[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-browser-bundle/master] Bug 20217: check that OSX incremental MARs are made with code signing

To: tor-commits@xxxxxxxxxxxxxxxxxxxx, tbb-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor-browser-bundle/master] Bug 20217: check that OSX incremental MARs are made with code signing
From: gk@xxxxxxxxxxxxxx
Date: Tue, 11 Oct 2016 13:07:50 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 11 Oct 2016 09:08:04 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Nicolas Vigier <boklm@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 9836227e4ae27123a3eb27167dc6dca13b5d1027
Author: Nicolas Vigier <boklm@xxxxxxxxxxxxxx>
Date:   Mon Oct 10 19:44:10 2016 +0200

    Bug 20217: check that OSX incremental MARs are made with code signing
    
    When updating the OSX incremental MAR files after running dmg2mar, we check
    that both the old and the new mar files contain code signing.
    
    We don't check this while creating the incremental MAR files during the
    build.
---
 gitian/Makefile                         | 4 ++--
 tools/update-responses/update_responses | 6 ++++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/gitian/Makefile b/gitian/Makefile
index f008834..a4a757f 100644
--- a/gitian/Makefile
+++ b/gitian/Makefile
@@ -48,12 +48,12 @@ signmars-nightly:
 dmg2mars:
 	cd $(shell ../tools/update-responses/get_channel_version release) && ../../tools/dmg2mar
 	$(TORSOCKS) ../tools/update-responses/download_missing_versions release
-	MAR_SKIP_EXISTING=1 ../tools/update-responses/gen_incrementals release
+	CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 ../tools/update-responses/gen_incrementals release
 
 dmg2mars-alpha:
 	cd $(shell ../tools/update-responses/get_channel_version alpha) && ../../tools/dmg2mar
 	$(TORSOCKS) ../tools/update-responses/download_missing_versions alpha
-	MAR_SKIP_EXISTING=1 ../tools/update-responses/gen_incrementals alpha
+	CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 ../tools/update-responses/gen_incrementals alpha
 
 update_responses:
 	../tools/update-responses/update_responses release
diff --git a/tools/update-responses/update_responses b/tools/update-responses/update_responses
index 7962f69..ceba144 100755
--- a/tools/update-responses/update_responses
+++ b/tools/update-responses/update_responses
@@ -197,6 +197,12 @@ sub create_incremental_mar {
     my $tmpdir = File::Temp->newdir();
     extract_mar(mar_filename($from_version, $os, $lang), "$tmpdir/A");
     extract_mar(mar_filename($new_version, $os, $lang), "$tmpdir/B");
+    if ($ENV{CHECK_CODESIGNATURE_EXISTS}) {
+        unless (-f "$tmpdir/A/TorBrowser.app/Contents/_CodeSignature/CodeResources"
+            && -f "$tmpdir/B/TorBrowser.app/Contents/_CodeSignature/CodeResources") {
+            exit_error "Missing code signature while creating $mar_file";
+        }
+    }
     my ($out, $err, $success) = capture_exec('make_incremental_update.sh',
                                    $mar_file_path, "$tmpdir/A", "$tmpdir/B");
     if (!$success) {

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [torbutton/master] Bug 20244.6: Overlay checkboxes to use torbutton translations
Next by Author: [tor-commits] [tor-browser/tor-browser-45.4.0esr-6.5-1] Bug 20304: SOCKS socket does not support spaces and other special characters
Previous by thread: [tor-commits] [tor/master] Fix non-triggerable heap corruption at do_getpass().
Next by thread: [tor-commits] [tor/master] torrc parsing b0rks on carriage-return
Index(es):
- Author
- Thread