Skip to content
This repository has been archived by the owner on Jan 24, 2018. It is now read-only.

Deterministic Builds

Jump to bottom
Hans-Christoph Steiner edited this page Jun 7, 2014 · 3 revisions

Lil Debi as of v0.4.7 is built in a deterministic process that should produce the exact same APK contents if no matter which machine it is built on, or when it is built. There are some limitations to this, like it has to be built using similar versions of the OpenJDK 1.7 and other build tools, for example. But this process should work on any recent version of Debian or Ubuntu.

To try running the build yourself, choose a version of LilDebi you want to verify, then run this process:

git clone https://github.com/guardianproject/lildebi
cd lildebi
git checkout 0.4.7
./make-release-build.sh

Comparing the results

Here is a script that I use to compare APKs. It requires apktool, unzip and meld.

#!/bin/sh

set -e
set -x

tmpdir=`mktemp -d /tmp/.compare-apks.XXXXXXXXXX`
apk1=$(basename $1)
apk2=$(basename $2)
apkname1=`echo $apk1 | sed 's,\.apk$,,'`
apkname2=`echo $apk2 | sed 's,\.apk$,,'`
dir1=$tmpdir/$apkname1
dir2=$tmpdir/$apkname2

mkdir -p $dir1/zip
cd $dir1/zip
unzip $1
cd ..
apktool d $1
mv $apkname1 apktool

mkdir -p $dir2/zip
cd $dir2/zip
unzip $2
cd ..
apktool d $2
mv $apkname2 apktool

meld $dir1 $dir2
Clone this wiki locally