[tbb-commits] [Git][tpo/applications/tor-browser-build][maint-13.0] Bug 41037: Set time on signing machine before starting signing

richard (@richard) git at gitlab.torproject.org
Thu Jan 18 10:33:06 UTC 2024 


richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build


Commits:
c12f1511 by Nicolas Vigier at 2024-01-18T10:33:05+00:00
Bug 41037: Set time on signing machine before starting signing

After a reboot, the time on our signing machine is incorrect. To avoid
signing a release with incorrect timestamps, we set the time on the
signing machine at the beginning of the signing process.


(cherry picked from commit de4e1feba72e8357c9f40ec3c555aa0dce5e0df2)
- - - - -


3 changed files:

- tools/signing/do-all-signing
- tools/signing/machines-setup/setup-signing-machine
- + tools/signing/machines-setup/sudoers.d/set-date


Changes:

=====================================
tools/signing/do-all-signing
=====================================
@@ -29,6 +29,11 @@ test -f "$steps_dir/linux-signer-gpg-sign.done" ||
   read -sp "Enter gpg passphrase: " GPG_PASS
 echo
 
+function set-time-on-signing-machine {
+  local current_time=$(date -u)
+  ssh "$ssh_host_linux_signer" sudo /usr/bin/date -s "'$current_time'"
+}
+
 function wait-for-finished-build {
   "$script_dir/wait-for-finished-build"
 }
@@ -171,6 +176,7 @@ function do_step {
 
 export SIGNING_PROJECTNAME
 
+do_step set-time-on-signing-machine
 do_step wait-for-finished-build
 do_step sync-builder-unsigned-to-local-signed
 do_step sync-scripts-to-linux-signer


=====================================
tools/signing/machines-setup/setup-signing-machine
=====================================
@@ -91,6 +91,7 @@ sudoers_file sign-mar
 sudoers_file sign-exe
 sudoers_file sign-apk
 sudoers_file sign-rcodesign
+sudoers_file set-date
 
 authorized_keys boklm boklm-tb-release.pub boklm-yk1.pub
 create_user richard signing


=====================================
tools/signing/machines-setup/sudoers.d/set-date
=====================================
@@ -0,0 +1 @@
+%signing ALL = NOPASSWD: /usr/bin/date -s *



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/c12f1511743a481eba78a1b4003648f69241ad96

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/c12f1511743a481eba78a1b4003648f69241ad96
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20240118/df7845d4/attachment-0001.htm>

More information about the tbb-commits mailing list