Reproducible Build

This commit is contained in:
Stefan Schüller 2020-07-06 21:48:26 +02:00
parent f1ef75a1dd
commit d594bb5685
4 changed files with 75 additions and 6 deletions

View File

@ -1,6 +1,7 @@
FROM gradle:5.6.4-jdk8
FROM gradle:6.1.1-jdk8
ENV ANDROID_SDK_URL https://dl.google.com/android/repository/sdk-tools-linux-3859397.zip
ENV ANDROID_SDK_CHECKSUM 444e22ce8ca0f67353bda4b85175ed3731cae3ffa695ca18119cbacef1c1bea0
ENV ANDROID_BUILD_TOOLS_VERSION 29.0.3
ENV ANDROID_HOME /usr/local/android-sdk-linux
ENV ANDROID_VERSION 29
@ -9,6 +10,7 @@ ENV PATH ${PATH}:${ANDROID_HOME}/tools:${ANDROID_HOME}/platform-tools
RUN mkdir "$ANDROID_HOME" .android && \
cd "$ANDROID_HOME" && \
curl -o sdk.zip $ANDROID_SDK_URL && \
echo "${ANDROID_SDK_CHECKSUM} sdk.zip" | sha256sum -c - && \
unzip sdk.zip && \
rm sdk.zip

View File

@ -1,6 +1,6 @@
# Reproducible Builds
Note: reproducible builds work starting version 1.0.44
Note: reproducible builds work starting version 1.0.45
## Install Docker
@ -34,8 +34,8 @@ git checkout v1.0.44
```shell
cd ~/peertube-android
docker build -t thorium-builder .
docker run --rm -v ~/peertube-android:/home/peertube-android -w /home/peertube-android thorium-builder gradle assembleProdRelease -PkeystorePassword=securePassword -PkeyAliasPassword=securePassword -PkeystoreFile=build.keystore -PbuildTimestamp=1593942384524
cp app/build/outputs/apk/prod/release/app-prod-release.apk thorium-built.apk
docker run --rm -v ~/Private/peertube:/home/peertube -w /home/peertube thorium-builder gradle assembleRelease -PkeystorePassword=securePassword -PkeyAliasPassword=securePassword -PkeystoreFile=build.keystore -PbuildTimestamp=1593973044091
cp app/build/outputs/apk/release/app-release-unsigned.apk thorium-built.apk
```
## Extract the Play Store APK from your phone
@ -46,7 +46,8 @@ cp app/build/outputs/apk/prod/release/app-prod-release.apk thorium-built.apk
```shell
cd ~/peertube-android
adb pull `adb shell pm path net.schueller.peertube | cut -d':' -f2` thorium-store.apk
adb shell pm path net.schueller.peertube
adb pull /data/app/net.schueller.peertube-mCeISw_AujlMBHyPfVhdSg==/base.apk thorium-store.apk
```
## Compare the two files
@ -56,6 +57,6 @@ adb pull `adb shell pm path net.schueller.peertube | cut -d':' -f2` thorium-stor
```shell
cd ~/peertube-android
python apkdiff.py thorium-built.apk thorium-store.apk
./apkdiff.py thorium-built.apk thorium-store.apk
```

66
apkdiff.py Executable file
View File

@ -0,0 +1,66 @@
#!/usr/bin/env python
# Taken from https://github.com/DrKLO/Telegram/blob/master/apkdiff.py on June 4th, 2020
import sys
from zipfile import ZipFile
def compareFiles(first, second):
while True:
firstBytes = first.read(4096);
secondBytes = second.read(4096);
if firstBytes != secondBytes:
return False
if firstBytes == b"":
break
return True
def compare(first, second):
FILES_TO_IGNORE = ["META-INF/MANIFEST.MF", "META-INF/CERT.RSA", "META-INF/CERT.SF"]
firstZip = ZipFile(first, 'r')
secondZip = ZipFile(second, 'r')
firstList = list(filter(lambda firstInfo: firstInfo.filename not in FILES_TO_IGNORE, firstZip.infolist()))
secondList = list(filter(lambda secondInfo: secondInfo.filename not in FILES_TO_IGNORE, secondZip.infolist()))
if len(firstList) != len(secondList):
print("APKs has different amount of files (%d != %d)" % (len(firstList), len(secondList)))
return False
for firstInfo in firstList:
found = False
for secondInfo in secondList:
if firstInfo.filename == secondInfo.filename:
found = True
firstFile = firstZip.open(firstInfo, 'r')
secondFile = secondZip.open(secondInfo, 'r')
if compareFiles(firstFile, secondFile) != True:
print("APK file %s does not match" % firstInfo.filename)
return False
secondList.remove(secondInfo)
break
if found == False:
print("file %s not found in second APK" % firstInfo.filename)
return False
if len(secondList) != 0:
for secondInfo in secondList:
print("file %s not found in first APK" % secondInfo.filename)
return False
return True
if __name__ == '__main__':
if len(sys.argv) != 3:
print("Usage: apkdiff <pathToFirstApk> <pathToSecondApk>")
sys.exit(1)
if sys.argv[1] == sys.argv[2] or compare(sys.argv[1], sys.argv[2]) == True:
print("APKs are the same!")
else:
print("APKs are different!")

0
gradlew vendored Normal file → Executable file
View File