[tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu May 9 06:58:19 UTC 2019


#26536: Create APK signing keys
-------------------------------------------------+-------------------------
 Reporter:  sysrqb                               |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:
                                                 |  needs_information
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-mobile, TBA-a3, tbb-8.5-must,    |  Actual Points:
  TorBrowserTeam201904                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor8
-------------------------------------------------+-------------------------

Comment (by eighthave):

 Wow, you have really dug into the depths here!  Great to see, but sucks
 that this is still so hard.  Maybe the short term answer is using
 _jarsigner_?  That will introduce an annoying reproducibility issue since
 _jarsigner_ includes the full Java major/minor/bugfix/patch version in the
 META-INF/MANIFEST.MF in the APK.

 As for fixing apksigner, I'm up for getting fixing into Debian, I maintain
 that package.  It should be possible to get fixes into both stretch and
 buster, if they are not too big.  I think that would also be possible for
 opensc-pkcs11, but i'm not the maintainer of that package, so harder to
 promise anything.

 Maybe there is already a fix upstream, did you look at
 https://android.googlesource.com/platform/tools/apksig/ ?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26536#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list