richard pushed to branch maint-12.5 at The Tor Project / Applications / tor-browser-build
Commits:
-
dccd3115
by Nicolas Vigier at 2023-06-15T23:41:38+00:00
-
176e8382
by Nicolas Vigier at 2023-06-15T23:41:38+00:00
-
95291992
by Nicolas Vigier at 2023-06-15T23:41:38+00:00
-
1472747b
by Nicolas Vigier at 2023-06-15T23:41:38+00:00
6 changed files:
- .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md
- .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
- .gitlab/issue_templates/Release Prep - Tor Browser Stable.md
- tools/signing/do-all-signing
- tools/signing/staticiforme-prepare-cdn-dist-upload
- tools/signing/sync-local-to-staticiforme
Changes:
... | ... | @@ -88,12 +88,16 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU |
88 | 88 | - [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run the macOS proxy script:
|
89 | 89 | - `cd tor-browser-build/tools/signing/`
|
90 | 90 | - `./macos-signer-proxy`
|
91 | -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure mullvad daemon is running with SOCKS5 proxy on the default port 9050
|
|
92 | -- [ ] apk signing : copy signed `*multi.apk` files to the unsigned build outputs direcmullvady
|
|
91 | +- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
|
|
93 | 92 | - [ ] run do-all-signing script:
|
94 | 93 | - `cd tor-browser-build/tools/signing/`
|
95 | 94 | - `./do-all-signing.sh`
|
96 | -- **NOTE**: at this point the signed binaries should be in `tor-browser-build/mullvadbrowser/release/signed/$(MULLVAD_BROWSER_VERSION)`
|
|
95 | +- **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
|
|
96 | +- [ ] Update `staticiforme.torproject.org`:
|
|
97 | + - From `screen` session on `staticiforme.torproject.org`:
|
|
98 | + - [ ] Static update components : `static-update-component dist.torproject.org`
|
|
99 | + - [ ] Remove old release data from `/srv/dist-master.torproject.org/htdocs/mullvadbrowser`
|
|
100 | + - [ ] Static update components (again) : `static-update-component dist.torproject.org`
|
|
97 | 101 | |
98 | 102 | </details>
|
99 | 103 |
... | ... | @@ -185,7 +185,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch |
185 | 185 | - **NOTE** : Skip this step if the current release is Android or Desktop *only*
|
186 | 186 | - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
|
187 | 187 | - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
|
188 | - - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component
|
|
188 | + - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
|
|
189 | 189 | - [ ] Publish APKs to Google Play:
|
190 | 190 | - Log into https://play.google.com/apps/publish
|
191 | 191 | - Select `Tor Browser (Alpha)` app
|
... | ... | @@ -190,7 +190,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE |
190 | 190 | - **NOTE** : Skip this step if the current release is Android or Desktop *only*
|
191 | 191 | - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
|
192 | 192 | - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
|
193 | -- [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component
|
|
193 | +- [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
|
|
194 | 194 | - [ ] Publish APKs to Google Play:
|
195 | 195 | - Log into https://play.google.com/apps/publish
|
196 | 196 | - Select `Tor Browser` app
|
... | ... | @@ -14,12 +14,17 @@ echo |
14 | 14 | test -f "$steps_dir/macos-signer-notarization.done" ||
|
15 | 15 | read -sp "Enter macos notarization passphrase: " NOTARIZATION_PW
|
16 | 16 | echo
|
17 | +is_project torbrowser && nssdb=torbrowser-nssdb7
|
|
18 | +is_project mullvadbrowser && nssdb=mullvadbrowser-nssdb-1
|
|
17 | 19 | test -f "$steps_dir/linux-signer-signmars.done" ||
|
18 | - read -sp "Enter nssdb7 (mar signing) passphrase: " NSSPASS
|
|
19 | -echo
|
|
20 | -test -f "$steps_dir/linux-signer-sign-android-apks.done" ||
|
|
21 | - read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS
|
|
20 | + read -sp "Enter $nssdb (mar signing) passphrase: " NSSPASS
|
|
22 | 21 | echo
|
22 | + |
|
23 | +if is_project torbrowser; then
|
|
24 | + test -f "$steps_dir/linux-signer-sign-android-apks.done" ||
|
|
25 | + read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS
|
|
26 | + echo
|
|
27 | +fi
|
|
23 | 28 | test -f "$steps_dir/linux-signer-authenticode-signing.done" ||
|
24 | 29 | read -sp "Enter windows authenticode passphrase: " YUBIPASS
|
25 | 30 | echo
|
... | ... | @@ -227,12 +232,9 @@ do_step sync-after-hash |
227 | 232 | do_step linux-signer-gpg-sign
|
228 | 233 | do_step sync-after-gpg-sign
|
229 | 234 | do_step download-unsigned-sha256sums-gpg-signatures-from-people-tpo
|
230 | -is_project torbrowser && \
|
|
231 | - do_step sync-local-to-staticiforme
|
|
232 | -is_project torbrowser && \
|
|
233 | - do_step sync-scripts-to-staticiforme
|
|
234 | -is_project torbrowser && \
|
|
235 | - do_step staticiforme-prepare-cdn-dist-upload
|
|
235 | +do_step sync-local-to-staticiforme
|
|
236 | +do_step sync-scripts-to-staticiforme
|
|
237 | +do_step staticiforme-prepare-cdn-dist-upload
|
|
236 | 238 | do_step upload-update_responses-to-staticiforme
|
237 | 239 | do_step finished-signing-clean-macos-signer
|
238 | 240 | do_step finished-signing-clean-linux-signer |
... | ... | @@ -16,21 +16,29 @@ chmod 775 "$dist_dir" |
16 | 16 | chmod 664 "$dist_dir"/*
|
17 | 17 | chmod 664 "$dist_dir/.htaccess"
|
18 | 18 | |
19 | -cdn_dir="/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser/$tbb_version"
|
|
20 | -if test -d "$cdn_dir"
|
|
21 | -then
|
|
22 | - echo "Error: $cdn_dir already exists" >&2
|
|
23 | - exit 1
|
|
19 | +if is_project torbrowser; then
|
|
20 | + cdn_dir="/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser/$tbb_version"
|
|
21 | + if test -d "$cdn_dir"
|
|
22 | + then
|
|
23 | + echo "Error: $cdn_dir already exists" >&2
|
|
24 | + exit 1
|
|
25 | + fi
|
|
26 | + mkdir "$cdn_dir"
|
|
27 | + chgrp tb-release "$cdn_dir"
|
|
28 | + chmod 775 "$cdn_dir"
|
|
29 | + cd "$cdn_dir"
|
|
30 | + for marfile in "$dist_dir"/*.mar; do
|
|
31 | + ln -f "$marfile" .
|
|
32 | + done
|
|
33 | + |
|
34 | + dest='cdn.tpo and dist.tpo'
|
|
35 | + staticupdatecmd='static-update-component cdn.torproject.org && static-update-component dist.torproject.org'
|
|
36 | +else
|
|
37 | + dest='dist.tpo'
|
|
38 | + staticupdatecmd='static-update-component dist.torproject.org'
|
|
24 | 39 | fi
|
25 | -mkdir "$cdn_dir"
|
|
26 | -chgrp tb-release "$cdn_dir"
|
|
27 | -chmod 775 "$cdn_dir"
|
|
28 | -cd "$cdn_dir"
|
|
29 | -for marfile in "$dist_dir"/*.mar; do
|
|
30 | - ln -f "$marfile" .
|
|
31 | -done
|
|
32 | 40 | |
33 | -echo "$tbb_version is ready to upload to cdn.tpo and dist.tpo"
|
|
41 | +echo "$tbb_version is ready to upload to $dest"
|
|
34 | 42 | echo "You should remove the old version(s) before starting the upload with:"
|
35 | -echo ' static-update-component cdn.torproject.org && static-update-component dist.torproject.org'
|
|
43 | +echo " $staticupdatecmd"
|
|
36 | 44 | echo '(preferably using screen or tmux)' |
... | ... | @@ -3,4 +3,4 @@ set -e |
3 | 3 | script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
4 | 4 | source "$script_dir/functions"
|
5 | 5 | |
6 | -rsync $rsync_options "$signed_version_dir/" "$ssh_host_staticiforme:/srv/dist-master.torproject.org/htdocs/torbrowser/$tbb_version/" |
|
6 | +rsync $rsync_options "$signed_version_dir/" "$ssh_host_staticiforme:/srv/dist-master.torproject.org/htdocs/$SIGNING_PROJECTNAME/$tbb_version/" |