[tor-bugs] #28144 [Applications/Tor Browser]: Update projects/tor-browser for Android

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Nov 20 08:48:30 UTC 2018 

#28144: Update projects/tor-browser for Android
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-rbm, tbb-mobile,                 |  Actual Points:
  TorBrowserTeam201811, TBA-a2                   |
Parent ID:  #26693                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 Okay, we might want to talk past each other here. So, what this step in
 the build process is doing is creating the actual bundles as we are
 shipping them code-wise. For the Android case we need to be a bit creative
 in order to allow e.g. folks on the tor-qa mailing list to test them as
 Android requires a signature to even run .apk files. But the code is and
 should be the same as in the final release bundle with our signature.

 My first thinking was it is fine with just having `tor-browser-tbb-
 nightly-android-armv7.apk` or, say, for the alpha `tor-browser-8.5a4
 -android-armv7.apk` as a result of that. This is mainly used internally
 later on to check for matching builds in the release process (in the case
 of nightly builds, just having something that is running for testing) and
 available in an folder called `alpha/unsigned` (for alphas) to make it
 clear the contents there are unsigned (which means lack official
 signatures).

 Thinking more about it we might want to make it clearer in the Android
 case that the bundle is not signed by an official key yet by adding
 `-unsigned` in the filename. I wonder what Mozilla is doing with their
 Fennec nightlies here as I can't imagine they use their "usual" signing
 key for that.

 At any rate, as this is the step that produces the bundle as we ship it,
 we should copy only that one (however named and however signed). We can do
 the renaming later on during the signing if we think `alpha/unsigned` vs.
 `alpha/signed` directories for the bundles is not enough for that.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28144#comment:36>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list