Loading Makefile +12 −0 Original line number Diff line number Diff line Loading @@ -239,6 +239,12 @@ torbrowser-compare-windows-signed-unsigned-release: submodule-update torbrowser-compare-windows-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target torbrowser torbrowser-compare-mar-signed-unsigned-release: submodule-update $(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target torbrowser torbrowser-compare-mar-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target torbrowser ######################## # Base Browser Targets # Loading Loading @@ -577,6 +583,12 @@ mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update mullvadbrowser-compare-windows-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target mullvadbrowser mullvadbrowser-compare-mar-signed-unsigned-release: submodule-update $(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target mullvadbrowser mullvadbrowser-compare-mar-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target mullvadbrowser ############################ # Toolchain Update Targets # Loading doc/MAKEFILE.txt +5 −0 Original line number Diff line number Diff line Loading @@ -141,3 +141,8 @@ torbrowser-compare-windows-signed-unsigned-{release,alpha} Unsign exe files from directory torbrowser/{release,alpha}/signed/$version and compare them with the checksum from sha256sums-unsigned-build.txt. torbrowser-compare-mar-signed-unsigned-{release,alpha} ---------------------------------------------------------- Unsign mar files from directory torbrowser/{release,alpha}/signed/$version and compare them with the checksum from sha256sums-unsigned-build.txt. projects/release/compare_mar_signed_unsigned 0 → 100644 +44 −0 Original line number Diff line number Diff line #!/bin/bash [% c("var/set_default_env") -%] [% IF c("var/nightly") -%] build_dir=[% shell_quote(path(dest_dir)) %]/[% c("version") %] [% ELSE -%] build_dir=[% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version") %] [% END -%] if ! test -d "$build_dir" then echo "Error: Directory $build_dir does not exist" 1>&2 echo "You can download it with this command:" 1>&2 echo " ./tools/download-[% c("var/projectname") %] [% c("var/torbrowser_version") %]" 1>&2 exit 1 fi sha256sums_files=sha256sums-unsigned-build.txt cd "$build_dir" test -f sha256sums-unsigned-build.incrementals.txt \ && sha256sums_files="$sha256sums_files sha256sums-unsigned-build.incrementals.txt" cp -a -- $(ls -1 *.mar | grep -v -- -macos-) $sha256sums_files "$rootdir/" cd "$rootdir" unzip -q "$rootdir/[% c('input_files_by_name/mar-tools') %]" export PATH="$rootdir/mar-tools:$PATH" export LD_LIBRARY_PATH="$rootdir/mar-tools" for file in *.mar do signmar -r "$file" "unsigned-$file" mv -f "unsigned-$file" "$file" echo "Unsigned $file" done grep -h -- '\.mar$' $sha256sums_files | grep -v -- -macos- | sha256sum -c cat << 'EOF' macOS mar files have been skipped as we don't yet have a good solution to remove code signing from those files. See https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40988 Windows and Linux unsigned mar files are matching with sha256sums-unsigned-build.txt. EOF projects/release/config +8 −0 Original line number Diff line number Diff line Loading @@ -271,3 +271,11 @@ steps: name: osslsigncode pkg_type: build compare_windows_signed_unsigned_exe: '[% INCLUDE compare_windows_signed_unsigned_exe %]' compare_mar_signed_unsigned: build_log: '-' debug: 0 input_files: - project: mar-tools name: mar-tools pkg_type: fetch_martools compare_mar_signed_unsigned: '[% INCLUDE compare_mar_signed_unsigned %]' Loading
Makefile +12 −0 Original line number Diff line number Diff line Loading @@ -239,6 +239,12 @@ torbrowser-compare-windows-signed-unsigned-release: submodule-update torbrowser-compare-windows-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target torbrowser torbrowser-compare-mar-signed-unsigned-release: submodule-update $(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target torbrowser torbrowser-compare-mar-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target torbrowser ######################## # Base Browser Targets # Loading Loading @@ -577,6 +583,12 @@ mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update mullvadbrowser-compare-windows-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target mullvadbrowser mullvadbrowser-compare-mar-signed-unsigned-release: submodule-update $(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target mullvadbrowser mullvadbrowser-compare-mar-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target mullvadbrowser ############################ # Toolchain Update Targets # Loading
doc/MAKEFILE.txt +5 −0 Original line number Diff line number Diff line Loading @@ -141,3 +141,8 @@ torbrowser-compare-windows-signed-unsigned-{release,alpha} Unsign exe files from directory torbrowser/{release,alpha}/signed/$version and compare them with the checksum from sha256sums-unsigned-build.txt. torbrowser-compare-mar-signed-unsigned-{release,alpha} ---------------------------------------------------------- Unsign mar files from directory torbrowser/{release,alpha}/signed/$version and compare them with the checksum from sha256sums-unsigned-build.txt.
projects/release/compare_mar_signed_unsigned 0 → 100644 +44 −0 Original line number Diff line number Diff line #!/bin/bash [% c("var/set_default_env") -%] [% IF c("var/nightly") -%] build_dir=[% shell_quote(path(dest_dir)) %]/[% c("version") %] [% ELSE -%] build_dir=[% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version") %] [% END -%] if ! test -d "$build_dir" then echo "Error: Directory $build_dir does not exist" 1>&2 echo "You can download it with this command:" 1>&2 echo " ./tools/download-[% c("var/projectname") %] [% c("var/torbrowser_version") %]" 1>&2 exit 1 fi sha256sums_files=sha256sums-unsigned-build.txt cd "$build_dir" test -f sha256sums-unsigned-build.incrementals.txt \ && sha256sums_files="$sha256sums_files sha256sums-unsigned-build.incrementals.txt" cp -a -- $(ls -1 *.mar | grep -v -- -macos-) $sha256sums_files "$rootdir/" cd "$rootdir" unzip -q "$rootdir/[% c('input_files_by_name/mar-tools') %]" export PATH="$rootdir/mar-tools:$PATH" export LD_LIBRARY_PATH="$rootdir/mar-tools" for file in *.mar do signmar -r "$file" "unsigned-$file" mv -f "unsigned-$file" "$file" echo "Unsigned $file" done grep -h -- '\.mar$' $sha256sums_files | grep -v -- -macos- | sha256sum -c cat << 'EOF' macOS mar files have been skipped as we don't yet have a good solution to remove code signing from those files. See https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40988 Windows and Linux unsigned mar files are matching with sha256sums-unsigned-build.txt. EOF
projects/release/config +8 −0 Original line number Diff line number Diff line Loading @@ -271,3 +271,11 @@ steps: name: osslsigncode pkg_type: build compare_windows_signed_unsigned_exe: '[% INCLUDE compare_windows_signed_unsigned_exe %]' compare_mar_signed_unsigned: build_log: '-' debug: 0 input_files: - project: mar-tools name: mar-tools pkg_type: fetch_martools compare_mar_signed_unsigned: '[% INCLUDE compare_mar_signed_unsigned %]'
