ma1 pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: b8180152 by hackademix at 2025-10-23T17:36:44+02:00 Bug 41603: Automate update response preparation for legacy-only builds. - - - - - 2 changed files: - .gitlab/issue_templates/Release Prep - Tor Browser Legacy.md - + tools/signing/deploy-legacy Changes: ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Legacy.md ===================================== @@ -246,34 +246,18 @@ popd static-update-component cdn.torproject.org && static-update-component dist.torproject.org ``` - [ ] **(Optional)** Generate and deploy new update responses - - **NOTE**: This is only required if there will be no corresponding 14.0 release (i.e. this is an emergency legacy-only 13.5 release). Normally, legacy update responses are generated and deployed as part of the 14.0 release. + - **NOTE**: This is only required if there will be no corresponding 15.0 release (i.e. this is an emergency legacy-only 13.5 release). Normally, legacy update responses are generated and deployed as part of the 15.0 release. - **⚠️ WARNING**: This is a little bit off the beaten track, ping boklm or morgan if you have any doubts - - From the `maint-14.5` branch: + - From the `maint-15.0` branch: - [ ] Update `rbm.conf` - [ ] `var/torbrowser_legacy_version`: update to `${TOR_BROWSER_VERSION}` - - **NOTE** this is the browser version for the legacy branch, not the 14.0 branch + - **NOTE** this is the browser version for the legacy branch, not this stable branch we've switched to - [ ] `var/torbrowser_legacy_platform_version`: update to `${ESR_VERSION}` - - **NOTE** this is ESR version for the legacy branch, not the 14.0 branch - - [ ] Generate update responses: + - **NOTE** this is ESR version for the legacy branch, not this stable branch we've switched to + - [ ] Generate update responses and commit them to tor-browser-update-responses.git: - Run: ```bash - make torbrowser-update_responses-release - ``` - - [ ] Commit new update responses to tor-browser-update-responses.git: - - Run: - ```bash - updaterespdir=/path/to/tor-browser-update-responses.git - cp torbrowser/release/update-responses/update-responses-release-${TOR_BROWSER_VERSION}.tar "$updaterespdir" - cd "$updaterespdir" - git pull - rm -Rf update_3/release - tar -C update_3 update-responses-release-${TOR_BROWSER_VERSION}.tar - rm update-responses-release-${TOR_BROWSER_VERSION}.tar - git add update_3/release - git commit -m "release: new version, ${TOR_BROWSER_VERSION}" - git push - # print the commit hash and copy past it for the next step - git show -s --format=%H + cd tor-browser-build/tools/signing/ && ./deploy-legacy ``` - On `staticiforme.torproject.org`, deploy new update responses: - [ ] Enable update responses, passing the commit hash as argument (replace $commit): ===================================== tools/signing/deploy-legacy ===================================== @@ -0,0 +1,48 @@ +#!/bin/bash +set -e +SIGNING_PROJECTNAME=torbrowser +script_dir=$(cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd) +TBB_DIR="$script_dir/../.." +source "$script_dir/functions" +source "$script_dir/set-config.update-responses" +TOR_BROWSER_VERSION=$(rbm_showconf var/torbrowser_version) +TOR_BROWSER_LEGACY_VERSION=$(rbm_showconf var/torbrowser_legacy_version) +ESR_LEGACY_VERSION=$(rbm_showconf var/torbrowser_legacy_platform_version) +echo "TOR_BROWSER_VERSION ${TOR_BROWSER_VERSION}" +echo "TOR_BROWSER_LEGACY_VERSION ${TOR_BROWSER_LEGACY_VERSION}" +echo "ESR_LEGACY_VERSION: ${ESR_LEGACY_VERSION}" +read -p "Continue with update response for these versions (y/N) " -n 1 -r + +echo +if ! [[ $REPLY =~ ^[Yy]$ ]]; then + echo >&2 "Operation cancelled" + exit 1 +fi + +pushd "$TBB_DIR" + +"tools/download-torbrowser ${TOR_BROWSER_VERSION}" +make torbrowser-update_responses-release + +cp torbrowser/release/update-responses/update-responses-release-${TOR_BROWSER_VERSION}.tar "$update_responses_repository_dir" + +popd + +pushd "$update_responses_repository_dir" +git pull +rm -Rf update_3/release +tar -C update_3 -xf update-responses-release-${TOR_BROWSER_VERSION}.tar +rm update-responses-release-${TOR_BROWSER_VERSION}.tar +git add update_3/release +git commit -m "release: new version, ${TOR_BROWSER_LEGACY_VERSION}" +git push + +echo "Update responses commit, for you to review:" +git show + +commit=$(git show -s --format=%H) +echo +echo "On staticiforme.torproject.org now deploy new update responses:" +echo "sudo -u tb-release ./deploy_update_responses-release.sh $commit" + +popd View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b8... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b8... You're receiving this email because of your account on gitlab.torproject.org.