Zap Android reproducible build
VPS
Digital Ocean Ubuntu 18.04 (LTS) x64
Setup
sudo apt update && sudo apt install -y unzip git
export COMPILE_API=29
export ANDROID_BUILD_TOOLS=29.0.2
export ADB_INSTALL_TIMEOUT=8
export ANDROID_HOME=${HOME}/android-sdk
export ANDROID_TOOLS_URL="https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip"
export EMU_FLAVOR=default # use google_apis flavor if no default flavor emulator
export GRAVIS="https://raw.githubusercontent.com/DanySK/Gravis-CI/master/"
export JDK="1.8"
export TOOLS=${ANDROID_HOME}/tools
export PATH=${ANDROID_HOME}:${ANDROID_HOME}/emulator:${TOOLS}:${TOOLS}/bin:${ANDROID_HOME}/platform-tools:${PATH}
export API=28
export TRAVIS_OS_NAME="linux"
# Set up JDK 8 for Android SDK
curl "${GRAVIS}.install-jdk-travis.sh" --output ~/.install-jdk-travis.sh
export TARGET_JDK="${JDK}"
source ~/.install-jdk-travis.sh
# Set up Android SDK
wget -q "${ANDROID_TOOLS_URL}" -O android-sdk-tools.zip
unzip -q android-sdk-tools.zip -d ${ANDROID_HOME}
rm android-sdk-tools.zip
mkdir ~/.android # avoid harmless sdkmanager warning
echo 'count=0' > ~/.android/repositories.cfg # avoid harmless sdkmanager warning
yes | sdkmanager --licenses >/dev/null # accept all sdkmanager warnings
echo y | sdkmanager --no_https "platform-tools" >/dev/null
echo y | sdkmanager --no_https "tools" >/dev/null # A second time per Travis docs, gets latest versions
echo y | sdkmanager --no_https "build-tools;${ANDROID_BUILD_TOOLS}" >/dev/null # Implicit gradle dependency - gradle drives changes
echo y | sdkmanager --no_https "platforms;android-${COMPILE_API}" >/dev/null # We need the API of the current compileSdkVersion from gradle.properties
Build
# Build v0.5.1-beta
git clone -b v0.5.1-beta https://github.com/LN-Zap/zap-android.git
pushd zap-android
./gradlew assembleRelease
popd
Diff
wget https://github.com/LN-Zap/zap-android/releases/download/v0.5.1-beta/zap-android-0.5.1-beta.31.-release.apk
unzip -d signed zap-android-0.5.1-beta.31.-release.apk
unzip -d unsigned zap-android/app/build/outputs/apk/release/'zap-android-0.5.1-beta(31)-release-unsigned.apk'
# Now if all match, the only diff should be the three files generated inside META-INF that are added when signing the APK: CERT.RSA, CERT.SF and MANIFEST.MF
diff -qr signed unsigned
keytool -printcert -file signed/META-INF/CERT.RSA
shasum -a 256 zap-android-0.5.1-beta.31.-release.apk
Video