[tor-commits] [builders/tor-browser-build] 09/09: Bug 40476: Add do-all-signing
gitolite role
git at cupani.torproject.org
Mon May 9 18:49:28 UTC 2022
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch master
in repository builders/tor-browser-build.
commit 12472f6b7ba9c81db7a1f6a5d553ab96d369c11a
Author: Nicolas Vigier <boklm at torproject.org>
AuthorDate: Fri Apr 1 13:57:32 2022 +0200
Bug 40476: Add do-all-signing
---
tools/signing/do-all-signing | 186 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 186 insertions(+)
diff --git a/tools/signing/do-all-signing b/tools/signing/do-all-signing
new file mode 100755
index 0000000..ab0868c
--- /dev/null
+++ b/tools/signing/do-all-signing
@@ -0,0 +1,186 @@
+#!/bin/bash
+set -e
+script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+source "$script_dir/functions"
+
+NON_INTERACTIVE=1
+steps_dir="$signed_version_dir.steps"
+test -d "$steps_dir" || mkdir -p "$steps_dir"
+
+test -f "$steps_dir/macos-signer-gatekeeper-signing.done" ||
+ read -sp "Enter macos keychain passphrase: " KEYCHAIN_PW
+echo
+test -f "$steps_dir/macos-signer-notarization.done" ||
+ read -sp "Enter macos notarization passphrase: " NOTARIZATION_PW
+echo
+test -f "$steps_dir/linux-signer-signmars.done" ||
+ read -sp "Enter nssdb7 (mar signing) passphrase: " NSSPASS
+echo
+test -f "$steps_dir/linux-signer-authenticode-signing.done" ||
+ read -sp "Enter windows authenticode (yubihsm) passphrase: " YUBIPASS
+echo
+test -f "$steps_dir/linux-signer-gpg-sign.done" ||
+ read -sp "Enter gpg passphrase: " GPG_PASS
+echo
+
+function wait-for-finished-build {
+ "$script_dir/wait-for-finished-build"
+}
+
+function sync-builder-unsigned-to-local-signed {
+ "$script_dir/sync-builder-unsigned-to-local-signed"
+}
+
+function sync-scripts-to-macos-signer {
+ "$script_dir/sync-scripts-to-macos-signer"
+}
+
+function macos-signer-gatekeeper-signing {
+ "$script_dir/sync-macos-local-to-macos-signer"
+ ssh "$ssh_host_macos_signer" 'bash -s' << EOF
+ export KEYCHAIN_PW=$KEYCHAIN_PW
+ ~/signing-$tbb_version_type/macos-signer-gatekeeper-signing
+EOF
+ unset KEYCHAIN_PW
+}
+
+function macos-signer-notarization {
+ ssh "$ssh_host_macos_signer" 'bash -s' << EOF
+ export PW=$NOTARIZATION_PW
+ ~/signing-$tbb_version_type/macos-signer-notarization
+EOF
+ unset NOTARIZATION_PW
+}
+
+function macos-signer-stapler {
+ ssh "$ssh_host_macos_signer" "~/signing-$tbb_version_type/macos-signer-stapler"
+ "$script_dir/sync-macos-signer-stapled-to-macos-local-stapled"
+}
+
+function gatekeeper-bundling {
+ "$script_dir/gatekeeper-bundling.sh"
+}
+
+function dmg2mar {
+ "$script_dir/dmg2mar"
+}
+
+function sync-scripts-to-linux-signer {
+ "$script_dir/sync-scripts-to-linux-signer"
+}
+
+function linux-signer-signmars {
+ "$script_dir/sync-local-to-linux-signer"
+ ssh "$ssh_host_linux_signer" 'bash -s' << EOF
+ export NSSPASS=$NSSPASS
+ ~/signing-$tbb_version_type/linux-signer-signmars
+EOF
+ unset NSSPASS
+}
+
+function sync-after-signmars {
+ "$script_dir/sync-linux-signer-to-local"
+}
+
+function download-unsigned-sha256sums-gpg-signatures-from-people-tpo {
+ "$script_dir/download-unsigned-sha256sums-gpg-signatures-from-people-tpo"
+}
+
+function linux-signer-authenticode-signing {
+ ssh "$ssh_host_linux_signer" 'bash -s' << EOF
+ export YUBIPASS='$YUBIPASS'
+ ~/signing-$tbb_version_type/linux-signer-authenticode-signing
+EOF
+ unset YUBIPASS
+}
+
+function sync-after-authenticode-signing {
+ "$script_dir/sync-linux-signer-to-local"
+}
+
+function authenticode-timestamping {
+ "$script_dir/authenticode-timestamping.sh"
+}
+
+function sync-after-authenticode-timestamping {
+ "$script_dir/sync-local-to-linux-signer"
+}
+
+function hash_signed_bundles {
+ "$script_dir/hash_signed_bundles.sh"
+}
+
+function sync-after-hash {
+ "$script_dir/sync-local-to-linux-signer"
+}
+
+function linux-signer-gpg-sign {
+ ssh "$ssh_host_linux_signer" 'bash -s' << EOF
+ export GPG_PASS=$GPG_PASS
+ ~/signing-$tbb_version_type/linux-signer-gpg-sign
+EOF
+}
+
+function sync-after-gpg-sign {
+ "$script_dir/sync-linux-signer-to-local"
+}
+
+function sync-local-to-staticiforme {
+ "$script_dir/sync-local-to-staticiforme"
+}
+
+function sync-scripts-to-staticiforme {
+ "$script_dir/sync-scripts-to-staticiforme"
+}
+
+function staticiforme-prepare-cdn-dist-upload {
+ ssh "$ssh_host_staticiforme" "signing-$tbb_version_type/staticiforme-prepare-cdn-dist-upload"
+}
+
+function upload-update_responses-to-staticiforme {
+ "$script_dir/upload-update_responses-to-staticiforme"
+}
+
+function finished-signing-clean-macos-signer {
+ "$script_dir/finished-signing-clean-macos-signer"
+}
+
+function finished-signing-clean-linux-signer {
+ "$script_dir/finished-signing-clean-linux-signer"
+}
+
+function do_step {
+ test -f "$steps_dir/$1.done" && return 0
+ echo "$(date -Iseconds) - Starting step: $1"
+ $1 | tee "$steps_dir/$1.log" 2>&1
+ test ${PIPESTATUS[0]} -eq 0
+ touch "$steps_dir/$1.done"
+ echo "$(date -Iseconds) - Finished step: $1"
+}
+
+do_step wait-for-finished-build
+do_step sync-builder-unsigned-to-local-signed
+do_step sync-scripts-to-macos-signer
+do_step macos-signer-gatekeeper-signing
+do_step macos-signer-notarization
+do_step macos-signer-stapler
+do_step gatekeeper-bundling
+do_step dmg2mar
+do_step sync-scripts-to-linux-signer
+do_step linux-signer-signmars
+do_step sync-after-signmars
+do_step linux-signer-authenticode-signing
+do_step sync-after-authenticode-signing
+do_step authenticode-timestamping
+do_step sync-after-authenticode-timestamping
+do_step hash_signed_bundles
+do_step sync-after-hash
+do_step linux-signer-gpg-sign
+do_step sync-after-gpg-sign
+do_step download-unsigned-sha256sums-gpg-signatures-from-people-tpo
+do_step sync-local-to-staticiforme
+do_step sync-scripts-to-staticiforme
+do_step staticiforme-prepare-cdn-dist-upload
+do_step upload-update_responses-to-staticiforme
+do_step finished-signing-clean-macos-signer
+do_step finished-signing-clean-linux-signer
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the tor-commits
mailing list