[tor-commits] [sandboxed-tor-browser/master] Add back the old release MAR signing key.

yawning at torproject.org yawning at torproject.org
Wed Apr 19 20:43:41 UTC 2017 

commit c9fc6212512761126edb874aee7e2ff0fecbd4f1
Author: Yawning Angel <yawning at schwanenlied.me>
Date:   Wed Apr 19 20:40:39 2017 +0000

    Add back the old release MAR signing key.
    
    You are in a maze of twisty public keys, all alike.  When I pulled in
    the new MAR signing key (b32fb3a83a4fcc60cf05c0c41a7b7b67ada704cd
    not actually used yet), I should have preserved all existing keys,
    because they're all used for various things.
    
    In this case, the key that got obliterated is the one currently being
    used to sign MARs for the `release` channel.
---
 ChangeLog                                               |   1 +
 data/installer/release_primary_6.5.der                  | Bin 0 -> 1229 bytes
 src/cmd/sandboxed-tor-browser/internal/installer/mar.go |  11 +++++------
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 09740c4..a0f16bc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,5 @@
 Changes in version 0.0.6 - UNRELEASED:
+ * Add back the old release MAR signing key.
 
 Changes in version 0.0.5 - 2017-04-13:
  * Bug 21764: Use bubblewrap's `--die-with-parent` when supported.
diff --git a/data/installer/release_primary_6.5.der b/data/installer/release_primary_6.5.der
new file mode 100644
index 0000000..542fb24
Binary files /dev/null and b/data/installer/release_primary_6.5.der differ
diff --git a/src/cmd/sandboxed-tor-browser/internal/installer/mar.go b/src/cmd/sandboxed-tor-browser/internal/installer/mar.go
index 3f9c610..60d114d 100644
--- a/src/cmd/sandboxed-tor-browser/internal/installer/mar.go
+++ b/src/cmd/sandboxed-tor-browser/internal/installer/mar.go
@@ -28,11 +28,6 @@ import (
 	"cmd/sandboxed-tor-browser/internal/data"
 )
 
-const (
-	tbbMARReleasePrimaryAsset   = "installer/release_primary.der"
-	tbbMARReleaseSecondaryAsset = "installer/release_secondary.der"
-)
-
 var tbbMARCerts []*x509.Certificate
 
 // VerifyTorBrowserMAR validates the MAR signature against the TBB MAR signing
@@ -139,7 +134,11 @@ func VerifyTorBrowserMAR(mar []byte) error {
 }
 
 func init() {
-	assets := []string{tbbMARReleasePrimaryAsset, tbbMARReleaseSecondaryAsset}
+	assets := []string{
+		"installer/release_primary_6.5.der", // Stable MAR signing key.
+		"installer/release_primary.der",     // (Unused) MAR signing key.
+		"installer/release_secondary.der",   // Alpha MAR signing key (7.0).
+	}
 
 	for _, asset := range assets {
 		if der, err := data.Asset(asset); err != nil {

More information about the tor-commits mailing list