Use `--output-hashing none` to prevent random names for built main.js

[mohammadrafigh]

When testing for reproducibility at WalletScrutiny, We get a diff in index.html which is caused by the hashed main.js name that forces us to manually compare and review the results. If it's not a technical reason to have bundled main.js name hashed then it would be helpful to disable hashing by adding --output-hashing none when building using ng. like:

ng build --prod --output-hashing none

Or maybe configure ng to use a specific name for bundled files (like using named chunks).

Currently the diff between build and Playstore APK looks like:

diff --recursive /tmp/fromPlay_it.airgap.vault_51797 /tmp/fromBuild_it.airgap.vault_51797
diff --recursive /tmp/fromPlay_it.airgap.vault_51797/assets/public/index.html /tmp/fromBuild_it.airgap.vault_51797/assets/public/index.html
40c40
<   <script src="runtime.14f2a6f1540aae4d.js" type="module"></script><script src="polyfills.5110c1e93db6f937.js" type="module"></script><script src="main.bc1e4e3a4f2da280.js" type="module"></script>
---
>   <script src="runtime.14f2a6f1540aae4d.js" type="module"></script><script src="polyfills.5110c1e93db6f937.js" type="module"></script><script src="main.5184e2029b8e7e07.js" type="module"></script>
Only in /tmp/fromBuild_it.airgap.vault_51797/assets/public: main.5184e2029b8e7e07.js
Only in /tmp/fromPlay_it.airgap.vault_51797/assets/public: main.bc1e4e3a4f2da280.js
Only in /tmp/fromPlay_it.airgap.vault_51797/META-INF: MANIFEST.MF
Only in /tmp/fromPlay_it.airgap.vault_51797/META-INF: PAPERS.RSA
Only in /tmp/fromPlay_it.airgap.vault_51797/META-INF: PAPERS.SF

Also there is a minor diff in main.*.js files:

diff <(fold -s -w 100 main.5184e2029b8e7e07.js) <(fold -s -w 100 main.bc1e4e3a4f2da280.js)
895c895
< Reflect.metadata(ie,UA)},"__metadata"),A(h,"tslib_awaiter"),A(function w(ie,UA){var 
---
> Reflect.metadata(ie,UA)},"__metadata"),A(h,"tslib_es6_awaiter"),A(function w(ie,UA){var 

[AndreasGassmann]

Hi, thanks for opening this issue.

I don't think we need the hashed names. But turning it off will not solve the underlying issue of the main.js file not being the same. I did some quick research about this tslint_awaiter and I didn't find what the cause for this could be. Maybe the environment is not exactly the same? To reproduce the apk, do you have exactly the same node version and global dependencies that we use in our Dockerfile?

[mohammadrafigh]

Yes turning off hashing just fixes the naming diff. I will double check everything and update you.

On Wed, Jun 21, 2023, 3:23 PM AndreasGassmann @.***> wrote:

Hi, thanks for opening this issue.

I don't think we need the hashed names. But turning it off will not solve the underlying issue of the main.js file not being the same. I did some quick research about this tslint_awaiter and I didn't find what the cause for this could be. Maybe the environment is not exactly the same? To reproduce the apk, do you have exactly the same node version and global dependencies that we use in our Dockerfile?

— Reply to this email directly, view it on GitHub https://github.com/airgap-it/airgap-vault/issues/197#issuecomment-1600696544, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABTM4ZFNMHJPBZIW7OYJTN3XMLOEVANCNFSM6AAAAAAZNZALFY . You are receiving this because you authored the thread.Message ID: @.***>

[mohammadrafigh]

Well we use your docker file located on build/android to build the project. So everything should be same. Do you use the same Dockerfile to build production apk?