richard pushed to branch main at The Tor Project / Applications /
tor-browser-build
Commits:
0a782e66 by Nicolas Vigier at 2023-07-13T11:09:15+02:00
Bug 40898: Add doc from tor-browser-spec/processes/ReleaseProcess to gitlab
issue templates
- - - - -
2 changed files:
- .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
- .gitlab/issue_templates/Release Prep - Tor Browser Stable.md
Changes:
=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
=====================================
@@ -169,6 +169,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
### signing
- **NOTE** : In practice, it's most efficient to have the blog post and
website updates ready to merge, since signing doesn't take very long
- [ ] On `$(STAGING_SERVER)`, ensure updated:
+ - [ ] `tor-browser-build` is on the right commit: `git tag -v
tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N) && git checkout
tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N)`
- [ ] `tor-browser-build/tools/signing/set-config.hosts`
- `ssh_host_builder` : ssh hostname of machine with unsigned builds
- **NOTE** : `tor-browser-build` is expected to be in the `$HOME`
directory)
@@ -215,6 +216,35 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
</details>
+<details>
+ <summary>Signature verification</summary>
+
+ <details>
+ <summary>Check whether the .exe files got properly signed and
timestamped</summary>
+ ```
+ # Point OSSLSIGNCODE to your osslsigncode binary
+ pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
+ OSSLSIGNCODE=/path/to/osslsigncode
+ ../../../tools/authenticode_check.sh
+ popd
+ ```
+ </details>
+ <details>
+ <summary>Check whether the MAR files got properly signed</summary>
+ ```
+ # Point NSSDB to your nssdb containing the mar signing certificate
+ # Point SIGNMAR to your signmar binary
+ # Point LD_LIBRARY_PATH to your mar-tools directory
+ pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
+ NSSDB=/path/to/nssdb
+ SIGNMAR=/path/to/mar-tools/signmar
+ LD_LIBRARY_PATH=/path/to/mar-tools/
+ ../../../tools/marsigning_check.sh
+ popd
+ ```
+ </details>
+</details>
+
<details>
<summary>Publishing</summary>
@@ -233,6 +263,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
### blog: https://gitlab.torproject.org/tpo/web/blog.git
- [ ] Duplicate previous Stable or Alpha release blog post as appropriate to
new directory under
`content/blog/new-release-tor-browser-$(TOR_BROWSER_VERSION)` and update with
info on release :
+ - [ ] Run `tools/signing/create-blog-post` which should create the new
blog post from a template (edit set-config.blog to set you local blog directory)
- [ ] Update Tor Browser version numbers
- [ ] Note any ESR rebase
- [ ] Link to any Firefox security updates from ESR upgrade
=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Stable.md
=====================================
@@ -166,6 +166,7 @@ Tor Browser Stable lives in the various
`maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
### signing
- **NOTE** : In practice, it's most efficient to have the blog post and
website updates ready to merge, since signing doesn't take very long
- [ ] On `$(STAGING_SERVER)`, ensure updated:
+ - [ ] `tor-browser-build` is on the right commit: `git tag -v
tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N) && git checkout
tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N)`
- [ ] `tor-browser-build/tools/signing/set-config.hosts`
- `ssh_host_builder` : ssh hostname of machine with unsigned builds
- **NOTE** : `tor-browser-build` is expected to be in the `$HOME`
directory)
@@ -212,6 +213,35 @@ Tor Browser Stable lives in the various
`maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
</details>
+<details>
+ <summary>Signature verification</summary>
+
+ <details>
+ <summary>Check whether the .exe files got properly signed and
timestamped</summary>
+ ```
+ # Point OSSLSIGNCODE to your osslsigncode binary
+ pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
+ OSSLSIGNCODE=/path/to/osslsigncode
+ ../../../tools/authenticode_check.sh
+ popd
+ ```
+ </details>
+ <details>
+ <summary>Check whether the MAR files got properly signed</summary>
+ ```
+ # Point NSSDB to your nssdb containing the mar signing certificate
+ # Point SIGNMAR to your signmar binary
+ # Point LD_LIBRARY_PATH to your mar-tools directory
+ pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
+ NSSDB=/path/to/nssdb
+ SIGNMAR=/path/to/mar-tools/signmar
+ LD_LIBRARY_PATH=/path/to/mar-tools/
+ ../../../tools/marsigning_check.sh
+ popd
+ ```
+ </details>
+</details>
+
<details>
<summary>Publishing</summary>
@@ -230,6 +260,7 @@ Tor Browser Stable lives in the various
`maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
### blog: https://gitlab.torproject.org/tpo/web/blog.git
- [ ] Duplicate previous Stable or Alpha release blog post as appropriate to
new directory under
`content/blog/new-release-tor-browser-$(TOR_BROWSER_VERSION)` and update with
info on release :
+ - [ ] Run `tools/signing/create-blog-post` which should create the new
blog post from a template (edit set-config.blog to set you local blog directory)
- [ ] Update Tor Browser version numbers
- [ ] Note any ESR rebase
- [ ] Link to any Firefox security updates from ESR upgrade
View it on GitLab:
https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0a782e66ac8ffa1e9523db9d426a60c1e875459e
--
View it on GitLab:
https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0a782e66ac8ffa1e9523db9d426a60c1e875459e
You're receiving this email because of your account on gitlab.torproject.org.
_______________________________________________
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
