Reproducible Build

2020-07-06 21:48:26 +02:00 · 2020-07-06 21:48:26 +02:00 · d594bb5685
commit d594bb5685
parent f1ef75a1dd
4 changed files with 75 additions and 6 deletions
--- a/4
+++ b/4
@ -1,6 +1,7 @@
-FROM gradle:5.6.4-jdk8
+FROM gradle:6.1.1-jdk8

 ENV ANDROID_SDK_URL https://dl.google.com/android/repository/sdk-tools-linux-3859397.zip
+ENV ANDROID_SDK_CHECKSUM 444e22ce8ca0f67353bda4b85175ed3731cae3ffa695ca18119cbacef1c1bea0
 ENV ANDROID_BUILD_TOOLS_VERSION 29.0.3
 ENV ANDROID_HOME /usr/local/android-sdk-linux
 ENV ANDROID_VERSION 29
@ -9,6 +10,7 @@ ENV PATH ${PATH}:${ANDROID_HOME}/tools:${ANDROID_HOME}/platform-tools
 RUN mkdir "$ANDROID_HOME" .android && \
    cd "$ANDROID_HOME" && \
    curl -o sdk.zip $ANDROID_SDK_URL && \
+    echo "${ANDROID_SDK_CHECKSUM}  sdk.zip" | sha256sum -c - && \
    unzip sdk.zip && \
    rm sdk.zip

--- a/REPRODUCIBLE_BUILDS.md
+++ b/REPRODUCIBLE_BUILDS.md
@ -1,6 +1,6 @@
 # Reproducible Builds

-Note: reproducible builds work starting version 1.0.44
+Note: reproducible builds work starting version 1.0.45

 ## Install Docker

@ -34,8 +34,8 @@ git checkout v1.0.44
 ```shell
 cd ~/peertube-android
 docker build -t thorium-builder .
-docker run --rm -v ~/peertube-android:/home/peertube-android -w /home/peertube-android thorium-builder gradle assembleProdRelease -PkeystorePassword=securePassword -PkeyAliasPassword=securePassword -PkeystoreFile=build.keystore -PbuildTimestamp=1593942384524
-cp app/build/outputs/apk/prod/release/app-prod-release.apk thorium-built.apk
+docker run --rm -v ~/Private/peertube:/home/peertube -w /home/peertube thorium-builder gradle assembleRelease -PkeystorePassword=securePassword -PkeyAliasPassword=securePassword -PkeystoreFile=build.keystore -PbuildTimestamp=1593973044091
+cp app/build/outputs/apk/release/app-release-unsigned.apk thorium-built.apk
 ```

 ## Extract the Play Store APK from your phone
@ -46,7 +46,8 @@ cp app/build/outputs/apk/prod/release/app-prod-release.apk thorium-built.apk

 ```shell
 cd ~/peertube-android
-adb pull `adb shell pm path net.schueller.peertube | cut -d':' -f2` thorium-store.apk
+adb shell pm path net.schueller.peertube
+adb pull /data/app/net.schueller.peertube-mCeISw_AujlMBHyPfVhdSg==/base.apk thorium-store.apk
 ```

 ## Compare the two files
@ -56,6 +57,6 @@ adb pull `adb shell pm path net.schueller.peertube | cut -d':' -f2` thorium-stor

 ```shell
 cd ~/peertube-android
-python apkdiff.py thorium-built.apk thorium-store.apk
+./apkdiff.py thorium-built.apk thorium-store.apk
 ```

--- a/apkdiff.py
+++ b/apkdiff.py
@ -0,0 +1,66 @@
+#!/usr/bin/env python
+# Taken from https://github.com/DrKLO/Telegram/blob/master/apkdiff.py on June 4th, 2020
+
+import sys
+from zipfile import ZipFile
+
+def compareFiles(first, second):
+	while True:
+		firstBytes = first.read(4096);
+		secondBytes = second.read(4096);
+		if firstBytes != secondBytes:
+			return False
+
+		if firstBytes == b"":
+			break
+
+	return True
+
+def compare(first, second):
+	FILES_TO_IGNORE = ["META-INF/MANIFEST.MF", "META-INF/CERT.RSA", "META-INF/CERT.SF"]
+
+	firstZip = ZipFile(first, 'r')
+	secondZip = ZipFile(second, 'r')
+
+	firstList = list(filter(lambda firstInfo: firstInfo.filename not in FILES_TO_IGNORE, firstZip.infolist()))
+	secondList = list(filter(lambda secondInfo: secondInfo.filename not in FILES_TO_IGNORE, secondZip.infolist()))
+
+	if len(firstList) != len(secondList):
+	    print("APKs has different amount of files (%d != %d)" % (len(firstList), len(secondList)))
+	    return False
+
+	for firstInfo in firstList:
+		found = False
+		for secondInfo in secondList:
+			if firstInfo.filename == secondInfo.filename:
+				found = True
+				firstFile = firstZip.open(firstInfo, 'r')
+				secondFile = secondZip.open(secondInfo, 'r')
+
+				if compareFiles(firstFile, secondFile) != True:
+					print("APK file %s does not match" % firstInfo.filename)
+					return False
+
+				secondList.remove(secondInfo)
+				break
+
+		if found == False:
+			print("file %s not found in second APK" % firstInfo.filename)
+			return False
+
+	if len(secondList) != 0:
+		for secondInfo in secondList:
+			print("file %s not found in first APK" % secondInfo.filename)
+		return False
+
+	return True
+
+if __name__ == '__main__':
+	if len(sys.argv) != 3:
+		print("Usage: apkdiff <pathToFirstApk> <pathToSecondApk>")
+		sys.exit(1)
+
+	if sys.argv[1] == sys.argv[2] or compare(sys.argv[1], sys.argv[2]) == True:
+		print("APKs are the same!")
+	else:
+		print("APKs are different!")
--- a/0
+++ b/0