boklm pushed to branch maint-12.0 at The Tor Project / Applications / tor-browser-build
Commits: 98053ed8 by Nicolas Vigier at 2023-01-19T13:08:57+01:00 Bug 40723: Use tor-browser-update-responses.git in upload-update_responses-to-staticiforme
- - - - -
6 changed files:
- .gitlab/issue_templates/Release Prep - Alpha.md - .gitlab/issue_templates/Release Prep - Stable.md - tools/signing/do-all-signing - tools/signing/functions - + tools/signing/set-config.update-responses - tools/signing/upload-update_responses-to-staticiforme
Changes:
===================================== .gitlab/issue_templates/Release Prep - Alpha.md ===================================== @@ -210,6 +210,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in - `ssh_host_macos_signer` : ssh hostname of macOS signing machine - [ ] `tor-browser-build/tools/signing/set-config.macos-notarization` - `macos_notarization_user` : the email login for a tor notariser Apple Developer account + - [ ] `set-config.update-responses` + - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git` - [ ] `tor-browser-build/tools/signing/set-config.tbb-version` - `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) @@ -230,7 +232,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` - - [ ] Enable update responses : `./deploy_update_responses-alpha.sh` + - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-alpha.sh` - [ ] Publish APKs to Google Play: - Log into https://play.google.com/apps/publish - Select `Tor Browser (Alpha)` app
===================================== .gitlab/issue_templates/Release Prep - Stable.md ===================================== @@ -297,6 +297,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in - [ ] `ssh_host_macos_signer` : ssh hostname of macOS signing machine - [ ] `tor-browser-build/tools/signing/set-config.macos-notarization` - [ ] `macos_notarization_user` : the email login for a tor notariser Apple Developer account + - [ ] `set-config.update-responses` + - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git` - [ ] `tor-browser-build/tools/signing/set-config.tbb-version` - [ ] `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) - [ ] `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) @@ -318,8 +320,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` - [ ] Enable update responses : - - [ ] alpha: `./deploy_update_responses-alpha.sh` - - [ ] release: `./deploy_update_responses-release.sh` + - [ ] alpha: `sudo -u tb-release ./deploy_update_responses-alpha.sh` + - [ ] release: `sudo -u tb-release ./deploy_update_responses-release.sh` - [ ] ***(Android Only)*** : Publish APKs to Google Play: - [ ] Log into https://play.google.com/apps/publish - [ ] Select `Tor Browser` app
===================================== tools/signing/do-all-signing ===================================== @@ -2,6 +2,7 @@ set -e script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source "$script_dir/functions" +source "$script_dir/set-config.update-responses"
NON_INTERACTIVE=1 steps_dir="$signed_version_dir.steps"
===================================== tools/signing/functions ===================================== @@ -19,4 +19,16 @@ function check_torbrowser_version_var { return 0 }
+function check_update_responses_repository_dir { + if test -z "$update_responses_repository_dir" || ! test -d "$update_responses_repository_dir" + then + cat << 'EOF' > /dev/stderr +$aus1_repository_dir is not defined, or the directory does not exist +You should clone git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git +and set $update_responses_repository_dir in set-config.update-responses +EOF + exit 1 + fi +} + . "$script_dir/set-config"
===================================== tools/signing/set-config.update-responses ===================================== @@ -0,0 +1,7 @@ +# You should clone git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git +# and uncomment the line setting update_responses_repository_dir. +# Don't forget to set user.email and user.name in your git config + +#update_responses_repository_dir=/path/to/tor-browser-update-responses.git + +check_update_responses_repository_dir
===================================== tools/signing/upload-update_responses-to-staticiforme ===================================== @@ -2,6 +2,7 @@ set -e script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source "$script_dir/functions" +source "$script_dir/set-config.update-responses"
check_torbrowser_version_var
@@ -17,33 +18,40 @@ else popd > /dev/null fi
-update_dir=/srv/aus1-master.torproject.org/htdocs/torbrowser/update_3 +cd $update_responses_repository_dir +git checkout main +git pull --ff-only +test -n "$(git status --porcelain=v1 | grep -v '^?')" \ + && exit_error 'update_responses_repository_dir has modified files' +cd update_3 +rm -Rf "$tbb_version_type" +tar -xf "$update_responses_tar" +git add "$tbb_version_type" +git commit -m "$tbb_version_type: new version, $tbb_version" +update_responses_commit=$(git log -1 --format=%H) + +update_dir=/srv/aus1-master.torproject.org/htdocs/torbrowser deploy_script=$(mktemp) trap "rm -Rf $deploy_script" EXIT cat << EOF > "$deploy_script" #!/bin/bash set -e
-tmpdir="$(mktemp -d)" +echo "Deploying version $tbb_version" +echo "update_responses_commit: $update_responses_commit"
-trap "rm -Rf $tmpdir" EXIT - -rm -Rf "$update_dir/$tbb_version_type.old" -test -d "$update_dir/$tbb_version_type" && \ - mv -v "$update_dir/$tbb_version_type" "$update_dir/$tbb_version_type.old" - -tar -C "$tmpdir" -xf ~/$update_responses_tar_filename -chmod 775 "$tmpdir"/$tbb_version_type -chmod 664 "$tmpdir"/$tbb_version_type/* "$tmpdir"/$tbb_version_type/.htaccess -chgrp -R torwww "$tmpdir"/$tbb_version_type -mv -v "$tmpdir"/$tbb_version_type "$update_dir/$tbb_version_type" +cd "$update_dir" +git fetch +git checkout "$update_responses_commit"
static-update-component aus1.torproject.org EOF
chmod +x $deploy_script -scp -p "$update_responses_tar" "$ssh_host_staticiforme:" scp -p $deploy_script $ssh_host_staticiforme:deploy_update_responses-$tbb_version_type.sh
+git push + echo 'To enable updates you can now run:' -echo " ssh $ssh_host_staticiforme ./deploy_update_responses-$tbb_version_type.sh" +echo " ssh $ssh_host_staticiforme" +echo " sudo -u tb-release ./deploy_update_responses-$tbb_version_type.sh"
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/98...