michaelWuensch
Challenges in Reproducing the Build
I am currently trying to reproduce the current version of bitbanana which is on playstore.
Description
I was able to build BitBanana locally. The APK I generated from this build did not show any differences from the release version of the APK on GitHub. Now comes the interesting part. I need to find the differences with the APK version released on my mobile device.
There has been a change in how Android builds these APKs, as they now provide device-specific builds. To get the APK specific to my device, I had to use Bundletool to extract the APK from the AAB I built. I used abd to get the APKs for my specific device, following the usual process.
When I used diff after extracting the APKs, I found that the APKs from both sources had different names, so I extracted all the files from the APKs. Although the types of APKs were the same, there were still some differences. Some of these differences, like AndroidManifest.xml, META-INF/BNDLTOOL.RSA, META-INF/BNDLTOOL.SF, META-INF/MANIFEST.MF, and stamp-cert-sha256, can be ignored, but the rest cannot.
Expected Behavior
Actual Behavior
diff --recursive --brief extracted_apks/unzipped/ built_apks/unzipped/
Files extracted_apks/unzipped/armeabi/AndroidManifest.xml and built_apks/unzipped/armeabi/AndroidManifest.xml differ
Files extracted_apks/unzipped/armeabi/META-INF/BNDLTOOL.RSA and built_apks/unzipped/armeabi/META-INF/BNDLTOOL.RSA differ
Files extracted_apks/unzipped/armeabi/META-INF/BNDLTOOL.SF and built_apks/unzipped/armeabi/META-INF/BNDLTOOL.SF differ
Files extracted_apks/unzipped/armeabi/META-INF/MANIFEST.MF and built_apks/unzipped/armeabi/META-INF/MANIFEST.MF differ
Only in extracted_apks/unzipped/armeabi: stamp-cert-sha256
Files extracted_apks/unzipped/base/AndroidManifest.xml and built_apks/unzipped/base/AndroidManifest.xml differ
Files extracted_apks/unzipped/base/classes2.dex and built_apks/unzipped/base/classes2.dex differ
Files extracted_apks/unzipped/base/classes3.dex and built_apks/unzipped/base/classes3.dex differ
Files extracted_apks/unzipped/base/classes4.dex and built_apks/unzipped/base/classes4.dex differ
Only in extracted_apks/unzipped/base/META-INF: BNDLTOOL.RSA
Only in extracted_apks/unzipped/base/META-INF: BNDLTOOL.SF
Only in extracted_apks/unzipped/base/META-INF: MANIFEST.MF
Files extracted_apks/unzipped/base/res/xml/splits0.xml and built_apks/unzipped/base/res/xml/splits0.xml differ
Files extracted_apks/unzipped/base/resources.arsc and built_apks/unzipped/base/resources.arsc differ
Only in extracted_apks/unzipped/base: stamp-cert-sha256
Files extracted_apks/unzipped/xhdpi/AndroidManifest.xml and built_apks/unzipped/xhdpi/AndroidManifest.xml differ
Files extracted_apks/unzipped/xhdpi/META-INF/BNDLTOOL.RSA and built_apks/unzipped/xhdpi/META-INF/BNDLTOOL.RSA differ
Files extracted_apks/unzipped/xhdpi/META-INF/BNDLTOOL.SF and built_apks/unzipped/xhdpi/META-INF/BNDLTOOL.SF differ
Files extracted_apks/unzipped/xhdpi/META-INF/MANIFEST.MF and built_apks/unzipped/xhdpi/META-INF/MANIFEST.MF differ
Files extracted_apks/unzipped/xhdpi/resources.arsc and built_apks/unzipped/xhdpi/resources.arsc differ
Only in extracted_apks/unzipped/xhdpi: stamp-cert-sha256
Possible Fix
Steps to Reproduce
- Following the reproduction instructions provided in the documentation: https://github.com/michaelWuensch/BitBanana/blob/master/docs/REPRODUCE.md
Context
Unable to determine whether the wallet is reproducible.
Your Environment
- BitBanana version: v0.8.1
- Android version: 8
- Device: Redmi 9
- LND Version: (e.g. 0.7.0-beta)
Hi,
yeah, unfortunately Google made a real mess for reproducibility with enforcing Android App Bundles on the play store. Anyway, I just did the whole procedure again like described in (https://github.com/michaelWuensch/BitBanana/blob/master/docs/REPRODUCE.md) and I get a different result:
Notably I do not have the differences in the classes dex files. But I also get the diffs now in resources.arsc which was not the case when I did it the last time with a 0.7.x version. I do not yet know where that diff comes from and whether or not it is a relevant to consider it reproducible.
In regard to the classes dex diffs: I don't know why they show up for you. I tested it with my Samsung S22, I don't have a Redmi 9 to test.
Here is a list of things that I think might cause it:
- Are you sure you only had 1 device connected to your PC?
- Are you sure the version on your phone was 0.8.1 and that the version you checked out and built was 0.8.1 as well?
- Did you use the exact same command to build the aab as described in the reproducibility description? (I tested some other android docker images back when I did the F-Droid release. 3 Different Docker images resulted in 3 different builds. I chose the one that matched the outcome with my PC)
hey, i tried building the apk following the methods here and got this
FAILURE: Build failed with an exception.
* What went wrong:
A problem occurred configuring root project 'project'.
> Could not resolve all files for configuration ':classpath'.
> Could not find com.jaredsburrows:gradle-license-plugin:0.8.80.
Searched in the following locations:
- https://dl.google.com/dl/android/maven2/com/jaredsburrows/gradle-license-plugin/0.8.80/gradle-license-plugin-0.8.80.pom
- https://jcenter.bintray.com/com/jaredsburrows/gradle-license-plugin/0.8.80/gradle-license-plugin-0.8.80.pom
Required by:
project :
* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.
* Get more help at https://help.gradle.org
Deprecated Gradle features were used in this build, making it incompatible with Gradle 9.0.
You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.
See https://docs.gradle.org/8.0.2/userguide/command_line_interface.html#sec:command_line_warnings
BUILD FAILED in 21m 23s
You can find my full review on the subject here was anything changed during the time? waiting to hear from you!
@keraliss Hi, yes, sorry about that, the json file containing the 3rd party licenses was formated differently in 0.8.5. This also caused the build on F-Droid to fail. I fixed the issue in 0.8.6 and added a new feature as well in that release. Please retry with 0.8.6. Sorry for the inconvenience.