[tbb-commits] [tor-browser-bundle/master] Bug #15864: rename sha256sums.txt to sha256sums-unsigned-build.txt

gk at torproject.org gk at torproject.org
Fri Jul 24 13:18:30 UTC 2015


commit 748c56459b1304207502754d8541c089edc4051a
Author: Nicolas Vigier <boklm at mars-attacks.org>
Date:   Mon Jul 20 19:59:27 2015 +0200

    Bug #15864: rename sha256sums.txt to sha256sums-unsigned-build.txt
    
    And sha256sums.incrementals.txt to sha256sums-unsigned-build.incrementals.txt.
---
 gitian/README.build                     |   13 +++++++------
 gitian/check-match.sh                   |   20 ++++++++++----------
 gitian/hash-bundles.sh                  |   13 ++++++++++---
 gitian/upload-signature.sh              |   12 ++++++------
 tools/authenticode_check.sh             |    4 ++--
 tools/update-responses/update_responses |   12 +++++++-----
 6 files changed, 42 insertions(+), 32 deletions(-)

diff --git a/gitian/README.build b/gitian/README.build
index 4b211a0..656dddd 100644
--- a/gitian/README.build
+++ b/gitian/README.build
@@ -118,14 +118,15 @@ Detailed Explanation of Scripts:
     inputs for inclusion in the 'Docs/sources' subdirectory of the bundles
     themselves.
 
- 10. hash-bundles.sh: This script generates a 'sha256sums.txt' file in sorted,
-     reproducible order.
+ 10. hash-bundles.sh: This script generates a 'sha256sums-unsigned-build.txt'
+     file in sorted, reproducible order.
 
- 11. check-match.sh: This script checks your 'sha256sums.txt' file against
-     any signed, published builds.
+ 11. check-match.sh: This script checks your 'sha256sums-unsigned-build.txt'
+     file against any signed, published builds.
 
- 12. upload-signature.sh: This script signs and uploads your 'sha256sums.txt'
-     file (for use if you are an official builder).
+ 12. upload-signature.sh: This script signs and uploads your
+     'sha256sums-unsigned-build.txt' file (for use if you are an official
+     builder).
  13. signmars.sh: This script generates the signatures on the update (.mar)
      files. It expects an nssdb directory, containing the key, in the same
      directory (i.e. tor-browser-bundle/gitian where it is located, too) and
diff --git a/gitian/check-match.sh b/gitian/check-match.sh
index 71a57f2..e264ef3 100755
--- a/gitian/check-match.sh
+++ b/gitian/check-match.sh
@@ -37,24 +37,24 @@ do
   mkdir -p $TORBROWSER_BUILDDIR/$u
   cd $TORBROWSER_BUILDDIR/$u
 
-  wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums.txt || continue
-  wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums.txt.asc || continue
+  wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums-unsigned-build.txt || continue
+  wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums-unsigned-build.txt.asc || continue
 
   keyring="../../gpg/$u.gpg"
 
   # XXX: Remove this dir
   gpghome=$(mktemp -d)
   GNUPGHOME="$gpghome" gpg --import "$keyring"
-  GNUPGHOME="$gpghome" gpg sha256sums.txt.asc || exit 1
+  GNUPGHOME="$gpghome" gpg sha256sums-unsigned-build.txt.asc || exit 1
 
-  diff -u ../sha256sums.txt sha256sums.txt || exit 1
+  diff -u ../sha256sums-unsigned-build.txt sha256sums-unsigned-build.txt || exit 1
 
   VALID="$u $VALID"
 done
 cd ../..
 
 # XXX: We should refactor this code into a shared function
-if [ -f $TORBROWSER_BUILDDIR/sha256sums.incrementals.txt ]
+if [ -f $TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt ]
 then
   for u in $USERS
   do
@@ -64,17 +64,17 @@ then
     mkdir -p $TORBROWSER_BUILDDIR/$u
     cd $TORBROWSER_BUILDDIR/$u
 
-    wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums.incrementals.txt || continue
-    wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums.incrementals.txt.asc || continue
+    wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt || continue
+    wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt.asc || continue
 
     keyring="../../gpg/$u.gpg"
 
     # XXX: Remove this dir
     gpghome=$(mktemp -d)
     GNUPGHOME="$gpghome" gpg --import "$keyring"
-    GNUPGHOME="$gpghome" gpg sha256sums.incrementals.txt.asc || exit 1
+    GNUPGHOME="$gpghome" gpg sha256sums-unsigned-build.incrementals.txt.asc || exit 1
 
-    diff -u ../sha256sums.incrementals.txt sha256sums.incrementals.txt || exit 1
+    diff -u ../sha256sums-unsigned-build.incrementals.txt sha256sums-unsigned-build.incrementals.txt || exit 1
 
     VALID_incrementals="$u $VALID_incrementals"
   done
@@ -91,7 +91,7 @@ else
   echo "Matching bundles exist from the following users: $VALID"
 fi
 
-if [ -f $TORBROWSER_BUILDDIR/sha256sums.incrementals.txt ]
+if [ -f $TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt ]
 then
   if [ -z "$VALID_incrementals" ]
   then
diff --git a/gitian/hash-bundles.sh b/gitian/hash-bundles.sh
index fe04699..006ed0b 100755
--- a/gitian/hash-bundles.sh
+++ b/gitian/hash-bundles.sh
@@ -19,11 +19,11 @@ eval $(./get-tb-version $TORBROWSER_VERSION_TYPE)
 export LC_ALL=C
 
 cd $TORBROWSER_BUILDDIR
-rm -f sha256sums.txt sha256sums.incrementals.txt
-sha256sum `ls -1 | grep -v '\.incremental\.mar$' | sort` > sha256sums.txt
+rm -f sha256sums-unsigned-build.txt sha256sums-unsigned-build.incrementals.txt
+sha256sum `ls -1 | grep -v '\.incremental\.mar$' | sort` > sha256sums-unsigned-build.txt
 if ls -1 | grep -q '\.incremental\.mar$'
 then
-    sha256sum `ls -1 | grep '\.incremental\.mar$' | sort` > sha256sums.incrementals.txt
+    sha256sum `ls -1 | grep '\.incremental\.mar$' | sort` > sha256sums-unsigned-build.incrementals.txt
     echo
     echo "If this is an official build, you should now sign your result with: "
     echo "  make sign"
@@ -42,4 +42,11 @@ else
     echo "  make incrementals && make hash"
 fi
 
+cat > .htaccess <<EOF
+RewriteEngine On
+RewriteRule ^sha256sums.txt$ sha256sums-unsigned-build.txt
+RewriteRule ^sha256sums.txt.asc$ sha256sums-unsigned-build.txt.asc
+RewriteRule ^sha256sums.incrementals.txt$ sha256sums-unsigned-build.incrementals.txt
+RewriteRule ^sha256sums.incrementals.txt.asc$ sha256sums-unsigned-build.incrementals.txt.asc
+EOF
 
diff --git a/gitian/upload-signature.sh b/gitian/upload-signature.sh
index c403cd5..41a01f6 100755
--- a/gitian/upload-signature.sh
+++ b/gitian/upload-signature.sh
@@ -23,20 +23,20 @@ fi
 . $VERSIONS_FILE
 eval $(./get-tb-version $TORBROWSER_VERSION_TYPE)
 
-if [ ! -f $TORBROWSER_BUILDDIR/sha256sums.txt.asc ];
+if [ ! -f $TORBROWSER_BUILDDIR/sha256sums-unsigned-build.txt.asc ];
 then
-  pushd $TORBROWSER_BUILDDIR && gpg -abs sha256sums.txt 
+  pushd $TORBROWSER_BUILDDIR && gpg -abs sha256sums-unsigned-build.txt
   popd
 fi
 
-if [ -f $TORBROWSER_BUILDDIR/sha256sums.incrementals.txt ] \
-    && [ ! -f $TORBROWSER_BUILDDIR/sha256sums.incrementals.txt.asc ]
+if [ -f $TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt ] \
+    && [ ! -f $TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt.asc ]
 then
-  pushd $TORBROWSER_BUILDDIR && gpg -abs sha256sums.incrementals.txt
+  pushd $TORBROWSER_BUILDDIR && gpg -abs sha256sums-unsigned-build.incrementals.txt
   popd
 fi
 
 
 ssh $HOST "mkdir -p $BASE_DIR/$TORBROWSER_BUILDDIR" 
-scp $TORBROWSER_BUILDDIR/sha256sums*.txt* $HOST:$BASE_DIR/$TORBROWSER_BUILDDIR/ 
+scp $TORBROWSER_BUILDDIR/.htaccess $TORBROWSER_BUILDDIR/sha256sums-unsigned-build*.txt* $HOST:$BASE_DIR/$TORBROWSER_BUILDDIR/
 ssh $HOST "chmod 755 $BASE_DIR/$TORBROWSER_BUILDDIR && chmod 644 $BASE_DIR/$TORBROWSER_BUILDDIR/*"
diff --git a/tools/authenticode_check.sh b/tools/authenticode_check.sh
index 646fdce..32b1f92 100755
--- a/tools/authenticode_check.sh
+++ b/tools/authenticode_check.sh
@@ -32,7 +32,7 @@
 
 # Usage:
 # 1) Let OSSLSIGNCODE point to your osslsigncode binary
-# 2) Change into the directory containing the .exe files and the sha256sums.txt
+# 2) Change into the directory containing the .exe files and the sha256sums-unsigned-build.txt
 # 3) Run /path/to/authenticode_check.sh
 
 if [ -z "$OSSLSIGNCODE" ]
@@ -47,7 +47,7 @@ BADSIGNED_BUNDLES=0
 mkdir tmp
 
 for f in `ls *.exe`; do
-  SHA256_TXT=`grep "$f" sha256sums.txt`
+  SHA256_TXT=`grep "$f" sha256sums-unsigned-build.txt`
 
   # Test 1: Is the .exe file still unsigned? I.e. does its SHA 256 sum still
   # match the one we had before we signed the .exe file? If so, notify us
diff --git a/tools/update-responses/update_responses b/tools/update-responses/update_responses
index 07efc7c..d238d3a 100755
--- a/tools/update-responses/update_responses
+++ b/tools/update-responses/update_responses
@@ -415,20 +415,22 @@ sub download_version {
     my $destdir = "$releases_dir/$version";
     my $urldir = "$config->{download}{archive_url}/$version";
     print "Downloading version $version\n";
-    foreach my $file (qw(sha256sums.txt sha256sums.txt.asc)) {
+    foreach my $file (qw(sha256sums-unsigned-build.txt sha256sums-unsigned-build.txt.asc)) {
         if (getstore("$urldir/$file", "$tmpdir/$file") != 200) {
             exit_error "Error downloading $urldir/$file";
         }
     }
     if (system('gpg', '--no-default-keyring', '--keyring',
             $config->{download}{gpg_keyring}, '--verify',
-            "$tmpdir/sha256sums.txt.asc", "$tmpdir/sha256sums.txt")) {
+            "$tmpdir/sha256sums-unsigned-build.txt.asc",
+            "$tmpdir/sha256sums-unsigned-build.txt")) {
         exit_error "Error checking gpg signature for version $version";
     }
     mkdir $destdir;
-    move "$tmpdir/sha256sums.txt.asc", "$destdir/sha256sums.txt.asc";
-    move "$tmpdir/sha256sums.txt", "$destdir/sha256sums.txt";
-    my %sums = map { chomp; reverse split '  ', $_ } read_file "$destdir/sha256sums.txt";
+    move "$tmpdir/sha256sums-unsigned-build.txt.asc", "$destdir/sha256sums-unsigned-build.txt.asc";
+    move "$tmpdir/sha256sums-unsigned-build.txt", "$destdir/sha256sums-unsigned-build.txt";
+    my %sums = map { chomp; reverse split '  ', $_ }
+                 read_file "$destdir/sha256sums-unsigned-build.txt";
     foreach my $file (sort grep { $_ =~ m/\.mar$/ } keys %sums) {
         print "Downloading $file\n";
         exit_error "Error downloading $urldir/$file\n"



More information about the tbb-commits mailing list