Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • T tor-browser-build
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 219
    • Issues 219
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 11
    • Merge requests 11
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • tor-browser-build
  • Issues
  • #18497
Closed
Open
Created Mar 07, 2016 by boklm@boklmMaintainer

Check that MAR signing is done properly on the files available in the update responses

In legacy/trac#18405 (moved) we are adding a script to be used during the release process to check that the MAR files are properly signed. We could have an other one that is doing the same things on the files currently proposed as an update. This would allow someone to easily check (maybe as a cron job) that the updates currently available are the same as the ones in the sha256sums-unsigned-build files.

In tools/update-responses/check_update_responses_deployement we have a script that currently check that the update responses xml provides the expected version. I think I could extend it to also download the mar files it provides, unsign them and check that they match sha256sums-unsigned-build.txt.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking