Failed to verify the build on GooglePlay

[Giszmo]

I tried to verify the released version from GooglePlay matches the version on GitHub but had several issues. Could you please have a look into reproducible builds. I shared my findings here.

I suspect there are more hurdles than what I mentioned in my findings but so far my impression of Eclair was very good, so I hope we get this done.

[t-bast]

Thanks for the report and for sharing those, we've had reproducible builds on our todo list for a while but didn't have time to work on it yet.
We'll look into it shortly.

[Giszmo]

How is it going? Eclair could still be #3 in our list of verifiable apps, given it has more downloads than yesterday's newcomer to the list.

[t-bast]

It's going to take some time. Verifiable builds on Java/Scala aren't that easy to integrate with our build setup, and Maven is making changes towards that direction but it's still a WIP on their side.
We're working on it, but can't provide an accurate timeline at the moment because there are too many unknowns.

[Giszmo]

Excuse me, 3 months went by and I see no progress here. Could you please elaborate how maven is to blame for your wallet not to be verifiable and how you can pick a build system that cannot produce verifiable builds for a Bitcoin wallet? The release manager put under duress could any day inject a wallet stealer into a release and steal all the funds of all the users in an instance. Is that acceptable by your standards?

[pm47]

The release manager put under duress could any day inject a wallet

stealer into a release and steal all the funds of all the users in an instance. Is that acceptable by your standards? <greta_howdareyou.gif> What if I told you that the release manager is also the main developer. You're trusting him anyway, except if you review the code. Not to mention that 99.9% of our users download the app from Google Play. I agree that reproductible builds are a good thing, but the entitlement here is a bit over the top. This is FOSS, either submit a PR or be patient. Le dim. 29 mars 2020 à 01:44, Leo Wandersleb <[email protected]> a écrit :

…

Excuse me, 3 months went by and I see no progress here. Could you please elaborate how maven is to blame for your wallet not to be verifiable and how you can pick a build system that cannot produce verifiable builds for a Bitcoin wallet? The release manager put under duress could any day inject a wallet stealer into a release and steal all the funds of all the users in an instance. Is that acceptable by your standards? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#232 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAPPFPTQHMKZEV4IR4IIZRLRJ2KXPANCNFSM4J6LH3NA> .

[Giszmo]

Sorry, I'm normally with you regarding open source not giving users the right to demand anything but walletscrutiny.com is aiming to find bad actors that try to pull the rug under the feet of their users at some point. While my gut feelings are much more sympathetic towards ACINQ than other providers that are more elusive, I have to develop some rigid metrics by which to categorize apps.

I hope to get the word out there to not trust non-verifiable apps on Google Play with any money and at this point, Eclair is not verifiable. I would love to not have to warn against its use as I use it myself.

In the end, there is an open source project and there is a Playstore app and the critique goes against the Playstore app provider not against the open source developer. GitHub is just a much more transparent and easy way to deliver the message, so if you are not the Playstore app provider, please don't feel offended personally. The burden of proof of having provided an app based on public code is on the release manager, not on the developer.

[t-bast]

Excuse me, 3 months went by and I see no progress here.

You didn't make much effort to look before accusing...
There are only 2 currently open PRs on this repo and one of them is support for deterministic builds: #236

It's very easy to judge and complain, but if you hope to inform your users you could at least spend 5 minutes looking at the repository's activity before claiming no progress is being made.

We have shipped deterministic builds on the server in our latest release (ACINQ/eclair@a028645), and are making steady progress towards deterministic builds for eclair-mobile and phoenix.

Even just googling for "eclair mobile deterministic build" returns results showing the progress.

Right now the apps still aren't deterministic, but that will come. Please be patient and don't use it in the meantime if you don't trust it.

[Giszmo]

At https://walletscrutiny.com/ we currently track 92 apps. Please don't get personally offended if I don't start investigations from zero when the very specific issue has not been updated in 3 months and thank you for the progress.

The goal is to develop solid rules and to get users and providers to care enough so that non-verifiability is considered a huge red flag and nobody recommends non-verifiable apps. We are not there yet and providers are thus given huge slack anyway but when your main focus is "How would you steal funds from unsuspecting users", this is a big deal. I understand that until it generally is a big deal, any wallet that doesn't see it as their top priority to fix it, isn't sticking out much.

I hope to work together with wallets that do the right thing, so we can push to the fringes wallets that don't and have no doubt Eclair will be verifiable soon, too.

[Giszmo]

Hiho, at the risk of offending you again, is there any progress? Should I try to rebuild your app and get it into the "reproducible" section of the listing or is https://walletscrutiny.com/android/fr.acinq.eclair.wallet.mainnet2/ still correct?

[dpad85]

Hello, the build is not reproducible for now, I need to port what has been done in Phoenix to this project. It should not be too hard but it still takes some time. I will update this issue when it's done.

[emanuelb]

The app is currently fail to build, see opened issue: #266
which also contain a Containerfile to build the project.
The analysis at https://walletscrutiny.com/android/fr.acinq.eclair.wallet.mainnet2/ shows a FTBFS on previous step that already fixed, but the app still suffer from FTBFS in later assembleRelease step.

[emanuelb]

Building latest version 0.4.16 works, compared the result to apk on github was:

command diff --recursive --brief ./eclair-mobile-57-0.4.16-mainnet/ ./eclair_rebuild_0416/
Result:

Files ./eclair-mobile-57-0.4.16-mainnet/application.conf and ./eclair_rebuild_0416/application.conf differ
Files ./eclair-mobile-57-0.4.16-mainnet/classes2.dex and ./eclair_rebuild_0416/classes2.dex differ
Files ./eclair-mobile-57-0.4.16-mainnet/classes3.dex and ./eclair_rebuild_0416/classes3.dex differ
Files ./eclair-mobile-57-0.4.16-mainnet/electrum/checkpoints_mainnet.json and ./eclair_rebuild_0416/electrum/checkpoints_mainnet.json differ
Files ./eclair-mobile-57-0.4.16-mainnet/electrum/checkpoints_testnet.json and ./eclair_rebuild_0416/electrum/checkpoints_testnet.json differ
Files ./eclair-mobile-57-0.4.16-mainnet/electrum/servers_mainnet.json and ./eclair_rebuild_0416/electrum/servers_mainnet.json differ
Files ./eclair-mobile-57-0.4.16-mainnet/electrum/servers_regtest.json and ./eclair_rebuild_0416/electrum/servers_regtest.json differ
Files ./eclair-mobile-57-0.4.16-mainnet/electrum/servers_testnet.json and ./eclair_rebuild_0416/electrum/servers_testnet.json differ
Files ./eclair-mobile-57-0.4.16-mainnet/lib/arm64-v8a/libsqlitejdbc.so and ./eclair_rebuild_0416/lib/arm64-v8a/libsqlitejdbc.so differ
Files ./eclair-mobile-57-0.4.16-mainnet/lib/armeabi-v7a/libsqlitejdbc.so and ./eclair_rebuild_0416/lib/armeabi-v7a/libsqlitejdbc.so differ
Files ./eclair-mobile-57-0.4.16-mainnet/lib/x86/libsqlitejdbc.so and ./eclair_rebuild_0416/lib/x86/libsqlitejdbc.so differ
Files ./eclair-mobile-57-0.4.16-mainnet/lib/x86_64/libsqlitejdbc.so and ./eclair_rebuild_0416/lib/x86_64/libsqlitejdbc.so differ
Only in ./eclair-mobile-57-0.4.16-mainnet/META-INF: MAINNET.RSA
Only in ./eclair-mobile-57-0.4.16-mainnet/META-INF: MAINNET.SF
Only in ./eclair-mobile-57-0.4.16-mainnet/META-INF: MANIFEST.MF
Files ./eclair-mobile-57-0.4.16-mainnet/reference.conf and ./eclair_rebuild_0416/reference.conf differ

Containerfile to compile the app:
Build with: podman build --rm -t eclair_build_apk -f ContainerFile
APK generated in: /home/appuser/app/eclair/eclair-mobile/app/build/outputs/apk/release/57-v0.4.16-mainnet-universal-release.apk

FROM frolvlad/alpine-glibc

RUN set -ex; \
    apk update; \
    apk add --no-cache \
        bash \
        git \
        maven \
        openjdk11; \
    adduser -D appuser;

USER appuser

ENV ANDROID_HOME="/home/appuser/app/sdk" \
    ANDROID_SDK_ROOT="/home/appuser/app/sdk"

RUN set -ex; \
    mkdir -p "/home/appuser/app/sdk/licenses" "/home/appuser/app/eclair/"; \
    printf "\n24333f8a63b6825ea9c5514f83c2829b004d1fee" > "/home/appuser/app/sdk/licenses/android-sdk-license"; \
    printf "\n84831b9409646a918e30573bab4c9c91346d8abd" > "/home/appuser/app/sdk/licenses/android-sdk-preview-license"; \
    cd /home/appuser/app/sdk/; \
    wget https://dl.google.com/android/repository/commandlinetools-linux-7302050_latest.zip; \
    echo "7a00faadc0864f78edd8f4908a629a46d622375cbe2e5814e82934aebecdb622  commandlinetools-linux-7302050_latest.zip" | sha256sum -c; \
    unzip commandlinetools-linux-7302050_latest.zip; \
    rm commandlinetools-linux-7302050_latest.zip; \
    /home/appuser/app/sdk/cmdline-tools/bin/sdkmanager --sdk_root=/home/appuser/app/sdk/ --install --channel=1 "ndk-bundle" "ndk;23.0.7196353"; \
    cd /home/appuser/app/eclair/; \
    git clone https://github.com/ACINQ/eclair; \
    cd /home/appuser/app/eclair/eclair/; \
    git checkout v0.4.12-android; \
    mvn clean install -DskipTests; \
    cd /home/appuser/app/eclair; \
    git clone https://github.com/ACINQ/eclair-mobile; \
    cd /home/appuser/app/eclair/eclair-mobile; \
    git checkout v0.4.16-MAINNET; \
    ./gradlew assembleRelease

next steps are to run diffoscope and look at the diffs and why they happen and also to write Containerfile based on ubuntu instead of alpine, as the RB PR use ubuntu: https://github.com/ACINQ/eclair-mobile/pull/236/files

[emanuelb]

Ubuntu build fail with error, opened issue for it at #275, The above diff result was done when git checkoutandroid; used instead of git checkout v0.4.12-android; but currently it doesn't matter as at still will generate the same APK.

Both above Containerfile & when installation additional libstdc++6 package return this warning: (ubuntu/debian build that works probably will fix it)

/home/appuser/app/sdk/cmake/3.10.2.4988404/bin/ninja: /usr/lib/libstdc++.so.6: no version information available (required by /home/appuser/app/sdk/cmake/3.10.2.4988404/bin/ninja)

Opened issue to declare specifc version for CMake: #276

For classes2.dex & classes3.dex using jadx like /home/appuser/tools/jadx/bin/jadx -d /tmp/classes2_2/ --show-bad-code /classes2_2.dex shows diffs in files (it's better to use diffoscope for more accurate results)

Files /tmp/classes2_1/sources/com/google/android/gms/common/api/internal/zaaj.java and /tmp/classes2_2/sources/com/google/android/gms/common/api/internal/zaaj.java differ
Files /tmp/classes2_1/sources/com/google/android/gms/common/api/internal/zaak.java and /tmp/classes2_2/sources/com/google/android/gms/common/api/internal/zaak.java differ
Files /tmp/classes2_1/sources/com/google/android/gms/common/api/internal/zaal.java and /tmp/classes2_2/sources/com/google/android/gms/common/api/internal/zaal.java differ
Files /tmp/classes2_1/sources/com/google/android/gms/common/api/internal/zaam.java and /tmp/classes2_2/sources/com/google/android/gms/common/api/internal/zaam.java differ
Files /tmp/classes2_1/sources/com/google/android/gms/common/api/internal/zaap.java and /tmp/classes2_2/sources/com/google/android/gms/common/api/internal/zaap.java differ
Files /tmp/classes2_1/sources/com/google/android/gms/common/api/internal/zaaq.java and /tmp/classes2_2/sources/com/google/android/gms/common/api/internal/zaaq.java differ
Files /tmp/classes2_1/sources/com/google/android/gms/common/api/internal/zaar.java and /tmp/classes2_2/sources/com/google/android/gms/common/api/internal/zaar.java differ
Files /tmp/classes2_1/sources/com/google/android/gms/common/api/internal/zaau.java and /tmp/classes2_2/sources/com/google/android/gms/common/api/internal/zaau.java differ
Files /tmp/classes2_1/sources/com/google/android/gms/internal/auth/zzap.java and /tmp/classes2_2/sources/com/google/android/gms/internal/auth/zzap.java differ
Files /tmp/classes2_1/sources/com/google/android/gms/security/zza.java and /tmp/classes2_2/sources/com/google/android/gms/security/zza.java differ
Files /tmp/classes2_1/sources/com/google/android/gms/tasks/zzn.java and /tmp/classes2_2/sources/com/google/android/gms/tasks/zzn.java differ
Files /tmp/classes2_1/sources/com/google/android/gms/tasks/zzo.java and /tmp/classes2_2/sources/com/google/android/gms/tasks/zzo.java differ
Files /tmp/classes2_1/sources/com/google/android/material/timepicker/ChipTextInputComboView.java and /tmp/classes2_2/sources/com/google/android/material/timepicker/ChipTextInputComboView.java differ
Files /tmp/classes2_1/sources/com/google/android/material/timepicker/ClockFaceView.java and /tmp/classes2_2/sources/com/google/android/material/timepicker/ClockFaceView.java differ
Files /tmp/classes2_1/sources/com/google/android/material/timepicker/TimePickerTextInputKeyController.java and /tmp/classes2_2/sources/com/google/android/material/timepicker/TimePickerTextInputKeyController.java differ
Files /tmp/classes2_1/sources/com/google/api/client/util/ByteStreams.java and /tmp/classes2_2/sources/com/google/api/client/util/ByteStreams.java differ
Files /tmp/classes2_1/sources/com/google/common/collect/AbstractListMultimap.java and /tmp/classes2_2/sources/com/google/common/collect/AbstractListMultimap.java differ
Files /tmp/classes2_1/sources/com/google/common/collect/AbstractMultiset.java and /tmp/classes2_2/sources/com/google/common/collect/AbstractMultiset.java differ
Files /tmp/classes2_1/sources/com/google/common/graph/DirectedGraphConnections.java and /tmp/classes2_2/sources/com/google/common/graph/DirectedGraphConnections.java differ
Files /tmp/classes2_1/sources/com/google/common/graph/ForwardingNetwork.java and /tmp/classes2_2/sources/com/google/common/graph/ForwardingNetwork.java differ
Files /tmp/classes2_1/sources/com/google/common/io/ByteSource.java and /tmp/classes2_2/sources/com/google/common/io/ByteSource.java differ
Files /tmp/classes2_1/sources/com/typesafe/config/impl/ConfigDelayedMergeObject.java and /tmp/classes2_2/sources/com/typesafe/config/impl/ConfigDelayedMergeObject.java differ
Files /tmp/classes2_1/sources/fr/acinq/eclair/Features.java and /tmp/classes2_2/sources/fr/acinq/eclair/Features.java differ
Files /tmp/classes2_1/sources/fr/acinq/eclair/JsonSerializers$.java and /tmp/classes2_2/sources/fr/acinq/eclair/JsonSerializers$.java differ
Files /tmp/classes2_1/sources/fr/acinq/eclair/blockchain/electrum/ElectrumWallet.java and /tmp/classes2_2/sources/fr/acinq/eclair/blockchain/electrum/ElectrumWallet.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/channel/Commitments$.java and /tmp/classes3_2/sources/fr/acinq/eclair/channel/Commitments$.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/channel/WaitingForRevocation.java and /tmp/classes3_2/sources/fr/acinq/eclair/channel/WaitingForRevocation.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/crypto/ShaChain$.java and /tmp/classes3_2/sources/fr/acinq/eclair/crypto/ShaChain$.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/db/sqlite/SqliteFeeratesDb.java and /tmp/classes3_2/sources/fr/acinq/eclair/db/sqlite/SqliteFeeratesDb.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/db/sqlite/SqlitePaymentsDb$$anonfun$listPaymentsOverview$1.java and /tmp/classes3_2/sources/fr/acinq/eclair/db/sqlite/SqlitePaymentsDb$$anonfun$listPaymentsOverview$1.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/payment/relay/Relayer.java and /tmp/classes3_2/sources/fr/acinq/eclair/payment/relay/Relayer.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/router/Router.java and /tmp/classes3_2/sources/fr/acinq/eclair/router/Router.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/transactions/CommitmentSpec$.java and /tmp/classes3_2/sources/fr/acinq/eclair/transactions/CommitmentSpec$.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/transactions/CommitmentSpec.java and /tmp/classes3_2/sources/fr/acinq/eclair/transactions/CommitmentSpec.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/wallet/activities/ChannelsBackupSettingsActivity.java and /tmp/classes3_2/sources/fr/acinq/eclair/wallet/activities/ChannelsBackupSettingsActivity.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/wallet/activities/CreateSeedActivity.java and /tmp/classes3_2/sources/fr/acinq/eclair/wallet/activities/CreateSeedActivity.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/wallet/activities/OpenConnectionActivity.java and /tmp/classes3_2/sources/fr/acinq/eclair/wallet/activities/OpenConnectionActivity.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/wallet/activities/RestoreChannelsBackupActivity.java and /tmp/classes3_2/sources/fr/acinq/eclair/wallet/activities/RestoreChannelsBackupActivity.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/wallet/activities/RestoreSeedActivity.java and /tmp/classes3_2/sources/fr/acinq/eclair/wallet/activities/RestoreSeedActivity.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/wallet/activities/StartupActivity.java and /tmp/classes3_2/sources/fr/acinq/eclair/wallet/activities/StartupActivity.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/wallet/actors/ElectrumSupervisor.java and /tmp/classes3_2/sources/fr/acinq/eclair/wallet/actors/ElectrumSupervisor.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/wallet/fragments/ReceivePaymentFragment.java and /tmp/classes3_2/sources/fr/acinq/eclair/wallet/fragments/ReceivePaymentFragment.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/wire/ChannelAnnouncement.java and /tmp/classes3_2/sources/fr/acinq/eclair/wire/ChannelAnnouncement.java differ
Files /tmp/classes3_1/sources/fr/acinq/eclair/wire/ChannelUpdate.java and /tmp/classes3_2/sources/fr/acinq/eclair/wire/ChannelUpdate.java differ
Files /tmp/classes3_1/sources/io/netty/handler/codec/spdy/SpdyCodecUtil.java and /tmp/classes3_2/sources/io/netty/handler/codec/spdy/SpdyCodecUtil.java differ
Files /tmp/classes3_1/sources/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java and /tmp/classes3_2/sources/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java differ
Files /tmp/classes3_1/sources/io/netty/handler/ssl/SslContext.java and /tmp/classes3_2/sources/io/netty/handler/ssl/SslContext.java differ
Files /tmp/classes3_1/sources/io/netty/util/Recycler.java and /tmp/classes3_2/sources/io/netty/util/Recycler.java differ
Files /tmp/classes3_1/sources/io/netty/util/internal/shaded/org/jctools/queues/BaseMpscLinkedArrayQueuePad3.java and /tmp/classes3_2/sources/io/netty/util/internal/shaded/org/jctools/queues/BaseMpscLinkedArrayQueuePad3.java differ
Files /tmp/classes3_1/sources/io/netty/util/internal/shaded/org/jctools/queues/atomic/BaseMpscLinkedAtomicArrayQueuePad3.java and /tmp/classes3_2/sources/io/netty/util/internal/shaded/org/jctools/queues/atomic/BaseMpscLinkedAtomicArrayQueuePad3.java differ
Files /tmp/classes3_1/sources/io/opencensus/metrics/export/Value.java and /tmp/classes3_2/sources/io/opencensus/metrics/export/Value.java differ

in ./sources/fr/acinq/eclair/JsonSerializers$.java looks like ordering issue incomingHtlcReadWriter and outgoingHtlcReadWriter calls order is different.

Predef$.MODULE$.implicitly(incomingHtlcReadWriter()), (Types.BaseReader) Predef$.MODULE$.implicitly(outgoingHtlcReadWriter())})),

in sources/fr/acinq/eclair/crypto/ShaChain$.java

@@ -191,10 +191,10 @@
     public Option<ByteVector32> getHash(ShaChain shaChain, Vector<Object> vector) {
         return shaChain.knownHashes().keys().find(new Serializable(vector) { // from class: fr.acinq.eclair.crypto.ShaChain$$anonfun$getHash$1
             public static final long serialVersionUID = 0;
-            private final Vector index$1;
+            private final Vector index$2;
 
             {
-                this.index$1 = r1;
+                this.index$2 = r1;
             }

Other diff maybe cause different java version need to be used?