Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

App not reproducible #7

Closed
emanuelb opened this issue Jan 4, 2023 · 3 comments
Closed

App not reproducible #7

emanuelb opened this issue Jan 4, 2023 · 3 comments

Comments

@emanuelb
Copy link

emanuelb commented Jan 4, 2023
edited
Loading

Built the app version 1.9.23 with Containerfile:

FROM docker.io/debian:sid-slim

RUN set -ex; \
    apt-get update; \
    DEBIAN_FRONTEND=noninteractive apt-get install --yes -o APT::Install-Suggests=false --no-install-recommends \
        git \
        gcc \
        g++ \
        make \
        curl \
        bzip2 \
        patch \
        libtool \ 
        automake \
        pkg-config \
        openjdk-11-jdk; \
    rm -rf /var/lib/apt/lists/*; \
    useradd -ms /bin/bash appuser;
     
USER appuser

ENV ANDROID_SDK_ROOT="/home/appuser/app/sdk" \
    ANDROID_SDK="/home/appuser/app/sdk" \
    ANDROID_HOME="/home/appuser/app/sdk" \
    ANDROID_NDK_HOME="/home/appuser/app/sdk/ndk/21.4.7075529/"

RUN set -ex; \
    mkdir -p "/home/appuser/app/sdk/licenses" "/home/appuser/app/sdk/ndk" "/home/appuser/app/nunchuk/"; \
    printf "\n24333f8a63b6825ea9c5514f83c2829b004d1fee" > "/home/appuser/app/sdk/licenses/android-sdk-license"; \
    cd /home/appuser/app/nunchuk/; \ 
    git clone https://github.com/nunchuk-io/nunchuk-android-nativesdk; \
    cd /home/appuser/app/nunchuk/nunchuk-android-nativesdk/; \
    git checkout 0131fcddacae4b448893040e26f70d126d0c0554;

WORKDIR /home/appuser/app/nunchuk/

RUN set -ex; \
    cd /home/appuser/app/nunchuk/nunchuk-android-nativesdk; \
    ./gradlew clean; \
    cd /home/appuser/app/nunchuk/nunchuk-android-nativesdk/src/main/native; \
    git submodule update --init --recursive; \
    bash .install_linux_deps.sh arm64-v8a; \
    cd /home/appuser/app/nunchuk/nunchuk-android-nativesdk/; \
    ./gradlew clean assembleArm64_v8aRelease --stacktrace; \
    ./gradlew publish; \
    cd /home/appuser/app/nunchuk/; \
    git clone https://github.com/nunchuk-io/nunchuk-android; \
    cd nunchuk-android; \ 
    git checkout 47aba3e898b0441f0233c0bcda10734bcc836a86; \
    printf "\nstoreFile=nunchuk.pfx\nstorePassword=nunchuk_alias\nkeyPassword=nunchuk_alias\nkeyAlias=nunchuk_alias" > /home/appuser/app/nunchuk/nunchuk-android/keystore.properties; \
    keytool -genkey -alias nunchuk_alias -keystore /home/appuser/app/nunchuk/nunchuk-android/nunchuk-app/nunchuk.pfx -storetype PKCS12 -keyalg RSA -keysize 4096 -storepass nunchuk_alias -keypass nunchuk_alias -validity 10000 -dname CN=IL; \
    ./gradlew assembleRelease; \
    ./gradlew bundleRelease;

And compared to upstream APK result in diff: (only some parts that were investigated shown here, see below)

Files ./GooglePlay/classes2.dex and ./LocalBuild/classes2.dex differ
Files ./GooglePlay/classes3.dex and ./LocalBuild/classes3.dex differ
Files ./GooglePlay/classes4.dex and ./LocalBuild/classes4.dex differ
Files ./GooglePlay/classes5.dex and ./LocalBuild/classes5.dex differ
Files ./GooglePlay/classes.dex and ./LocalBuild/classes.dex differ
Files ./GooglePlay/lib/arm64-v8a/libnunchuk-android.so and ./LocalBuild/lib/arm64-v8a/libnunchuk-android.so differ

The apk was built with appbundle, thus "only in" items are not mentioned in the diff, including other entries that weren't investigated yet for the diff in them, better dealing with comparing apk built from appbundle is WIP/TBD in https://gitlab.com/walletscrutiny/walletScrutinyCom/-/issues/333 (.dex files and .so files should be the same even in compare of assembleRelease vs bundleRelease)

Issues discovered from the diffs that I looked into:

  1. from strings diff of libnunchuk-android.so there is full path of build path leakage that cause variation, details in issue: Full path of build path is leaked in libnunchuk-android.so file  nunchuk-android-nativesdk#6
  2. from strings diff of libnunchuk-android.so
< 4.2.1 Compatible Android (5900059 based on r365631c) Clang 9.0.8 (https://android.googlesource.com/toolchain/llvm-project 207d7abc1a2abf3ef8d4301736d6a7ebc224a290)
---
> 4.2.1 Compatible Android (7019983 based on r365631c3) Clang 9.0.9 (https://android.googlesource.com/toolchain/llvm-project a2a1e703c0edb03ba29944e529ccbf457742737b)

Cause of different NDK version usage, fixing nunchuk-io/nunchuk-android-nativesdk#4 will solve this issue.

  1. TBD, will require running diffoscope and doing appbundle compare, some results are:
    4.1
<     <string name="com_google_firebase_crashlytics_mapping_file_id">253e1886faea4266af44c4aff6372fc3</string>
---
>     <string name="com_google_firebase_crashlytics_mapping_file_id">37637ffb029142b7b1aa7c104093ddb2</string>

4.2 lot of diffs in .java file (from dex decompilation) due to different variable names, maybe cause different minification rules applied? different java version used?

in addition git tagging releases is helpful to match version on store to commit, related issue: #6
and also there should be a way to know which commit is used in nunchuk-android-nativesdk repo to build the .aar file that is used in the app in store.
@emanuelb emanuelb mentioned this issue Jan 4, 2023
Open
@Giszmo
Copy link

Giszmo commented Jan 6, 2023

I actually failed to compile with Emanuel's script and 6 runs gave me 6 different issues that all might have been related to local resource depletion. I have a beefy machine but run a million other things on it, so it's probably a limit on the process.

The last error was not so clear:

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':nunchuk-app:mapProductionReleaseSourceSetPaths'.
> Error while evaluating property 'extraGeneratedResDir' of task ':nunchuk-app:mapProductionReleaseSourceSetPaths'
   > Failed to calculate the value of task ':nunchuk-app:mapProductionReleaseSourceSetPaths' property 'extraGeneratedResDir'.
      > Querying the mapped value of provider(interface java.util.Set) before task ':nunchuk-app:processProductionReleaseGoogleServices' has completed is not supported

I updated our review with Emanuel's findings as "not reproducible" but also wonder why it's so hard to compile.

@JayceLuong
Copy link
Collaborator

Good news we will publish sdk to jitpack, so you can build the app without build sdk step, check it out

@emanuelb
Copy link
Author

Issue should be reopened as there still no instructions or build script to reproduce the app (issue should be closed when reproducibility of the app is achieved)

compiling latest commit: 11da98b for version 1.9.25 using the precompiled sdk.

with Containerfile:

APK in: /home/appuser/app/nunchuk/nunchuk-android/nunchuk-app/build/outputs/apk/production/release/nunchuk-app-production-release.apk

FROM docker.io/debian:sid-slim

RUN set -ex; \
    apt-get update; \
    DEBIAN_FRONTEND=noninteractive apt-get install --yes -o APT::Install-Suggests=false --no-install-recommends \
        git \
        openjdk-11-jdk; \
    rm -rf /var/lib/apt/lists/*; \
    useradd -ms /bin/bash appuser;
     
USER appuser

ENV ANDROID_SDK_ROOT="/home/appuser/app/sdk" \
    ANDROID_SDK="/home/appuser/app/sdk" \
    ANDROID_HOME="/home/appuser/app/sdk"

WORKDIR /home/appuser/app/nunchuk/

RUN set -ex; \
    mkdir -p "/home/appuser/app/sdk/licenses"; \
    printf "\n24333f8a63b6825ea9c5514f83c2829b004d1fee" > "/home/appuser/app/sdk/licenses/android-sdk-license"; \
    git clone https://github.com/nunchuk-io/nunchuk-android; \
    cd nunchuk-android; \ 
    git checkout 11da98bbecfd5fd31a3340e1879601ebc736f7a7; \
    printf "\nstoreFile=nunchuk.pfx\nstorePassword=nunchuk_alias\nkeyPassword=nunchuk_alias\nkeyAlias=nunchuk_alias" > /home/appuser/app/nunchuk/nunchuk-android/keystore.properties; \
    keytool -genkey -alias nunchuk_alias -keystore /home/appuser/app/nunchuk/nunchuk-android/nunchuk-app/nunchuk.pfx -storetype PKCS12 -keyalg RSA -keysize 4096 -storepass nunchuk_alias -keypass nunchuk_alias -validity 10000 -dname CN=IL; \
    ./gradlew assembleRelease;

shows diffs in files when compared to: https://github.com/nunchuk-io/nunchuk-android/releases/download/android.1.9.25/v1.9.25.apk

Files ./v1.9.25/assets/dexopt/baseline.prof and ./nunchunk-build-apk-latest-19251/assets/dexopt/baseline.prof differ
Files ./v1.9.25/assets/dexopt/baseline.profm and ./nunchunk-build-apk-latest-19251/assets/dexopt/baseline.profm differ
Files ./v1.9.25/classes2.dex and ./nunchunk-build-apk-latest-19251/classes2.dex differ
Files ./v1.9.25/classes3.dex and ./nunchunk-build-apk-latest-19251/classes3.dex differ
Files ./v1.9.25/classes4.dex and ./nunchunk-build-apk-latest-19251/classes4.dex differ
Files ./v1.9.25/classes5.dex and ./nunchunk-build-apk-latest-19251/classes5.dex differ
Files ./v1.9.25/classes.dex and ./nunchunk-build-apk-latest-19251/classes.dex differ
Files ./v1.9.25/lib/arm64-v8a/libnunchuk-android.so and ./nunchunk-build-apk-latest-19251/lib/arm64-v8a/libnunchuk-android.so differ

Also the error @Giszmo posted in previous comment at: #7 (comment)

still happens when running ./gradlew bundleRelease; which is needed to create the appbundle as the APK is built from a bundle it's needed to recreated in same way for RB test (to account for all the .xml and only in lines in diffs)

in addition opened issue #10 to pin versions of firebase deps and it's a RB related issue

@emanuelb emanuelb mentioned this issue Jun 12, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Giszmo @emanuelb @JayceLuong