[tor-commits] [tor-messenger-build/master] Check the gpg signature of tor-browser instead of sha256sum

boklm at torproject.org boklm at torproject.org
Fri Mar 6 12:14:49 UTC 2015


commit 84b41a7e3f074d0ac5660c649c2bd10563b777e3
Author: Nicolas Vigier <boklm at torproject.org>
Date:   Thu Mar 5 19:48:44 2015 +0100

    Check the gpg signature of tor-browser instead of sha256sum
    
    Checking the sha256sum requires manual updating for each new version, so
    checking the gpg signature is easier.
---
 keyring/tor-browser.gpg     |  Bin 0 -> 7416 bytes
 projects/tor-browser/config |    8 +++-----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/keyring/tor-browser.gpg b/keyring/tor-browser.gpg
new file mode 100644
index 0000000..df2f50b
Binary files /dev/null and b/keyring/tor-browser.gpg differ
diff --git a/projects/tor-browser/config b/projects/tor-browser/config
index b56a723..b5b7e43 100644
--- a/projects/tor-browser/config
+++ b/projects/tor-browser/config
@@ -6,11 +6,9 @@ input_files:
  - filename: "tor-browser-[% c('var/tb_osname') %]-[% c('version') %]_en-US.tar.xz"
    URL: "https://dist.torproject.org/torbrowser/[% c('version') %]/tor-browser-[% c('var/tb_osname') %]-[% c('version') %]_en-US.tar.xz"
    name: torbrowser
-   targets:
-     linux-x86_64:
-       sha256sum: 0f0a07905daaf714322bc54cf25ed0e3b8ef91aeb937ab0df2d39010c9ee7b82
-     linux-i686:
-       sha256sum: f527b85a057ae402fa1dc84e6c175071e6448300cd2ebdd0d50494e1dd605185
+   file_gpg_id: 1
+   sig_ext: asc
+   gpg_keyring: tor-browser.gpg
 
 targets:
   linux-x86_64:





More information about the tor-commits mailing list