Sign nightly sha256sums files with gpg

We should sign the nightly build sha256sums with gpg.

This can be done by creating a key on the nightly build machine, and setting var/sign_build to 1 in rbm.local.conf.

Trac:
Parent Ticket: #18867 (moved)
Child Ticket(s): #32751 (moved)

added TorBrowserTeam201912R actualpoints::.1 component::applications/tor browser owner::boklm parent::18867 points::.1 priority::medium resolution::fixed severity::normal status::closed tbb-rbm tbb-update type::task labels

There is a patch for review in branch bug_32750_v2: https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_32750_v2&id=f803f711462092c3858a8c0b28aa7f2ea782050f

Trac:
Points: .25 to .1
Keywords: TorBrowserTeam201912 deleted, TorBrowserTeam201912R added
Status: assigned to needs_review
Actualpoints: N/A to .1

Now that #32751 (moved) got merged I guess we should mention the incrementals sha256sums file, too, in rbm.local.conf as we did in that bug.

Trac:
Keywords: TorBrowserTeam201912R deleted, TorBrowserTeam201912 added
Status: needs_review to needs_revision

I fixed that in bug_32750_v4: https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_32750_v4&id=32ce9d2bf8bbd09017533175ffebf0b3599eb617

Trac:
Keywords: TorBrowserTeam201912 deleted, TorBrowserTeam201912R added
Status: needs_revision to needs_review

Replying to boklm:

I fixed that in bug_32750_v4: https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_32750_v4&id=32ce9d2bf8bbd09017533175ffebf0b3599eb617

Thanks. While looking at the commit again: can't we just set sign_build to 1 in case nightly_build_sign_build is defined?

Replying to gk:

Replying to boklm:

I fixed that in bug_32750_v4: https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_32750_v4&id=32ce9d2bf8bbd09017533175ffebf0b3599eb617

Thanks. While looking at the commit again: can't we just set sign_build to 1 in case nightly_build_sign_build is defined?

If we do that then if we set nightly_build_sign_build to 0, then sign_build will still be enabled, which can be confusing.

Replying to boklm:

Replying to gk:

Replying to boklm:

I fixed that in bug_32750_v4: https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_32750_v4&id=32ce9d2bf8bbd09017533175ffebf0b3599eb617

Thanks. While looking at the commit again: can't we just set sign_build to 1 in case nightly_build_sign_build is defined?

If we do that then if we set nightly_build_sign_build to 0, then sign_build will still be enabled, which can be confusing.

Yeah, I was more thinking about not setting nightly_build_sign_build at all in that case (that is instead setting it to 0). But I guess this might be confusing in its own way. So, works for me.

Merged to master (commit b61a0497f0258ffebb2586c41267462e16a69cf0).

Trac:
Resolution: N/A to fixed
Status: needs_review to closed

closed

changed time estimate to 48m

added 48m of time spent

mentioned in issue #32751 (moved)

moved to tpo/applications/tor-browser#32750 (closed)