Richard Pospesel pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
-
d2179847
by Richard Pospesel at 2023-03-27T09:59:36+00:00
7 changed files:
- projects/browser/build
- projects/release/dmg2mar
- projects/release/update_responses_config.yml
- rbm.conf
- tools/dmg2mar
- tools/marsigning_check.sh
- tools/update-responses/update_responses
Changes:
| ... | ... | @@ -345,7 +345,7 @@ cd $distdir |
| 345 | 345 | [% SET mar_file = c("var/project-name") _ '-' _ c("var/mar_osname") _ '-' _ c("var/torbrowser_version") _ '_${PKG_LOCALE}.mar' %]
|
| 346 | 346 | MAR=$MARTOOLS/mar \
|
| 347 | 347 | MOZ_PRODUCT_VERSION=[% c("var/torbrowser_version") %] \
|
| 348 | - MAR_CHANNEL_ID=torbrowser-torproject-[% c("var/channel") %] \
|
|
| 348 | + MAR_CHANNEL_ID=[% c("var/mar_channel_id") %] \
|
|
| 349 | 349 | $MARTOOLS/make_full_update.sh -q $OUTDIR/[% mar_file %] "$TBDIR"
|
| 350 | 350 | [% END -%]
|
| 351 | 351 |
| ... | ... | @@ -5,4 +5,4 @@ cd [% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version |
| 5 | 5 | export TOR_APPNAME_BUNDLE_OSX='[% c("var/Project_Name") -%]'
|
| 6 | 6 | export TOR_APPNAME_DMGFILE='[% c("var/ProjectName") -%]'
|
| 7 | 7 | export TOR_APPNAME_MARFILE='[% c("var/project-name") -%]'
|
| 8 | -[% shell_quote(c("basedir")) %]/tools/dmg2mar [% c("var/channel") %] |
|
| 8 | +[% shell_quote(c("basedir")) %]/tools/dmg2mar [% c("var/mar_channel_id") %] |
| ... | ... | @@ -31,6 +31,7 @@ versions: |
| 31 | 31 | [% IF c("var/create_unsigned_incrementals") -%]
|
| 32 | 32 | releases_dir: [% path(c('output_dir')) %]/unsigned
|
| 33 | 33 | [% END -%]
|
| 34 | + mar_channel_id: [% c('var/mar_channel_id') %]
|
|
| 34 | 35 | platformVersion: [% pc('firefox', 'var/firefox_platform_version') %]
|
| 35 | 36 | detailsURL: https://blog.torproject.org/new-release-tor-browser-[% c("var/torbrowser_version") FILTER remove('\.') %]
|
| 36 | 37 | incremental_from:
|
| ... | ... | @@ -77,6 +77,8 @@ var: |
| 77 | 77 | - 12.5a3
|
| 78 | 78 | updater_enabled: 1
|
| 79 | 79 | build_mar: 1
|
| 80 | + mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]'
|
|
| 81 | + |
|
| 80 | 82 | # By default, we sort the list of installed packages. This allows sharing
|
| 81 | 83 | # containers with identical list of packages, even if they are not listed
|
| 82 | 84 | # in the same order. In the cases where the installation order is
|
| ... | ... | @@ -104,7 +104,7 @@ sub get_dmg_files_from_sha256sums { |
| 104 | 104 | }
|
| 105 | 105 | |
| 106 | 106 | sub convert_files {
|
| 107 | - my ($channel) = @_;
|
|
| 107 | + my ($mar_channel_id) = @_;
|
|
| 108 | 108 | my $pm = Parallel::ForkManager->new(get_nbprocs);
|
| 109 | 109 | $pm->run_on_finish(
|
| 110 | 110 | sub {
|
| ... | ... | @@ -149,7 +149,7 @@ sub convert_files { |
| 149 | 149 | |
| 150 | 150 | unlink $output;
|
| 151 | 151 | local $ENV{MOZ_PRODUCT_VERSION} = $file->{version};
|
| 152 | - local $ENV{MAR_CHANNEL_ID} = "torbrowser-torproject-$channel";
|
|
| 152 | + local $ENV{MAR_CHANNEL_ID} = $mar_channel_id;
|
|
| 153 | 153 | local $ENV{TMPDIR} = $tmpdir;
|
| 154 | 154 | (undef, $err, $success) = capture_exec('make_full_update.sh', '-q',
|
| 155 | 155 | $output, $appdir);
|
| ... | ... | @@ -178,9 +178,9 @@ sub remove_incremental_mars { |
| 178 | 178 | $ENV{LC_ALL} = 'C';
|
| 179 | 179 | |
| 180 | 180 | |
| 181 | -exit_error "Please specify update channel" unless @ARGV == 1;
|
|
| 182 | -my $channel = $ARGV[0];
|
|
| 181 | +exit_error "Please specify the mar channel id" unless @ARGV == 1;
|
|
| 182 | +my $mar_channel_id = $ARGV[0];
|
|
| 183 | 183 | |
| 184 | 184 | extract_martools;
|
| 185 | -convert_files $channel;
|
|
| 185 | +convert_files $mar_channel_id;
|
|
| 186 | 186 | remove_incremental_mars; |
| ... | ... | @@ -35,7 +35,7 @@ |
| 35 | 35 | # 2) Let LD_LIBRARY_PATH point to the mar-tools directory
|
| 36 | 36 | # 3) Let NSS_DB_DIR point to the directory containing the database with the
|
| 37 | 37 | # signing certificate to check against.
|
| 38 | -# 4) Let CHANNEL be the expected update channel
|
|
| 38 | +# 4) Let MAR_CHANNEL_ID be the expected update channel (eg: torbrowser-torproject-alpha)
|
|
| 39 | 39 | #
|
| 40 | 40 | # To create the database to use for signature checking import the
|
| 41 | 41 | # release*.der certificate of your choice found in
|
| ... | ... | @@ -45,9 +45,9 @@ |
| 45 | 45 | # certutil -d nssdb -N --empty-password
|
| 46 | 46 | # certutil -A -n "marsigner" -t,, -d nssdb -i /path/to/.der
|
| 47 | 47 | #
|
| 48 | -# 4) Change into the directory containing the MAR files and the
|
|
| 48 | +# 5) Change into the directory containing the MAR files and the
|
|
| 49 | 49 | # sha256sums-unsigned-build.txt/sha256sums-unsigned-build.incrementals.txt.
|
| 50 | -# 5) Run /path/to/marsigning_check.sh
|
|
| 50 | +# 6) Run /path/to/marsigning_check.sh
|
|
| 51 | 51 | |
| 52 | 52 | if [ -z "$SIGNMAR" ]
|
| 53 | 53 | then
|
| ... | ... | @@ -67,9 +67,9 @@ then |
| 67 | 67 | exit 1
|
| 68 | 68 | fi
|
| 69 | 69 | |
| 70 | -if [ -z "$CHANNEL" ]
|
|
| 70 | +if [ -z "$MAR_CHANNEL_ID" ]
|
|
| 71 | 71 | then
|
| 72 | - echo "The update channel is missing! ([nightly|alpha|release])"
|
|
| 72 | + echo "The update channel is missing! (torbrowser-torproject-[nightly|alpha|release])"
|
|
| 73 | 73 | exit 1
|
| 74 | 74 | fi
|
| 75 | 75 | |
| ... | ... | @@ -106,7 +106,7 @@ for f in *.mar; do |
| 106 | 106 | fi
|
| 107 | 107 | |
| 108 | 108 | # Test 1.5: Is the MAR file correctly signed by the correct channel key?
|
| 109 | - if [ ! "$($SIGNMAR -T "$f" | grep "MAR channel name")" = " - MAR channel name: torbrowser-torproject-${CHANNEL}" ]; then
|
|
| 109 | + if [ ! "$($SIGNMAR -T "$f" | grep "MAR channel name")" = " - MAR channel name: ${MAR_CHANNEL_ID}" ]; then
|
|
| 110 | 110 | echo "$f contains wrong update channel!"
|
| 111 | 111 | fi
|
| 112 | 112 |
| ... | ... | @@ -264,7 +264,7 @@ sub create_incremental_mar { |
| 264 | 264 | }
|
| 265 | 265 | }
|
| 266 | 266 | local $ENV{MOZ_PRODUCT_VERSION} = $new_version;
|
| 267 | - local $ENV{MAR_CHANNEL_ID} = "torbrowser-torproject-$channel";
|
|
| 267 | + local $ENV{MAR_CHANNEL_ID} = get_config($config, $new_version, $os, 'mar_channel_id');
|
|
| 268 | 268 | local $ENV{TMPDIR} = $tmpdir;
|
| 269 | 269 | my ($out, $err, $success) = capture_exec('make_incremental_update.sh',
|
| 270 | 270 | $mar_file_path, "$tmpdir/A", "$tmpdir/B");
|