42
submitted 6 months ago* (last edited 6 months ago) by barbara@lemmy.ml to c/fdroid@lemmy.ml

It's awesome there are already so many reproduxible builds on fdroid. Why aren't there more? Do devs simply not care enough? Or is it too difficult?

you are viewing a single comment's thread
view the rest of the comments
[-] dipak@lemmy.ml 2 points 6 months ago

Few things which makes achieving reproducible/deterministic builds hard are - timestamps of generated/compiled files, continuously updating versions of build tools(+support libraries), output binary difference compiled across different OS.

We can use docker based build system for this, but it would require very carefully configured Dockerfile to keep the build tools+libraries on specific version. And if we do a pre-built Docker Image, then the Reproducibility of that Docker Image has to be proven first. It is indeed a difficult task, but not an impossible one. With F-Droid providing a sound framework for reproducible build generation, I believe we would have majority of large Android Apps reproducible in next few years.

this post was submitted on 22 Apr 2024
42 points (100.0% liked)

F-Droid

8080 readers
24 users here now

F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.

Website | GitLab | Mastodon

Matrix space | forum | IRC

founded 3 years ago
MODERATORS