git - How to reproduce tor build using gitian? -
please refer me steps reproduce tor build using gitian. have been trying build tor browser bundle using steps mentioned @ following link-
https://trac.torproject.org/projects/tor/wiki/doc/torbrowser/buildingwithgitian
but keep getting errors, , did not receive reply help@rt.torproject.org
~/tor-browser-build/gitian-builder/inputs ~/tor-browser-build/gitian-builder/inputs object ebcbfd6cdc29372909079d0345185733d47d90d4 type commit tag tor-browser-38.2.0esr-5.0-1-build2 tagger mike perry 1439157725 -0700
5.0-build2. gpg: signature made sun 09 aug 2015 06:02:10 pm edt using rsa key id d2f1e186 gpg: signature "mike perry " gpg: aka "mike perry (regular use key) " gpg: aka "mike perry (regular use key) " gpg:
aka "mike perry " gpg: note: key has expired! primary key fingerprint: c963 c21d 6356 4e2b 10bb 335b 2984 6b3c 6836 86cc subkey fingerprint: cc69 3f6c d7aa 6b8e ec40 ec28 4102 f895 d2f1 e186 error: not verify tag 'tor-browser-38.2.0esr-5.0-1-build2' tor-browser: verification of tag tor-browser-38.2.0esr-5.0-1-build2 against /home/tor/tor-browser-build/tor-browser-bundle/gitian/gpg/torbutton.gpg failed!you should run 'make prep' ensure inputs date make: *** [build] error 1
i ran 'make prep' , 'make' still same error.
edit:
after manually updating key, error still not resolved.
tor@tor-virtualbox:~$ gpg -k /home/tor/.gnupg/pubring.gpg ---------------------------- pub 8192r/683686cc 2013-09-11 uid mike perry <mikeperry@endarken.info> uid mike perry <mikeperry@unencrypted.info> uid mike perry (regular use key) <mikeperry@fscked.org> uid mike perry (regular use key) <mikeperry@torproject.org> sub 4096r/0f129402 2015-09-07 [expires: 2016-09-11] sub 4096r/acc0a961 2015-09-07 [expires: 2016-09-11] tor@tor-virtualbox:~$ gpg --fingerprint 683686cc pub 8192r/683686cc 2013-09-11 key fingerprint = c963 c21d 6356 4e2b 10bb 335b 2984 6b3c 6836 86cc uid mike perry <mikeperry@endarken.info> uid mike perry <mikeperry@unencrypted.info> uid mike perry (regular use key) <mikeperry@fscked.org> uid mike perry (regular use key) <mikeperry@torproject.org> sub 4096r/0f129402 2015-09-07 [expires: 2016-09-11] sub 4096r/acc0a961 2015-09-07 [expires: 2016-09-11]
i doubt you're doing wrong. it's failing because you're using expired gpg key mike perry. it's script doesn't understand caused error, asks make prep.
appears mike uses fixed main key gives subkeys , expiration time of 1 year , replaces them. amusingly this tor project pages wrong too.
just download new key here , gpg --import it. or run :
gpg --keyserver pgp.mit.edu --recv 29846b3c683686cc after that, running gpg --fingerprint 683686cc should show :
pub 8192r/683686cc 2013-09-11 key fingerprint = c963 c21d 6356 4e2b 10bb 335b 2984 6b3c 6836 86cc uid mike perry <mikeperry@endarken.info> uid mike perry <mikeperry@unencrypted.info> uid mike perry (regular use key) <mikeperry@fscked.org> uid mike perry (regular use key) <mikeperry@torproject.org> sub 4096r/0f129402 2015-09-07 [expires: 2016-09-11] sub 4096r/acc0a961 2015-09-07 [expires: 2016-09-11] you'll notice new keys expire in 2016.
you can trust new key belongs mike perry because it's same base key same fingerprint. it's subkey's changed. in fact, there chance mike precisely (a) scripts can update key (b) if key compromised people cannot use compromised key more 1 year, , (c) he'd keep main key air gapped too.
Comments
Post a Comment