When checking our .mar and .exe files for signing errors we keep the
checked files around until the whole check is done. This essentially
leads to doubling the amount of disk space for them during that time,
which could make the difference between someone being able to check
them successfully or not.

There is actually no need, though, to keep all the binaries until the
whole signature check is done and we remove the checked bundle from now
on immediately after a particular check finished.

Update the tor-browser-bundle-testsuite.git commit, to add
android-aarch64 nightly builds.

At the same time, we update the tor-browser-bundle-testsuite.git URL to
use the repository that created with #30516.

When creating a new keyring with gpg >= 2.1, it will be created in the
keybox format, which is only compatible with gpg >= 2.1. This means that
the drop-expired-sub-keys script will create keyring files which are not
compatible with older versions of gpg.

To avoid this, we use the output of gpg --export as the keyring file,
which is in the old format.

The tools/keyring/drop-expired-sub-keys script can be used to drop all
expired and revoked sub-keys from a keyring.

We also add the script tools/keyring/list-all-keyrings which can be used
to list all the keys included in all the keyring files, to make it
easier to review if any key needs to be removed.

By default dma will send emails by connecting to the configured mail
server on port 25.

According to https://riseup.net/en/email/clients we should be connecting
to mail.riseup.net on port 587.

With #26843 we now require mercurial to be installed, so it should be
installed by the tbb-build ansible role.

Arthur said he doesn't need access to this machine anymore, so we remove
his user account from the ansible config (the account will be removed
from the machine manually).

Update testsuite_git_commit to remove tor browser alpha nightly builds.

Update testsuite_git_commit to enable android nightly builds.

Add the option `mar_compression` to update_responses_config.yml to
select the compression format used in the mar files.

Currently we are using bzip2 for the previous alpha, xz for the new
alpha, and bzip2 for both the previous and new stable.

Add the whitespace in "Tor Browser.app".

Use make_path instead of mkdir to create all needed parent directories.

Add the htaccess_rewrite_rules option which can be used to specify
rewrite rules to be added to the generated .htaccess files.

boklm authored 6 years ago and Georg Koppen committed 6 years ago

We update the update_responses script to be able to specify a different
$releases_dir for each version. When generating incremental mars, this
allows us to set the default releases_dir to {alpha,release}/signed and
the current version's releases_dir to {alpha,release}/unsigned.

Authentication configuration for the email setup is stored in
group_vars/boklm-tbb-nightly/dma-auth.yml, encrypted using
ansible-vault. The file contains the dma_auth_conf variable, which is
the content of the /etc/dma/auth.conf file.

This fixes the download of the osx64 mar files. Previously we were
unsigning the downloaded mar files and checking them with
sha256sums-unsigned-build.txt. The signed osx64 mar files include files
that are code-signed, so unsigning the mar file is not enough to get a
mar file matching sha256sums-unsigned-build.txt.

Furthermore we adapt the README and our ansible main.yml to take care of
removing File::Slurp from our build dependencies and replacing it with
Path::Tiny

https://docs.ansible.com/ansible/latest/porting_guide_2.0.html#deprecated