[tor-commits] [Git][tpo/applications/tor-browser-build][main] Bug 41093: Unsign APKs before signing them
boklm (@boklm)
git at gitlab.torproject.org
Wed Feb 28 15:19:13 UTC 2024
boklm pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
7c9183b0 by Nicolas Vigier at 2024-02-28T16:17:42+01:00
Bug 41093: Unsign APKs before signing them
Use the bspatch file we create during the build to unsign the apk (which
was signed by the QA key) before signing it with the release key.
- - - - -
2 changed files:
- tools/signing/linux-signer-sign-android-apks
- tools/signing/machines-setup/setup-signing-machine
Changes:
=====================================
tools/signing/linux-signer-sign-android-apks
=====================================
@@ -68,14 +68,19 @@ setup_build_tools
mkdir -p ~/"$SIGNING_PROJECTNAME-$tbb_version-apks"
chgrp signing ~/"$SIGNING_PROJECTNAME-$tbb_version-apks"
chmod g+w ~/"$SIGNING_PROJECTNAME-$tbb_version-apks"
-cp -af ~/"$SIGNING_PROJECTNAME-$tbb_version"/*.apk ~/"$SIGNING_PROJECTNAME-$tbb_version-apks"
+cp -af ~/"$SIGNING_PROJECTNAME-$tbb_version"/*.apk \
+ ~/"$SIGNING_PROJECTNAME-$tbb_version"/*.bspatch \
+ ~/"$SIGNING_PROJECTNAME-$tbb_version-apks"
cd ~/"$SIGNING_PROJECTNAME-$tbb_version-apks"
# Sign all packages
for arch in ${ARCHS}; do
qa_apk=${projname}-qa-android-${arch}-${tbb_version}.apk
+ unsigned_apk=${projname}-qa-unsigned-android-${arch}-${tbb_version}.apk
+ unsigned_apk_bspatch=${projname}-qa-unsign-android-${arch}-${tbb_version}.bspatch
signed_apk=${projname}-android-${arch}-${tbb_version}.apk
- sign_apk "$qa_apk" "$signed_apk"
+ bspatch "$qa_apk" "$unsigned_apk" "$unsigned_apk_bspatch"
+ sign_apk "$unsigned_apk" "$signed_apk"
verify_apk "$signed_apk"
cp -f "$signed_apk" ~/"$SIGNING_PROJECTNAME-$tbb_version"
done
=====================================
tools/signing/machines-setup/setup-signing-machine
=====================================
@@ -116,7 +116,7 @@ install_packages opensc libengine-pkcs11-openssl
install_packages cmake libusb-1.0-0-dev libedit-dev gengetopt libpcsclite-dev help2man chrpath dh-exec
# Install deps for android/apk signing
-install_packages unzip openjdk-11-jdk-headless openjdk-11-jre-headless
+install_packages unzip openjdk-11-jdk-headless openjdk-11-jre-headless bsdiff
# Install deps for macos-rcodesign signing
install_packages p7zip-full zstd
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7c9183b026293263a7b0252282c4d52cac22be1f
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7c9183b026293263a7b0252282c4d52cac22be1f
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20240228/40ea8031/attachment-0001.htm>
More information about the tor-commits
mailing list