[Help wanted] How to create a reproducible build (FairEmail)

I’m not using files directly, nor commits, fdroid pulls the Tag, that means I can’t be sure, but I trust git. :wink:

It wasn’t plain play but play_release (as the flavour name) iirc, I was in a hurry.

When you don’t specify a flavour, it builds them all.

Again, the issue is that we (atm) can’t build a non-existing release.

Do I understand correctly that we need to wait until F-Droid has built version 1.992?

Yes and no.

Yes, F-Droid builds to verify, and users will get an update, but you can have the inbuild autoupdate/your fdroidrepo update the app before we verify it.

The trick is that being signed twice users can update from multiple places.

it is saying that these files are different:

  • AndroidManifest.xml
  • classes.dex
  • classes2.dex

So the next step is to find those differences, and what is causing them.

We know that these files are different, but why?
Do you have any suggestion about how to find out what is causing the difference?

This is not the problem ^^^ ?

@hans How do I bypass Gradle (see post 46 [Help wanted] How to create a reproducible build (FairEmail) ) so I can build a non-release?

@M66B In the mean time, reenabled autoupdates: https://gitlab.com/fdroid/fdroiddata/-/merge_requests/6402

check the F-Droid docs, like the Reproducible Builds page, for more
info. It will likely require you dig into things to figure out why.
reproducible-builds.org also has useful resources.

I meant in F-Droid…


`* What went wrong:
Execution failed for task ‘:app:stripFullReleaseDebugSymbols’.

Requested NDK version 21.0.6113669 did not match the version 12.1.2977051 requested by ndk.dir at /home/vagrant/android-ndk/r12b

  • Try:
    Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

  • Get more help at https://help.gradle.org

BUILD FAILED in 1m 34s`


Using NDK 12 while I use NDK 21 will likely not result in a reproducible build …

Also, NDK 12 is very old (June 2016) and should really not be used anymore.

I have tried to figure this out on my own, but I have zero experience with reproducible builds, so I need help on this. What should I as developer do to make this happen?

first, find the diffs between builds. diffoscope is the tool for
that. You can just run the build twice on your own machine to start
with. Then take it from there.

I understand what you say, but:

  • diffoscope on F-Droid seems to be broken (see earlier)
  • diffoscope crashed on my device
  • There was no result on diffoscope.org because it took to long
  • I have no suitable hardware to install an F-Droid build environment

IMHO it should just work if the build environments are aligned. I will make the necessary changes in the gradle scripts, but I need to know what to change.

tl;dr; I can’t do this alone.

1 Like

Yeah, saw the log, will check asap.

Opps, my bad, I’ve pushed the updated metadata without the ndk line commit, it’s fixed now :neutral_face:

1 Like

Reproducible builds are not easy anywhere, as you’ve already seen. To make it a thing, we need people like you to work through these difficulties. I don’t know of a better tool than diffoscope for this. They do welcome bug reports and are responsive, so please do report troubles to their issue tracker.

1 Like

I prefer to put time into actual development, so I am not going to pursue this any further. If F-Droid want reproducible builds, F-Droid should put effort into this IMHO, not developers.

1 Like

We have put a ton of effort into reproducible builds, and it will only happen if more people get involved. Sorry I don’t have clear answers, but they don’t yet exist. So its great that you dove in as much as you did, it would be quite helpful if you could post your experience to the various related bug trackers. For example, here are the diffoscope issues: https://bugs.debian.org/diffoscope, search for “apk” on that page and you’ll find relevant issues that you could post to.

The good news is that @bubu got some grant funding to work on reproducible builds, so we should see improvements this year.

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.