Richard Pospesel pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits: d2179847 by Richard Pospesel at 2023-03-27T09:59:36+00:00 Bug 40827: MAR generation uses (mostly) hard-coded MAR update channel
- - - - -
7 changed files:
- projects/browser/build - projects/release/dmg2mar - projects/release/update_responses_config.yml - rbm.conf - tools/dmg2mar - tools/marsigning_check.sh - tools/update-responses/update_responses
Changes:
===================================== projects/browser/build ===================================== @@ -345,7 +345,7 @@ cd $distdir [% SET mar_file = c("var/project-name") _ '-' _ c("var/mar_osname") _ '-' _ c("var/torbrowser_version") _ '_${PKG_LOCALE}.mar' %] MAR=$MARTOOLS/mar \ MOZ_PRODUCT_VERSION=[% c("var/torbrowser_version") %] \ - MAR_CHANNEL_ID=torbrowser-torproject-[% c("var/channel") %] \ + MAR_CHANNEL_ID=[% c("var/mar_channel_id") %] \ $MARTOOLS/make_full_update.sh -q $OUTDIR/[% mar_file %] "$TBDIR" [% END -%]
===================================== projects/release/dmg2mar ===================================== @@ -5,4 +5,4 @@ cd [% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version export TOR_APPNAME_BUNDLE_OSX='[% c("var/Project_Name") -%]' export TOR_APPNAME_DMGFILE='[% c("var/ProjectName") -%]' export TOR_APPNAME_MARFILE='[% c("var/project-name") -%]' -[% shell_quote(c("basedir")) %]/tools/dmg2mar [% c("var/channel") %] +[% shell_quote(c("basedir")) %]/tools/dmg2mar [% c("var/mar_channel_id") %]
===================================== projects/release/update_responses_config.yml ===================================== @@ -31,6 +31,7 @@ versions: [% IF c("var/create_unsigned_incrementals") -%] releases_dir: [% path(c('output_dir')) %]/unsigned [% END -%] + mar_channel_id: [% c('var/mar_channel_id') %] platformVersion: [% pc('firefox', 'var/firefox_platform_version') %] detailsURL: https://blog.torproject.org/new-release-tor-browser-%5B% c("var/torbrowser_version") FILTER remove('.') %] incremental_from:
===================================== rbm.conf ===================================== @@ -77,6 +77,8 @@ var: - 12.5a3 updater_enabled: 1 build_mar: 1 + mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' + # By default, we sort the list of installed packages. This allows sharing # containers with identical list of packages, even if they are not listed # in the same order. In the cases where the installation order is
===================================== tools/dmg2mar ===================================== @@ -104,7 +104,7 @@ sub get_dmg_files_from_sha256sums { }
sub convert_files { - my ($channel) = @_; + my ($mar_channel_id) = @_; my $pm = Parallel::ForkManager->new(get_nbprocs); $pm->run_on_finish( sub { @@ -149,7 +149,7 @@ sub convert_files {
unlink $output; local $ENV{MOZ_PRODUCT_VERSION} = $file->{version}; - local $ENV{MAR_CHANNEL_ID} = "torbrowser-torproject-$channel"; + local $ENV{MAR_CHANNEL_ID} = $mar_channel_id; local $ENV{TMPDIR} = $tmpdir; (undef, $err, $success) = capture_exec('make_full_update.sh', '-q', $output, $appdir); @@ -178,9 +178,9 @@ sub remove_incremental_mars { $ENV{LC_ALL} = 'C';
-exit_error "Please specify update channel" unless @ARGV == 1; -my $channel = $ARGV[0]; +exit_error "Please specify the mar channel id" unless @ARGV == 1; +my $mar_channel_id = $ARGV[0];
extract_martools; -convert_files $channel; +convert_files $mar_channel_id; remove_incremental_mars;
===================================== tools/marsigning_check.sh ===================================== @@ -35,7 +35,7 @@ # 2) Let LD_LIBRARY_PATH point to the mar-tools directory # 3) Let NSS_DB_DIR point to the directory containing the database with the # signing certificate to check against. -# 4) Let CHANNEL be the expected update channel +# 4) Let MAR_CHANNEL_ID be the expected update channel (eg: torbrowser-torproject-alpha) # # To create the database to use for signature checking import the # release*.der certificate of your choice found in @@ -45,9 +45,9 @@ # certutil -d nssdb -N --empty-password # certutil -A -n "marsigner" -t,, -d nssdb -i /path/to/.der # -# 4) Change into the directory containing the MAR files and the +# 5) Change into the directory containing the MAR files and the # sha256sums-unsigned-build.txt/sha256sums-unsigned-build.incrementals.txt. -# 5) Run /path/to/marsigning_check.sh +# 6) Run /path/to/marsigning_check.sh
if [ -z "$SIGNMAR" ] then @@ -67,9 +67,9 @@ then exit 1 fi
-if [ -z "$CHANNEL" ] +if [ -z "$MAR_CHANNEL_ID" ] then - echo "The update channel is missing! ([nightly|alpha|release])" + echo "The update channel is missing! (torbrowser-torproject-[nightly|alpha|release])" exit 1 fi
@@ -106,7 +106,7 @@ for f in *.mar; do fi
# Test 1.5: Is the MAR file correctly signed by the correct channel key? - if [ ! "$($SIGNMAR -T "$f" | grep "MAR channel name")" = " - MAR channel name: torbrowser-torproject-${CHANNEL}" ]; then + if [ ! "$($SIGNMAR -T "$f" | grep "MAR channel name")" = " - MAR channel name: ${MAR_CHANNEL_ID}" ]; then echo "$f contains wrong update channel!" fi
===================================== tools/update-responses/update_responses ===================================== @@ -264,7 +264,7 @@ sub create_incremental_mar { } } local $ENV{MOZ_PRODUCT_VERSION} = $new_version; - local $ENV{MAR_CHANNEL_ID} = "torbrowser-torproject-$channel"; + local $ENV{MAR_CHANNEL_ID} = get_config($config, $new_version, $os, 'mar_channel_id'); local $ENV{TMPDIR} = $tmpdir; my ($out, $err, $success) = capture_exec('make_incremental_update.sh', $mar_file_path, "$tmpdir/A", "$tmpdir/B");
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d2...
tbb-commits@lists.torproject.org