I understand what you say, but:
IMHO it should just work if the build environments are aligned. I will make the necessary changes in the gradle scripts, but I need to know what to change.
tl;dr; I can’t do this alone.
Yeah, saw the log, will check asap.
Reproducible builds are not easy anywhere, as you’ve already seen. To make it a thing, we need people like you to work through these difficulties. I don’t know of a better tool than diffoscope for this. They do welcome bug reports and are responsive, so please do report troubles to their issue tracker.
I prefer to put time into actual development, so I am not going to pursue this any further. If F-Droid want reproducible builds, F-Droid should put effort into this IMHO, not developers.
We have put a ton of effort into reproducible builds, and it will only happen if more people get involved. Sorry I don’t have clear answers, but they don’t yet exist. So its great that you dove in as much as you did, it would be quite helpful if you could post your experience to the various related bug trackers. For example, here are the diffoscope issues: https://bugs.debian.org/diffoscope, search for “apk” on that page and you’ll find relevant issues that you could post to.
The good news is that @bubu got some grant funding to work on reproducible builds, so we should see improvements this year.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
I contacted @M66B (the developer of FairEmail) regarding this and got an answer:
I asked F-Droid already quite some time ago in an issue what they need for a reproducible build, but they didn’t give an answer.
tl;dr; you need to contact F-Droid about this. In any case, I am happy to make this happy, and if that’s needed, I’ll make changes in the build scripts.
Could someone from the F-Droid team help make this happen?
We’re 2 years later and >200 reproducible apps, we’ve learned a lot and tooling has been fixed too.
I’ll retry to see at least what sources of non-determinism there still are present.
@M66B while the release template text still says " You might need to expand the Assets section below to download the APK file, which can be installed as an update." you stopped publishing APKs back in Jul '22
Can you publish one for the fdroid flavor for the next release so we can diff?
@Licaon_Kter I’ve never stopped publishing APK files, so I don’t understand your remark. Check here:
I can’t build the F-Droid version because I don’t have the signing key. I can build an F-Droid version signed with my key for you if you wish, just contact me, but to prevent confusion, I don’t want to make it public.
wat? Release 1.2113 Vallibonavenatrix · M66B/FairEmail · GitHub 
and I’ve gone page by page until July 2022, all these releases between 1.1940 and 1.2113 do not have APKs attached. Either that or Github is hiding them from me specifically 
I said “gradle flavor” not “F-Droid version” yes 
You can PM me the APK here
I think @M66B removes outdated apk files and only provides the apk for the latest release. (Just a guess.)
This is correct, only the latest version is supported, and available for download.
I’ve wasted enough time because people were using old versions with known bugs.
that’s good, but (when repro is ready ) we’d need for it to be available a bit longer so F-Droid can build and download it to verify
I hope you are aware that the GitHub and FDroid version are not the same.
@M66B F-Droid will always need F-Droid flavor apks that are signed by you. Then they will build F-Droid flavour themselves and compare it against your build, and if it is indeed F-Droid flavour, then the build that was signed by you will be released on the F-Droid repository.
Yes, they’ll be signed by you, but as asked above, they need to be fdroid flavor, clean of any dirtynon-FOSS deps
Your pipeline would need to build two APKs, instead of the current one, and upload them both to Github.
GitHub is for GitHub releases and not for F-Droid builds. Publishing different APK files on GitHub will confuse people and will result in many additional support questions. I’m already answering several thousands of questions every month, so I’m not really waiting for more questions. So, this is not going to happen.
