Skip to content

Bug 41116: Create an apt repository for deb package using reprepro

boklm requested to merge boklm/tor-browser-build:bug_41116 into main

Merge Info

Related Issues



  • Immediate: patchset needed as soon as possible
  • Next Minor Stable Release: patchset that needs to be verified in nightly before backport
  • Eventually: patchset that needs to be verified in alpha before backport
  • No Backport (preferred): patchset for the next major stable

(Optional) Justification

  • Emergency security update: patchset fixes CVEs, 0-days, etc
  • Censorship event: patchset enables censorship circumvention
  • Critical bug-fix: patchset fixes a bug in core-functionality
  • Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
  • Sponsor required: patchset required for sponsor
  • Other: please explain

Issue Tracking


Request Reviewer

  • Request review from an applications developer depending on modified system:
    • NOTE: if the MR modifies multiple areas, please /cc all the relevant reviewers (since gitlab only allows 1 reviewer)
    • accessibility : henry
    • android : clairehurst, dan
    • build system : boklm
    • extensions : ma1
    • firefox internals (XUL/JS/XPCOM) : ma1
    • fonts : pierov
    • frontend (implementation) : henry
    • frontend (review) : donuts, richard
    • localization : henry, pierov
    • macos : clairehurst, dan
    • nightly builds : boklm
    • rebases/release-prep : boklm, dan, ma1, pierov, richard
    • security : ma1
    • signing : boklm, richard
    • updater : pierov
    • misc/other : pierov, richard

Change Description

Based on !943 (merged).

This create an apt repository using reprepro. This repository tarball will be used for the nightly builds repo (#41118 (closed)), and maybe to deploy the Mullvad Repo (depending on what is decided in mullvad-browser#287 (closed)).

This also adds the option var/sign_apt_release_file (in rbm.local.conf.example) which can be used to sign the Release file from the repository. The option will be used in nightly builds (so we can sign the repo using the key from keyring/torbrowser-nightly.gpg).

How Tested

Tested that it generates a repository tarball, and that the Release file from the repository is signed when option var/sign_apt_release_file is set in rbm.local.conf.

I also checked that generating the repository tarball is reproducible.

Merge request reports