#26045: Create a new MAR signing key for ESR60 -------------------------------------------------+------------------------- Reporter: gk | Owner: tbb- | team Type: task | Status: | reopened Priority: Very High | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: GeorgKoppen201806, | Actual Points: TorBrowserTeam201806 | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by gk): It seems mcs and brade found the problem: when building the nightly not the nightly certificates are included into the build but `dep1.der` and dep2.der`. The code responsible for that is {{{ if CONFIG['MOZ_UPDATE_CHANNEL'] in ('alpha', 'beta', 'release', 'esr'): primary_cert.inputs += ['release_primary.der'] secondary_cert.inputs += ['release_secondary.der'] elif CONFIG['MOZ_UPDATE_CHANNEL'] in ('nightly', 'aurora', 'nightly-elm', 'nightly-profiling', 'nightly-oak', 'nightly-ux'): primary_cert.inputs += ['nightly_aurora_level3_primary.der'] secondary_cert.inputs += ['nightly_aurora_level3_secondary.der'] else: primary_cert.inputs += ['dep1.der'] secondary_cert.inputs += ['dep2.der'] }}} and we set the update channel to `default` for nightlies (see the `tor- browser-build` repo projects/firefox/config). After copying the new certs over `dep1.der` and `dep2.der` scenario 3c) and 3d) in comment:6 behave as epxected: in the former nothing happens after the successful signature verification and in the latter the update works. Thus, we are good with the new key. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26045#comment:14> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs