[tor-bugs] #28697 [Applications/Tor Browser]: Our QA and testing .apks are signed with a key per build

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Dec 3 10:10:08 UTC 2018


#28697: Our QA and testing .apks are signed with a key per build
-------------------------------------+-------------------------------------
     Reporter:  gk                   |      Owner:  tbb-team
         Type:  defect               |     Status:  new
     Priority:  Medium               |  Milestone:
    Component:  Applications/Tor     |    Version:
  Browser                            |   Keywords:  tbb-mobile,
     Severity:  Normal               |  TorBrowserTeam201812
Actual Points:                       |  Parent ID:  #25164
       Points:                       |   Reviewer:
      Sponsor:                       |
-------------------------------------+-------------------------------------
 For every .apk build we do a
 {{{
 keytool -genkey -v -keystore qa.keystore -storepass android -alias
 androidqakey -keypass android -keyalg RSA -keysize 2048 -validity 10000
 -dname "CN=Android Tor QA,O=Tor,C=US"
 }}}
 which

 a) results in differences between the resulting .apk files defeating our
 reproducible builds goal and

 b) results in a hassle testing those .apk files by trying to overwrite an
 older installation: the keys must be the same, otherwise the app would not
 get installed over the already available one.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28697>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list