Open emanuelb opened 2 years ago
Hi @emanuelb,
After running instructions from README on plain repo and verifying all works (after fixing #88):
git clone git@github.com:coffee-software/coffee.wallet.git
cd coffee.wallet
npm run build
./browserify.sh
cordova platform add browser
cordova run
I was able to build APK on my linux with simply:
cordova platform add android
cordova build android
README refers to Cordova on purpose as there are many build systems for cordova depending on system you are on and system you are targeting, if you ate using containers etc.
Thanks a lot for posting this thou as might be useful for someone building using podman, I will extend info in README.
The reason a build script is needed is in order to specify the build environment and tools used to build the app (specific versions) in order to achieve reproducible builds, see related issue of testing coffee.wallet on walletscrutiny: https://gitlab.com/walletscrutiny/walletScrutinyCom/-/issues/404 which I plan to do in future (compare the built APK to APK downloaded from GooglePlay)
for more details: walletscrutiny website: https://walletscrutiny.com/ reproducible builds: https://reproducible-builds.org/
@emanuelb this is a great project and I would love to see Coffee Wallet verified there.
I have added more info to README on building.
https://github.com/coffee-software/coffee.wallet/blob/develop/README.md
I have also added a Dockerfile that can be used to build using specific versions (used yours as loose reference, hope you don't mind):
https://github.com/coffee-software/coffee.wallet/blob/develop/build/Dockerfile
You can build app using docker buildkit like this:
DOCKER_BUILDKIT=1 docker build -f build/Dockerfile -o . .
It will produce app-release-unsigned.apk
.
Few issues I see:
current Play Store version was not build using this script, I could provide list of versions of packages and tools that were used but I can also use this Dockerfile to build next release (0.23) and ping you so you can verify it then.
production version is signed with google certificates but I assume you have a way to ignore this difference.
there is also a config.js file (added info to README) it is stored as plain text in apk. It contains keys to API providers like Infura / exchange providers / admob ids etc. This will be another difference from the app you build locally. This is not a security measure as I am aware those could be extracted from *.apk but I would rather not post those explicitly in source. Do you have a way to ignore such differences?
used yours as loose reference, hope you don't mind
Sure, feel free to modify & use it, other vendors Dockerfile are based on my scripts.
ping you so you can verify it then.
Yes, ping me when the next release is available.
I assume you have a way to ignore this difference.
Yes, Comparing built APK to APK from provider can be done with:
diff --brief --recursive ./LocalBuild ./FromProvider
Then only files relates to signature should be shown.
running diffoscope https://diffoscope.org/ on both APK which will compare them and show the difference.
tool developed by f-droid used to compare APKs by omitting signature https://github.com/obfusk/apksigcopier
Do you have a way to ignore such differences?
Automatically no, either it require to look at the diff itself, or better what I usually do is in the RB script I download the APK file, unzip it, cat configfile
and then copy it to where it should be for the build process to use it.
I could provide list of versions of packages and tools that were used
can you comment here which versions were used to generate this apk for version 0.22 on google play?
I tested version 0.22 details in: https://gitlab.com/walletscrutiny/walletScrutinyCom/-/issues/404#note_1361299141
it will be easier to test the next version that will use the Dockerfile in build directory.
README.md should contain the full instructions on how to compile the app, currently there is a message that refer to cordova docs instead: https://github.com/coffee-software/coffee.wallet/blob/e056a49b1e5e04928c7b69e1a29b95089fe2bcc1/README.md#L43
while trying to compile the android app I uncover issue: #88
managed to compile APK with command:
podman build --pull --rm -t coffeewallet_debian_build_apk -f Containerfile
Containerfile content:
APK is generated in path:
/home/appuser/app/coffeewallet/coffee.wallet/platforms/android/app/build/outputs/apk/release/app-release-unsigned.apk