Signing Tor Browser for Android on a Linux machine
==================================================

Signing
-------

1) Ensure pkcs11 configuration file is available

# Create a file containing the Provider arguments
- cat > /tmp/pkcs11_java.cfg << EOF
name = OpenSC-PKCS11
description = SunPKCS11 via OpenSC
library = /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
slotListIndex = 0
EOF

2) Test the configuration file with `keytool` and confirm it can access the smartcard
- keytool -providerClass sun.security.pkcs11.SunPKCS11     \
          -providerArg /tmp/pkcs11_java.cfg -keystore NONE \
          -storetype PKCS11 -list


3) Signing the exectuable(s):

- path/to/apksigner sign --verbose --provider-class sun.security.pkcs11.SunPKCS11  \
                         --provider-arg pkcs11_java.cfg --ks NONE --ks-type PKCS11 \
                         --debuggable-apk-permitted=false                          \
                         --out tor-browser-${VERSION}-android-${arch}-multi-qa.apk \
                         tor-browser-${VERSION}-android-${arch}-multi-unsigned.apk
