search

dstark5 / Openlib

An Open source app to download and read books from shadow library (Anna’s Archive)
GNU General Public License v3.0
1.03k stars 51 forks source link

Reproducible Builds #93

Open IzzySoft opened 1 month ago

IzzySoft commented 1 month ago

I've checked your app if its build is reproducible (see: Reproducible bulds, special client support and more in our repo), but while I was able to successfully generate the APK by manually specifying the Flutter version (having flutter as a submodule in your git repo would eliminate the manual step here), the differences to the one provided at your latest release were huge. Which is at least partly due to Flutter embedding the build paths into its native libs (could you please let me know the path you are building in?) – but seemingly the APK here was also build from a commit other than the tag points to.

Here's the APK diff:

-------------------------------
--- /dev/fd/63  2024-07-21 15:17:01.987148320 +0200
+++ /dev/fd/62  2024-07-21 15:17:01.987148320 +0200
@@ -1,19 +1,19 @@
   META-INF/com/android/build/gradle/app-metadata.properties
   32-bit CRC value (hex):                         7e113144
   assets/dexopt/baseline.prof
-  32-bit CRC value (hex):                         ef5a1df3
+  32-bit CRC value (hex):                         0842fa9b
   assets/dexopt/baseline.profm
   32-bit CRC value (hex):                         d828a793
   classes.dex
-  32-bit CRC value (hex):                         795b3175
+  32-bit CRC value (hex):                         0f4511f0
   classes2.dex
   32-bit CRC value (hex):                         57b2ecfe
   lib/arm64-v8a/libapp.so
-  32-bit CRC value (hex):                         776093eb
+  32-bit CRC value (hex):                         1ab192aa
   lib/arm64-v8a/libc++_shared.so
   32-bit CRC value (hex):                         da048360
   lib/arm64-v8a/libflutter.so
-  32-bit CRC value (hex):                         64fb2801
+  32-bit CRC value (hex):                         ff384be5
   lib/arm64-v8a/libjniPdfium.so
   32-bit CRC value (hex):                         5abf3f4c
   lib/arm64-v8a/libmodft2.so
@@ -33,7 +33,7 @@
   assets/flutter_assets/FontManifest.json
   32-bit CRC value (hex):                         f4e36024
   assets/flutter_assets/NOTICES.Z
-  32-bit CRC value (hex):                         3cd547d7
+  32-bit CRC value (hex):                         b4cfcf15
   assets/flutter_assets/assets/captcha.svg
   32-bit CRC value (hex):                         dbe919e2
   assets/flutter_assets/assets/delete_confirmation.svg
@@ -2469,7 +2469,7 @@
   res/z3.xml
   32-bit CRC value (hex):                         cc6ffadf
   res/z6
-  32-bit CRC value (hex):                         f987d267
+  32-bit CRC value (hex):                         37103375
   res/zH.xml
   32-bit CRC value (hex):                         71337847
   res/zO.xml

As pointed out above, the diff in the *.so can most likely be eliminated if we use the same build path here that you have. I gladly try another run if you can provide me the mentioned details (build path and commit hash).

We'd appreciate if you could help making your build reproducible. We've prepared some hints on reproducible builds for that.

Looking forward to your reply!

IzzySoft commented 1 month ago

@dstark5 you're still around?

dstark5 commented 3 weeks ago

Yes @IzzySoft sorry for the delayed response

droidjedininja commented 3 weeks ago

Hey, are you guys going to fix ( no available mirrors )? I can't download a single book?

IzzySoft commented 3 weeks ago

@dstark5 thanks for your response! Do you need additional details from our end (for the differing dex)?

@droidjedininja please don't hijack issues not related to your question :wink: It would be much preferred if you could open your own issue.

droidjedininja commented 3 weeks ago

Sorry bout that. Wasn't trying to hi-jack your space. I opened my own Issue, thanks.

IzzySoft commented 3 weeks ago

Thanks @droidjedininja! Helps to keep things clear :wink:

@dstark5 could it be you build on Windows? libapp.so e.g. contains a string file:///C:/Users/rog/StudioProjects/Libgen/.dart_tool/flutter_build/dart_plugin_registrant.dart

dstark5 commented 3 weeks ago

Hey, are you guys going to fix ( no available mirrors )? I can't download a single book?

Hey Hi👋, The issue will be fixed within a couple of days, Thank you

dstark5 commented 3 weeks ago

Thanks @droidjedininja! Helps to keep things clear 😉

@dstark5 could it be you build on Windows? libapp.so e.g. contains a string file:///C:/Users/rog/StudioProjects/Libgen/.dart_tool/flutter_build/dart_plugin_registrant.dart

Yes @IzzySoft

IzzySoft commented 3 weeks ago

Aw… OK, guess then we have no chance to match the paths – and thus cannot achieve reproducible builds. Just to make sure I didn't miss something: cc @obfusk

obfusk commented 3 weeks ago

You could try setting build_repo_dir: /C:/Users/rog/StudioProjects/Libgen and build_home_dir: /C:/Users/rog. It could work if the embedded paths are all file: URLs.

IzzySoft commented 2 weeks ago

Nope, unfortunately not:

useradd: invalid home directory '/C:/Users/rog'
obfusk commented 2 weeks ago 
useradd: invalid home directory '/C:/Users/rog'

Ah. That would require some adjustments to provisioning then. But you could try android_home: /C:/Users/rog/sdk, build_repo_dir: /C:/Users/rog/StudioProjects/Libgen and keep build_home_dir as usual.

IzzySoft commented 2 weeks ago

Sorry, that doesn't work either:

+ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/C:/Users/rog/sdk/cmdline-tools/12.0/bin
+ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/C:/Users/rog/sdk/cmdline-tools/12.0/bin
+ yes
+ sdkmanager --sdk_root=/C:/Users/rog/sdk --licenses
/scripts/provision.sh: line 30: sdkmanager: command not found
+ true

Colon is the separator in PATH, so android_home gets split into two separate entries there.

IzzySoft commented 2 weeks ago

@dstark5 I've just chatted with Fay to see what options are left. We tried some more – but from our end, we can't get it built reproducibly; the only remaining option would be if you could build on Linux. You're welcome to use Fay's rbtlog for that (we could give you our build recipe for that to get you started), which would almost guarantee RB then.

As RB is not mandatory at IzzyOnDroid (though highly recommended), we leave the decision to you and of course accept it if you say that's asked too much. Just let us know please what you decide.

Thanks a lot for having us supported up to here!

dstark5 commented 4 days ago

Hi @IzzySoft 👋 I've mistakenly changed the app version build number to 1.0.7+1 which haven't triggered any build on the izzyOnDroid now I have changed the build number to +10 but still the build isn't triggered

IzzySoft commented 4 days ago

As it isn't set up for RB, there are no builds triggered here (the APKs for the repo are taken directly from your releases, signed by you). So what build do you mean? If for RB, until set up that's done manually. And we'd need an APK from you plus the matching tag/commit it was built from.