[tor-bugs] #18925 [Webpages/Website]: Add instructions for removing the code signing parts of OS X bundles and MAR files
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Aug 30 03:40:51 UTC 2018
#18925: Add instructions for removing the code signing parts of OS X bundles and
MAR files
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: enhancement | Status:
| needs_information
Priority: Medium | Milestone:
Component: Webpages/Website | Version:
Severity: Normal | Resolution:
Keywords: website-content, GeorgKoppen201806, | Actual Points:
TorBrowserTeam201806 |
Parent ID: #17413 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by traumschule):
I cannot test it right now, but i used
[http://blog.smalleycreative.com/administration/automating-osx-part-one/
this guide] some time ago for testing an ansible role with travis. Here's
my draft:
{{{
set -e
# Tests the checksum of our generated mar files on macOS
# settings
tbbversion=8.0a10
lang=en-US
distdomain=https://dist.torproject.org
#distdomain=http://rqef5a5mebgq46y5
dmgurl="$domain/torbrowser/$tbbversion/TorBrowser-$tbbversion-
osx64_$lang.dmg"
martoolsurl="http://rqef5a5mebgq46y5.onion/torbrowser/$tbbversion/mar-
tools-mac64.zip"
sumsurl=$domain/torbrowser/$tbbversion/sha256sums-signed-build.txt
cache="$(pwd)/cache" # Assuming this is run by a CI and it supports it,
cache be mounted before.
dmgfile="$cache/$(basename $dmgurl)"
mountpath="/Volumes/$dmgfile" # TODO may differ
signedmarfile="signed-mar-file.mar"
unsignedmarfile="tor-browser-osx64-$tbbversion_$lang.mar"
# preparation
[ -n "$cache" ] && [ -d "$cache" ] || mkdir "$cache"
cd $cache
wget $martoolsurl
wget $dmgurl
wget $sumsurl
wget $sumsurl.asc
sumfile="$cache/$(basename $sumsurl)"
gpg --recv 0x4E2C6E8793298290
if [ ! $(gpg --verify $sumfile.asc|grep "Good signature"|wc -l) -gt 0 ]
then echo "Signature verification failed: $sumfile"; exit 1; fi
martoolszip="$(basename $martoolsurl)"
[ -n "martoolszip" ] || exit 1
[ -f "martoolszip" ] || exit 1
unzip "$martoolszip" # should extract to mar-tools
[ -f mar-tools/marsign ] || exit 1
marpath="$cache/mar-tools"
hdiutil mount -nobrowse $cache/$dmgfile
cd $mountpath
export LD_LIBRARY_PATH=$marpath
$marpath/marsign -r $signedmarfile $unsignedmarfile
if [ "$(sha256sum $unsignedmarfile)" -ne "$(grep $unsignedmarfile
$sumfile)" ]
then echo "sha256sum does not match: $unsignedmarfile"; exit 1; fi
}}}
Would that work?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18925#comment:60>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list