.org/htdocs/$SIGNING_PROJECTNAME/$tbb_version/"



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/0c27c294b994be9ba5376c46eeac81551bf6c02b...1472747b909b2c9b3fe0ff0591aac85c55a460d7

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/0c27c294b994be9ba5376c46eeac81551bf6c02b...1472747b909b2c9b3fe0ff0591aac85c55a460d7
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20230615/80dbf52a/attachment-0001.htm>

More information about the tbb-commits mailing list