[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [Git][tpo/applications/tor-browser-build][main] Bug 41093: Unsign APKs before signing them

Title: GitLab

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build

Commits:

  • 7c9183b0
    by Nicolas Vigier at 2024-02-28T16:17:42+01:00 
    Bug 41093: Unsign APKs before signing them

Use the bspatch file we create during the build to unsign the apk (which
was signed by the QA key) before signing it with the release key.

2 changed files:

Changes:

  • tools/signing/linux-signer-sign-android-apks
    ... ... @@ -68,14 +68,19 @@ setup_build_tools
    68 68 
     mkdir -p ~/"$SIGNING_PROJECTNAME-$tbb_version-apks"
    69 69 
     chgrp signing ~/"$SIGNING_PROJECTNAME-$tbb_version-apks"
    70 70 
     chmod g+w ~/"$SIGNING_PROJECTNAME-$tbb_version-apks"
    71 
    -cp -af ~/"$SIGNING_PROJECTNAME-$tbb_version"/*.apk ~/"$SIGNING_PROJECTNAME-$tbb_version-apks"
    71 
    +cp -af ~/"$SIGNING_PROJECTNAME-$tbb_version"/*.apk \
    72 
    +  ~/"$SIGNING_PROJECTNAME-$tbb_version"/*.bspatch \
    73 
    +  ~/"$SIGNING_PROJECTNAME-$tbb_version-apks"
    72 74 
     cd ~/"$SIGNING_PROJECTNAME-$tbb_version-apks"
    73 75
    74 76 
     # Sign all packages
    75 77 
     for arch in ${ARCHS}; do
    76 78 
       qa_apk=${projname}-qa-android-${arch}-${tbb_version}.apk
    79 
    +  unsigned_apk=${projname}-qa-unsigned-android-${arch}-${tbb_version}.apk
    80 
    +  unsigned_apk_bspatch=${projname}-qa-unsign-android-${arch}-${tbb_version}.bspatch
    77 81 
       signed_apk=${projname}-android-${arch}-${tbb_version}.apk
    78 
    -  sign_apk "$qa_apk" "$signed_apk"
    82 
    +  bspatch "$qa_apk" "$unsigned_apk" "$unsigned_apk_bspatch"
    83 
    +  sign_apk "$unsigned_apk" "$signed_apk"
    79 84 
       verify_apk "$signed_apk"
    80 85 
       cp -f "$signed_apk" ~/"$SIGNING_PROJECTNAME-$tbb_version"
    81 86 
     done

  • tools/signing/machines-setup/setup-signing-machine
    ... ... @@ -116,7 +116,7 @@ install_packages opensc libengine-pkcs11-openssl
    116 116 
     install_packages cmake libusb-1.0-0-dev libedit-dev gengetopt libpcsclite-dev help2man chrpath dh-exec
    117 117
    118 118 
     # Install deps for android/apk signing
    119 
    -install_packages unzip openjdk-11-jdk-headless openjdk-11-jre-headless
    119 
    +install_packages unzip openjdk-11-jdk-headless openjdk-11-jre-headless bsdiff
    120 120
    121 121 
     # Install deps for macos-rcodesign signing
    122 122 
     install_packages p7zip-full zstd


    • View it on GitLab.
    You're receiving this email because of your account on gitlab.torproject.org. Manage all notifications · Help 

    _______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits