[tor-commits] [Git][tpo/applications/tor-browser-build][maint-12.0] Bug 40723: Use tor-browser-update-responses.git in upload-update_responses-to-staticiforme

Mon Jan 23 16:40:07 UTC 2023


boklm pushed to branch maint-12.0 at The Tor Project / Applications / tor-browser-build


Commits:
98053ed8 by Nicolas Vigier at 2023-01-19T13:08:57+01:00
Bug 40723: Use tor-browser-update-responses.git in upload-update_responses-to-staticiforme

- - - - -


6 changed files:

- .gitlab/issue_templates/Release Prep - Alpha.md
- .gitlab/issue_templates/Release Prep - Stable.md
- tools/signing/do-all-signing
- tools/signing/functions
- + tools/signing/set-config.update-responses
- tools/signing/upload-update_responses-to-staticiforme


Changes:

=====================================
.gitlab/issue_templates/Release Prep - Alpha.md
=====================================
@@ -210,6 +210,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
     - `ssh_host_macos_signer` : ssh hostname of macOS signing machine
   - [ ] `tor-browser-build/tools/signing/set-config.macos-notarization`
     - `macos_notarization_user` : the email login for a tor notariser Apple Developer account
+  - [ ] `set-config.update-responses`
+    - `update_responses_repository_dir` : directory where you cloned `git at gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git`
   - [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
     - `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
     - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
@@ -230,7 +232,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
     - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
     - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
   - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
-  - [ ] Enable update responses : `./deploy_update_responses-alpha.sh`
+  - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-alpha.sh`
 - [ ] Publish APKs to Google Play:
   - Log into https://play.google.com/apps/publish
   - Select `Tor Browser (Alpha)` app


=====================================
.gitlab/issue_templates/Release Prep - Stable.md
=====================================
@@ -297,6 +297,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
     - [ ] `ssh_host_macos_signer` : ssh hostname of macOS signing machine
   - [ ] `tor-browser-build/tools/signing/set-config.macos-notarization`
     - [ ] `macos_notarization_user` : the email login for a tor notariser Apple Developer account
+  - [ ] `set-config.update-responses`
+    - `update_responses_repository_dir` : directory where you cloned `git at gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git`
   - [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
     - [ ] `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
     - [ ] `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
@@ -318,8 +320,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
     - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
   - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
   - [ ] Enable update responses :
-    - [ ] alpha: `./deploy_update_responses-alpha.sh`
-    - [ ] release: `./deploy_update_responses-release.sh`
+    - [ ] alpha: `sudo -u tb-release ./deploy_update_responses-alpha.sh`
+    - [ ] release: `sudo -u tb-release ./deploy_update_responses-release.sh`
 - [ ] ***(Android Only)*** : Publish APKs to Google Play:
   - [ ] Log into https://play.google.com/apps/publish
   - [ ] Select `Tor Browser` app


=====================================
tools/signing/do-all-signing
=====================================
@@ -2,6 +2,7 @@
 set -e
 script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 source "$script_dir/functions"
+source "$script_dir/set-config.update-responses"
 
 NON_INTERACTIVE=1
 steps_dir="$signed_version_dir.steps"


=====================================
tools/signing/functions
=====================================
@@ -19,4 +19,16 @@ function check_torbrowser_version_var {
   return 0
 }
 
+function check_update_responses_repository_dir {
+  if test -z "$update_responses_repository_dir" || ! test -d "$update_responses_repository_dir"
+  then
+    cat << 'EOF' > /dev/stderr
+$aus1_repository_dir is not defined, or the directory does not exist
+You should clone git at gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git
+and set $update_responses_repository_dir in set-config.update-responses
+EOF
+    exit 1
+  fi
+}
+
 . "$script_dir/set-config"


=====================================
tools/signing/set-config.update-responses
=====================================
@@ -0,0 +1,7 @@
+# You should clone git at gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git
+# and uncomment the line setting update_responses_repository_dir.
+# Don't forget to set user.email and user.name in your git config
+
+#update_responses_repository_dir=/path/to/tor-browser-update-responses.git
+
+check_update_responses_repository_dir


=====================================
tools/signing/upload-update_responses-to-staticiforme
=====================================
@@ -2,6 +2,7 @@
 set -e
 script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 source "$script_dir/functions"
+source "$script_dir/set-config.update-responses"
 
 check_torbrowser_version_var
 
@@ -17,33 +18,40 @@ else
   popd > /dev/null
 fi
 
-update_dir=/srv/aus1-master.torproject.org/htdocs/torbrowser/update_3
+cd $update_responses_repository_dir
+git checkout main
+git pull --ff-only
+test -n "$(git status --porcelain=v1 | grep -v '^?')" \
+  && exit_error 'update_responses_repository_dir has modified files'
+cd update_3
+rm -Rf "$tbb_version_type"
+tar -xf "$update_responses_tar"
+git add "$tbb_version_type"
+git commit -m "$tbb_version_type: new version, $tbb_version"
+update_responses_commit=$(git log -1 --format=%H)
+
+update_dir=/srv/aus1-master.torproject.org/htdocs/torbrowser
 deploy_script=$(mktemp)
 trap "rm -Rf $deploy_script" EXIT
 cat << EOF > "$deploy_script"
 #!/bin/bash
 set -e
 
-tmpdir="\$(mktemp -d)"
+echo "Deploying version $tbb_version"
+echo "update_responses_commit: $update_responses_commit"
 
-trap "rm -Rf \$tmpdir" EXIT
-
-rm -Rf "$update_dir/$tbb_version_type.old"
-test -d "$update_dir/$tbb_version_type" && \\
-  mv -v "$update_dir/$tbb_version_type" "$update_dir/$tbb_version_type.old"
-
-tar -C "\$tmpdir" -xf ~/$update_responses_tar_filename
-chmod 775 "\$tmpdir"/$tbb_version_type
-chmod 664 "\$tmpdir"/$tbb_version_type/* "\$tmpdir"/$tbb_version_type/.htaccess
-chgrp -R torwww "\$tmpdir"/$tbb_version_type
-mv -v "\$tmpdir"/$tbb_version_type "$update_dir/$tbb_version_type"
+cd "$update_dir"
+git fetch
+git checkout "$update_responses_commit"
 
 static-update-component aus1.torproject.org
 EOF
 
 chmod +x $deploy_script
-scp -p "$update_responses_tar" "$ssh_host_staticiforme:"
 scp -p $deploy_script $ssh_host_staticiforme:deploy_update_responses-$tbb_version_type.sh
 
+git push
+
 echo 'To enable updates you can now run:'
-echo "  ssh $ssh_host_staticiforme ./deploy_update_responses-$tbb_version_type.sh"
+echo "  ssh $ssh_host_staticiforme"
+echo "  sudo -u tb-release ./deploy_update_responses-$tbb_version_type.sh"



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/98053ed8d40c910ec73fc755c896c1f35569aeca

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/98053ed8d40c910ec73fc755c896c1f35569aeca
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20230123/5d5dda5d/attachment-0001.htm>
