richard pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits: de4e1feb by Nicolas Vigier at 2024-01-18T09:50:25+01:00 Bug 41037: Set time on signing machine before starting signing
After a reboot, the time on our signing machine is incorrect. To avoid signing a release with incorrect timestamps, we set the time on the signing machine at the beginning of the signing process.
- - - - -
3 changed files:
- tools/signing/do-all-signing - tools/signing/machines-setup/setup-signing-machine - + tools/signing/machines-setup/sudoers.d/set-date
Changes:
===================================== tools/signing/do-all-signing ===================================== @@ -29,6 +29,11 @@ test -f "$steps_dir/linux-signer-gpg-sign.done" || read -sp "Enter gpg passphrase: " GPG_PASS echo
+function set-time-on-signing-machine { + local current_time=$(date -u) + ssh "$ssh_host_linux_signer" sudo /usr/bin/date -s "'$current_time'" +} + function wait-for-finished-build { "$script_dir/wait-for-finished-build" } @@ -171,6 +176,7 @@ function do_step {
export SIGNING_PROJECTNAME
+do_step set-time-on-signing-machine do_step wait-for-finished-build do_step sync-builder-unsigned-to-local-signed do_step sync-scripts-to-linux-signer
===================================== tools/signing/machines-setup/setup-signing-machine ===================================== @@ -91,6 +91,7 @@ sudoers_file sign-mar sudoers_file sign-exe sudoers_file sign-apk sudoers_file sign-rcodesign +sudoers_file set-date
authorized_keys boklm boklm-tb-release.pub boklm-yk1.pub create_user richard signing
===================================== tools/signing/machines-setup/sudoers.d/set-date ===================================== @@ -0,0 +1 @@ +%signing ALL = NOPASSWD: /usr/bin/date -s *
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/de...