Welcome to the RB family, Image Toolbox 🥳
What we thought to be non-RB turned out to be just non-deterministic. Luckily we know how to deal with that in most cases, though we'd prefer Google fixing the underlying issue 😉 (and yes, there is an issue open with them)
apt.izzysoft.de/fdroid/index/a…
#reproducibleBuilds #IzzyOnDroid
Filter, Resize, Compare, Crop - do anything with your imagesIzzyOnDroid App Repo
#AndroidAppRain at apt.izzysoft.de/fdroid today brings you 13 updated and 1 added apps:
* Petals: take control of your weed consumption
Oh, and the @unifiedpush FCM Distributor moved to @Codeberg – and was just confirmed as #reproducibleBuilds (will show up as such tomorrow) 
Enjoy your #free #Android #apps with the #IzzyOnDroid repo
This is a repository of apps to be used with F-Droid. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).IzzyOnDroid App Repo
Aaand… Welcome to the RB family, Pinboard! 🥳
apt.izzysoft.de/packages/com.f…
#reproducibleBuilds at #IzzyOnDroid
Pinkt is an unofficial bookmarking client for Pinboard and LinkdingIzzyOnDroid App Repo
And SimpMusic now also made it into the RB group. A "flaky build" (non-deterministic), but still RB if you run it another time 🤷♂️
Welcome to #reproducibleBuilds at #IzzyOnDroid
apt.izzysoft.de/fdroid/index/a…
A simple music app using YouTube Music for backendIzzyOnDroid App Repo
Welcome to the family of RB apps, Material Photo Widget!
apt.izzysoft.de/fdroid/index/a…
Thanks to joint effort with the app's author, we were able to confirm #reproducibleBuilds for this app at the #IzzyOnDroid repo 🥳
PS: Pinboard hopefully follows up soon™
Photo Widget is a free, no-ads app to display photos on your home screenIzzyOnDroid App Repo
#AndroidAppRain at apt.izzysoft.de/fdroid today brings you 12 updated and 1 added apps:
* YAM Launcher: a minimal android launcher with weather integration – and a #reproducibleBuilds 😃
Enjoy your #free #Android #apps with the #IzzyOnDroid repo
This is a repository of apps to be used with F-Droid. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).IzzyOnDroid App Repo
Welcome to the RB family, FreeTV and Book's Story 🥳
apt.izzysoft.de/packages/com.p…
apt.izzysoft.de/packages/ua.ac…
These two apps just achieved #reproducibleBuilds now, and will carry the green shield at the #IzzyOnDroid repo, starting with their most recent releases (FreeTV with the next sync around 6 pm UTC, Book's Story already now).
The app is designed for watching TV channels from around the world.IzzyOnDroid App Repo
Welcome to the list of reproducible apps, Calculator You! 🥳
apt.izzysoft.de/packages/com.m…
Thanks to the joint efforts with its developer, v3.0.0 now is reproducible
#reproducibleBuilds #IzzyOnDroid
Calculator You is a beautiful calculator for solving simple tasks.IzzyOnDroid App Repo
"Reproducible Builds in July 2024" — featuring our "Android Reproducible Builds at IzzyOnDroid with rbtlog" announcement (and a lot more news from the Reproducible Builds community) — has just been published :)
Welcome Voyage to the selection of reproducible apps at #IzzyOnDroid – v0.10.1 coming up tomorrow just made it
apt.izzysoft.de/packages/com.d…
Voyage is a lightweight nostr client for Android with a Reddit-like UI.IzzyOnDroid App Repo
Thanks to the help of its author, Irfan Latif, starting with v1.06 MyLocation is now RB Welcome to the selection!
apt.izzysoft.de/packages/com.m…
#IzzyOnDroid #reproducibleBuilds
Know your geo coordinates using on-device GPS and Network location providersIzzyOnDroid App Repo
Aaaand… Welcome to the RB family, AlternativeUnlockXposed! Thanks to the efforts by its author, the app now builds reproducible:
apt.izzysoft.de/packages/com.l…
So with the next sync, expect the new release to show up with the green shield for RB
#reproducibleBuilds #IzzyOnDroid
Unlock your Android phone with an alternative PIN (Xposed)IzzyOnDroid App Repo
Congrats to Arru! They just managed to get their app enter the hall-of-famous RB apps 🥳
We might not have Grant Money – but we certainly have Grant Ideas
Next app was just made ready for #reproducibleBuilds by its author – numbers go up 🥳 With the next sync, welcome SmartMouse to the "RB Club":
apt.izzysoft.de/fdroid/index/a…
Use your smartphone as a normal computer mouseIzzyOnDroid App Repo
#AndroidAppRain at apt.izzysoft.de/fdroid today with 14 updated and 1 added apps:
* Dhaaga (Lite): An Opinionated Fediverse Microblogging App (Mastodon, Misskey, Pleroma, Firefish, Sharkey, Akkoma)
One more app has been confirmed RB aka #reproducibleBuilds – and some more are in preparation.
Enjoy your #free #Android #apps with the #IzzyOnDroid repo
This is a repository of apps to be used with F-Droid. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).IzzyOnDroid App Repo
Announcing Android Reproducible Builds at IzzyOnDroid with rbtlog
IzzyOnDroid is the largest 3rd-party F-Droid-compatible repository of open source Android apps [...] It provides [...] additional security and transparency via multiple custom scans and checks.
rbtlog is a Reproducible Builds transparency log for Android APKs. [...] It allows anyone to easily run a rebuilder for any apps available from a git repository with release tags plus accompanying APKs built and signed by the developer.
We are pleased to announce "Reproducible Builds, special client support and more in our repo": a collaboration between various independent interoperable projects: the IzzyOnDroid team, 3rd-party clients Droid-ify & Neo Store, and rbtlog (part of my collection of tools for Android Reproducible Builds) to bring Reproducible Builds to IzzyOnDroid and the wider Android ecosystem.
lists.reproducible-builds.org/…
android.izzysoft.de/articles/n…
#ReproducibleBuilds #IzzyOnDroid
Reproducible Builds Transparency Log for Android APKs - obfusk/rbtlogGitHub
🇬🇧 Finally we're live with a new set of features! More than 18% of the apps at IzzyOnDroid already have Reproducible Builds – that's more than 1 out of 6, and more will follow. Two wonderful clients will make this and more transparent for you soon. Read about all the exciting news in this article: android.izzysoft.de/articles/n…
All this was made possible thanks to the help of @obfusk – and her github.com/obfusk/rbtlog
#IzzyOnDroid #reproducibleBuilds #FDroid #transparency
Exciting news at the IzzyOnDroid repo! Now we have Reproducible Builds, specific support by some of the most popular F-Droid clients, and more!IzzyOnDroid
🇩🇪 Schluss mit der Rumeierei – jetzt ist es Live! mehr als 18% der Apps bei IzzyOnDroid verfügen bereits über Reproducible Builds (also mehr als jedes 6. Ei – oops, jede 6. App; mehr folgen). Zwei wundervolle Clients werden Euch dies und weiteres transparent machen. Das & weitere spannende News könnt ihr hier nachlesen: android.izzysoft.de/articles/n…
All dies war nur möglich Dank der Hilfe von @obfusk – und ihrem github.com/obfusk/rbtlog
#IzzyOnDroid #reproducibleBuilds #FDroid #transparency
Spannende Neuigkeiten im IzzyOnDroid Repo: Jetzt haben wir reproduzierbare Builds, spezifische Unterstützung durch einige der beliebtesten F-Droid-Clients und mehr!IzzyOnDroid
A bug in recent changes made to Google's apksigner breaks signature copying with apksigcopier, which is needed to make Reproducible Builds work for Android APKs.
Analysis with available workarounds:
github.com/obfusk/apksigcopier…
Bug report with my proposed fix:
issuetracker.google.com/issues…
Please consider adding a +1 to the bug report if you have a Google account :)
apksigcopier - copy/extract/patch android apk signatures & compare apks - obfusk/apksigcopierGitHub
Mapping upstream source code tarballs back to downstream distros:
whatsrc.org/
👍 to #ReproducibleBuilds hacker kpcyrd for developing this!
So, Philipp Kern dropped by asking if we could do some #ReproducibleBuilds verifications of recent Debian Security updates, given, well the whole #xz mess... and that our build infrastructure may have run compromised code at some point...
So I did a quick pass at a handful of updates and everything verified ok so far, though I skipped some of the probably more juicy targets such as chromium and firefox:
lists.reproducible-builds.org/…
Debian is reproducible enough to at least try this sort of thing!
I independently reproduced the #NixOS minimal installation ISO!
This is an amazing milestone for me personally: I've been involved in #ReproducibleBuilds since 2017 and #NixOS since 2019, and have been slowly chipping away at this problem. While there is much more to do to further reap the benefits of reproducibility, this is a long-awaited tangible benefit.
For more about the What, Why, How and What Next, check the post below :)
discourse.nixos.org/t/nixos-re…
We have successfully created an independent, bit-by-bit-identical rebuild of the nixos-minimal ISO published by Hydra 🎉 Why is this useful? While there are a number of ‘side-benefits’, the main point of Reproducible Builds is that it gives us a rel…NixOS Discourse
We've updated our monthly overview of F-Droid apps published with Reproducible Builds again: 21 new RB apps were added in June, making 145 RB apps in total.
gitlab.com/obfusk/fdroid-misc-…
[github mirror] fdroid-misc-scripts - miscellaneous scripts to analyse f-droid app dataGitLab
We recently updated the @fdroidorg Inclusion How-To with a new section explaining why we consider #ReproducibleBuilds to be best practice and are hoping developers will support our efforts to make as many (new) apps reproducible as we reasonably can (whilst hopefully making sure it's clear this is not a mandatory requirement):
f-droid.org/docs/Inclusion_How…
This page documents how a new application gets included in the main F-Droidrepository. It includes the technical details that a submitter should beaware of.A...f-droid.org
Not too long ago, your two hands would have been enough to count the #reproducibleBuilds at @fdroidorg – but now it doesn't even help taking your shoes off to call your toes in. It's 50 now, and counting! I just successfully got an author's and my own first RB in ("with a little help from my friends"), and have 2 more pending
So yes: expect more and more apps this way now. Install from #FDroid – update from Github if needed; signature matches. Just the GUI needs to show that now…
Have you heard about #ReproducibleBuilds? This is one of the biggest #security benefits of #FOSS. On #Android, this technique ensures that the #FDroid version of an app exactly matches the developer's version.
Read our article below for more details and to see how easy it is for developers to get set up:
f-droid.org/en/2023/01/15/towa…
A common criticism directed at F-Droid is that F-Droid signs published APKswith its own keys. Using our own keys doesn’t mean insecure — we have a goodtrack ...f-droid.org
