[tor-commits] [Git][tpo/applications/tor-browser-build][main] Bug 41037: Set time on signing machine before starting signing
richard (@richard)
git at gitlab.torproject.org
Thu Jan 18 10:32:34 UTC 2024
richard pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
de4e1feb by Nicolas Vigier at 2024-01-18T09:50:25+01:00
Bug 41037: Set time on signing machine before starting signing
After a reboot, the time on our signing machine is incorrect. To avoid
signing a release with incorrect timestamps, we set the time on the
signing machine at the beginning of the signing process.
- - - - -
3 changed files:
- tools/signing/do-all-signing
- tools/signing/machines-setup/setup-signing-machine
- + tools/signing/machines-setup/sudoers.d/set-date
Changes:
=====================================
tools/signing/do-all-signing
=====================================
@@ -29,6 +29,11 @@ test -f "$steps_dir/linux-signer-gpg-sign.done" ||
read -sp "Enter gpg passphrase: " GPG_PASS
echo
+function set-time-on-signing-machine {
+ local current_time=$(date -u)
+ ssh "$ssh_host_linux_signer" sudo /usr/bin/date -s "'$current_time'"
+}
+
function wait-for-finished-build {
"$script_dir/wait-for-finished-build"
}
@@ -171,6 +176,7 @@ function do_step {
export SIGNING_PROJECTNAME
+do_step set-time-on-signing-machine
do_step wait-for-finished-build
do_step sync-builder-unsigned-to-local-signed
do_step sync-scripts-to-linux-signer
=====================================
tools/signing/machines-setup/setup-signing-machine
=====================================
@@ -91,6 +91,7 @@ sudoers_file sign-mar
sudoers_file sign-exe
sudoers_file sign-apk
sudoers_file sign-rcodesign
+sudoers_file set-date
authorized_keys boklm boklm-tb-release.pub boklm-yk1.pub
create_user richard signing
=====================================
tools/signing/machines-setup/sudoers.d/set-date
=====================================
@@ -0,0 +1 @@
+%signing ALL = NOPASSWD: /usr/bin/date -s *
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/de4e1feba72e8357c9f40ec3c555aa0dce5e0df2
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/de4e1feba72e8357c9f40ec3c555aa0dce5e0df2
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20240118/531331c2/attachment-0001.htm>
More information about the tor-commits
mailing list