Version of the NDK to use in this build. Defaults to the latest NDK release that included legacy toolchains (12b), so as to not break builds that require toolchains no longer included in current versions of the NDK.
The buildserver supports r9b with its legacy toolchains, r10e, r11c r12b them all, and the latest release as of writing this document, r21. You may add support for more versions by adding them to ’ndk_paths’ in your config file.
Since the NDK version is important for a reproducible build, the documentation should tell that the NDK version should be specified and link to the available NDK versions.
Then try rebuilding the APK on your machine, using fdroid build and
then use diffoscope to compare it to the F-Droid APK. Then fix the
differences. Once the APK is reliably reproducible, then you can
consider also using the upstream developer signature, which requires
reproducible builds.
I imagine so. Someone needs to dig into it to figure it out. That can
happen anywhere. My guess is that diffoscope is mislabeling one of the
APKs as somethung else, like a plain JAR or plain ZIP, then doing a
binary comparison. APKs are both valid JARs and valid ZIPs.
BUILD SUCCESSFUL in 37s
52 actionable tasks: 51 executed, 1 up-to-date
INFO: Successfully built version 1.992 of eu.faircode.email
DEBUG: Using androguard from "/usr/lib/python3/dist-packages/androguard/__init__.py"
DEBUG: Checking build/eu.faircode.email/app/build/outputs/apk/full/release/FairEmail-v1.992-full-release-unsigned.apk
INFO: ...retrieving https://github.com/M66B/FairEmail/releases/download/1.992/FairEmail-v1.992-full-github.apk
DEBUG: Starting new HTTPS connection (1): github.com
DEBUG: https://github.com:443 "GET /M66B/FairEmail/releases/download/1.992/FairEmail-v1.992-full-github.apk HTTP/1.1" 302 638
DEBUG: Starting new HTTPS connection (1): github-production-release-asset-2e65be.s3.amazonaws.com
DEBUG: https://github-production-release-asset-2e65be.s3.amazonaws.com:443 "GET /143298715/d8194c80-596f-11ea-803c-7e7046b0d821?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200227%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200227T143504Z&X-Amz-Expires=300&X-Amz-Signature=7d46a678f70be8fa38631003323cbf396d3babfa33fd0776fc927ffc49070582&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3DFairEmail-v1.992-full-github.apk&response-content-type=application%2Fvnd.android.package-archive HTTP/1.1" 200 12174168
WARNING: Ignoring META-INF/MANIFEST.MF from unsigned/eu.faircode.email_992.apk
DOES NOT VERIFY
ERROR: SHA-256 digest of AndroidManifest.xml does not match the digest specified in META-INF/MANIFEST.MF. Expected: <oTOZfOh8OUkJZrrW3ByzKfy/zl1Rb2Ywg4l3PYpHrwQ=>, actual: <kSPZ+GnUbxRRZw0EvDerKqqEx9jebp9GJ8MVQ/jBjDA=>
ERROR: SHA-256 digest of classes.dex does not match the digest specified in META-INF/MANIFEST.MF. Expected: <IypiPzw/bBi5loZvI01Po2n++AYrLWfo5FSMz7knjWM=>, actual: <asXmVEQg4NzX6H/YLniWSTUgARHS5FRjGP3OrwUiX64=>
ERROR: SHA-256 digest of classes2.dex does not match the digest specified in META-INF/MANIFEST.MF. Expected: <VP6C33A0DM40xWvoMP/5VuN5l2xJuS9gnu//uhzzpQA=>, actual: <B/3V7v91IF5/q0+a+ighqdP8PIbx/U9EdwLgCJKN7Ts=>
ERROR:
/tmp/tmp_s1n3aci/sigcp_eu.faircode.email_992.apk:
INFO: ...NOT verified - /tmp/tmp_s1n3aci/sigcp_eu.faircode.email_992.apk
DEBUG: > diff -r /tmp/tmp_s1n3aci/unsigned_binaries_eu.faircode.email_992.binary /tmp/tmp_s1n3aci/_tmp_tmp_s1n3aci_sigcp_eu.faircode.email_992
DEBUG: removing unsigned/eu.faircode.email_992.apk
DEBUG: removing unsigned/binaries/eu.faircode.email_992.binary.apk
ERROR: Could not build app eu.faircode.email: compared built binary to supplied reference binary but failed
==== detail begin ====
Unexpected diff output:
Binary files /tmp/tmp_s1n3aci/unsigned_binaries_eu.faircode.email_992.binary/content/AndroidManifest.xml and /tmp/tmp_s1n3aci/_tmp_tmp_s1n3aci_sigcp_eu.faircode.email_992/content/AndroidManifest.xml differ
Binary files /tmp/tmp_s1n3aci/unsigned_binaries_eu.faircode.email_992.binary/content/classes2.dex and /tmp/tmp_s1n3aci/_tmp_tmp_s1n3aci_sigcp_eu.faircode.email_992/content/classes2.dex differ
Binary files /tmp/tmp_s1n3aci/unsigned_binaries_eu.faircode.email_992.binary/content/classes.dex and /tmp/tmp_s1n3aci/_tmp_tmp_s1n3aci_sigcp_eu.faircode.email_992/content/classes.dex differ
==== detail end ====
INFO: Finished
INFO: 1 build failed
I’m comparing with the Github published one, that’s what you want @M66B right?
Since the manifest and classes differ, I am wondering if the same source code is being used. In any case the are no native libraries different, which is good.