Add signature verification instructions to email

2025-02-08 19:56:08 +00:00 · 2020-03-18 16:12:10 -04:00 · 2020-03-18 16:12:10 -04:00 · 63559201e2
commit 63559201e2
parent 36820cc151
3 changed files with 35 additions and 25 deletions
--- a/gettor/services/email/sendmail.py
+++ b/gettor/services/email/sendmail.py
@ -125,7 +125,6 @@ class Sendmail(object):
        link_msg = ""

        for link in links:
-            print(link)
            provider = link[5]
            version = link[4]
            arch = link[3]
@ -143,6 +142,16 @@ class Sendmail(object):


    def build_body_message(self, link_msg, platform, file):
+        signature_strings = {
+            "windows":"links_body_windows",
+            "linux":"links_body_linux",
+            "osx":"links_body_osx"
+        }
+        signature_cmds = {
+            "windows":"gpgv --keyring .\\tor.keyring Downloads\\{0}.asc Downloads\\{0}",
+            "linux":"gpgv --keyring ./tor.keyring ~/Downloads/{}{{.asc,}}",
+            "osx":"gpgv --keyring ./tor.keyring ~/Downloads/{}{{.asc,}}"
+        }
        body_msg = strings._("body_intro")
        body_msg += strings._("links_body_platform").format(platform)
        body_msg += strings._("links_body_step1").format(link_msg)
@ -150,8 +159,9 @@ class Sendmail(object):
        body_msg += strings._("links_body_internet_archive")
        body_msg += strings._("links_body_google_drive")
        body_msg += strings._("links_body_step2")
+        body_msg += strings._(signature_strings[platform])
+        body_msg += strings._("links_body_all").format(signature_cmds[platform].format(file))
        body_msg += strings._("links_body_step3")
-        print(body_msg)

        return body_msg

--- a/share/locale/en.json
+++ b/share/locale/en.json
@ -6,6 +6,10 @@
  "links_body_internet_archive": "\tInternet Archive: https://archive.org/details/@gettor\n\n",
  "links_body_google_drive": "\tGoogle Drive folder: https://drive.google.com/open?id=13CADQTsCwrGsIID09YQbNz2DfRMUoxUU\n\n",
  "links_body_step2": "Step 2: Verify the signature (Optional)\n\n\tVerifying the signature ensures that a certain package was generated by its\n\tdevelopers, and has not been tampered with.  This email provides links to signature\n\tfiles that have the same name as the Tor Browser file, but end with \".asc\" instead.\n\n",
+  "links_body_all":"\tThe Tor Browser team signs Tor Browser releases. Import the Tor Browser Developers\n\tsigning key (0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290):\n\n\t\tgpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org\n\n\tThis should show you something like:\n\n\t\tgpg: key 4E2C6E8793298290: public key \"Tor Browser Developers (signing key) <torbrowser@torproject.org>\" imported\n\t\tgpg: Total number processed: 1\n\t\tgpg:               imported: 1\n\t\tpub   rsa4096 2014-12-15 [C] [expires: 2020-08-24]\n\t\t      EF6E286DDA85EA2A4BA7DE684E2C6E8793298290\n\t\tuid           [ unknown] Tor Browser Developers (signing key) <torbrowser@torproject.org>\n\t\tsub   rsa4096 2018-05-26 [S] [expires: 2020-09-12]\n\n\tAfter importing the key, you can save it to a file (identifying it by fingerprint here):\n\n\t\tgpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290\n\n\tNext, you will need to download the corresponding \".asc\" signature file and verify it\n\twith the command:\n\n\t\t{}\n\n\tThe result of the command should produce something like this:\n\n\t\tgpgv: Signature made 07/08/19 04:03:49 Pacific Daylight Time\n\t\tgpgv:                using RSA key EB774491D9FF06E2\n\t\tgpgv: Good signature from \"Tor Browser Developers (signing key) <torbrowser@torproject.org>\"\n\n",
+  "links_body_windows":"\tIf you run Windows, download Gpg4win and run its installer. In order to verify the\n\tsignature you will need to type a few commands in windows command-line, cmd.exe.\n\n",
+  "links_body_osx":"\tIf you are using macOS, you can install GPGTools. In order to verify the signature\n\tyou will need to type a few commands in the Terminal (under \"Applications\").\n\n",
+  "links_body_linux":"\tIf you are using GNU/Linux, then you probably already have GnuPG in your system,\n\tas most GNU/Linux distributions come with it preinstalled. In order to verify the\n\tsignature you will need to type a few commands in a terminal window.\n\n",
  "links_body_step3": "Step 3: Get Bridges (Optional)\n\n\tIf you believe that Tor is blocked where you are, you can use bridges to connect\n\tto Tor.  Bridges are hidden Tor relays that can circumvent censorship.\n\tTor Browser includes a list of built-in bridges, which you should  try first.\n\tYou can activate built-in bridges inside of Tor Browser's settings, under the\n\t\"Tor\" menu.  If built-in bridges don't work, try requesting different bridges,\n\twhich you can also do in the \"Tor\" menu inside Tor Browser's settings.\n\n",
  "links_subject": "[GetTor] Links for your request",
  "help_body_intro": "GetTor can send you download links for Tor Browser.\n",
--- a/tests/test_email_service.py
+++ b/tests/test_email_service.py
@ -17,18 +17,6 @@ class EmailServiceTests(unittest.TestCase):
        self.settings = conftests.options.parse_settings("en","tests/test.conf.json")
        self.sm_client = conftests.Sendmail(self.settings)
        self.locales = conftests.strings.get_locales()
-        self.links = [
-            [
-                "https://gitlab.com/thetorproject/gettorbrowser/raw/torbrowser-releases/TorBrowser-9.0.3-osx64_en-US.dmg",
-                "osx",
-                "en-US",
-                "64",
-                "9.0.3",
-                "gitlab",
-                "ACTIVE",
-                "TorBrowser-9.0.3-osx64_en-US.dmg"
-            ]
-        ]

    def tearDown(self):
        print("tearDown()")
@ -182,22 +170,30 @@ class EmailServiceTests(unittest.TestCase):
        self.assertEqual(request["language"], "es-AR")
        del ep

+    @pytest_twisted.inlineCallbacks
    def test_sent_links_message(self):
        ep = self.sm_client
-        links = self.links
-        link_msg, file = ep.build_link_strings(links, "osx", "en")
-        assert "https://gitlab.com/thetorproject/gettorbrowser/raw/torbrowser-releases/TorBrowser-9.0.3-osx64_en-US.dmg" in link_msg
-        assert "osx" in link_msg
-
-        self.assertEqual("TorBrowser-9.0.3-osx64_en-US.dmg", file)
-
-    def test_sent_body_message(self):
-        ep = self.sm_client
-        links = self.links
-        link_msg, file = ep.build_link_strings(links, "osx", "en")
+        links = yield ep.conn.get_links(
+            platform="osx", language="en-US", status="ACTIVE"
+        )
+        link_msg, file = ep.build_link_strings(links, "osx", "en-US")
        body_msg = ep.build_body_message(link_msg, "osx", file)
        assert "You requested Tor Browser for osx" in body_msg

+        links = yield ep.conn.get_links(
+            platform="windows", language="en-US", status="ACTIVE"
+        )
+        link_msg, file = ep.build_link_strings(links, "windows", "en-US")
+        body_msg = ep.build_body_message(link_msg, "windows", file)
+        assert "You requested Tor Browser for windows" in body_msg
+
+        links = yield ep.conn.get_links(
+            platform="linux", language="en-US", status="ACTIVE"
+        )
+        link_msg, file = ep.build_link_strings(links, "linux", "en-US")
+        body_msg = ep.build_body_message(link_msg, "linux", file)
+        assert "You requested Tor Browser for linux" in body_msg
+
    @pytest_twisted.inlineCallbacks
    def test_help_body_message(self):
        ep = self.sm_client