[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #26045 [Applications/Tor Browser]: Create a new MAR signing key for ESR60



#26045: Create a new MAR signing key for ESR60
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:
                                                 |  reopened
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  GeorgKoppen201806,                   |  Actual Points:
  TorBrowserTeam201806                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 It seems mcs and brade found the problem: when building the nightly not
 the nightly certificates are included into the build but `dep1.der` and
 dep2.der`. The code responsible for that is
 {{{
 if CONFIG['MOZ_UPDATE_CHANNEL'] in ('alpha', 'beta', 'release', 'esr'):
     primary_cert.inputs += ['release_primary.der']
     secondary_cert.inputs += ['release_secondary.der']
 elif CONFIG['MOZ_UPDATE_CHANNEL'] in ('nightly', 'aurora', 'nightly-elm',
                                       'nightly-profiling', 'nightly-oak',
                                       'nightly-ux'):
     primary_cert.inputs += ['nightly_aurora_level3_primary.der']
     secondary_cert.inputs += ['nightly_aurora_level3_secondary.der']
 else:
     primary_cert.inputs += ['dep1.der']
     secondary_cert.inputs += ['dep2.der']
 }}}
 and we set the update channel to `default` for nightlies (see the `tor-
 browser-build` repo projects/firefox/config). After copying the new certs
 over `dep1.der` and `dep2.der` scenario 3c) and 3d) in comment:6 behave as
 epxected: in the former nothing happens after the successful signature
 verification and in the latter the update works. Thus, we are good with
 the new key.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26045#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs