[tbb-commits] [Git][tpo/applications/tor-browser-build][main] Bug 40898: Add doc from tor-browser-spec/processes/ReleaseProcess to gitlab issue templates
richard (@richard)
git at gitlab.torproject.org
Thu Jul 13 20:26:32 UTC 2023
richard pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
0a782e66 by Nicolas Vigier at 2023-07-13T11:09:15+02:00
Bug 40898: Add doc from tor-browser-spec/processes/ReleaseProcess to gitlab issue templates
- - - - -
2 changed files:
- .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
- .gitlab/issue_templates/Release Prep - Tor Browser Stable.md
Changes:
=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
=====================================
@@ -169,6 +169,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
### signing
- **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long
- [ ] On `$(STAGING_SERVER)`, ensure updated:
+ - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N) && git checkout tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N)`
- [ ] `tor-browser-build/tools/signing/set-config.hosts`
- `ssh_host_builder` : ssh hostname of machine with unsigned builds
- **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
@@ -215,6 +216,35 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
</details>
+<details>
+ <summary>Signature verification</summary>
+
+ <details>
+ <summary>Check whether the .exe files got properly signed and timestamped</summary>
+ ```
+ # Point OSSLSIGNCODE to your osslsigncode binary
+ pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
+ OSSLSIGNCODE=/path/to/osslsigncode
+ ../../../tools/authenticode_check.sh
+ popd
+ ```
+ </details>
+ <details>
+ <summary>Check whether the MAR files got properly signed</summary>
+ ```
+ # Point NSSDB to your nssdb containing the mar signing certificate
+ # Point SIGNMAR to your signmar binary
+ # Point LD_LIBRARY_PATH to your mar-tools directory
+ pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
+ NSSDB=/path/to/nssdb
+ SIGNMAR=/path/to/mar-tools/signmar
+ LD_LIBRARY_PATH=/path/to/mar-tools/
+ ../../../tools/marsigning_check.sh
+ popd
+ ```
+ </details>
+</details>
+
<details>
<summary>Publishing</summary>
@@ -233,6 +263,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
### blog: https://gitlab.torproject.org/tpo/web/blog.git
- [ ] Duplicate previous Stable or Alpha release blog post as appropriate to new directory under `content/blog/new-release-tor-browser-$(TOR_BROWSER_VERSION)` and update with info on release :
+ - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory)
- [ ] Update Tor Browser version numbers
- [ ] Note any ESR rebase
- [ ] Link to any Firefox security updates from ESR upgrade
=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Stable.md
=====================================
@@ -166,6 +166,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
### signing
- **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long
- [ ] On `$(STAGING_SERVER)`, ensure updated:
+ - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N) && git checkout tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N)`
- [ ] `tor-browser-build/tools/signing/set-config.hosts`
- `ssh_host_builder` : ssh hostname of machine with unsigned builds
- **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
@@ -212,6 +213,35 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
</details>
+<details>
+ <summary>Signature verification</summary>
+
+ <details>
+ <summary>Check whether the .exe files got properly signed and timestamped</summary>
+ ```
+ # Point OSSLSIGNCODE to your osslsigncode binary
+ pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
+ OSSLSIGNCODE=/path/to/osslsigncode
+ ../../../tools/authenticode_check.sh
+ popd
+ ```
+ </details>
+ <details>
+ <summary>Check whether the MAR files got properly signed</summary>
+ ```
+ # Point NSSDB to your nssdb containing the mar signing certificate
+ # Point SIGNMAR to your signmar binary
+ # Point LD_LIBRARY_PATH to your mar-tools directory
+ pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
+ NSSDB=/path/to/nssdb
+ SIGNMAR=/path/to/mar-tools/signmar
+ LD_LIBRARY_PATH=/path/to/mar-tools/
+ ../../../tools/marsigning_check.sh
+ popd
+ ```
+ </details>
+</details>
+
<details>
<summary>Publishing</summary>
@@ -230,6 +260,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
### blog: https://gitlab.torproject.org/tpo/web/blog.git
- [ ] Duplicate previous Stable or Alpha release blog post as appropriate to new directory under `content/blog/new-release-tor-browser-$(TOR_BROWSER_VERSION)` and update with info on release :
+ - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory)
- [ ] Update Tor Browser version numbers
- [ ] Note any ESR rebase
- [ ] Link to any Firefox security updates from ESR upgrade
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0a782e66ac8ffa1e9523db9d426a60c1e875459e
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0a782e66ac8ffa1e9523db9d426a60c1e875459e
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20230713/13363a09/attachment-0001.htm>
More information about the tbb-commits
mailing list