Adapt our signing scripts to be able to sign the VPN app
I think we can adapt the signing script we have in
tor-browser-build/tools/signing
to support signing the VPN app.
Currently the signing scripts can be called with
./do-all-signing.torbrowser
or ./do-all-signing.mullvadbrowser
. I
think we can add a ./do-all-signing.vpn
which will re-use the following
signing steps from Tor/Mullvad Browser signing:
- set-time-on-signing-machine: preparing the signing machine
- sync-builder-unsigned-to-local-signed: get the unsigned build from the build machine. This script might need to be adapted depending on where we get the build done.
- sync-scripts-to-linux-signer: upload signing scripts to signing machine
- sync-before-linux-signer-signmars: upload unsigned build to the signing machine
- linux-signer-sign-android-apks: do the apk signing
- sync-after-sign-android-apks: get the signed apk files from the signing machine
- hash_signed_bundles: create
sha256sums-signed-build.txt
file - linux-signer-gpg-sign: sign the build with gpg
- download-unsigned-sha256sums-gpg-signatures-from-people-tpo: get sha256sums-unsigned-build.txt.gpg file from multiple builders, for verifying that the build has been reproduced
- sync-local-to-staticiforme: upload the signed build to staticiforme, to make it available in https://dist.torproject.org/vpn/.
And we need to add this new step:
- linux-signer-sign-android-aar: for signing the .aar file that we will publish on googleplay
/cc @dan