richard pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
-
0a782e66
by Nicolas Vigier at 2023-07-13T11:09:15+02:00
2 changed files:
- .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
- .gitlab/issue_templates/Release Prep - Tor Browser Stable.md
Changes:
... | ... | @@ -169,6 +169,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch |
169 | 169 | ### signing
|
170 | 170 | - **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long
|
171 | 171 | - [ ] On `$(STAGING_SERVER)`, ensure updated:
|
172 | + - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N) && git checkout tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N)`
|
|
172 | 173 | - [ ] `tor-browser-build/tools/signing/set-config.hosts`
|
173 | 174 | - `ssh_host_builder` : ssh hostname of machine with unsigned builds
|
174 | 175 | - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
|
... | ... | @@ -215,6 +216,35 @@ Tor Browser Alpha (and Nightly) are on the `main` branch |
215 | 216 | |
216 | 217 | </details>
|
217 | 218 | |
219 | +<details>
|
|
220 | + <summary>Signature verification</summary>
|
|
221 | + |
|
222 | + <details>
|
|
223 | + <summary>Check whether the .exe files got properly signed and timestamped</summary>
|
|
224 | + ```
|
|
225 | + # Point OSSLSIGNCODE to your osslsigncode binary
|
|
226 | + pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
|
|
227 | + OSSLSIGNCODE=/path/to/osslsigncode
|
|
228 | + ../../../tools/authenticode_check.sh
|
|
229 | + popd
|
|
230 | + ```
|
|
231 | + </details>
|
|
232 | + <details>
|
|
233 | + <summary>Check whether the MAR files got properly signed</summary>
|
|
234 | + ```
|
|
235 | + # Point NSSDB to your nssdb containing the mar signing certificate
|
|
236 | + # Point SIGNMAR to your signmar binary
|
|
237 | + # Point LD_LIBRARY_PATH to your mar-tools directory
|
|
238 | + pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
|
|
239 | + NSSDB=/path/to/nssdb
|
|
240 | + SIGNMAR=/path/to/mar-tools/signmar
|
|
241 | + LD_LIBRARY_PATH=/path/to/mar-tools/
|
|
242 | + ../../../tools/marsigning_check.sh
|
|
243 | + popd
|
|
244 | + ```
|
|
245 | + </details>
|
|
246 | +</details>
|
|
247 | + |
|
218 | 248 | <details>
|
219 | 249 | <summary>Publishing</summary>
|
220 | 250 | |
... | ... | @@ -233,6 +263,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch |
233 | 263 | ### blog: https://gitlab.torproject.org/tpo/web/blog.git
|
234 | 264 | |
235 | 265 | - [ ] Duplicate previous Stable or Alpha release blog post as appropriate to new directory under `content/blog/new-release-tor-browser-$(TOR_BROWSER_VERSION)` and update with info on release :
|
266 | + - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory)
|
|
236 | 267 | - [ ] Update Tor Browser version numbers
|
237 | 268 | - [ ] Note any ESR rebase
|
238 | 269 | - [ ] Link to any Firefox security updates from ESR upgrade
|
... | ... | @@ -166,6 +166,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE |
166 | 166 | ### signing
|
167 | 167 | - **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long
|
168 | 168 | - [ ] On `$(STAGING_SERVER)`, ensure updated:
|
169 | + - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N) && git checkout tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N)`
|
|
169 | 170 | - [ ] `tor-browser-build/tools/signing/set-config.hosts`
|
170 | 171 | - `ssh_host_builder` : ssh hostname of machine with unsigned builds
|
171 | 172 | - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
|
... | ... | @@ -212,6 +213,35 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE |
212 | 213 | |
213 | 214 | </details>
|
214 | 215 | |
216 | +<details>
|
|
217 | + <summary>Signature verification</summary>
|
|
218 | + |
|
219 | + <details>
|
|
220 | + <summary>Check whether the .exe files got properly signed and timestamped</summary>
|
|
221 | + ```
|
|
222 | + # Point OSSLSIGNCODE to your osslsigncode binary
|
|
223 | + pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
|
|
224 | + OSSLSIGNCODE=/path/to/osslsigncode
|
|
225 | + ../../../tools/authenticode_check.sh
|
|
226 | + popd
|
|
227 | + ```
|
|
228 | + </details>
|
|
229 | + <details>
|
|
230 | + <summary>Check whether the MAR files got properly signed</summary>
|
|
231 | + ```
|
|
232 | + # Point NSSDB to your nssdb containing the mar signing certificate
|
|
233 | + # Point SIGNMAR to your signmar binary
|
|
234 | + # Point LD_LIBRARY_PATH to your mar-tools directory
|
|
235 | + pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
|
|
236 | + NSSDB=/path/to/nssdb
|
|
237 | + SIGNMAR=/path/to/mar-tools/signmar
|
|
238 | + LD_LIBRARY_PATH=/path/to/mar-tools/
|
|
239 | + ../../../tools/marsigning_check.sh
|
|
240 | + popd
|
|
241 | + ```
|
|
242 | + </details>
|
|
243 | +</details>
|
|
244 | + |
|
215 | 245 | <details>
|
216 | 246 | <summary>Publishing</summary>
|
217 | 247 | |
... | ... | @@ -230,6 +260,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE |
230 | 260 | ### blog: https://gitlab.torproject.org/tpo/web/blog.git
|
231 | 261 | |
232 | 262 | - [ ] Duplicate previous Stable or Alpha release blog post as appropriate to new directory under `content/blog/new-release-tor-browser-$(TOR_BROWSER_VERSION)` and update with info on release :
|
263 | + - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory)
|
|
233 | 264 | - [ ] Update Tor Browser version numbers
|
234 | 265 | - [ ] Note any ESR rebase
|
235 | 266 | - [ ] Link to any Firefox security updates from ESR upgrade
|