[tor-commits] [Git][tpo/applications/tor-browser-build][main] Bug 40827: MAR generation uses (mostly) hard-coded MAR update channel

Richard Pospesel (@richard) git at gitlab.torproject.org
Mon Mar 27 10:29:07 UTC 2023 


Richard Pospesel pushed to branch main at The Tor Project / Applications / tor-browser-build


Commits:
d2179847 by Richard Pospesel at 2023-03-27T09:59:36+00:00
Bug 40827: MAR generation uses (mostly) hard-coded MAR update channel

- - - - -


7 changed files:

- projects/browser/build
- projects/release/dmg2mar
- projects/release/update_responses_config.yml
- rbm.conf
- tools/dmg2mar
- tools/marsigning_check.sh
- tools/update-responses/update_responses


Changes:

=====================================
projects/browser/build
=====================================
@@ -345,7 +345,7 @@ cd $distdir
   [% SET mar_file = c("var/project-name") _ '-' _ c("var/mar_osname") _ '-' _ c("var/torbrowser_version") _ '_${PKG_LOCALE}.mar' %]
   MAR=$MARTOOLS/mar \
   MOZ_PRODUCT_VERSION=[% c("var/torbrowser_version") %] \
-  MAR_CHANNEL_ID=torbrowser-torproject-[% c("var/channel") %] \
+  MAR_CHANNEL_ID=[% c("var/mar_channel_id") %] \
   $MARTOOLS/make_full_update.sh -q $OUTDIR/[% mar_file %] "$TBDIR"
 [% END -%]
 


=====================================
projects/release/dmg2mar
=====================================
@@ -5,4 +5,4 @@ cd [% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[%  c("version
 export TOR_APPNAME_BUNDLE_OSX='[% c("var/Project_Name") -%]'
 export TOR_APPNAME_DMGFILE='[% c("var/ProjectName") -%]'
 export TOR_APPNAME_MARFILE='[% c("var/project-name") -%]'
-[% shell_quote(c("basedir")) %]/tools/dmg2mar [% c("var/channel") %]
+[% shell_quote(c("basedir")) %]/tools/dmg2mar [% c("var/mar_channel_id") %]


=====================================
projects/release/update_responses_config.yml
=====================================
@@ -31,6 +31,7 @@ versions:
 [% IF c("var/create_unsigned_incrementals") -%]
         releases_dir: [% path(c('output_dir')) %]/unsigned
 [% END -%]
+        mar_channel_id: [% c('var/mar_channel_id') %]
         platformVersion: [% pc('firefox', 'var/firefox_platform_version') %]
         detailsURL: https://blog.torproject.org/new-release-tor-browser-[% c("var/torbrowser_version") FILTER remove('\.') %]
         incremental_from:


=====================================
rbm.conf
=====================================
@@ -77,6 +77,8 @@ var:
     - 12.5a3
   updater_enabled: 1
   build_mar: 1
+  mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]'
+
   # By default, we sort the list of installed packages. This allows sharing
   # containers with identical list of packages, even if they are not listed
   # in the same order. In the cases where the installation order is


=====================================
tools/dmg2mar
=====================================
@@ -104,7 +104,7 @@ sub get_dmg_files_from_sha256sums {
 }
 
 sub convert_files {
-    my ($channel) = @_;
+    my ($mar_channel_id) = @_;
     my $pm = Parallel::ForkManager->new(get_nbprocs);
     $pm->run_on_finish(
       sub {
@@ -149,7 +149,7 @@ sub convert_files {
 
         unlink $output;
         local $ENV{MOZ_PRODUCT_VERSION} = $file->{version};
-        local $ENV{MAR_CHANNEL_ID} = "torbrowser-torproject-$channel";
+        local $ENV{MAR_CHANNEL_ID} = $mar_channel_id;
         local $ENV{TMPDIR} = $tmpdir;
         (undef, $err, $success) =  capture_exec('make_full_update.sh', '-q',
                                         $output, $appdir);
@@ -178,9 +178,9 @@ sub remove_incremental_mars {
 $ENV{LC_ALL} = 'C';
 
 
-exit_error "Please specify update channel" unless @ARGV == 1;
-my $channel = $ARGV[0];
+exit_error "Please specify the mar channel id" unless @ARGV == 1;
+my $mar_channel_id = $ARGV[0];
 
 extract_martools;
-convert_files $channel;
+convert_files $mar_channel_id;
 remove_incremental_mars;


=====================================
tools/marsigning_check.sh
=====================================
@@ -35,7 +35,7 @@
 # 2) Let LD_LIBRARY_PATH point to the mar-tools directory
 # 3) Let NSS_DB_DIR point to the directory containing the database with the
 #    signing certificate to check against.
-# 4) Let CHANNEL be the expected update channel
+# 4) Let MAR_CHANNEL_ID be the expected update channel (eg: torbrowser-torproject-alpha)
 #
 #    To create the database to use for signature checking import the
 #    release*.der certificate of your choice found in
@@ -45,9 +45,9 @@
 #    certutil -d nssdb -N --empty-password
 #    certutil -A -n "marsigner" -t,, -d nssdb -i /path/to/.der
 #
-# 4) Change into the directory containing the MAR files and the
+# 5) Change into the directory containing the MAR files and the
 #    sha256sums-unsigned-build.txt/sha256sums-unsigned-build.incrementals.txt.
-# 5) Run /path/to/marsigning_check.sh
+# 6) Run /path/to/marsigning_check.sh
 
 if [ -z "$SIGNMAR" ]
 then
@@ -67,9 +67,9 @@ then
   exit 1
 fi
 
-if [ -z "$CHANNEL" ]
+if [ -z "$MAR_CHANNEL_ID" ]
 then
-  echo "The update channel is missing! ([nightly|alpha|release])"
+  echo "The update channel is missing! (torbrowser-torproject-[nightly|alpha|release])"
   exit 1
 fi
 
@@ -106,7 +106,7 @@ for f in *.mar; do
   fi
 
   # Test 1.5: Is the MAR file correctly signed by the correct channel key?
-  if [ ! "$($SIGNMAR -T "$f" | grep "MAR channel name")" = "    - MAR channel name: torbrowser-torproject-${CHANNEL}" ]; then
+  if [ ! "$($SIGNMAR -T "$f" | grep "MAR channel name")" = "    - MAR channel name: ${MAR_CHANNEL_ID}" ]; then
       echo "$f contains wrong update channel!"
   fi
 


=====================================
tools/update-responses/update_responses
=====================================
@@ -264,7 +264,7 @@ sub create_incremental_mar {
         }
     }
     local $ENV{MOZ_PRODUCT_VERSION} = $new_version;
-    local $ENV{MAR_CHANNEL_ID} = "torbrowser-torproject-$channel";
+    local $ENV{MAR_CHANNEL_ID} = get_config($config, $new_version, $os, 'mar_channel_id');
     local $ENV{TMPDIR} = $tmpdir;
     my ($out, $err, $success) = capture_exec('make_incremental_update.sh',
                                    $mar_file_path, "$tmpdir/A", "$tmpdir/B");



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d2179847b0d379b22f9fac7fd747628affd934d8

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d2179847b0d379b22f9fac7fd747628affd934d8
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20230327/fcb25129/attachment-0001.htm>

More information about the tor-commits mailing list