richard pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
-
dccd3115
by Nicolas Vigier at 2023-06-15T23:41:38+00:00
-
176e8382
by Nicolas Vigier at 2023-06-15T23:41:38+00:00
-
95291992
by Nicolas Vigier at 2023-06-15T23:41:38+00:00
-
1472747b
by Nicolas Vigier at 2023-06-15T23:41:38+00:00
6 changed files:
- .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md
- .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
- .gitlab/issue_templates/Release Prep - Tor Browser Stable.md
- tools/signing/do-all-signing
- tools/signing/staticiforme-prepare-cdn-dist-upload
- tools/signing/sync-local-to-staticiforme
Changes:
| ... | ... | @@ -88,12 +88,16 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU |
| 88 | 88 | - [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run the macOS proxy script:
|
| 89 | 89 | - `cd tor-browser-build/tools/signing/`
|
| 90 | 90 | - `./macos-signer-proxy`
|
| 91 | -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure mullvad daemon is running with SOCKS5 proxy on the default port 9050
|
|
| 92 | -- [ ] apk signing : copy signed `*multi.apk` files to the unsigned build outputs direcmullvady
|
|
| 91 | +- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
|
|
| 93 | 92 | - [ ] run do-all-signing script:
|
| 94 | 93 | - `cd tor-browser-build/tools/signing/`
|
| 95 | 94 | - `./do-all-signing.sh`
|
| 96 | -- **NOTE**: at this point the signed binaries should be in `tor-browser-build/mullvadbrowser/release/signed/$(MULLVAD_BROWSER_VERSION)`
|
|
| 95 | +- **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
|
|
| 96 | +- [ ] Update `staticiforme.torproject.org`:
|
|
| 97 | + - From `screen` session on `staticiforme.torproject.org`:
|
|
| 98 | + - [ ] Static update components : `static-update-component dist.torproject.org`
|
|
| 99 | + - [ ] Remove old release data from `/srv/dist-master.torproject.org/htdocs/mullvadbrowser`
|
|
| 100 | + - [ ] Static update components (again) : `static-update-component dist.torproject.org`
|
|
| 97 | 101 | |
| 98 | 102 | </details>
|
| 99 | 103 |
| ... | ... | @@ -185,7 +185,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch |
| 185 | 185 | - **NOTE** : Skip this step if the current release is Android or Desktop *only*
|
| 186 | 186 | - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
|
| 187 | 187 | - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
|
| 188 | - - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component
|
|
| 188 | + - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
|
|
| 189 | 189 | - [ ] Publish APKs to Google Play:
|
| 190 | 190 | - Log into https://play.google.com/apps/publish
|
| 191 | 191 | - Select `Tor Browser (Alpha)` app
|
| ... | ... | @@ -190,7 +190,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE |
| 190 | 190 | - **NOTE** : Skip this step if the current release is Android or Desktop *only*
|
| 191 | 191 | - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
|
| 192 | 192 | - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
|
| 193 | -- [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component
|
|
| 193 | +- [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
|
|
| 194 | 194 | - [ ] Publish APKs to Google Play:
|
| 195 | 195 | - Log into https://play.google.com/apps/publish
|
| 196 | 196 | - Select `Tor Browser` app
|
| ... | ... | @@ -14,12 +14,17 @@ echo |
| 14 | 14 | test -f "$steps_dir/macos-signer-notarization.done" ||
|
| 15 | 15 | read -sp "Enter macos notarization passphrase: " NOTARIZATION_PW
|
| 16 | 16 | echo
|
| 17 | +is_project torbrowser && nssdb=torbrowser-nssdb7
|
|
| 18 | +is_project mullvadbrowser && nssdb=mullvadbrowser-nssdb-1
|
|
| 17 | 19 | test -f "$steps_dir/linux-signer-signmars.done" ||
|
| 18 | - read -sp "Enter nssdb7 (mar signing) passphrase: " NSSPASS
|
|
| 19 | -echo
|
|
| 20 | -test -f "$steps_dir/linux-signer-sign-android-apks.done" ||
|
|
| 21 | - read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS
|
|
| 20 | + read -sp "Enter $nssdb (mar signing) passphrase: " NSSPASS
|
|
| 22 | 21 | echo
|
| 22 | + |
|
| 23 | +if is_project torbrowser; then
|
|
| 24 | + test -f "$steps_dir/linux-signer-sign-android-apks.done" ||
|
|
| 25 | + read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS
|
|
| 26 | + echo
|
|
| 27 | +fi
|
|
| 23 | 28 | test -f "$steps_dir/linux-signer-authenticode-signing.done" ||
|
| 24 | 29 | read -sp "Enter windows authenticode passphrase: " YUBIPASS
|
| 25 | 30 | echo
|
| ... | ... | @@ -227,12 +232,9 @@ do_step sync-after-hash |
| 227 | 232 | do_step linux-signer-gpg-sign
|
| 228 | 233 | do_step sync-after-gpg-sign
|
| 229 | 234 | do_step download-unsigned-sha256sums-gpg-signatures-from-people-tpo
|
| 230 | -is_project torbrowser && \
|
|
| 231 | - do_step sync-local-to-staticiforme
|
|
| 232 | -is_project torbrowser && \
|
|
| 233 | - do_step sync-scripts-to-staticiforme
|
|
| 234 | -is_project torbrowser && \
|
|
| 235 | - do_step staticiforme-prepare-cdn-dist-upload
|
|
| 235 | +do_step sync-local-to-staticiforme
|
|
| 236 | +do_step sync-scripts-to-staticiforme
|
|
| 237 | +do_step staticiforme-prepare-cdn-dist-upload
|
|
| 236 | 238 | do_step upload-update_responses-to-staticiforme
|
| 237 | 239 | do_step finished-signing-clean-macos-signer
|
| 238 | 240 | do_step finished-signing-clean-linux-signer |
| ... | ... | @@ -16,21 +16,29 @@ chmod 775 "$dist_dir" |
| 16 | 16 | chmod 664 "$dist_dir"/*
|
| 17 | 17 | chmod 664 "$dist_dir/.htaccess"
|
| 18 | 18 | |
| 19 | -cdn_dir="/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser/$tbb_version"
|
|
| 20 | -if test -d "$cdn_dir"
|
|
| 21 | -then
|
|
| 22 | - echo "Error: $cdn_dir already exists" >&2
|
|
| 23 | - exit 1
|
|
| 19 | +if is_project torbrowser; then
|
|
| 20 | + cdn_dir="/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser/$tbb_version"
|
|
| 21 | + if test -d "$cdn_dir"
|
|
| 22 | + then
|
|
| 23 | + echo "Error: $cdn_dir already exists" >&2
|
|
| 24 | + exit 1
|
|
| 25 | + fi
|
|
| 26 | + mkdir "$cdn_dir"
|
|
| 27 | + chgrp tb-release "$cdn_dir"
|
|
| 28 | + chmod 775 "$cdn_dir"
|
|
| 29 | + cd "$cdn_dir"
|
|
| 30 | + for marfile in "$dist_dir"/*.mar; do
|
|
| 31 | + ln -f "$marfile" .
|
|
| 32 | + done
|
|
| 33 | + |
|
| 34 | + dest='cdn.tpo and dist.tpo'
|
|
| 35 | + staticupdatecmd='static-update-component cdn.torproject.org && static-update-component dist.torproject.org'
|
|
| 36 | +else
|
|
| 37 | + dest='dist.tpo'
|
|
| 38 | + staticupdatecmd='static-update-component dist.torproject.org'
|
|
| 24 | 39 | fi
|
| 25 | -mkdir "$cdn_dir"
|
|
| 26 | -chgrp tb-release "$cdn_dir"
|
|
| 27 | -chmod 775 "$cdn_dir"
|
|
| 28 | -cd "$cdn_dir"
|
|
| 29 | -for marfile in "$dist_dir"/*.mar; do
|
|
| 30 | - ln -f "$marfile" .
|
|
| 31 | -done
|
|
| 32 | 40 | |
| 33 | -echo "$tbb_version is ready to upload to cdn.tpo and dist.tpo"
|
|
| 41 | +echo "$tbb_version is ready to upload to $dest"
|
|
| 34 | 42 | echo "You should remove the old version(s) before starting the upload with:"
|
| 35 | -echo ' static-update-component cdn.torproject.org && static-update-component dist.torproject.org'
|
|
| 43 | +echo " $staticupdatecmd"
|
|
| 36 | 44 | echo '(preferably using screen or tmux)' |
| ... | ... | @@ -3,4 +3,4 @@ set -e |
| 3 | 3 | script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
| 4 | 4 | source "$script_dir/functions"
|
| 5 | 5 | |
| 6 | -rsync $rsync_options "$signed_version_dir/" "$ssh_host_staticiforme:/srv/dist-master.torproject.org/htdocs/torbrowser/$tbb_version/" |
|
| 6 | +rsync $rsync_options "$signed_version_dir/" "$ssh_host_staticiforme:/srv/dist-master.torproject.org/htdocs/$SIGNING_PROJECTNAME/$tbb_version/" |