Ticket #15598: 0001-Bug-15598-Update-documentation-for-TB-4.5.patch

File 0001-Bug-15598-Update-documentation-for-TB-4.5.patch, 2.2 KB (added by gk, 5 years ago)
  • docs/en/verifying-signatures.wml

    From f7eda7b290d4c8c3a2816a7a8bb2f2c97cec8119 Mon Sep 17 00:00:00 2001
    From: Georg Koppen <gk@torproject.org>
    Date: Mon, 27 Apr 2015 11:19:11 +0000
    Subject: [PATCH 1/2] Bug 15598: Update documentation for TB 4.5
    
    Refer to the Tor Browser signing key throughout the whole verifying-
    signatures document.
    
    Add documentation for stripping off the authenticode signatures of the
    Windows installers.
    ---
     docs/en/verifying-signatures.wml | 12 ++++++++++--
     1 file changed, 10 insertions(+), 2 deletions(-)
    
    diff --git a/docs/en/verifying-signatures.wml b/docs/en/verifying-signatures.wml
    index 89522d4..da1f4eb 100644
    a b  
    207207      for TBB 3.6.1.</li>
    208208      <li>Retrieve the signers' GPG keys. This can be done from the command
    209209      line by entering something like
    210       <pre>gpg --keyserver keys.mozilla.org --recv-keys 0x29846B3C683686CC</pre>
    211       (This will bring you developer Mike Perry's public key. Other
     210      <pre>gpg --keyserver keys.mozilla.org --recv-keys 0x4E2C6E8793298290</pre>
     211      (This will bring you the public part of the Tor Browser developers'
     212       signing key. Other
    212213      developers' key IDs can be found on
    213214      <a href="<page docs/signing-keys>">this
    214215      page</a>.)</li>
     
    216217      <pre>gpg --verify &lt;NAME OF THE SIGNATURE FILE&gt;.asc sha256sums.txt</pre></li>
    217218      <li>You should see a message like "Good signature from &lt;DEVELOPER
    218219      NAME&gt;". If you don't, there is a problem. Try these steps again.</li>
     220      <li>If you want to verify a Windows Tor Browser package you need to first
     221      strip off the authenticode signature of it. One tool that can be used for
     222      this purpose is <a
     223      href="http:/osslsigncode.sourceforge.net">osslsigncode</a>. Assuming you
     224      have built it on a Linux computer you can enter
     225      <pre>/path/to/your/osslsigncode remove-signature &#92;
     226        /path/to/your/&lt;TOR BROWSER FILE NAME&gt;.exe &lt;TOR BROWSER FILE NAME&gt;.exe</pre></li>
    219227      <li>Now you can take the sha256sum of the Tor Browser package. On
    220228      Windows you can use the <a href="http://md5deep.sourceforge.net/">
    221229      hashdeep utility</a> and run