morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 7d122642 by Nicolas Vigier at 2025-09-01T16:53:45+02:00 Bug 41064: Update tools/signing/README - - - - - 7b232a13 by Nicolas Vigier at 2025-09-01T17:22:25+02:00 Bug 41064: Add tools/signing/machines-setup/README.md - - - - - 2 changed files: - tools/signing/README - + tools/signing/machines-setup/README.md Changes: ===================================== tools/signing/README ===================================== @@ -1,10 +1,11 @@ -The files in this directory are a large part of what we use when signing -releases. The scripts are meant to be templates, though, at the moment -omitting specific paths and credential information. +This directory contains the scripts used to sign Tor Browser, Mullvad +Browser and Tor VPN. -Additionally, when starting to use them for your own signing setup don't forget -to adapt the locale list if needed. The entitlement files, however, are kept -up-to-date. +For information about using those scripts, see the `Release Prep` gitlab +issue templates in the `.gitlab/issue_templates` directory. + +The scripts in the machines-setup/ directory are used to setup the +signing machines (see README.md file in that directory for more details). The scripts in the nightly/ directory are used to sign and publish the nightly updates. ===================================== tools/signing/machines-setup/README.md ===================================== @@ -0,0 +1,37 @@ +This directory contains the scripts used to setup the signing machines. + +It handles everything in the setup, except installation of the signing +keys, which is done manually. + +# Deploying changes on the signing machines + +To deploy changes on the signing machines you need: +* access to the `root` account (either running `su -` and entering the + `root` password, or having your ssh key in `~root/.ssh/authorized_keys`) +* access to the `setup` account via ssh (the `setup-signing-machine` + script should be updated to add your key there) + +Deploying changes to the signing machines is done with the following two scripts: +* upload-tbb-to-signing-machine +* setup-signing-machine + +## upload-tbb-to-signing-machine + +This script should be run from your local machine (from which you access +the signing machine). It will create a tarball of tor-browser-build from +the `HEAD` commit, upload it to the signing machine and extract it in +the `/signing` directory. In addition it will download and upload to +the signing machine the tools used in the signing process. + +Before running the script you may edit the line +`signing_machine='linux-signer'` to change the hostname of the signing +machine. + +## setup-signing-machine + +This script should be run on the signing machine as root. It will install +required packages, create user accounts and setup signing tools. + +After running `upload-tbb-to-signing-machine`, open a root shell on the +signing machine and run +`/signing/tor-browser-build/tools/signing/machines-setup/setup-signing-machine`. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/1... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/1... You're receiving this email because of your account on gitlab.torproject.org.