richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build
Commits:
-
ae9e3999
by Nicolas Vigier at 2023-11-30T13:58:17+00:00
4 changed files:
Changes:
... | ... | @@ -239,6 +239,12 @@ torbrowser-compare-windows-signed-unsigned-release: submodule-update |
239 | 239 | torbrowser-compare-windows-signed-unsigned-alpha: submodule-update
|
240 | 240 | $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target torbrowser
|
241 | 241 | |
242 | +torbrowser-compare-mar-signed-unsigned-release: submodule-update
|
|
243 | + $(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target torbrowser
|
|
244 | + |
|
245 | +torbrowser-compare-mar-signed-unsigned-alpha: submodule-update
|
|
246 | + $(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target torbrowser
|
|
247 | + |
|
242 | 248 | |
243 | 249 | ########################
|
244 | 250 | # Base Browser Targets #
|
... | ... | @@ -577,6 +583,12 @@ mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update |
577 | 583 | mullvadbrowser-compare-windows-signed-unsigned-alpha: submodule-update
|
578 | 584 | $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target mullvadbrowser
|
579 | 585 | |
586 | +mullvadbrowser-compare-mar-signed-unsigned-release: submodule-update
|
|
587 | + $(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target mullvadbrowser
|
|
588 | + |
|
589 | +mullvadbrowser-compare-mar-signed-unsigned-alpha: submodule-update
|
|
590 | + $(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target mullvadbrowser
|
|
591 | + |
|
580 | 592 | |
581 | 593 | ############################
|
582 | 594 | # Toolchain Update Targets #
|
... | ... | @@ -141,3 +141,8 @@ torbrowser-compare-windows-signed-unsigned-{release,alpha} |
141 | 141 | Unsign exe files from directory torbrowser/{release,alpha}/signed/$version
|
142 | 142 | and compare them with the checksum from sha256sums-unsigned-build.txt.
|
143 | 143 | |
144 | +torbrowser-compare-mar-signed-unsigned-{release,alpha}
|
|
145 | +----------------------------------------------------------
|
|
146 | +Unsign mar files from directory torbrowser/{release,alpha}/signed/$version
|
|
147 | +and compare them with the checksum from sha256sums-unsigned-build.txt.
|
|
148 | + |
1 | +#!/bin/bash
|
|
2 | +[% c("var/set_default_env") -%]
|
|
3 | +[% IF c("var/nightly") -%]
|
|
4 | + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("version") %]
|
|
5 | +[% ELSE -%]
|
|
6 | + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version") %]
|
|
7 | +[% END -%]
|
|
8 | + |
|
9 | +if ! test -d "$build_dir"
|
|
10 | +then
|
|
11 | + echo "Error: Directory $build_dir does not exist" 1>&2
|
|
12 | + echo "You can download it with this command:" 1>&2
|
|
13 | + echo " ./tools/download-[% c("var/projectname") %] [% c("var/torbrowser_version") %]" 1>&2
|
|
14 | + exit 1
|
|
15 | +fi
|
|
16 | + |
|
17 | +sha256sums_files=sha256sums-unsigned-build.txt
|
|
18 | +cd "$build_dir"
|
|
19 | +test -f sha256sums-unsigned-build.incrementals.txt \
|
|
20 | + && sha256sums_files="$sha256sums_files sha256sums-unsigned-build.incrementals.txt"
|
|
21 | +cp -a -- $(ls -1 *.mar | grep -v -- -macos-) $sha256sums_files "$rootdir/"
|
|
22 | +cd "$rootdir"
|
|
23 | + |
|
24 | +unzip -q "$rootdir/[% c('input_files_by_name/mar-tools') %]"
|
|
25 | +export PATH="$rootdir/mar-tools:$PATH"
|
|
26 | +export LD_LIBRARY_PATH="$rootdir/mar-tools"
|
|
27 | + |
|
28 | +for file in *.mar
|
|
29 | +do
|
|
30 | + signmar -r "$file" "unsigned-$file"
|
|
31 | + mv -f "unsigned-$file" "$file"
|
|
32 | + echo "Unsigned $file"
|
|
33 | +done
|
|
34 | + |
|
35 | +grep -h -- '\.mar$' $sha256sums_files | grep -v -- -macos- | sha256sum -c
|
|
36 | + |
|
37 | +cat << 'EOF'
|
|
38 | +macOS mar files have been skipped as we don't yet have a good solution
|
|
39 | +to remove code signing from those files.
|
|
40 | +See https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40988
|
|
41 | + |
|
42 | +Windows and Linux unsigned mar files are matching with
|
|
43 | +sha256sums-unsigned-build.txt.
|
|
44 | +EOF |
... | ... | @@ -271,3 +271,11 @@ steps: |
271 | 271 | name: osslsigncode
|
272 | 272 | pkg_type: build
|
273 | 273 | compare_windows_signed_unsigned_exe: '[% INCLUDE compare_windows_signed_unsigned_exe %]'
|
274 | + compare_mar_signed_unsigned:
|
|
275 | + build_log: '-'
|
|
276 | + debug: 0
|
|
277 | + input_files:
|
|
278 | + - project: mar-tools
|
|
279 | + name: mar-tools
|
|
280 | + pkg_type: fetch_martools
|
|
281 | + compare_mar_signed_unsigned: '[% INCLUDE compare_mar_signed_unsigned %]' |