Announcing Android Reproducible Builds at IzzyOnDroid with rbtlog
Fay Stegerman
flx at obfusk.net
Wed Jul 31 22:03:14 UTC 2024
Hi,
IzzyOnDroid [1] is the largest 3rd-party F-Droid-compatible repository of open
source Android apps (almost 1200 currently), publishing a collection of official
binaries (APKs) built by the original application developers and provided via
repositories on GitHub, GitLab, Codeberg, etc. It provides a convenient way to
install and update apps, as well as additional security and transparency via
multiple custom scans and checks [2].
rbtlog [3] is a Reproducible Builds transparency log for Android APKs. Its git
repository contains scripts forming a rebuilder framework, recipes to build
various apps, rebuild logs forming a transparency log of reproduction attempts,
and CI workflows to automate everything. It allows anyone to easily run a
rebuilder for any apps available from a git repository with release tags plus
accompanying APKs built and signed by the developer.
The rbtlog I run currently provides rebuild logs for dozens of apps available
via IzzyOnDroid as well as e.g. NewPipe and Threema. Izzy himself runs another
rbtlog instance [4] providing coverage of even more IzzyOnDroid apps. And there
are more to come!
We are pleased to announce "Reproducible Builds, special client support and more
in our repo" [5]: a collaboration between various independent interoperable
projects: the IzzyOnDroid team, 3rd-party clients Droid-ify & Neo Store, and
rbtlog (part of my collection of tools for Android Reproducible Builds) to bring
Reproducible Builds to IzzyOnDroid and the wider Android ecosystem.
- Fay
[1] https://apt.izzysoft.de/fdroid/
[2] https://android.izzysoft.de/articles/named/iod-scan-apkchecks
[3] https://github.com/obfusk/rbtlog
[4] https://codeberg.org/IzzyOnDroid/rbtlog
[5] https://android.izzysoft.de/articles/named/iod-rbs-mirrors-clients
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20240801/9375baf7/attachment.sig>
More information about the rb-general
mailing list