Closed IzzySoft closed 1 week ago
PPS, same issue for sk.henrichg.pppputsettings
android.os.DeadSystemRuntimeException
This is exception class from Android.
Is checked in PPP custom ACRA classes only for Android SDK 33+:
if (Build.VERSION.SDK_INT >= 33) {
if (_exception instanceof DeadSystemRuntimeException) {
// Exit app. This restarts PPP
System.exit(2);
return false;
}
}
Maybe is for this required android.jar from (it is used used in PPP)
https://github.com/Reginer/aosp-android-jar/tree/main/android-35
Debug brach of PPP has configured compileSDK=35 (release has 34).
Note: This android.jar (from reginer repo) is used also in PPPE and PPPPS. And: This jar is required also for another functionalities in PPP, PPPE, PPPPS. For this reason, use this android.jar. Without this may be not possible to build PPP, PPE, PPPPS.
Use how? I just clone your repo and run gradle assembleRelease
from the repo root. So where would that JAR be expected? It's not part of the resulting APK.
Replace android.jar in your SDK, folder platforms/android-35 (for compileSdk 35), android-34 (for compileSdk 34). Warning: for compileSdk 34 you nust download android.jar from this: https://github.com/Reginer/aosp-android-jar/tree/main/android-34
In my AndroidSdk/plaforms folder are downloaded SDKs from 26 to 35. :-) Downloaded using Android Studio with its "SDK manager".
Warning. All 3 apps uses my own key store for release apk. Android Studio generates its own for debug build variant. Also for PPP is required passwords_key.gradle (used for encript contacts data in backup files). Both are not in GitHub, for security reason.
For encription of contacts data is used this library:
implementation 'com.github.simbiose:Encryption:2.0.1'
There seems to be a misconception: reproducible builds happen in an ephemeral container, so this is not about a local installation. If it can be done within the build recipe, I could check – but then, if it's specific to the SDK version, it will break updates whenever the SDK switches to a newer version. That's impractical, as it adds quite some maintenance burden on the RB side. With a team as small as ours, we cannot do that; we'll have to leave these two apps out of the RB part then, sorry.
Signing is not an issue, as we just need the unsigned APK (basically, the signature is "copied" from your signed APK; if the build was identical, that should verify – if it does not verify, the build was not identical). So the APK generated on our side even must be unsigned for that to work.
For some background, please see: Reproducible Builds, special client support and more at IzzyOnDroid
Sorry, but by me, is not possible to using Reproducible Builds. Because PPP, PPPE, PPPPS uses hidden API, for which is required special android.jar from reginer repo. For all 3 apps are released also apk file in GitHub "Releases" and each has "fastlane" folder in GitHub. In it is which version is released.
Question: old release support with "fastlane" stays active?
And not only two, but all 3 apps uses reginer andorid.jar: PhoneProfilesPlus (PPP), PhoneProfilesPlusExtender (PPPE), PPPPutSettings (PPPPS).
Exists any notification for new articles in https://android.izzysoft.de/articles.php? For example by e-mail? Or only Mastodon is supported? I do not have account in it. :-)
Some questions about Reproducible Build:
So basically, the RB process at IzzyOnDroid, running separately from the app repo itself, works like this (very simplified):
git clone
the app repo (e.g. yours, this one here)./gradlew assembleRelease
to produce an unsigned APKapksigner verify
on the resulting APK. If it verifies, it's RB – otherwise not.As I wrote, that's the simplified variant. For details you can take a look at rbtlog, which is what we use for this. Basically, F-Droid uses the same tools rbtlog uses, just their process is a little bit different.
To the previous comment: RB is not mandatory at IzzyOnDroid – so if it's really not possible for your apps, I'd simply put a note so we don't annoy you over and again, and that's it. No bad feelings.
Exists any notification for new articles in android.izzysoft.de/articles.php?
Subscribe to the RSS feed? Also available in German.
Or only Mastodon is supported? I do not have account in it. :-)
No Mastodon account needed either. It's part of the Fediverse, so any account on the Fedi should do. Or, ahem, use the RSS Feed :stuck_out_tongue_winking_eye:
Now I can understand. :-)
Unfortunately, if the user in Droid-ify, NeoStore sets that he does not want apps that have not passed RB, then a huge pity for me. If Droid-ify, NeoStore will have such a feature. Yes?
Depends on the implementation in the clients. This is something just "on the list" but IMHO not even yet through draft. I guess there could be 3 options to such a setting:
So if the first or the last option is chosen, your apps would not be affected by this. Only those using the "strict" setting wouldn't get them then – and those will be few IMHO.
So while it would be real nice (and indeed an advantage) if RB can be established, I would not be overly concerned if it's not possible. Currently, 23.4% of the apps at IzzyOnDroid are set up with RB, and only around 10% at F-Droid (in total numbers the difference is smaller: ~300 at IzzyOnDroid versus ~400 at F-Droid). And as F-Droid (at least currently) does not distribute those details via any index, it could not even be enforced for their repo – which at least in my opinion would result in discouraging the "middle option"; "unless you know exactly what you're doing there" :stuck_out_tongue_winking_eye:
OK, so the future will tell. :-)
If there is nothing else to do with this issue, please close it. Thanks.
Right: if we cannot make it RB, there's nothing left to do here. I will then mark both apps as "not reproducible" – so I cannot forget and ask again in a year or so :wink:
Thanks again!
I've tried to build your app from source, using OpenJDK 17 on Debian bookworm, but the build failed:
Do you have any clue what's wrong there?
PS, while being here: your gradle wrapper lacks the JAR, maybe you could add that before the next release?