Search

Items tagged with: ReproducibleBuilds

🐣 oops… the Easter egg hatched early! We've just reached a goal we hoped to achieve around Easter:

At #IzzyOnDroid 40% – so 2 out of every 5 apps – are now #reproducibleBuilds 🥳

So whenever you see one or more green shields next to the version of an app in our repo browser at apt.izzysoft.de/fdroid you can be sure: this was built exactly from the source code it claims to be, nothing added or taken away.

Oh, and we should roll out those new shields soon™, so you see the independent builders 😉

3 green shields next to a version number: 3 builders confirmed this app being reproducible (here one of them an "independent builder" not run by a member of IzzyOnDroid)

IzzyOnDroid F-Droid Repository

This is a repository of apps to be used with your F-Droid client. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
IzzyOnDroid App Repo
#reproduciblebuilds #izzyondroid

#AndroidAppRain #reproduciblebuilds #izzyondroid

Want to try running your own builder – to confirm apps as #reproducibleBuilds or just to build your own apps? At #IzzyOnDroid we've just made "easy setup scripts" available which should take care for all requirements, while letting you choose which parts you want:

codeberg.org/IzzyOnDroid/rbuil…

These scripts are not yet thoroughly tested (just a bit on Linux Mint/Debian/Ubuntu), so we'd welcome volunteers & their feedback.

Thanks to @nlnet for supporting us on this project! You're awesome :awesome:

Screenshot with an excerpt of an install session, showing the completion of the install and a first "call for help"

rbuilder_setup

Scripts to automate setup of rbtlog, rbhelper, and their dependencies
Codeberg.org
#reproduciblebuilds #izzyondroid @NLnet

#reproduciblebuilds #izzyondroid

#reproduciblebuilds #izzyondroid

Welcome to the RB family, Street­Measure 🥳

apt.izzysoft.de/packages/de.we…

StreetMeasure is an app to measure distances and heights. It was made for usage with StreetComplete and other OpenStreetMap editors. But you can use it for other things, too.

Thanks to the joint efforts with its author (thanks Tobias!), starting with v1.5 this app is now RB :awesome:

RB status at IoD now: 471 apps (38.4%)

#reproducibleBuilds #IzzyOnDroid


„Street­Measure“ – IzzyOnDroid F-Droid Repository

Measure distances and heights
IzzyOnDroid App Repo
#reproduciblebuilds #izzyondroid

#reproduciblebuilds

#android #reproduciblebuilds #izzyondroid @Dr0id

#AndroidAppRain at apt.izzysoft.de/fdroid today brings you 8 updated (all RB) and 2 added (also RB) apps:

* ReTerminal: a Terminal Emulator 🛡️
* Dharmik: an offline app to browse Hindu texts (currently: Bhagavad Gita and Atharvaveda) 🛡️

Our first "RB only" AppRain, so to speak 🥳 Current RB status: 468 apps (37.7%)

3 #Magisk modules have been updated at apt.izzysoft.de/magisk

Enjoy your #free #Android #apps with the #IzzyOnDroid repository :awesome:

#reproducibleBuilds


IzzyOnDroid F-Droid Repository

This is a repository of apps to be used with your F-Droid client. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
IzzyOnDroid App Repo
#android #free #apps #AndroidAppRain #reproduciblebuilds #magisk #izzyondroid

OK, #AndroidAppRain at apt.izzysoft.de/fdroid today once more brought you no new apps – but 25 updated ones, 13 of them (so every second one) RB. Numbers getting closer together now with ever more apps covered by #reproducibleBuilds at #IzzyOnDroid – our status currently is

457 apps (36.8%)

and counting. Let's see if we can make it to 40% …


IzzyOnDroid F-Droid Repository

This is a repository of apps to be used with your F-Droid client. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
IzzyOnDroid App Repo
#AndroidAppRain #reproduciblebuilds #izzyondroid

#reproduciblebuilds #izzyondroid

Welcome to the RB family, Sefirah 🥳

apt.izzysoft.de/packages/com.c…

Sefirah is an opinionated phone link alternative designed to enhance your workflow with seamless clipboard and notification sharing between your Windows PC and Android device.

Thanks to the help of its dev, we finally managed to get it reproducible! :awesome:

RB status now: 427 apps (34.3%)

#reproducibleBuilds #IzzyOnDroid


„Sefirah“ – IzzyOnDroid F-Droid Repository

Windows Notification Mirroring, Clipboard Sync, File Transfer, Media Control
IzzyOnDroid App Repo
#reproduciblebuilds #izzyondroid

#reproduciblebuilds #izzyondroid @Aliberk Sandıkçı

#AndroidAppRain at apt.izzysoft.de/fdroid today brings you 19 updated (14 of those RB) and 2 added apps:

* Sefirah: the continuation of Sekia (Windows Notification Mirroring, Clipboard Sync, etc)
* Moneytopia: track your personal expenses 🛡️

Enjoy your #free #Android #apps (and #reproducibleBuilds) with the #IzzyOnDroid repository :awesome:


IzzyOnDroid F-Droid Repository

This is a repository of apps to be used with your F-Droid client. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
IzzyOnDroid App Repo
#android #free #apps #AndroidAppRain #reproduciblebuilds #izzyondroid

#reproduciblebuilds #izzyondroid

#reproduciblebuilds #izzyondroid

Welcome to the RB family, File Navigator 🥳

apt.izzysoft.de/packages/com.w…

File Navigator wants to be Your Ultimate File Sorting Solution.

I've no idea what its author did, as I never received an answer to my issue – but finally we could successfully build the app and then also make it reproducible :awesome:

So RB status now: 414 apps (33.6%)

(we don't expect another egg soon, but hope to reach 40% when people roll them in spring 😜)

#reproducibleBuilds #IzzyOnDroid


„File Navigator“ – IzzyOnDroid F-Droid Repository

The missing link between Android and a well-structured file system
IzzyOnDroid App Repo
#reproduciblebuilds #izzyondroid

#reproduciblebuilds #izzyondroid

Welcome to the RB family, MBCompass 🥳

apt.izzysoft.de/packages/com.m…

MBCompass is a simple, reliable compass app with a sleek design and accurate navigation.

Thanks to Mubarak Basha, its developer, for making this possible! :awesome:

This brings us to a new milestone: also welcome the "3rd egg" 🐣

RB status: 410 apps (33.3%)

Meaning: each 3rd app, 1 out of 3, at IzzyOnDroid is now covered by RB 🥳

#reproducibleBuilds #IzzyOnDroid


„MBCompass“ – IzzyOnDroid F-Droid Repository

Simple and efficient compass
IzzyOnDroid App Repo
#reproduciblebuilds #izzyondroid

Welcome to the RB family, Cirno 🥳

apt.izzysoft.de/packages/nep.t…

Cirno is an app freezer that runs on Android 12+ platforms, it is used to make background apps completely free of CPU resources to improve the overall smoothness of the device.

Many thanks to YuSaki丶Kanade to have established an Github action for consistent & clean builds, finally making this app pass RB :awesome:

RB status now: 407 apps (32.7%)

#reproducibleBuilds #IzzyOnDroid


„Cirno“ – IzzyOnDroid F-Droid Repository

app freezer to make background apps completely free of CPU resources
IzzyOnDroid App Repo
#reproduciblebuilds #izzyondroid

Welcome to the RB family, NoWakeLock 🥳

apt.izzysoft.de/packages/com.j…

NoWakeLock allows you to get control over Wakelocks, Services and Alarms. It requires the Xposed framework on the device.

As an app with elevated privileges (root) it's especially good we can now certify it was really built from the source it claims :awesome:

Note the app had a transfer of ownership and uses a new signing key, so this update requires you to uninstall/reinstall the app.

#reproducibleBuilds #IzzyOnDroid


„NoWakeLock“ – IzzyOnDroid F-Droid Repository

control Android wakelocks with open source
IzzyOnDroid App Repo
#reproduciblebuilds #izzyondroid

Welcome to the RB family, sNotz 🥳

apt.izzysoft.de/packages/com.s…

sNotz is a privacy-friendly, secure, and completely offline application to create, customize, and manage simple notes on your android device.

Thanks to @sunilpaulmathew for making this possible :awesome:

Oh no, RB status says no apps found now: 404 apps (32.5%), we're working on it 🤞

#reproducibleBuilds #IzzyOnDroid


„sNotz“ – IzzyOnDroid F-Droid Repository

An open-source and completely offline application to manage simple notes
IzzyOnDroid App Repo
#reproduciblebuilds #izzyondroid @Sunil Paul Mathew Menacherry

#AndroidAppRain at apt.izzysoft.de/fdroid today brings you 12 updated apps (hey, all without that DependencyInfoBlob 🤩) and 1 added app:

* Octo: an unofficial FLOSS Octopus Energy agile tariff monitor 🛡️

RB stats: 401 apps (32.3%) – yupp, we crossed the 400! 🥳

At apt.izzysoft.de/magisk 5 #Magisk modules where updated.

Enjoy your #free #Android #apps with the #IzzyOnDroid repo and #reproducibleBuilds :awesome:


IzzyOnDroid F-Droid Repository

This is a repository of apps to be used with your F-Droid client. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
IzzyOnDroid App Repo
#android #free #apps #AndroidAppRain #reproduciblebuilds #magisk #izzyondroid

#reproduciblebuilds #magisk #izzyondroid

@IzzyOnDroid has been doing an amazing job getting our repo to over 30% of apps being reproducible. Maintaining a rebuilder takes a lot of constant work. Thank you!

As I've written before:

[...] the ecosystem is constantly moving: old toolchain and dependency bugs get fixed, but new ones keep popping up. [...] Reproducible Builds are not just an item on a checklist [...] It's an ongoing process involving not just upstream app developers, but also maintainers of repositories, clients, and rebuilders; those involved in outreach and writing documentation; developers and maintainers of tooling, toolchains, and dependencies. And often requires a lot of collaborative debugging :)


See also our "Review of 2024 and Outlook for 2025: Reproducible Builds, Security Measures and more":

android.izzysoft.de/articles/n…

#IzzyOnDroid #ReproducibleBuilds


Rückblick auf 2024 und Ausblick auf 2025: Reproducible Builds, Sicherheitsmaßnahmen, und mehr

2024 winkt zum Abschied, 2025 klopft an die Tür: Was haben wir 2024 erreicht, und was sind unsere Pläne und Hoffnungen für 2025? Werft mit uns einen Blick zurück auf die eingeführten Sicherheitsmaßnahmen, auf die Fortschritte bei Reproducible Builds …
IzzyOnDroid
#reproduciblebuilds #izzyondroid @IzzyOnDroid ✅

Welcome to the RB family, NFC Alarm Clock 🥳

apt.izzysoft.de/packages/com.n…

NFC Alarm Clock lets you customize how your alarms look, easily create/delete alarms, and more. Each alarm can be configured however you want to use it. And you can also use an NFC card or tag to dismiss your alarm.

Was quite a trip – but thanks to the tremendous efforts put in by its developer, it's finally RB :awesome:

#IzzyOnDroid #reproducibleBuilds


„NFC Alarm Clock“ – IzzyOnDroid F-Droid Repository

A customizable, lightweight, and open source alarm clock.
IzzyOnDroid App Repo
#reproduciblebuilds #izzyondroid

Welcome to the RB family, Flut Renamer 🥳

apt.izzysoft.de/packages/net.s…

Flut Renamer helps you to effortlessly manage and rename files and directories – with features including inserting text, inserting file metadata and Exif data, replacing text, deleting text, rearranging, and more.

Thanks to joint efforts with its developer, the app is now RB :awesome:

Current RB status at IoD: 391 apps (31.7%)

#IzzyOnDroid #reproducibleBuilds


„Flut Renamer“ – IzzyOnDroid F-Droid Repository

rename files in many ways
IzzyOnDroid App Repo
#reproduciblebuilds #izzyondroid

#AndroidAppRain at apt.izzysoft.de/fdroid today brought you 18 updated apps. Usually I only toot the rain if there are added ones, but… This time, 12 out of those 18 were #reproducibleBuilds (that is 2/3 of the updates). 2 of those failed, 1 I was able to repair (the other not, so I'll have to see we get it fixed with upstream for the next release).

Enjoy your reproducible and #free #Android #apps with the #IzzyOnDroid repo :awesome:


IzzyOnDroid F-Droid Repository

This is a repository of apps to be used with your F-Droid client. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
IzzyOnDroid App Repo
#android #free #apps #AndroidAppRain #reproduciblebuilds #izzyondroid

#reproduciblebuilds #izzyondroid

Welcome to the RB family, Mobile Tile Server 🥳

apt.izzysoft.de/packages/com.b…

Mobile Tile Server can be used as a HTTP server, serving Map Tiles from the device storage. When the server is running you can access the tiles from different mapping applications.

Thanks to the help of its author, Bogdan, the app now builds reproducibly :awesome:

RB status now: 389 apps (31.5%) – so almost every 3rd app is covered meanwhile 🤩

#IzzyOnDroid #reproducibleBuilds


„Mobile Tile Server“ – IzzyOnDroid F-Droid Repository

HTTP Server for your local Map Tiles
IzzyOnDroid App Repo
#reproduciblebuilds #izzyondroid

#android #reproduciblebuilds #izzyondroid

#android #reproduciblebuilds #izzyondroid @Patrick Zedler

And to make finding, installing and updating easier, Sunup will become available at #IzzyOnDroid with the next sync around 7 pm. Congrats @unifiedpush – it has the "green shield up", meaning it's reproducible :awesome:

But if you could get rid of that DEPENDENCY_INFO_BLOCK (a binary blob), that would be great. Easy to do, reach out to us for instructions, which do not fit into a toot – but wait, there are attachments, right? So for your build.gradle, see screenshot.

#reproducibleBuilds

Screenshot of the instructions on how to remove the DEPENDENCY_INFO_BLOCK
#reproduciblebuilds #izzyondroid @UnifiedPush

Jetzt ist auch die deutschsprachige Version unseres "Jahresberichts" online:

Ein Blick zurück, ein Blick voraus: Wie war 2024 bei #IzzyOnDroid? Was mag Euch 2025 hier bringen, woran arbeiten wir?

android.izzysoft.de/articles/n…

Und wenn Euch jemand sagt, #security oder #reproducibleBuilds wären (einmal aufgesetzt) reine Selbstläufer: Lacht sie laut aus. Software entwickelt sich weiter – und so auch ihre Risiken und Threats…


Rückblick auf 2024 und Ausblick auf 2025: Reproducible Builds, Sicherheitsmaßnahmen, und mehr

2024 winkt zum Abschied, 2025 klopft an die Tür: Was haben wir 2024 erreicht, und was sind unsere Pläne und Hoffnungen für 2025? Werft mit uns einen Blick zurück auf die eingeführten Sicherheitsmaßnahmen, auf die Fortschritte bei Reproducible Builds …
IzzyOnDroid
#security #reproduciblebuilds #izzyondroid

A look back, a look ahead: How was 2024 at IzzyOnDroid? What might 2025 bring you there, what are we working on?

android.izzysoft.de/articles/n…

And if anybody ever tells you #security or #reproducibleBuilds are "set-and-forget", laugh straight into their faces. Software evolves, and so do their threats and risks…

German readers: Die Deutsche Version folgt in Kürze…

#IzzyOnDroid


Review of 2024 and Outlook for 2025: Reproducible Builds, Security Measures and more

2024 waves goodbye, 2025 knocks at the door: what did we achieve in 2024, and what are our plans and hopes for 2025? Join us to take a look back at security measures established, at progress with Reproducible Builds – and for a look ahead of what mig…
IzzyOnDroid
#security #reproduciblebuilds #izzyondroid

#reproduciblebuilds #izzyondroid

I did some testing with zlib-ng, which Fedora and Arch are already using as a replacement for the original zlib and Debian plans to as well, and I'm not happy with what I found.

[...] With the original zlib, you will always get an identical output stream given the same input stream and compressor parameters [...] I expected that zlib-ng would often produce a different output steam than the original, but what I found was a lot more non-deterministic than just that.

With zlib-ng, feeding the data into the compressor in e.g. 1024-byte chunks always gave me a different output stream than using 4096-byte chunks [...] In fact, every chunk size I tried gave a different output. And that's with fixed size chunks, which is not a given if you're handling e.g. a stream of input.

Even using the same buffer size, I cannot get an identical compressed output stream with Python and Java any more [...]


lists.debian.org/debian-devel/…

#ReproducibleBuilds

Re: [Summary]: Supporting alternative zlib implementations

lists.debian.org
#reproduciblebuilds

#reproduciblebuilds #izzyondroid

@IzzyOnDroid @SylvieLorxu I would be happy to see your repo become #FreeSoftware! As you well know, F-Droid only endorses verifiable free software projects.

It is also great to see all your work on #ReproducibleBuilds. We are continuing to build upon our years of effort there. Our approach is focused on identifying issues and getting things fixed upstream as much as possible. Then devs do not need to use any special tools to achieve reproducible builds.

#FreeSoftware #reproduciblebuilds @Sylvia @IzzyOnDroid ✅

@SylvieLorxu @IzzyOnDroid

Yes, there is plenty of low hanging fruit like embedded timestamps or nondeterministic ordering. Many apps are already easily reproducible or require only small fixes.

But the ecosystem is constantly moving: old toolchain and dependency bugs get fixed, but new ones keep popping up.

Reproducible Builds are not just an item on a checklist, something you (ask upstreams to) enable and then you're done. Especially when it's a hard requirement like at F-Droid where new builds no longer being reproducible means users will not be able to get updates.

It's an ongoing process involving not just upstream app developers, but also maintainers of repositories, clients, and rebuilders; those involved in outreach and writing documentation; developers and maintainers of tooling, toolchains, and dependencies. And often requires a lot of collaborative debugging :)

It requires teamwork and an ongoing commitment to investigate and fix new issues when they pop up.

#ReproducibleBuilds

#reproduciblebuilds @Sylvia @IzzyOnDroid ✅