boklm pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits: 7c9183b0 by Nicolas Vigier at 2024-02-28T16:17:42+01:00 Bug 41093: Unsign APKs before signing them Use the bspatch file we create during the build to unsign the apk (which was signed by the QA key) before signing it with the release key. - - - - - 2 changed files: - tools/signing/linux-signer-sign-android-apks - tools/signing/machines-setup/setup-signing-machine Changes: ===================================== tools/signing/linux-signer-sign-android-apks ===================================== @@ -68,14 +68,19 @@ setup_build_tools mkdir -p ~/"$SIGNING_PROJECTNAME-$tbb_version-apks" chgrp signing ~/"$SIGNING_PROJECTNAME-$tbb_version-apks" chmod g+w ~/"$SIGNING_PROJECTNAME-$tbb_version-apks" -cp -af ~/"$SIGNING_PROJECTNAME-$tbb_version"/*.apk ~/"$SIGNING_PROJECTNAME-$tbb_version-apks" +cp -af ~/"$SIGNING_PROJECTNAME-$tbb_version"/*.apk \ + ~/"$SIGNING_PROJECTNAME-$tbb_version"/*.bspatch \ + ~/"$SIGNING_PROJECTNAME-$tbb_version-apks" cd ~/"$SIGNING_PROJECTNAME-$tbb_version-apks" # Sign all packages for arch in ${ARCHS}; do qa_apk=${projname}-qa-android-${arch}-${tbb_version}.apk + unsigned_apk=${projname}-qa-unsigned-android-${arch}-${tbb_version}.apk + unsigned_apk_bspatch=${projname}-qa-unsign-android-${arch}-${tbb_version}.bspatch signed_apk=${projname}-android-${arch}-${tbb_version}.apk - sign_apk "$qa_apk" "$signed_apk" + bspatch "$qa_apk" "$unsigned_apk" "$unsigned_apk_bspatch" + sign_apk "$unsigned_apk" "$signed_apk" verify_apk "$signed_apk" cp -f "$signed_apk" ~/"$SIGNING_PROJECTNAME-$tbb_version" done ===================================== tools/signing/machines-setup/setup-signing-machine ===================================== @@ -116,7 +116,7 @@ install_packages opensc libengine-pkcs11-openssl install_packages cmake libusb-1.0-0-dev libedit-dev gengetopt libpcsclite-dev help2man chrpath dh-exec # Install deps for android/apk signing -install_packages unzip openjdk-11-jdk-headless openjdk-11-jre-headless +install_packages unzip openjdk-11-jdk-headless openjdk-11-jre-headless bsdiff # Install deps for macos-rcodesign signing install_packages p7zip-full zstd View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7c9183b026293263a7b0252282c4d52cac22be1f -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7c9183b026293263a7b0252282c4d52cac22be1f You're receiving this email because of your account on gitlab.torproject.org.
_______________________________________________ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits