[tor-commits] [tor-browser] 35/43: Bug 1745467 - Update signing formats for Windows; r=aki, a=RyanVM

gitolite role git at cupani.torproject.org
Tue May 31 07:07:18 UTC 2022 

This is an automated email from the git hooks/post-receive script.

pierov pushed a commit to branch tor-browser-91.10.0esr-11.0-1
in repository tor-browser.

commit 9312197bce273d55c969b185531e211dd95db89a
Author: Geoff Brown <gbrown at mozilla.com>
AuthorDate: Fri Mar 18 16:16:36 2022 +0000

    Bug 1745467 - Update signing formats for Windows; r=aki, a=RyanVM
    
    Change signing formats to use SHA-256 digests in the Windows installer signature.
    
    Differential Revision: https://phabricator.services.mozilla.com/D139752
---
 taskcluster/taskgraph/transforms/geckodriver_signing.py       | 2 +-
 taskcluster/taskgraph/transforms/openh264_signing.py          | 2 +-
 taskcluster/taskgraph/transforms/repackage_signing.py         | 6 +++---
 taskcluster/taskgraph/transforms/repackage_signing_partner.py | 4 ++--
 taskcluster/taskgraph/util/signed_artifacts.py                | 4 ++--
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/taskcluster/taskgraph/transforms/geckodriver_signing.py b/taskcluster/taskgraph/transforms/geckodriver_signing.py
index ea75e33703756..ac40feeeab5c8 100644
--- a/taskcluster/taskgraph/transforms/geckodriver_signing.py
+++ b/taskcluster/taskgraph/transforms/geckodriver_signing.py
@@ -108,7 +108,7 @@ def make_signing_description(config, jobs):
 
 def _craft_upstream_artifacts(dep_job, dependency_kind, build_platform):
     if build_platform.startswith("win"):
-        signing_format = "autograph_authenticode"
+        signing_format = "autograph_authenticode_sha2"
     elif build_platform.startswith("linux"):
         signing_format = "autograph_gpg"
     elif build_platform.startswith("macosx"):
diff --git a/taskcluster/taskgraph/transforms/openh264_signing.py b/taskcluster/taskgraph/transforms/openh264_signing.py
index dcc566883a999..589de73ba5823 100644
--- a/taskcluster/taskgraph/transforms/openh264_signing.py
+++ b/taskcluster/taskgraph/transforms/openh264_signing.py
@@ -69,7 +69,7 @@ def make_signing_description(config, jobs):
 
         if "win" in build_platform:
             # job['primary-dependency'].task['payload']['command']
-            upstream_artifact["formats"] = ["autograph_authenticode"]
+            upstream_artifact["formats"] = ["autograph_authenticode_sha2"]
         elif "mac" in build_platform:
             upstream_artifact["formats"] = ["mac_single_file"]
             upstream_artifact["singleFileGlobs"] = ["libgmpopenh264.dylib"]
diff --git a/taskcluster/taskgraph/transforms/repackage_signing.py b/taskcluster/taskgraph/transforms/repackage_signing.py
index 6c9fa64d8d265..f007503e07634 100644
--- a/taskcluster/taskgraph/transforms/repackage_signing.py
+++ b/taskcluster/taskgraph/transforms/repackage_signing.py
@@ -27,9 +27,9 @@ repackage_signing_description_schema = schema.extend(
 )
 
 SIGNING_FORMATS = {
-    "target.installer.exe": ["autograph_authenticode_stub"],
-    "target.stub-installer.exe": ["autograph_authenticode_stub"],
-    "target.installer.msi": ["autograph_authenticode"],
+    "target.installer.exe": ["autograph_authenticode_sha2_stub"],
+    "target.stub-installer.exe": ["autograph_authenticode_sha2_stub"],
+    "target.installer.msi": ["autograph_authenticode_sha2"],
 }
 
 transforms = TransformSequence()
diff --git a/taskcluster/taskgraph/transforms/repackage_signing_partner.py b/taskcluster/taskgraph/transforms/repackage_signing_partner.py
index 7f93216c4ce69..6f1a41f3773ed 100644
--- a/taskcluster/taskgraph/transforms/repackage_signing_partner.py
+++ b/taskcluster/taskgraph/transforms/repackage_signing_partner.py
@@ -79,7 +79,7 @@ def make_repackage_signing_description(config, jobs):
                             dep_job, "{}/target.installer.exe".format(repack_id)
                         ),
                     ],
-                    "formats": ["autograph_authenticode", "autograph_gpg"],
+                    "formats": ["autograph_authenticode_sha2", "autograph_gpg"],
                 }
             ]
 
@@ -99,7 +99,7 @@ def make_repackage_signing_description(config, jobs):
                                 "{}/target.stub-installer.exe".format(repack_id),
                             ),
                         ],
-                        "formats": ["autograph_authenticode", "autograph_gpg"],
+                        "formats": ["autograph_authenticode_sha2", "autograph_gpg"],
                     }
                 )
         elif "mac" in build_platform:
diff --git a/taskcluster/taskgraph/util/signed_artifacts.py b/taskcluster/taskgraph/util/signed_artifacts.py
index 0a215e152ee2c..34440b5dfa592 100644
--- a/taskcluster/taskgraph/util/signed_artifacts.py
+++ b/taskcluster/taskgraph/util/signed_artifacts.py
@@ -98,14 +98,14 @@ def generate_specifications_of_artifacts_to_sign(
                 "artifacts": [
                     get_artifact_path(job, "{locale}/setup.exe"),
                 ],
-                "formats": ["autograph_authenticode"],
+                "formats": ["autograph_authenticode_sha2"],
             },
             {
                 "artifacts": [
                     get_artifact_path(job, "{locale}/target.zip"),
                 ],
                 "formats": [
-                    "autograph_authenticode",
+                    "autograph_authenticode_sha2",
                     "autograph_widevine",
                     "autograph_omnija",
                 ],

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the tor-commits mailing list