Reproducible Builds broken with v2.0.0

abdalmoniem / Caffeinate

Caffeinate is an App that helps android developers Keep their phone's screen On while developing

GNU General Public License v3.0

37 stars 2 forks source link

Reproducible Builds broken with v2.0.0 #71

Open IzzySoft opened 3 days ago

IzzySoft commented 3 days ago

Starting with v2.0.0, Caffeinate is no longer reproducible as you insert build-time into the APK, which is non-deterministic. Could you please revert that change? As apart from that, it rebuilds fine – at least since v1.4.5 when it was added to my builder.

For some background, please see: Reproducible Builds, special client support and more at IzzyOnDroid (and also our hints on reproducible builds for developers).

Thanks in advance!

IzzySoft commented 3 days ago

PS, while I'm here: today's updater run reported

! repo/com.hifnawy.caffeinate_31.apk declares sensitive permission(s): android.permission.SYSTEM_ALERT_WINDOW

Could you please clarify what that is needed/used for?

abdalmoniem commented 3 days ago

I will look into the build time issue, I'm using it to differentiate between builds during development stages, since the versionCode and versionName don't change between one dev./debug version and the other. maybe I should add this build configuration field only for debug variants (I don't know if that'll still cause an issue or not)

the android.permission.SYSTEM_ALERT_WINDOW permission is required to show an overlay window, this was suggested in issue #51 to fix the restrictions that some OEMs put on running foreground services for extended periods of time (the whole idea of this project 😅) it can be toggled on/off from the application settings.

IzzySoft commented 3 days ago

I should add this build configuration field only for debug variants (I don't know if that'll still cause an issue or not)

That should work, yes. Alternatively, you could also use commit information (you'll probably not make development builds from tags, and neither release builds from "untagged" commits – and commit information should be deterministic (unless you rewrite git history, which you'd better not) – something like GIT_COMMIT_COUNT="$(($(git rev-list --all --count) -1))" (taken from another project)).

android.permission.SYSTEM_ALERT_WINDOW

Thanks! Added to your app's "green list":

android.permission.SYSTEM_ALERT_WINDOW: needed to keep a prolonged WAKE_LOCK using an overlay window