Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to disable "generated" timestamp #784

Closed
nielsvanvelzen opened this issue Aug 3, 2022 · 6 comments
Closed

Add ability to disable "generated" timestamp #784

nielsvanvelzen opened this issue Aug 3, 2022 · 6 comments

Comments

@nielsvanvelzen
Copy link

For the app I'm working on (jellyfin-androidtv) we want to publish builds to F-Droid. Ideally we'd use reproducible builds with that. After the reproducible builds failing for some time I found out this library causes a small issue.

The "res/iz.json" file that is generated contains a timestamp (metadata.generated) which is unique for each build. This makes the build not reproducible.

Would it be possible to add an option to either remove the property / set it to null / hardcode a value?

If you're interested in more reasoning why reproducible builds matter you can read at https://reproducible-builds.org (I'm not the best explainer).
@mikepenz
Copy link
Owner

mikepenz commented Aug 3, 2022

Thank you very much for the report @nielsvanvelzen . That's a great suggestion, and makes a lot of sense.

The timestamp was introduced to offer teams who only generate new dependency exports on-demand a tool to verify when the given export was generated (to prevent potential build issues where the generation would no longer work)

I'll have a look into this, but a configuration option for the plugin will most likely make most sense.

@mikepenz
Copy link
Owner

mikepenz commented Aug 4, 2022

After a closer look, you can already achieve this right away by excluding the generated field from the target json:

aboutLibraries {
    excludeFields = arrayOf("generated")
}

@nielsvanvelzen
Copy link
Author

Awesome, it does indeed remove the field from the generated JSON. Can I expect this functionality to keep working (e.g. the field won't be required in the runtime part of the library in a later release)?

@nielsvanvelzen nielsvanvelzen mentioned this issue Aug 4, 2022
Merged
@mikepenz
Copy link
Owner

mikepenz commented Aug 5, 2022

There are no plans to use the field as part of the runtime, similarly most other fields are optional and can be dropped to lower size of the meta-data.

@mikepenz mikepenz closed this as completed Aug 5, 2022
vatbub added a commit to vatbub/Scoreboard that referenced this issue Feb 13, 2023
@vatbub
Disabled the timestamp for the generated about libraries json (see mi…
b1afaeb 
…kepenz/AboutLibraries#784 )
@rocka rocka mentioned this issue Mar 15, 2023
Closed
@licaon-kter licaon-kter mentioned this issue Apr 12, 2023
Closed
@kaajjo kaajjo mentioned this issue Apr 28, 2023
Closed
Mynacol added a commit to Mynacol/Coffee that referenced this issue Oct 26, 2023
@Mynacol
Remove timestamp to allow reproducible builds
349d56a 
This removes the metadata.generated timestamp in a json file generated
by AboutLibraries. This value is not really needed, but breaks
reproducible builds, as different timestamps are saved.
mikepenz/AboutLibraries#784 (comment)

Without this timestamp the app is fully reproducible.
@Mynacol Mynacol mentioned this issue Oct 26, 2023
Merged
mueller-ma pushed a commit to mueller-ma/Coffee that referenced this issue Oct 29, 2023
@Mynacol
Remove timestamp to allow reproducible builds (#292)
f1fd3b4 
This removes the metadata.generated timestamp in a json file generated
by AboutLibraries. This value is not really needed, but breaks
reproducible builds, as different timestamps are saved.
mikepenz/AboutLibraries#784 (comment)

Without this timestamp the app is fully reproducible.
@oxyroid oxyroid mentioned this issue Jan 22, 2024
Closed
@licaon-kter licaon-kter mentioned this issue Jul 5, 2024
Closed
fibelatti added a commit to fibelatti/photo-widget that referenced this issue Aug 4, 2024
@fibelatti
Use available library API to exclude the field instead
5d012b1 
mikepenz/AboutLibraries#784
fibelatti added a commit to fibelatti/pinboard-kotlin that referenced this issue Aug 4, 2024
@fibelatti
Use available library API to exclude the field instead
eb476f1 
mikepenz/AboutLibraries#784
@licaon-kter licaon-kter mentioned this issue Oct 31, 2024
Closed
@licaon-kter licaon-kter mentioned this issue Jan 21, 2025
Merged
@eighthave
Copy link

eighthave commented Jan 21, 2025
edited
Loading

What about making this generated thing an opt-in feature? Sounds like most apps don't use it, and it will always break reproducible builds. These days, most Android apps are reproducible without the dev having to do specific configuration. On f-droid.org, we have at least 60 apps affected.

For example, here is what it looks like when AboutLibraires is the only thing breaking reproducble builds:
https://verification.f-droid.org/de.lukasneugebauer.nextcloudcookbook_37.apk.diffoscope.html

@mikepenz
Copy link
Owner

It was a means to help integrators identify when the file was generated the last time.

I do agree, though, that most integrating parties might not think about it resulting in non-reproducible builds, and that it is probably best to inverse the default.

While not the same simplicity as just dropping in the plugin:
I generally believe people should generate the file on-demand instead of just generating it with the android tasks - so the file is checked in and in full control: https://github.com/mikepenz/AboutLibraries?tab=readme-ov-file#enterprise

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@eighthave @mikepenz @nielsvanvelzen