[tor-commits] [tor-browser] 35/43: Bug 1745467 - Update signing formats for Windows; r=aki, a=RyanVM
gitolite role
git at cupani.torproject.org
Tue May 31 07:07:18 UTC 2022
This is an automated email from the git hooks/post-receive script.
pierov pushed a commit to branch tor-browser-91.10.0esr-11.0-1
in repository tor-browser.
commit 9312197bce273d55c969b185531e211dd95db89a
Author: Geoff Brown <gbrown at mozilla.com>
AuthorDate: Fri Mar 18 16:16:36 2022 +0000
Bug 1745467 - Update signing formats for Windows; r=aki, a=RyanVM
Change signing formats to use SHA-256 digests in the Windows installer signature.
Differential Revision: https://phabricator.services.mozilla.com/D139752
---
taskcluster/taskgraph/transforms/geckodriver_signing.py | 2 +-
taskcluster/taskgraph/transforms/openh264_signing.py | 2 +-
taskcluster/taskgraph/transforms/repackage_signing.py | 6 +++---
taskcluster/taskgraph/transforms/repackage_signing_partner.py | 4 ++--
taskcluster/taskgraph/util/signed_artifacts.py | 4 ++--
5 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/taskcluster/taskgraph/transforms/geckodriver_signing.py b/taskcluster/taskgraph/transforms/geckodriver_signing.py
index ea75e33703756..ac40feeeab5c8 100644
--- a/taskcluster/taskgraph/transforms/geckodriver_signing.py
+++ b/taskcluster/taskgraph/transforms/geckodriver_signing.py
@@ -108,7 +108,7 @@ def make_signing_description(config, jobs):
def _craft_upstream_artifacts(dep_job, dependency_kind, build_platform):
if build_platform.startswith("win"):
- signing_format = "autograph_authenticode"
+ signing_format = "autograph_authenticode_sha2"
elif build_platform.startswith("linux"):
signing_format = "autograph_gpg"
elif build_platform.startswith("macosx"):
diff --git a/taskcluster/taskgraph/transforms/openh264_signing.py b/taskcluster/taskgraph/transforms/openh264_signing.py
index dcc566883a999..589de73ba5823 100644
--- a/taskcluster/taskgraph/transforms/openh264_signing.py
+++ b/taskcluster/taskgraph/transforms/openh264_signing.py
@@ -69,7 +69,7 @@ def make_signing_description(config, jobs):
if "win" in build_platform:
# job['primary-dependency'].task['payload']['command']
- upstream_artifact["formats"] = ["autograph_authenticode"]
+ upstream_artifact["formats"] = ["autograph_authenticode_sha2"]
elif "mac" in build_platform:
upstream_artifact["formats"] = ["mac_single_file"]
upstream_artifact["singleFileGlobs"] = ["libgmpopenh264.dylib"]
diff --git a/taskcluster/taskgraph/transforms/repackage_signing.py b/taskcluster/taskgraph/transforms/repackage_signing.py
index 6c9fa64d8d265..f007503e07634 100644
--- a/taskcluster/taskgraph/transforms/repackage_signing.py
+++ b/taskcluster/taskgraph/transforms/repackage_signing.py
@@ -27,9 +27,9 @@ repackage_signing_description_schema = schema.extend(
)
SIGNING_FORMATS = {
- "target.installer.exe": ["autograph_authenticode_stub"],
- "target.stub-installer.exe": ["autograph_authenticode_stub"],
- "target.installer.msi": ["autograph_authenticode"],
+ "target.installer.exe": ["autograph_authenticode_sha2_stub"],
+ "target.stub-installer.exe": ["autograph_authenticode_sha2_stub"],
+ "target.installer.msi": ["autograph_authenticode_sha2"],
}
transforms = TransformSequence()
diff --git a/taskcluster/taskgraph/transforms/repackage_signing_partner.py b/taskcluster/taskgraph/transforms/repackage_signing_partner.py
index 7f93216c4ce69..6f1a41f3773ed 100644
--- a/taskcluster/taskgraph/transforms/repackage_signing_partner.py
+++ b/taskcluster/taskgraph/transforms/repackage_signing_partner.py
@@ -79,7 +79,7 @@ def make_repackage_signing_description(config, jobs):
dep_job, "{}/target.installer.exe".format(repack_id)
),
],
- "formats": ["autograph_authenticode", "autograph_gpg"],
+ "formats": ["autograph_authenticode_sha2", "autograph_gpg"],
}
]
@@ -99,7 +99,7 @@ def make_repackage_signing_description(config, jobs):
"{}/target.stub-installer.exe".format(repack_id),
),
],
- "formats": ["autograph_authenticode", "autograph_gpg"],
+ "formats": ["autograph_authenticode_sha2", "autograph_gpg"],
}
)
elif "mac" in build_platform:
diff --git a/taskcluster/taskgraph/util/signed_artifacts.py b/taskcluster/taskgraph/util/signed_artifacts.py
index 0a215e152ee2c..34440b5dfa592 100644
--- a/taskcluster/taskgraph/util/signed_artifacts.py
+++ b/taskcluster/taskgraph/util/signed_artifacts.py
@@ -98,14 +98,14 @@ def generate_specifications_of_artifacts_to_sign(
"artifacts": [
get_artifact_path(job, "{locale}/setup.exe"),
],
- "formats": ["autograph_authenticode"],
+ "formats": ["autograph_authenticode_sha2"],
},
{
"artifacts": [
get_artifact_path(job, "{locale}/target.zip"),
],
"formats": [
- "autograph_authenticode",
+ "autograph_authenticode_sha2",
"autograph_widevine",
"autograph_omnija",
],
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the tor-commits
mailing list