Welcome Voyage to the selection of reproducible apps at #IzzyOnDroid – v0.10.1 coming up tomorrow just made it

apt.izzysoft.de/packages/com.d…

#reproducibleBuilds

„Voyage“ – IzzyOnDroid F-Droid Repository

Voyage is a lightweight nostr client for Android with a Reddit-like UI.

^{IzzyOnDroid App Repo}

Thanks to the help of its author, Irfan Latif, starting with v1.06 MyLocation is now RB Welcome to the selection!

apt.izzysoft.de/packages/com.m…

#IzzyOnDroid #reproducibleBuilds

„My Location“ – IzzyOnDroid F-Droid Repository

Know your geo coordinates using on-device GPS and Network location providers

^{IzzyOnDroid App Repo}

Aaaand… Welcome to the RB family, AlternativeUnlockXposed! Thanks to the efforts by its author, the app now builds reproducible:

apt.izzysoft.de/packages/com.l…

So with the next sync, expect the new release to show up with the green shield for RB

#reproducibleBuilds #IzzyOnDroid

„AlternativeUnlockXposed“ – IzzyOnDroid F-Droid Repository

Unlock your Android phone with an alternative PIN (Xposed)

^{IzzyOnDroid App Repo}

Congrats to Arru! They just managed to get their app enter the hall-of-famous RB apps 🥳

apt.izzysoft.de/packages/com.k…

#reproducibleBuilds #IzzyOnDroid

„Arru“ – IzzyOnDroid F-Droid Repository

track and analyze your expenses

^{IzzyOnDroid App Repo}

And YAY! #IzzyOnDroid now is live at reproducible-builds.org/who/pr…

#reproducibleBuilds

We might not have Grant Money – but we certainly have Grant Ideas

Next app was just made ready for #reproducibleBuilds by its author – numbers go up 🥳 With the next sync, welcome SmartMouse to the "RB Club":

apt.izzysoft.de/fdroid/index/a…

#IzzyOnDroid

„SmartMouse“ – IzzyOnDroid F-Droid Repository

Use your smartphone as a normal computer mouse

^{IzzyOnDroid App Repo}

#AndroidAppRain at apt.izzysoft.de/fdroid today with 14 updated and 1 added apps:

* Dhaaga (Lite): An Opinionated Fediverse Microblogging App (Mastodon, Misskey, Pleroma, Firefish, Sharkey, Akkoma)

One more app has been confirmed RB aka #reproducibleBuilds – and some more are in preparation.

Enjoy your #free #Android #apps with the #IzzyOnDroid repo

IzzyOnDroid F-Droid Repository

This is a repository of apps to be used with F-Droid. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).

^{IzzyOnDroid App Repo}

Announcing Android Reproducible Builds at IzzyOnDroid with rbtlog

IzzyOnDroid is the largest 3rd-party F-Droid-compatible repository of open source Android apps [...] It provides [...] additional security and transparency via multiple custom scans and checks.

rbtlog is a Reproducible Builds transparency log for Android APKs. [...] It allows anyone to easily run a rebuilder for any apps available from a git repository with release tags plus accompanying APKs built and signed by the developer.

We are pleased to announce "Reproducible Builds, special client support and more in our repo": a collaboration between various independent interoperable projects: the IzzyOnDroid team, 3rd-party clients Droid-ify & Neo Store, and rbtlog (part of my collection of tools for Android Reproducible Builds) to bring Reproducible Builds to IzzyOnDroid and the wider Android ecosystem.

lists.reproducible-builds.org/…

android.izzysoft.de/articles/n…

github.com/obfusk/rbtlog

#ReproducibleBuilds #IzzyOnDroid

GitHub - obfusk/rbtlog: Reproducible Builds Transparency Log for Android APKs

Reproducible Builds Transparency Log for Android APKs - obfusk/rbtlog

^GitHub

🇬🇧 Finally we're live with a new set of features! More than 18% of the apps at IzzyOnDroid already have Reproducible Builds – that's more than 1 out of 6, and more will follow. Two wonderful clients will make this and more transparent for you soon. Read about all the exciting news in this article: android.izzysoft.de/articles/n…

All this was made possible thanks to the help of @obfusk – and her github.com/obfusk/rbtlog

#IzzyOnDroid #reproducibleBuilds #FDroid #transparency

Reproducible Builds, special client support and more in our repo

Exciting news at the IzzyOnDroid repo! Now we have Reproducible Builds, specific support by some of the most popular F-Droid clients, and more!

^IzzyOnDroid

🇩🇪 Schluss mit der Rumeierei – jetzt ist es Live! mehr als 18% der Apps bei IzzyOnDroid verfügen bereits über Reproducible Builds (also mehr als jedes 6. Ei – oops, jede 6. App; mehr folgen). Zwei wundervolle Clients werden Euch dies und weiteres transparent machen. Das & weitere spannende News könnt ihr hier nachlesen: android.izzysoft.de/articles/n…

All dies war nur möglich Dank der Hilfe von @obfusk – und ihrem github.com/obfusk/rbtlog

#IzzyOnDroid #reproducibleBuilds #FDroid #transparency

Reproducible Builds, besondere Client-Unterstützung und mehr in unserem Repo

Spannende Neuigkeiten im IzzyOnDroid Repo: Jetzt haben wir reproduzierbare Builds, spezifische Unterstützung durch einige der beliebtesten F-Droid-Clients und mehr!

^IzzyOnDroid

A bug in recent changes made to Google's apksigner breaks signature copying with apksigcopier, which is needed to make Reproducible Builds work for Android APKs.

Analysis with available workarounds:

github.com/obfusk/apksigcopier…

Bug report with my proposed fix:

issuetracker.google.com/issues…

Please consider adding a +1 to the bug report if you have a Google account :)

#ReproducibleBuilds

GitHub - obfusk/apksigcopier: apksigcopier - copy/extract/patch android apk signatures & compare apks

apksigcopier - copy/extract/patch android apk signatures & compare apks - obfusk/apksigcopier

^GitHub

Mapping upstream source code tarballs back to downstream distros:
whatsrc.org/

👍 to #ReproducibleBuilds hacker kpcyrd for developing this!

So, Philipp Kern dropped by asking if we could do some #ReproducibleBuilds verifications of recent Debian Security updates, given, well the whole #xz mess... and that our build infrastructure may have run compromised code at some point...

So I did a quick pass at a handful of updates and everything verified ok so far, though I skipped some of the probably more juicy targets such as chromium and firefox:

lists.reproducible-builds.org/…

Debian is reproducible enough to at least try this sort of thing!

Arch Linux minimal container userland 100% reproducible - now what?

lists.archlinux.org/hyperkitty…

#ArchLinux #Linux #ReproducibleBuilds

I independently reproduced the #NixOS minimal installation ISO!

This is an amazing milestone for me personally: I've been involved in #ReproducibleBuilds since 2017 and #NixOS since 2019, and have been slowly chipping away at this problem. While there is much more to do to further reap the benefits of reproducibility, this is a long-awaited tangible benefit.

For more about the What, Why, How and What Next, check the post below :)

discourse.nixos.org/t/nixos-re…

NixOS Reproducible Builds: minimal installation ISO successfully independently rebuilt

We have successfully created an independent, bit-by-bit-identical rebuild of the nixos-minimal ISO published by Hydra 🎉 Why is this useful? While there are a number of ‘side-benefits’, the main point of Reproducible Builds is that it gives us a rel…

^{NixOS Discourse}

We've updated our monthly overview of F-Droid apps published with Reproducible Builds again: 21 new RB apps were added in June, making 145 RB apps in total.

gitlab.com/obfusk/fdroid-misc-…

#FDroid #ReproducibleBuilds

We recently updated the @fdroidorg Inclusion How-To with a new section explaining why we consider #ReproducibleBuilds to be best practice and are hoping developers will support our efforts to make as many (new) apps reproducible as we reasonably can (whilst hopefully making sure it's clear this is not a mandatory requirement):

f-droid.org/docs/Inclusion_How…

Inclusion How-To | F-Droid - Free and Open Source Android App Repository

This page documents how a new application gets included in the main F-Droidrepository. It includes the technical details that a submitter should beaware of.A...

^f-droid.org

Not too long ago, your two hands would have been enough to count the #reproducibleBuilds at @fdroidorg – but now it doesn't even help taking your shoes off to call your toes in. It's 50 now, and counting! I just successfully got an author's and my own first RB in ("with a little help from my friends"), and have 2 more pending

So yes: expect more and more apps this way now. Install from #FDroid – update from Github if needed; signature matches. Just the GUI needs to show that now…

Have you heard about #ReproducibleBuilds? This is one of the biggest #security benefits of #FOSS. On #Android, this technique ensures that the #FDroid version of an app exactly matches the developer's version.

Read our article below for more details and to see how easy it is for developers to get set up:
f-droid.org/en/2023/01/15/towa…

Towards a reproducible F-Droid | F-Droid - Free and Open Source Android App Repository

A common criticism directed at F-Droid is that F-Droid signs published APKswith its own keys. Using our own keys doesn’t mean insecure — we have a goodtrack ...

^f-droid.org