you-apps / TranslateYou

Privacy focused translator app built with MD3
https://you-apps.net
GNU General Public License v3.0
973 stars 43 forks source link

Fdroid #15

Closed ghost closed 2 years ago

ghost commented 2 years ago

Describe your suggested feature

Please submit it to fdroid

Some useful links

  1. https://f-droid.org/en/docs/Inclusion_Policy/
  2. https://f-droid.org/en/contribute/#submit-applications

Other details

No response

Acknowledgements

Bnyro commented 2 years ago
  1. I thought that an app needs to be at least 3 months old to become included into F-Droid.
  2. In my opinion, there are no real advantages of having the app on F-Droid instead of IzzyOnDroid: F-Droid is very slow in updating apps, it often takes up to a week while Izzy's repo syncs daily!
TalOrenshtein commented 2 years ago
  1. I thought that an app needs to be at least 3 months old to become included into F-Droid.

    1. In my opinion, there are no real advantages of having the app on F-Droid instead of IzzyOnDroid: F-Droid is very slow in updating apps, it often takes up to a week while Izzy's repo syncs daily!

I think F-droid scans every update for anti features and that's why it takes longer. I might be wrong though.

Bnyro commented 2 years ago

Yeah, think so too, but there's still no reason to switch over to F-Droid then currently :)

Bnyro commented 2 years ago

One other point: As there are now multiple versions of the app, F-Droid would probably not add both of them to their repo (at least it would be sort of trouble).

Bnyro commented 2 years ago

both are visible and downloadable from F-droid via Izzy's repo:

Yeah, we should just stick with Izzy as our tech support :)

Ilithy commented 2 years ago

Yeah, we should just stick with Izzy as our tech support :)

I think so too, updates for example are taken into account much faster

serrq commented 2 years ago

You can upload TY in both sides. F-droid is reachable from Exodus (permissions analyzer) so your app can get also a kind of security certificate.

Example

For this fdroid URL https://f-droid.org/packages/com.svenjacobs.app.leon/

Its developer can get this privacy report:

https://reports.exodus-privacy.eu.org/it/reports/302863/

The Izzy repo is not reached from Exodus engine.

Bnyro commented 2 years ago

You can upload TY in both sides. F-droid is reachable from Exodus (permissions analyzer) so your app can get also a kind of security certificate.

Fair, but what would be the benefits of having a privacy report? Wouldn't that only cover the requested permissions which you can just see by having a look at the AndroidManifest.xml?

serrq commented 2 years ago

The report also provides tracers (found on code or calls to remote servers).

Bnyro commented 2 years ago

The report also provides tracers (found on code or calls to remote servers).

I just figured out that Izzy does something similar as well, when clicking malware passed here https://apt.izzysoft.de/fdroid/index/apk/com.bnyro.translate you get redirected to https://www.virustotal.com/gui/file/019eb1ee7cf0683b7c406869d2b81e6c7261f3bfadc2ffb690de3ac4afffc06d/detection/f-019eb1ee7cf0683b7c406869d2b81e6c7261f3bfadc2ffb690de3ac4afffc06d-1665941225. No idea how accurate these reports are but at least there are some as well :)

serrq commented 2 years ago

Tracers are not malware, maybe worse.

Take a look into this report:

https://reports.exodus-privacy.eu.org/it/reports/243516/

parcelcat commented 1 year ago

IzzyOnDroid does great work by expanding the number of apps that can be accessed through F-Droid clients. However, the official F-Droid repository carries a higher level of trust because all apps in the official F-Droid repo must meet its inclusion policy and pass its application review process.

If there were two functionally similar apps and the first app was available through the official F-Droid repo while the second app was not, I would pick the first one. It would be great to see Translate You in the official F-Droid repo.

Bnyro commented 1 year ago

I agree that the app now should be stable and matured enough to be ready for being published to F-Droid too. It'd be awesome if @IzzySoft could help us with that as I've no idea how to add both, the libre and the normal version to F-Droid.

IzzySoft commented 1 year ago

Don't they have different applicationIds? Just open an RFP for each and specify the flavor (i.e. in the comment, specify which flavor to pick). With both being processed in parallel we do not even run the risk of the bot permanently closing the issue, thinking the app would already be there.

metadata/com.bnyro.translate.yml:

Categories:
  - Science & Education
License: GPL-3.0-only
AuthorName: Bnyro
AuthorWebSite: https://bnyro.is-a.dev/
SourceCode: https://github.com/Bnyro/TranslateYou
IssueTracker: https://github.com/Bnyro/TranslateYou/issues
Changelog: https://github.com/Bnyro/TranslateYou/releases

AutoName: Translate You

RepoType: git
Repo: https://github.com/Bnyro/TranslateYou

Builds:
  - versionName: '3.7'
    versionCode: 25
    commit: v3.7
    subdir: app
    gradle:
      - libre

AutoUpdateMode: Version
UpdateCheckMode: Tags
CurrentVersion: '3.7'
CurrentVersionCode: 25

Should work out-of-the-box I assume (hopefully). For the non-free, replace libre by standard and name the file accordingly. Once merged I need to know whether you want me to keep your app in my repo still, so I mark it accordingly. I hope we can go for "reproducible builds", but cannot say anything on that topic before I had a chance to compare :wink:

PS: Yuck. Are you using a pre-release gradle version? Those are not foss.

Found 8.0-rc-1 via distributionUrl
No hash for gradle version 8.0-rc-1! Exiting...

No "RC gradles", please! We can try again once you have a "proper release" in place :wink: Apart from build, all other pipelines passed fine.

IzzySoft commented 1 year ago

PS: No need to open an RFP for that anymore, I skipped that stage and went straight for the MR. Once we got the libre flavor built, we can copy our results for the standard one; no need to duplicate all our failures on the way, right? :see_no_evil:

Bnyro commented 1 year ago

Don't they have different applicationIds? Just open an RFP for each and specify the flavor (i.e. in the comment, specify which flavor to pick). With both being processed in parallel we do not even run the risk of the bot permanently closing the issue, thinking the app would already be there.

Oh, makes sense, I thought you treated it as one app inside your repo and somehow specified that it has two different flavors available. No "RC gradles", please! We can try again once you have a "proper release" in place :wink: Apart from build, all other pipelines passed fine.

I've decreased the version of gradle now and created a new release now which should hopefully pass the tests :)

Thanks for already submitting a PR to the F-Droid data repo!

IzzySoft commented 1 year ago

I've decreased the version of gradle now and created a new release now which should hopefully pass the tests :)

Pipelines are running again – let's keep our :crossed_fingers: then!

Thanks for already submitting a PR to the F-Droid data repo!

Gladly! Once that succeeded and is merged, I can prepare the other one. And you then need to tell me whether to keep both in my repo :wink:

Bnyro commented 1 year ago

Gladly! Once that succeeded and is merged, I can prepare the other one. And you then need to tell me whether to keep both in my repo :wink:

Well, I'd better want to leave that up to you :stuck_out_tongue_winking_eye: Since the app takes quite some space on your repo, it'd probably be a good thing to keep it on F-Droid only then to create space for new awesome apps (by other authors) to be added. So unless you think that there are disk space issues by no chance, I think I could live with the app being available at F-Droid only since I need to test the updates anyways before releasing it so I'm always on the latest version. Apart from that the app should be stable enough to not require any hot fixes in comparison to how it's been in the beginnings :joy:

IzzySoft commented 1 year ago

Yuck, build failed again:

Task :app:kaptGenerateStubsLibreReleaseKotlin
'compileLibreReleaseJavaWithJavac' task (current target is 17) and 'kaptGenerateStubsLibreReleaseKotlin' task (current target is 1.8) jvm target compatibility should be set to the same Java version.

So what shall it be? Java-8 or Java-17? IIRC, F-Droid uses 11 by default :see_no_evil: I can override that in the build recipe. But I have to decide for one version.

Bnyro commented 1 year ago

So what shall it be? Java-8 or Java-17? IIRC, F-Droid uses 11 by default see_no_evil I can override that in the build recipe. But I have to decide for one version.

I think I had to bump it to Java 17 because some dependency needed it or something :thinking: At least building with Java 11 brought me some errors and it worked fine with Java 17. I'll try to figure out how I can get it back working with Java 11 then.

IzzySoft commented 1 year ago

Since the app takes quite some space on your repo, it'd probably be a good thing to keep it on F-Droid only then to create space for new awesome apps (by other authors) to be added.

Yupp, that's the default action. I didn't check how much your app has been growing (checking: 14.5 MB per APK) – OK, point taken. So if both get into F-Droid, I'll give them a decent overlap here (about 14d usually) before removing. Should one not make it, it's welcome to stay.

the app should be stable enough to not require any hot fixes in comparison to how it's been in the beginnings :joy:

:smile:

I think I had to bump it to Java 17 because some dependency needed it or something :thinking:

Should be no prob, I can try setting it to 17. But something complained about some Java-8 being targeted?

Bnyro commented 1 year ago

Yupp, that's the default action. I didn't check how much your app has been growing (checking: 14.5 MB per APK) – OK, point taken. So if both get into F-Droid, I'll give them a decent overlap here (about 14d usually) before removing. Should one not make it, it's welcome to stay.

Alright, then it may be that way! :) Should be no prob, I can try setting it to 17. But something complained about some Java-8 being targeted?

Seems to work now with Java 11, maybe that's been an issue with a previous version of any Android core dependency. Do we require a new release now?

IzzySoft commented 1 year ago

Yupp, I could set it to 17:

    sudo:
      - apt-get update
      - apt-get install -y openjdk-17-jdk-headless
      - update-alternatives --auto java

Shall I go with that or shall we try with 11 again? In the latter case, for now it suffices to name the commit hash (we're still in try-and-error mode :wink:)

Bnyro commented 1 year ago

Shall I go with that or shall we try with 11 again? In the latter case, for now it suffices to name the commit hash (we're still in try-and-error mode :wink:

If Java 11 is the default version I think it's best to keep it with Java 11, it built successfully for me with the latest commit (using Java 11).

IzzySoft commented 1 year ago

OK, then I'll give it another try with that commit (460627c3f2b4ed47541d2fa3e7ee1c962c69429c). We can still switch to 17 later if needed.

IzzySoft commented 1 year ago

Pipelines running again. Apart from the build itself, results look excellent already: all other pipelines (except build and mobsf, which depends on the APK from the build) all signal green, and issuebot report looks fine as well. Let's see how far we get this time…

IzzySoft commented 1 year ago

:partying_face: Build succeeded! Now waiting for the final pipeline: SAST/mobsf. Let's see what the fine-print has :wink:

Bnyro commented 1 year ago

Yayyy, awesome!

IzzySoft commented 1 year ago

SAST is finished. Starting drum-roll for its results to show up… Takes too long. Just calling it up directly. Anything you want to tackle before we continue? If not, can you provide me an APK built from the very same commit, so I see how far we from the "supreme discipline" of reaching reproducible builds?

Bnyro commented 1 year ago

Anything you want to tackle before we continue?

Not from my side. If not, can you provide me an APK built from the very same commit, so I see how far we from the "supreme discipline" of reaching reproducible builds?

I assume the libre flavor only for now?

app-release-libre.zip

IzzySoft commented 1 year ago

WOW! Straight flash!

$ rbtest app-libre-release.apk com.bnyro.translate_26.apk 
RB confirmed.

Ready to party? Can you please put that APK at the release (replacing the existing one), so I can add

Binaries: https://github.com/Bnyro/TranslateYou/releases/download/v%v/app-libre-release.apk

to the YAML?

Bnyro commented 1 year ago

WOW! Straight flash!

Incredible! :)

Ready to party? Can you please put that APK at the release (replacing the existing one), so I can add

Sorry, I've been away for a sec, done now!

IzzySoft commented 1 year ago

Thanks! Final round started :crossed_fingers: :crossed_flags: :children_crossing:

IzzySoft commented 1 year ago

Pre-warning: Pithus shows "moderate risk" (first time I see that). Please check the "APK analysis" tab and scroll down to "Manifest analysis". No stopper from what I can see, but maybe something to consider for future releases.

IzzySoft commented 1 year ago

PS: RECORD_AUDIO? Voice input?

Bnyro commented 1 year ago

PS: RECORD_AUDIO? Voice input?

Yes, exactly. But it's only available on devices having a STT service inbuilt (so with Google services), so I don't know if it actually works, lol

IzzySoft commented 1 year ago

Yes, exactly. But it's only available on devices having a STT service inbuilt

Ah, thanks – that's why I didn't see any mike.

so with Google services

Not necessarily. At F-Droid there's e.g. Konele for that. But out-of-the-box that only works for a single Baltic language.

OK, thanks to your fast responses I can complete the review now. Welcome aboard I say! With some luck, the next build cycle will pick it up. Please take a look at Pithus, though. Decision I leave to you then: if you say all is fine, I trust it will be. But maybe there's a thing or two you might wish to consider for a future release.

PS: Will prepare the non-free flavor later.

IzzySoft commented 1 year ago

so I don't know if it actually works, lol

:rofl: You could try Kõnele to find out. Should work fine if you speak Estonian – otherwise the recognized text might make you laugh. But nevermind, you'd at least know whether voice input works at all :wink:

IzzySoft commented 1 year ago

PPS: review here, merged, final pipelines running.

Bnyro commented 1 year ago

PPS: review here, merged, final pipelines running.

Great, thank you! <3

Bnyro commented 1 year ago

so I don't know if it actually works, lol

rofl You could try Kõnele to find out. Should work fine if you speak Estonian – otherwise the recognized text might make you laugh. But nevermind, you'd at least know whether voice input works at all wink

Interesting idea, I'll try whether anything will happen at least. Thanks!

Bnyro commented 1 year ago

Pre-warning: Pithus shows "moderate risk" (first time I see that). Please check the "APK analysis" tab and scroll down to "Manifest analysis". No stopper from what I can see, but maybe something to consider for future releases.

I'll be trying to address them with future updates, though the issues found don't look too tragic I guess.

IzzySoft commented 1 year ago

No. Would I think they're tragic I wouldn't have hit the merge button :smile:

IzzySoft commented 1 year ago

If you want to follow up: https://gitlab.com/fdroid/fdroiddata/-/merge_requests/12723 is the MR for the standard flavor.

IzzySoft commented 1 year ago

Ever seen a very straight hit? Commit => Push => Success! :partying_face: That's why I wanted to have the "easier one" (with less dependencies due to less services) completed first. Was a good decision :grin: Waiting for SAST to complete and issuebot show up, then a shorter review (most parts already covered) and (I expect) a straight merge.

IzzySoft commented 1 year ago

Ready. Waiting for the opinion of my team members whether we really need NonFreeNet: the additional engines are all disabled by default, so I do not see a real reason to keep it.

Bnyro commented 1 year ago

Ready. Waiting for the opinion of my team members whether we really need NonFreeNet: the additional engines are all disabled by default, so I do not see a real reason to keep it.

If everyone agrees that we don't need the non free net anti feature anymore, couldn't we just get rid of the two different flavors and rename "Translate You Libre" to "Translate You"? Since the only reason for having two different flavors was the anti feature, but if that's not a thing anymore it might just be easier to drop one of the flavors :)

IzzySoft commented 1 year ago

Good point! I did not yet merge the NF. So maybe I simply close the MR, you drop the NF and integrate all into the libre flavor with the next release (as that's merged already to fdroiddata)?

I've just marked the MR as draft and left a note, so it doesn't get merged accidentally by someone else. Please let me know if libre (the one already merged) will be what is continued, then I simply close that MR and the next libre becomes the "full flavor".

Important note: should you intend to rename the flavor or drop flavors altogether, we'll need to update the already merged YAML for the next release or build will fail. I'd suggest to simply keep it a flavor – which leaves you the flexibility adding another one in the future should it be needed (err, the flavor I mean – of course "the future" is needed :see_no_evil:).

Bnyro commented 1 year ago

Good point! I did not yet merge the NF. So maybe I simply close the MR, you drop the NF and integrate all into the libre flavor with the next release (as that's merged already to fdroiddata)?

Sounds like a plan, we'll do it like so! :) I've just marked the MR as draft and left a note, so it doesn't get merged accidentally by someone else. Please let me know if libre (the one already merged) will be what is continued, then I simply close that MR and the next libre becomes the "full flavor".

Yes, the libre one will be the one to continue, also because its appId is com.bnyro.translate without the nf as suffix! So I'm just going to be releasing the libre version only with the next update including support for all the "non-free" translation services too. Important note: should you intend to rename the flavor or drop flavors altogether, we'll need to update the already merged YAML for the next release or build will fail. I'd suggest to simply keep it a flavor – which leaves you the flexibility adding another one in the future should it be needed (err, the flavor I mean – of course "the future" is needed :see_no_evil:).

That's find with me, no need to get us some extra work :)

So that should finally be the end of our trip to get Translate You to F-Droid, thank you for taking me that burden off! <3

Bnyro commented 1 year ago

I've also updated the screenshots and the fastlane metadata (short_description.txt, ...) now in order to reflect that all features are included to the libre version of the app now. Will these automatically be updated at the F-Droid repo then?