[tbb-commits] [tor-browser-bundle/master] Bug #15864: rename sha256sums.txt to sha256sums-unsigned-build.txt
gk at torproject.org
gk at torproject.org
Fri Jul 24 13:18:30 UTC 2015
commit 748c56459b1304207502754d8541c089edc4051a
Author: Nicolas Vigier <boklm at mars-attacks.org>
Date: Mon Jul 20 19:59:27 2015 +0200
Bug #15864: rename sha256sums.txt to sha256sums-unsigned-build.txt
And sha256sums.incrementals.txt to sha256sums-unsigned-build.incrementals.txt.
---
gitian/README.build | 13 +++++++------
gitian/check-match.sh | 20 ++++++++++----------
gitian/hash-bundles.sh | 13 ++++++++++---
gitian/upload-signature.sh | 12 ++++++------
tools/authenticode_check.sh | 4 ++--
tools/update-responses/update_responses | 12 +++++++-----
6 files changed, 42 insertions(+), 32 deletions(-)
diff --git a/gitian/README.build b/gitian/README.build
index 4b211a0..656dddd 100644
--- a/gitian/README.build
+++ b/gitian/README.build
@@ -118,14 +118,15 @@ Detailed Explanation of Scripts:
inputs for inclusion in the 'Docs/sources' subdirectory of the bundles
themselves.
- 10. hash-bundles.sh: This script generates a 'sha256sums.txt' file in sorted,
- reproducible order.
+ 10. hash-bundles.sh: This script generates a 'sha256sums-unsigned-build.txt'
+ file in sorted, reproducible order.
- 11. check-match.sh: This script checks your 'sha256sums.txt' file against
- any signed, published builds.
+ 11. check-match.sh: This script checks your 'sha256sums-unsigned-build.txt'
+ file against any signed, published builds.
- 12. upload-signature.sh: This script signs and uploads your 'sha256sums.txt'
- file (for use if you are an official builder).
+ 12. upload-signature.sh: This script signs and uploads your
+ 'sha256sums-unsigned-build.txt' file (for use if you are an official
+ builder).
13. signmars.sh: This script generates the signatures on the update (.mar)
files. It expects an nssdb directory, containing the key, in the same
directory (i.e. tor-browser-bundle/gitian where it is located, too) and
diff --git a/gitian/check-match.sh b/gitian/check-match.sh
index 71a57f2..e264ef3 100755
--- a/gitian/check-match.sh
+++ b/gitian/check-match.sh
@@ -37,24 +37,24 @@ do
mkdir -p $TORBROWSER_BUILDDIR/$u
cd $TORBROWSER_BUILDDIR/$u
- wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums.txt || continue
- wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums.txt.asc || continue
+ wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums-unsigned-build.txt || continue
+ wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums-unsigned-build.txt.asc || continue
keyring="../../gpg/$u.gpg"
# XXX: Remove this dir
gpghome=$(mktemp -d)
GNUPGHOME="$gpghome" gpg --import "$keyring"
- GNUPGHOME="$gpghome" gpg sha256sums.txt.asc || exit 1
+ GNUPGHOME="$gpghome" gpg sha256sums-unsigned-build.txt.asc || exit 1
- diff -u ../sha256sums.txt sha256sums.txt || exit 1
+ diff -u ../sha256sums-unsigned-build.txt sha256sums-unsigned-build.txt || exit 1
VALID="$u $VALID"
done
cd ../..
# XXX: We should refactor this code into a shared function
-if [ -f $TORBROWSER_BUILDDIR/sha256sums.incrementals.txt ]
+if [ -f $TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt ]
then
for u in $USERS
do
@@ -64,17 +64,17 @@ then
mkdir -p $TORBROWSER_BUILDDIR/$u
cd $TORBROWSER_BUILDDIR/$u
- wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums.incrementals.txt || continue
- wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums.incrementals.txt.asc || continue
+ wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt || continue
+ wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt.asc || continue
keyring="../../gpg/$u.gpg"
# XXX: Remove this dir
gpghome=$(mktemp -d)
GNUPGHOME="$gpghome" gpg --import "$keyring"
- GNUPGHOME="$gpghome" gpg sha256sums.incrementals.txt.asc || exit 1
+ GNUPGHOME="$gpghome" gpg sha256sums-unsigned-build.incrementals.txt.asc || exit 1
- diff -u ../sha256sums.incrementals.txt sha256sums.incrementals.txt || exit 1
+ diff -u ../sha256sums-unsigned-build.incrementals.txt sha256sums-unsigned-build.incrementals.txt || exit 1
VALID_incrementals="$u $VALID_incrementals"
done
@@ -91,7 +91,7 @@ else
echo "Matching bundles exist from the following users: $VALID"
fi
-if [ -f $TORBROWSER_BUILDDIR/sha256sums.incrementals.txt ]
+if [ -f $TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt ]
then
if [ -z "$VALID_incrementals" ]
then
diff --git a/gitian/hash-bundles.sh b/gitian/hash-bundles.sh
index fe04699..006ed0b 100755
--- a/gitian/hash-bundles.sh
+++ b/gitian/hash-bundles.sh
@@ -19,11 +19,11 @@ eval $(./get-tb-version $TORBROWSER_VERSION_TYPE)
export LC_ALL=C
cd $TORBROWSER_BUILDDIR
-rm -f sha256sums.txt sha256sums.incrementals.txt
-sha256sum `ls -1 | grep -v '\.incremental\.mar$' | sort` > sha256sums.txt
+rm -f sha256sums-unsigned-build.txt sha256sums-unsigned-build.incrementals.txt
+sha256sum `ls -1 | grep -v '\.incremental\.mar$' | sort` > sha256sums-unsigned-build.txt
if ls -1 | grep -q '\.incremental\.mar$'
then
- sha256sum `ls -1 | grep '\.incremental\.mar$' | sort` > sha256sums.incrementals.txt
+ sha256sum `ls -1 | grep '\.incremental\.mar$' | sort` > sha256sums-unsigned-build.incrementals.txt
echo
echo "If this is an official build, you should now sign your result with: "
echo " make sign"
@@ -42,4 +42,11 @@ else
echo " make incrementals && make hash"
fi
+cat > .htaccess <<EOF
+RewriteEngine On
+RewriteRule ^sha256sums.txt$ sha256sums-unsigned-build.txt
+RewriteRule ^sha256sums.txt.asc$ sha256sums-unsigned-build.txt.asc
+RewriteRule ^sha256sums.incrementals.txt$ sha256sums-unsigned-build.incrementals.txt
+RewriteRule ^sha256sums.incrementals.txt.asc$ sha256sums-unsigned-build.incrementals.txt.asc
+EOF
diff --git a/gitian/upload-signature.sh b/gitian/upload-signature.sh
index c403cd5..41a01f6 100755
--- a/gitian/upload-signature.sh
+++ b/gitian/upload-signature.sh
@@ -23,20 +23,20 @@ fi
. $VERSIONS_FILE
eval $(./get-tb-version $TORBROWSER_VERSION_TYPE)
-if [ ! -f $TORBROWSER_BUILDDIR/sha256sums.txt.asc ];
+if [ ! -f $TORBROWSER_BUILDDIR/sha256sums-unsigned-build.txt.asc ];
then
- pushd $TORBROWSER_BUILDDIR && gpg -abs sha256sums.txt
+ pushd $TORBROWSER_BUILDDIR && gpg -abs sha256sums-unsigned-build.txt
popd
fi
-if [ -f $TORBROWSER_BUILDDIR/sha256sums.incrementals.txt ] \
- && [ ! -f $TORBROWSER_BUILDDIR/sha256sums.incrementals.txt.asc ]
+if [ -f $TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt ] \
+ && [ ! -f $TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt.asc ]
then
- pushd $TORBROWSER_BUILDDIR && gpg -abs sha256sums.incrementals.txt
+ pushd $TORBROWSER_BUILDDIR && gpg -abs sha256sums-unsigned-build.incrementals.txt
popd
fi
ssh $HOST "mkdir -p $BASE_DIR/$TORBROWSER_BUILDDIR"
-scp $TORBROWSER_BUILDDIR/sha256sums*.txt* $HOST:$BASE_DIR/$TORBROWSER_BUILDDIR/
+scp $TORBROWSER_BUILDDIR/.htaccess $TORBROWSER_BUILDDIR/sha256sums-unsigned-build*.txt* $HOST:$BASE_DIR/$TORBROWSER_BUILDDIR/
ssh $HOST "chmod 755 $BASE_DIR/$TORBROWSER_BUILDDIR && chmod 644 $BASE_DIR/$TORBROWSER_BUILDDIR/*"
diff --git a/tools/authenticode_check.sh b/tools/authenticode_check.sh
index 646fdce..32b1f92 100755
--- a/tools/authenticode_check.sh
+++ b/tools/authenticode_check.sh
@@ -32,7 +32,7 @@
# Usage:
# 1) Let OSSLSIGNCODE point to your osslsigncode binary
-# 2) Change into the directory containing the .exe files and the sha256sums.txt
+# 2) Change into the directory containing the .exe files and the sha256sums-unsigned-build.txt
# 3) Run /path/to/authenticode_check.sh
if [ -z "$OSSLSIGNCODE" ]
@@ -47,7 +47,7 @@ BADSIGNED_BUNDLES=0
mkdir tmp
for f in `ls *.exe`; do
- SHA256_TXT=`grep "$f" sha256sums.txt`
+ SHA256_TXT=`grep "$f" sha256sums-unsigned-build.txt`
# Test 1: Is the .exe file still unsigned? I.e. does its SHA 256 sum still
# match the one we had before we signed the .exe file? If so, notify us
diff --git a/tools/update-responses/update_responses b/tools/update-responses/update_responses
index 07efc7c..d238d3a 100755
--- a/tools/update-responses/update_responses
+++ b/tools/update-responses/update_responses
@@ -415,20 +415,22 @@ sub download_version {
my $destdir = "$releases_dir/$version";
my $urldir = "$config->{download}{archive_url}/$version";
print "Downloading version $version\n";
- foreach my $file (qw(sha256sums.txt sha256sums.txt.asc)) {
+ foreach my $file (qw(sha256sums-unsigned-build.txt sha256sums-unsigned-build.txt.asc)) {
if (getstore("$urldir/$file", "$tmpdir/$file") != 200) {
exit_error "Error downloading $urldir/$file";
}
}
if (system('gpg', '--no-default-keyring', '--keyring',
$config->{download}{gpg_keyring}, '--verify',
- "$tmpdir/sha256sums.txt.asc", "$tmpdir/sha256sums.txt")) {
+ "$tmpdir/sha256sums-unsigned-build.txt.asc",
+ "$tmpdir/sha256sums-unsigned-build.txt")) {
exit_error "Error checking gpg signature for version $version";
}
mkdir $destdir;
- move "$tmpdir/sha256sums.txt.asc", "$destdir/sha256sums.txt.asc";
- move "$tmpdir/sha256sums.txt", "$destdir/sha256sums.txt";
- my %sums = map { chomp; reverse split ' ', $_ } read_file "$destdir/sha256sums.txt";
+ move "$tmpdir/sha256sums-unsigned-build.txt.asc", "$destdir/sha256sums-unsigned-build.txt.asc";
+ move "$tmpdir/sha256sums-unsigned-build.txt", "$destdir/sha256sums-unsigned-build.txt";
+ my %sums = map { chomp; reverse split ' ', $_ }
+ read_file "$destdir/sha256sums-unsigned-build.txt";
foreach my $file (sort grep { $_ =~ m/\.mar$/ } keys %sums) {
print "Downloading $file\n";
exit_error "Error downloading $urldir/$file\n"
More information about the tbb-commits
mailing list