Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reproducible Builds #292

Open
IzzySoft opened this issue Dec 4, 2024 · 11 comments
Open

Reproducible Builds #292

IzzySoft opened this issue Dec 4, 2024 · 11 comments

Comments

@IzzySoft
Copy link

IzzySoft commented Dec 4, 2024

At IzzyOnDroid we support Reproducible Builds (see: Reproducible Builds, special client support and more at IzzyOnDroid). Trying for yours, I was able to successfully generate the APK using ./gradlew assembleRelease, but the resulting APKs were not identical. It seems like something is out of sync here. Here's an example from the dex diff:

 |: const-string v1, "User-Agent"
-|: const-string v2, "MMRL/32665"
+|: const-string v2, "MMRL/32669"

Your APK identifies as

package: name='com.dergoogler.mmrl' versionCode='32669' versionName='5.27.37'

Your user agent:

request.header("User-Agent", "MMRL/${BuildConfig.VERSION_CODE}")

which is reflected here by our build (MMRL/32669). According to META-INF/version-control-info.textproto, both our APKs were built from the same commit. So I wonder how this discrepancy occurs (and whether the other differences have a similar cause). Could you please check?

Thanks in advance!

@DerGoogler
Copy link
Owner

I actually have no clue from where this diff comes 🙃

@IzzySoft
Copy link
Author

IzzySoft commented Dec 4, 2024

And I could not figure where this $BuildConfig value is set – only that it is used there. Another one that looks "familiar":

 |: move-result-object v4
-|: const-string v5, "5.27.36"
+|: const-string v5, "5.27.37"

Not tell me that versionName: 5.27.36 had versionCode: 32665, and I'll be not surprised. Did you clean before build? Might be cached artifacts or something like that. Most likely something from a previous build. Can you try another clean build from the tagged commit, and see if the sha256sum (or any other hash at that) of the two APKs matches?

@DerGoogler
Copy link
Owner

32665 does not exist as a published version, only 32666
https://mmrl.dergoogler.com/changelog.json

Sems like there are not all commits, hm

@IzzySoft
Copy link
Author

IzzySoft commented Dec 4, 2024

Yeah, as you calculate versionCode based on commitcount… We could be onto something there 😉

And yes, I know that was not a published version. That doesn't mean it was not built, and thus could have left "build artifacts".

@DerGoogler
Copy link
Owner

Can you check again?

@IzzySoft
Copy link
Author

IzzySoft commented Dec 8, 2024

 |: const-string v1, "User-Agent"
-|: const-string v2, "MMRL/32716"
+|: const-string v2, "MMRL/32717"
 |: invoke-virtual {v0, v1, v2}, LH0/p;.u:(Ljava/lang/String;Ljava/lang/String;)V

distance is closing 🙈

 |: move-result-object v2
-|: const-string v3, "5.28.38"
+|: const-string v3, "5.29.39"
 |: filled-new-array {v3, v2}, [Ljava/lang/Object;

Hm, kay, here it's growing…

@DerGoogler
Copy link
Owner

I know what the issue is. I built a build before pushing the latest version name bruh

@IzzySoft
Copy link
Author

IzzySoft commented Dec 8, 2024

Eh, the "standard issue" 🙈

@IzzySoft
Copy link
Author

IzzySoft commented Dec 9, 2024

So you'll give me another ping on the next release, where you've then built after pushing the latest version name? 😉

@DerGoogler
Copy link
Owner

The next build may take two weeks, that's mostly due working.

@IzzySoft
Copy link
Author

IzzySoft commented Dec 9, 2024

No prob, that's why I asked for a ping when it's there (and not to make a new release now 😉). Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants