Hello. I’d like to request Wolf Gallery for inclusion in F-Droid. Metadata is ready;
I can’t open the MR myself due to GitLab’s phone/CC verification — would a
contributor help? Details below.
Summary: An offline, fully encrypted photo/file gallery. AES-256-GCM with
Argon2id key derivation, keys held in the Android Keystore. No network, no
telemetry, no trackers, no Google Play Services. All dependencies are FOSS.
Why it fits F-Droid: 100% FOSS (GPL-3.0-only), no proprietary libraries,
no network access at all, no anti-features. Native code (Argon2) is
built from source — there are no prebuilt .so binaries in the repo
(sources live in core-native/src/main/cpp/vendor/).
The complete build recipe is ready to paste as metadata/dev.encgallery.yml:
Categories:
- Multimedia
- Security
License: GPL-3.0-only
AuthorName: Wolf Project
SourceCode: https://github.com/Wolf-Project777/wolf-gallery
IssueTracker: https://github.com/Wolf-Project777/wolf-gallery/issues
Changelog: https://github.com/Wolf-Project777/wolf-gallery/releases
RepoType: git
Repo: https://github.com/Wolf-Project777/wolf-gallery.git
Builds:
- versionName: '1.0'
versionCode: 1
commit: v1.0
subdir: app
gradle:
- yes
ndk: r27c
AutoUpdateMode: Version
UpdateCheckMode: Tags
CurrentVersion: '1.0'
CurrentVersionCode: 1
Build details: AGP 8.10.0, Gradle 8.13, NDK r27c (27.2.12479018),
CMake 3.22.1, single ABI arm64-v8a, minSdk 28 / targetSdk 35.
Localized metadata, screenshots and icon are already in the repo under
fastlane/metadata/android/en-US/ (F-Droid will pick them up automatically).
Thanks!
Update: Wolf Gallery 1.1 is out. It adds a scroll-to-top button in the gallery and album views, and fixes some display glitches when toggling the screenshot-protection setting. Same signing key, installs over 1.0; latest GitHub release: Release 🐺 Wolf Gallery 1.1 · Wolf-Project777/wolf-gallery · GitHub
I’m also re-posting the metadata cleanly — the YAML in my first post lost its indentation when it was rendered, and the edit window has since closed. Corrected `metadata/dev.encgallery.yml`:
Build details: AGP 8.10.0, Gradle 8.13, NDK r27c (27.2.12479018), CMake 3.22.1, single ABI arm64-v8a, minSdk 28 / targetSdk 35. The app builds from source (no prebuilt `.so`); localized metadata, screenshots and icon are already in the repo under `fastlane/metadata/android/en-US/`. Still looking for a contributor who can open the fdroiddata MR — thanks!
The funny thing is that in their docs gitlab says “If phone verification is unavailable in your country, try credit card verification or create a support ticket.“ but to submit a ticket one must be signed in. IMO get a burner phone number, in some countries you don’t need to provide your documents to get a number. Used to be that way in CZ for example, idk if they still allow it.
Update: Wolf Gallery 1.2 is out. Your password or PIN now cryptographically unwraps the vault key itself — an
Argon2id-derived key wraps the data key on top of the hardware Keystore, so decrypting needs both your secret and the
device. Existing vaults upgrade automatically on first unlock; photos are never re-encrypted. You can also change your
password or PIN (and switch between them) in Settings → Security, without re-encrypting anything.
Re-posting the metadata cleanly as well (the YAML in the first post lost its indentation when posted, and the edit
window has since closed). Corrected metadata/dev.encgallery.yml:
Build details: AGP 8.10.0, Gradle 8.13, NDK r27c (27.2.12479018), CMake 3.22.1, single ABI arm64-v8a, minSdk 28 /
targetSdk 35. The only native code is Argon2, built from source — there are no prebuilt .so binaries in the repo.
Localized metadata, screenshots and the icon are already in the repo under fastlane/metadata/android/en-US/. Still
looking for a contributor who can open the fdroiddata MR (I can’t, due to the GitLab phone/card verification gate).
Happy to adjust anything needed.
Thanks @shuvashish76 for the pointer to #159 — good to know the GitLab verification barrier is being addressed on your
side.
And thank you @gwitko for offering to help — I’ll email you at your Proton address to coordinate before Saturday.
Everything (sources, build recipe, latest 1.2 tag) is ready on my side.
Really appreciate the F-Droid community stepping in here.
Thanks for opening the MR and adding AutoName — much appreciated!
On the email question: I don’t think a separate email is strictly required, but there are actually three ways to reach
me as the author, so contact is well covered: (1) the GitHub issue tracker, (2) this forum thread, where I (the
author) publicly requested F-Droid inclusion — which should also cover author notification/consent — and (3) a contact
email listed inside the app itself, in the “About Wolf Gallery” → feedback section. So use whichever F-Droid prefers;
if a reviewer wants an AuthorEmail in the metadata, you can take it from the app’s About section.
Thanks @gwitko for the review — all three points are addressed in v1.3 (just released):
1. Categories — added Gallery and Graphics alongside the existing Multimedia and Security. Gallery is now the first (primary) category, since it’s the most accurate fit for an encrypted gallery.
2. Reproducible build — the build now pins the full commit hash instead of the tag, and I’ve added Binaries and AllowedAPKSigningKeys. My signing key is backed up safely.
3. Per-ABI native libs — good catch by linsui. For stability and security we build the native crypto core (Argon2, compiled from source) for arm64-v8a only, so the app ships a single ABI.
Update: Wolf Gallery 1.3.1 is out — a maintenance release that makes the build fully reproducible for F-Droid.
The RB mismatch on 1.3 came from AGP’s embedded VCS-info file (META-INF/version-control-info.textproto): my release
APK was built outside the git tree, so it held the NO_VALID_GIT_FOUND placeholder while the F-Droid build had the
real commit hash.
I fixed it permanently rather than just once:
vcsInfo { include = false } on the release buildType → the VCS-info file is no longer embedded at all
-ffile-prefix-map on the native (CMake) build → the absolute build path can’t leak into libencnative.so
dependenciesInfo was already disabled
So nothing environment-dependent is left to embed and the APK reproduces regardless of where it’s built. Verified on
the release APK: no version-control-info.textproto, all zip entries normalized to 1981-01-01, signing certificate
unchanged (561ae7dd…e915). No feature, encryption or data changes.
New release: tag v1.3.1, commit bbeb02ae8f6aa422e537d930f05795ea47fc9246, versionCode 5. Signed APK is on the
GitHub release.
Also re-posting the metadata cleanly (the YAML in the first post lost its indentation, and the edit window has since
closed). Corrected metadata/dev.encgallery.yml:
Build details: AGP 8.10.0, Gradle 8.13, NDK r27c (27.2.12479018), CMake 3.22.1, single ABI arm64-v8a, minSdk 28 /
targetSdk 35. Localized metadata, screenshots and icon are already in the repo under fastlane/metadata/android/en-US/.
@gwitko — could you bump the metadata to this build (commit: v1.3.1, versionCode 5) and re-run the
reproducible-build check? Thanks again to you and @Licaon_Kter for pinpointing it.
Right, thanks for the reminder. The commit for v1.3.1 is bbeb02ae8f6aa422e537d930f05795ea47fc9246 — please use that
instead of the tag in the commit: field.
For the record, the metadata matches the source: versionCode 5 / versionName 1.3.1, subdir: app, and NDK r27c
corresponds to the ndkVersion 27.2.12479018 pinned in the native module.
Thanks @Licaon_Kter, @gwitko — I’ve looked into all three diffs. They’re actually two separate issues:
libencnative.so — on my side only NDK 27.2.12479018 is installed, and core-native/build.gradle.kts pins ndkVersion
= “27.2.12479018”, so my published APK was stripped with 27.2. The 27.0 strip (job #15167560170) is happening on the
build side, not mine — I only have one NDK. Could the recipe pin ndk: 27.2.12479018 in the build entry (or drop 27.0
from the buildserver) so the strip matches?
classes.dex + assets/dexopt/baseline.prof — this was R8 rewriting the Compose baseline profile and laying out the
dex from it, which isn’t reproducible. Fixed on my end by disabling art-profile-r8-rewriting and
r8.dex-startup-optimization in gradle.properties.
@gwitko could you bump the MR to commit: cf58ef42799273fe5f40ce93320607c20b3edf4d / versionCode 6 / versionName 1.3.2?
Then a re-run of RB (with the NDK pinned to 27.2) should clear all three. I’m on standby for CI.
[CXX1104] NDK from ndk.dir at /opt/android-sdk/ndk/27.2.12479018 had version [27.2.12479018] which disagrees with android.ndkVersion [27.0.12077973]
Unable to strip the following libraries, packaging them as they are: libandroidx.graphics.path.so, libencnative.so. Run with --info option to learn more.
if you don’t strip your libs, we can ignore this warning
if you strip them, then this is a reason for not being repro