morgan pushed to branch main at The Tor Project / Applications / tor-browser-build

Commits:

7 changed files:

Changes:

  • .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md
    ... ... @@ -9,7 +9,7 @@
    9 9 
     - `${BUILD_SERVER}`: the server the main builder is using to build a browser release
    10 10 
     - `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER}
    11 11 
       - **example**: `pierov`
    12 
    -- `${STAGING_SERVER}`: the server the signer is using to to run the signing process
    12 
    +- `${STAGING_SERVER}`: the server the signer is using to run the signing process
    13 13 
     - `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc
    14 14 
       - **example**: `91.6.0`
    15 15 
     - `${MULLVAD_BROWSER_MAJOR}`: the Mullvad Browser major version

  • .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md
    ... ... @@ -9,7 +9,7 @@
    9 9 
     - `${BUILD_SERVER}`: the server the main builder is using to build a browser release
    10 10 
     - `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER}
    11 11 
       - **example**: `pierov`
    12 
    -- `${STAGING_SERVER}`: the server the signer is using to to run the signing process
    12 
    +- `${STAGING_SERVER}`: the server the signer is using to run the signing process
    13 13 
     - `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc
    14 14 
       - **example**: `91.6.0`
    15 15 
     - `${MULLVAD_BROWSER_MAJOR}`: the Mullvad Browser major version

  • .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
    ... ... @@ -9,7 +9,7 @@
    9 9 
     - `${BUILD_SERVER}`: the server the main builder is using to build a browser release
    10 10 
     - `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER}
    11 11 
       - **example**: `pierov`
    12 
    -- `${STAGING_SERVER}`: the server the signer is using to to run the signing process
    12 
    +- `${STAGING_SERVER}`: the server the signer is using to run the signing process
    13 13 
     - `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc
    14 14 
       - **example**: `91.6.0`
    15 15 
     - `${TOR_BROWSER_MAJOR}`: the Tor Browser major version

  • .gitlab/issue_templates/Release Prep - Tor Browser Legacy.md
    ... ... @@ -8,7 +8,7 @@
    8 8 
     - `${BUILD_SERVER}`: the server the main builder is using to build a browser release
    9 9 
     - `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER}
    10 10 
       - **example**: `pierov`
    11 
    -- `${STAGING_SERVER}`: the server the signer is using to to run the signing process
    11 
    +- `${STAGING_SERVER}`: the server the signer is using to run the signing process
    12 12 
     - `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc
    13 13 
       - **example**: `91.6.0`
    14 14 
     - `${TOR_BROWSER_MAJOR}`: the Tor Browser major version

  • .gitlab/issue_templates/Release Prep - Tor Browser Stable.md
    ... ... @@ -9,7 +9,7 @@
    9 9 
     - `${BUILD_SERVER}`: the server the main builder is using to build a browser release
    10 10 
     - `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER}
    11 11 
       - **example**: `pierov`
    12 
    -- `${STAGING_SERVER}`: the server the signer is using to to run the signing process
    12 
    +- `${STAGING_SERVER}`: the server the signer is using to run the signing process
    13 13 
     - `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc
    14 14 
       - **example**: `91.6.0`
    15 15 
     - `${TOR_BROWSER_MAJOR}`: the Tor Browser major version

  • .gitlab/issue_templates/Release Prep - Tor VPN.md
    1 
    +# Release Prep Tor VPN
    2 
    +
    3 
    +- **NOTE** It is assumed the `vpn` release has been tagged in the `vpn.git` repository
    4 
    +
    5 
    +<details>
    6 
    +  <summary>Explanation of variables</summary>
    7 
    +
    8 
    +- `${STAGING_SERVER}`: the server the signer is using to run the signing process
    9 
    +- `${TOR_VPN_VERSION}`: the Tor VPN version
    10 
    +  - **example**: `1.3.0Beta`
    11 
    +- `${TOR_VPN_BUILD_N}`: the torvpn build revision for a given Tor VPN release; used in tagging git commits
    12 
    +  - **example**: `build1`
    13 
    +
    14 
    +</details>
    15 
    +
    16 
    +<details>
    17 
    +  <summary>Build Configuration</summary>
    18 
    +
    19 
    +### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
    20 
    +Tor VPN is on the `main` branch
    21 
    +
    22 
    +- [ ] Create a release preparation branch from the current `main` branch
    23 
    +- Edit `rbm.conf`, updating the following:
    24 
    +  - [ ] `targets/torvpn/var/torbrowser_version`: updated to next torvpn version (`${TOR_VPN_VERSION}`)
    25 
    +  - [ ] `targets/torvpn/var/torbrowser_build`: updated to `${TOR_VPN_BUILD_N}` (usually `build1`)
    26 
    +  - [ ] `targets/torvpn/var/browser_release_date`: updated to build date. For the build to be reproducible, the date should be in the past when building.
    27 
    +- [ ] Open MR with above changes.
    28 
    +  - **NOTE**: target the `main` branch
    29 
    +- [ ] Merge
    30 
    +
    31 
    +</details>
    32 
    +
    33 
    +<details>
    34 
    +  <summary>Signing</summary>
    35 
    +
    36 
    +### release signing
    37 
    +- [ ] Assign this issue to the signer, one of:
    38 
    +  - boklm
    39 
    +  - ma1
    40 
    +  - morgan
    41 
    +  - pierov
    42 
    +- [ ] Ensure all builders have matching builds
    43 
    +- Place the Tor VPN release to be signed in directory `torvpn/alpha/signed/${TOR_VPN_VERSION}`:
    44 
    +  - [ ] `mkdir torvpn/alpha/signed/${TOR_VPN_VERSION} && cd torvpn/alpha/signed/${TOR_VPN_VERSION}`
    45 
    +  - [ ] `wget https://${URL_PATH}/app-release.aab` (replacing `${URL_PATH}` with the location where the unsigned build has been published)
    46 
    +  - [ ] `mv app-release.aab tor-vpn-${TOR_VPN_VERSION}.aab`
    47 
    +  - [ ] `wget https://${URL_PATH}/app-release-unsigned.apk` (replacing `${URL_PATH}` with the location where the unsigned build has been published)
    48 
    +  - [ ] `mv app-release-unsigned.apk tor-vpn-qa-unsigned-android-multiarch-${TOR_VPN_VERSION}.apk`
    49 
    +  - [ ] `sha256sum tor-vpn-* > sha256sums-unsigned-build.txt`
    50 
    +  - [ ] Compare checksums from `sha256sums-unsigned-build.txt` with expected checksums
    51 
    +- [ ] On `${STAGING_SERVER}`, ensure updated:
    52 
    +  - [ ] `tor-browser-build` is on the right commit
    53 
    +  - [ ] `tor-browser-build/tools/signing/set-config.hosts`
    54 
    +    - `ssh_host_linux_signer`: ssh hostname of linux signing machine
    55 
    +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script:
    56 
    +  - Run:
    57 
    +    ```bash
    58 
    +    cd tor-browser-build/tools/signing/ && ./do-all-signing.torvpn
    59 
    +    ```
    60 
    +  - **NOTE**: on successful execution, the signed binaries should have been copied to `staticiforme`.
    61 
    +
    62 
    +</details>
    63 
    +
    64 
    +<details>
    65 
    +  <summary>Publishing</summary>
    66 
    +
    67 
    +### dist.torproject.org
    68 
    +- [ ] On `staticiforme.torproject.org`, static update components:
    69 
    +  - Run:
    70 
    +    ```bash
    71 
    +    static-update-component dist.torproject.org
    72 
    +    ```
    73 
    +- [ ] On `staticiforme.torproject.org`, remove old release:
    74 
    +  - **NOTE**: Skip this step if we need to hold on to older versions for some reason.
    75 
    +  - [ ] `/srv/dist-master.torproject.org/htdocs/torvpn`
    76 
    +  - Run:
    77 
    +    ```bash
    78 
    +    static-update-component dist.torproject.org
    79 
    +    ```
    80 
    +
    81 
    +### Google Play: https://play.google.com/apps/publish
    82 
    +- [ ] Publish AAB to Google Play:
    83 
    +  - Select `Tor VPN` app
    84 
    +  - Navigate to `Test and release > Internal testing` and click `Create new release` button:
    85 
    +    - Upload the `tor-vpn-$version.aab` file
    86 
    +    - Update Release Notes using the changenotes from donuts from the release issue
    87 
    +  - Publish
    88 
    +  - Promote to closed and open testing
    89 
    +
    90 
    +</details>
    91 
    +
    92 
    +/label ~"Apps::Type::ReleasePreparation"
    93 
    +/label ~"Apps::Impact::High"
    94 
    +/label ~"Priority::Blocker"
    95 
    +/label ~"Apps::Product::TorVPN"

  • tools/signing/do-all-signing
    ... ... @@ -246,8 +246,10 @@ function do_step {
    246 246 
     export SIGNING_PROJECTNAME
    247 247
    248 248 
     do_step set-time-on-signing-machine
    249 
    -do_step wait-for-finished-build
    250 
    -do_step sync-builder-unsigned-to-local-signed
    249 
    +[ "$SIGNING_PROJECTNAME" != 'torvpn' ] && \
    250 
    +  do_step wait-for-finished-build
    251 
    +[ "$SIGNING_PROJECTNAME" != 'torvpn' ] && \
    252 
    +  do_step sync-builder-unsigned-to-local-signed
    251 253 
     do_step clean-build-artifacts
    252 254 
     [ -n "$platform_macos" ] && \
    253 255 
       do_step extract-dmg


    • View it on GitLab.
    You're receiving this email because of your account on gitlab.torproject.org. Manage all notifications · Help Notification message regarding https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/e5671826e6f77d25fc5d67e4bbce2837c4ccc4e1...af17097be25c24d405ea0d8db03f98c9d4ab7e43 at 1763406217