morgan pushed to branch main at The Tor Project / Applications / tor-browser-build

Commits: 4cc42848 by Morgan at 2024-11-18T21:20:39+00:00 Bug 41304: Add a browser commit tag+signing script

- - - - -

6 changed files:

- + tools/browser/.gitignore - + tools/browser/README.md - + tools/browser/sign-tag - + tools/browser/sign-tag.basebrowser - + tools/browser/sign-tag.mullvadbrowser - + tools/browser/sign-tag.torbrowser

Changes:

===================================== tools/browser/.gitignore ===================================== @@ -0,0 +1,3 @@ +basebrowser +torbrowser +mullvadbrowser

===================================== tools/browser/README.md ===================================== @@ -0,0 +1,65 @@ +# Tools + +### sign-tag + +This script gpg signs a git tag associated with a particular browser commit in the user's tor-browser.git or mullvad-browser.git repo. + +#### Prerequisites + +- The user must create the following soft-links: + - `/tools/browser/basebrowser` -> `/path/to/local/tor-browser.git` + - `/tools/browser/mullvadbrowser` -> `/path/to/local/mullvad-browser.git` + - `/tools/browser/torbrowser` -> `/path/to/local/tor-browser.git` +- The user must first checkout the relevant branch of the commit we are tagging + - This is needed to extract the ESR version, branch-number, and browser name + +#### Usage + +``` +usage: ./tools/browser/sign-tag.<browser> <channel> <build-number> [commit] + +browser one of basebrowser, torbrowser, or mullvadbrowser +channel the release channel of the commit to sign (e.g. alpha, stable, + or legacy) +build-number the build number portion of a browser build tag (e.g. build2) +commit optional git commit, HEAD is used if argument not present +``` + +#### Examples +Invoke the relevant soft-link'd version of this script to sign a particular browser. The trailing commit argument is optional and if not present, the browser branch's `HEAD` will be tagged+signed. + + - ##### `base-browser-128.4.0esr-14.5-1-build1` + After checking out `base-browser-128.4.0esr-14.5-1` branch in linked tor-browser.git + ```bash + ./sign-tag.basebrowser alpha build1 24e628c1fd3f0593e23334acf55dc81909c30099 + ``` + **output**: + ``` + Tag commit 24e628c1fd3f in base-browser-128.4.0esr-14.5-1 + tag: base-browser-128.4.0esr-14.5-1-build1 + message: Tagging build1 for 128.4.0esr-based alpha + ``` + + - ##### `tor-browser-115.17.0esr-13.5-1-build2` + After checking out `tor-browser-115.17.0esr-13.5-1` branch in linked tor-browser.git + ```bash + ./sign-tag.torbrowser legacy build2 8e9e58fe400291f20be5712d057ad0b5fc4d70c1 + ``` + **output**: + ``` + Tag commit 8e9e58fe4002 in tor-browser-115.17.0esr-13.5-1 + tag: tor-browser-115.17.0esr-13.5-1-build2 + message: Tagging build2 for 115.17.0esr-based legacy + ``` + + - ##### `mullvad-browser-128.4.0esr-14.0-1-build2` + After checking out `mullvad-browser-128.4.0esr-14.0-1` branch in linked mullvad-browser.git + ```bash + ./sign-tag.mullvadbrowser stable build2 385aa0559a90a258ed6613527ff3e117dfa5ae5b + ``` + **output**: + ``` + Tag commit 385aa0559a90 in mullvad-browser-128.4.0esr-14.0-1 + tag: mullvad-browser-128.4.0esr-14.0-1-build2 + message: Tagging build2 for 128.4.0esr-based stable + ``` \ No newline at end of file

===================================== tools/browser/sign-tag ===================================== @@ -0,0 +1,115 @@ +#!/usr/bin/env bash + +# See README.md for usage instructions. + +# terminate on error +set -e + +# Check if at least two arguments are provided +if [ "$#" -lt 2 ]; then + echo "Usage: $0 channel build-number [commit]" + exit 1 +fi + +script_name=$(basename "${BASH_ARGV0:-$0}") +script_dir=$(dirname "${BASH_ARGV0:-$0}") +browser=$(echo "$script_name" | perl -pe 's/^[^.]+.//') + +case "${browser}" in + basebrowser | torbrowser | mullvadbrowser) + # go down to browser directory + pushd ${script_dir}/${browser} > /dev/null + # and exit on script termination + trap "popd > /dev/null" EXIT + ;; + *) + echo -n "unrecognized browser: '${browser}'" + exit 1 + ;; +esac + +# +# Branch name validation and extract components from branch name needed for tag +# and message +# + +branch_name=$(git rev-parse --abbrev-ref HEAD) +if [[ $branch_name =~ ^([a-z]+-browser)-([1-9][0-9]+.[0-9]+.[0-9]+esr)-([1-9][0-9]*.[05])-([1-9]).*$ ]]; then + project="${BASH_REMATCH[1]}" + esr="${BASH_REMATCH[2]}" + version="${BASH_REMATCH[3]}" + branch_number="${BASH_REMATCH[4]}" +else + echo "This script must be run from an official browser branch. For example 'base-browser-128.4.0esr-14.0-1'" + exit 1 +fi + +# +# Verify the detected browser matches the name of the current branch +# +case "${browser}" in + basebrowser) + valid_project="base-browser" + ;; + torbrowser) + valid_project="tor-browser" + ;; + mullvadbrowser) + valid_project="mullvad-browser" + ;; +esac + +if ! [[ "${project}" == "${valid_project}" ]]; then + echo "Invalid branch "${branch_name}". Must be a "${valid_project}" branch" + exit 1 +fi + +# +# Assign arguments to variables +# +channel=$1 +build_number=$2 +commit=$(git rev-parse --short ${3:-HEAD}) + +# +# Validate arguments +# + +# channel validation +if [[ "${project}" == "mullvad-browser" ]]; then + valid_channels=("alpha" "stable") +else + valid_channels=("alpha" "stable" "legacy") +fi +channel_valid=false +for value in "${valid_channels[@]}"; do + if [[ "${channel}" == "${value}" ]]; then + channel_valid=true + break + fi +done + +if ! $channel_valid; then + echo "Invalid channel name "${channel}". Must be one of: ${valid_channels[*]}" + exit 1 +fi + +# build number validation +if ! [[ "${build_number}" =~ ^build[1-9][0-9]*$ ]]; then + echo "Invalid build number "${build_number}". Must be in the format "build[1-9][0-9]*"" + exit 1 +fi + +# +# Sign and tag the specified git commit +# + +tag="${project}-${esr}-${version}-${branch_number}-${build_number}" +message="Tagging ${build_number} for ${esr}-based ${channel}" + + +echo "Tag commit ${commit} in ${branch_name}" +echo " tag: ${tag}" +echo " message: ${message}" + +git tag -s "${tag}" "${commit}" -m "${message}"

===================================== tools/browser/sign-tag.basebrowser ===================================== @@ -0,0 +1 @@ +sign-tag \ No newline at end of file

===================================== tools/browser/sign-tag.mullvadbrowser ===================================== @@ -0,0 +1 @@ +sign-tag \ No newline at end of file

===================================== tools/browser/sign-tag.torbrowser ===================================== @@ -0,0 +1 @@ +sign-tag \ No newline at end of file

View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4c...