[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18925 [Webpages/Website]: Add instructions for removing the code signing parts of OS X bundles and MAR files

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #18925 [Webpages/Website]: Add instructions for removing the code signing parts of OS X bundles and MAR files
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 30 Aug 2018 03:40:51 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 29 Aug 2018 23:41:06 -0400
In-reply-to: <042.f463170d5318248a2af6fdef52d58d7a@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.f463170d5318248a2af6fdef52d58d7a@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18925: Add instructions for removing the code signing parts of OS X bundles and
MAR files
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  enhancement                          |         Status:
                                                 |  needs_information
 Priority:  Medium                               |      Milestone:
Component:  Webpages/Website                     |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  website-content, GeorgKoppen201806,  |  Actual Points:
  TorBrowserTeam201806                           |
Parent ID:  #17413                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by traumschule):

 I cannot test it right now, but i used
 [http://blog.smalleycreative.com/administration/automating-osx-part-one/
 this guide] some time ago for testing an ansible role with travis. Here's
 my draft:
 {{{
 set -e
 # Tests the checksum of our generated mar files on macOS

 # settings
 tbbversion=8.0a10
 lang=en-US
 distdomain=https://dist.torproject.org
 #distdomain=http://rqef5a5mebgq46y5
 dmgurl="$domain/torbrowser/$tbbversion/TorBrowser-$tbbversion-
 osx64_$lang.dmg"
 martoolsurl="http://rqef5a5mebgq46y5.onion/torbrowser/$tbbversion/mar-
 tools-mac64.zip"
 sumsurl=$domain/torbrowser/$tbbversion/sha256sums-signed-build.txt

 cache="$(pwd)/cache" # Assuming this is run by a CI and it supports it,
 cache be mounted before.
 dmgfile="$cache/$(basename $dmgurl)"
 mountpath="/Volumes/$dmgfile" # TODO may differ
 signedmarfile="signed-mar-file.mar"
 unsignedmarfile="tor-browser-osx64-$tbbversion_$lang.mar"

 # preparation
 [ -n "$cache" ] && [ -d "$cache" ] || mkdir "$cache"
 cd $cache
 wget $martoolsurl
 wget $dmgurl
 wget $sumsurl
 wget $sumsurl.asc
 sumfile="$cache/$(basename $sumsurl)"

 gpg --recv 0x4E2C6E8793298290
 if [ ! $(gpg --verify $sumfile.asc|grep "Good signature"|wc -l) -gt 0 ]
 then echo "Signature verification failed: $sumfile"; exit 1; fi

 martoolszip="$(basename $martoolsurl)"
 [ -n "martoolszip" ] || exit 1
 [ -f "martoolszip" ] || exit 1
 unzip "$martoolszip" # should extract to mar-tools
 [ -f mar-tools/marsign ] || exit 1
 marpath="$cache/mar-tools"

 hdiutil mount -nobrowse $cache/$dmgfile
 cd $mountpath
 export LD_LIBRARY_PATH=$marpath
 $marpath/marsign -r $signedmarfile $unsignedmarfile
 if [ "$(sha256sum $unsignedmarfile)" -ne "$(grep $unsignedmarfile
 $sumfile)" ]
 then echo "sha256sum does not match: $unsignedmarfile"; exit 1; fi
 }}}
 Would that work?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18925#comment:60>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #27269 [Applications/Tor Browser]: noscript not working in Tor Browser 8.0a10r
Next by Author: Re: [tor-bugs] #26980 [Core Tor/Tor]: HSv3 descriptors rejected because of bad SRV start time computation
Previous by thread: Re: [tor-bugs] #18925 [Webpages/Website]: Add instructions for removing the code signing parts of OS X bundles and MAR files
Next by thread: Re: [tor-bugs] #22265 [Webpages/Website]: write high-level overview of bootstrap process
Index(es):
- Author
- Thread