[tor-commits] [gettor/master] Add signature verification instructions to email
cohosh at torproject.org
cohosh at torproject.org
Mon Mar 30 17:59:32 UTC 2020
commit 63559201e21331ded6da078108ba903ffeebb38d
Author: Cecylia Bocovich <cohosh at torproject.org>
Date: Wed Mar 18 16:12:10 2020 -0400
Add signature verification instructions to email
---
gettor/services/email/sendmail.py | 14 +++++++++++--
share/locale/en.json | 4 ++++
tests/test_email_service.py | 42 ++++++++++++++++++---------------------
3 files changed, 35 insertions(+), 25 deletions(-)
diff --git a/gettor/services/email/sendmail.py b/gettor/services/email/sendmail.py
index 22a5111..4d908b3 100644
--- a/gettor/services/email/sendmail.py
+++ b/gettor/services/email/sendmail.py
@@ -125,7 +125,6 @@ class Sendmail(object):
link_msg = ""
for link in links:
- print(link)
provider = link[5]
version = link[4]
arch = link[3]
@@ -143,6 +142,16 @@ class Sendmail(object):
def build_body_message(self, link_msg, platform, file):
+ signature_strings = {
+ "windows":"links_body_windows",
+ "linux":"links_body_linux",
+ "osx":"links_body_osx"
+ }
+ signature_cmds = {
+ "windows":"gpgv --keyring .\\tor.keyring Downloads\\{0}.asc Downloads\\{0}",
+ "linux":"gpgv --keyring ./tor.keyring ~/Downloads/{}{{.asc,}}",
+ "osx":"gpgv --keyring ./tor.keyring ~/Downloads/{}{{.asc,}}"
+ }
body_msg = strings._("body_intro")
body_msg += strings._("links_body_platform").format(platform)
body_msg += strings._("links_body_step1").format(link_msg)
@@ -150,8 +159,9 @@ class Sendmail(object):
body_msg += strings._("links_body_internet_archive")
body_msg += strings._("links_body_google_drive")
body_msg += strings._("links_body_step2")
+ body_msg += strings._(signature_strings[platform])
+ body_msg += strings._("links_body_all").format(signature_cmds[platform].format(file))
body_msg += strings._("links_body_step3")
- print(body_msg)
return body_msg
diff --git a/share/locale/en.json b/share/locale/en.json
index 9a97100..8737d51 100644
--- a/share/locale/en.json
+++ b/share/locale/en.json
@@ -6,6 +6,10 @@
"links_body_internet_archive": "\tInternet Archive: https://archive.org/details/@gettor\n\n",
"links_body_google_drive": "\tGoogle Drive folder: https://drive.google.com/open?id=13CADQTsCwrGsIID09YQbNz2DfRMUoxUU\n\n",
"links_body_step2": "Step 2: Verify the signature (Optional)\n\n\tVerifying the signature ensures that a certain package was generated by its\n\tdevelopers, and has not been tampered with. This email provides links to signature\n\tfiles that have the same name as the Tor Browser file, but end with \".asc\" instead.\n\n",
+ "links_body_all":"\tThe Tor Browser team signs Tor Browser releases. Import the Tor Browser Developers\n\tsigning key (0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290):\n\n\t\tgpg --auto-key-locate nodefault,wkd --locate-keys torbrowser at torproject.org\n\n\tThis should show you something like:\n\n\t\tgpg: key 4E2C6E8793298290: public key \"Tor Browser Developers (signing key) <torbrowser at torproject.org>\" imported\n\t\tgpg: Total number processed: 1\n\t\tgpg: imported: 1\n\t\tpub rsa4096 2014-12-15 [C] [expires: 2020-08-24]\n\t\t EF6E286DDA85EA2A4BA7DE684E2C6E8793298290\n\t\tuid [ unknown] Tor Browser Developers (signing key) <torbrowser at torproject.org>\n\t\tsub rsa4096 2018-05-26 [S] [expires: 2020-09-12]\n\n\tAfter importing the key, you can save it to a file (identifying it by fingerprint here):\n\n\t\tgpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290\n\n\tNext, you will need to download the corresponding \".asc\" signatur
e file and verify it\n\twith the command:\n\n\t\t{}\n\n\tThe result of the command should produce something like this:\n\n\t\tgpgv: Signature made 07/08/19 04:03:49 Pacific Daylight Time\n\t\tgpgv: using RSA key EB774491D9FF06E2\n\t\tgpgv: Good signature from \"Tor Browser Developers (signing key) <torbrowser at torproject.org>\"\n\n",
+ "links_body_windows":"\tIf you run Windows, download Gpg4win and run its installer. In order to verify the\n\tsignature you will need to type a few commands in windows command-line, cmd.exe.\n\n",
+ "links_body_osx":"\tIf you are using macOS, you can install GPGTools. In order to verify the signature\n\tyou will need to type a few commands in the Terminal (under \"Applications\").\n\n",
+ "links_body_linux":"\tIf you are using GNU/Linux, then you probably already have GnuPG in your system,\n\tas most GNU/Linux distributions come with it preinstalled. In order to verify the\n\tsignature you will need to type a few commands in a terminal window.\n\n",
"links_body_step3": "Step 3: Get Bridges (Optional)\n\n\tIf you believe that Tor is blocked where you are, you can use bridges to connect\n\tto Tor. Bridges are hidden Tor relays that can circumvent censorship.\n\tTor Browser includes a list of built-in bridges, which you should try first.\n\tYou can activate built-in bridges inside of Tor Browser's settings, under the\n\t\"Tor\" menu. If built-in bridges don't work, try requesting different bridges,\n\twhich you can also do in the \"Tor\" menu inside Tor Browser's settings.\n\n",
"links_subject": "[GetTor] Links for your request",
"help_body_intro": "GetTor can send you download links for Tor Browser.\n",
diff --git a/tests/test_email_service.py b/tests/test_email_service.py
index 5c0ddfb..3803e79 100644
--- a/tests/test_email_service.py
+++ b/tests/test_email_service.py
@@ -17,18 +17,6 @@ class EmailServiceTests(unittest.TestCase):
self.settings = conftests.options.parse_settings("en","tests/test.conf.json")
self.sm_client = conftests.Sendmail(self.settings)
self.locales = conftests.strings.get_locales()
- self.links = [
- [
- "https://gitlab.com/thetorproject/gettorbrowser/raw/torbrowser-releases/TorBrowser-9.0.3-osx64_en-US.dmg",
- "osx",
- "en-US",
- "64",
- "9.0.3",
- "gitlab",
- "ACTIVE",
- "TorBrowser-9.0.3-osx64_en-US.dmg"
- ]
- ]
def tearDown(self):
print("tearDown()")
@@ -182,22 +170,30 @@ class EmailServiceTests(unittest.TestCase):
self.assertEqual(request["language"], "es-AR")
del ep
+ @pytest_twisted.inlineCallbacks
def test_sent_links_message(self):
ep = self.sm_client
- links = self.links
- link_msg, file = ep.build_link_strings(links, "osx", "en")
- assert "https://gitlab.com/thetorproject/gettorbrowser/raw/torbrowser-releases/TorBrowser-9.0.3-osx64_en-US.dmg" in link_msg
- assert "osx" in link_msg
-
- self.assertEqual("TorBrowser-9.0.3-osx64_en-US.dmg", file)
-
- def test_sent_body_message(self):
- ep = self.sm_client
- links = self.links
- link_msg, file = ep.build_link_strings(links, "osx", "en")
+ links = yield ep.conn.get_links(
+ platform="osx", language="en-US", status="ACTIVE"
+ )
+ link_msg, file = ep.build_link_strings(links, "osx", "en-US")
body_msg = ep.build_body_message(link_msg, "osx", file)
assert "You requested Tor Browser for osx" in body_msg
+ links = yield ep.conn.get_links(
+ platform="windows", language="en-US", status="ACTIVE"
+ )
+ link_msg, file = ep.build_link_strings(links, "windows", "en-US")
+ body_msg = ep.build_body_message(link_msg, "windows", file)
+ assert "You requested Tor Browser for windows" in body_msg
+
+ links = yield ep.conn.get_links(
+ platform="linux", language="en-US", status="ACTIVE"
+ )
+ link_msg, file = ep.build_link_strings(links, "linux", "en-US")
+ body_msg = ep.build_body_message(link_msg, "linux", file)
+ assert "You requested Tor Browser for linux" in body_msg
+
@pytest_twisted.inlineCallbacks
def test_help_body_message(self):
ep = self.sm_client
More information about the tor-commits
mailing list