Bug 43244: Add a git commit tag+signing script
Merge Info
Related Issues
Backporting
Timeline
-
Immediate: patchset needed as soon as possible -
Next Minor Stable Release: patchset that needs to be verified in nightly before backport -
Eventually: patchset that needs to be verified in alpha before backport -
No Backport (preferred): patchset for the next major stable
(Optional) Justification
-
Emergency security update: patchset fixes CVEs, 0-days, etc -
Censorship event: patchset enables censorship circumvention -
Critical bug-fix: patchset fixes a bug in core-functionality -
Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc -
Sponsor required: patchset required for sponsor -
Localization: typos and other localization changes that should be also in the release branch -
Other: please explain
Merging
-
Merge to tor-browser
-!fixups
totor-browser
-specific commits, new features, security backports -
Merge to base-browser
-!fixups
tobase-browser
-specific commits, new features to be shared withmullvad-browser
, and security backports-
Bug 43244: Add a git commit tag+signing script
should be comitted tobase-browser
,tor-browser
, andmullvad-browser
-
Bug 43244: Add tor-browser as valid project to sign-tag.sh script
should be comitted to justtor-browser
-
NOTE: if your changeset includes patches to both
base-browser
andtor-browser
please clearly label in the change description which commits should be cherry-picked tobase-browser
after merging
-
We will want to backport this to:
- tor-browser stable
- tor-browser legacy
- mullvad-browser stable
Issue Tracking
-
Link resolved issues with appropriate Release Prep issue for changelog generation
Review
Request Reviewer
-
Request review from an applications developer depending on modified system: -
NOTE: if the MR modifies multiple areas, please
/cc
all the relevant reviewers (since gitlab only allows 1 reviewer) - accessibility : henry
- android : clairehurst, dan
- build system : boklm
- extensions : ma1
- firefox internals (XUL/JS/XPCOM) : jwilde, ma1
- fonts : pierov
- frontend (implementation) : henry
- frontend (review) : donuts, richard
- localization : henry, pierov
- macOS : clairehurst, dan
- nightly builds : boklm
- rebases/release-prep : dan, ma1, pierov, richard
- security : jwilde, ma1
- signing : boklm, richard
- updater : pierov
- windows : jwilde, richard
- misc/other : pierov, richard
-
NOTE: if the MR modifies multiple areas, please
Change Description
Adds a shells script to /tools/base-browser
which will sign a browser-commit following our rules around tag and message name. Once this is merged I still need to:
- Create an analagous commit for mullvad-browser which nukes
legacy
from the channel list and addsmullvad-browser
to the projects list - Update the release prep issue templates telling the user to invoke this script when tagging (currently tag specifics are unspecified but they are actually important for the localisation pipelines!)
How Tested
Verified locally in the tor-browser-128.4.0esr-14.0 branch with a fake build2; verified the obvious mistakes are avoided (e.g. signing from the wrong branch, specifying an incorrect build number, etc).
Merge request reports
Activity
requested review from @boklm
assigned to @morgan
I have a similar script that tries to figure out everything automatically if you don't provide arguments. I often tag
build1
after merging/pushing base browser, and this approach works great for me.I'd also prefer if we had a repository for this kind of tools, rather than embedding them in tor-browser.git/mullvad-browser.git with all their complications. I have other scripts I could add there. (I asked about this months ago, but I never got an answer
).Create an analagous commit for mullvad-browser which nukes
legacy
from the channel list and addsmullvad-browser
to the projects listAlso, I'd prefer if we avoided this, and instead put everything in the initial script, if we my proposal of keeping them in a separate repository isn't accepted.
These scripts won't be in the final product, so there's no a real advantage of doing this kind of sewing for me. But the commit it takes to do it will add up to the rebase time (even without conflicts, the raw number of commits make the rebase of our giant repository longer).
For this reason, if we don't create another repo, I think we could follow what we do for Tor Browser tool, and group all of them in a single commit also for Base Browser (the other scripts we have are the Bugzilla triage CSV creation, which I think could also live in the separate repository).
I'd also prefer if we had a repository for this kind of tools, rather than embedding them in tor-browser.git/mullvad-browser.git with all their complications. I have other scripts I could add there. (I asked about this months ago, but I never got an answer
).We could also put them in tor-browser-build.git/tools.
mentioned in merge request tor-browser-build!1093 (merged)