fdroid: make reproducible by siddarthkay · Pull Request #20807 · status-im/status-app

siddarthkay · 2026-05-08T15:18:08Z

Summary

This ensures that apk generated for each commit is exactly byte identical as the previous run.
Satisfying the reproducible builds requirement for Fdroid.
This also ensures that Fdroid will use our signed apk for publishing their releases and gives them ability to auto update without us having to open an MR to fdroid repo.

Depends on :

status-im-auto · 2026-05-08T15:27:02Z

Jenkins Builds

Click to see older builds (102)

❔	Commit	#️⃣	Finished (UTC)	Duration	Platform	Result
✔️	`7ba7df5`	1	2026-05-08 15:27:02	~8 min	`tests/nim`	📄`log`
❌	`7ba7df5`	1	2026-05-08 15:27:36	~9 min	`android/arm64`	📄`log`
✔️	`7ba7df5`	1	2026-05-08 15:30:02	~11 min	`ios/aarch64`	📱`ipa` 📲

✔️	`2e541bd`	2	2026-05-08 15:43:53	~12 min	`ios/aarch64`	📱`ipa` 📲
❌	`2e541bd`	2	2026-05-08 15:44:03	~12 min	`android/arm64`	📄`log`
✔️	`2e541bd`	2	2026-05-08 15:45:21	~14 min	`tests/nim`	📄`log`
✔️	`2e541bd`	2	2026-05-08 15:47:37	~16 min	`macos/aarch64`	🍎`dmg`
✔️	`2e541bd`	2	2026-05-08 15:51:22	~20 min	`tests/ui`	📄`log`
✔️	`2e541bd`	2	2026-05-08 15:51:51	~20 min	`linux/x86_64`	📦`tgz`
✔️	`2e541bd`	2	2026-05-08 16:09:31	~38 min	`windows/x86_64`	💿`exe`
✔️	`2e541bd`	11159	2026-05-08 16:40:40	~48 min	`tests/e2e`	📊`rpt`
✔️	`2e541bd`	3125	2026-05-08 17:13:17	~1 hr 3 min	`tests/e2e-windows`	📊`rpt`

✔️	`ba25cdb`	3	2026-05-08 16:34:12	~8 min	`tests/nim`	📄`log`
✔️	`ba25cdb`	3	2026-05-08 16:36:11	~10 min	`android/arm64`	🤖`apk` 📲
✔️	`ba25cdb`	3	2026-05-08 16:38:18	~12 min	`ios/aarch64`	📱`ipa` 📲
✔️	`ba25cdb`	3	2026-05-08 16:39:12	~13 min	`tests/ui`	📄`log`
✔️	`ba25cdb`	3	2026-05-08 16:41:56	~16 min	`macos/aarch64`	🍎`dmg`
✔️	`ba25cdb`	3	2026-05-08 16:42:56	~17 min	`linux/x86_64`	📦`tgz`
✔️	`ba25cdb`	3	2026-05-08 16:49:19	~23 min	`windows/x86_64`	💿`exe`
✔️	`ba25cdb`	11160	2026-05-08 17:10:41	~27 min	`tests/e2e`	📊`rpt`
✖️	`ba25cdb`	3099	2026-05-08 17:21:17	~44 min	`tests/e2e-android`	📦`pkg`
✔️	`ba25cdb`	3126	2026-05-08 17:30:54	~41 min	`tests/e2e-windows`	📊`rpt`

✔️	`78bb444`	4	2026-05-08 17:28:09	~8 min	`tests/nim`	📄`log`
✔️	`78bb444`	4	2026-05-08 17:29:22	~9 min	`android/arm64`	🤖`apk` 📲
✔️	`78bb444`	4	2026-05-08 17:32:19	~12 min	`ios/aarch64`	📱`ipa` 📲
✔️	`78bb444`	4	2026-05-08 17:34:51	~15 min	`tests/ui`	📄`log`
✔️	`78bb444`	4	2026-05-08 17:35:52	~16 min	`macos/aarch64`	🍎`dmg`
✔️	`78bb444`	4	2026-05-08 17:36:26	~16 min	`linux/x86_64`	📦`tgz`
✔️	`78bb444`	4	2026-05-08 17:42:01	~22 min	`windows/x86_64`	💿`exe`
✖️	`78bb444`	3102	2026-05-08 17:53:19	~23 min	`tests/e2e-android`	📦`pkg`
✔️	`78bb444`	11163	2026-05-08 17:59:57	~23 min	`tests/e2e`	📊`rpt`
✔️	`78bb444`	3128	2026-05-08 18:17:06	~34 min	`tests/e2e-windows`	📊`rpt`

✔️	`066f7d1`	5	2026-05-08 18:43:01	~8 min	`tests/nim`	📄`log`

✔️	`5ba93cc`	7	2026-05-08 18:57:23	~7 min	`tests/nim`	📄`log`
✔️	`5ba93cc`	7	2026-05-08 19:00:01	~9 min	`android/arm64`	🤖`apk` 📲
✔️	`5ba93cc`	7	2026-05-08 19:02:06	~11 min	`tests/ui`	📄`log`
✔️	`5ba93cc`	7	2026-05-08 19:02:55	~12 min	`ios/aarch64`	📱`ipa` 📲
✔️	`5ba93cc`	7	2026-05-08 19:06:38	~16 min	`macos/aarch64`	🍎`dmg`
✔️	`5ba93cc`	7	2026-05-08 19:07:24	~17 min	`linux/x86_64`	📦`tgz`
✖️	`5ba93cc`	3104	2026-05-08 19:11:27	~11 min	`tests/e2e-android`	📦`pkg`
✔️	`5ba93cc`	3130	2026-05-08 19:16:32	~18 min	`tests/e2e-windows`	📊`rpt`
✔️	`5ba93cc`	11165	2026-05-08 19:23:58	~16 min	`tests/e2e`	📊`rpt`
✔️	`5ba93cc`	7	2026-05-08 19:29:03	~38 min	`windows/x86_64`	💿`exe`
✔️	`5ba93cc`	3131	2026-05-08 19:47:51	~18 min	`tests/e2e-windows`	📊`rpt`

✔️	`f3f6548`	8	2026-05-09 02:58:41	~7 min	`tests/nim`	📄`log`
✔️	`f3f6548`	8	2026-05-09 03:00:59	~10 min	`android/arm64`	🤖`apk` 📲
✔️	`f3f6548`	8	2026-05-09 03:03:11	~12 min	`tests/ui`	📄`log`
✔️	`f3f6548`	8	2026-05-09 03:03:32	~12 min	`ios/aarch64`	📱`ipa` 📲
✔️	`f3f6548`	8	2026-05-09 03:07:06	~16 min	`macos/aarch64`	🍎`dmg`
✔️	`f3f6548`	8	2026-05-09 03:08:00	~17 min	`linux/x86_64`	📦`tgz`
✔️	`f3f6548`	8	2026-05-09 03:13:00	~22 min	`windows/x86_64`	💿`exe`
✔️	`f3f6548`	11167	2026-05-09 03:24:31	~16 min	`tests/e2e`	📊`rpt`
✖️	`f3f6548`	3106	2026-05-09 03:27:33	~26 min	`tests/e2e-android`	📦`pkg`
✖️	`f3f6548`	3133	2026-05-09 03:31:46	~18 min	`tests/e2e-windows`	📊`rpt`
✖️	`f3f6548`	3130	2026-05-11 06:43:04	~1 hr 11 min	`tests/e2e-android`	📦`pkg`
✖️	`f3f6548`	3162	2026-05-12 06:17:44	~47 min	`tests/e2e-android`	📦`pkg`

✔️	e14259a0	9	2026-05-11 05:31:47	~13 min	`android/arm64`	🤖`apk` 📲

✔️	9ec90791	10	2026-05-12 05:29:43	~11 min	`android/arm64`	🤖`apk` 📲

✔️	`1c4df41`	9	2026-05-15 13:10:34	~7 min	`tests/nim`	📄`log`
✔️	`1c4df41`	9	2026-05-15 13:15:59	~13 min	`ios/aarch64`	📱`ipa` 📲
✔️	`1c4df41`	9	2026-05-15 13:16:12	~13 min	`tests/ui`	📄`log`
✔️	`1c4df41`	9	2026-05-15 13:19:56	~16 min	`macos/aarch64`	🍎`dmg`
✔️	`1c4df41`	9	2026-05-15 13:20:18	~17 min	`linux/x86_64`	📦`tgz`
✔️	`1c4df41`	9	2026-05-15 13:25:59	~22 min	`windows/x86_64`	💿`exe`
✔️	`1c4df41`	3222	2026-05-15 13:44:49	~18 min	`tests/e2e-windows`	📊`rpt`
✔️	`1c4df41`	11265	2026-05-15 13:45:25	~25 min	`tests/e2e`	📊`rpt`
✖️	`1c4df41`	3236	2026-05-15 14:37:39	~1 hr 24 min	`tests/e2e-android`	📦`pkg`
✖️	`1c4df41`	3405	2026-05-23 06:34:04	~1 hr 4 min	`tests/e2e-android`	📦`pkg`
✖️	`1c4df41`	3487	2026-05-27 07:11:49	~1 hr 42 min	`tests/e2e-android`	📦`pkg`

✔️	98b0e73c	11	2026-05-15 13:13:00	~10 min	`android/arm64`	🤖`apk` 📲

✔️	842ec79b	12	2026-05-20 05:30:15	~11 min	`android/arm64`	🤖`apk` 📲

✔️	648a5d5a	13	2026-05-21 05:30:46	~12 min	`android/arm64`	🤖`apk` 📲

✔️	fc976662	15	2026-05-23 05:29:15	~10 min	`android/arm64`	🤖`apk` 📲

✔️	79a5da25	16	2026-05-26 05:29:09	~10 min	`android/arm64`	🤖`apk` 📲

✔️	2dcd12f6	17	2026-05-27 05:29:16	~10 min	`android/arm64`	🤖`apk` 📲

✔️	2432eee3	18	2026-05-29 05:57:27	~38 min	`android/arm64`	🤖`apk` 📲

✔️	`3d77527`	12	2026-06-01 05:01:23	~7 min	`tests/nim`	📄`log`
❌	`3d77527`	21	2026-06-01 05:01:46	~7 min	`android/arm64`	📄`log`
❌	`3d77527`	12	2026-06-01 05:03:32	~9 min	`ios/aarch64`	📄`log`
❌	`3d77527`	12	2026-06-01 05:03:40	~9 min	`macos/aarch64`	📄`log`
❌	`3d77527`	12	2026-06-01 05:04:15	~10 min	`linux/x86_64`	📄`log`
✔️	`3d77527`	12	2026-06-01 05:06:25	~12 min	`tests/ui`	📄`log`

✔️	`6f54b3a`	14	2026-06-01 05:18:32	~7 min	`tests/nim`	📄`log`
✔️	`6f54b3a`	23	2026-06-01 05:20:48	~9 min	`android/arm64`	🤖`apk` 📲
✔️	`6f54b3a`	14	2026-06-01 05:22:37	~11 min	`tests/ui`	📄`log`
✔️	`6f54b3a`	14	2026-06-01 05:23:15	~12 min	`ios/aarch64`	📱`ipa` 📲
✔️	`6f54b3a`	14	2026-06-01 05:25:30	~14 min	`macos/aarch64`	🍎`dmg`
✔️	`6f54b3a`	14	2026-06-01 05:28:04	~17 min	`linux/x86_64`	📦`tgz`
✔️	`6f54b3a`	14	2026-06-01 05:33:35	~22 min	`windows/x86_64`	💿`exe`
✔️	`6f54b3a`	11511	2026-06-01 05:43:36	~15 min	`tests/e2e`	📊`rpt`
✖️	`6f54b3a`	3449	2026-06-01 05:51:13	~17 min	`tests/e2e-windows`	📊`rpt`
✔️	`6f54b3a`	3581	2026-06-01 05:54:05	~33 min	`tests/e2e-android`	📦`pkg`

✔️	`d2145c5`	15	2026-06-01 05:59:10	~8 min	`tests/nim`	📄`log`
✔️	`d2145c5`	24	2026-06-01 05:59:53	~9 min	`android/arm64`	🤖`apk` 📲
✔️	`d2145c5`	15	2026-06-01 06:02:24	~11 min	`ios/aarch64`	📱`ipa` 📲
✔️	`d2145c5`	15	2026-06-01 06:03:55	~13 min	`tests/ui`	📄`log`
✔️	`d2145c5`	15	2026-06-01 06:04:17	~13 min	`macos/aarch64`	🍎`dmg`
✔️	`d2145c5`	15	2026-06-01 06:07:04	~16 min	`linux/x86_64`	📦`tgz`
✔️	`d2145c5`	15	2026-06-01 06:13:36	~22 min	`windows/x86_64`	💿`exe`
✔️	`d2145c5`	11512	2026-06-01 06:22:54	~15 min	`tests/e2e`	📊`rpt`
✖️	`d2145c5`	3450	2026-06-01 06:33:17	~19 min	`tests/e2e-windows`	📊`rpt`
✖️	`d2145c5`	3582	2026-06-01 06:39:19	~39 min	`tests/e2e-android`	📦`pkg`

❔	Commit	#️⃣	Finished (UTC)	Duration	Platform	Result
✔️	`1640597`	16	2026-06-01 08:30:05	~8 min	`tests/nim`	📄`log`
✔️	`1640597`	25	2026-06-01 08:31:38	~9 min	`android/arm64`	🤖`apk` 📲
✔️	`1640597`	16	2026-06-01 08:34:29	~12 min	`tests/ui`	📄`log`
✔️	`1640597`	16	2026-06-01 08:36:16	~14 min	`ios/aarch64`	📱`ipa` 📲
✔️	`1640597`	16	2026-06-01 08:39:20	~17 min	`linux/x86_64`	📦`tgz`
✔️	`1640597`	16	2026-06-01 08:41:35	~19 min	`macos/aarch64`	🍎`dmg`
✔️	`1640597`	16	2026-06-01 08:47:17	~25 min	`windows/x86_64`	💿`exe`
✔️	`1640597`	11517	2026-06-01 08:55:09	~15 min	`tests/e2e`	📊`rpt`
✔️	`1640597`	3453	2026-06-01 09:07:55	~20 min	`tests/e2e-windows`	📊`rpt`
✖️	`1640597`	3585	2026-06-01 09:42:43	~1 hr 10 min	`tests/e2e-android`	📦`pkg`

jakubgs · 2026-05-15T13:58:46Z

+          def keystore = creds.androidKeystorePrefix()
+          withCredentials([
+            file(
+              credentialsId: "${keystore}-file",
+              variable: 'KEYSTORE_PATH'
+            ),
+            string(
+              credentialsId: "${keystore}-pass",
+              variable: 'KEYSTORE_PASSWORD'
+            ),
+            usernamePassword(
+              credentialsId: "${keystore}-key-pass",
+              usernameVariable: 'KEYSTORE_ALIAS',
+              passwordVariable: 'KEYSTORE_KEY_PASSWORD'
+            ),


Try not to provide credentials in Jenkinsfiles. Use our jenkins lib for that.

Also, why not use fdroid/generate-keystore.sh as we did before?

jakubgs · 2026-05-15T13:59:44Z

+            /* apksigner is provided by the fdroid agent image (fdroid/Dockerfile).
+             * The F-Droid build emits a zipaligned, unsigned APK, so signing
+             * in place is sufficient. Passwords are passed via env: provider
+             * to keep them off the process command line. */
+            sh '''
+              set +x


Or we could just wrap it into a script too. What was wrong with fdroid/sign-apk.sh?

The problem with using a single use keystore is that Fdroid will use our signed apk as part of their releases ( if we enable reproducible builds as part of the manifest ).

If we regenerate keystore each time users won't be able to update the app since it would have been signed each time with different key.

What? Surely that's wrong. F-Droid sign releases they build themselves with their own key. It wouldn't make sense otherwise.

Incase you enable "reproducible builds" this is the new procedure I guess.
They just verify our signed apk with the signature we provide and use that instead of signing themseleves, and it seems like they prefer that way over signing themselves.

see comment by Lliacon : https://gitlab.com/fdroid/fdroiddata/-/merge_requests/32193#note_3351802215

jakubgs · 2026-05-15T14:01:45Z

+	GOFLAGS="-trimpath -buildvcs=false" \
+	GOMODCACHE="$(BUILD_PATH)/.gomodcache" \
+	CGO_CFLAGS="-ffile-prefix-map=$(HOME)=." \
+	CGO_CXXFLAGS="-ffile-prefix-map=$(HOME)=." \


This needs comment too.

siddarthkay self-assigned this May 8, 2026

siddarthkay force-pushed the fdroid-unsigned-reproducible branch from 7ba7df5 to 2e541bd Compare May 8, 2026 15:30

siddarthkay requested a review from a team as a code owner May 8, 2026 15:30

siddarthkay force-pushed the fdroid-unsigned-reproducible branch 6 times, most recently from 5ba93cc to f3f6548 Compare May 9, 2026 02:50

jakubgs approved these changes May 15, 2026

View reviewed changes

siddarthkay force-pushed the fdroid-unsigned-reproducible branch 3 times, most recently from 6019401 to 3d77527 Compare June 1, 2026 04:53

siddarthkay changed the title ~~fdroid: nuke self signing and make builds reproducible~~ fdroid: make reproducible Jun 1, 2026

siddarthkay marked this pull request as draft June 1, 2026 05:06

siddarthkay force-pushed the fdroid-unsigned-reproducible branch from 3d77527 to da198cb Compare June 1, 2026 05:07

fdroid: make reproducible

6f54b3a

siddarthkay force-pushed the fdroid-unsigned-reproducible branch from da198cb to 6f54b3a Compare June 1, 2026 05:10

siddarthkay added 2 commits June 1, 2026 11:18

chore: cleanup

31ed865

chore: bump status-go

d2145c5

siddarthkay mentioned this pull request Jun 1, 2026

fix: make c-bindings reproducible between runs status-im/status-go#7494

Open

chore: moar cleanup

1640597

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fdroid: make reproducible#20807

fdroid: make reproducible#20807
siddarthkay wants to merge 4 commits into
masterfrom
fdroid-unsigned-reproducible

siddarthkay commented May 8, 2026 •

edited

Loading

Uh oh!

status-im-auto commented May 8, 2026 •

edited

Loading

Uh oh!

jakubgs May 15, 2026

Uh oh!

jakubgs May 15, 2026

Uh oh!

jakubgs May 15, 2026

Uh oh!

siddarthkay May 18, 2026

Uh oh!

jakubgs May 19, 2026

Uh oh!

siddarthkay May 19, 2026

Uh oh!

jakubgs May 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

siddarthkay commented May 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Uh oh!

status-im-auto commented May 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Jenkins Builds

Uh oh!

jakubgs May 15, 2026

Choose a reason for hiding this comment

Uh oh!

jakubgs May 15, 2026

Choose a reason for hiding this comment

Uh oh!

jakubgs May 15, 2026

Choose a reason for hiding this comment

Uh oh!

siddarthkay May 18, 2026

Choose a reason for hiding this comment

Uh oh!

jakubgs May 19, 2026

Choose a reason for hiding this comment

Uh oh!

siddarthkay May 19, 2026

Choose a reason for hiding this comment

Uh oh!

jakubgs May 15, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

siddarthkay commented May 8, 2026 •

edited

Loading

status-im-auto commented May 8, 2026 •

edited

Loading