[tbb-commits] [Git][tpo/applications/tor-browser-build][main] 4 commits: Bug 40836: Deploy mullvad-browser installer bins to dist.torproject.org
richard (@richard)
git at gitlab.torproject.org
Thu Jun 15 23:44:21 UTC 2023
richard pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
dccd3115 by Nicolas Vigier at 2023-06-15T23:41:38+00:00
Bug 40836: Deploy mullvad-browser installer bins to dist.torproject.org
- - - - -
176e8382 by Nicolas Vigier at 2023-06-15T23:41:38+00:00
Bug 40851: in do-all-signing, don't ask android password for mullvadbrowser
- - - - -
95291992 by Nicolas Vigier at 2023-06-15T23:41:38+00:00
Bug 40881: Ask for the correct nssdb password when signing mullvadbrowser
- - - - -
1472747b by Nicolas Vigier at 2023-06-15T23:41:38+00:00
Bug 40882: Fix static-update-component command is issue_templates
- - - - -
6 changed files:
- .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md
- .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
- .gitlab/issue_templates/Release Prep - Tor Browser Stable.md
- tools/signing/do-all-signing
- tools/signing/staticiforme-prepare-cdn-dist-upload
- tools/signing/sync-local-to-staticiforme
Changes:
=====================================
.gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md
=====================================
@@ -88,12 +88,16 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run the macOS proxy script:
- `cd tor-browser-build/tools/signing/`
- `./macos-signer-proxy`
-- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure mullvad daemon is running with SOCKS5 proxy on the default port 9050
-- [ ] apk signing : copy signed `*multi.apk` files to the unsigned build outputs direcmullvady
+- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
- [ ] run do-all-signing script:
- `cd tor-browser-build/tools/signing/`
- `./do-all-signing.sh`
-- **NOTE**: at this point the signed binaries should be in `tor-browser-build/mullvadbrowser/release/signed/$(MULLVAD_BROWSER_VERSION)`
+- **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
+- [ ] Update `staticiforme.torproject.org`:
+ - From `screen` session on `staticiforme.torproject.org`:
+ - [ ] Static update components : `static-update-component dist.torproject.org`
+ - [ ] Remove old release data from `/srv/dist-master.torproject.org/htdocs/mullvadbrowser`
+ - [ ] Static update components (again) : `static-update-component dist.torproject.org`
</details>
=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
=====================================
@@ -185,7 +185,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
- **NOTE** : Skip this step if the current release is Android or Desktop *only*
- [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
- [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
- - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component
+ - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
- [ ] Publish APKs to Google Play:
- Log into https://play.google.com/apps/publish
- Select `Tor Browser (Alpha)` app
=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Stable.md
=====================================
@@ -190,7 +190,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
- **NOTE** : Skip this step if the current release is Android or Desktop *only*
- [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
- [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
-- [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component
+- [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
- [ ] Publish APKs to Google Play:
- Log into https://play.google.com/apps/publish
- Select `Tor Browser` app
=====================================
tools/signing/do-all-signing
=====================================
@@ -14,12 +14,17 @@ echo
test -f "$steps_dir/macos-signer-notarization.done" ||
read -sp "Enter macos notarization passphrase: " NOTARIZATION_PW
echo
+is_project torbrowser && nssdb=torbrowser-nssdb7
+is_project mullvadbrowser && nssdb=mullvadbrowser-nssdb-1
test -f "$steps_dir/linux-signer-signmars.done" ||
- read -sp "Enter nssdb7 (mar signing) passphrase: " NSSPASS
-echo
-test -f "$steps_dir/linux-signer-sign-android-apks.done" ||
- read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS
+ read -sp "Enter $nssdb (mar signing) passphrase: " NSSPASS
echo
+
+if is_project torbrowser; then
+ test -f "$steps_dir/linux-signer-sign-android-apks.done" ||
+ read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS
+ echo
+fi
test -f "$steps_dir/linux-signer-authenticode-signing.done" ||
read -sp "Enter windows authenticode passphrase: " YUBIPASS
echo
@@ -227,12 +232,9 @@ do_step sync-after-hash
do_step linux-signer-gpg-sign
do_step sync-after-gpg-sign
do_step download-unsigned-sha256sums-gpg-signatures-from-people-tpo
-is_project torbrowser && \
- do_step sync-local-to-staticiforme
-is_project torbrowser && \
- do_step sync-scripts-to-staticiforme
-is_project torbrowser && \
- do_step staticiforme-prepare-cdn-dist-upload
+do_step sync-local-to-staticiforme
+do_step sync-scripts-to-staticiforme
+do_step staticiforme-prepare-cdn-dist-upload
do_step upload-update_responses-to-staticiforme
do_step finished-signing-clean-macos-signer
do_step finished-signing-clean-linux-signer
=====================================
tools/signing/staticiforme-prepare-cdn-dist-upload
=====================================
@@ -16,21 +16,29 @@ chmod 775 "$dist_dir"
chmod 664 "$dist_dir"/*
chmod 664 "$dist_dir/.htaccess"
-cdn_dir="/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser/$tbb_version"
-if test -d "$cdn_dir"
-then
- echo "Error: $cdn_dir already exists" >&2
- exit 1
+if is_project torbrowser; then
+ cdn_dir="/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser/$tbb_version"
+ if test -d "$cdn_dir"
+ then
+ echo "Error: $cdn_dir already exists" >&2
+ exit 1
+ fi
+ mkdir "$cdn_dir"
+ chgrp tb-release "$cdn_dir"
+ chmod 775 "$cdn_dir"
+ cd "$cdn_dir"
+ for marfile in "$dist_dir"/*.mar; do
+ ln -f "$marfile" .
+ done
+
+ dest='cdn.tpo and dist.tpo'
+ staticupdatecmd='static-update-component cdn.torproject.org && static-update-component dist.torproject.org'
+else
+ dest='dist.tpo'
+ staticupdatecmd='static-update-component dist.torproject.org'
fi
-mkdir "$cdn_dir"
-chgrp tb-release "$cdn_dir"
-chmod 775 "$cdn_dir"
-cd "$cdn_dir"
-for marfile in "$dist_dir"/*.mar; do
- ln -f "$marfile" .
-done
-echo "$tbb_version is ready to upload to cdn.tpo and dist.tpo"
+echo "$tbb_version is ready to upload to $dest"
echo "You should remove the old version(s) before starting the upload with:"
-echo ' static-update-component cdn.torproject.org && static-update-component dist.torproject.org'
+echo " $staticupdatecmd"
echo '(preferably using screen or tmux)'
=====================================
tools/signing/sync-local-to-staticiforme
=====================================
@@ -3,4 +3,4 @@ set -e
script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
source "$script_dir/functions"
-rsync $rsync_options "$signed_version_dir/" "$ssh_host_staticiforme:/srv/dist-master.torproject.org/htdocs/torbrowser/$tbb_version/"
+rsync $rsync_options "$signed_version_dir/" "$ssh_host_staticiforme:/srv/dist-master.torproject.org/htdocs/$SIGNING_PROJECTNAME/$tbb_version/"
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/0c27c294b994be9ba5376c46eeac81551bf6c02b...1472747b909b2c9b3fe0ff0591aac85c55a460d7
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/0c27c294b994be9ba5376c46eeac81551bf6c02b...1472747b909b2c9b3fe0ff0591aac85c55a460d7
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20230615/80dbf52a/attachment-0001.htm>
More information about the tbb-commits
mailing list