Reproducible Builds

[IzzySoft]

Looks like the APK at the v0.27 tag was not built from the same – but from a commit not even present in the repo here. Can you please make sure to build future release APKs from the commit the release tag points to? They'd be perfectly RB then. For this version, I had to apply two little tricks to achieve that:

- sed -r 's/2553ee0eed968bbb01b6314c78d247847258ad4a/63d9eefec3bf454b2d8a6f3c92c70f6fdc4328f7/' -i app/src/main/assets/release.json
- chmod +x gradlew
- ./gradlew assembleRelease
- git clone -b v0.3.0 https://github.com/obfusk/reproducible-apk-tools.git
- reproducible-apk-tools/inplace-fix.py --internal --zipalign --page-size 4 fix-files app/build/outputs/apk/release/app-release-unsigned.apk 'sed s/a7a6b0364a036d44bdd69c808e7c3c1183131409/97278110704347db23633fc58cde7ee8aae00c7a/' 'META-
- mv app/build/outputs/apk/release/app-release-unsigned.apk /outputs/unsigned.apk

The first sed to apply the change that commit obviously made, and then a second in-place sed to adjust the commit hash itself. Not ideal, as that means each future release would need manual adjustments here – so if you please 😉

PS: Toni still waits for your call 😉

[sunilpaulmathew]

@IzzySoft
Most likely because I build APK before pushing the latest release tag to GitHub. I'll try to avoid that from future releases.

PS: I'll text you in Telegram in a weekday. Thanks & sorry for the long delay.

[IzzySoft]

Most likely because I build APK before pushing the latest release tag to GitHub.

That would explain, yes – and thanks for avoiding in the future 😉

I'll text you in Telegram in a weekday.

I'm not on TG, but Toni & LooKeR are. Nice to see you "united" there then!