Opened 8 months ago

Closed 8 months ago

#32750 closed task (fixed)

Sign nightly sha256sums files with gpg

Reported by: boklm Owned by: boklm
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-rbm, tbb-update, TorBrowserTeam201912R
Cc: tbb-team Actual Points: .1
Parent ID: #18867 Points: .1
Reviewer: Sponsor:

Description

We should sign the nightly build sha256sums with gpg.

This can be done by creating a key on the nightly build machine, and setting var/sign_build to 1 in rbm.local.conf.

Child Tickets

TicketStatusOwnerSummaryComponent
#32751closedtbb-teamSetting var/sign_build to 1 should sign the sha256sums-unsigned-build.incrementals.txt file tooApplications/Tor Browser

Change History (6)

comment:1 Changed 8 months ago by boklm

Actual Points: .1
Keywords: TorBrowserTeam201912R added; TorBrowserTeam201912 removed
Points: .25.1
Status: assignedneeds_review

comment:2 Changed 8 months ago by gk

Keywords: TorBrowserTeam201912 added; TorBrowserTeam201912R removed
Status: needs_reviewneeds_revision

Now that #32751 got merged I guess we should mention the incrementals sha256sums file, too, in rbm.local.conf as we did in that bug.

comment:3 Changed 8 months ago by boklm

Keywords: TorBrowserTeam201912R added; TorBrowserTeam201912 removed
Status: needs_revisionneeds_review

comment:4 in reply to:  3 ; Changed 8 months ago by gk

Replying to boklm:

I fixed that in bug_32750_v4:
https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_32750_v4&id=32ce9d2bf8bbd09017533175ffebf0b3599eb617

Thanks. While looking at the commit again: can't we just set sign_build to 1 in case nightly_build_sign_build is defined?

comment:5 in reply to:  4 ; Changed 8 months ago by boklm

Replying to gk:

Replying to boklm:

I fixed that in bug_32750_v4:
https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_32750_v4&id=32ce9d2bf8bbd09017533175ffebf0b3599eb617

Thanks. While looking at the commit again: can't we just set sign_build to 1 in case nightly_build_sign_build is defined?

If we do that then if we set nightly_build_sign_build to 0, then sign_build will still be enabled, which can be confusing.

comment:6 in reply to:  5 Changed 8 months ago by gk

Resolution: fixed
Status: needs_reviewclosed

Replying to boklm:

Replying to gk:

Replying to boklm:

I fixed that in bug_32750_v4:
https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_32750_v4&id=32ce9d2bf8bbd09017533175ffebf0b3599eb617

Thanks. While looking at the commit again: can't we just set sign_build to 1 in case nightly_build_sign_build is defined?

If we do that then if we set nightly_build_sign_build to 0, then sign_build will still be enabled, which can be confusing.

Yeah, I was more thinking about not setting nightly_build_sign_build at all in that case (that is instead setting it to 0). But I guess this might be confusing in its own way. So, works for me.

Merged to master (commit b61a0497f0258ffebb2586c41267462e16a69cf0).

Note: See TracTickets for help on using tickets.