reproducible .pyc files (& python-for-android)

Leo Wandersleb leo at LeoWandersleb.de
Mon Jan 4 15:39:39 UTC 2021 

The section

> Last month we reported <https://reproducible-builds.org/reports/2020-11/> on a
fork of the official German Corona App called /Corona Warn App/
<https://github.com/corona-warn-app/cwa-app-android>. Since then, the
application is now available on the F-Droid free-software app store
<https://f-droid.org/> (without integration with Google-operated services).
However, the version on /F-Droid/ also supports reproducible builds, and
instructions on how to rebuild the package
<https://codeberg.org/corona-contact-tracing-germany/cwa-android/src/branch/main/docs/rebuilding.md>
are available from the upstream Git repository
<https://codeberg.org/corona-contact-tracing-germany/cwa-android/src/branch/main>. (FSFE’s
announcement. <https://fsfe.org/news/2020/news-20201208-01.en.html>)

could be more clear. I'm confused. Is this a working Corona App or is in
incompatible with the "official" one? If not, it's kind of not good news for
reproducible builds so this detail matters.
Also the first sentence is not sufficiently clear about whether the link is to
the upstream repo or to the fork repo.

On 1/2/21 11:25 AM, Felix C. Stegerman wrote:
> Hi!
>
> I'm trying to get python-for-android (p4a) to build reproducible
> .APKs [1].
>
> At the moment I'm trying to figure out why I'm getting different .pyc
> files (python bytecode) on Github Actions vs on a local VM (both
> Ubuntu 20.04).
>
> p4a compiles those with "hostpython -OO -m compileall -b -f" (where
> hostpython is the cross-compiled Python for the target -- arm64-v8a or
> armeabi-v7a -- which is thus definitely the same version on both
> machines).
>
> diffoscope outputs e.g.
>
> ├── distutils/command/__init__.pyc
> │ @@ -10,17 +10,17 @@
> │  00000090: 6962 5a0f 696e 7374 616c 6c5f 6865 6164  ibZ.install_head
> │  000000a0: 6572 735a 0f69 6e73 7461 6c6c 5f73 6372  ersZ.install_scr
> │  000000b0: 6970 7473 5a0c 696e 7374 616c 6c5f 6461  iptsZ.install_da
> │  000000c0: 7461 5a05 7364 6973 74da 0872 6567 6973  taZ.sdist..regis
> │  000000d0: 7465 725a 0562 6469 7374 5a0a 6264 6973  terZ.bdistZ.bdis
> │  000000e0: 745f 6475 6d62 5a09 6264 6973 745f 7270  t_dumbZ.bdist_rp
> │  000000f0: 6d5a 0d62 6469 7374 5f77 696e 696e 7374  mZ.bdist_wininst
> │ -00000100: 5a05 6368 6563 6b5a 0675 706c 6f61 644e  Z.checkZ.uploadN
> │ -00000110: 2901 da07 5f5f 616c 6c5f 5fa9 0072 0400  )...__all__..r..
> │ -00000120: 0000 7204 0000 00fa af2f 686f 6d65 2f72  ..r....../home/r
> │ +00000100: da05 6368 6563 6b5a 0675 706c 6f61 644e  ..checkZ.uploadN
> │ +00000110: 2901 da07 5f5f 616c 6c5f 5fa9 0072 0500  )...__all__..r..
> │ +00000120: 0000 7205 0000 00fa af2f 686f 6d65 2f72  ..r....../home/r
> │  00000130: 756e 6e65 722f 776f 726b 2f6a 6974 656e  unner/work/jiten
> │  00000140: 2f6a 6974 656e 2f61 6e64 726f 6964 2f2e  /jiten/android/.
> │  00000150: 6275 696c 646f 7a65 722f 616e 6472 6f69  buildozer/androi
> │  00000160: 642f 706c 6174 666f 726d 2f62 7569 6c64  d/platform/build
> │  00000170: 2d61 726d 3634 2d76 3861 2f62 7569 6c64  -arm64-v8a/build
> │  00000180: 2f6f 7468 6572 5f62 7569 6c64 732f 7079  /other_builds/py
> │  00000190: 7468 6f6e 332f 6172 6d36 342d 7638 615f  thon3/arm64-v8a_
>
> I'm hoping someone on this list knows how to fix this or can point me
> in the right direction.
>
> Thanks.
>
> - Felix
>
> [1] https://github.com/kivy/python-for-android/pull/2390

More information about the rb-general mailing list