[tor-commits] [Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41218: Use new Tor Browser gpg subkey for signing stable releases

To: tor-commits@xxxxxxxxxxxxxxxxxxxx

Subject: [tor-commits] [Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41218: Use new Tor Browser gpg subkey for signing stable releases

From: "boklm \(@boklm\) via tor-commits" <tor-commits@xxxxxxxxxxxxxxxxxxxx>

Date: Wed, 21 Aug 2024 11:08:53 +0000

Auto-submitted: auto-generated

Cc: "boklm \(@boklm\)" <git@xxxxxxxxxxxxxxxxxxxxx>

Delivered-to: archiver@xxxxxxxx

Delivery-date: Wed, 21 Aug 2024 07:09:05 -0400

Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.torproject.org; s=2022-eugeni; t=1724238542; bh=xwLBQs4rniNZ15HdepGK5vItR7ccpBKSxfSYEb0Ej1A=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=kM/sT2tfp3pRymA9IlA7Xaoz3GeOO+/X0TKqvBjvv1NYLeUjhQ0uB1IzEoKLMJOMi GwdDNjl2q+UY1quGf3LPFYBT2lubvcoM/ClCu+0hy3RSacmX+eyna65jMwrB7E/Jaq pkc4x/FXIwexoUc+w1lFwGvejko0VbCZTztd1pOAfRLdrJ/BrFyR4CVhNEsAw0Ud8F 7/j139kE5k8kMwPhj55gUbiW68plpU+MDiKIu4Zm9W4ltHsBCeQT4S8nSofLeAR6lr XQIQOC7YRI5ovbcfFAJo/R4W5X05sWbOZ3sRA7IjU71fw9fJ4D0OQWuOaHBZMWn/T5 h6yIxO9/vbvjg==

List-archive: <http://lists.torproject.org/pipermail/tor-commits/>

List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>

List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>

List-post: <mailto:tor-commits@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>

Reply-to: noreply@xxxxxxxxxxxxxx

Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

Title: GitLab

boklm pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build

Commits:

3f16675b

by Nicolas Vigier at 2024-08-21T13:08:19+02:00

Bug 41218: Use new Tor Browser gpg subkey for signing stable releases

With #40964 we started using a new subkey for signing alpha releases.
We now start using the new subkey for signing stable releases too.

3 changed files:

tools/signing/linux-signer-gpg-sign
tools/signing/machines-setup/sudoers.d/sign-gpg
tools/signing/wrappers/sign-gpg

Changes:

tools/signing/linux-signer-gpg-sign

@@ -4,8 +4,6 @@ set -e
  script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
  source "$script_dir/functions"
 -test "$tbb_version_type" = "alpha" && export GPG_NEWSUBKEY=1
+-
  cd ~/"$SIGNING_PROJECTNAME-$tbb_version"
  test -n "$GPG_PASS" || read -sp "Enter gpg passphrase: " GPG_PASS

tools/signing/machines-setup/sudoers.d/sign-gpg

 -Defaults>signing-gpg env_keep += "SIGNING_PROJECTNAME GPG_NEWSUBKEY"
 +Defaults>signing-gpg env_keep += SIGNING_PROJECTNAME
  %signing ALL = (signing-gpg) NOPASSWD: /signing/tor-browser-build/tools/signing/wrappers/sign-gpg

tools/signing/wrappers/sign-gpg

@@ -11,6 +11,5 @@ if test $(whoami) != 'signing-gpg'; then
    exit 1
  fi
 -gpg_subkey='0xe53d989a9e2d47bf!'
 -test -n "$GPG_NEWSUBKEY" && gpg_subkey='0x157432CF78A65729!'
 +gpg_subkey='0x157432CF78A65729!'
  exec gpg --homedir /home/signing-gpg/.gnupg -absu "$gpg_subkey" --batch --no-tty -o- --passphrase-fd 0 -- "$1"

_______________________________________________ tor-commits mailing list tor-commits@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits