Skip to content

Bug 43244: Add a git commit tag+signing script

morgan requested to merge morgan/tor-browser:bug_43244 into tor-browser-128.4.0esr-14.5-1

Merge Info

Related Issues

Backporting

Timeline

  • Immediate: patchset needed as soon as possible
  • Next Minor Stable Release: patchset that needs to be verified in nightly before backport
  • Eventually: patchset that needs to be verified in alpha before backport
  • No Backport (preferred): patchset for the next major stable

(Optional) Justification

  • Emergency security update: patchset fixes CVEs, 0-days, etc
  • Censorship event: patchset enables censorship circumvention
  • Critical bug-fix: patchset fixes a bug in core-functionality
  • Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
  • Sponsor required: patchset required for sponsor
  • Localization: typos and other localization changes that should be also in the release branch
  • Other: please explain

Merging

  • Merge to tor-browser - !fixups to tor-browser-specific commits, new features, security backports
  • Merge to base-browser - !fixups to base-browser-specific commits, new features to be shared with mullvad-browser, and security backports
    • Bug 43244: Add a git commit tag+signing script should be comitted to base-browser, tor-browser, and mullvad-browser
    • Bug 43244: Add tor-browser as valid project to sign-tag.sh script should be comitted to just tor-browser
    • NOTE: if your changeset includes patches to both base-browser and tor-browser please clearly label in the change description which commits should be cherry-picked to base-browser after merging

We will want to backport this to:

  • tor-browser stable
  • tor-browser legacy
  • mullvad-browser stable

Issue Tracking

Review

Request Reviewer

  • Request review from an applications developer depending on modified system:
    • NOTE: if the MR modifies multiple areas, please /cc all the relevant reviewers (since gitlab only allows 1 reviewer)
    • accessibility : henry
    • android : clairehurst, dan
    • build system : boklm
    • extensions : ma1
    • firefox internals (XUL/JS/XPCOM) : jwilde, ma1
    • fonts : pierov
    • frontend (implementation) : henry
    • frontend (review) : donuts, richard
    • localization : henry, pierov
    • macOS : clairehurst, dan
    • nightly builds : boklm
    • rebases/release-prep : dan, ma1, pierov, richard
    • security : jwilde, ma1
    • signing : boklm, richard
    • updater : pierov
    • windows : jwilde, richard
    • misc/other : pierov, richard

Change Description

Adds a shells script to /tools/base-browser which will sign a browser-commit following our rules around tag and message name. Once this is merged I still need to:

  • Create an analagous commit for mullvad-browser which nukes legacy from the channel list and adds mullvad-browser to the projects list
  • Update the release prep issue templates telling the user to invoke this script when tagging (currently tag specifics are unspecified but they are actually important for the localisation pipelines!)

How Tested

Verified locally in the tor-browser-128.4.0esr-14.0 branch with a fake build2; verified the obvious mistakes are avoided (e.g. signing from the wrong branch, specifying an incorrect build number, etc).

cc @boklm @dan @ma1 @pierov @henry

Merge request reports