richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build

Commits:

4 changed files:

Changes:

  • Makefile
    ... ... @@ -239,6 +239,12 @@ torbrowser-compare-windows-signed-unsigned-release: submodule-update
    239 239
     torbrowser-compare-windows-signed-unsigned-alpha: submodule-update
    
    240 240
     	$(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target torbrowser
    
    241 241
     
    
    242
    +torbrowser-compare-mar-signed-unsigned-release: submodule-update
    
    243
    +	$(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target torbrowser
    
    244
    +
    
    245
    +torbrowser-compare-mar-signed-unsigned-alpha: submodule-update
    
    246
    +	$(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target torbrowser
    
    247
    +
    
    242 248
     
    
    243 249
     ########################
    
    244 250
     # Base Browser Targets #
    
    ... ... @@ -577,6 +583,12 @@ mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update
    577 583
     mullvadbrowser-compare-windows-signed-unsigned-alpha: submodule-update
    
    578 584
     	$(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target mullvadbrowser
    
    579 585
     
    
    586
    +mullvadbrowser-compare-mar-signed-unsigned-release: submodule-update
    
    587
    +	$(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target mullvadbrowser
    
    588
    +
    
    589
    +mullvadbrowser-compare-mar-signed-unsigned-alpha: submodule-update
    
    590
    +	$(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target mullvadbrowser
    
    591
    +
    
    580 592
     
    
    581 593
     ############################
    
    582 594
     # Toolchain Update Targets #
    

  • doc/MAKEFILE.txt
    ... ... @@ -141,3 +141,8 @@ torbrowser-compare-windows-signed-unsigned-{release,alpha}
    141 141
     Unsign exe files from directory torbrowser/{release,alpha}/signed/$version
    
    142 142
     and compare them with the checksum from sha256sums-unsigned-build.txt.
    
    143 143
     
    
    144
    +torbrowser-compare-mar-signed-unsigned-{release,alpha}
    
    145
    +----------------------------------------------------------
    
    146
    +Unsign mar files from directory torbrowser/{release,alpha}/signed/$version
    
    147
    +and compare them with the checksum from sha256sums-unsigned-build.txt.
    
    148
    +

  • projects/release/compare_mar_signed_unsigned
    1
    +#!/bin/bash
    
    2
    +[% c("var/set_default_env") -%]
    
    3
    +[% IF c("var/nightly") -%]
    
    4
    +  build_dir=[% shell_quote(path(dest_dir)) %]/[%  c("version") %]
    
    5
    +[% ELSE -%]
    
    6
    +  build_dir=[% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version") %]
    
    7
    +[% END -%]
    
    8
    +
    
    9
    +if ! test -d "$build_dir"
    
    10
    +then
    
    11
    +  echo "Error: Directory $build_dir does not exist" 1>&2
    
    12
    +  echo "You can download it with this command:" 1>&2
    
    13
    +  echo " ./tools/download-[% c("var/projectname") %] [% c("var/torbrowser_version") %]" 1>&2
    
    14
    +  exit 1
    
    15
    +fi
    
    16
    +
    
    17
    +sha256sums_files=sha256sums-unsigned-build.txt
    
    18
    +cd "$build_dir"
    
    19
    +test -f sha256sums-unsigned-build.incrementals.txt \
    
    20
    +  && sha256sums_files="$sha256sums_files sha256sums-unsigned-build.incrementals.txt"
    
    21
    +cp -a -- $(ls -1 *.mar | grep -v -- -macos-) $sha256sums_files "$rootdir/"
    
    22
    +cd "$rootdir"
    
    23
    +
    
    24
    +unzip -q "$rootdir/[% c('input_files_by_name/mar-tools') %]"
    
    25
    +export PATH="$rootdir/mar-tools:$PATH"
    
    26
    +export LD_LIBRARY_PATH="$rootdir/mar-tools"
    
    27
    +
    
    28
    +for file in *.mar
    
    29
    +do
    
    30
    +  signmar -r "$file" "unsigned-$file"
    
    31
    +  mv -f "unsigned-$file" "$file"
    
    32
    +  echo "Unsigned $file"
    
    33
    +done
    
    34
    +
    
    35
    +grep -h -- '\.mar$' $sha256sums_files | grep -v -- -macos- | sha256sum -c
    
    36
    +
    
    37
    +cat << 'EOF'
    
    38
    +macOS mar files have been skipped as we don't yet have a good solution
    
    39
    +to remove code signing from those files.
    
    40
    +See https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40988
    
    41
    +
    
    42
    +Windows and Linux unsigned mar files are matching with
    
    43
    +sha256sums-unsigned-build.txt.
    
    44
    +EOF

  • projects/release/config
    ... ... @@ -271,3 +271,11 @@ steps:
    271 271
             name: osslsigncode
    
    272 272
             pkg_type: build
    
    273 273
         compare_windows_signed_unsigned_exe: '[% INCLUDE compare_windows_signed_unsigned_exe %]'
    
    274
    +  compare_mar_signed_unsigned:
    
    275
    +    build_log: '-'
    
    276
    +    debug: 0
    
    277
    +    input_files:
    
    278
    +      - project: mar-tools
    
    279
    +        name: mar-tools
    
    280
    +        pkg_type: fetch_martools
    
    281
    +    compare_mar_signed_unsigned: '[% INCLUDE compare_mar_signed_unsigned %]'