[tor-commits] [Git][tpo/applications/tor-browser-build][main] Bug 40898: Add doc from tor-browser-spec/processes/ReleaseProcess to gitlab issue templates

richard pushed to branch main at The Tor Project / Applications / tor-browser-build

Commits:

0a782e66

by Nicolas Vigier at 2023-07-13T11:09:15+02:00

Bug 40898: Add doc from tor-browser-spec/processes/ReleaseProcess to gitlab issue templates

2 changed files:

.gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
.gitlab/issue_templates/Release Prep - Tor Browser Stable.md

Changes:

.gitlab/issue_templates/Release Prep - Tor Browser Alpha.md

@@ -169,6 +169,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
  ### signing
  - **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long
  - [ ] On `$(STAGING_SERVER)`, ensure updated:
 +  - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N) && git checkout tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N)`
    - [ ]  `tor-browser-build/tools/signing/set-config.hosts`
      - `ssh_host_builder` : ssh hostname of machine with unsigned builds
        - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
@@ -215,6 +216,35 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
  </details>
 +<details>
 +  <summary>Signature verification</summary>
++
 +  <details>
 +    <summary>Check whether the .exe files got properly signed and timestamped</summary>
 +    ```
 +    # Point OSSLSIGNCODE to your osslsigncode binary
 +    pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
 +    OSSLSIGNCODE=/path/to/osslsigncode
 +    ../../../tools/authenticode_check.sh
 +    popd
 +    ```
 +  </details>
 +  <details>
 +    <summary>Check whether the MAR files got properly signed</summary>
 +    ```
 +    # Point NSSDB to your nssdb containing the mar signing certificate
 +    # Point SIGNMAR to your signmar binary
 +    # Point LD_LIBRARY_PATH to your mar-tools directory
 +    pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
 +    NSSDB=/path/to/nssdb
 +    SIGNMAR=/path/to/mar-tools/signmar
 +    LD_LIBRARY_PATH=/path/to/mar-tools/
 +    ../../../tools/marsigning_check.sh
 +    popd
 +    ```
 +  </details>
 +</details>
++
  <details>
    <summary>Publishing</summary>
@@ -233,6 +263,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
  ### blog: https://gitlab.torproject.org/tpo/web/blog.git
  - [ ] Duplicate previous Stable or Alpha release blog post as appropriate to new directory under `content/blog/new-release-tor-browser-$(TOR_BROWSER_VERSION)` and update with info on release :
 +    - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory)
      - [ ] Update Tor Browser version numbers
      - [ ] Note any ESR rebase
      - [ ] Link to any Firefox security updates from ESR upgrade

.gitlab/issue_templates/Release Prep - Tor Browser Stable.md

@@ -166,6 +166,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
  ### signing
  - **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long
  - [ ] On `$(STAGING_SERVER)`, ensure updated:
 +  - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N) && git checkout tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N)`
    - [ ]  `tor-browser-build/tools/signing/set-config.hosts`
      - `ssh_host_builder` : ssh hostname of machine with unsigned builds
        - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
@@ -212,6 +213,35 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
  </details>
 +<details>
 +  <summary>Signature verification</summary>
++
 +  <details>
 +    <summary>Check whether the .exe files got properly signed and timestamped</summary>
 +    ```
 +    # Point OSSLSIGNCODE to your osslsigncode binary
 +    pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
 +    OSSLSIGNCODE=/path/to/osslsigncode
 +    ../../../tools/authenticode_check.sh
 +    popd
 +    ```
 +  </details>
 +  <details>
 +    <summary>Check whether the MAR files got properly signed</summary>
 +    ```
 +    # Point NSSDB to your nssdb containing the mar signing certificate
 +    # Point SIGNMAR to your signmar binary
 +    # Point LD_LIBRARY_PATH to your mar-tools directory
 +    pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
 +    NSSDB=/path/to/nssdb
 +    SIGNMAR=/path/to/mar-tools/signmar
 +    LD_LIBRARY_PATH=/path/to/mar-tools/
 +    ../../../tools/marsigning_check.sh
 +    popd
 +    ```
 +  </details>
 +</details>
++
  <details>
    <summary>Publishing</summary>
@@ -230,6 +260,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
  ### blog: https://gitlab.torproject.org/tpo/web/blog.git
  - [ ] Duplicate previous Stable or Alpha release blog post as appropriate to new directory under `content/blog/new-release-tor-browser-$(TOR_BROWSER_VERSION)` and update with info on release :
 +    - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory)
      - [ ] Update Tor Browser version numbers
      - [ ] Note any ESR rebase
      - [ ] Link to any Firefox security updates from ESR upgrade