[Help wanted] How to create a reproducible build (FairEmail)

So, at least R8 is being used and can be removed from the list of potential problems.

I don’t see ‘ Transform artifact … ’ in my build.

You can find a complete transcript of a build session here:

See my edited post above…

I think it’s because I can’t build assembleGithubRelease and can only build assembleFullRelease…which I did…that’s the APK…

So as expected…it’s very different…

full’ is an incomplete specification. What needs to be built is build type ‘GitHub’, so only signature V1 will be used (which was what changed in version 1.992 besides specifying the exact NDK version) and product flavor ‘full’ to use the right build config (links, etc).

See here:

Already looking, and I’ll try to bypass the gradle logic and build like that

release’ has been split into ‘play’ and ‘github’ to be able to use different signing configs.

So, ‘release’ does not exist anymore.

Note that ‘github’ is meant to be the GitHub version and a reproducible F-Droid built.

If I put gradle: yes it builds both Full and Play, as releases, so Github can’t be build…no release.

If I omit gradle: if tries the old build system

DEBUG: > /home/strech/android/tools/android update lib-project -p .
Error: . is not a valid project (AndroidManifest.xml not found).
ERROR: Could not build app eu.faircode.email: Failed to update project at .

Are you sure you are using the right version with the right gradle file?

release ’ does not exist anymore …

Also, ‘full’ is a build flavor and ‘play’ is a build type.

I’m not using files directly, nor commits, fdroid pulls the Tag, that means I can’t be sure, but I trust git. :wink:

It wasn’t plain play but play_release (as the flavour name) iirc, I was in a hurry.

When you don’t specify a flavour, it builds them all.

Again, the issue is that we (atm) can’t build a non-existing release.

Do I understand correctly that we need to wait until F-Droid has built version 1.992?

Yes and no.

Yes, F-Droid builds to verify, and users will get an update, but you can have the inbuild autoupdate/your fdroidrepo update the app before we verify it.

The trick is that being signed twice users can update from multiple places.

it is saying that these files are different:

  • AndroidManifest.xml
  • classes.dex
  • classes2.dex

So the next step is to find those differences, and what is causing them.

We know that these files are different, but why?
Do you have any suggestion about how to find out what is causing the difference?

This is not the problem ^^^ ?

@hans How do I bypass Gradle (see post 46 [Help wanted] How to create a reproducible build (FairEmail) ) so I can build a non-release?

@M66B In the mean time, reenabled autoupdates: https://gitlab.com/fdroid/fdroiddata/-/merge_requests/6402

check the F-Droid docs, like the Reproducible Builds page, for more
info. It will likely require you dig into things to figure out why.
reproducible-builds.org also has useful resources.

I meant in F-Droid…


`* What went wrong:
Execution failed for task ‘:app:stripFullReleaseDebugSymbols’.

Requested NDK version 21.0.6113669 did not match the version 12.1.2977051 requested by ndk.dir at /home/vagrant/android-ndk/r12b

  • Try:
    Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

  • Get more help at https://help.gradle.org

BUILD FAILED in 1m 34s`


Using NDK 12 while I use NDK 21 will likely not result in a reproducible build …

Also, NDK 12 is very old (June 2016) and should really not be used anymore.

I have tried to figure this out on my own, but I have zero experience with reproducible builds, so I need help on this. What should I as developer do to make this happen?

first, find the diffs between builds. diffoscope is the tool for
that. You can just run the build twice on your own machine to start
with. Then take it from there.