Skip to content

Bug 40513: Add script for signing Android apks

Matthew Finkel requested to merge sysrqb/tor-browser-build:bug_40513 into master

Closes #40513 (closed)

This script combines and simplifies three separate scripts I previously used. I believe I combined them correctly. To use this script, it requires setting the BUILD_TOOLS variable in the file with a path to an Android SDK build-tools directory that contains apksigner and zipalign. I believe I needed a newer version than is available in Debian, but I don't really remember.

As the comment at the top of the script describes, it takes two required arguments. The first positional argument is the version number (this is used for finding the filenames it should sign: tor-browser-${VERSION}-android-${arch}-multi-qa.apk). The second positional argument is a path to the signing key that should be used.

If a hardware token is being used instead of a file (on disk), then modify Step 3 by commenting out the current apksigner command and uncomment the command under Or, use below command if using a hardware token.

The second file (tools/signing/pkcs11_java.cfg) is only used by when signing using the nitrokey.

Merge request reports