[tor-commits] [Git][tpo/applications/tor-browser-build][main] Bug 41218: Use new Tor Browser gpg subkey for signing stable releases

boklm (@boklm) git at gitlab.torproject.org
Wed Aug 21 11:07:40 UTC 2024 


boklm pushed to branch main at The Tor Project / Applications / tor-browser-build


Commits:
f4580f58 by Nicolas Vigier at 2024-08-21T13:07:03+02:00
Bug 41218: Use new Tor Browser gpg subkey for signing stable releases

With #40964 we started using a new subkey for signing alpha releases.
We now start using the new subkey for signing stable releases too.

- - - - -


3 changed files:

- tools/signing/linux-signer-gpg-sign
- tools/signing/machines-setup/sudoers.d/sign-gpg
- tools/signing/wrappers/sign-gpg


Changes:

=====================================
tools/signing/linux-signer-gpg-sign
=====================================
@@ -4,8 +4,6 @@ set -e
 script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 source "$script_dir/functions"
 
-test "$tbb_version_type" = "alpha" && export GPG_NEWSUBKEY=1
-
 cd ~/"$SIGNING_PROJECTNAME-$tbb_version"
 
 test -n "$GPG_PASS" || read -sp "Enter gpg passphrase: " GPG_PASS


=====================================
tools/signing/machines-setup/sudoers.d/sign-gpg
=====================================
@@ -1,2 +1,2 @@
-Defaults>signing-gpg env_keep += "SIGNING_PROJECTNAME GPG_NEWSUBKEY"
+Defaults>signing-gpg env_keep += SIGNING_PROJECTNAME
 %signing ALL = (signing-gpg) NOPASSWD: /signing/tor-browser-build/tools/signing/wrappers/sign-gpg


=====================================
tools/signing/wrappers/sign-gpg
=====================================
@@ -11,6 +11,5 @@ if test $(whoami) != 'signing-gpg'; then
   exit 1
 fi
 
-gpg_subkey='0xe53d989a9e2d47bf!'
-test -n "$GPG_NEWSUBKEY" && gpg_subkey='0x157432CF78A65729!'
+gpg_subkey='0x157432CF78A65729!'
 exec gpg --homedir /home/signing-gpg/.gnupg -absu "$gpg_subkey" --batch --no-tty -o- --passphrase-fd 0 -- "$1"



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f4580f587d426fc829fc8596e2a89e02aa1ad73e

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f4580f587d426fc829fc8596e2a89e02aa1ad73e
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20240821/194be429/attachment-0001.htm>

More information about the tor-commits mailing list