Opened 7 months ago

Closed 7 months ago

#32751 closed task (fixed)

Setting var/sign_build to 1 should sign the sha256sums-unsigned-build.incrementals.txt file too

Reported by: boklm Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-rbm, tbb-update, TorBrowserTeam201912R
Cc: tbb-team Actual Points: .1
Parent ID: #32750 Points:
Reviewer: gk Sponsor:

Description

When setting var/sign_build to 1, the file sha256sums-unsigned-build.txt is getting signed automatically at the end of a build. The sha256sums-unsigned-build.incrementals.txt file however currently does not get signed.

Child Tickets

Change History (11)

comment:1 Changed 7 months ago by boklm

Keywords: TorBrowserTeam201912R added; TorBrowserTeam201912 removed
Status: newneeds_review

comment:2 Changed 7 months ago by boklm

Actual Points: .1

comment:3 Changed 7 months ago by boklm

I pushed a new revision of the patch in branch bug_32751_v2 to also update the README file and comment in rbm.local.conf.example:
https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_32751_v2&id=6986e3a96ca782ec3cd090f51cfaf3c363800ab1

comment:4 Changed 7 months ago by gk

Keywords: TorBrowserTeam201912 added; TorBrowserTeam201912R removed
Reviewer: gk
Status: needs_reviewneeds_revision

I guess we should add the incremental part to

  ### The var/sign_build_gpg_opts option can be used to define some gpg
  ### options to select the key to use to sign the sha256sums-unsigned-build.txt
  ### file.

?

Otherwise looks good.

comment:5 in reply to:  4 Changed 7 months ago by boklm

Keywords: TorBrowserTeam201912R added; TorBrowserTeam201912 removed
Status: needs_revisionneeds_review

Replying to gk:

I guess we should add the incremental part to

  ### The var/sign_build_gpg_opts option can be used to define some gpg
  ### options to select the key to use to sign the sha256sums-unsigned-build.txt
  ### file.

?

Thanks, I did that in bug_32751_v3:
https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_32751_v3&id=adf23abdceb488864de0639fc74affd3556eb2fc

comment:6 Changed 7 months ago by gk

Resolution: fixed
Status: needs_reviewclosed

Looks good to me, thanks. Merged to master (commit adf23abdceb488864de0639fc74affd3556eb2fc).

comment:7 Changed 7 months ago by boklm

Resolution: fixed
Status: closedreopened

With var/set_default_env we change $HOME, causing gpg to be unable to find its keys in the default ~/.gnupg directory:
http://f4amtbsowhix7rrf.onion/reports/r/tor-browser-2019-12-16/results-tor-browser_build/incrementals-nightly-linux-i686.build.txt

comment:8 Changed 7 months ago by boklm

Status: reopenedneeds_review

comment:9 in reply to:  8 Changed 7 months ago by gk

Keywords: TorBrowserTeam201912 added; TorBrowserTeam201912R removed
Status: needs_reviewneeds_revision

Replying to boklm:

There is a patch for review in branch bug_32751_v4:
https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_32751_v4&id=468293139775704884fe36eb19970fb968fa80a0

Just a nit in the commit message: var/sign_build is changing $HOME I guess you mean var/set_default_env instead as the comment you added indicates?

comment:10 Changed 7 months ago by boklm

Keywords: TorBrowserTeam201912R added; TorBrowserTeam201912 removed
Status: needs_revisionneeds_review

comment:11 Changed 7 months ago by gk

Resolution: fixed
Status: needs_reviewclosed

Thanks. Merged to master (commit b8ade5ac89f85dc122894a458b22f47802530a63).

Note: See TracTickets for help on using tickets.