boklm pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
-
631bcbc1
by Nicolas Vigier at 2023-01-23T17:33:40+01:00
-
1a018371
by Nicolas Vigier at 2023-01-23T17:33:43+01:00
6 changed files:
- .gitlab/issue_templates/Release Prep - Alpha.md
- .gitlab/issue_templates/Release Prep - Stable.md
- tools/signing/do-all-signing
- tools/signing/functions
- + tools/signing/set-config.update-responses
- tools/signing/upload-update_responses-to-staticiforme
Changes:
... | ... | @@ -219,6 +219,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in |
219 | 219 | - `ssh_host_macos_signer` : ssh hostname of macOS signing machine
|
220 | 220 | - [ ] `tor-browser-build/tools/signing/set-config.macos-notarization`
|
221 | 221 | - `macos_notarization_user` : the email login for a tor notariser Apple Developer account
|
222 | + - [ ] `set-config.update-responses`
|
|
223 | + - `update_responses_repository_dir` : directory where you cloned `git@xxxxxxxxxxxxxxxxxxxxx:tpo/applications/tor-browser-update-responses.git`
|
|
222 | 224 | - [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
|
223 | 225 | - `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
|
224 | 226 | - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
|
... | ... | @@ -239,7 +241,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in |
239 | 241 | - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
|
240 | 242 | - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
|
241 | 243 | - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
|
242 | - - [ ] Enable update responses : `./deploy_update_responses-alpha.sh`
|
|
244 | + - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-alpha.sh`
|
|
243 | 245 | - [ ] Publish APKs to Google Play:
|
244 | 246 | - Log into https://play.google.com/apps/publish
|
245 | 247 | - Select `Tor Browser (Alpha)` app
|
... | ... | @@ -229,6 +229,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in |
229 | 229 | - `ssh_host_macos_signer` : ssh hostname of macOS signing machine
|
230 | 230 | - [ ] `tor-browser-build/tools/signing/set-config.macos-notarization`
|
231 | 231 | - `macos_notarization_user` : the email login for a tor notariser Apple Developer account
|
232 | + - [ ] `set-config.update-responses`
|
|
233 | + - `update_responses_repository_dir` : directory where you cloned `git@xxxxxxxxxxxxxxxxxxxxx:tpo/applications/tor-browser-update-responses.git`
|
|
232 | 234 | - [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
|
233 | 235 | - `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
|
234 | 236 | - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
|
... | ... | @@ -249,7 +251,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in |
249 | 251 | - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
|
250 | 252 | - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
|
251 | 253 | - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
|
252 | - - [ ] Enable update responses : `./deploy_update_responses-alpha.sh`
|
|
254 | + - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-release.sh`
|
|
253 | 255 | - [ ] Publish APKs to Google Play:
|
254 | 256 | - Log into https://play.google.com/apps/publish
|
255 | 257 | - Select `Tor Browser` app
|
... | ... | @@ -2,6 +2,7 @@ |
2 | 2 | set -e
|
3 | 3 | script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
4 | 4 | source "$script_dir/functions"
|
5 | +source "$script_dir/set-config.update-responses"
|
|
5 | 6 | |
6 | 7 | NON_INTERACTIVE=1
|
7 | 8 | steps_dir="$signed_version_dir.steps"
|
... | ... | @@ -19,4 +19,16 @@ function check_torbrowser_version_var { |
19 | 19 | return 0
|
20 | 20 | }
|
21 | 21 | |
22 | +function check_update_responses_repository_dir {
|
|
23 | + if test -z "$update_responses_repository_dir" || ! test -d "$update_responses_repository_dir"
|
|
24 | + then
|
|
25 | + cat << 'EOF' > /dev/stderr
|
|
26 | +$aus1_repository_dir is not defined, or the directory does not exist
|
|
27 | +You should clone git@xxxxxxxxxxxxxxxxxxxxx:tpo/applications/tor-browser-update-responses.git
|
|
28 | +and set $update_responses_repository_dir in set-config.update-responses
|
|
29 | +EOF
|
|
30 | + exit 1
|
|
31 | + fi
|
|
32 | +}
|
|
33 | + |
|
22 | 34 | . "$script_dir/set-config" |
1 | +# You should clone git@xxxxxxxxxxxxxxxxxxxxx:tpo/applications/tor-browser-update-responses.git
|
|
2 | +# and uncomment the line setting update_responses_repository_dir.
|
|
3 | +# Don't forget to set user.email and user.name in your git config
|
|
4 | + |
|
5 | +#update_responses_repository_dir=/path/to/tor-browser-update-responses.git
|
|
6 | + |
|
7 | +check_update_responses_repository_dir |
... | ... | @@ -2,6 +2,7 @@ |
2 | 2 | set -e
|
3 | 3 | script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
4 | 4 | source "$script_dir/functions"
|
5 | +source "$script_dir/set-config.update-responses"
|
|
5 | 6 | |
6 | 7 | check_torbrowser_version_var
|
7 | 8 | |
... | ... | @@ -17,33 +18,40 @@ else |
17 | 18 | popd > /dev/null
|
18 | 19 | fi
|
19 | 20 | |
20 | -update_dir=/srv/aus1-master.torproject.org/htdocs/torbrowser/update_3
|
|
21 | +cd $update_responses_repository_dir
|
|
22 | +git checkout main
|
|
23 | +git pull --ff-only
|
|
24 | +test -n "$(git status --porcelain=v1 | grep -v '^?')" \
|
|
25 | + && exit_error 'update_responses_repository_dir has modified files'
|
|
26 | +cd update_3
|
|
27 | +rm -Rf "$tbb_version_type"
|
|
28 | +tar -xf "$update_responses_tar"
|
|
29 | +git add "$tbb_version_type"
|
|
30 | +git commit -m "$tbb_version_type: new version, $tbb_version"
|
|
31 | +update_responses_commit=$(git log -1 --format=%H)
|
|
32 | + |
|
33 | +update_dir=/srv/aus1-master.torproject.org/htdocs/torbrowser
|
|
21 | 34 | deploy_script=$(mktemp)
|
22 | 35 | trap "rm -Rf $deploy_script" EXIT
|
23 | 36 | cat << EOF > "$deploy_script"
|
24 | 37 | #!/bin/bash
|
25 | 38 | set -e
|
26 | 39 | |
27 | -tmpdir="\$(mktemp -d)"
|
|
40 | +echo "Deploying version $tbb_version"
|
|
41 | +echo "update_responses_commit: $update_responses_commit"
|
|
28 | 42 | |
29 | -trap "rm -Rf \$tmpdir" EXIT
|
|
30 | - |
|
31 | -rm -Rf "$update_dir/$tbb_version_type.old"
|
|
32 | -test -d "$update_dir/$tbb_version_type" && \\
|
|
33 | - mv -v "$update_dir/$tbb_version_type" "$update_dir/$tbb_version_type.old"
|
|
34 | - |
|
35 | -tar -C "\$tmpdir" -xf ~/$update_responses_tar_filename
|
|
36 | -chmod 775 "\$tmpdir"/$tbb_version_type
|
|
37 | -chmod 664 "\$tmpdir"/$tbb_version_type/* "\$tmpdir"/$tbb_version_type/.htaccess
|
|
38 | -chgrp -R torwww "\$tmpdir"/$tbb_version_type
|
|
39 | -mv -v "\$tmpdir"/$tbb_version_type "$update_dir/$tbb_version_type"
|
|
43 | +cd "$update_dir"
|
|
44 | +git fetch
|
|
45 | +git checkout "$update_responses_commit"
|
|
40 | 46 | |
41 | 47 | static-update-component aus1.torproject.org
|
42 | 48 | EOF
|
43 | 49 | |
44 | 50 | chmod +x $deploy_script
|
45 | -scp -p "$update_responses_tar" "$ssh_host_staticiforme:"
|
|
46 | 51 | scp -p $deploy_script $ssh_host_staticiforme:deploy_update_responses-$tbb_version_type.sh
|
47 | 52 | |
53 | +git push
|
|
54 | + |
|
48 | 55 | echo 'To enable updates you can now run:'
|
49 | -echo " ssh $ssh_host_staticiforme ./deploy_update_responses-$tbb_version_type.sh" |
|
56 | +echo " ssh $ssh_host_staticiforme"
|
|
57 | +echo " sudo -u tb-release ./deploy_update_responses-$tbb_version_type.sh" |