morgan pushed to branch main at The Tor Project / Applications / tor-browser-build

Commits:

2 changed files:

Changes:

  • tools/signing/README
    1 
    -The files in this directory are a large part of what we use when signing
    2 
    -releases. The scripts are meant to be templates, though, at the moment
    3 
    -omitting specific paths and credential information.
    1 
    +This directory contains the scripts used to sign Tor Browser, Mullvad
    2 
    +Browser and Tor VPN.
    4 3
    5 
    -Additionally, when starting to use them for your own signing setup don't forget
    6 
    -to adapt the locale list if needed. The entitlement files, however, are kept
    7 
    -up-to-date.
    4 
    +For information about using those scripts, see the `Release Prep` gitlab
    5 
    +issue templates in the `.gitlab/issue_templates` directory.
    6 
    +
    7 
    +The scripts in the machines-setup/ directory are used to setup the
    8 
    +signing machines (see README.md file in that directory for more details).
    8 9
    9 10 
     The scripts in the nightly/ directory are used to sign and publish the
    10 11 
     nightly updates.

  • tools/signing/machines-setup/README.md
    1 
    +This directory contains the scripts used to setup the signing machines.
    2 
    +
    3 
    +It handles everything in the setup, except installation of the signing
    4 
    +keys, which is done manually.
    5 
    +
    6 
    +# Deploying changes on the signing machines
    7 
    +
    8 
    +To deploy changes on the signing machines you need:
    9 
    +* access to the `root` account (either running `su -` and entering the
    10 
    +  `root` password, or having your ssh key in `~root/.ssh/authorized_keys`)
    11 
    +* access to the `setup` account via ssh (the `setup-signing-machine`
    12 
    +  script should be updated to add your key there)
    13 
    +
    14 
    +Deploying changes to the signing machines is done with the following two scripts:
    15 
    +* upload-tbb-to-signing-machine
    16 
    +* setup-signing-machine
    17 
    +
    18 
    +## upload-tbb-to-signing-machine
    19 
    +
    20 
    +This script should be run from your local machine (from which you access
    21 
    +the signing machine). It will create a tarball of tor-browser-build from
    22 
    +the `HEAD` commit, upload it to the signing machine and extract it in
    23 
    +the `/signing` directory. In addition it will download and upload to
    24 
    +the signing machine the tools used in the signing process.
    25 
    +
    26 
    +Before running the script you may edit the line
    27 
    +`signing_machine='linux-signer'` to change the hostname of the signing
    28 
    +machine.
    29 
    +
    30 
    +## setup-signing-machine
    31 
    +
    32 
    +This script should be run on the signing machine as root. It will install
    33 
    +required packages, create user accounts and setup signing tools.
    34 
    +
    35 
    +After running `upload-tbb-to-signing-machine`, open a root shell on the
    36 
    +signing machine and run
    37 
    +`/signing/tor-browser-build/tools/signing/machines-setup/setup-signing-machine`.


    • View it on GitLab.
    You're receiving this email because of your account on gitlab.torproject.org. Manage all notifications · Help Notification message regarding https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/1679268e91eb8c9684552db6b7dfe968c5d7c927...7b232a131c823a060ffaa43d4e58a747b13932ae at 1756741780