Noticed https://developer.apple.com/videos/play/wwdc2022/10109/
Apple is deprecating using altool
for notarization and it will stop working next fall. They introduced a new tool and a new REST API for notarization.
Closes #40513
This script combines and simplifies three separate scripts I previously used. I believe I combined them correctly. To use this script, it requires setting the BUILD_TOOLS
variable in the file with a path to an Android SDK build-tools directory that contains apksigner
and zipalign
. I believe I needed a newer version than is available in Debian, but I don't really remember.
As the comment at the top of the script describes, it takes two required arguments. The first positional argument is the version number (this is used for finding the filenames it should sign: tor-browser-${VERSION}-android-${arch}-multi-qa.apk
). The second positional argument is a path to the signing key that should be used.
If a hardware token is being used instead of a file (on disk), then modify Step 3
by commenting out the current apksigner
command and uncomment the command under Or, use below command if using a hardware token
.
The second file (tools/signing/pkcs11_java.cfg
) is only used by when signing using the nitrokey.
Matthew Finkel (1c6d68e6) at 03 Jun 20:44
Bug 40513: Add script for signing Android apks
Matthew Finkel (acf4434f) at 03 Jun 19:21
Bug 40513: Add script for signing Android apks
... and 523 more commits
Publish the script used for signing APKs.
Blog post for Tor Browser 11.5a10.
I believe we're missing:
* Bug 40485: Resolve Android reproducibility issues [tor-browser-build]
I believe we're missing:
* Bug 40682: Set network.proxy.allow_bypass to false [tor-browser]
Same as above.