Skip to content
This repository has been archived by the owner on Oct 12, 2023. It is now read-only.

Please provide instructions to reproduce your app found on Google Play #726

Open
Giszmo opened this issue Dec 2, 2021 · 2 comments
Open

Please provide instructions to reproduce your app found on Google Play #726

Giszmo opened this issue Dec 2, 2021 · 2 comments

Comments

@Giszmo
Copy link

Giszmo commented Dec 2, 2021

Is your feature request related to a problem? Please describe.

Not all users can configure and compile their own app. Most default to installing what is on Google Play, making this a lucrative target for thieves. If the release manager is compromised, not even team members can sound the alarm before all wallets get emptied.

Describe the solution you'd like

Please implement internal routines to reproduce release candidates and check what actually gets released using reproducible builds.

Please allow the public to also do these checks.

Additional context/Screenshots

I track Bitcoin wallets and their reproducibility and currently failed to reproduce RWallet due to missing .env file and a way of producing unsigned builds.
@pointbiz
Copy link

I also want this feature because I'd like to fork the open source code and work on the project.

@emanuelb
Copy link

@pointbiz here almost complete build instructions (as there is build failure) to compile latest version in git 2.0.2 which is the latest commit: 04c2694
this version isn't released in google-play or via github release yet, opened issue about it at: #728

Run podman build --pull --rm -t rwallet2_build_apk_deb -f ContainerFileDeb

ContainerFileDeb file content:

FROM debian:sid-slim

RUN set -ex; \
    mkdir -p /usr/share/man/man1/; \
    apt-get update; \
    DEBIAN_FRONTEND=noninteractive apt-get install --yes -o APT::Install-Suggests=false --no-install-recommends \
        npm \
        git \
        binutils \
        openjdk-11-jdk ; \
    rm -rf /var/lib/apt/lists/*; \
    useradd -ms /bin/bash appuser;
    
USER appuser

ENV NODE_ENV="development" \
    ANDROID_SDK_ROOT="/home/appuser/app/sdk/" \
    ANDROID_HOME="/home/appuser/app/sdk/"

RUN set -ex; \
    mkdir -p "/home/appuser/app/sdk/licenses" "/home/appuser/app/"; \
    printf "\n24333f8a63b6825ea9c5514f83c2829b004d1fee" > "/home/appuser/app/sdk/licenses/android-sdk-license"; \
    cd /home/appuser/app/; \
    git clone https://github.com/rsksmart/rwallet/;

WORKDIR /home/appuser/app/rwallet/

RUN set -ex; \
    git checkout 04c2694cb757a78cf9a7533ca6f7364252823553; \
    cd ./android; \
    keytool -genkey -alias rwallet_alias -keystore /home/appuser/app/rwallet/android/app/rwallet.pfx -storetype PKCS12 -keyalg RSA -keysize 4096 -storepass rwallet_alias -keypass rwallet_alias -validity 10000 -dname CN=IL;

# json taken from https://github.com/blockchain/My-Wallet-V3-Android/blob/75ebe718cb99c6d302efb90447f1719973deb93f/scripts/quick_start.sh#L7-L46 just changed package_name to com.rsk.rwallet.v2
# Values in .env file are from APK: assets/index.android.bundle file.

RUN set -ex; \
echo 'PARSE_SERVER_URL=https://rwallet.app/v1\n\
RWALLET_API_KEY=0718353e-a003-4692-bbd0-fb4d4b122a1d\n\
RWALLET_ENV=' > /home/appuser/app/rwallet/.env; \
echo '\n\
MYAPP_UPLOAD_STORE_FILE=rwallet.pfx\n\
MYAPP_UPLOAD_KEY_ALIAS=rwallet_alias\n\
MYAPP_UPLOAD_STORE_PASSWORD=rwallet_alias\n\
MYAPP_UPLOAD_KEY_PASSWORD=rwallet_alias\n\
' >> /home/appuser/app/rwallet/android/gradle.properties; \
echo "{\
  \"project_info\": {\
    \"project_number\": \"623252783566\",\
    \"firebase_url\": \"https://blockchaintest-ecd1c.firebaseio.com\",\
    \"project_id\": \"blockchaintest-ecd1c\",\
    \"storage_bucket\": \"blockchaintest-ecd1c.appspot.com\"\
  },\
  \"client\": [\
    {\
      \"client_info\": {\
        \"mobilesdk_app_id\": \"1:623252783566:android:02baff6e6c46ed96232b9f\",\
        \"android_client_info\": {\
          \"package_name\": \"com.rsk.rwallet.v2\"\
        }\
      },\
      \"oauth_client\": [\
        {\
          \"client_id\": \"623252783566-o6j47jlpan97fnibnr0vosvc4lh71sm1.apps.googleusercontent.com\",\
          \"client_type\": 3\
        }\
      ],\
      \"api_key\": [\
        {\
          \"current_key\": \"INSERT KEY HERE\"\
        }\
      ],\
      \"services\": {\
        \"appinvite_service\": {\
          \"other_platform_oauth_client\": [\
            {\
              \"client_id\": \"623252783566-o6j47jlpan97fnibnr0vosvc4lh71sm1.apps.googleusercontent.com\",\
              \"client_type\": 3\
            }\
          ]\
        }\
      }\
    }\
  ],\
  \"configuration_version\": \"1\"\
}" > /home/appuser/app/rwallet/android/app/google-services.json;

Run:
podman run --rm --name rwallet2_build_apk_deb -ti rwallet2_build_apk_deb

in container run commands:

npm install --no-audit --no-fund;
cd /home/appuser/app/rwallet/android/;
sed -i 's/android:minSdkVersion="16" //g' /home/appuser/app/rwallet/node_modules/react-native-i18n/android/src/main/AndroidManifest.xml;
sed -i '/buildToolsVersion/a lintOptions {\ncheckReleaseBuilds false\nabortOnError false\n}' /home/appuser/app/rwallet/android/app/build.gradle;
./gradlew assembleRelease;

There error in:

Execution failed for task ':react-native-camera:extractGeneralReleaseAnnotations'.
Caused by: java.lang.NullPointerException

@emanuelb emanuelb mentioned this issue Mar 14, 2022
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Giszmo @pointbiz @emanuelb