| <manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionCode="1" android:versionName="1" android:compileSdkVersion="29" android:compileSdkVersionCodename="10.0.0" package="com.example" platformBuildVersionCode="29" platformBuildVersionName="10.0.0"> | |
| <uses-sdk android:minSdkVersion="21" android:targetSdkVersion="29"/> | |
| </manifest> |
Some considerations regarding the APK Signing Block and how F-Droid handles Reproducible Builds.
The signature part of the APK Signing Block can contain more than one signature.
AFAIK android and apksigner (unlike apksigtool) only check the one with the strongest supported signature algorithm ID, not all of them.
As a workaround, you can create a global venv that acts a lot like --user does now.
NB: this works for scripts that are part of the packages installed in the venv, but scripts that use e.g. #!/usr/bin/python3 will not be able to access the modules from the venv, only scripts called via ~/.venv/bin/python3 (or ~/.venv/bin/python, ~/.venv/bin/python3.11 etc.) will be able to access those.
python3 -mvenv --system-site-packages --without-pip ~/.venv
| #!/usr/bin/python3 | |
| # encoding: utf-8 | |
| # SPDX-FileCopyrightText: 2024 FC (Fay) Stegerman <[email protected]> | |
| # SPDX-FileCopyrightText: 2024 Izzy | |
| # SPDX-License-Identifier: GPL-3.0-or-later | |
| import argparse | |
| import logging | |
| import os | |
| import sys |
| #!/usr/bin/python3 | |
| # encoding: utf-8 | |
| # SPDX-FileCopyrightText: 2023 FC Stegerman <[email protected]> | |
| # SPDX-License-Identifier: GPL-3.0-or-later | |
| import argparse | |
| from apksigcopier import copy_apk | |
| GNU GENERAL PUBLIC LICENSE | |
| Version 3, 29 June 2007 | |
| Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/> | |
| Everyone is permitted to copy and distribute verbatim copies | |
| of this license document, but changing it is not allowed. | |
| Preamble | |
| The GNU General Public License is a free, copyleft license for |
Remove
gradle:
- yesAdd
| // NB: Android Studio can't find the imports; this does not affect the | |
| // actual build since Gradle can find them just fine. | |
| import com.android.tools.profgen.ArtProfileKt | |
| import com.android.tools.profgen.ArtProfileSerializer | |
| import com.android.tools.profgen.DexFile | |
| project.afterEvaluate { | |
| tasks.each { task -> | |
| if (task.name.startsWith("compile") && task.name.endsWith("ReleaseArtProfile")) { |
| // NB: assumes reproducible-apk-tools is a submodule in the app repo's | |
| // root dir; adjust the path accordingly if it is found elsewhere | |
| project.afterEvaluate { | |
| tasks.compileReleaseArtProfile.doLast { | |
| outputs.files.each { file -> | |
| if (file.toString().endsWith(".profm")) { | |
| exec { | |
| commandLine( | |
| "../reproducible-apk-tools/inplace-fix.py", | |
| "sort-baseline", file |
| #!/usr/bin/python3 | |
| # encoding: utf-8 | |
| # SPDX-FileCopyrightText: 2023 FC Stegerman <[email protected]> | |
| # SPDX-License-Identifier: GPL-3.0-or-later | |
| import struct | |
| import zlib | |
| from typing import Any, BinaryIO, Tuple |