search

Johboh / hassalarm

Android app for integration with Hass.io as a sensor for the next scheduled alarm on the device
MIT License
62 stars 6 forks source link

Reproducible Builds #34

Closed IzzySoft closed 2 months ago

IzzySoft commented 2 months ago

I've checked your app if its build is reproducible (see: Reproducible bulds, special client support and more in our repo), but while I was able to successfully generate the APK using ./gradlew assembleRelease, resulting APKs differ:

-------------------------------
--- /dev/fd/63  2024-07-22 13:49:55.081416991 +0200
+++ /dev/fd/62  2024-07-22 13:49:55.081416991 +0200
@@ -1,11 +1,11 @@
   META-INF/com/android/build/gradle/app-metadata.properties
   32-bit CRC value (hex):                         d1f06b7f
   assets/dexopt/baseline.prof
-  32-bit CRC value (hex):                         e1612f97
+  32-bit CRC value (hex):                         17c98cce
   assets/dexopt/baseline.profm
   32-bit CRC value (hex):                         ca05ad5b
   classes.dex
-  32-bit CRC value (hex):                         38d9f357
+  32-bit CRC value (hex):                         92ed9efe
   DebugProbesKt.bin
   32-bit CRC value (hex):                         7cded4df
   META-INF/androidx.activity_activity-ktx.version

Looking inside yours, and comparing with the commit behind the tag, the APK cannot have been built from that commit as the version bump only happens in the next commit. But when I build from that, the diff becomes huuuuge. So I assume the APK was built after the tag was created, with uncommitted local modifications applied. In which case RB is impossible.

We'd appreciate if you could help making your build reproducible. We've prepared some hints on reproducible builds for that.

Looking forward to your reply!

Johboh commented 2 months ago

This should now be fixed.

IzzySoft commented 2 months ago

I hereby solemnly confirm: Yes, it is fixed with the latest release, thanks! :star_struck: So welcome to the hall-of-famous apps with Reproducible Builds! With the next sync around 6 pm UTC, when your latest release is pushed out to the IzzyOnDroid repo, it will carry the green shield for successful RB confirmation.

Thanks a lot!

PS: If you wish be welcome to pick a badge to link to your app at IzzyOnDroid e.g. from your Readme :smiley: