I did a quick survey of
verification.f-droid.org
: there are about 1000 apps where every attempt to verify has succeeded. Those seem like the prime candidates for moving to reproducible builds. Here’s the script and my output (appid, versionCode):
all-runs-verified.zip (17.0 KB)
Hi: com.celzero.bravedns (rethinkdns) dev here. Not surprising to see us absent from that list (I assumed reproducible builds to have been hard to achieve for us). What’s needed from the apps not in the list to make reproducible builds work?
Your app is written in pure java/kotlin. It should be mostly reproducible. I didn’t check both apks but I guess it’s due to the profm issue. See Reproducible Builds | F-Droid - Free and Open Source Android App Repository for details.
Actually, if you look at all the reports on https://verification.f-droid.org/
for com.celzero.bravedns, there is only one release that failed (although
versionCode 27 hasn’t been tried yet):
https://verification.f-droid.org/com.celzero.bravedns_19.apk.diffoscope.html
One thing to keep in mind is that verification.f-droid.org rebuilds the APKs on
f-droid.org, so there could still be differences in your release build setup.
If you run your release builds on Debian/bullseye like f-droid.org, then I think
diffs will be highly unlikely. Other Debian releases or GNU/Linux distros would
probably not be too likely to triggers diffs. If your release builds on done on
macOS or Windows, that’s the most likely to trigger diffs.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.