Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reproducible Builds #275

Open
IzzySoft opened this issue Dec 7, 2024 · 0 comments
Open

Reproducible Builds #275

IzzySoft opened this issue Dec 7, 2024 · 0 comments

Comments

@IzzySoft
Copy link

IzzySoft commented Dec 7, 2024

At IzzyOnDroid we support Reproducible Builds (see: Reproducible Builds, special client support and more at IzzyOnDroid). Trying for yours, I was able to successfully generate the APK using ./gradlew assembleRelease, but the resulting APKs were not identical. Today, I found the culprit:

gn_mobile_occtax/occtax/build.gradle

Line 36 in ef398ac

buildConfigField "String", "BUILD_DATE", "\"" + new Date().getTime() + "\"" 

       name          : 'BUILD_DATE'
       type          : 'Ljava/lang/String;'
       access        : 0x0019 (PUBLIC STATIC FINAL)
-      value         : "1720875836589"
+      value         : "1720955749028"
     #2              : (in Lfr/geonature/occtax/BuildConfig;)
       name          : 'BUILD_TYPE'
       type          : 'Ljava/lang/String;'

As that's calculated at build time, it prevents the app from being reproducible. With the current v2.7.1 there was an added minor culprit (the APK was built before the last changes have been committed) – but the following recipe lead to a successful RB:

- git reset --soft a2df18b643390014b0427bdbccfe35e101168516
- sed -r '/signingConfigs.release/d' -i occtax/build.gradle
- sed -r 's/new Date\(\)\.getTime\(\)/1731849775420/' -i occtax/build.gradle
- chmod +x gradlew
- ./gradlew assembleRelease
- mv occtax/build/outputs/apk/release/occtax-*-release-unsigned.apk /outputs/unsigned.apk

results in

BUILD SUCCESSFUL in 4m
300 actionable tasks: 300 executed
+ mv occtax/build/outputs/apk/release/occtax-2.7.1-release-unsigned.apk /outputs/unsigned.apk

--- END BUILD LOG ---
Keeping 'd49d7c555be718501b3d359a4e205478a20ee7f5a6ffdfa8bf922e6e62ebd20b-fr.geonature.occtax2-2.7.1-upstream.apk'...
Keeping '9511ec987b6c8fe25b0e6fd85cb6cf28ceb608f0762b3c89edaaebba4cdfdb49-fr.geonature.occtax2-2.7.1-unsigned.apk'...
Reproducible: True
Tags built: 1.

May I kindly ask you to remove that BUILD_DATE field, to allow newer releases to be automatically verified for RB (eh, and also to build from a clean tree after having the latest changes committed)? Thanks in advance!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@IzzySoft