[tor-commits] [tor-browser-build/master] Bug 31564: Android bundles based on ESR 68 are not built reproducibly anymore
gk at torproject.org
gk at torproject.org
Tue Oct 8 06:43:16 UTC 2019
commit 57732f7eee36ae7a3951bb937cf3d591b887cadb
Author: sisbell <shane.isbell at gmail.com>
Date: Mon Sep 16 09:43:13 2019 -0700
Bug 31564: Android bundles based on ESR 68 are not built reproducibly anymore
---
projects/tor-browser/build.android | 15 +++++++++++++--
projects/tor-browser/config | 4 ++++
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/projects/tor-browser/build.android b/projects/tor-browser/build.android
index 9f255da..2c1c3b2 100644
--- a/projects/tor-browser/build.android
+++ b/projects/tor-browser/build.android
@@ -9,9 +9,7 @@ cd /var/tmp/build
mv $rootdir/[% c('input_files_by_name/https-everywhere') %] $ext_dir/https-everywhere-eff at eff.org.xpi
mv $rootdir/[% c('input_files_by_name/noscript') %] $ext_dir/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
-[% c("var/touch") %] $ext_dir $ext_dir/*
-zip -d $apk META-INF/\*
[% c('zip', {
zip_src => [ '$ext_dir' ],
zip_args => '$apk',
@@ -43,5 +41,18 @@ zip -d $apk lib/\*
rm -fR lib
+# Bug 31564: Android Gradle Plugin has a reproducibility bug. Decompile and recompile to fix ordering of resources.arsc files
+apktool=$rootdir/[% c('input_files_by_name/apktool') %]
+java -jar $apktool d --no-src -o decompiled $apk
+java -jar $apktool b -o $apk decompiled
+# Fix timestamps and remove extra field info from zip entries
+unzip $apk -d tmp
+rm $apk
+cd tmp
+[% c('zip', {
+ zip_src => [ '.' ],
+ zip_args => '$apk',
+ }) %]
+
# Sign a QA build. This apk is not a debug version and doesn't contain a debug flag in the manifest
java -jar /usr/share/apksigner/apksigner.jar sign --verbose --min-sdk-version [% c("var/android_min_api") %] --ks $rootdir/android-qa.keystore --out $qa_apk --in $apk --ks-key-alias androidqakey --key-pass pass:android --ks-pass pass:android
diff --git a/projects/tor-browser/config b/projects/tor-browser/config
index f87662e..06e15b4 100644
--- a/projects/tor-browser/config
+++ b/projects/tor-browser/config
@@ -100,3 +100,7 @@ input_files:
# To generate a new keystore, see how-to-generate-keystore.txt
- filename: android-qa.keystore
enable: '[% c("var/android") %]'
+ - URL: https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.4.0.jar
+ name: apktool
+ sha256sum: a0f116e8916d6f21160e1559847bb8b8c32ee71900f321cafeadbe37b87ebcc1
+ enable: '[% c("var/android") %]'
More information about the tor-commits
mailing list