richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build
Commits: c12f1511 by Nicolas Vigier at 2024-01-18T10:33:05+00:00 Bug 41037: Set time on signing machine before starting signing
After a reboot, the time on our signing machine is incorrect. To avoid signing a release with incorrect timestamps, we set the time on the signing machine at the beginning of the signing process.
(cherry picked from commit de4e1feba72e8357c9f40ec3c555aa0dce5e0df2) - - - - -
3 changed files:
- tools/signing/do-all-signing - tools/signing/machines-setup/setup-signing-machine - + tools/signing/machines-setup/sudoers.d/set-date
Changes:
===================================== tools/signing/do-all-signing ===================================== @@ -29,6 +29,11 @@ test -f "$steps_dir/linux-signer-gpg-sign.done" || read -sp "Enter gpg passphrase: " GPG_PASS echo
+function set-time-on-signing-machine { + local current_time=$(date -u) + ssh "$ssh_host_linux_signer" sudo /usr/bin/date -s "'$current_time'" +} + function wait-for-finished-build { "$script_dir/wait-for-finished-build" } @@ -171,6 +176,7 @@ function do_step {
export SIGNING_PROJECTNAME
+do_step set-time-on-signing-machine do_step wait-for-finished-build do_step sync-builder-unsigned-to-local-signed do_step sync-scripts-to-linux-signer
===================================== tools/signing/machines-setup/setup-signing-machine ===================================== @@ -91,6 +91,7 @@ sudoers_file sign-mar sudoers_file sign-exe sudoers_file sign-apk sudoers_file sign-rcodesign +sudoers_file set-date
authorized_keys boklm boklm-tb-release.pub boklm-yk1.pub create_user richard signing
===================================== tools/signing/machines-setup/sudoers.d/set-date ===================================== @@ -0,0 +1 @@ +%signing ALL = NOPASSWD: /usr/bin/date -s *
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/c1...