search

breez / breezmobile

Lightning Network mobile client
https://breez.technology
GNU General Public License v3.0
572 stars 131 forks source link

Support verifiable builds #247

Open Giszmo opened 4 years ago

Giszmo commented 4 years ago

A wallet application is something very sensitive. A careless maintainer catching a backdoor might be enough to have an APK infected, which can only be stopped by another team member who verifies the build. Of course the public scrutiny is the other reason you want your app to be verifiable.

I tried to verify the app but failed building it. My findings are in this review.

In summary, the build instructions are very lacking.

bolatovumar commented 4 years ago

@Giszmo I've been having issue building as well and I'm trying to get the app built and then improve the docs based on my experience. You can see the process in in this issue: #242.

Giszmo commented 4 years ago

3 months later ... is there any progress on this issue?

Giszmo commented 4 years ago

half a year later ...

mjlamb commented 4 years ago

Come on Breez this has to be a priority! A verifiable wallet is most important!

emanuelb commented 3 years ago

Opened issue regarding publishing the .aar file used: #479 at least a related commit of breez repo used to build it for each released version need to be published somewhere. Containerfile to build app below: (use master of breez repo which is incorrect, need to use the correct commit which is not published anywhere yet) build: podman build --rm -t breez_build_apk -f Containerfile

FROM ubuntu:rolling

RUN set -ex; \
    apt-get update; \
    DEBIAN_FRONTEND=noninteractive apt-get install --yes -o APT::Install-Suggests=false --no-install-recommends \
        gradle \
        xz-utils \
        unzip \
        zip \
        openjdk-8-jdk \
        ca-certificates \
        file \
        curl \
        git; \
    rm -rf /var/lib/apt/lists/*; \
    useradd -ms /bin/bash appuser;

USER appuser

RUN set -ex; \
    cd /home/appuser/; \
    curl -o go.tgz -L https://golang.org/dl/go1.13.4.linux-amd64.tar.gz; \
    echo "692d17071736f74be04a72a06dab9cac1cd759377bd85316e52b2227604c004c  go.tgz" | sha256sum -c; \
    tar -xzf go.tgz; \
    rm go.tgz; \
    mkdir -p "/home/appuser/app/sdk/licenses" "/home/appuser/app/sdk/ndk"; \
    printf "\n24333f8a63b6825ea9c5514f83c2829b004d1fee" > "/home/appuser/app/sdk/licenses/android-sdk-license"; \
    cd /home/appuser/app/sdk/; \
    curl -o flutter_linux_2.2.2-stable.tar.xz -L https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_2.2.2-stable.tar.xz; \
    echo "da1ebc597563b5d3e46d8fd5bb505cae645443c1b653d7b4fbed7c083f4d498a  flutter_linux_2.2.2-stable.tar.xz" | sha256sum -c; \    
    tar xf flutter_linux_2.2.2-stable.tar.xz; \
    rm flutter_linux_2.2.2-stable.tar.xz; \
    /home/appuser/app/sdk/flutter/bin/flutter config --no-analytics; \
    /home/appuser/app/sdk/flutter/bin/dart --disable-analytics; \    
    curl -o commandlinetools.zip -L https://dl.google.com/android/repository/commandlinetools-linux-7302050_latest.zip; \
    echo "7a00faadc0864f78edd8f4908a629a46d622375cbe2e5814e82934aebecdb622  commandlinetools.zip" | sha256sum -c; \
    unzip commandlinetools.zip; \
    rm commandlinetools.zip; \
    /home/appuser/app/sdk/cmdline-tools/bin/sdkmanager --sdk_root=/home/appuser/app/sdk/ --install "platforms;android-30"; \
    curl -o ndk21.zip -L https://dl.google.com/android/repository/android-ndk-r21e-linux-x86_64.zip; \
    echo "ad7ce5467e18d40050dc51b8e7affc3e635c85bd8c59be62de32352328ed467e  ndk21.zip" | sha256sum -c ; \
    unzip ndk21.zip; \
    rm ndk21.zip; \
    mv android-ndk-r21e /home/appuser/app/sdk/ndk/21.4.7075529/;

WORKDIR /home/appuser/

ENV ANDROID_SDK_ROOT="/home/appuser/app/sdk" \
    ANDROID_HOME="/home/appuser/app/sdk" \
    GOPATH="/home/appuser/breezmobile/gopath" \
    PATH="$PATH:/home/appuser/go/bin/:/home/appuser/breezmobile/gopath/bin/"

RUN set -ex; \
    git clone https://github.com/breez/breezmobile/; \
    cd breezmobile; \
    git checkout 0.11.new-view; \
    git clone --depth 1 https://github.com/breez/breez.git gopath/src/github.com/breez/breez; \
    GO111MODULE=off go get golang.org/x/mobile/cmd/gomobile; \
    GO111MODULE=off go get golang.org/x/mobile/cmd/gobind; \
    /home/appuser/breezmobile/gopath/bin/gomobile init; \
    cd /home/appuser/breezmobile/gopath/src/github.com/breez/breez/; \
    ANDROID_NDK_HOME=/home/appuser/app/sdk/ndk/21.4.7075529/ /home/appuser/breezmobile/gopath/src/github.com/breez/breez/build.sh; \
    ln -s /home/appuser/breezmobile/gopath/src/github.com/breez/breez/build/android/breez.aar /home/appuser/breezmobile/android/app/libs/breez.aar; \
    cd /home/appuser/breezmobile/android/; \
    keytool -genkey -alias breez_alias -keystore app/breez.pfx -storetype PKCS12 -keyalg RSA -keysize 4096 -storepass breez_alias -keypass breez_alias -validity 10000 -dname CN=IL; \
    printf "\nstoreFile=breez.pfx\nstorePassword=breez_alias\nkeyPassword=breez_alias\nkeyAlias=breez_alias" > key.properties;

run container: podman run --rm --name breez_build_apk -ti breez_build_apk

inside it run commands:

# json taken from https://github.com/blockchain/My-Wallet-V3-Android/blob/75ebe718cb99c6d302efb90447f1719973deb93f/scripts/quick_start.sh#L7-L46
# values replaced with stuff from github APK: res/values/strings.xml

echo "{
  \"project_info\": {
    \"project_number\": \"463327817067\",
    \"firebase_url\": \"https://breez-technology.firebaseio.com\",
    \"project_id\": \"breez-technology\",
    \"storage_bucket\": \"breez-technology.appspot.com\"
  },
  \"client\": [
    {
      \"client_info\": {
        \"mobilesdk_app_id\": \"1:463327817067:android:90ddc9c877b6277f\",
        \"android_client_info\": {
          \"package_name\": \"com.breez.client\"
        }
      },
      \"oauth_client\": [
        {
          \"client_id\": \"463327817067-3508ng7nsbmp3kv3v19nljdu8o5a8cku.apps.googleusercontent.com\",
          \"client_type\": 3
        }
      ],
      \"api_key\": [
        {
          \"current_key\": \"AIzaSyAlJWsGJcsK2U9BcYahortPZ7epzKmDcU8\"
        }
      ],
      \"services\": {
        \"appinvite_service\": {
          \"other_platform_oauth_client\": [
            {
              \"client_id\": \"463327817067-3508ng7nsbmp3kv3v19nljdu8o5a8cku.apps.googleusercontent.com\",
              \"client_type\": 3
            }
          ]
        }
      }
    }
  ],
  \"configuration_version\": \"1\"
}" >  /home/appuser/breezmobile/android/app/src/client/google-services.json;

# below files from github APK in:
# assets/flutter_assets/conf/moonpay.conf 
# assets/flutter_assets/conf/breez.conf
# assets/flutter_assets/conf/lnd.conf
# assets/flutter_assets/conf/marketplace.conf

echo '[Application Options]
network=mainnet
breezserver=bs1.breez.technology:443
bootstrap=https://bt2.breez.technology
closedchannelsurl=https://cc1.breez.technology/pruned
grpckeepalive=0
bugreporturl=https://breez.technology
bugreporturlsecret=D8OqUuymo7pdOt-vYLvWhbpxkw-VaJeMz26J4aP_wgSwJ82h9eeNQIJLmYlcURIG
lsptoken=1WL4gWZLZJ40qkXpeiUzJE7GCo4WhRXZXJbdhuP7GLg=
[Job Options]
peer=bb1.breez.technology
assertfilterheader=230000:1308d5cfc6462f877a5587fd77d7c1ab029d45e58d5175aaf8c264cee9bde760' > /home/appuser/breezmobile/conf/breez.conf;

echo '[Application Options]
debuglevel=CRTR=warn,CNCT=trace,BTCN=debug,FNDG=debug
noseedbackup=1
nolisten=1
rpcmemlisten=1
nobootstrap=1
maxbackoff=20s
payments-expiration-grace-period=24h
initial-headers-sync-delta=2h
[Bitcoin]
bitcoin.active=1
bitcoin.node=neutrino
bitcoin.defaultchanconfs=1
bitcoin.defaultremotedelay=720
bitcoin.skip-channel-confirmation=1
[Routing]
routing.assumechanvalid=1
[Neutrino]
neutrino.connect=bb1.breez.technology
neutrino.feeurl=https://nd1.breez.technology/fees/v1/btc-fee-estimates.json' > /home/appuser/breezmobile/conf/lnd.conf;

echo '[Marketplace Options]
vendors=Bitrefill,ln.pizza,FixedFloat,lnmarkets,Azteco,Boltz,Lightnite,LightningRoulette,Spendl
[lnmarkets]
url=https://lnmarkets.com/login/token
displayName=LN Markets
logo=src/icon/vendors/lnmarkets_logo.png
onlyShowLogo=true
[Azteco]
url=https://azte.co/breezmap.php
logo=src/icon/vendors/azteco_logo_lg.png
onlyShowLogo=true
[Bitrefill]
url=https://www.bitrefill.com/embed/lightning/?apiKey=GAj4sWRVqK3Uau1L&hideQr
logo=src/icon/vendors/bitrefill_logo.png
[ln.pizza]
url=https://ln.pizza/?breez_wallet
logo=src/icon/vendors/ln.pizza_logo_lg.png
onlyShowLogo=true
[FixedFloat]
url=https://widget.fixedfloat.com/?from=BTCLN&to=LTC&cciesRcvNot=BTCLN
logo=src/icon/vendors/fixedfloat_logo_lg.png
onlyShowLogo=true
[Spendl]
url=https://app.getspendl.com/?partner=breez&primaryColor=%23055deb
logo=src/icon/vendors/spendl_logo.png
onlyShowLogo=true
[Boltz]
url=https://boltz.exchange/swapbox
logo=src/icon/vendors/boltz_logo_lg.png
onlyShowLogo=true
[Lightnite]
url=https://lightnite.io/ref=breez
logo=src/icon/vendors/lightnite_logo_lg.png
onlyShowLogo=true
[LightningRoulette]
url=https://lightning-roulette.com/
logo=src/icon/vendors/lightningroulette_logo_lg.png
onlyShowLogo=true
displayName=Lightning Roulette' >  /home/appuser/breezmobile/conf/marketplace.conf;

echo '[MoonPay Parameters]
baseUrl=https://buy.moonpay.io
apiKey=pk_live_Mx5g6bpD6Etd7T0bupthv7smoTNn2Vr
currencyCode=btc
colorCode=%23055DEB
redirectURL=https://buy.moonpay.io/transaction_receipt?addFunds=true' > /home/appuser/breezmobile/conf/moonpay.conf;

cd /home/appuser/breezmobile/;
/home/appuser/app/sdk/flutter/bin/flutter build apk --target-platform=android-arm64 --flavor=client --release --target=lib/main.dart --no-tree-shake-icons

APK generated in: /home/appuser/breezmobile/build/app/outputs/flutter-apk/app-client-release.apk

diffs are (between generated APK & APK in github https://github.com/breez/breezmobile/releases/download/0.11.new-view/1622464129-1.apk) :

Files ./FromLocal3/AndroidManifest.xml and ./FromGithub/AndroidManifest.xml differ
Files ./FromLocal3/assets/flutter_assets/NOTICES and ./FromGithub/assets/flutter_assets/NOTICES differ
Files ./FromLocal3/classes.dex and ./FromGithub/classes.dex differ
Files ./FromLocal3/lib/arm64-v8a/libapp.so and ./FromGithub/lib/arm64-v8a/libapp.so differ
Files ./FromLocal3/lib/arm64-v8a/libflutter.so and ./FromGithub/lib/arm64-v8a/libflutter.so differ
Files ./FromLocal3/lib/arm64-v8a/libgojni.so and ./FromGithub/lib/arm64-v8a/libgojni.so differ
Only in ./FromLocal3/lib: armeabi-v7a
Only in ./FromLocal3/lib: x86
Only in ./FromLocal3/lib: x86_64
Only in ./FromGithub/META-INF: GOOGPLAY.RSA
Only in ./FromGithub/META-INF: GOOGPLAY.SF
Only in ./FromGithub/META-INF: MANIFEST.MF
Files ./FromLocal3/res/0X.png and ./FromGithub/res/0X.png differ
Files ./FromLocal3/res/ch.png and ./FromGithub/res/ch.png differ
Files ./FromLocal3/res/D5.png and ./FromGithub/res/D5.png differ
Files ./FromLocal3/res/dC.png and ./FromGithub/res/dC.png differ
Files ./FromLocal3/res/E3.png and ./FromGithub/res/E3.png differ
Files ./FromLocal3/res/Gq.png and ./FromGithub/res/Gq.png differ
Files ./FromLocal3/res/kD.png and ./FromGithub/res/kD.png differ
Files ./FromLocal3/res/lF.png and ./FromGithub/res/lF.png differ
Files ./FromLocal3/res/lP.png and ./FromGithub/res/lP.png differ
Files ./FromLocal3/res/MR.png and ./FromGithub/res/MR.png differ
Files ./FromLocal3/res/PK.png and ./FromGithub/res/PK.png differ
Files ./FromLocal3/res/Qi.png and ./FromGithub/res/Qi.png differ
Files ./FromLocal3/res/S_.png and ./FromGithub/res/S_.png differ
Files ./FromLocal3/res/Uw.png and ./FromGithub/res/Uw.png differ
Files ./FromLocal3/res/uZ.png and ./FromGithub/res/uZ.png differ
Files ./FromLocal3/res/VX.png and ./FromGithub/res/VX.png differ
Files ./FromLocal3/res/wT.png and ./FromGithub/res/wT.png differ
Files ./FromLocal3/res/yJ.png and ./FromGithub/res/yJ.png differ
Only in ./FromGithub/: stamp-cert-sha256

ordering difference in AndroidManifest.xml (maybe cause different flutter version is used?)

kingonly commented 3 years ago

@emanuelb we're back in Google Play, so I've just updated our APK in github. Breez branch is the latest master. I'm wondering what's the best practice to tag the Breez lib commit? Create a parallel release in the Breez repo?

Thanks so much for pushing this issue forward btw, much appreciated 🙏❤️

emanuelb commented 3 years ago

@kingonly

I'm wondering what's the best practice to tag the Breez lib commit? Create a parallel release in the Breez repo?

don't sure what's best, projects do stuff differently depending on several factors (who use or suppose to use the lib, what toolchain & how it's consumed, etc...) looks like releases for lib is what other bitcoin mobile wallets are doing (creating releases in the lib repo and using versions from releases) such as Green with GDK: https://github.com/Blockstream/gdk and eclair-mobile with eclair: https://github.com/ACINQ/eclair

so I've just updated our APK in github

The APK from github which I compared to have sha256sum: f9db2fdd06d38d525431c6f3c2cf49e991248b370aede158721119973f9041ce doesn't look like it's content is changed as it's same sha256sum as before after downloading it again from: https://github.com/breez/breezmobile/releases/download/0.11.new-view/1622464129-1.apk

kingonly commented 3 years ago

@emanuelb thank you 🙏 I'll create a parallel release moving forward.

I just added this release: https://github.com/breez/breezmobile/releases/tag/0.11.remove_roullette

emanuelb commented 3 years ago

Looked at diffs a little & related issues in source-code:

  1. Opened issue to add flutter lockfile to repo: #504 (may help with some diffs if version mismatch related)
  2. Opened another issue for dependency in build.gradle that use non static version: #505 (may help with some diffs if version mismatch related)
  3. for PNG diffs it's probably cause build process optimize the PNG, which should be avoided, see disabling cruncherEnabled at: https://f-droid.org/en/docs/Reproducible_Builds/#png-crushcrunch or maybe other setting like vectorDrawables.useSupportLibrary = true, etc or it may be related to fact that --no-tree-shake-icons used in continaer (not used in README instructions) as otherwise error thrown: 
    
This application cannot tree shake icons fonts. It has non-constant instances of IconData at the following locations:
- file:///home/appuser/N/breezmobile/lib/routes/add_funds/address_widget.dart:93:18
- file:///home/appuser/N/breezmobile/lib/routes/add_funds/address_widget.dart:102:18
- file:///home/appuser/N/breezmobile/lib/routes/charge/pos_payment_dialog.dart:119:26
- file:///home/appuser/N/breezmobile/lib/routes/charge/pos_payment_dialog.dart:131:26
- file:///home/appuser/N/breezmobile/lib/routes/create_invoice/qr_code_dialog.dart:137:39
- file:///home/appuser/N/breezmobile/lib/routes/create_invoice/qr_code_dialog.dart:157:39
- file:///home/appuser/N/breezmobile/lib/routes/get_refund/wait_broadcast_dialog.dart:163:25
- file:///home/appuser/N/breezmobile/lib/widgets/back_button.dart:12:32
- file:///home/appuser/N/breezmobile/lib/widgets/breez_avatar.dart:107:9
- file:///home/appuser/N/breezmobile/lib/widgets/collapsible_list_item.dart:76:33
- file:///home/appuser/N/breezmobile/lib/widgets/payment_details_dialog.dart:359:31

FAILURE: Build failed with an exception.

Might be related to GO version used, which is 1.13.4 as requested in breez repo README, a multi-stage container can be used to use different GO versions for breez compile & for breez-mobile compile.

  1. .so file diffs might be because OS Variation (compiled on different OS) & build-path variation (didn't looked into them)
  2. It's better to Put the files: marketplace.conf lnd.conf breez.conf google-services.json in the repo (to avoid the step of taking them from Released APK)
  3. Java Version (JDK) variation?

Testing 0.11.remove_roullette with above Containerfile (changing the checkout) & using below marketplace.conf

echo '[Marketplace Options]
vendors=Bitrefill,ln.pizza,FixedFloat,lnmarkets,Azteco,Boltz,Lightnite,Spendl
[lnmarkets]
url=https://lnmarkets.com/login/token
displayName=LN Markets
logo=src/icon/vendors/lnmarkets_logo.png
onlyShowLogo=true
[Azteco]
url=https://azte.co/breezmap.php
logo=src/icon/vendors/azteco_logo_lg.png
onlyShowLogo=true
[Bitrefill]
url=https://www.bitrefill.com/embed/lightning/?apiKey=GAj4sWRVqK3Uau1L&hideQr
logo=src/icon/vendors/bitrefill_logo.png
[ln.pizza]
url=https://ln.pizza/?breez_wallet
logo=src/icon/vendors/ln.pizza_logo_lg.png
onlyShowLogo=true
[FixedFloat]
url=https://widget.fixedfloat.com/?from=BTCLN&to=LTC&cciesRcvNot=BTCLN
logo=src/icon/vendors/fixedfloat_logo_lg.png
onlyShowLogo=true
[Spendl]
url=https://app.getspendl.com/?partner=breez&primaryColor=%23055deb
logo=src/icon/vendors/spendl_logo.png
onlyShowLogo=true
[Boltz]
url=https://boltz.exchange/swapbox
logo=src/icon/vendors/boltz_logo_lg.png
onlyShowLogo=true
[Lightnite]
url=https://lightnite.io/ref=breez
logo=src/icon/vendors/lightnite_logo_lg.png
onlyShowLogo=true' > /home/appuser/breezmobile/conf/marketplace.conf;

The diff is almost the same as before (The NOTICES is fixed probably cause the same flutter version used):

Files ./FromGithubN/AndroidManifest.xml and ./FromLocal4/AndroidManifest.xml differ
Files ./FromGithubN/classes.dex and ./FromLocal4/classes.dex differ
Files ./FromGithubN/lib/arm64-v8a/libapp.so and ./FromLocal4/lib/arm64-v8a/libapp.so differ
Files ./FromGithubN/lib/arm64-v8a/libflutter.so and ./FromLocal4/lib/arm64-v8a/libflutter.so differ
Files ./FromGithubN/lib/arm64-v8a/libgojni.so and ./FromLocal4/lib/arm64-v8a/libgojni.so differ
Only in ./FromLocal4/lib: armeabi-v7a
Only in ./FromLocal4/lib: x86
Only in ./FromLocal4/lib: x86_64
Only in ./FromGithubN/META-INF: GOOGPLAY.RSA
Only in ./FromGithubN/META-INF: GOOGPLAY.SF
Only in ./FromGithubN/META-INF: MANIFEST.MF
Files ./FromGithubN/res/0X.png and ./FromLocal4/res/0X.png differ
Files ./FromGithubN/res/ch.png and ./FromLocal4/res/ch.png differ
Files ./FromGithubN/res/D5.png and ./FromLocal4/res/D5.png differ
Files ./FromGithubN/res/dC.png and ./FromLocal4/res/dC.png differ
Files ./FromGithubN/res/E3.png and ./FromLocal4/res/E3.png differ
Files ./FromGithubN/res/Gq.png and ./FromLocal4/res/Gq.png differ
Files ./FromGithubN/res/kD.png and ./FromLocal4/res/kD.png differ
Files ./FromGithubN/res/lF.png and ./FromLocal4/res/lF.png differ
Files ./FromGithubN/res/lP.png and ./FromLocal4/res/lP.png differ
Files ./FromGithubN/res/MR.png and ./FromLocal4/res/MR.png differ
Files ./FromGithubN/res/PK.png and ./FromLocal4/res/PK.png differ
Files ./FromGithubN/res/Qi.png and ./FromLocal4/res/Qi.png differ
Files ./FromGithubN/res/S_.png and ./FromLocal4/res/S_.png differ
Files ./FromGithubN/res/Uw.png and ./FromLocal4/res/Uw.png differ
Files ./FromGithubN/res/uZ.png and ./FromLocal4/res/uZ.png differ
Files ./FromGithubN/res/VX.png and ./FromLocal4/res/VX.png differ
Files ./FromGithubN/res/wT.png and ./FromLocal4/res/wT.png differ
Files ./FromGithubN/res/yJ.png and ./FromLocal4/res/yJ.png differ
Only in ./FromGithubN/: stamp-cert-sha256

Still there is order difference in AndroidManifest.xml, also apktool diff is:

Files /1623943478-1/res/drawable-hdpi/ic_done_white_24dp.png and /rebuild/res/drawable-hdpi/ic_done_white_24dp.png differ
Files /1623943478-1/res/drawable-hdpi/ic_fingerprint_white_24dp.png and /rebuild/res/drawable-hdpi/ic_fingerprint_white_24dp.png differ
Files /1623943478-1/res/drawable-hdpi/ic_priority_high_white_24dp.png and /rebuild/res/drawable-hdpi/ic_priority_high_white_24dp.png differ
Files /1623943478-1/res/drawable-ldpi/ic_done_white_24dp.png and /rebuild/res/drawable-ldpi/ic_done_white_24dp.png differ
Files /1623943478-1/res/drawable-ldpi/ic_fingerprint_white_24dp.png and /rebuild/res/drawable-ldpi/ic_fingerprint_white_24dp.png differ
Files /1623943478-1/res/drawable-ldpi/ic_priority_high_white_24dp.png and /rebuild/res/drawable-ldpi/ic_priority_high_white_24dp.png differ
Files /1623943478-1/res/drawable-mdpi/ic_done_white_24dp.png and /rebuild/res/drawable-mdpi/ic_done_white_24dp.png differ
Files /1623943478-1/res/drawable-mdpi/ic_fingerprint_white_24dp.png and /rebuild/res/drawable-mdpi/ic_fingerprint_white_24dp.png differ
Files /1623943478-1/res/drawable-mdpi/ic_priority_high_white_24dp.png and /rebuild/res/drawable-mdpi/ic_priority_high_white_24dp.png differ
Files /1623943478-1/res/drawable-xhdpi/ic_done_white_24dp.png and /rebuild/res/drawable-xhdpi/ic_done_white_24dp.png differ
Files /1623943478-1/res/drawable-xhdpi/ic_fingerprint_white_24dp.png and /rebuild/res/drawable-xhdpi/ic_fingerprint_white_24dp.png differ
Files /1623943478-1/res/drawable-xhdpi/ic_priority_high_white_24dp.png and /rebuild/res/drawable-xhdpi/ic_priority_high_white_24dp.png differ
Files /1623943478-1/res/drawable-xxhdpi/ic_done_white_24dp.png and /rebuild/res/drawable-xxhdpi/ic_done_white_24dp.png differ
Files /1623943478-1/res/drawable-xxhdpi/ic_fingerprint_white_24dp.png and /rebuild/res/drawable-xxhdpi/ic_fingerprint_white_24dp.png differ
Files /1623943478-1/res/drawable-xxhdpi/ic_priority_high_white_24dp.png and /rebuild/res/drawable-xxhdpi/ic_priority_high_white_24dp.png differ
Files /1623943478-1/res/drawable-xxxhdpi/ic_done_white_24dp.png and /rebuild/res/drawable-xxxhdpi/ic_done_white_24dp.png differ
Files /1623943478-1/res/drawable-xxxhdpi/ic_fingerprint_white_24dp.png and /rebuild/res/drawable-xxxhdpi/ic_fingerprint_white_24dp.png differ
Files /1623943478-1/res/drawable-xxxhdpi/ic_priority_high_white_24dp.png and /rebuild/res/drawable-xxxhdpi/ic_priority_high_white_24dp.png differ
Files /1623943478-1/smali/a/a/b.smali and /rebuild/smali/a/a/b.smali differ
Files /1623943478-1/smali/a/a/d.smali and /rebuild/smali/a/a/d.smali differ
Files /1623943478-1/smali/c/b/a/q.smali and /rebuild/smali/c/b/a/q.smali differ
Files /1623943478-1/smali/com/breez/client/a.smali and /rebuild/smali/com/breez/client/a.smali differ
Files /1623943478-1/smali/com/breez/client/plugins/breez/LifecycleEvents.smali and /rebuild/smali/com/breez/client/plugins/breez/LifecycleEvents.smali differ
Files /1623943478-1/smali/com/breez/client/plugins/breez/a.smali and /rebuild/smali/com/breez/client/plugins/breez/a.smali differ
Files /1623943478-1/smali/com/breez/client/plugins/breez/breezlib/m.smali and /rebuild/smali/com/breez/client/plugins/breez/breezlib/m.smali differ
Files /1623943478-1/smali/com/breez/client/plugins/breez/c.smali and /rebuild/smali/com/breez/client/plugins/breez/c.smali differ
Files /1623943478-1/smali/com/ryanheise/audioservice/AudioService$a.smali and /rebuild/smali/com/ryanheise/audioservice/AudioService$a.smali differ
Files /1623943478-1/smali/io/flutter/plugins/f/i0.smali and /rebuild/smali/io/flutter/plugins/f/i0.smali differ
Files /1623943478-1/smali/io/flutter/plugins/g/c.smali and /rebuild/smali/io/flutter/plugins/g/c.smali differ
Only in /1623943478-1/unknown: stamp-cert-sha256
emanuelb commented 2 years ago

latest tag 0.12.toppodcasts was tested with:

breez.aar was built with:

podman build --pull --rm -t breez_aar_build -f ContainerFileAAR

ContainerFileAAR Content:

FROM debian:sid-slim

RUN set -ex; \
    apt-get update; \
    DEBIAN_FRONTEND=noninteractive apt-get install --yes -o APT::Install-Suggests=false --no-install-recommends \
        unzip \
        ca-certificates \
        openjdk-17-jdk \
        curl \
        git; \
    rm -rf /var/lib/apt/lists/*; \
    useradd -ms /bin/bash appuser;

USER appuser

RUN set -ex; \
    cd /home/appuser/; \
    curl -o go.tgz -L https://go.dev/dl/go1.18.4.linux-amd64.tar.gz; \
    echo "c9b099b68d93f5c5c8a8844a89f8db07eaa58270e3a1e01804f17f4cf8df02f5  go.tgz" | sha256sum -c; \
    tar -xzf go.tgz; \
    rm go.tgz; \
    mkdir -p "/home/appuser/app/sdk/licenses" "/home/appuser/app/ndk"; \
    printf "\n24333f8a63b6825ea9c5514f83c2829b004d1fee" > "/home/appuser/app/sdk/licenses/android-sdk-license"; \
    printf "\n84831b9409646a918e30573bab4c9c91346d8abd" > "/home/appuser/app/sdk/licenses/android-sdk-preview-license"; \
    cd /home/appuser/app/sdk/; \
    curl -o commandlinetools.zip -L https://dl.google.com/android/repository/commandlinetools-linux-8512546_latest.zip; \
    echo "2ccbda4302db862a28ada25aa7425d99dce9462046003c1714b059b5c47970d8  commandlinetools.zip" | sha256sum -c; \
    unzip commandlinetools.zip; \
    rm commandlinetools.zip; \
    cd /home/appuser/app/ndk/; \
    curl -o ndk19.zip -L https://dl.google.com/android/repository/android-ndk-r19c-linux-x86_64.zip; \
    echo "4c62514ec9c2309315fd84da6d52465651cdb68605058f231f1e480fcf2692e1  ndk19.zip" | sha256sum -c; \
    sha256sum ndk19.zip ; \
    unzip ndk19.zip; \
    rm ndk19.zip; \
    cd /home/appuser/app/sdk/; \
    /home/appuser/app/sdk/cmdline-tools/bin/sdkmanager --sdk_root=/home/appuser/app/sdk/ --install "platforms;android-32";

ENV ANDROID_SDK_ROOT="/home/appuser/app/sdk" \
    ANDROID_HOME="/home/appuser/app/sdk" \
    GOPATH="/home/appuser/gopackages/" \
    PATH="$PATH:/home/appuser/go/bin:/home/appuser/gopackages/bin" \
    ANDROID_NDK_HOME=/home/appuser/app/ndk/android-ndk-r19c/

RUN set -ex; \
    mkdir /home/appuser/gopackages/; \
    cd /home/appuser/; \
    git clone https://github.com/breez/breez.git; \
    cd /home/appuser/breez; \
    git checkout ef2bc21623577e82cab5fcba250d8ccae8602957; \
    GO111MODULE=off go get golang.org/x/mobile/cmd/gomobile; \
    GO111MODULE=off go get golang.org/x/mobile/cmd/gobind; \
    /home/appuser/gopackages/bin/gomobile init; \
    ./build.sh

and apk built with:

podman build --rm -t breez_build_apk -f ContainerFileAPK

ContainerFileAPK:

FROM debian:sid-slim

RUN set -ex; \
    apt-get update; \
    DEBIAN_FRONTEND=noninteractive apt-get install --yes -o APT::Install-Suggests=false --no-install-recommends \
        gradle \
        xz-utils \
        unzip \
        zip \
        openjdk-17-jdk \
        ca-certificates \
        file \
        curl \
        git; \
    rm -rf /var/lib/apt/lists/*; \
    useradd -ms /bin/bash appuser;

USER appuser

RUN set -ex; \
    mkdir -p "/home/appuser/app/sdk/licenses"; \
    printf "\n24333f8a63b6825ea9c5514f83c2829b004d1fee" > "/home/appuser/app/sdk/licenses/android-sdk-license"; \
    cd /home/appuser/app/sdk/; \
    curl -o flutter_linux_2.10.5-stable.tar.xz -L https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_2.10.5-stable.tar.xz; \
    echo "0d3670c65314624f0d4b549a5942689578c3f899d15bbdcfb3909d4470c69edd  flutter_linux_2.10.5-stable.tar.xz" | sha256sum -c; \    
    tar xf flutter_linux_2.10.5-stable.tar.xz; \
    rm flutter_linux_2.10.5-stable.tar.xz; \
    /home/appuser/app/sdk/flutter/bin/flutter config --no-analytics; \
    /home/appuser/app/sdk/flutter/bin/dart --disable-analytics;

WORKDIR /home/appuser/

ENV ANDROID_SDK_ROOT="/home/appuser/app/sdk" \
    ANDROID_HOME="/home/appuser/app/sdk"

RUN set -ex; \
    git clone https://github.com/breez/breezmobile/; \
    cd breezmobile; \
    git checkout 0.12.toppodcasts; \
    mkdir /home/appuser/FromGithub /home/appuser/LocalBuild; \
    cd /home/appuser/FromGithub; \
    curl -o 012.apk -L https://github.com/breez/breezmobile/releases/download/0.12.toppodcasts/1656698898-1.apk; \
    echo "64a66b93dc22784da946ca1976f6a0c4593868abd83b3e1ca5c7a3c881cf5a2c  012.apk" | sha256sum -c; \    
    unzip 012.apk; \
    mv 012.apk /home/appuser/012-from-github.apk; \
    cat  assets/flutter_assets/conf/moonpay.conf; \
    cp assets/flutter_assets/conf/moonpay.conf /home/appuser/breezmobile/conf/moonpay.conf;    
    cat assets/flutter_assets/conf/breez.conf; \
    cp assets/flutter_assets/conf/breez.conf /home/appuser/breezmobile/conf/breez.conf;
    cat assets/flutter_assets/conf/lnd.conf; \
    cp assets/flutter_assets/conf/lnd.conf /home/appuser/breezmobile/conf/lnd.conf;
    cat assets/flutter_assets/conf/marketplace.conf; \
    cp assets/flutter_assets/conf/marketplace.conf /home/appuser/breezmobile/conf/marketplace.conf; \
    cd /home/appuser/breezmobile/android/; \
    keytool -genkey -alias breez_alias -keystore app/breez.pfx -storetype PKCS12 -keyalg RSA -keysize 4096 -storepass breez_alias -keypass breez_alias -validity 10000 -dname CN=IL; \
    printf "\nstoreFile=breez.pfx\nstorePassword=breez_alias\nkeyPassword=breez_alias\nkeyAlias=breez_alias" > key.properties; \
echo "{
  \"project_info\": {
    \"project_number\": \"463327817067\",
    \"firebase_url\": \"https://breez-technology.firebaseio.com\",
    \"project_id\": \"breez-technology\",
    \"storage_bucket\": \"breez-technology.appspot.com\"
  },
  \"client\": [
    {
      \"client_info\": {
        \"mobilesdk_app_id\": \"1:463327817067:android:90ddc9c877b6277f\",
        \"android_client_info\": {
          \"package_name\": \"com.breez.client\"
        }
      },
      \"oauth_client\": [
        {
          \"client_id\": \"463327817067-3508ng7nsbmp3kv3v19nljdu8o5a8cku.apps.googleusercontent.com\",
          \"client_type\": 3
        }
      ],
      \"api_key\": [
        {
          \"current_key\": \"AIzaSyAlJWsGJcsK2U9BcYahortPZ7epzKmDcU8\"
        }
      ],
      \"services\": {
        \"appinvite_service\": {
          \"other_platform_oauth_client\": [
            {
              \"client_id\": \"463327817067-3508ng7nsbmp3kv3v19nljdu8o5a8cku.apps.googleusercontent.com\",
              \"client_type\": 3
            }
          ]
        }
      }
    }
  ],
  \"configuration_version\": \"1\"
}" >  /home/appuser/breezmobile/android/app/src/client/google-services.json;

then run both containers and copy breez.aar from the first to another:

podman run --rm -ti --name breez_aar_build -ti breez_aar_build
podman run --rm -ti --name breez_build_apk -ti breez_build_apk 
podman cp breez_aar_build:/home/appuser/breez/build/android/breez.aar breez_build_apk:/home/appuser/breezmobile/android/app/libs/breez.aar

in breez_build_apk container:

    cd /home/appuser/breezmobile/; \
    /home/appuser/app/sdk/flutter/bin/flutter build apk --target-platform=android-arm64 --flavor=client --release --target=lib/main.dart --no-tree-shake-icons; \
    cp /home/appuser/breezmobile/build/app/outputs/flutter-apk/app-client-release.apk /home/appuser/LocalBuild/012-local-build.apk; \
    cd /home/appuser/LocalBuild/; \
    unzip 012-local-build.apk; \
    mv 012-local-build.apk /home/appuser/012-local-build.apk; \
    cd /home/appuser/; \
    diff --recursive --brief ./FromGithub/ ./LocalBuild/

result is diff compared to https://github.com/breez/breezmobile/releases/download/0.12.toppodcasts/1656698898-1.apk

Files ./FromGithub/AndroidManifest.xml and ./LocalBuild/AndroidManifest.xml differ
Only in ./FromGithub/META-INF: GOOGPLAY.RSA
Only in ./FromGithub/META-INF: GOOGPLAY.SF
Only in ./FromGithub/META-INF: MANIFEST.MF
Files ./FromGithub/assets/dexopt/baseline.prof and ./LocalBuild/assets/dexopt/baseline.prof differ
Files ./FromGithub/classes.dex and ./LocalBuild/classes.dex differ
Files ./FromGithub/lib/arm64-v8a/libapp.so and ./LocalBuild/lib/arm64-v8a/libapp.so differ
Files ./FromGithub/lib/arm64-v8a/libgojni.so and ./LocalBuild/lib/arm64-v8a/libgojni.so differ
Only in ./LocalBuild/lib: armeabi-v7a
Only in ./LocalBuild/lib: x86
Only in ./LocalBuild/lib: x86_64
Only in ./FromGithub/: stamp-cert-sha256

diff inspection

Bugs found from diff content, workarounds included, they need to be fixed for easier automation of future builds and for other reasons (pathleakage is privacy issue for shared local builds, static versionCode won't enable apk updates (need remove apk and then install, fdroid will report it as error or use another number for it, build.sh script should be able to compile both debug & release versions)

  1. file leak full-path in file: libapp.so which should be avoided completely as it's a bug, workaround is to use upstream path /var/local/builder/breez/builds/master/breezmobile to compile app. 
    │ +file:///var/local/builder/breez/builds/master/breezmobile/.dart_tool/flutter_build/generated_main.dart
│ -file:///home/appuser/breezmobile/.dart_tool/flutter_build/generated_main.dart

fdroid.org builds are using /home/vagrant/ as path as they built using vagrant in regular user (creating /var/local/builder/ require root), the build process shouldn't write this full path line to output (no path at all or relative path to project root dir)

  1. in AndroidManifest.xml file: the versionCode in built version is 1: https://github.com/breez/breezmobile/blob/901dfbba1673a1aa8d6c26ffe3867314d7cd4b92/android/app/build.gradle#L36

in downloaded version it's 1656698898, and will be changed each version. it make sense to update this value in repo before releasing new app, like commit of new version. currently workaround: replace value from extracting it from apk file name published on github or value from decompiled AndroidManifest.xml

other diff is ok (part of GooglePlay doing https://stackoverflow.com/questions/44689959/androidmanifest-xml-file)

< <manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionCode="1" android:versionName="0.12-beta" android:compileSdkVersion="32" android:compileSdkVersionCodename="12" package="com.breez.client" platformBuildVersionCode="32" platformBuildVersionName="12">
---
> <manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionCode="1656698898" android:versionName="0.12-beta" android:compileSdkVersion="32" android:compileSdkVersionCodename="12" package="com.breez.client" platformBuildVersionCode="32" platformBuildVersionName="12">
260a261
>     <meta-data android:name="com.android.vending.derived.apk.id" android:value="1"/>
  1. the locally built breez.aar will have debug symbols in it, build.sh will generate them: 6d2d0466bd53496e7f192c2209e16fbc6e3af9a2 while build-ios.sh won't because of -ldflags="-s -w" https://github.com/breez/breez/blob/b4265e7778d1ef89631bea35e5cb61eb6fdd8128/build-ios.sh#L6

I suggest to add parameter to the shell script of "debug" or "release", if "release" is supplied, add args -ldflags="-s -w"

taken above changes into account (setting build-path & versoincode & adding -ldflags="-s -w") and using openjdk 11 & go 1.18.3 instead in below 1 file name: ContainerFileMultiStage.

build with:

podman build --rm -t breez_build_apk_one_file --ulimit=nofile=8192 -f ContainerFileMultiStage

ContainerFileMultiStage content:

# podman build --rm -t breez_build_apk_one_file1 -f ContainerFileMultiStage
# podman run --rm --name breez_build_apk_one_file -ti breez_build_apk_one_file
FROM debian:sid-slim AS breez_aar_builder

RUN set -ex; \
    apt-get update; \
    DEBIAN_FRONTEND=noninteractive apt-get install --yes -o APT::Install-Suggests=false --no-install-recommends \
        unzip \
        ca-certificates \
        openjdk-11-jdk \
        curl \
        git; \
    rm -rf /var/lib/apt/lists/*; \
    useradd -ms /bin/bash appuser;

USER appuser

RUN set -ex; \
    cd /home/appuser/; \
    curl -o go.tgz -L https://go.dev/dl/go1.18.3.linux-amd64.tar.gz; \
    echo "956f8507b302ab0bb747613695cdae10af99bbd39a90cae522b7c0302cc27245  go.tgz" | sha256sum -c; \
    tar -xzf go.tgz; \
    rm go.tgz; \
    mkdir -p "/home/appuser/app/sdk/licenses" "/home/appuser/app/ndk"; \
    printf "\n24333f8a63b6825ea9c5514f83c2829b004d1fee" > "/home/appuser/app/sdk/licenses/android-sdk-license"; \
    printf "\n84831b9409646a918e30573bab4c9c91346d8abd" > "/home/appuser/app/sdk/licenses/android-sdk-preview-license"; \
    cd /home/appuser/app/sdk/; \
    curl -o commandlinetools.zip -L https://dl.google.com/android/repository/commandlinetools-linux-8512546_latest.zip; \
    echo "2ccbda4302db862a28ada25aa7425d99dce9462046003c1714b059b5c47970d8  commandlinetools.zip" | sha256sum -c; \
    unzip commandlinetools.zip; \
    rm commandlinetools.zip; \
    cd /home/appuser/app/ndk/; \
    curl -o ndk19.zip -L https://dl.google.com/android/repository/android-ndk-r19c-linux-x86_64.zip; \
    echo "4c62514ec9c2309315fd84da6d52465651cdb68605058f231f1e480fcf2692e1  ndk19.zip" | sha256sum -c; \
    sha256sum ndk19.zip ; \
    unzip ndk19.zip; \
    rm ndk19.zip; \
    cd /home/appuser/app/sdk/; \
    /home/appuser/app/sdk/cmdline-tools/bin/sdkmanager --sdk_root=/home/appuser/app/sdk/ --install "platforms;android-32";

ENV ANDROID_SDK_ROOT="/home/appuser/app/sdk" \
    ANDROID_HOME="/home/appuser/app/sdk" \
    GOPATH="/home/appuser/gopackages/" \
    PATH="$PATH:/home/appuser/go/bin:/home/appuser/gopackages/bin" \
    ANDROID_NDK_HOME=/home/appuser/app/ndk/android-ndk-r19c/

RUN set -ex; \
    mkdir /home/appuser/gopackages/; \
    cd /home/appuser/; \
    git clone https://github.com/breez/breez.git; \
    cd /home/appuser/breez; \
    git checkout ef2bc21623577e82cab5fcba250d8ccae8602957; \
    GO111MODULE=off go get golang.org/x/mobile/cmd/gomobile; \
    GO111MODULE=off go get golang.org/x/mobile/cmd/gobind; \
    /home/appuser/gopackages/bin/gomobile init; \
    sed -i 's/github.com\/breez\/breez\/bindings/-ldflags="-s -w" github.com\/breez\/breez\/bindings/' build.sh; \
    ./build.sh

FROM debian:sid-slim

RUN set -ex; \
    apt-get update; \
    DEBIAN_FRONTEND=noninteractive apt-get install --yes -o APT::Install-Suggests=false --no-install-recommends \
        gradle \
        xz-utils \
        unzip \
        zip \
        openjdk-11-jdk \
        ca-certificates \
        file \
        curl \
        git; \
    rm -rf /var/lib/apt/lists/*; \
    mkdir -p /var/local/builder/breez/builds/master/; \
    useradd -ms /bin/bash appuser; \
    chown -R appuser:appuser /var/local/builder;

USER appuser

RUN set -ex; \
    mkdir -p "/home/appuser/app/sdk/licenses"; \
    printf "\n24333f8a63b6825ea9c5514f83c2829b004d1fee" > "/home/appuser/app/sdk/licenses/android-sdk-license"; \
    cd /home/appuser/app/sdk/; \
    curl -o flutter_linux_2.10.5-stable.tar.xz -L https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_2.10.5-stable.tar.xz; \
    echo "0d3670c65314624f0d4b549a5942689578c3f899d15bbdcfb3909d4470c69edd  flutter_linux_2.10.5-stable.tar.xz" | sha256sum -c; \    
    tar xf flutter_linux_2.10.5-stable.tar.xz; \
    rm flutter_linux_2.10.5-stable.tar.xz; \
    /home/appuser/app/sdk/flutter/bin/flutter config --no-analytics; \
    /home/appuser/app/sdk/flutter/bin/dart --disable-analytics;

WORKDIR /home/appuser/

ENV ANDROID_SDK_ROOT="/home/appuser/app/sdk" \
    ANDROID_HOME="/home/appuser/app/sdk"

RUN set -ex; \
    cd /var/local/builder/breez/builds/master/; \
    git clone https://github.com/breez/breezmobile/; \
    cd breezmobile; \
    git checkout 0.12.toppodcasts; \
    mkdir /home/appuser/FromGithub /home/appuser/LocalBuild; \
    cd /home/appuser/FromGithub; \
    curl -o 012.apk -L https://github.com/breez/breezmobile/releases/download/0.12.toppodcasts/1656698898-1.apk; \
    echo "64a66b93dc22784da946ca1976f6a0c4593868abd83b3e1ca5c7a3c881cf5a2c  012.apk" | sha256sum -c; \    
    unzip 012.apk; \
    mv 012.apk /home/appuser/012-from-github.apk; \
    cat  assets/flutter_assets/conf/moonpay.conf; \
    cp assets/flutter_assets/conf/moonpay.conf /var/local/builder/breez/builds/master/breezmobile/conf/moonpay.conf; \
    cat assets/flutter_assets/conf/breez.conf; \
    cp assets/flutter_assets/conf/breez.conf /var/local/builder/breez/builds/master/breezmobile/conf/breez.conf; \
    cat assets/flutter_assets/conf/lnd.conf; \
    cp assets/flutter_assets/conf/lnd.conf /var/local/builder/breez/builds/master/breezmobile/conf/lnd.conf; \
    cat assets/flutter_assets/conf/marketplace.conf; \
    cp assets/flutter_assets/conf/marketplace.conf /var/local/builder/breez/builds/master/breezmobile/conf/marketplace.conf; \
    cd /var/local/builder/breez/builds/master/breezmobile/android/; \
    keytool -genkey -alias breez_alias -keystore app/breez.pfx -storetype PKCS12 -keyalg RSA -keysize 4096 -storepass breez_alias -keypass breez_alias -validity 10000 -dname CN=IL; \
    printf "\nstoreFile=breez.pfx\nstorePassword=breez_alias\nkeyPassword=breez_alias\nkeyAlias=breez_alias" > key.properties; \
    sed -i 's/versionCode 1 /versionCode 1656698898 /g' /var/local/builder/breez/builds/master/breezmobile/android/app/build.gradle ; 

COPY --from=breez_aar_builder /home/appuser/breez/build/android/breez.aar /var/local/builder/breez/builds/master/breezmobile/android/app/libs/breez.aar 

RUN set -ex; \
    echo "{\"project_info\":{\"project_number\":\"463327817067\",\"firebase_url\":\"https://breez-technology.firebaseio.com\",\"project_id\":\"breez-technology\",\"storage_bucket\":\"breez-technology.appspot.com\"},\"client\":[{\"client_info\":{\"mobilesdk_app_id\":\"1:463327817067:android:90ddc9c877b6277f\",\"android_client_info\":{\"package_name\":\"com.breez.client\"}},\"oauth_client\":[{\"client_id\":\"463327817067-3508ng7nsbmp3kv3v19nljdu8o5a8cku.apps.googleusercontent.com\",\"client_type\":3}],\"api_key\":[{\"current_key\":\"AIzaSyAlJWsGJcsK2U9BcYahortPZ7epzKmDcU8\"}],\"services\":{\"appinvite_service\":{\"other_platform_oauth_client\":[{\"client_id\":\"463327817067-3508ng7nsbmp3kv3v19nljdu8o5a8cku.apps.googleusercontent.com\",\"client_type\":3}]}}}],\"configuration_version\":\"1\"}" >  /var/local/builder/breez/builds/master/breezmobile/android/app/src/client/google-services.json; \
    cd /var/local/builder/breez/builds/master/breezmobile/; \
    sed -i '/^\s*<\/application>\s*/i <meta-data android:name="com.android.vending.derived.apk.id" android:value="1"\/>' android/app/src/main/AndroidManifest.xml; \
    /home/appuser/app/sdk/flutter/bin/flutter build apk --target-platform=android-arm64 --flavor=client --release --target=lib/main.dart --no-tree-shake-icons; \
    cp /var/local/builder/breez/builds/master/breezmobile/build/app/outputs/flutter-apk/app-client-release.apk /home/appuser/LocalBuild/012-local-build.apk; \
    cd /home/appuser/LocalBuild/; \
    unzip 012-local-build.apk; \
    mv 012-local-build.apk /home/appuser/012-local-build.apk;

WORKDIR /home/appuser/

diff brief output from command diff --recursive --brief ./FromGithub/ ./LocalBuild/ that has to run after enter the container with podman run --rm --name breez_build_apk_one_file -ti breez_build_apk_one_file

The only diff is in libgojni.so file, suggestion is to publish the used breez.aar file, info in issue: https://github.com/breez/breez/issues/158 which will make it possible to show that breezmobile code is reproducible when using the same breez.aar.

for reproducing breez.aar more time should be spend TBD, some pointers are different NDK version and build path:

│ -  1  /var/local/builder/tools/android-sdk-linux/ndk/21.3.6528147/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/include
│ -  3  /var/local/builder/tools/android-sdk-linux/ndk/21.3.6528147/toolchains/llvm/prebuilt/linux-x86_64/lib64/clang/9.0.8/include
│ -=>   /var/local/builder/breez/builds/master/breez    (devel) 
│ -=>   /var/local/builder/breez/builds/master/breez    (devel) 
│ -  [     0]  Android (6454773 based on r365631c2) clang version 9.0.8 (https://android.googlesource.com/toolchain/llvm-project 98c855489587874b2a325e7a516b99d838599c6f) (based on LLVM 9.0.8svn)
│ +  [     0]  Android (5058415 based on r339409) clang version 8.0.2 (https://android.googlesource.com/toolchain/clang 40173bab62ec746213857d083c0e8b0abb568790) (https://android.googlesource.com/toolchain/llvm 7a6618d69e7e8111e1d49dc9e78
kingonly commented 2 years ago

Thanks for following up @emanuelb 🙏❤️ @yaslama please take look when you can.

emanuelb commented 2 years ago

opened issues:

  1. 965 regarding the need to update VersionCode before each release

  2. 966 regarding the full build path leak in libapp.so binary from breezmobile compilation.

  3. https://github.com/breez/breez/issues/160 regarding breez.aar contain unstripped binary libgojni.so.

will check the RB of newer version with downloading aar from github next week, and will update the status here, also will open separate issues for bugs uncovered during the process.

mohammadrafigh commented 1 year ago

Still in progress?

RasheedAZ commented 11 months ago

Once this is complete, Breez can be submitted to F-Droid for inclusion right?

emanuelb commented 11 months ago

Once this is complete, Breez can be submitted to F-Droid for inclusion right?

Apps can be submitted to f-droid even if they are not reproducible, the criteria is that the app and all of it's deps (build time and run time) will be open source, for more info: https://f-droid.org/en/docs/Inclusion_Policy/

There is another open issue regarding f-droid inclusion #413

Being reproducible has many benefits including using the f-droid support of reproducible builds (upstream apk is used if reproducible)