[tbb-commits] [tor-browser-build/maint-9.0] Bug 32284: Remove checked binary after check

boklm at torproject.org boklm at torproject.org
Fri Oct 25 11:40:47 UTC 2019


commit d9f378d284fb00021a73b72379863169322880e0
Author: Georg Koppen <gk at torproject.org>
Date:   Fri Oct 25 08:23:49 2019 +0000

    Bug 32284: Remove checked binary after check
    
    When checking our .mar and .exe files for signing errors we keep the
    checked files around until the whole check is done. This essentially
    leads to doubling the amount of disk space for them during that time,
    which could make the difference between someone being able to check
    them successfully or not.
    
    There is actually no need, though, to keep all the binaries until the
    whole signature check is done and we remove the checked bundle from now
    on immediately after a particular check finished.
---
 tools/authenticode_check.sh | 3 ++-
 tools/marsigning_check.sh   | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/tools/authenticode_check.sh b/tools/authenticode_check.sh
index c94682d..819c9d1 100755
--- a/tools/authenticode_check.sh
+++ b/tools/authenticode_check.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright (c) 2017, The Tor Project, Inc.
+# Copyright (c) 2019, The Tor Project, Inc.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -74,6 +74,7 @@ for f in `ls *.exe`; do
       echo "$f does not have the SHA-256 sum of the unsigned bundle!"
       BADSIGNED_BUNDLES=`expr $BADSIGNED_BUNDLES + 1`
     fi
+    rm $f
     cd ..
   fi
 done
diff --git a/tools/marsigning_check.sh b/tools/marsigning_check.sh
index 41b3b4d..0663603 100755
--- a/tools/marsigning_check.sh
+++ b/tools/marsigning_check.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright (c) 2016, The Tor Project, Inc.
+# Copyright (c) 2019, The Tor Project, Inc.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -85,6 +85,7 @@ for f in `ls *.mar`; do
       echo "$f does not have the SHA-256 sum of the unsigned MAR file!"
       BADSIGNED_MARS=`expr $BADSIGNED_MARS + 1`
     fi
+    rm $f
     cd ..
   fi
 done



More information about the tbb-commits mailing list