[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-browser] 35/43: Bug 1745467 - Update signing formats for Windows; r=aki, a=RyanVM

To: tor-commits@xxxxxxxxxxxxxxxxxxxx, tbb-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor-browser] 35/43: Bug 1745467 - Update signing formats for Windows; r=aki, a=RyanVM
From: gitolite role <git@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 31 May 2022 07:07:18 +0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 31 May 2022 03:10:23 -0400
In-reply-to: <165398080302.1704.14545680214246485717@cupani.torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
References: <165398080302.1704.14545680214246485717@cupani.torproject.org>
Reply-to: Geoff Brown <gbrown@xxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQAAEjRWcDcAlYVMTXGmZBViK76sbQ==

This is an automated email from the git hooks/post-receive script.

pierov pushed a commit to branch tor-browser-91.10.0esr-11.0-1
in repository tor-browser.

commit 9312197bce273d55c969b185531e211dd95db89a
Author: Geoff Brown <gbrown@xxxxxxxxxxx>
AuthorDate: Fri Mar 18 16:16:36 2022 +0000

    Bug 1745467 - Update signing formats for Windows; r=aki, a=RyanVM
    
    Change signing formats to use SHA-256 digests in the Windows installer signature.
    
    Differential Revision: https://phabricator.services.mozilla.com/D139752
---
 taskcluster/taskgraph/transforms/geckodriver_signing.py       | 2 +-
 taskcluster/taskgraph/transforms/openh264_signing.py          | 2 +-
 taskcluster/taskgraph/transforms/repackage_signing.py         | 6 +++---
 taskcluster/taskgraph/transforms/repackage_signing_partner.py | 4 ++--
 taskcluster/taskgraph/util/signed_artifacts.py                | 4 ++--
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/taskcluster/taskgraph/transforms/geckodriver_signing.py b/taskcluster/taskgraph/transforms/geckodriver_signing.py
index ea75e33703756..ac40feeeab5c8 100644
--- a/taskcluster/taskgraph/transforms/geckodriver_signing.py
+++ b/taskcluster/taskgraph/transforms/geckodriver_signing.py
@@ -108,7 +108,7 @@ def make_signing_description(config, jobs):
 
 def _craft_upstream_artifacts(dep_job, dependency_kind, build_platform):
     if build_platform.startswith("win"):
-        signing_format = "autograph_authenticode"
+        signing_format = "autograph_authenticode_sha2"
     elif build_platform.startswith("linux"):
         signing_format = "autograph_gpg"
     elif build_platform.startswith("macosx"):
diff --git a/taskcluster/taskgraph/transforms/openh264_signing.py b/taskcluster/taskgraph/transforms/openh264_signing.py
index dcc566883a999..589de73ba5823 100644
--- a/taskcluster/taskgraph/transforms/openh264_signing.py
+++ b/taskcluster/taskgraph/transforms/openh264_signing.py
@@ -69,7 +69,7 @@ def make_signing_description(config, jobs):
 
         if "win" in build_platform:
             # job['primary-dependency'].task['payload']['command']
-            upstream_artifact["formats"] = ["autograph_authenticode"]
+            upstream_artifact["formats"] = ["autograph_authenticode_sha2"]
         elif "mac" in build_platform:
             upstream_artifact["formats"] = ["mac_single_file"]
             upstream_artifact["singleFileGlobs"] = ["libgmpopenh264.dylib"]
diff --git a/taskcluster/taskgraph/transforms/repackage_signing.py b/taskcluster/taskgraph/transforms/repackage_signing.py
index 6c9fa64d8d265..f007503e07634 100644
--- a/taskcluster/taskgraph/transforms/repackage_signing.py
+++ b/taskcluster/taskgraph/transforms/repackage_signing.py
@@ -27,9 +27,9 @@ repackage_signing_description_schema = schema.extend(
 )
 
 SIGNING_FORMATS = {
-    "target.installer.exe": ["autograph_authenticode_stub"],
-    "target.stub-installer.exe": ["autograph_authenticode_stub"],
-    "target.installer.msi": ["autograph_authenticode"],
+    "target.installer.exe": ["autograph_authenticode_sha2_stub"],
+    "target.stub-installer.exe": ["autograph_authenticode_sha2_stub"],
+    "target.installer.msi": ["autograph_authenticode_sha2"],
 }
 
 transforms = TransformSequence()
diff --git a/taskcluster/taskgraph/transforms/repackage_signing_partner.py b/taskcluster/taskgraph/transforms/repackage_signing_partner.py
index 7f93216c4ce69..6f1a41f3773ed 100644
--- a/taskcluster/taskgraph/transforms/repackage_signing_partner.py
+++ b/taskcluster/taskgraph/transforms/repackage_signing_partner.py
@@ -79,7 +79,7 @@ def make_repackage_signing_description(config, jobs):
                             dep_job, "{}/target.installer.exe".format(repack_id)
                         ),
                     ],
-                    "formats": ["autograph_authenticode", "autograph_gpg"],
+                    "formats": ["autograph_authenticode_sha2", "autograph_gpg"],
                 }
             ]
 
@@ -99,7 +99,7 @@ def make_repackage_signing_description(config, jobs):
                                 "{}/target.stub-installer.exe".format(repack_id),
                             ),
                         ],
-                        "formats": ["autograph_authenticode", "autograph_gpg"],
+                        "formats": ["autograph_authenticode_sha2", "autograph_gpg"],
                     }
                 )
         elif "mac" in build_platform:
diff --git a/taskcluster/taskgraph/util/signed_artifacts.py b/taskcluster/taskgraph/util/signed_artifacts.py
index 0a215e152ee2c..34440b5dfa592 100644
--- a/taskcluster/taskgraph/util/signed_artifacts.py
+++ b/taskcluster/taskgraph/util/signed_artifacts.py
@@ -98,14 +98,14 @@ def generate_specifications_of_artifacts_to_sign(
                 "artifacts": [
                     get_artifact_path(job, "{locale}/setup.exe"),
                 ],
-                "formats": ["autograph_authenticode"],
+                "formats": ["autograph_authenticode_sha2"],
             },
             {
                 "artifacts": [
                     get_artifact_path(job, "{locale}/target.zip"),
                 ],
                 "formats": [
-                    "autograph_authenticode",
+                    "autograph_authenticode_sha2",
                     "autograph_widevine",
                     "autograph_omnija",
                 ],

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

References:
- [tor-commits] [tor-browser] branch tor-browser-91.10.0esr-11.0-1 created (now 2010fcc588669)
  - From: gitolite role

Prev by Author: [tor-commits] [tor] 01/01: Merge branch 'maint-0.4.5' into release-0.4.5
Next by Author: [tor-commits] [tor] branch release-0.4.7 updated (5345b43fb8 -> 5f2b75aafd)
Previous by thread: [tor-commits] [tor-browser] 34/43: Bug 1770048: Improve self-hosted new_List (ESR) r=jandem, tcampbell, a=dsmith
Next by thread: [tor-commits] [tor-browser] 37/43: No bug - Tagging 262b3b86a564b17e3397b519488698bc530f0858 with FIREFOX_91_9_1esr_BUILD1 a=release CLOSED TREE DONTBUILD
Index(es):
- Author
- Thread