boklm pushed to branch main at The Tor Project / Applications / tor-browser-build

Commits:

6 changed files:

Changes:

  • .gitlab/issue_templates/Release Prep - Alpha.md
    ... ... @@ -219,6 +219,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
    219 219
         - `ssh_host_macos_signer` : ssh hostname of macOS signing machine
    
    220 220
       - [ ] `tor-browser-build/tools/signing/set-config.macos-notarization`
    
    221 221
         - `macos_notarization_user` : the email login for a tor notariser Apple Developer account
    
    222
    +  - [ ] `set-config.update-responses`
    
    223
    +    - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git`
    
    222 224
       - [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
    
    223 225
         - `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
    
    224 226
         - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
    
    ... ... @@ -239,7 +241,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
    239 241
         - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
    
    240 242
         - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
    
    241 243
       - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
    
    242
    -  - [ ] Enable update responses : `./deploy_update_responses-alpha.sh`
    
    244
    +  - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-alpha.sh`
    
    243 245
     - [ ] Publish APKs to Google Play:
    
    244 246
       - Log into https://play.google.com/apps/publish
    
    245 247
       - Select `Tor Browser (Alpha)` app
    

  • .gitlab/issue_templates/Release Prep - Stable.md
    ... ... @@ -229,6 +229,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
    229 229
         - `ssh_host_macos_signer` : ssh hostname of macOS signing machine
    
    230 230
       - [ ] `tor-browser-build/tools/signing/set-config.macos-notarization`
    
    231 231
         - `macos_notarization_user` : the email login for a tor notariser Apple Developer account
    
    232
    +  - [ ] `set-config.update-responses`
    
    233
    +    - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git`
    
    232 234
       - [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
    
    233 235
         - `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
    
    234 236
         - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
    
    ... ... @@ -249,7 +251,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
    249 251
         - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
    
    250 252
         - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
    
    251 253
       - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
    
    252
    -  - [ ] Enable update responses : `./deploy_update_responses-alpha.sh`
    
    254
    +  - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-release.sh`
    
    253 255
     - [ ] Publish APKs to Google Play:
    
    254 256
       - Log into https://play.google.com/apps/publish
    
    255 257
       - Select `Tor Browser` app
    

  • tools/signing/do-all-signing
    ... ... @@ -2,6 +2,7 @@
    2 2
     set -e
    
    3 3
     script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
    
    4 4
     source "$script_dir/functions"
    
    5
    +source "$script_dir/set-config.update-responses"
    
    5 6
     
    
    6 7
     NON_INTERACTIVE=1
    
    7 8
     steps_dir="$signed_version_dir.steps"
    

  • tools/signing/functions
    ... ... @@ -19,4 +19,16 @@ function check_torbrowser_version_var {
    19 19
       return 0
    
    20 20
     }
    
    21 21
     
    
    22
    +function check_update_responses_repository_dir {
    
    23
    +  if test -z "$update_responses_repository_dir" || ! test -d "$update_responses_repository_dir"
    
    24
    +  then
    
    25
    +    cat << 'EOF' > /dev/stderr
    
    26
    +$aus1_repository_dir is not defined, or the directory does not exist
    
    27
    +You should clone git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git
    
    28
    +and set $update_responses_repository_dir in set-config.update-responses
    
    29
    +EOF
    
    30
    +    exit 1
    
    31
    +  fi
    
    32
    +}
    
    33
    +
    
    22 34
     . "$script_dir/set-config"

  • tools/signing/set-config.update-responses
    1
    +# You should clone git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git
    
    2
    +# and uncomment the line setting update_responses_repository_dir.
    
    3
    +# Don't forget to set user.email and user.name in your git config
    
    4
    +
    
    5
    +#update_responses_repository_dir=/path/to/tor-browser-update-responses.git
    
    6
    +
    
    7
    +check_update_responses_repository_dir

  • tools/signing/upload-update_responses-to-staticiforme
    ... ... @@ -2,6 +2,7 @@
    2 2
     set -e
    
    3 3
     script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
    
    4 4
     source "$script_dir/functions"
    
    5
    +source "$script_dir/set-config.update-responses"
    
    5 6
     
    
    6 7
     check_torbrowser_version_var
    
    7 8
     
    
    ... ... @@ -17,33 +18,40 @@ else
    17 18
       popd > /dev/null
    
    18 19
     fi
    
    19 20
     
    
    20
    -update_dir=/srv/aus1-master.torproject.org/htdocs/torbrowser/update_3
    
    21
    +cd $update_responses_repository_dir
    
    22
    +git checkout main
    
    23
    +git pull --ff-only
    
    24
    +test -n "$(git status --porcelain=v1 | grep -v '^?')" \
    
    25
    +  && exit_error 'update_responses_repository_dir has modified files'
    
    26
    +cd update_3
    
    27
    +rm -Rf "$tbb_version_type"
    
    28
    +tar -xf "$update_responses_tar"
    
    29
    +git add "$tbb_version_type"
    
    30
    +git commit -m "$tbb_version_type: new version, $tbb_version"
    
    31
    +update_responses_commit=$(git log -1 --format=%H)
    
    32
    +
    
    33
    +update_dir=/srv/aus1-master.torproject.org/htdocs/torbrowser
    
    21 34
     deploy_script=$(mktemp)
    
    22 35
     trap "rm -Rf $deploy_script" EXIT
    
    23 36
     cat << EOF > "$deploy_script"
    
    24 37
     #!/bin/bash
    
    25 38
     set -e
    
    26 39
     
    
    27
    -tmpdir="\$(mktemp -d)"
    
    40
    +echo "Deploying version $tbb_version"
    
    41
    +echo "update_responses_commit: $update_responses_commit"
    
    28 42
     
    
    29
    -trap "rm -Rf \$tmpdir" EXIT
    
    30
    -
    
    31
    -rm -Rf "$update_dir/$tbb_version_type.old"
    
    32
    -test -d "$update_dir/$tbb_version_type" && \\
    
    33
    -  mv -v "$update_dir/$tbb_version_type" "$update_dir/$tbb_version_type.old"
    
    34
    -
    
    35
    -tar -C "\$tmpdir" -xf ~/$update_responses_tar_filename
    
    36
    -chmod 775 "\$tmpdir"/$tbb_version_type
    
    37
    -chmod 664 "\$tmpdir"/$tbb_version_type/* "\$tmpdir"/$tbb_version_type/.htaccess
    
    38
    -chgrp -R torwww "\$tmpdir"/$tbb_version_type
    
    39
    -mv -v "\$tmpdir"/$tbb_version_type "$update_dir/$tbb_version_type"
    
    43
    +cd "$update_dir"
    
    44
    +git fetch
    
    45
    +git checkout "$update_responses_commit"
    
    40 46
     
    
    41 47
     static-update-component aus1.torproject.org
    
    42 48
     EOF
    
    43 49
     
    
    44 50
     chmod +x $deploy_script
    
    45
    -scp -p "$update_responses_tar" "$ssh_host_staticiforme:"
    
    46 51
     scp -p $deploy_script $ssh_host_staticiforme:deploy_update_responses-$tbb_version_type.sh
    
    47 52
     
    
    53
    +git push
    
    54
    +
    
    48 55
     echo 'To enable updates you can now run:'
    
    49
    -echo "  ssh $ssh_host_staticiforme ./deploy_update_responses-$tbb_version_type.sh"
    56
    +echo "  ssh $ssh_host_staticiforme"
    
    57
    +echo "  sudo -u tb-release ./deploy_update_responses-$tbb_version_type.sh"