[tor-bugs] #23657 [Applications/Tor Browser]: Decide directories used for signed/unsigned builds in tor-browser-builds

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Sep 26 12:46:09 UTC 2017

#23657: Decide directories used for signed/unsigned builds in tor-browser-builds
     Reporter:  boklm                     |      Owner:  tbb-team
         Type:  task                      |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
 With gitian builds, all builds (signed and unsigned) were stored in the
 gitian directory directly.

 I remember having issues when generating incremental mars which were done
 with unsigned osx mars instead of the signed ones. To avoid that issue I
 have started with separating signed and unsigned builds in tor-browser-
 build. However it seems the new process is confusing and error-prone
 during the signing process, so we should think more about what directories
 we want to use in the different steps (or if we want to go back to using
 only one).

 I think having different directories could also be useful if we want to
 add some scripts helping with the intermediate signing steps.

 What we currently have is:
 - the build target creates builds in the directory `unsigned`
 - the incrementals target generates incremental mars in the `unsigned`
 directory. However it is using/downloading the mar files from the old
 version in the `unsigned` directory too, while it should be done from a
 signed build (for the osx ones). Maybe we should fix the incrementals step
 to use the old version from the `signed` directory instead.
 - the dmg2mar target is using the `signed` directory. However at this
 point, only the dmg files are signed, so it is confusing to put all the
 files in the `signed` directory. Maybe an intermediate directory should be
 used instead?
 - the update_responses target is using the `signed` directory. I think
 this one is correct as update responses should only be done from a fully
 signed build.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23657>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list