[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [builders/tor-browser-build] 05/09: Bug 40476: Improve linux-signer-authenticode-signing

To: tor-commits@xxxxxxxxxxxxxxxxxxxx, tbb-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [builders/tor-browser-build] 05/09: Bug 40476: Improve linux-signer-authenticode-signing
From: gitolite role <git@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 10 May 2022 11:42:15 +0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 10 May 2022 07:42:55 -0400
In-reply-to: <165218293024.13009.13466818843249575374@cupani.torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
References: <165218293024.13009.13466818843249575374@cupani.torproject.org>
Reply-to: Nicolas Vigier <boklm@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQAAEjRWWZwMTc6PRsy9QkFIVPdZew==

This is an automated email from the git hooks/post-receive script.

boklm pushed a commit to branch maint-11.0
in repository builders/tor-browser-build.

commit 01adb390c9198714b51c9a641d0137999c978929
Author: Nicolas Vigier <boklm@xxxxxxxxxxxxxx>
AuthorDate: Sat Apr 30 10:57:10 2022 +0200

    Bug 40476: Improve linux-signer-authenticode-signing
    
    - Automatically change to ~/$tbb_version directory
    - Allow setting password with an environment variable (useful for
      tor-browser-build#40476)
    - Make it possible to run the script as any user, and only run the
      osslsigncode command as the yubishm user
---
 tools/signing/linux-signer-authenticode-signing | 28 ++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/tools/signing/linux-signer-authenticode-signing b/tools/signing/linux-signer-authenticode-signing
index 68643ee..31943af 100755
--- a/tools/signing/linux-signer-authenticode-signing
+++ b/tools/signing/linux-signer-authenticode-signing
@@ -1,20 +1,34 @@
 #!/bin/bash
 set -e
 
-export YUBIHSM_PKCS11_CONF=~/yubihsm_pkcs11.conf
+script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+source "$script_dir/functions"
 
-read -sp "Enter passphrase: " pass
+cd ~/"$tbb_version"
+
+test -n "${YUBIPASS:-}" || read -s -p "Authenticode (yubihsm) password:" YUBIPASS
 echo
+
+tmpdir=$(mktemp -d)
+chgrp yubihsm "$tmpdir"
+chmod g+rwx "$tmpdir"
+
+cwd=$(pwd)
 for i in `find . -name "*.exe" -print`
 do
-  /home/yubihsm/osslsigncode/osslsigncode \
+  echo "Signing $i"
+  echo export 'YUBIHSM_PKCS11_CONF=~/yubihsm_pkcs11.conf' \; \
+       /home/yubihsm/osslsigncode/osslsigncode \
                  -pkcs11engine /usr/lib/engines/engine_pkcs11.so \
                  -pkcs11module /usr/local/lib/yubihsm_pkcs11.so \
-                 -pass "$pass" \
+                 -pass "'$YUBIPASS'" \
                  -h sha256 \
                  -certs /home/yubihsm/tpo-cert.crt \
                  -key 1c40 \
-                 $i $i-signed
+                 "$cwd/$i" "$tmpdir/$i" \
+                 | sudo su - yubihsm
+  mv -vf "$tmpdir/$i" "$cwd/$i"
 done
-unset pass
-rename -f 's/-signed//' *-signed
+
+unset YUBIPASS
+rmdir "$tmpdir"

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

References:
- [tor-commits] [builders/tor-browser-build] branch maint-11.0 updated (479afa2 -> 1d47837)
  - From: gitolite role

Prev by Author: [tor-commits] [tor-browser] 42/72: Bug 27604: Fix addon issues when moving TB directory
Next by Author: [tor-commits] [builders/tor-browser-build] branch maint-11.5a10 updated (61f83c0 -> 431f3c7)
Previous by thread: [tor-commits] [builders/tor-browser-build] 06/09: Bug 40476: Use gpg with --batch --no-tty in linux-signer-gpg-sign
Next by thread: [tor-commits] [builders/tor-browser-build] 07/09: Bug 40476: Add sync-scripts-to-staticiforme
Index(es):
- Author
- Thread