Announcing Android Reproducible Builds at IzzyOnDroid with rbtlog
Simon Josefsson
simon at josefsson.org
Thu Aug 1 03:36:26 UTC 2024
Fay Stegerman <flx at obfusk.net> writes:
> rbtlog [3] is a Reproducible Builds transparency log for Android APKs. Its git
> repository contains scripts forming a rebuilder framework, recipes to build
> various apps, rebuild logs forming a transparency log of reproduction attempts,
> and CI workflows to automate everything. It allows anyone to easily run a
> rebuilder for any apps available from a git repository with release tags plus
> accompanying APKs built and signed by the developer.
Nice! Are the build dependencies (e.g., Android SDK) built from source
these days, or are they used as a untrusted binary blob during these
builds? I recall rebuilding Android SDK from source used to be tricky.
/Simon
More information about the rb-general
mailing list