GitLab

at 2025-12-16T17:39:16+01:00

Bug 41670: Add script to download Tor VPN release

Bug 41673: Update linux-signer-sign-android-apks to sign per-arch torvpn apks

Bug 41672: Prepare Tor VPN 1.4.0Beta

   - pierov

 - [ ] Ensure all builders have matching builds

 - Place the Tor VPN release to be signed in directory `torvpn/alpha/signed/${TOR_VPN_VERSION}`:

-  - [ ] `mkdir torvpn/alpha/signed/${TOR_VPN_VERSION} && cd torvpn/alpha/signed/${TOR_VPN_VERSION}`

-  - [ ] `wget https://${URL_PATH}/app-release.aab` (replacing `${URL_PATH}` with the location where the unsigned build has been published)

-  - [ ] `mv app-release.aab tor-vpn-${TOR_VPN_VERSION}.aab`

-  - [ ] `wget https://${URL_PATH}/app-release-unsigned.apk` (replacing `${URL_PATH}` with the location where the unsigned build has been published)

-  - [ ] `mv app-release-unsigned.apk tor-vpn-qa-unsigned-android-multiarch-${TOR_VPN_VERSION}.apk`

-  - [ ] `sha256sum tor-vpn-* > sha256sums-unsigned-build.txt`

+  - [ ] `./tools/signing/download-torvpn-release.torvpn ${URL_PATH}` (replacing `${URL_PATH}` with the location where the unsigned build has been published, for example https://tb-build-03.torproject.org/~dan/vpn/1.4.0Beta/)

   - [ ] Compare checksums from `sha256sums-unsigned-build.txt` with expected checksums

 - [ ] On `${STAGING_SERVER}`, ensure updated:

   - [ ] `tor-browser-build` is on the right commit

   torvpn:

     var:

       tor-vpn: 1

-      torbrowser_version: '1.3.0Beta'

+      torbrowser_version: '1.4.0Beta'

       torbrowser_build: 'build1'

-      browser_release_date: '2025/10/31 07:30:00'

+      browser_release_date: '2025/12/16 15:00:00'

       project-name: tor-vpn

       projectname: torvpn

       Project_Name: 'Tor VPN'

+#!/bin/bash

+#

+# This script downloads a Tor VPN release from the given URL and will

+# rename the files and put them in torvpn/alpha/signed/$version (where

+# $version is the torvpn version defined in rbm.conf).

+#

+# Usage: download-torvpn-release.torvpn <base_url>

+#

+# base_url: URL directory where the release can be downloaded. For

+# example https://tb-build-03.torproject.org/~dan/vpn/1.4.0Beta/.

+#

+set -e

+script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )

+source "$script_dir/functions"

+

+base_url="$1"

+

+test -d "$signed_version_dir" && \

+  exit_error "Directory already exist: $signed_version_dir"

+

+test $# -ne 1 && \

+  exit_error "Wrong number of arguments"

+

+tmpdir=$(mktemp -p "$script_dir/../../tmp" -d)

+trap "rm -Rf $tmpdir" EXIT

+cd $tmpdir

+for arch in arm64v8a armeabiv7a universal x86 x86_64

+do

+  case "$arch" in

+    arm64v8a)

+      dest_arch=aarch64

+      ;;

+    armeabiv7a)

+      dest_arch=armv7

+      ;;

+    universal)

+      dest_arch=multiarch

+      ;;

+    *)

+      dest_arch="$arch"

+      ;;

+  esac

+  dl_filename="app-$arch-release-unsigned.apk"

+  wget -O "$dl_filename" "$base_url/$dl_filename"

+  mv "$dl_filename" "tor-vpn-qa-unsigned-android-${dest_arch}-${tbb_version}.apk"

+done

+

+wget -O app-universal-release.aab "$base_url/app-universal-release.aab"

+mv app-universal-release.aab "tor-vpn-${tbb_version}.aab"

+sha256sum $(ls -1 *.apk *.aab | sort) > sha256sums-unsigned-build.txt

+cat sha256sums-unsigned-build.txt

+

+mkdir -p "$signed_version_dir"

+mv -f *.aab *.apk *.txt "$signed_version_dir"
 

 topdir="$script_dir/../.."

 ARCHS="armv7 aarch64 x86_64"

-test "$SIGNING_PROJECTNAME" = 'torvpn' && ARCHS='multiarch'

+test "$SIGNING_PROJECTNAME" = 'torvpn' && ARCHS="$ARCHS x86 multiarch"

 projname=$(project-name)

 # tbb_version_type, tbb_version and SIGNING_PROJECTNAME are used in

 # wrappers/sign-apk, so we export them

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build

Commits:

4 changed files:

Changes: