Unreproducible builds of every single APK

Hi,

I am trying to figure out whether some of the APK on the F-Droid are APKs that support unreproducible builds. It seems not clear for me to read the specification from site Reproducible Builds | F-Droid - Free and Open Source Android App Repository

Let me be clear. say I want to make sure the newly updated APK The Life(The Life | F-Droid - Free and Open Source Android App Repository) supports unreproducible build or not.

I already checked the metadata to find whether there exists Binaries directive, but not found.
Then I tried to search info with app id org.hlwd.bible_multi_the_life on site https://verification.f-droid.org/, but not found either.

So, I want to know if there is a simple way to check if the APK source code supports unreproducible build? Thank you.

Clone and grep the metadata folder for Binaries ?

So, you mean to try to find the Binaries directive on the Build Metadata file?

I tried to find the Binaries directive on the above site but there does not exist.

Clone THE WHOLE REPO not open a single file…

~/fdroiddata$ grep Binaries metadata/*.yml|cut -d ":" -f1|sort|uniq
metadata/androdns.android.leetdreams.ch.androdns.yml
metadata/chromiumupdater.bamless.com.chromiumsweupdater.yml
metadata/com.markuspage.android.certtools.yml
metadata/de.schildbach.oeffi.yml
metadata/im.zom.messenger.yml
metadata/info.guardianproject.checkey.yml
metadata/info.guardianproject.locationprivacy.yml
metadata/info.guardianproject.orfox.yml
metadata/net.opendasharchive.openarchive.release.yml
metadata/org.briarproject.briar.android.yml
metadata/org.fdroid.fdroid.ota.yml
metadata/org.fdroid.fdroid.privileged.ota.yml
metadata/org.lichess.mobileapp.yml
metadata/org.mozilla.klar.yml
metadata/rs.ltt.android.yml
metadata/uk.co.keepawayfromfire.screens.yml
1 Like

OK, thanks for your reply.
However, I want to make sure that the specific one named " The Life" has been verified or not?
And, I cannot find the Binary directive on the yml file metadata/org.hlwd.bible_multi_the_life.yml · master · F-Droid / Data · GitLab.

Does it mean that the APK has not been verified?

Thanks.

It means the app can’t (yet?) be build reproducible.

Work with the developer to make it so in their repo.

2 Likes

OK, thanks for your quick reply. :slight_smile:

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.