| 21 Oct 2020 |
|  @cookiejarapps:matrix.org joined the room. | 19:41:54 |
| @cookiejarapps:matrix.org left the room. | 19:42:06 |
| 22 Oct 2020 |
 _hc | uniq: also, here's the EFF policy, I think we can already make sites like search and monitor be compliant: https://gitlab.com/fdroid/fdroid-website/-/merge_requests/415 | 07:17:16 |
 mimi89999 | What happened to verification? | 09:22:11 |
| mimi89999 | https://verification.f-droid.org/?C=M;O=D | 09:22:12 |
| mimi89999 | _hc: I think I found the difference between apks that F-Droid server is making when copying signatures and the original ones | 09:28:46 |
| mimi89999 | Our have the General purpose bit flag set to 0x0000, apksigner ones have it set to 0x0800. That flag would correspond to enhanced deflation. | 09:28:46 |
| mimi89999 | So the next source of non determinism that I found after file order is that strange compression thing. | 09:28:46 |
| _hc | verification needs a maintainer :) when i notice it, I kick it to get it going again | 09:35:35 |
| _hc | mimi89999: the compression thing should be easy to fix in theory, have you looked at zipfile in Python? | 09:36:43 |
| _hc | I guess the code should read that flag from the APK and make sure its preserved | 09:37:05 |
| mimi89999 | I was working recently on the Kotlin package (it's going forward really slowly) and didn't look much at F-Droid besides updating the destroy VM MR and reproducible signatures V2. | 10:05:33 |
| _hc | mimi89999: what's the blocker on kotlin now? | 10:08:26 |
| _hc | do you feel like it is close? | 10:08:57 |
| mimi89999 | Error Kotlin reflection implementation is not found at runtime | 10:09:03 |
| mimi89999 | No. I have no clue what can cause that issue and on top of that samyak had some health issues. | 10:10:13 |
| mimi89999 | But the previous blocker https://salsa.debian.org/android-tools-team/admin/-/issues/31 is now resolved. This one was just after the ASM 8 compilation issue, that I backported the fix for a mont ago. | 10:12:29 |
| mimi89999 | _hc: I see no way of reading or adding flags in zipfile | 10:22:33 |
| mimi89999 | _hc: Found it: https://docs.python.org/3/library/zipfile.html#zipfile.ZipInfo.flag_bits | 10:31:21 |
| _hc | 👏 | 10:32:53 |
| mimi89999 | ZipFile('signed.apk').getinfo('META-INF/MANIFEST.MF').flag_bits == 2048 | 10:33:26 |
| mimi89999 | ZipFile('test.apk').getinfo('META-INF/MANIFEST.MF').flag_bits == 0 | 10:33:32 |
| mimi89999 | The problem is that it's not only the flag that is changed | 10:41:26 |
| mimi89999 | ZipFile('test.apk').getinfo('META-INF/ALIAS_NA.SF').compress_size == 30052 | 10:41:37 |
| mimi89999 | ZipFile('signed.apk').getinfo('META-INF/ALIAS_NA.SF').compress_size == 29503 | 10:41:46 |
| mimi89999 | Both have the file_size of 84790, so they need to be compressed differently | 10:49:54 |
| mimi89999 | That flag means Deflate64/Enhanced Deflate | 10:50:52 |
| _hc | what is generating those two APKs? | 12:16:00 |
| mimi89999 | _hc: I built bubu's F-Droid classic then aligned and signed it and that's the `signed.apk`. Then I rebuilt it with my WIP signatures 2 (the commit in my MR). It copies signatures and even copies the resulting apk to /dev/shm/test.apk. The content of both apks is the same. | 13:22:32 |
| mimi89999 | _hc: So test is made by ZipFile through F-Droid + zipalign and signed is by Android tools. | 13:23:48 |
