F-Droid inclusion #40
Comments
|
F-Droid inclusion merge request here: https://gitlab.com/fdroid/fdroiddata/-/merge_requests/9099 This just adds the wallet app for now, will also add the verifier if that goes well :) |
|
We are trying to get reproducible builds to work (so that APKs published on F-Droid are published with your signatures). It would be easier if you could publish the buildTimestamp in the release notes, along with the APK. Would that be possible for you? |
|
Thanks a lot for your interest! We appreciate your effort and motivation to help. We are currently actively discussing alternative publishing methods (F-Droid, ...) with the project team. The publishing process and go-live need to be aligned between all platforms. We will keep you posted once an official decision is reached. For the time being, the app is and should not yet be available on any stores. This is also due to ongoing tests (including the public security test). |
|
Thanks for the reply, of course the inclusion in F-Droid is on hold until the app gets published, I just wanted to get a head start to not have too much of a delay in publication there. Thanks for not dismissing this out of hand, the fact that you're even considering it is much better than responses for other apps :) ❤️ |
|
Hey @goebelUB , since the app is now published on Google Play, can we move forward with publication on the F-Droid side? We would also like to try to get reproducible builds to work. In the future, would it be possible to publish the build timestamps in the release notes? And again, would you accept a PR to add fastlane metadata to the repo? Or even better, could you add your own fastlane metadata (since those will have translations of the app store descriptions etc) |
|
Thanks for adding the build timestamps to the releases ❤️ |
|
You are very quick to pick this up! I'll try to make sure that build timestamps are added to any future releases, too. I will also add the metadata, though it seems that it'll have to be in Triple-T structure in order to support two apps in the same repo. |
Yes indeed.
Well, I was on the releases page, because I was looking to get reproducible builds to work. And a more complete one (you probably want to look at this somewhere that supports color escape sequences, I used
Thanks, I will see with someone more knowledgeable of F-Droid stuff how to use those timestamp files |
|
Also thanks for the PR to fix the gradle checksum missing (#76) Maybe the differences are (at least partly) because of the gradle mismatch? Don't know |
|
From the diffoscope it seems the source of the tag doesn't correspond to the apk published... I think the UserAgent stuff is different, maybe? It's hard to see if this concerns generated code or actual code you wrote. Some stuff fails to decompile with the diffoscope. Maybe it's just because of build systems differences, idk I doubt this is going to be easy 😅 |
|
I see, the branching around this specific wallet release might have messed things up, I'll look into it. In the meantime, can you see if F-Droid can reproduce this verifier release? Maybe that works... |
|
Sure, I will make a draft MR for the verifier as well so we can test that. |
|
Something I noticed while adding the verifier to F-Droid: the apk attached to the wallet release has the versioncode at the end (it's of the form wallet-prod-%v-%c-signed.apk), whereas the verifier apk attached to the release doesn't (it's of the form verifier-prod-%v-signed.apk). Is this going to continue to be the case? If the format changes once it's included, it will break how F-Droid fetches the apk to extract the signature |
|
Holy shit it worked! https://gitlab.com/artectrex/fdroiddata/-/jobs/1337130549 🥳 |
|
I will be moving forward with publishing the APK for the verifier on F-Droid. Will publish the wallet as soon as you publish the next release - where the apk will hopefully correspond to the matching tag this time 😝 Edit: no actually still need to wait on the metadata being added into the repo, never mind 😅 |
I always assumed F-Droid displays the metadata that is in the repo at the point of the latest release tag (i.e. from when the latest release was built). Not sure if that is correct. In that case, the metadata would only be there for the next release anyway. If the verifier v1.0.1-1001 builds and can be reproduced, I think it we can publish it - it's an extra chance to check that it actually works :) |
|
Indeed, that's how it goes, we'll have to wait for the next release. |
|
Both of them are now ready for review and merging into fdroid-data, I am waiting for the full release to mark the PRs as ready to be merged. Both have reproducible builds, working great, and it's possible that the automatic updates will work (which we will see at the next update, otherwise I will have to do manual updates, but it should be fine?) |
|
Adding a "get it on F-Droid" badge next to the "get it on Google Play" one -- once the apps are available in F-Droid -- would be nice :) |
|
@Wv5twkFEKh54vo4tta9yu7dHa3 @goebelUB Looks like metadata is in 1.2 Release so can we get it now on F-droid? Edit: Sorry did not check the fdroid MR. I See you already are working on it |
|
It's ready to merge, no clue what is holding things up on the f-droid side... Someone with the correct rights needs to hit a button to merge it |
|
Why is this not approved yet? |
|
They don't have time, apparently? Really don't know what is required, imo it just needs someone to push the merge button... https://gitlab.com/fdroid/fdroiddata/-/merge_requests/9099#note_607719783 Edit: you were slightly quicker :P |
F-Droid is just super slow / overlaoded. You need to find someone with F-Droid merge right and nicly ask him to merge ist. Everything is done on this repo |
|
it needs to be build and published still, you can see the current state here: https://monitor.f-droid.org/builds/running |
Thanks a lot. I was not familiar with this. |
|
v.1.2.0 is now on F-Droid (visible in the client after an index update, but not yet visible on the website). Unfortunately, the metadata is flipped: what looks like the wallet downloads the verifier, and vice versa: |
I think this is a bug in f-droid. Will investigate. |
Looks like it. Working on a fix. |
|
FYI: if you add a changelog to the metadata, the app will show up in "latest apps" on F-Droid. |
Thanks a lot for the quick response!
I know that this is the last missing straw, all other boxes are ticked (translations, graphics, ...). v2.0.0 contains a changelog. |
Getting the fix into production might take a little while though (certainly not until after the weekend). |
|
lol. v2.0.0 is now in the repo. and the nondeterminism just happened to produce the correct result this time. |
|
Well, mostly. |
Not as far as I can tell (the website matches the client and the repo). Could they be switched in the repo?
Website & client are both correct for me.
That's a bug I've seen before :) Will report. |
So that's a known bug. I'll see if I can so something about it soon, but it's not trivial to fix. |
|
A heads up: in the new version we pulled out the core SDK to share it with the backend. Btw I'll keep this issue open to keep all F-Droid discussions in one place. Anybody no longer interested in this issue can always unsubscribe from Github's notifications. At the same time anybody interested will get notifications without being @ ed. |
|
That's not OK for F-Droid, it will need to stop builds. We could maybe build this from source, but I don't know if it will be reproducible. Won't have time for this for the coming month though... Someone else to look at this? |
Maven would be fine afaik. A jar (or any other binary) is not acceptable for f-droid. You could use a separate build flavour for f-droid that builds the .jar from source. Feel free to ping me if I can help. |
|
In that case I think the easiest solution is for F-Droid to skip/disable v2.1.0. The next app release should be without the JAR again and via Maven instead. |
|
@goebelUB Also the button for the ligth certificate is missing on my phone, is this also a bug of the f-droid build? According to change log it should be in in version 2.0 |
|
F-Droid builds are reproducible, i.e. the apk you get from F-Droid is exactly the same as the apk distributed via Google Play, AppGallery and Github. This also allows you yo upgrade across stores. So there should not be any difference. 2.0.0 added transfer codes, the light certificate was only added in 2.1.0. |
Then there is a bug in the metadata, f-droid says: |
|
Here's the metadata for the wallet 2.0.0 and 2.1.0. This looks like a bug in F-Droid server, where it takes the changelog from newer metadata. It tried to build 2.1.0, failed, but still updated the metadata. |
|
This should be fixed from now on (currently both apps have the wallet metadata). Please let me know if it's not fixed after the next release is published. |
|
@goebelUB Any news on the issue. I think users of F-Droid are the core audience for the certificate light. And it is still not available. |
|
No, I'm afraid not 😔 See also #206. |
|
Status? |
|
2.7.0 is now available on F-Droid. Sorry for the delay! We ended up needing a separate release for F-Droid. That's not ideal, so I'll track this in #304. |
Hi, is it OK if we add this app to F-Droid? It seems to be fully FOSS so it would be good to be on there.
Would you accept a PR to add Fastlane metadata? Cf https://gitlab.com/snippets/1895688
Thanks for your work and for releasing it as free software :)
The text was updated successfully, but these errors were encountered: