commit c9fc6212512761126edb874aee7e2ff0fecbd4f1 Author: Yawning Angel yawning@schwanenlied.me Date: Wed Apr 19 20:40:39 2017 +0000
Add back the old release MAR signing key.
You are in a maze of twisty public keys, all alike. When I pulled in the new MAR signing key (b32fb3a83a4fcc60cf05c0c41a7b7b67ada704cd not actually used yet), I should have preserved all existing keys, because they're all used for various things.
In this case, the key that got obliterated is the one currently being used to sign MARs for the `release` channel. --- ChangeLog | 1 + data/installer/release_primary_6.5.der | Bin 0 -> 1229 bytes src/cmd/sandboxed-tor-browser/internal/installer/mar.go | 11 +++++------ 3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 09740c4..a0f16bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,5 @@ Changes in version 0.0.6 - UNRELEASED: + * Add back the old release MAR signing key.
Changes in version 0.0.5 - 2017-04-13: * Bug 21764: Use bubblewrap's `--die-with-parent` when supported. diff --git a/data/installer/release_primary_6.5.der b/data/installer/release_primary_6.5.der new file mode 100644 index 0000000..542fb24 Binary files /dev/null and b/data/installer/release_primary_6.5.der differ diff --git a/src/cmd/sandboxed-tor-browser/internal/installer/mar.go b/src/cmd/sandboxed-tor-browser/internal/installer/mar.go index 3f9c610..60d114d 100644 --- a/src/cmd/sandboxed-tor-browser/internal/installer/mar.go +++ b/src/cmd/sandboxed-tor-browser/internal/installer/mar.go @@ -28,11 +28,6 @@ import ( "cmd/sandboxed-tor-browser/internal/data" )
-const ( - tbbMARReleasePrimaryAsset = "installer/release_primary.der" - tbbMARReleaseSecondaryAsset = "installer/release_secondary.der" -) - var tbbMARCerts []*x509.Certificate
// VerifyTorBrowserMAR validates the MAR signature against the TBB MAR signing @@ -139,7 +134,11 @@ func VerifyTorBrowserMAR(mar []byte) error { }
func init() { - assets := []string{tbbMARReleasePrimaryAsset, tbbMARReleaseSecondaryAsset} + assets := []string{ + "installer/release_primary_6.5.der", // Stable MAR signing key. + "installer/release_primary.der", // (Unused) MAR signing key. + "installer/release_secondary.der", // Alpha MAR signing key (7.0). + }
for _, asset := range assets { if der, err := data.Asset(asset); err != nil {