[tbb-commits] [tor-browser-build/master] Bug 31564: Android bundles based on ESR 68 are not built reproducibly anymore

gk at torproject.org gk at torproject.org
Tue Oct 8 06:43:16 UTC 2019


commit 57732f7eee36ae7a3951bb937cf3d591b887cadb
Author: sisbell <shane.isbell at gmail.com>
Date:   Mon Sep 16 09:43:13 2019 -0700

    Bug 31564: Android bundles based on ESR 68 are not built reproducibly anymore
---
 projects/tor-browser/build.android | 15 +++++++++++++--
 projects/tor-browser/config        |  4 ++++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/projects/tor-browser/build.android b/projects/tor-browser/build.android
index 9f255da..2c1c3b2 100644
--- a/projects/tor-browser/build.android
+++ b/projects/tor-browser/build.android
@@ -9,9 +9,7 @@ cd /var/tmp/build
 
 mv $rootdir/[% c('input_files_by_name/https-everywhere') %] $ext_dir/https-everywhere-eff at eff.org.xpi
 mv $rootdir/[% c('input_files_by_name/noscript') %] $ext_dir/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
-[% c("var/touch") %] $ext_dir $ext_dir/*
 
-zip -d $apk META-INF/\*
 [% c('zip', {
         zip_src => [ '$ext_dir' ],
         zip_args => '$apk',
@@ -43,5 +41,18 @@ zip -d $apk lib/\*
 
 rm -fR lib
 
+# Bug 31564: Android Gradle Plugin has a reproducibility bug. Decompile and recompile to fix ordering of resources.arsc files
+apktool=$rootdir/[% c('input_files_by_name/apktool') %]
+java -jar $apktool d --no-src -o decompiled $apk
+java -jar $apktool b -o $apk decompiled
+# Fix timestamps and remove extra field info from zip entries
+unzip $apk -d tmp
+rm $apk
+cd tmp
+[% c('zip', {
+   zip_src => [ '.' ],
+   zip_args => '$apk',
+   }) %]
+
 # Sign a QA build. This apk is not a debug version and doesn't contain a debug flag in the manifest
 java -jar /usr/share/apksigner/apksigner.jar sign --verbose --min-sdk-version [% c("var/android_min_api") %] --ks $rootdir/android-qa.keystore --out $qa_apk --in $apk --ks-key-alias androidqakey --key-pass pass:android --ks-pass pass:android
diff --git a/projects/tor-browser/config b/projects/tor-browser/config
index f87662e..06e15b4 100644
--- a/projects/tor-browser/config
+++ b/projects/tor-browser/config
@@ -100,3 +100,7 @@ input_files:
   # To generate a new keystore, see how-to-generate-keystore.txt
   - filename: android-qa.keystore
     enable: '[% c("var/android") %]'
+  - URL: https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.4.0.jar
+    name: apktool
+    sha256sum: a0f116e8916d6f21160e1559847bb8b8c32ee71900f321cafeadbe37b87ebcc1
+    enable: '[% c("var/android") %]'





More information about the tbb-commits mailing list