-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add more clear reproducible builds instructions/section/script and mention disorderfs at README #895
Comments
Thanks for working out the Containerfile / Podman support. I have a similar thing under development, but for Docker, and currently not in version control. For reference, I'll paste the Dockerfile here:
Use Disorderfs is still on the todo list for this "reference build", as I call it. (Interestingly, I didn't have any build reproducibility issue even though I wasn't using disorderfs.) I think the main difference to yours is it uses the standard Gradle 4.4.1 that comes packaged with Debian, and it doesn't require any |
The reason I pinned the gradle version is that I had build failures with using too new gradle version, thus a specific version will deal with it and better for reproducibility (as same version is used) did you try building/running in rootless docker https://docs.docker.com/engine/security/rootless/ maybe it will require the fuse and SYS_ADMIN addition as well. I add the edit: never managed to reproduce this app without disorderfs, guess it might be a "flaky" issue as disorderfs always fix it but the diff wont appear without using it in all invocations (even if diff occur usually, such as in my compilations and Leo at: #713 (comment) ) |
Well, by pinning the Debian version to bullseye (in your case) or bookworm (in my case) we implicitly pin the Debian-based Gradle version. That is because in general – except for security/maintenance fixes – Debian packages are pinned per distribution. It's also worth noting that the Gradle versions downloaded from gradle.org are neither free software nor entirely open source, so I'd rather not depend the "reference build" on it. Finally, the current build for Google Play and the reproducible build for F-Droid are using the Debian/Ubuntu-version of Gradle 4.4.1. It might be a good idea for the "reference build" to stay close to it so the risk for breaking the reproducibility when comparing APKs from different builds stays low. Then again, if the Gradle 5.x and 6.x versions produce bit-identical results to Gradle 4.4.1, I guess building with various different Gradle versions can also be a good thing. |
For what it's worth, with Emanuel's build script fix I do get a huge diff in |
I suspect that btrfs behaves more deterministic than ext4 (which I assume most people are using). But I'll keep in mind that disorderfs is needed for the time being – thanks! |
Tools should not rely on the file system using this sorting or the other. If btrfs deterministically sorts by date and ext4 by file name, nothing is gained. Rant is not for you but for those tool providers that don't care about RB :( |
I agree. |
Afaik the bug causing the difference in |
Either that, or I switch to a non-free, non-distro-maintained version of Gradle. |
Or use another distro maintained gradle, such as from nixos or alpine: Also worth to contact Debian and encourage them to upgrade the gradle version as it's old, it's 4.4.1 in debian and ubuntu: https://packages.ubuntu.com/kinetic/gradle Someone posted work in progress to update gradle to 6.4.1 for debian at https://lists.debian.org/debian-java/2020/05/msg00051.html https://lists.debian.org/debian-outreach/2020/08/msg00023.html |
Currently the mention of reproducibility in repo are:
in README.md
bitcoin-wallet/wallet/README.md
Line 92 in 331a9dd
in changelog in CHANGES file
bitcoin-wallet/wallet/CHANGES
Line 361 in 791c8b6
bitcoin-wallet/wallet/CHANGES
Lines 218 to 219 in 791c8b6
Suggestion are:
Run:
podman run --device /dev/fuse --cap-add SYS_ADMIN --rm --name schildbach_bitcoin_build_apk -ti schildbach_bitcoin_build_apk
And run inside the shell of the container:
The text was updated successfully, but these errors were encountered: