boklm pushed to branch maint-12.0 at The Tor Project / Applications / tor-browser-build

Commits:

6 changed files:

Changes:

  • .gitlab/issue_templates/Release Prep - Alpha.md
    ... ... @@ -210,6 +210,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
    210 210
         - `ssh_host_macos_signer` : ssh hostname of macOS signing machine
    
    211 211
       - [ ] `tor-browser-build/tools/signing/set-config.macos-notarization`
    
    212 212
         - `macos_notarization_user` : the email login for a tor notariser Apple Developer account
    
    213
    +  - [ ] `set-config.update-responses`
    
    214
    +    - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git`
    
    213 215
       - [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
    
    214 216
         - `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
    
    215 217
         - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
    
    ... ... @@ -230,7 +232,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
    230 232
         - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
    
    231 233
         - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
    
    232 234
       - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
    
    233
    -  - [ ] Enable update responses : `./deploy_update_responses-alpha.sh`
    
    235
    +  - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-alpha.sh`
    
    234 236
     - [ ] Publish APKs to Google Play:
    
    235 237
       - Log into https://play.google.com/apps/publish
    
    236 238
       - Select `Tor Browser (Alpha)` app
    

  • .gitlab/issue_templates/Release Prep - Stable.md
    ... ... @@ -297,6 +297,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
    297 297
         - [ ] `ssh_host_macos_signer` : ssh hostname of macOS signing machine
    
    298 298
       - [ ] `tor-browser-build/tools/signing/set-config.macos-notarization`
    
    299 299
         - [ ] `macos_notarization_user` : the email login for a tor notariser Apple Developer account
    
    300
    +  - [ ] `set-config.update-responses`
    
    301
    +    - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git`
    
    300 302
       - [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
    
    301 303
         - [ ] `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
    
    302 304
         - [ ] `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
    
    ... ... @@ -318,8 +320,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
    318 320
         - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
    
    319 321
       - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
    
    320 322
       - [ ] Enable update responses :
    
    321
    -    - [ ] alpha: `./deploy_update_responses-alpha.sh`
    
    322
    -    - [ ] release: `./deploy_update_responses-release.sh`
    
    323
    +    - [ ] alpha: `sudo -u tb-release ./deploy_update_responses-alpha.sh`
    
    324
    +    - [ ] release: `sudo -u tb-release ./deploy_update_responses-release.sh`
    
    323 325
     - [ ] ***(Android Only)*** : Publish APKs to Google Play:
    
    324 326
       - [ ] Log into https://play.google.com/apps/publish
    
    325 327
       - [ ] Select `Tor Browser` app
    

  • tools/signing/do-all-signing
    ... ... @@ -2,6 +2,7 @@
    2 2
     set -e
    
    3 3
     script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
    
    4 4
     source "$script_dir/functions"
    
    5
    +source "$script_dir/set-config.update-responses"
    
    5 6
     
    
    6 7
     NON_INTERACTIVE=1
    
    7 8
     steps_dir="$signed_version_dir.steps"
    

  • tools/signing/functions
    ... ... @@ -19,4 +19,16 @@ function check_torbrowser_version_var {
    19 19
       return 0
    
    20 20
     }
    
    21 21
     
    
    22
    +function check_update_responses_repository_dir {
    
    23
    +  if test -z "$update_responses_repository_dir" || ! test -d "$update_responses_repository_dir"
    
    24
    +  then
    
    25
    +    cat << 'EOF' > /dev/stderr
    
    26
    +$aus1_repository_dir is not defined, or the directory does not exist
    
    27
    +You should clone git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git
    
    28
    +and set $update_responses_repository_dir in set-config.update-responses
    
    29
    +EOF
    
    30
    +    exit 1
    
    31
    +  fi
    
    32
    +}
    
    33
    +
    
    22 34
     . "$script_dir/set-config"

  • tools/signing/set-config.update-responses
    1
    +# You should clone git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git
    
    2
    +# and uncomment the line setting update_responses_repository_dir.
    
    3
    +# Don't forget to set user.email and user.name in your git config
    
    4
    +
    
    5
    +#update_responses_repository_dir=/path/to/tor-browser-update-responses.git
    
    6
    +
    
    7
    +check_update_responses_repository_dir

  • tools/signing/upload-update_responses-to-staticiforme
    ... ... @@ -2,6 +2,7 @@
    2 2
     set -e
    
    3 3
     script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
    
    4 4
     source "$script_dir/functions"
    
    5
    +source "$script_dir/set-config.update-responses"
    
    5 6
     
    
    6 7
     check_torbrowser_version_var
    
    7 8
     
    
    ... ... @@ -17,33 +18,40 @@ else
    17 18
       popd > /dev/null
    
    18 19
     fi
    
    19 20
     
    
    20
    -update_dir=/srv/aus1-master.torproject.org/htdocs/torbrowser/update_3
    
    21
    +cd $update_responses_repository_dir
    
    22
    +git checkout main
    
    23
    +git pull --ff-only
    
    24
    +test -n "$(git status --porcelain=v1 | grep -v '^?')" \
    
    25
    +  && exit_error 'update_responses_repository_dir has modified files'
    
    26
    +cd update_3
    
    27
    +rm -Rf "$tbb_version_type"
    
    28
    +tar -xf "$update_responses_tar"
    
    29
    +git add "$tbb_version_type"
    
    30
    +git commit -m "$tbb_version_type: new version, $tbb_version"
    
    31
    +update_responses_commit=$(git log -1 --format=%H)
    
    32
    +
    
    33
    +update_dir=/srv/aus1-master.torproject.org/htdocs/torbrowser
    
    21 34
     deploy_script=$(mktemp)
    
    22 35
     trap "rm -Rf $deploy_script" EXIT
    
    23 36
     cat << EOF > "$deploy_script"
    
    24 37
     #!/bin/bash
    
    25 38
     set -e
    
    26 39
     
    
    27
    -tmpdir="\$(mktemp -d)"
    
    40
    +echo "Deploying version $tbb_version"
    
    41
    +echo "update_responses_commit: $update_responses_commit"
    
    28 42
     
    
    29
    -trap "rm -Rf \$tmpdir" EXIT
    
    30
    -
    
    31
    -rm -Rf "$update_dir/$tbb_version_type.old"
    
    32
    -test -d "$update_dir/$tbb_version_type" && \\
    
    33
    -  mv -v "$update_dir/$tbb_version_type" "$update_dir/$tbb_version_type.old"
    
    34
    -
    
    35
    -tar -C "\$tmpdir" -xf ~/$update_responses_tar_filename
    
    36
    -chmod 775 "\$tmpdir"/$tbb_version_type
    
    37
    -chmod 664 "\$tmpdir"/$tbb_version_type/* "\$tmpdir"/$tbb_version_type/.htaccess
    
    38
    -chgrp -R torwww "\$tmpdir"/$tbb_version_type
    
    39
    -mv -v "\$tmpdir"/$tbb_version_type "$update_dir/$tbb_version_type"
    
    43
    +cd "$update_dir"
    
    44
    +git fetch
    
    45
    +git checkout "$update_responses_commit"
    
    40 46
     
    
    41 47
     static-update-component aus1.torproject.org
    
    42 48
     EOF
    
    43 49
     
    
    44 50
     chmod +x $deploy_script
    
    45
    -scp -p "$update_responses_tar" "$ssh_host_staticiforme:"
    
    46 51
     scp -p $deploy_script $ssh_host_staticiforme:deploy_update_responses-$tbb_version_type.sh
    
    47 52
     
    
    53
    +git push
    
    54
    +
    
    48 55
     echo 'To enable updates you can now run:'
    
    49
    -echo "  ssh $ssh_host_staticiforme ./deploy_update_responses-$tbb_version_type.sh"
    56
    +echo "  ssh $ssh_host_staticiforme"
    
    57
    +echo "  sudo -u tb-release ./deploy_update_responses-$tbb_version_type.sh"