richard pushed to branch maint-12.5 at The Tor Project / Applications / tor-browser-build

Commits:

6 changed files:

Changes:

  • .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md
    ... ... @@ -88,12 +88,16 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
    88 88
     - [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run the macOS proxy script:
    
    89 89
         - `cd tor-browser-build/tools/signing/`
    
    90 90
         - `./macos-signer-proxy`
    
    91
    -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure mullvad daemon is running with SOCKS5 proxy on the default port 9050
    
    92
    -- [ ] apk signing : copy signed `*multi.apk` files to the unsigned build outputs direcmullvady
    
    91
    +- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
    
    93 92
     - [ ] run do-all-signing script:
    
    94 93
         - `cd tor-browser-build/tools/signing/`
    
    95 94
         - `./do-all-signing.sh`
    
    96
    -- **NOTE**: at this point the signed binaries should be in `tor-browser-build/mullvadbrowser/release/signed/$(MULLVAD_BROWSER_VERSION)`
    
    95
    +- **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
    
    96
    +- [ ] Update `staticiforme.torproject.org`:
    
    97
    +  - From `screen` session on `staticiforme.torproject.org`:
    
    98
    +  - [ ] Static update components : `static-update-component dist.torproject.org`
    
    99
    +  - [ ] Remove old release data from `/srv/dist-master.torproject.org/htdocs/mullvadbrowser`
    
    100
    +  - [ ] Static update components (again) : `static-update-component dist.torproject.org`
    
    97 101
     
    
    98 102
     </details>
    
    99 103
     
    

  • .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
    ... ... @@ -185,7 +185,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
    185 185
         - **NOTE** : Skip this step if the current release is Android or Desktop *only*
    
    186 186
         - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
    
    187 187
         - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
    
    188
    -  - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component
    
    188
    +  - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
    
    189 189
     - [ ] Publish APKs to Google Play:
    
    190 190
       - Log into https://play.google.com/apps/publish
    
    191 191
       - Select `Tor Browser (Alpha)` app
    

  • .gitlab/issue_templates/Release Prep - Tor Browser Stable.md
    ... ... @@ -190,7 +190,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
    190 190
         - **NOTE** : Skip this step if the current release is Android or Desktop *only*
    
    191 191
         - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
    
    192 192
         - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
    
    193
    -- [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component
    
    193
    +- [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
    
    194 194
     - [ ] Publish APKs to Google Play:
    
    195 195
       - Log into https://play.google.com/apps/publish
    
    196 196
       - Select `Tor Browser` app
    

  • tools/signing/do-all-signing
    ... ... @@ -14,12 +14,17 @@ echo
    14 14
     test -f "$steps_dir/macos-signer-notarization.done" ||
    
    15 15
       read -sp "Enter macos notarization passphrase: " NOTARIZATION_PW
    
    16 16
     echo
    
    17
    +is_project torbrowser && nssdb=torbrowser-nssdb7
    
    18
    +is_project mullvadbrowser && nssdb=mullvadbrowser-nssdb-1
    
    17 19
     test -f "$steps_dir/linux-signer-signmars.done" ||
    
    18
    -  read -sp "Enter nssdb7 (mar signing) passphrase: " NSSPASS
    
    19
    -echo
    
    20
    -test -f "$steps_dir/linux-signer-sign-android-apks.done" ||
    
    21
    -  read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS
    
    20
    +  read -sp "Enter $nssdb (mar signing) passphrase: " NSSPASS
    
    22 21
     echo
    
    22
    +
    
    23
    +if is_project torbrowser; then
    
    24
    +  test -f "$steps_dir/linux-signer-sign-android-apks.done" ||
    
    25
    +    read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS
    
    26
    +  echo
    
    27
    +fi
    
    23 28
     test -f "$steps_dir/linux-signer-authenticode-signing.done" ||
    
    24 29
       read -sp "Enter windows authenticode passphrase: " YUBIPASS
    
    25 30
     echo
    
    ... ... @@ -227,12 +232,9 @@ do_step sync-after-hash
    227 232
     do_step linux-signer-gpg-sign
    
    228 233
     do_step sync-after-gpg-sign
    
    229 234
     do_step download-unsigned-sha256sums-gpg-signatures-from-people-tpo
    
    230
    -is_project torbrowser && \
    
    231
    -  do_step sync-local-to-staticiforme
    
    232
    -is_project torbrowser && \
    
    233
    -  do_step sync-scripts-to-staticiforme
    
    234
    -is_project torbrowser && \
    
    235
    -  do_step staticiforme-prepare-cdn-dist-upload
    
    235
    +do_step sync-local-to-staticiforme
    
    236
    +do_step sync-scripts-to-staticiforme
    
    237
    +do_step staticiforme-prepare-cdn-dist-upload
    
    236 238
     do_step upload-update_responses-to-staticiforme
    
    237 239
     do_step finished-signing-clean-macos-signer
    
    238 240
     do_step finished-signing-clean-linux-signer

  • tools/signing/staticiforme-prepare-cdn-dist-upload
    ... ... @@ -16,21 +16,29 @@ chmod 775 "$dist_dir"
    16 16
     chmod 664 "$dist_dir"/*
    
    17 17
     chmod 664 "$dist_dir/.htaccess"
    
    18 18
     
    
    19
    -cdn_dir="/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser/$tbb_version"
    
    20
    -if test -d "$cdn_dir"
    
    21
    -then
    
    22
    -  echo "Error: $cdn_dir already exists" >&2
    
    23
    -  exit 1
    
    19
    +if is_project torbrowser; then
    
    20
    +  cdn_dir="/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser/$tbb_version"
    
    21
    +  if test -d "$cdn_dir"
    
    22
    +  then
    
    23
    +    echo "Error: $cdn_dir already exists" >&2
    
    24
    +    exit 1
    
    25
    +  fi
    
    26
    +  mkdir "$cdn_dir"
    
    27
    +  chgrp tb-release "$cdn_dir"
    
    28
    +  chmod 775 "$cdn_dir"
    
    29
    +  cd "$cdn_dir"
    
    30
    +  for marfile in "$dist_dir"/*.mar; do
    
    31
    +    ln -f "$marfile" .
    
    32
    +  done
    
    33
    +
    
    34
    +  dest='cdn.tpo and dist.tpo'
    
    35
    +  staticupdatecmd='static-update-component cdn.torproject.org && static-update-component dist.torproject.org'
    
    36
    +else
    
    37
    +  dest='dist.tpo'
    
    38
    +  staticupdatecmd='static-update-component dist.torproject.org'
    
    24 39
     fi
    
    25
    -mkdir "$cdn_dir"
    
    26
    -chgrp tb-release "$cdn_dir"
    
    27
    -chmod 775 "$cdn_dir"
    
    28
    -cd "$cdn_dir"
    
    29
    -for marfile in "$dist_dir"/*.mar; do
    
    30
    -  ln -f "$marfile" .
    
    31
    -done
    
    32 40
     
    
    33
    -echo "$tbb_version is ready to upload to cdn.tpo and dist.tpo"
    
    41
    +echo "$tbb_version is ready to upload to $dest"
    
    34 42
     echo "You should remove the old version(s) before starting the upload with:"
    
    35
    -echo '  static-update-component cdn.torproject.org && static-update-component dist.torproject.org'
    
    43
    +echo "  $staticupdatecmd"
    
    36 44
     echo '(preferably using screen or tmux)'

  • tools/signing/sync-local-to-staticiforme
    ... ... @@ -3,4 +3,4 @@ set -e
    3 3
     script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
    
    4 4
     source "$script_dir/functions"
    
    5 5
     
    
    6
    -rsync $rsync_options "$signed_version_dir/" "$ssh_host_staticiforme:/srv/dist-master.torproject.org/htdocs/torbrowser/$tbb_version/"
    6
    +rsync $rsync_options "$signed_version_dir/" "$ssh_host_staticiforme:/srv/dist-master.torproject.org/htdocs/$SIGNING_PROJECTNAME/$tbb_version/"