Closed xrviv closed 6 days ago
Did you try running ./gradlew uBK
before building?
Please try again with that.
Hi, thank you for the response!
I will now try to do this!
Update
I assume uBK stands for "useBlockstreamKeys", so I first try without removing the line:
./gradlew useBlockstreamKeys
#!/bin/bash
repo=https://github.com/Blockstream/green_android/
tag=release_$versionName
builtApk="$workDir/app/green/build/outputs/apk/productionGoogle/release/BlockstreamGreen-v${versionName}-productionGoogle-release-unsigned.apk"
test() {
podman run -it --volume $PWD:/mnt --rm $wsContainer bash -x -c "chmod 777 /tmp/;
cd /mnt;
apt update;
DEBIAN_FRONTEND=noninteractive apt install -y curl jq openjdk-17-jdk;
yes | /opt/android-sdk/tools/bin/sdkmanager \"build-tools;34.0.0\";
./gradlew useBlockstreamKeys;
./gradlew uBK;
./gradlew -x test clean assembleProductionGoogleRelease;
$takeUserActionCommand"
}
This was the result:
https://asciinema.org/a/679300
===== Begin Results =====
appId: com.greenaddress.greenbits_android_wallet
signer: 32f9cc00b13fbeace51e2fb51df482044e42ad34a9bd912f179fedb16a42970e
apkVersionName: 4.0.35
apkVersionCode: 22000435
verdict:
appHash: 08ab955932047f871c1ad8bae33db6a497c3b93f86a5f99cb77d6cf83f7e61f9
commit: 9d73b71e660ad67c5f29cba10a6775cb89faedb2
Diff:
Files /tmp/fromPlay_com.greenaddress.greenbits_android_wallet_22000435/assets/dexopt/baseline.prof and /tmp/fromBuild_com.greenaddress.greenbits_android_wallet_22000435/assets/dexopt/baseline.prof differ
Files /tmp/fromPlay_com.greenaddress.greenbits_android_wallet_22000435/classes.dex and /tmp/fromBuild_com.greenaddress.greenbits_android_wallet_22000435/classes.dex differ
Only in /tmp/fromPlay_com.greenaddress.greenbits_android_wallet_22000435/META-INF: GREENADD.RSA
Only in /tmp/fromPlay_com.greenaddress.greenbits_android_wallet_22000435/META-INF: GREENADD.SF
Only in /tmp/fromPlay_com.greenaddress.greenbits_android_wallet_22000435/META-INF: MANIFEST.MF
Revision, tag (and its signature):
object 9d73b71e660ad67c5f29cba10a6775cb89faedb2
type commit
tag release_4.0.35
tagger Angelos Veglektsis <angelos@aveworks.com> 1727701772 +0300
===== End Results =====
The full results: nosbin.com
UPDATE: 2024-10-07 18:06 PHT
./gradlew useBlockstreamKeys
#!/bin/bash
repo=https://github.com/Blockstream/green_android/
tag=release_$versionName
builtApk="$workDir/app/green/build/outputs/apk/productionGoogle/release/BlockstreamGreen-v${versionName}-productionGoogle-release-unsigned.apk"
test() {
podman run -it --volume $PWD:/mnt --rm $wsContainer bash -x -c "chmod 777 /tmp/;
cd /mnt;
apt update;
DEBIAN_FRONTEND=noninteractive apt install -y curl jq openjdk-17-jdk;
yes | /opt/android-sdk/tools/bin/sdkmanager \"build-tools;34.0.0\";
./gradlew uBK;
./gradlew -x test clean assembleProductionGoogleRelease;
$takeUserActionCommand"
}
And also building semi-manually, the results are the same.
Hi. I also gave it a try with our test script and got the same result.
We use uBK since January:
./gradlew useBlockstreamKeys;
./gradlew -x test clean assembleProductionGoogleRelease;
The culprit must be something else. The diffoscope looks benign except for the baseline profile being a huge binary blob diff which I don't feel qualified to call benign. The other diffs look like a mere ordering issue:
│ ├── classes.jar
│ │ ├── zipinfo -v {}
│ │ │ @@ -225608,15 +225608,15 @@
│ │ │ version of encoding software: 2.0
│ │ │ minimum file system compatibility required: MS-DOS, OS/2 or NT FAT
│ │ │ minimum software version required to extract: 2.0
│ │ │ compression method: none (stored)
│ │ │ file security status: not encrypted
│ │ │ extended local header: no
│ │ │ file last modified on (DOS date/time): 1980 Jan 1 00:00:00
│ │ │ - 32-bit CRC value (hex): e1bfb899
│ │ │ + 32-bit CRC value (hex): 3218f218
│ │ │ compressed size: 2551 bytes
│ │ │ uncompressed size: 2551 bytes
│ │ │ length of filename: 77 characters
│ │ │ length of extra field: 0 bytes
│ │ │ length of file comment: 0 characters
│ │ │ disk number on which file begins: disk 1
│ │ │ apparent file type: binary
│ │ ├── blockstream_green/common/generated/resources/ActualResourceCollectorsKt.class
│ │ │ ├── procyon -ec {}
│ │ │ │ @@ -45,18 +45,18 @@
│ │ │ │ final LinkedHashMap linkedHashMap = new LinkedHashMap();
│ │ │ │ Array0_commonMainKt._collectCommonMainArray0Resources((Map)linkedHashMap);
│ │ │ │ return linkedHashMap;
│ │ │ │ }
│ │ │ │
│ │ │ │ private static final Map allStringResources_delegate$lambda$1() {
│ │ │ │ final LinkedHashMap linkedHashMap = new LinkedHashMap();
│ │ │ │ - String3_commonMainKt._collectCommonMainString3Resources((Map)linkedHashMap);
│ │ │ │ + String0_commonMainKt._collectCommonMainString0Resources((Map)linkedHashMap);
│ │ │ │ String1_commonMainKt._collectCommonMainString1Resources((Map)linkedHashMap);
│ │ │ │ String2_commonMainKt._collectCommonMainString2Resources((Map)linkedHashMap);
│ │ │ │ - String0_commonMainKt._collectCommonMainString0Resources((Map)linkedHashMap);
│ │ │ │ + String3_commonMainKt._collectCommonMainString3Resources((Map)linkedHashMap);
│ │ │ │ return linkedHashMap;
│ │ │ │ }
│ │ │ │
│ │ │ │ public static final Map getAllStringResources(final Res res) {
│ │ │ │ Intrinsics.checkNotNullParameter((Object)res, "<this>");
│ │ │ │ return (Map)ActualResourceCollectorsKt.allStringResources$delegate.getValue();
│ │ │ │ }
and
├── smali/blockstream_green/common/generated/resources/ActualResourceCollectorsKt.smali
│┄ Ordering differences only
│ @@ -348,30 +348,30 @@
│ .line 2
│ .line 3
│ invoke-direct {v0}, Ljava/util/LinkedHashMap;-><init>()V
│
│ .line 4
│ .line 5
│ .line 6
│ - invoke-static {v0}, Lblockstream_green/common/generated/resources/String3_commonMainKt;->_collectCommonMainString3Resources(Ljava/util/Map;)V
│ + invoke-static {v0}, Lblockstream_green/common/generated/resources/String0_commonMainKt;->_collectCommonMainString0Resources(Ljava/util/Map;)V
│
│ .line 7
│ .line 8
│ .line 9
│ invoke-static {v0}, Lblockstream_green/common/generated/resources/String1_commonMainKt;->_collectCommonMainString1Resources(Ljava/util/Map;)V
│
│ .line 10
│ .line 11
│ .line 12
│ invoke-static {v0}, Lblockstream_green/common/generated/resources/String2_commonMainKt;->_collectCommonMainString2Resources(Ljava/util/Map;)V
│
│ .line 13
│ .line 14
│ .line 15
│ - invoke-static {v0}, Lblockstream_green/common/generated/resources/String0_commonMainKt;->_collectCommonMainString0Resources(Ljava/util/Map;)V
│ + invoke-static {v0}, Lblockstream_green/common/generated/resources/String3_commonMainKt;->_collectCommonMainString3Resources(Ljava/util/Map;)V
│
│ .line 16
│ .line 17
│ .line 18
│ return-object v0
│ .line 19
│ .line 20
Closing this as new version 4.0.37 is now reproducible.
Description
===== Begin Results ===== appId: com.greenaddress.greenbits_android_wallet signer: 32f9cc00b13fbeace51e2fb51df482044e42ad34a9bd912f179fedb16a42970e apkVersionName: 4.0.35 apkVersionCode: 22000435 verdict:
appHash: 08ab955932047f871c1ad8bae33db6a497c3b93f86a5f99cb77d6cf83f7e61f9 commit: 9d73b71e660ad67c5f29cba10a6775cb89faedb2
Diff: Files /tmp/fromPlay_com.greenaddress.greenbits_android_wallet_22000435/assets/dexopt/baseline.prof and /tmp/fromBuild_com.greenaddress.greenbits_android_wallet_22000435/assets/dexopt/baseline.prof differ Files /tmp/fromPlay_com.greenaddress.greenbits_android_wallet_22000435/classes.dex and /tmp/fromBuild_com.greenaddress.greenbits_android_wallet_22000435/classes.dex differ Only in /tmp/fromPlay_com.greenaddress.greenbits_android_wallet_22000435/META-INF: GREENADD.RSA Only in /tmp/fromPlay_com.greenaddress.greenbits_android_wallet_22000435/META-INF: GREENADD.SF Only in /tmp/fromPlay_com.greenaddress.greenbits_android_wallet_22000435/META-INF: MANIFEST.MF
Revision, tag (and its signature): object 9d73b71e660ad67c5f29cba10a6775cb89faedb2 type commit tag release_4.0.35 tagger Angelos Veglektsis angelos@aveworks.com 1727701772 +0300 ===== End Results =====
Version
4.0.35
Steps to reproduce
Run WalletScrutiny.com's test.sh script on the Blockstream Green apk, we extracted from the phone.
Expected behaviour
The results should come out as reproducible, with only signing related diffs.
Actual behaviour
There are diffs on 2 files apart from the signing differences:
Screenshots
None.
Device or machine
WalletScrutiny Build Server: Debian GNU/Linux 12 (bookworm)
Additional info
nosbin.com paste of diffoscope result