Loading tools/.gitignore +1 −0 Original line number Diff line number Diff line _repackaged .changelogs_token local tools/signing/machines-setup/setup-signing-machine +13 −0 Original line number Diff line number Diff line Loading @@ -84,11 +84,13 @@ create_user signing-gpg create_user signing-mar create_user signing-win yubihsm create_user signing-apk signing create_user signing-macos signing sudoers_file sign-gpg sudoers_file sign-mar sudoers_file sign-exe sudoers_file sign-apk sudoers_file sign-rcodesign authorized_keys boklm boklm-tb-release.pub boklm-yk1.pub create_user richard signing Loading @@ -115,6 +117,9 @@ install_packages cmake libusb-1.0-0-dev libedit-dev gengetopt libpcsclite-dev he # Install deps for android/apk signing install_packages unzip openjdk-11-jdk-headless openjdk-11-jre-headless # Install deps for macos-rcodesign signing install_packages p7zip-full zstd # Build and install yubihsm-pkcs11 package create_user build-pkgs if ! dpkg-query -s yubihsm-pkcs11 2> /dev/null | grep -q '^Status: .* installed'; then Loading Loading @@ -146,3 +151,11 @@ for rel in release alpha; do chmod 700 "$keypath" fi done # Setup for macos signing with rcodesign /signing/tor-browser-build/tools/signing/setup-rcodesign /signing # `rcodesign sign` requires access to timestamp.apple.com. We do that # by redirecting a local port with `ssh -R`. See tor-browser-build#29815. if ! grep -q 'timestamp\.apple\.com' /etc/hosts; then echo '127.0.0.1 timestamp.apple.com' >> /etc/hosts fi tools/signing/machines-setup/sudoers.d/sign-rcodesign 0 → 100644 +2 −0 Original line number Diff line number Diff line Defaults>signing-macos env_keep += "SIGNING_PROJECTNAME tbb_version_type RCODESIGN_PW" %signing ALL = (signing-macos) NOPASSWD: /signing/tor-browser-build/tools/signing/wrappers/sign-rcodesign tools/signing/machines-setup/upload-tbb-to-signing-machine +5 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,7 @@ set -e script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source ../set-config.rcodesign cd "$script_dir/../../.." tmpdir=$(mktemp -d) Loading Loading @@ -69,6 +70,10 @@ ssh "$setup_user@$signing_machine" mkdir -p $signing_dir/android-build-tools ssh "$setup_user@$signing_machine" unzip -qo -d $signing_dir/android-build-tools "$signing_dir/$android_build_tools_filename" ssh "$setup_user@$signing_machine" chmod -R o+rX "$signing_dir/$android_build_tools_filename" echo "Uploading $rcodesign_filename" tools/signing/setup-rcodesign rsync -v "tools/local/$rcodesign_filename" "$setup_user@$signing_machine:$signing_dir/$rcodesign_filename" echo "Uploading tor-browser-build.tar to $signing_machine" scp -p "$tbbtar" "$setup_user@$signing_machine:$signing_dir/" echo "Extracting tor-browser-build.tar on $signing_machine" Loading tools/signing/set-config.rcodesign 0 → 100644 +4 −0 Original line number Diff line number Diff line rcodesign_version=0.22.0-bc8cc7 rcodesign_filename=rcodesign-${rcodesign_version}.tar.gz rcodesign_sha256sum=2a9eda016fff116c59f52b358e7a740f6fb5c039974f0acc8266c3605d24092a rcodesign_url="https://build-sources.tbb.torproject.org/${rcodesign_filename}" Loading
tools/.gitignore +1 −0 Original line number Diff line number Diff line _repackaged .changelogs_token local
tools/signing/machines-setup/setup-signing-machine +13 −0 Original line number Diff line number Diff line Loading @@ -84,11 +84,13 @@ create_user signing-gpg create_user signing-mar create_user signing-win yubihsm create_user signing-apk signing create_user signing-macos signing sudoers_file sign-gpg sudoers_file sign-mar sudoers_file sign-exe sudoers_file sign-apk sudoers_file sign-rcodesign authorized_keys boklm boklm-tb-release.pub boklm-yk1.pub create_user richard signing Loading @@ -115,6 +117,9 @@ install_packages cmake libusb-1.0-0-dev libedit-dev gengetopt libpcsclite-dev he # Install deps for android/apk signing install_packages unzip openjdk-11-jdk-headless openjdk-11-jre-headless # Install deps for macos-rcodesign signing install_packages p7zip-full zstd # Build and install yubihsm-pkcs11 package create_user build-pkgs if ! dpkg-query -s yubihsm-pkcs11 2> /dev/null | grep -q '^Status: .* installed'; then Loading Loading @@ -146,3 +151,11 @@ for rel in release alpha; do chmod 700 "$keypath" fi done # Setup for macos signing with rcodesign /signing/tor-browser-build/tools/signing/setup-rcodesign /signing # `rcodesign sign` requires access to timestamp.apple.com. We do that # by redirecting a local port with `ssh -R`. See tor-browser-build#29815. if ! grep -q 'timestamp\.apple\.com' /etc/hosts; then echo '127.0.0.1 timestamp.apple.com' >> /etc/hosts fi
tools/signing/machines-setup/sudoers.d/sign-rcodesign 0 → 100644 +2 −0 Original line number Diff line number Diff line Defaults>signing-macos env_keep += "SIGNING_PROJECTNAME tbb_version_type RCODESIGN_PW" %signing ALL = (signing-macos) NOPASSWD: /signing/tor-browser-build/tools/signing/wrappers/sign-rcodesign
tools/signing/machines-setup/upload-tbb-to-signing-machine +5 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,7 @@ set -e script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source ../set-config.rcodesign cd "$script_dir/../../.." tmpdir=$(mktemp -d) Loading Loading @@ -69,6 +70,10 @@ ssh "$setup_user@$signing_machine" mkdir -p $signing_dir/android-build-tools ssh "$setup_user@$signing_machine" unzip -qo -d $signing_dir/android-build-tools "$signing_dir/$android_build_tools_filename" ssh "$setup_user@$signing_machine" chmod -R o+rX "$signing_dir/$android_build_tools_filename" echo "Uploading $rcodesign_filename" tools/signing/setup-rcodesign rsync -v "tools/local/$rcodesign_filename" "$setup_user@$signing_machine:$signing_dir/$rcodesign_filename" echo "Uploading tor-browser-build.tar to $signing_machine" scp -p "$tbbtar" "$setup_user@$signing_machine:$signing_dir/" echo "Extracting tor-browser-build.tar on $signing_machine" Loading
tools/signing/set-config.rcodesign 0 → 100644 +4 −0 Original line number Diff line number Diff line rcodesign_version=0.22.0-bc8cc7 rcodesign_filename=rcodesign-${rcodesign_version}.tar.gz rcodesign_sha256sum=2a9eda016fff116c59f52b358e7a740f6fb5c039974f0acc8266c3605d24092a rcodesign_url="https://build-sources.tbb.torproject.org/${rcodesign_filename}"
