Reproducibly Build and Sign
- build:
- make vpn reproducibly buildable
-
vpn -
onionmasq -
AndroidOnionmasq -
onionmasq is currently not reproducible -
test if static-native-tlsfeature on arti-client imports fixes this rather than the openssl downgrade
-
-
script or gradle to build both at once and or include locally built onionmasq (no gitlab api fetch)
-
- [not right now] adding to tbb?
- manage deps
- onionmasq - rust
-
arti https://gitlab.torproject.org/pierov/tor-browser-build/-/tree/add-arti-binary
- result: .aab
- fdroid
-
support for alpha? what is our release stragegy? - no support for channels, we will create a vpn app with them and add Beta to the title and use beta branding for now
-
start engagement -
fastlane support: -
initial: !236 (merged)
-
-
-
call for full copy #244 (comment 3211923) -
fdroid issue: https://gitlab.com/fdroid/rfp/-/issues/3161 -
test reproducible -
confirm reproducible against tor published result
-
- make vpn reproducibly buildable
- signing:
-
can we build locally and then sign in the enclave machine as a later different step -
google -
keys and initial .aar from CI? to google for review -
finish filling metadata
-
-
self sign and publish -
TBB Adapt our signing scripts to be able to sign the VPN app - signing tor-browser-build#41522 (closed)
-
-
gettor - we can presign before uploading to google
- yes using the standard gradle/android keystore release signing
-
Edited by Dan Ballard