Reproducible builds #1388
Comments
|
@advplyr any word? |
|
We could replace axios but we're not going to be able to update to nuxt3 if that is what is required. We may not go forward with that migration and change frameworks instead but nothing is decided yet. If it is a requirement to migrate to nuxt3 for reproducible builds then that will probably not happen for a while. |
|
Thanks, I see. No pressure; if you think it would be worth to try again for RB, please give us a ping here and we'll run a test. All we'd need for that is an APK built and signed by you from a clean tree at a commit you name along, so we can build from the same. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
At IzzyOnDroid we support Reproducible Builds (see: Reproducible Builds, special client support and more at IzzyOnDroid). Trying for yours, I was able to successfully generate the APK using
./gradlew assembleRelease, but the resulting APKs were not identical: all theassets/public/_nuxt/*.jsuse completely different file names, for example. Digging into that, I found:@nuxt/axios(5.13.6, which is the latest one), which in turn@nuxtjs/proxy(2.1.0, which again is the latest one), which thennuxt: 2.14.11– a quite outdated version (they are at 3.x already), which produces non-deterministic output, see e.g.Now there is no newer release of Axios. So before digging into the other differences: do you see a chance to fix this, e.g. with some replacement for Axios? If so, the other differences are in
classes.dexplus in a bunch of HTML files (which use those Nuxt assets and thus are an "iterative issue" most likely solved alongside the Axios one), plus some*.txtfiles inpublic/fonts/*/(Windows line-breaks; this one can easily be fixed on our end).The underlying issue at Nuxt is supposed to be fixed – just the "dependency tree" here enforces an old version which is not yet fixed.
The text was updated successfully, but these errors were encountered: