Bug 15598: Update documentation for TB 4.5
Georg Koppen

Georg Koppen commited on 2015-04-28 03:10:49
Zeige 1 geänderte Dateien mit 10 Einfügungen und 2 Löschungen.


Refer to the Tor Browser signing key throughout the whole verifying-
signatures document.

Add documentation for stripping off the authenticode signatures of the
Windows installers.
... ...
@@ -207,8 +207,9 @@
207 207
       for TBB 3.6.1.</li>
208 208
       <li>Retrieve the signers' GPG keys. This can be done from the command
209 209
       line by entering something like
210
-      <pre>gpg --keyserver keys.mozilla.org --recv-keys 0x29846B3C683686CC</pre>
211
-      (This will bring you developer Mike Perry's public key. Other
210
+      <pre>gpg --keyserver keys.mozilla.org --recv-keys 0x4E2C6E8793298290</pre>
211
+      (This will bring you the public part of the Tor Browser developers'
212
+       signing key. Other
212 213
       developers' key IDs can be found on
213 214
       <a href="<page docs/signing-keys>">this
214 215
       page</a>.)</li>
... ...
@@ -216,6 +217,13 @@
216 217
       <pre>gpg --verify &lt;NAME OF THE SIGNATURE FILE&gt;.asc sha256sums.txt</pre></li>
217 218
       <li>You should see a message like "Good signature from &lt;DEVELOPER
218 219
       NAME&gt;". If you don't, there is a problem. Try these steps again.</li>
220
+      <li>If you want to verify a Windows Tor Browser package you need to first
221
+      strip off the authenticode signature of it. One tool that can be used for
222
+      this purpose is <a
223
+      href="http:/osslsigncode.sourceforge.net">osslsigncode</a>. Assuming you
224
+      have built it on a Linux computer you can enter
225
+      <pre>/path/to/your/osslsigncode remove-signature &#92;
226
+        /path/to/your/&lt;TOR BROWSER FILE NAME&gt;.exe &lt;TOR BROWSER FILE NAME&gt;.exe</pre></li>
219 227
       <li>Now you can take the sha256sum of the Tor Browser package. On
220 228
       Windows you can use the <a href="http://md5deep.sourceforge.net/">
221 229
       hashdeep utility</a> and run
222 230