Opened 20 months ago

Last modified 12 days ago

#23657 new task

Decide directories used for signed/unsigned builds in tor-browser-builds

Reported by: boklm Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-rbm, boklm201811, TorBrowserTeam201905
Cc: Actual Points:
Parent ID: #24331 Points:
Reviewer: Sponsor:

Description

With gitian builds, all builds (signed and unsigned) were stored in the gitian directory directly.

I remember having issues when generating incremental mars which were done with unsigned osx mars instead of the signed ones. To avoid that issue I have started with separating signed and unsigned builds in tor-browser-build. However it seems the new process is confusing and error-prone during the signing process, so we should think more about what directories we want to use in the different steps (or if we want to go back to using only one).

I think having different directories could also be useful if we want to add some scripts helping with the intermediate signing steps.

What we currently have is:

  • the build target creates builds in the directory unsigned
  • the incrementals target generates incremental mars in the unsigned directory. However it is using/downloading the mar files from the old version in the unsigned directory too, while it should be done from a signed build (for the osx ones). Maybe we should fix the incrementals step to use the old version from the signed directory instead.
  • the dmg2mar target is using the signed directory. However at this point, only the dmg files are signed, so it is confusing to put all the files in the signed directory. Maybe an intermediate directory should be used instead?
  • the update_responses target is using the signed directory. I think this one is correct as update responses should only be done from a fully signed build.

Child Tickets

TicketStatusOwnerSummaryComponent
#26059closedtbb-teamUse mar files from the signed directory when generating incremental marsApplications/Tor Browser

Change History (25)

comment:1 Changed 20 months ago by boklm

I think having different directories could also be useful if we want to add some scripts helping with the intermediate signing steps.

I think some of the scripts/makefile targets that could be useful are:

  • uploading the unsigned dmg files to the osx signing machine
  • downloading the code signed osx tar.bz2 files
  • converting the code signed osx tar.bz2 to dmg files
  • uploading the exe files to the linux signing machine
  • downloading the signed exe files (with an rsync over the unsigned files)
  • timestamping the signed exe files
  • uploading the mar files to the linux signing machine for mar signing
  • uploading the signed+timestamped exe files to the linux signing machine (with an rsync ovec the previously uploaded ones), for gpg signing
  • uploading the code signed dmg files to the linux signing machine, for gpg signing

the dmg2mar target is using the signed directory. However at this point, only the dmg files are signed, so it is confusing to put all the files in the signed directory. Maybe an intermediate directory should be used instead?

One option is to do that in an intermediate directory such as signed-dmg. An other option is to do it in the unsigned directory directly.

comment:2 in reply to:  1 Changed 20 months ago by gk

Replying to boklm:

I think having different directories could also be useful if we want to add some scripts helping with the intermediate signing steps.

I think some of the scripts/makefile targets that could be useful are:

  • uploading the unsigned dmg files to the osx signing machine
  • downloading the code signed osx tar.bz2 files
  • converting the code signed osx tar.bz2 to dmg files
  • uploading the exe files to the linux signing machine
  • downloading the signed exe files (with an rsync over the unsigned files)
  • timestamping the signed exe files
  • uploading the mar files to the linux signing machine for mar signing
  • uploading the signed+timestamped exe files to the linux signing machine (with an rsync ovec the previously uploaded ones), for gpg signing
  • uploading the code signed dmg files to the linux signing machine, for gpg signing

We could sit down in Montreal and think a bit about that. I am actually not sure whether we can tailor our scripts in such a way that it helps much with our release management. But I hope you can convince me I am wrong!

comment:3 Changed 19 months ago by gk

Keywords: tbb-rbm added

comment:4 Changed 18 months ago by boklm

Parent ID: #24331

comment:5 Changed 14 months ago by gk

Keywords: TorBrowserTeam201804 added

comment:6 Changed 14 months ago by boklm

Keywords: boklm201804 added

comment:7 Changed 14 months ago by gk

Priority: MediumHigh

comment:8 Changed 13 months ago by boklm

Keywords: boklm201805 added; boklm201804 removed

boklm201804 -> boklm201805

comment:9 Changed 13 months ago by gk

Keywords: TorBrowserTeam201805 added; TorBrowserTeam201804 removed

Move our roadmap tickets to May.

comment:10 Changed 12 months ago by boklm

Keywords: boklm201806 added; boklm201805 removed

boklm201805 -> boklm201806

comment:11 Changed 12 months ago by gk

Keywords: TorBrowserTeam201806 added; TorBrowserTeam201805 removed

Moving our tickets to June 2018

comment:12 Changed 11 months ago by boklm

Keywords: boklm201807 added; boklm201806 removed

boklm201806 -> boklm201807

comment:13 Changed 11 months ago by gk

Keywords: TorBrowserTeam201807 added; TorBrowserTeam201806 removed

Moving first batch of tickets to July 2018

comment:14 Changed 10 months ago by gk

Keywords: TorBrowserTeam201808 added; TorBrowserTeam201807 removed

Move our tickets to August.

comment:15 Changed 9 months ago by boklm

Keywords: boklm201809 added; boklm201807 removed

boklm201807 -> boklm201809

comment:16 Changed 9 months ago by gk

Keywords: TorBrowserTeam201809 added; TorBrowserTeam201808 removed

Moving our tickets to September 2018

comment:17 Changed 8 months ago by gk

Keywords: TorBrowserTeam201810 added; TorBrowserTeam201809 removed

Moving tickets to October

comment:18 Changed 7 months ago by gk

Keywords: TorBrowserTeam201811 added; TorBrowserTeam201810 removed

Moving our tickets to November.

comment:19 Changed 6 months ago by boklm

Keywords: boklm201811 added; boklm201809 removed

boklm201809 -> boklm201811

comment:20 Changed 6 months ago by gk

Keywords: TorBrowserTeam201812 added; TorBrowserTeam201811 removed

Moving our tickets to December.

comment:21 Changed 4 months ago by gk

Keywords: TorBrowserTeam201901 added; TorBrowserTeam201812 removed

Moving tickets to Jan 2019.

comment:22 Changed 3 months ago by gk

Keywords: TorBrowserTeam201902 added; TorBrowserTeam201901 removed

Moving tickets to February.

comment:23 Changed 3 months ago by gk

Keywords: TorBrowserTeam201903 added; TorBrowserTeam201902 removed

Moving remaining tickets to March.

comment:24 Changed 7 weeks ago by gk

Keywords: TorBrowserTeam201904 added; TorBrowserTeam201903 removed

Moving tickets to April.

comment:25 Changed 12 days ago by gk

Keywords: TorBrowserTeam201905 added; TorBrowserTeam201904 removed

Moving tickets to May

Note: See TracTickets for help on using tickets.