[tor-commits] [Git][tpo/applications/tor-browser-build][main] Bug 41037: Set time on signing machine before starting signing

To: tor-commits@xxxxxxxxxxxxxxxxxxxx

Subject: [tor-commits] [Git][tpo/applications/tor-browser-build][main] Bug 41037: Set time on signing machine before starting signing

From: "richard \(@richard\) via tor-commits" <tor-commits@xxxxxxxxxxxxxxxxxxxx>

Date: Thu, 18 Jan 2024 10:32:34 +0000

Auto-submitted: auto-generated

Cc: "richard \(@richard\)" <git@xxxxxxxxxxxxxxxxxxxxx>

Delivered-to: archiver@xxxxxxxx

Delivery-date: Thu, 18 Jan 2024 05:32:45 -0500

Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.torproject.org; s=2022-eugeni; t=1705573959; bh=E/ppqelRMo/dFp3FqN4nuzpBuaHVGppEO0MIlTie+N0=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=cv5B2OExAEHY9gXNgmx/hM2xd0p4qZ7JkE0ncFIdvoOajpfnhzG7qwuk6n++/9H7k twksUuwniDkNpf/RldSbvFffS0hmG96vE8RD83mwz19m6pfYpjkHINCvYhOcTeLaAy wg9xBv36AiIn6ZfUrzHmd9PCRewMqbPWyvAwwVnPf/tzEeyJrNi36SeMzEHH40DLGn +9/vEigD2WxgFCXBIoS0n0H3gKyJbardO2Rix/OVrN1WjbQcctdoAN93oSEzt5imKE AjODlV4cSqoRuuKHlsQXn7SMdJYpY6TNJvhAKLvTHczLcFWCLLtXINUtkzPaqXlIui 9oiDvtVUl0nMg==

List-archive: <http://lists.torproject.org/pipermail/tor-commits/>

List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>

List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>

List-post: <mailto:tor-commits@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>

Reply-to: noreply@xxxxxxxxxxxxxx

Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

Title: GitLab

richard pushed to branch main at The Tor Project / Applications / tor-browser-build

Commits:

de4e1feb

by Nicolas Vigier at 2024-01-18T09:50:25+01:00

Bug 41037: Set time on signing machine before starting signing

After a reboot, the time on our signing machine is incorrect. To avoid
signing a release with incorrect timestamps, we set the time on the
signing machine at the beginning of the signing process.

3 changed files:

tools/signing/do-all-signing
tools/signing/machines-setup/setup-signing-machine
+ tools/signing/machines-setup/sudoers.d/set-date

Changes:

tools/signing/do-all-signing

@@ -29,6 +29,11 @@ test -f "$steps_dir/linux-signer-gpg-sign.done" ||
    read -sp "Enter gpg passphrase: " GPG_PASS
  echo
 +function set-time-on-signing-machine {
 +  local current_time=$(date -u)
 +  ssh "$ssh_host_linux_signer" sudo /usr/bin/date -s "'$current_time'"
 +}
++
  function wait-for-finished-build {
    "$script_dir/wait-for-finished-build"
+ }
@@ -171,6 +176,7 @@ function do_step {
  export SIGNING_PROJECTNAME
 +do_step set-time-on-signing-machine
  do_step wait-for-finished-build
  do_step sync-builder-unsigned-to-local-signed
  do_step sync-scripts-to-linux-signer

tools/signing/machines-setup/setup-signing-machine

@@ -91,6 +91,7 @@ sudoers_file sign-mar
  sudoers_file sign-exe
  sudoers_file sign-apk
  sudoers_file sign-rcodesign
 +sudoers_file set-date
  authorized_keys boklm boklm-tb-release.pub boklm-yk1.pub
  create_user richard signing

tools/signing/machines-setup/sudoers.d/set-date

+%signing ALL = NOPASSWD: /usr/bin/date -s *

_______________________________________________ tor-commits mailing list tor-commits@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits