Bug 115: Update signing scripts to build/sign Mullvad Browser MARs

ffbdefde · Richard Pospesel · fe23accf · ffbdefde · ffbdefde · ffbdefde
Commit ffbdefde authored Mar 23, 2023 by Richard Pospesel
--- a/tools/signing/dmg2mar
+++ b/tools/signing/dmg2mar
@@ -13,7 +13,7 @@ cd "$script_dir/../.."

 # some initial checks to make sure directories and file counts are as expected...

-version=$(./rbm/rbm showconf browser --target alpha --target torbrowser-linux-x86_64 var/torbrowser_version)
+version=$(./rbm/rbm showconf browser --target alpha --target $SIGNING_PROJECTNAME-linux-x86_64 var/torbrowser_version)
 test "$version" = "$tbb_version" || \
  exit_error "Incorrect tor browser version: $version != $tbb_version"



--- a/tools/signing/do-all-signing
+++ b/tools/signing/do-all-signing
@@ -194,13 +194,10 @@ do_step macos-signer-notarization
 do_step macos-signer-stapler
 do_step macos-signer-disable-network-proxy-settings
 do_step gatekeeper-bundling
-is_project torbrowser && \
 do_step dmg2mar
 do_step sync-scripts-to-linux-signer
 do_step sync-before-linux-signer-signmars
-is_project torbrowser && \
 do_step linux-signer-signmars
-is_project torbrowser && \
 do_step sync-after-signmars
 do_step linux-signer-authenticode-signing
 do_step sync-after-authenticode-signing
@@ -217,7 +214,6 @@ is_project torbrowser && \
  do_step sync-scripts-to-staticiforme
 is_project torbrowser && \
  do_step staticiforme-prepare-cdn-dist-upload
-is_project torbrowser && \
 do_step upload-update_responses-to-staticiforme
 do_step finished-signing-clean-macos-signer
 do_step finished-signing-clean-linux-signer
--- a/tools/signing/linux-signer-signmars
+++ b/tools/signing/linux-signer-signmars
@@ -11,8 +11,13 @@ script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 source "$script_dir/functions"

 if [ -z "${NSS_DB_DIR+x}" ]; then
+  if test "$SIGNING_PROJECTNAME" = 'torbrowser'; then
    NSS_DB_DIR=/home/boklm/marsigning/nssdb7
  fi
+  if test "$SIGNING_PROJECTNAME" = 'mullvadbrowser'; then
+    NSS_DB_DIR=/home/boklm/marsigning/mullvad-browser-nssdb-1
+  fi
+fi

 if [ -z "${NSS_CERTNAME+x}" ]; then
  NSS_CERTNAME=marsigner


--- a/tools/signing/set-config.update-responses
+++ b/tools/signing/set-config.update-responses
 # You should clone git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git
-# and uncomment the line setting update_responses_repository_dir.
+# and git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git
+# and uncomment the lines setting update_responses_repository_dir.
 # Don't forget to set user.email and user.name in your git config

+#is_project torbrowser && \
  #update_responses_repository_dir=/path/to/tor-browser-update-responses.git
+#is_project mullvadbrowser && \
+  #update_responses_repository_dir=/path/to/mullvad-browser-update-responses.git
+

 check_update_responses_repository_dir
--- a/tools/signing/upload-update_responses-to-staticiforme
+++ b/tools/signing/upload-update_responses-to-staticiforme
@@ -23,11 +23,18 @@ git checkout main
 git pull --ff-only
 test -n "$(git status --porcelain=v1 | grep -v '^?')" \
  && exit_error 'update_responses_repository_dir has modified files'
-cd update_3
+is_project torbrowser && cd update_3
+is_project mullvadbrowser && cd update_1
+
 rm -Rf "$tbb_version_type"
 tar -xf "$update_responses_tar"
 git add "$tbb_version_type"
 git commit -m "$tbb_version_type: new version, $tbb_version"
+git push
+
+# we just need to push mullvadbrowser's update responses to git, not deploy to staticiforme
+is_project mullvadbrowser && exit 0
+
 update_responses_commit=$(git log -1 --format=%H)

 update_dir=/srv/aus1-master.torproject.org/htdocs/torbrowser
@@ -50,8 +57,6 @@ EOF
 chmod +x $deploy_script
 scp -p $deploy_script $ssh_host_staticiforme:deploy_update_responses-$tbb_version_type.sh

-git push
-
 echo 'To enable updates you can now run:'
 echo "  ssh $ssh_host_staticiforme"
 echo "  sudo -u tb-release ./deploy_update_responses-$tbb_version_type.sh"