-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
App not reproducible #7
Comments
I actually failed to compile with Emanuel's script and 6 runs gave me 6 different issues that all might have been related to local resource depletion. I have a beefy machine but run a million other things on it, so it's probably a limit on the process. The last error was not so clear:
I updated our review with Emanuel's findings as "not reproducible" but also wonder why it's so hard to compile. |
Good news we will publish sdk to jitpack, so you can build the app without build sdk step, check it out |
Issue should be reopened as there still no instructions or build script to reproduce the app (issue should be closed when reproducibility of the app is achieved) compiling latest commit: 11da98b for version 1.9.25 using the precompiled sdk. with Containerfile: APK in: FROM docker.io/debian:sid-slim
RUN set -ex; \
apt-get update; \
DEBIAN_FRONTEND=noninteractive apt-get install --yes -o APT::Install-Suggests=false --no-install-recommends \
git \
openjdk-11-jdk; \
rm -rf /var/lib/apt/lists/*; \
useradd -ms /bin/bash appuser;
USER appuser
ENV ANDROID_SDK_ROOT="/home/appuser/app/sdk" \
ANDROID_SDK="/home/appuser/app/sdk" \
ANDROID_HOME="/home/appuser/app/sdk"
WORKDIR /home/appuser/app/nunchuk/
RUN set -ex; \
mkdir -p "/home/appuser/app/sdk/licenses"; \
printf "\n24333f8a63b6825ea9c5514f83c2829b004d1fee" > "/home/appuser/app/sdk/licenses/android-sdk-license"; \
git clone https://github.com/nunchuk-io/nunchuk-android; \
cd nunchuk-android; \
git checkout 11da98bbecfd5fd31a3340e1879601ebc736f7a7; \
printf "\nstoreFile=nunchuk.pfx\nstorePassword=nunchuk_alias\nkeyPassword=nunchuk_alias\nkeyAlias=nunchuk_alias" > /home/appuser/app/nunchuk/nunchuk-android/keystore.properties; \
keytool -genkey -alias nunchuk_alias -keystore /home/appuser/app/nunchuk/nunchuk-android/nunchuk-app/nunchuk.pfx -storetype PKCS12 -keyalg RSA -keysize 4096 -storepass nunchuk_alias -keypass nunchuk_alias -validity 10000 -dname CN=IL; \
./gradlew assembleRelease; shows diffs in files when compared to: https://github.com/nunchuk-io/nunchuk-android/releases/download/android.1.9.25/v1.9.25.apk
Also the error @Giszmo posted in previous comment at: #7 (comment) still happens when running in addition opened issue #10 to pin versions of firebase deps and it's a RB related issue |
Built the app version 1.9.23 with Containerfile:
And compared to upstream APK result in diff: (only some parts that were investigated shown here, see below)
The apk was built with appbundle, thus "only in" items are not mentioned in the diff, including other entries that weren't investigated yet for the diff in them, better dealing with comparing apk built from appbundle is WIP/TBD in https://gitlab.com/walletscrutiny/walletScrutinyCom/-/issues/333 (.dex files and .so files should be the same even in compare of assembleRelease vs bundleRelease)
Issues discovered from the diffs that I looked into:
Cause of different NDK version usage, fixing nunchuk-io/nunchuk-android-nativesdk#4 will solve this issue.
4.1
4.2 lot of diffs in .java file (from dex decompilation) due to different variable names, maybe cause different minification rules applied? different java version used?
in addition git tagging releases is helpful to match version on store to commit, related issue: #6
and also there should be a way to know which commit is used in nunchuk-android-nativesdk repo to build the .aar file that is used in the app in store.
The text was updated successfully, but these errors were encountered: