Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Official F-Droid release #15

Open
exaCORE42 opened this issue Oct 15, 2023 · 11 comments
Open

Official F-Droid release #15

exaCORE42 opened this issue Oct 15, 2023 · 11 comments

Comments

@exaCORE42
Copy link

Are there any plans to release this application on the official F-Droid repository?
@LittleTrickster
Copy link
Owner

Not really but I'll look into it when I'm free.

@eleius
Copy link

eleius commented Oct 30, 2023

At least it's available on IzzyOnDroid for now

@IzzySoft
Copy link

IzzySoft commented Aug 3, 2024

Where we'd like to lift it up one level and confirm it's a Reproducible Build (see: Reproducible bulds, special client support and more in our repo) – but I could not figure out how to build the specific APK we use there. The build spits out several APKs, just not that one.

@LittleTrickster could you give me a hint on how to build that? Obviously, ./gradlew assembleRelease doesn't do the trick.

We'd appreciate if you could help making your build reproducible. We've prepared some hints on reproducible builds for that.

Looking forward to your reply!

@IzzySoft
Copy link

IzzySoft commented Aug 8, 2024

@LittleTrickster any word? Thanks in advance!

@IzzySoft
Copy link

IzzySoft commented Aug 8, 2024

OK, I've managed to build the specific APK now (by altering the build.gradle using sed -r '/abi \{/,/}/ { s/include.*/include "arm64-v8a"/ }' -i app/build.gradle), but it is not RB. Here's the APK diff:

-------------------------------
This can probably be ignored if the above error was
'Error: APK Signing Block offset < central directory offset.'
and the following shows the signature files as the only difference:
-------------------------------
--- /dev/fd/63  2024-08-08 10:02:21.267780725 +0200
+++ /dev/fd/62  2024-08-08 10:02:21.267780725 +0200
@@ -1,11 +1,11 @@
   META-INF/com/android/build/gradle/app-metadata.properties
   32-bit CRC value (hex):                         fadd38bc
   assets/dexopt/baseline.prof
-  32-bit CRC value (hex):                         6f3b3aa9
+  32-bit CRC value (hex):                         b67e3364
   assets/dexopt/baseline.profm
   32-bit CRC value (hex):                         59be0682
   classes.dex
-  32-bit CRC value (hex):                         03370966
+  32-bit CRC value (hex):                         f7ff0ade
   classes2.dex
   32-bit CRC value (hex):                         83d303cb
   lib/arm64-v8a/libc++_shared.so
@@ -20,6 +20,18 @@
   32-bit CRC value (hex):                         d17f9abb
   lib/armeabi-v7a/libopencv_java4.so
   32-bit CRC value (hex):                         10e8443d
+  lib/x86/libc++_shared.so
+  32-bit CRC value (hex):                         346622e6
+  lib/x86/libimage_processing_util_jni.so
+  32-bit CRC value (hex):                         8031e066
+  lib/x86/libopencv_java4.so
+  32-bit CRC value (hex):                         e58e5240
+  lib/x86_64/libc++_shared.so
+  32-bit CRC value (hex):                         3e046e92
+  lib/x86_64/libimage_processing_util_jni.so
+  32-bit CRC value (hex):                         afc57b58
+  lib/x86_64/libopencv_java4.so
+  32-bit CRC value (hex):                         6fca9e01
   assets/com/tom_roush/fontbox/resources/cmap/83pv-RKSJ-H
   32-bit CRC value (hex):                         506463a6
   assets/com/tom_roush/fontbox/resources/cmap/90ms-RKSJ-H
@@ -1395,9 +1407,9 @@
   META-INF/kotlinx_coroutines_core.version
   32-bit CRC value (hex):                         10dbda9d
   META-INF/services/a6.y
-  32-bit CRC value (hex):                         845a12c4
+  32-bit CRC value (hex):                         755dff9c
   META-INF/services/kotlinx.coroutines.internal.i
-  32-bit CRC value (hex):                         861cac9d
+  32-bit CRC value (hex):                         5e70ac5f
   kotlin-tooling-metadata.json
   32-bit CRC value (hex):                         955d2730
   kotlin/annotation/annotation.kotlin_builtins
@@ -1418,9 +1430,3 @@
   32-bit CRC value (hex):                         71c94b37
   org/bouncycastle/x509/CertPathReviewerMessages_de.properties
   32-bit CRC value (hex):                         8357ba7f

@LittleTrickster
Copy link
Owner

@IzzySoft Sorry for late reply
did some changes to target specific abi or just arm or universal using Project property singleAbi. Default still splits to many apks.
singleAbi param values arm, x86 x86_64 arm64-v8a armeabi-v7a universal
example
gradlew -PsingleAbi="arm" assembleRelease

@LittleTrickster
Copy link
Owner

By RB what do you mean?

@IzzySoft
Copy link

IzzySoft commented Aug 8, 2024

By RB what do you mean?

Scroll up a little: Reproducible Builds, special client support and more in our repo. And I needed to build the "universal ARM" APK which is commented out in your build.gradle, so I could compare it against the one attached to your releases. Unfortunately, the builds were not identical, see the diff above. So I don't know if you maybe built from a different commit, or if my way to achieve the "double arm" just causes different results than yours. Unfortunately, in your build.gradle you don't offer a target I could call directly, without altering the file.

For RB, in short: a successful RB basically confirms your APK was really built from the source the tag points to, without any "local modifications" which might have "slipped something in". So it's an additional security indicator.

@LittleTrickster
Copy link
Owner

@IzzySoft Changed app build gradle in latest commit
For arm ./gradlew -PsingleAbi="arm" assembleRelease will add both arm64-v8a and armeabi-v7a to apk

@IzzySoft Sorry for late reply did some changes to target specific abi or just arm or universal using Project property singleAbi. Default still splits to many apks. singleAbi param values arm, x86 x86_64 arm64-v8a armeabi-v7a universal example gradlew -PsingleAbi="arm" assembleRelease

@IzzySoft
Copy link

IzzySoft commented Aug 8, 2024

Thanks! Then I can verify again once a new release is available (as verification needs 2 APKs built from the very same commit: one by you, one by the verification builder). Are there any plans for a new release yet? Once that day comes, please remember the "first basic rule" from our hints on reproducible builds – and build the APK from a clean tree at exactly the commit the tag will point to 😉

@IzzySoft
Copy link

IzzySoft commented Nov 3, 2024

And btw, gradlew -PsingleAbi="arm" assembleRelease produces the following APKs:

+ find . -name '*.apk'
./app/build/outputs/apk/release/app-arm64-v8a-release-unsigned.apk
./app/build/outputs/apk/release/app-x86_64-release-unsigned.apk
./app/build/outputs/apk/release/app-universal-release-unsigned.apk
./app/build/outputs/apk/release/app-x86-release-unsigned.apk
./app/build/outputs/apk/release/app-armeabi-v7a-release-unsigned.apk

I don't see the APK combining the two ARM ABis there. But that was at tag 1.03– I see that singleAbi has only been introduced after that. So any ETA for a release including this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@IzzySoft @eleius @LittleTrickster @exaCORE42 and others