F-Droid can't build

[licaon-kter]

...as the APK is not reproducible: https://monitor.f-droid.org/builds/log/com.maxrave.simpmusic/9#site-footer

My local APK: com.maxrave.simpmusic_9.apk.zip (remove .ZIP from filename)

Upstream APK: https://github.com/maxrave-dev/SimpMusic/releases/tag/v0.1.3-beta

Diff log: simp1.log

@maxrave-dev are you sure the APK you've uploaded is built from 452239aabe6c920bc4b2cec83112fcff57b3c11f ?

fyi @linsui @obfusk

/LE: fyi https://gitlab.com/fdroid/fdroiddata/-/commit/50fe3776b5228a1b409f641085f7ef90dc1e3412

[maxrave-dev]

I checked Fdroid logs and I saw this Why in 452239a commit, I removed PersistentStorage.kt class but this appearing in the logs?

[maxrave-dev]

@licaon-kter fdroid build a337f51e5a4c744c66bd4cc30fafda3bae4e7a34 commit instead 452239aabe6c920bc4b2cec83112fcff57b3c11f commit. But 452239aabe6c920bc4b2cec83112fcff57b3c11f is correct release commit

[linsui]

I guess you moved the tag but F-Droid doesn't update the commit automatically.

[maxrave-dev]

@linsui I had created a wrong release and I have recreated a new with same name tag. Sorry for this inconvenient

[linsui]

This is why reproducible build is good: if a wrong commit is used the build will fail. :)

[licaon-kter]

fdroid build https://github.com/maxrave-dev/SimpMusic/commit/a337f51e5a4c744c66bd4cc30fafda3bae4e7a34 commit instead

Correct... I've missed that. Then again retagging should not be taken lightly :)

Will retest asap

[licaon-kter]

Yup, tests ok: https://gitlab.com/fdroid/fdroiddata/-/commit/3d4f3ff3cd9ecce031bcbe0136bbc20e488f2fd3 :tada:

[maxrave-dev]

Thanks for fixing @licaon-kter @linsui

[licaon-kter]

@maxrave-dev do add the APKs for https://github.com/maxrave-dev/SimpMusic/releases/tag/v0.1.4-beta

ref: https://gitlab.com/fdroid/fdroiddata/-/jobs/5249534435#L641

[maxrave-dev]

@licaon-kter sorry for the wrong release tag. I removed it

[licaon-kter]

removed it then: https://gitlab.com/fdroid/fdroiddata/-/commit/0a8c80ad6f7ac6f39dbec5cf292234b2f643b7e1

[licaon-kter]

https://monitor.f-droid.org/builds/log/com.maxrave.simpmusic/13#site-footer line 446, not the same commit used for building? Why is the tooling version mismatched?

[maxrave-dev]

Is buildSytemVersion Gradle? I dont know why

[linsui]

Yes. You have updated it to 8.2.1 so we use 8.2.1. But you still use 8.1.

[maxrave-dev]

@linsui what do i need to fix this ?

[linsui]

How did you build the apk? If you use gradlew from your repo it should use the correct gradle version.

[licaon-kter]

fyi https://gitlab.com/fdroid/fdroiddata/-/commit/1a7fbe41f28bb05762a7a925906e1d3f9a3dfa2c

[maxrave-dev]

@linsui I updated the APK file from the release using Gradle 8.2.1 to build

[licaon-kter]

@maxrave-dev I'll test locally now

[licaon-kter]

A bit better but the JSON file diff is still there: simp13.log

[linsui]

It's a known issue, right? https://f-droid.org/docs/Reproducible_Builds/#aboutlibraries-gradle-plugin

[maxrave-dev]

It's a known issue, right? https://f-droid.org/docs/Reproducible_Builds/#aboutlibraries-gradle-plugin

Oh I see, I will recreate a new release with fix commit now

[linsui]

The timestamp is removed but the file is still different. Your json is minimized but our json is formatted.

[linsui]

The json in your repo is formatted. Why is it minimized in your apk? Maybe you can clean the cache and rebuild the apk.

[maxrave-dev]

I turn on pretty print and generate a new json, in commit https://github.com/maxrave-dev/SimpMusic/commit/0c3fcf9bf571edbf6f0a59451c862cefe0b7bba6

[linsui]

https://gitlab.com/fdroid/fdroiddata/-/merge_requests/14048 Fixed, thanks!

[licaon-kter]

Thanks

[licaon-kter]

@maxrave-dev just a heads up, pls build APKs from the Tagged commit in the future,else this happens:

==== detail begin ====

verification of APK with copied signature failed

Comparing reference APK to APK with copied signature...

Unexpected diff output:

diff -r /tmp/tmp1j9l4e5w/unsigned_binaries_com.maxrave.simpmusic_17.binary/content/META-INF/version-control-info.textproto /tmp/tmp1j9l4e5w/_tmp_tmp1j9l4e5w_sigcp_com.maxrave.simpmusic_17/content/META-INF/version-control-info.textproto

4c4

<   revision: "6f9840d7cbfb1de045f8c951e44e6d7931419475"

---

>   revision: "fbadeeeaedd3cf71e8ec40ca1a34a9a9835cec8e"

Binary files /tmp/tmp1j9l4e5w/unsigned_binaries_com.maxrave.simpmusic_17.binary/content/assets/dexopt/baseline.prof and /tmp/tmp1j9l4e5w/_tmp_tmp1j9l4e5w_sigcp_com.maxrave.simpmusic_17/content/assets/dexopt/baseline.prof differ

Binary files /tmp/tmp1j9l4e5w/unsigned_binaries_com.maxrave.simpmusic_17.binary/content/classes4.dex and /tmp/tmp1j9l4e5w/_tmp_tmp1j9l4e5w_sigcp_com.maxrave.simpmusic_17/content/classes4.dex differ

==== detail end ====

Not sure why the APK has the "commithash" inside, but it is what it is. We see this in other apps too.

fixed in: https://gitlab.com/fdroid/fdroiddata/-/commit/9f97b9ea56c09dfb88ceb336ad5a1910b7ab7c34

[licaon-kter]

not fixed fully, diff log: simp17.log

looks like https://gitlab.com/fdroid/fdroiddata/-/issues/3138 so can you bump https://github.com/maxrave-dev/SimpMusic/blob/v0.2.1/app/build.gradle.kts#L74 to 1.5.11 and the rest to 1.9.23? ref: https://developer.android.com/jetpack/androidx/releases/compose-kotlin#pre-release_kotlin_compatibility

/LE: fyi https://gitlab.com/fdroid/fdroiddata/-/commit/9f9bd9175ab198391f5cda27950ed09d0bfb90c7

[maxrave-dev]

@licaon-kter I changed and committed, so do i need to create a new release?

[licaon-kter]

Yes and no, you can post which commit you build and attach the APK here (rename to .ZIP, do not archive)

[maxrave-dev]

Commit: d17c588526bc57809ea977005e940d9f1f0971eb APK: https://drive.google.com/file/d/1paIbtjkgmIm8nXsp1Gc4vUCtxpsCxvVi/view?usp=sharing @licaon-kter

[licaon-kter]

notification piled on top

I got around to test and indeed it appears to be repro :tada:

[linsui]

https://gitlab.com/fdroid/fdroiddata/-/jobs/7224058371

[maxrave-dev]

I rebuilt and the Sha256 is 7db7100e0049349d4fb64fb06b0da680cf620b9b6f11d0f5baca7202c12a5c8c. So still not same with Fdroid Build. I don't know why @linsui

[licaon-kter]

here's the diff log: sim18.log

[licaon-kter]

ref: https://gitlab.com/fdroid/fdroiddata/-/jobs/7532995830#L3614

diff log: simp19.log with one extra JPG that F-Droid build does not have? odd

[maxrave-dev]

@licaon-kter why I always have different checksum from Fdroid Build? I use Compose Compiler but still wrong

[licaon-kter]

Not sure about that, I use apktool and diffoscope to check actual APK contents, not care about checksum in my tests,

[maxrave-dev]

Can you teach me how to install fdroid server in latest version? I install via apt-get but latest version is 2.2.1

[licaon-kter]

Just install that, to get deps

Then clone gitlab fdroidserver and use fdroid from that one, so you have the latest one ;)

[maxrave-dev]

Can you step by step

[licaon-kter]

$ git clone https://gitlab.com/fdroid/fdroidserver
$ export PATH=/pathtothisfolder/fdroidserver:$PATH
$ fdroid --help

Don't forget to put the path command in your shell start up script

[licaon-kter]

Do you want to build? It takes more than fdroidserver... see https://f-droid.org/docs

[maxrave-dev]

Yeah, I want to test in local to know why checksum error caused

[maxrave-dev]

@licaon-kter Can I remove the binary line in Fdroid Data Metadata File to skip checksum?

[licaon-kter]

That ensures that the app is reproducible.

Why remove it?

[maxrave-dev]

I have two different things when building with Fdroidserver.

First is content/assets/dexopt/baseline.prof different Second is content/classes2.dex different

verification of APK with copied signature failed
Comparing reference APK to APK with copied signature...
Unexpected diff output:
Hai tập tin nhị phân /tmp/tmphsnh4m8d/unsigned_binaries_com.maxrave.simpmusic_19.binary/content/assets/dexopt/baseline.prof và /tmp/tmphsnh4m8d/_tmp_tmphsnh4m8d_sigcp_com.maxrave.simpmusic_19/content/assets/dexopt/baseline.prof khác nhau
Hai tập tin nhị phân /tmp/tmphsnh4m8d/unsigned_binaries_com.maxrave.simpmusic_19.binary/content/classes2.dex và /tmp/tmphsnh4m8d/_tmp_tmphsnh4m8d_sigcp_com.maxrave.simpmusic_19/content/classes2.dex khác nhau

Do you have any experience with this @licaon-kter ?

[licaon-kter]

The .prof difference will appear when there's a .dex diffence

Use apktool to disassemble both APKs then diff or diffoscope to see the actual differences in the smali folders that are contained in the classes?.dex.

[maxrave-dev]

I fixed baseline.prof but classes2.dex still be different, I tried all ways but still don't work

==== detail begin ====
verification of APK with copied signature failed
Comparing reference APK to APK with copied signature...
Unexpected diff output:
Hai tập tin nhị phân /tmp/tmp92gkiuf9/unsigned_binaries_com.maxrave.simpmusic_19.binary/content/classes2.dex và /tmp/tmp92gkiuf9/_tmp_tmp92gkiuf9_sigcp_com.maxrave.simpmusic_19/content/classes2.dex khác nhau
==== detail end ====