morgan pushed to branch main at The Tor Project / Applications / tor-browser-build

Commits:

4 changed files:

Changes:

  • keyring/torbrowser.gpg
    No preview for this file type
  • tools/signing/linux-signer-gpg-sign
    ... ... @@ -4,6 +4,8 @@ set -e
    4 4
     script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
    
    5 5
     source "$script_dir/functions"
    
    6 6
     
    
    7
    +test "$tbb_version_type" = "alpha" && export GPG_NEWSUBKEY=1
    
    8
    +
    
    7 9
     cd ~/"$SIGNING_PROJECTNAME-$tbb_version"
    
    8 10
     
    
    9 11
     test -n "$GPG_PASS" || read -sp "Enter gpg passphrase: " GPG_PASS
    

  • tools/signing/machines-setup/sudoers.d/sign-gpg
    1
    -Defaults>signing-gpg env_keep += SIGNING_PROJECTNAME
    
    1
    +Defaults>signing-gpg env_keep += "SIGNING_PROJECTNAME GPG_NEWSUBKEY"
    
    2 2
     %signing ALL = (signing-gpg) NOPASSWD: /signing/tor-browser-build/tools/signing/wrappers/sign-gpg

  • tools/signing/wrappers/sign-gpg
    ... ... @@ -11,4 +11,6 @@ if test $(whoami) != 'signing-gpg'; then
    11 11
       exit 1
    
    12 12
     fi
    
    13 13
     
    
    14
    -exec gpg --homedir /home/signing-gpg/.gnupg -absu 0xe53d989a9e2d47bf! --batch --no-tty -o- --passphrase-fd 0 -- "$1"
    14
    +gpg_subkey='0xe53d989a9e2d47bf!'
    
    15
    +test -n "$GPG_NEWSUBKEY" && gpg_subkey='0x157432CF78A65729!'
    
    16
    +exec gpg --homedir /home/signing-gpg/.gnupg -absu "$gpg_subkey" --batch --no-tty -o- --passphrase-fd 0 -- "$1"