[rb-general] Reproducible Android apps: resources.arsc
Torsten Grote
t at grobox.de
Mon Jun 18 22:36:23 CEST 2018
Hi Chris,
On 06/18/2018 05:14 PM, Chris Lamb wrote:
> Thanks for your email. Please excuse my terse reply :)
No problem. I am German. Your reply is totally fine ;)
> Possibly, but if .apk files are "just" .zip files then diffoscope
> should really be able to handle them better.
AFAIK diffoscope uses apktool to show more differences in APK files. The
zip differences are shown via zipinfo, so I am not sure there's more
diffoscope could do.
> Could you perhaps provide two .apk files in question, ideally in a
> wishlist bug against diffoscope?
I could do that. Do you want me to go ahead with this regardless of
whether apktool is responsible for it?
> Eek! I must say this made me squirm IRl as disorderfs was intended to
> locate, detect and ultimately fix non-determinism, not to work-around
> it! :'-(
Yeah, sorry about that. It was the only solution we could find. But that
is why I am here asking for better ideas. Also it gives us the clue that
the file ordering is probably responsible for the differences. We
consider it just a temporary work-around.
> If disorderfs ""fixes"" the issue for you, then you at least know the
> reason why. What tool, exactly, is creating these files?
The Android build process is a bit obscure. I suspect the aapt2 tool
from the Android SDK build-tools is responsible, but it might also be
the android gradle plugin.
Anyway, I agree the issue would need to be solved in Android upstream.
That is why I opened a ticket with them that I had linked in my previous
mail and which includes a bit more details.
Kind Regards,
Torsten
More information about the rb-general
mailing list