Fix possible issue with reproducible builds.

- Needed to update apkdiff.py to ignore some new app-signing-related files. - While I was in there, I cleaned up the script a lot to make it easier to read as well as extract files that didn't match. - We also need to guarantee git hashes are the same length -- the script we were calling might provide hashes of different length depending on how you checked out the code. Co-authored-by: inthewaves<26474149+inthewaves@users.noreply.github.com>
2022-12-08 19:34:09 -05:00 · 2022-12-08 19:34:09 -05:00 · 61f9dc7498
commit 61f9dc7498
--- a/app/build.gradle
+++ b/app/build.gradle
@ -594,20 +594,20 @@ def getLastCommitTimestamp() {
 def getGitHash() {
    if (!(new File('.git').exists())) {
-        return "abcd1234"
+        throw new IllegalStateException("Must be a git repository to guarantee reproducible builds! (git hash is part of APK)")
    }
    def stdout = new ByteArrayOutputStream()
    exec {
-        commandLine 'git', 'rev-parse', '--short', 'HEAD'
+        commandLine 'git', 'rev-parse', 'HEAD'
        standardOutput = stdout
    }
-    return stdout.toString().trim()
+    return stdout.toString().trim().substring(0, 12)
 }
 def getCurrentGitTag() {
    if (!(new File('.git').exists())) {
-        return ''
+        throw new IllegalStateException("Must be a git repository to guarantee reproducible builds! (git hash is part of APK)")
    }
    def stdout = new ByteArrayOutputStream()
--- a/reproducible-builds/apkdiff/apkdiff.py
+++ b/reproducible-builds/apkdiff/apkdiff.py
@ -3,73 +3,70 @@
 import sys
 from zipfile import ZipFile
 class ApkDiff:
-    # resources.arsc is ignored due to https://issuetracker.google.com/issues/110237303
+    IGNORE_FILES = [
-    # May be fixed in Android Gradle Plugin 3.4
+        # Related to app signing. Not expected to be present in unsigned builds. Doesn't affect app code.
-    IGNORE_FILES = ["META-INF/MANIFEST.MF", "META-INF/SIGNAL_S.RSA", "META-INF/SIGNAL_S.SF", "resources.arsc"]
+        "META-INF/MANIFEST.MF",
        "META-INF/CERTIFIC.SF",
        "META-INF/CERTIFIC.RSA",
    ]
-    def compare(self, sourceApk, destinationApk):
+    def compare(self, firstApk, secondApk):
-        sourceZip      = ZipFile(sourceApk, 'r')
+        firstZip = ZipFile(firstApk, 'r')
-        destinationZip = ZipFile(destinationApk, 'r')
+        secondZip = ZipFile(secondApk, 'r')
-        if self.compareManifests(sourceZip, destinationZip) and self.compareEntries(sourceZip, destinationZip) == True:
+        if self.compareEntryNames(firstZip, secondZip) and self.compareEntryContents(firstZip, secondZip) == True:
            print("APKs match!")
        else:
            print("APKs don't match!")
-    def compareManifests(self, sourceZip, destinationZip):
+    def compareEntryNames(self, firstZip, secondZip):
-        sourceEntrySortedList      = sorted(sourceZip.namelist())
+        firstNameListSorted = sorted(firstZip.namelist())
-        destinationEntrySortedList = sorted(destinationZip.namelist())
+        secondNameListSorted = sorted(secondZip.namelist())
        for ignoreFile in self.IGNORE_FILES:
-            while ignoreFile in sourceEntrySortedList: sourceEntrySortedList.remove(ignoreFile)
+            while ignoreFile in firstNameListSorted:
-            while ignoreFile in destinationEntrySortedList: destinationEntrySortedList.remove(ignoreFile)
+                firstNameListSorted.remove(ignoreFile)
            while ignoreFile in secondNameListSorted:
                secondNameListSorted.remove(ignoreFile)
-        if len(sourceEntrySortedList) != len(destinationEntrySortedList):
+        if len(firstNameListSorted) != len(secondNameListSorted):
            print("Manifest lengths differ!")
-        for (sourceEntryName, destinationEntryName) in zip(sourceEntrySortedList, destinationEntrySortedList):
+        for (firstEntryName, secondEntryName) in zip(firstNameListSorted, secondNameListSorted):
-            if sourceEntryName != destinationEntryName:
+            if firstEntryName != secondEntryName:
-                print("Sorted manifests don't match, %s vs %s" % (sourceEntryName, destinationEntryName))
+                print("Sorted manifests don't match, %s vs %s" % (firstEntryName, secondEntryName))
                return False
        return True
-    def compareEntries(self, sourceZip, destinationZip):
+    def compareEntryContents(self, firstZip, secondZip):
-        sourceInfoList      = list(filter(lambda sourceInfo: sourceInfo.filename not in self.IGNORE_FILES, sourceZip.infolist()))
+        firstInfoList = list(filter(lambda info: info.filename not in self.IGNORE_FILES, firstZip.infolist()))
-        destinationInfoList = list(filter(lambda destinationInfo: destinationInfo.filename not in self.IGNORE_FILES, destinationZip.infolist()))
+        secondInfoList = list(filter(lambda info: info.filename not in self.IGNORE_FILES, secondZip.infolist()))
-        if len(sourceInfoList) != len(destinationInfoList):
+        if len(firstInfoList) != len(secondInfoList):
            print("APK info lists of different length!")
            return False
-        for sourceEntryInfo in sourceInfoList:
+        success = True
-            for destinationEntryInfo in list(destinationInfoList):
+        for firstEntryInfo in firstInfoList:
-                if sourceEntryInfo.filename == destinationEntryInfo.filename:
+            for secondEntryInfo in list(secondInfoList):
-                    sourceEntry      = sourceZip.open(sourceEntryInfo, 'r')
+                if firstEntryInfo.filename == secondEntryInfo.filename:
-                    destinationEntry = destinationZip.open(destinationEntryInfo, 'r')
+                    firstEntryBytes = firstZip.read(firstEntryInfo.filename)
                    secondEntryBytes = secondZip.read(secondEntryInfo.filename)
-                    if self.compareFiles(sourceEntry, destinationEntry) != True:
+                    if firstEntryBytes != secondEntryBytes:
-                        print("APK entry %s does not match %s!" % (sourceEntryInfo.filename, destinationEntryInfo.filename))
+                        firstZip.extract(firstEntryInfo, "mismatches/first")
-                        return False
+                        secondZip.extract(secondEntryInfo, "mismatches/second")
                        print("APKs differ on file %s! Files extracted to the mismatches/ directory." % (firstEntryInfo.filename))
                        success = False
-                    destinationInfoList.remove(destinationEntryInfo)
+                    secondInfoList.remove(secondEntryInfo)
                    break
-        return True
+        return success
    def compareFiles(self, sourceFile, destinationFile):
        sourceChunk      = sourceFile.read(1024)
        destinationChunk = destinationFile.read(1024)
        while sourceChunk != b"" or destinationChunk != b"":
            if sourceChunk != destinationChunk:
                return False
            sourceChunk      = sourceFile.read(1024)
            destinationChunk = destinationFile.read(1024)
        return True
 if __name__ == '__main__':
    if len(sys.argv) != 3: