one tiny step away from reproducible builds!
Created by: eighthave
F-Droid has been working towards providing reproducible builds for a while now. SMSSecure is one app that we really want to be able to build reproducibly, since it is a security-sensitive app. And as of versionCode 202, its really really close. The only difference that is preventing a match based on the APK signature is this one character difference in BuildConfig.BUILD_GIT_COMMIT
. For whatever reason, the F-Droid ends up with one more character:
https://verification.f-droid.org/org.smssecure.smssecure_202.apk.diffoscope.html
The top of that diff is mostly showing that the files are sorted differently, but that doesn't matter for APK Signature v1 (aka JAR signatures).
How about making BuildConfig.BUILD_GIT_COMMIT
the full commit id? Or just remove it? Or find out what could be making it sometimes have an additional character (caused by different versions of git?)