[tbb-commits] [Git][tpo/applications/tor-browser-build][maint-13.0] Bug 41031: Add make targets to unsign and compare mar files

richard (@richard) git at gitlab.torproject.org
Thu Nov 30 13:58:36 UTC 2023 


richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build


Commits:
ae9e3999 by Nicolas Vigier at 2023-11-30T13:58:17+00:00
Bug 41031: Add make targets to unsign and compare mar files

- - - - -


4 changed files:

- Makefile
- doc/MAKEFILE.txt
- + projects/release/compare_mar_signed_unsigned
- projects/release/config


Changes:

=====================================
Makefile
=====================================
@@ -239,6 +239,12 @@ torbrowser-compare-windows-signed-unsigned-release: submodule-update
 torbrowser-compare-windows-signed-unsigned-alpha: submodule-update
 	$(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target torbrowser
 
+torbrowser-compare-mar-signed-unsigned-release: submodule-update
+	$(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target torbrowser
+
+torbrowser-compare-mar-signed-unsigned-alpha: submodule-update
+	$(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target torbrowser
+
 
 ########################
 # Base Browser Targets #
@@ -577,6 +583,12 @@ mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update
 mullvadbrowser-compare-windows-signed-unsigned-alpha: submodule-update
 	$(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target mullvadbrowser
 
+mullvadbrowser-compare-mar-signed-unsigned-release: submodule-update
+	$(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target mullvadbrowser
+
+mullvadbrowser-compare-mar-signed-unsigned-alpha: submodule-update
+	$(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target mullvadbrowser
+
 
 ############################
 # Toolchain Update Targets #


=====================================
doc/MAKEFILE.txt
=====================================
@@ -141,3 +141,8 @@ torbrowser-compare-windows-signed-unsigned-{release,alpha}
 Unsign exe files from directory torbrowser/{release,alpha}/signed/$version
 and compare them with the checksum from sha256sums-unsigned-build.txt.
 
+torbrowser-compare-mar-signed-unsigned-{release,alpha}
+----------------------------------------------------------
+Unsign mar files from directory torbrowser/{release,alpha}/signed/$version
+and compare them with the checksum from sha256sums-unsigned-build.txt.
+


=====================================
projects/release/compare_mar_signed_unsigned
=====================================
@@ -0,0 +1,44 @@
+#!/bin/bash
+[% c("var/set_default_env") -%]
+[% IF c("var/nightly") -%]
+  build_dir=[% shell_quote(path(dest_dir)) %]/[%  c("version") %]
+[% ELSE -%]
+  build_dir=[% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version") %]
+[% END -%]
+
+if ! test -d "$build_dir"
+then
+  echo "Error: Directory $build_dir does not exist" 1>&2
+  echo "You can download it with this command:" 1>&2
+  echo " ./tools/download-[% c("var/projectname") %] [% c("var/torbrowser_version") %]" 1>&2
+  exit 1
+fi
+
+sha256sums_files=sha256sums-unsigned-build.txt
+cd "$build_dir"
+test -f sha256sums-unsigned-build.incrementals.txt \
+  && sha256sums_files="$sha256sums_files sha256sums-unsigned-build.incrementals.txt"
+cp -a -- $(ls -1 *.mar | grep -v -- -macos-) $sha256sums_files "$rootdir/"
+cd "$rootdir"
+
+unzip -q "$rootdir/[% c('input_files_by_name/mar-tools') %]"
+export PATH="$rootdir/mar-tools:$PATH"
+export LD_LIBRARY_PATH="$rootdir/mar-tools"
+
+for file in *.mar
+do
+  signmar -r "$file" "unsigned-$file"
+  mv -f "unsigned-$file" "$file"
+  echo "Unsigned $file"
+done
+
+grep -h -- '\.mar$' $sha256sums_files | grep -v -- -macos- | sha256sum -c
+
+cat << 'EOF'
+macOS mar files have been skipped as we don't yet have a good solution
+to remove code signing from those files.
+See https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40988
+
+Windows and Linux unsigned mar files are matching with
+sha256sums-unsigned-build.txt.
+EOF


=====================================
projects/release/config
=====================================
@@ -271,3 +271,11 @@ steps:
         name: osslsigncode
         pkg_type: build
     compare_windows_signed_unsigned_exe: '[% INCLUDE compare_windows_signed_unsigned_exe %]'
+  compare_mar_signed_unsigned:
+    build_log: '-'
+    debug: 0
+    input_files:
+      - project: mar-tools
+        name: mar-tools
+        pkg_type: fetch_martools
+    compare_mar_signed_unsigned: '[% INCLUDE compare_mar_signed_unsigned %]'



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/ae9e39996de272586147fc381320973d4932f928

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/ae9e39996de272586147fc381320973d4932f928
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20231130/f42c99e5/attachment-0001.htm>

More information about the tbb-commits mailing list