morgan pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
-
4c29020e
by Nicolas Vigier at 2025-03-10T13:44:39+01:00
-
810e8e20
by Nicolas Vigier at 2025-03-10T13:44:39+01:00
12 changed files:
- .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md
- .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
- tools/signing/dmg2mar
- tools/signing/functions
- tools/signing/linux-signer-authenticode-signing
- tools/signing/linux-signer-gpg-sign
- tools/signing/linux-signer-rcodesign-sign
- tools/signing/linux-signer-sign-android-apks
- tools/signing/linux-signer-signmars
- tools/signing/set-config
- − tools/signing/set-config.tbb-version
- tools/signing/upload-update_responses-to-staticiforme
Changes:
| ... | ... | @@ -137,7 +137,7 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch |
| 137 | 137 | - pierov
|
| 138 | 138 | - [ ] Ensure all builders have matching builds
|
| 139 | 139 | - [ ] On `${STAGING_SERVER}`, ensure updated:
|
| 140 | - - **NOTE** Having a local git branch with `main` as the upstream branch with these values saved means you only need to periodically `git pull --rebase` and update the `set-config.tbb-version` file
|
|
| 140 | + - **NOTE** Having a local git branch with `main` as the upstream branch with these values saved means you only need to periodically `git pull --rebase`
|
|
| 141 | 141 | - [ ] `tor-browser-build` is on the right commit: `git tag -v mb-${MULLVAD_BROWSER_VERSION}-${MULLVAD_BROWSER_BUILD_N} && git checkout mb-${MULLVAD_BROWSER_VERSION}-${MULLVAD_BROWSER_BUILD_N}`
|
| 142 | 142 | - [ ] `tor-browser-build/tools/signing/set-config.hosts`
|
| 143 | 143 | - `ssh_host_builder`: ssh hostname of machine with unsigned builds
|
| ... | ... | @@ -147,10 +147,6 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch |
| 147 | 147 | - `appstoreconnect_api_key_path`: path to json file containing appstoreconnect api key infos
|
| 148 | 148 | - [ ] `set-config.update-responses`
|
| 149 | 149 | - `update_responses_repository_dir`: directory where you cloned `git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git`
|
| 150 | - - [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
|
|
| 151 | - - `tbb_version`: mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
|
|
| 152 | - - `tbb_version_build`: the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
|
|
| 153 | - - `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases
|
|
| 154 | 150 | - [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
|
| 155 | 151 | - [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script:
|
| 156 | 152 | - Run:
|
| ... | ... | @@ -192,7 +192,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch |
| 192 | 192 | - pierov
|
| 193 | 193 | - [ ] Ensure all builders have matching builds
|
| 194 | 194 | - [ ] On `${STAGING_SERVER}`, ensure updated:
|
| 195 | - - **NOTE** Having a local git branch with `main` as the upstream branch with these values saved means you only need to periodically `git pull --rebase` and update the `set-config.tbb-version` file
|
|
| 195 | + - **NOTE** Having a local git branch with `main` as the upstream branch with these values saved means you only need to periodically `git pull --rebase`
|
|
| 196 | 196 | - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N} && git checkout tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N}`
|
| 197 | 197 | - [ ] `tor-browser-build/tools/signing/set-config.hosts`
|
| 198 | 198 | - `ssh_host_builder`: ssh hostname of machine with unsigned builds
|
| ... | ... | @@ -202,10 +202,6 @@ Tor Browser Alpha (and Nightly) are on the `main` branch |
| 202 | 202 | - `appstoreconnect_api_key_path`: path to json file containing appstoreconnect api key infos
|
| 203 | 203 | - [ ] `set-config.update-responses`
|
| 204 | 204 | - `update_responses_repository_dir`: directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git`
|
| 205 | - - [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
|
|
| 206 | - - `tbb_version`: tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
|
|
| 207 | - - `tbb_version_build`: the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
|
|
| 208 | - - `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases
|
|
| 209 | 205 | - [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
|
| 210 | 206 | - [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script:
|
| 211 | 207 | - Run:
|
| ... | ... | @@ -13,10 +13,6 @@ cd "$script_dir/../.." |
| 13 | 13 | |
| 14 | 14 | # some initial checks to make sure directories and file counts are as expected...
|
| 15 | 15 | |
| 16 | -version=$(./rbm/rbm showconf browser --target alpha --target $SIGNING_PROJECTNAME-linux-x86_64 var/torbrowser_version)
|
|
| 17 | -test "$version" = "$tbb_version" || \
|
|
| 18 | - exit_error "Incorrect tor browser version: $version != $tbb_version"
|
|
| 19 | - |
|
| 20 | 16 | test -d "$signed_version_dir" || \
|
| 21 | 17 | exit_error "$signed_version_dir does not exist"
|
| 22 | 18 |
| ... | ... | @@ -13,12 +13,6 @@ function var_is_defined { |
| 13 | 13 | done
|
| 14 | 14 | }
|
| 15 | 15 | |
| 16 | -function check_torbrowser_version_var {
|
|
| 17 | - local tbver=$("$script_dir/../../rbm/rbm" showconf browser --target "$SIGNING_PROJECTNAME" var/torbrowser_version)
|
|
| 18 | - test "$tbver" != "$tbb_version" && exit_error "Wrong tbb_version: $tbver != $tbb_version"
|
|
| 19 | - return 0
|
|
| 20 | -}
|
|
| 21 | - |
|
| 22 | 16 | function check_update_responses_repository_dir {
|
| 23 | 17 | if test -z "$update_responses_repository_dir" || ! test -d "$update_responses_repository_dir"
|
| 24 | 18 | then
|
| ... | ... | @@ -36,44 +30,43 @@ function is_project { |
| 36 | 30 | }
|
| 37 | 31 | |
| 38 | 32 | function generate_config {
|
| 39 | - p1=$("$rbm" showconf browser var/project-name --target "$SIGNING_PROJECTNAME")
|
|
| 40 | - p2=$("$rbm" showconf browser var/Project_Name --target "$SIGNING_PROJECTNAME")
|
|
| 41 | - p3=$("$rbm" showconf browser var/ProjectName --target "$SIGNING_PROJECTNAME")
|
|
| 42 | - p4=$("$rbm" showconf browser var/display_name --target "$SIGNING_PROJECTNAME" --target "$tbb_version_type")
|
|
| 43 | - echo 'rbm_not_available=1' > "$script_dir/set-config.generated-config"
|
|
| 44 | - echo "SIGNING_PROJECTNAMES=(\"$p1\" \"$p2\" \"$p3\" \"$p4\")" >> "$script_dir/set-config.generated-config"
|
|
| 33 | + local p1=$("$rbm" showconf browser var/project-name --target \
|
|
| 34 | + "$SIGNING_PROJECTNAME")
|
|
| 35 | + local p2=$("$rbm" showconf browser var/Project_Name --target \
|
|
| 36 | + "$SIGNING_PROJECTNAME")
|
|
| 37 | + local p3=$("$rbm" showconf browser var/ProjectName --target \
|
|
| 38 | + "$SIGNING_PROJECTNAME")
|
|
| 39 | + p4=$("$rbm" showconf browser var/display_name --target \
|
|
| 40 | + "$SIGNING_PROJECTNAME" --target "$tbb_version_type")
|
|
| 41 | + echo "SIGNING_PROJECTNAMES=(\"$p1\" \"$p2\" \"$p3\" \"$p4\")" > \
|
|
| 42 | + "$script_dir/set-config.generated-config"
|
|
| 43 | + local tbb_version_type=$("$rbm" showconf browser \ var/browser_default_channel \
|
|
| 44 | + --target "$SIGNING_PROJECTNAME")
|
|
| 45 | + local tbb_version=$("$rbm" showconf browser var/torbrowser_version \
|
|
| 46 | + --target "$SIGNING_PROJECTNAME" --target \
|
|
| 47 | + "$tbb_version_type")
|
|
| 48 | + local tbb_version_build=$("$rbm" showconf browser var/torbrowser_build \
|
|
| 49 | + --target "$SIGNING_PROJECTNAME" --target \
|
|
| 50 | + "$tbb_version_type")
|
|
| 51 | + for v in tbb_version_type tbb_version tbb_version_build; do
|
|
| 52 | + echo "$v=$(shell-quote "${!v}")" >> "$script_dir/set-config.generated-config"
|
|
| 53 | + done
|
|
| 45 | 54 | }
|
| 46 | 55 | |
| 47 | 56 | function project-name {
|
| 48 | - if test -n "${rbm_not_available+x}"; then
|
|
| 49 | - echo "${SIGNING_PROJECTNAMES[0]}"
|
|
| 50 | - else
|
|
| 51 | - "$rbm" showconf browser var/project-name --target "$SIGNING_PROJECTNAME"
|
|
| 52 | - fi
|
|
| 57 | + echo "${SIGNING_PROJECTNAMES[0]}"
|
|
| 53 | 58 | }
|
| 54 | 59 | |
| 55 | 60 | function Project_Name {
|
| 56 | - if test -n "${rbm_not_available+x}"; then
|
|
| 57 | - echo "${SIGNING_PROJECTNAMES[1]}"
|
|
| 58 | - else
|
|
| 59 | - "$rbm" showconf browser var/Project_Name --target "$SIGNING_PROJECTNAME"
|
|
| 60 | - fi
|
|
| 61 | + echo "${SIGNING_PROJECTNAMES[1]}"
|
|
| 61 | 62 | }
|
| 62 | 63 | |
| 63 | 64 | function ProjectName {
|
| 64 | - if test -n "${rbm_not_available+x}"; then
|
|
| 65 | - echo "${SIGNING_PROJECTNAMES[2]}"
|
|
| 66 | - else
|
|
| 67 | - "$rbm" showconf browser var/ProjectName --target "$SIGNING_PROJECTNAME"
|
|
| 68 | - fi
|
|
| 65 | + echo "${SIGNING_PROJECTNAMES[2]}"
|
|
| 69 | 66 | }
|
| 70 | 67 | |
| 71 | 68 | function display_name {
|
| 72 | - if test -n "${rbm_not_available+x}"; then
|
|
| 73 | - echo "${SIGNING_PROJECTNAMES[3]}"
|
|
| 74 | - else
|
|
| 75 | - "$rbm" showconf browser var/display_name --target "$SIGNING_PROJECTNAME" --target "$tbb_version_type"
|
|
| 76 | - fi
|
|
| 69 | + echo "${SIGNING_PROJECTNAMES[3]}"
|
|
| 77 | 70 | }
|
| 78 | 71 | |
| 79 | 72 |
| 1 | 1 | #!/bin/bash
|
| 2 | 2 | set -e
|
| 3 | 3 | |
| 4 | +no_generate_config=1
|
|
| 4 | 5 | script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
| 5 | 6 | source "$script_dir/functions"
|
| 6 | 7 |
| 1 | 1 | #!/bin/bash
|
| 2 | 2 | set -e
|
| 3 | 3 | |
| 4 | +no_generate_config=1
|
|
| 4 | 5 | script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
| 5 | 6 | source "$script_dir/functions"
|
| 6 | 7 |
| 1 | 1 | #!/bin/bash
|
| 2 | 2 | |
| 3 | 3 | set -e
|
| 4 | +no_generate_config=1
|
|
| 4 | 5 | script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
| 5 | 6 | source "$script_dir/functions"
|
| 6 | -source "$script_dir/set-config.generated-config"
|
|
| 7 | 7 | # tbb_version_type is used in wrappers/sign-rcodesign, so we export it
|
| 8 | 8 | export tbb_version_type
|
| 9 | 9 |
| 1 | 1 | #!/bin/bash
|
| 2 | 2 | |
| 3 | 3 | set -e
|
| 4 | +no_generate_config=1
|
|
| 4 | 5 | script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
| 5 | 6 | source "$script_dir/functions"
|
| 6 | -source "$script_dir/set-config.generated-config"
|
|
| 7 | 7 | |
| 8 | 8 | topdir="$script_dir/../.."
|
| 9 | 9 | ARCHS="armv7 aarch64 x86 x86_64"
|
| ... | ... | @@ -3,6 +3,7 @@ |
| 3 | 3 | set -e
|
| 4 | 4 | set -u
|
| 5 | 5 | |
| 6 | +no_generate_config=1
|
|
| 6 | 7 | script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
| 7 | 8 | source "$script_dir/functions"
|
| 8 | 9 |
| ... | ... | @@ -20,9 +20,11 @@ test "$SIGNING_PROJECTNAME" = 'torbrowser' \ |
| 20 | 20 | |
| 21 | 21 | export SIGNING_PROJECTNAME
|
| 22 | 22 | |
| 23 | -test -z "${rbm_not_available+x}" && rbm="$script_dir/../../rbm/rbm"
|
|
| 23 | +rbm="$script_dir/../../rbm/rbm"
|
|
| 24 | 24 | |
| 25 | -. "$script_dir/set-config.tbb-version"
|
|
| 25 | +test -z "$no_generate_config" && generate_config
|
|
| 26 | +. "$script_dir/set-config.generated-config"
|
|
| 27 | +export no_generate_config=1
|
|
| 26 | 28 | |
| 27 | 29 | test "$tbb_version_type" = 'release' \
|
| 28 | 30 | || test "$tbb_version_type" = 'alpha' \
|
| 1 | -# The following 3 lines should be uncommented and updated:
|
|
| 2 | - |
|
| 3 | -#tbb_version=11.5a4
|
|
| 4 | -#tbb_version_build=1
|
|
| 5 | -#tbb_version_type=alpha
|
|
| 6 | - |
|
| 7 | -var_is_defined tbb_version tbb_version_build tbb_version_type |
| ... | ... | @@ -4,8 +4,6 @@ script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) |
| 4 | 4 | source "$script_dir/functions"
|
| 5 | 5 | source "$script_dir/set-config.update-responses"
|
| 6 | 6 | |
| 7 | -check_torbrowser_version_var
|
|
| 8 | - |
|
| 9 | 7 | update_responses_tar_filename="update-responses-$tbb_version_type-$tbb_version.tar"
|
| 10 | 8 | update_responses_tar="$script_dir/../../$SIGNING_PROJECTNAME/$tbb_version_type/update-responses/$update_responses_tar_filename"
|
| 11 | 9 | test -f "$update_responses_tar" && \
|