GitLab

Recently, Tor Browser began providing automatic nightly updates (#18867 (moved)), and those are now hosted on nightlies.tbb.torproject.org (#32800 (moved)). All of the building and signing machines are currently hosted externally. This ticket is for moving the signing operation onto a TPA maintained server.

It will need about 40 GB of disk space, memory requirement should be small (1 or 2 GB, should be more than enough).

As the end result, every day this server will receive files from an external server (pushed or pulled, whichever makes the most sense), sign them, and then copy them to nightlies.tbb.torproject.org for serving.

The server will hold a passphrase-protected OpenPGP private key and a passphrase-protected NSS DB containing a private signing key.

This server should be as network-access-restricted as possible, while still being usable.