Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bring the app to f-droid #233

Open
bootofood opened this Issue Oct 12, 2016 · 53 comments

Comments

Projects
None yet
@bootofood
Copy link

bootofood commented Oct 12, 2016

Please make it possible to compile the app without the non-free dependencies.
In this way it could be included in f-droid, finally beating Signal!

@someoneEsle

This comment has been minimized.

Copy link
Contributor

someoneEsle commented Oct 12, 2016

Answer here: #5
You may as well close ^^

@bootofood

This comment has been minimized.

Copy link
Author

bootofood commented Oct 13, 2016

Thanks. That issue is closed, that's why I didn't find it. Good to read that they're interested in publishing the app in f-droid, certainly a more friendly and reasonable approach than what we got for Signal.

Shouldn't a "f-droid issue" stay open until we've got it in there, complying with the inclusion policy?

@someoneEsle

This comment has been minimized.

Copy link
Contributor

someoneEsle commented Oct 13, 2016

I don't know what the policy as for keeping issues open is, but it looks like something they're aware of, therefore there's no need to let the ticket open (which may be why they closed the other one). I'm pretty sure they'll remember even if this issue gets closed.
(I understand your point about leaving an issue open though, maybe they could leave the original one open as it has the official reply too)

@bjoernherbig

This comment has been minimized.

Copy link

bjoernherbig commented Oct 14, 2016

Thanks guys for bringing this up again and yes, we will remember it for sure. As for closing it, we will leave this one open since there are likely to come in more requests for f-droid.

@h-2

This comment has been minimized.

Copy link

h-2 commented Oct 14, 2016

Out of curiosity: what are the proprietary dependencies blocking f-droid acceptance? Seems like if you already have a fallback for GCM you are almost there or not? Maybe other people could help in this process?

@paride

This comment has been minimized.

Copy link

paride commented Oct 16, 2016

@h-2 take a look here:

#5 (comment)

and compiling without GCM is probably non trivial, even if there is already a fallback mechanism.

@h-2

This comment has been minimized.

Copy link

h-2 commented Nov 4, 2016

I am posting a 50€ bounty for someone who creates a version of the Android Wire client that fully meets F-Droid’s criteria, i.e. no proprietary dependencies. Preferably the changes would also meet upstream’s criteria for integration into the official repository, e.g. via a Flavor or build flag or something like that.

I can send the money via Paypal or WireTransfer/SEPA.

edit: timeframe: for this bounty there should be some alpha/beta version until 2017-02-01

@lipis

This comment has been minimized.

Copy link
Member

lipis commented Nov 4, 2016

💶 💵 💶 💵 💶

@grote

This comment has been minimized.

Copy link

grote commented Nov 6, 2016

The first step, before anybody can take this on would be to get rid of the custom maven repository and get those dependencies submitted to jcenter.

Currently, these libraries are affected:

  • gradle-android-scala-plugin - non-upstreamed fork?
  • icu4j-shrunk - non-upstreamed fork?
  • robotest_2.11 - non-upstreamed fork?
  • spotify-auth - non-free software?
  • spotify-player - non-free software?

Having some information on these libraries would make it easier to assess the actual effort needed for a 3rd-party to take on this work.

@h-2

This comment has been minimized.

Copy link

h-2 commented Nov 8, 2016

Users of Signal have three months until the last version "expires" that works without PlayServices. If wire published a preliminary free software version until then, it could motivate quite a few people to switch and would definitely get some attention...
https://twitter.com/VenemaSander/status/794937272697294852
https://twitter.com/shiromarieke/status/793947755840413696

(Note that Free Software server source and federation #237 would be really cool, but totally unrelated to this issue as Signal didn't provide these either)

@darkbluelight

This comment has been minimized.

Copy link

darkbluelight commented Nov 11, 2016

Referencing #233 (comment)
@bjoernherbig count one more request for f-droid from a Signal user (with quite some friends using Signal...) willing to change to Wire! I'm really looking forward to it. Especially as the GCM free WebSocket Signal for f-droid is very likely to be discontinued :(

@bgermann

This comment has been minimized.

Copy link
Contributor

bgermann commented Nov 16, 2016

The bintray maven repository wire-android/third-party that @grote mentioned is not the only one that is in use and not allowed by f-droid. There are some more by wire (wire-android/releases, wire-android/snapshots), which can be built from the github sources, a consp1racy repo and a Localytics repo.

The consp1racy repo can be removed safely, as the artefact is available in jcenter.

The Localytics library seems to be BSD licensed, but I cannot find the corresponding source. I guess this tracking library would have to be removed for f-droid anyway.

I have not checked all build scripts. Maybe there are some other Maven repositories not allowed by f-droid.

For the mentioned third-party libraries I have found the following:

  • gradle-android-scala-plugin - non-upstreamed fork, can be imported via jitpack.
  • icu4j-shrunk - can be replaced by standard icu4j.
  • robotest_2.11 - There is a newer incompatible version available on standard repos. But you can use a jitpack build on v0.7.
  • spotify-auth - A newer version is available. I have pull requested them to be able to export a Maven artefact. There is one line to be patched out, as one interface changed.
  • spotify-player - non-free software! In 2014 they said it will be open sourced, but you cannot expect that to happen soon. However it is still an active project. So this has to be non-trivially patched.
@h-2

This comment has been minimized.

Copy link

h-2 commented Nov 23, 2016

So it seems it is mostly about making the spotify stuff and localytics optional, the rest is just infrastructural cleanup?

@bgermann

This comment has been minimized.

Copy link
Contributor

bgermann commented Dec 15, 2016

@wireswiss in app/opensource.txt you list Spotify Authentication Library and Spotify Player Library as Apache 2.0 licensed. While this is true for a newer Authentication Library than the Beta version you link with, the Spotify Player Library is subject to Spotify Developer Terms of Use rather than any open source license.

You also list Localytics SDK in that file, but it is not open sourced as well. I guess it is redistributable under the Localytics Terms of Service.

I suggest you remove the lines from app/opensource.txt and mention the proprietary dependencies at README

@grote

This comment has been minimized.

Copy link

grote commented Dec 15, 2016

I would also be nice if you could clarify whether you would accept a PR that introduces a new gradle flavor that builds the app without these non-free dependencies.

@hakonbo

This comment has been minimized.

Copy link

hakonbo commented Dec 16, 2016

Hi all,

We are looking into creating an F-Droid flavour, but it's a side project and will take a bit of time. Would be great if you want to contribute.
Spotify/Localytics libs are included in the sync engine project as well, so we need a new flavour of that one as well.
@bgermann Thanks for checking the licences, I think that file might be a bit outdated, I'll see if we can get it updated.

@ghost

This comment has been minimized.

Copy link

ghost commented Dec 29, 2016

Why was it closed? I think it's still not published in F-Droid.

So what's next on the agenda to make it publishable on F-Droid?

Edit: sorry! @someoneEsle is right. I saw the closed badge of #411 and thought it was for this issue.
When I asked for the status, sure I did read the message from @hakonbo but didn't got it, why it seemed like the work on this issue stopped.

@grote

This comment has been minimized.

Copy link

grote commented Dec 31, 2016

@bastoGrande the issue is still open and the current status has been posted right above your message.

@someoneEsle

This comment has been minimized.

Copy link
Contributor

someoneEsle commented Dec 31, 2016

@grote when @bastoGrande asked "why was it closed" I think he was talking about the PR introducing free build types: #411

@varac

This comment has been minimized.

Copy link

varac commented Jan 5, 2017

Looking forward to an fdroid package! Please continue with your efforts!

@TomSea

This comment has been minimized.

Copy link

TomSea commented Jan 21, 2017

Yes. Please make wire as an fdroid package. Thanks!!!

@strugee strugee referenced this issue Feb 1, 2017

Closed

Maybe add Wire? #1582

@h-2

This comment has been minimized.

Copy link

h-2 commented Mar 27, 2017

I am posting a 50€ bounty for someone who creates a version of the Android Wire client that fully meets F-Droid’s criteria, i.e. no proprietary dependencies. Preferably the changes would also meet upstream’s criteria for integration into the official repository, e.g. via a Flavor or build flag or something like that.

I can send the money via Paypal or WireTransfer/SEPA.

edit: timeframe: for this bounty there should be some alpha/beta version until 2017-02-01

Signal now works well with Websockets and is available as APK, but not in F-Droid so I am renewing this pledge until 2017-07-01!

@bgermann

This comment has been minimized.

Copy link
Contributor

bgermann commented Apr 1, 2017

spotify-auth is now available on jCenter. I created a pull request #759 to update Wire accordingly.

@bgermann

This comment has been minimized.

Copy link
Contributor

bgermann commented Apr 20, 2017

Have a look at #805 and you will see that spotify dependencies will be gone.

@fungs

This comment has been minimized.

Copy link

fungs commented May 3, 2017

Yes, I'm also waiting for Wire to get fully open (FDroid build support) before I can convince my contacts to switch from Signal/LibreSignal to Wire. It would be nice for all of us who do not use Google apps on our phones.

@Larx

This comment has been minimized.

Copy link

Larx commented May 25, 2017

Just for the record, wire works fine with MicroG. As thus a non-free dependency is seamless replacable by a free drop-in, I don't know how FDroid's stance is.

@fungs

This comment has been minimized.

Copy link

fungs commented May 25, 2017

@Larx: AFAIK FDoid allows non-free dependencies but marks them as anti-features. Nonetheless, many build on FDroid have such dependencies removed. I'm not sure if MicroG can be incorporated as a replacement at compile time or if it needs a modified OS with signature spoofing enabled (I believe the latter). Wire doesn't need GCM/MicroG at all, if the Websocket fallback method is used.

@Larx

This comment has been minimized.

Copy link

Larx commented May 25, 2017

I have a modified ROM (signature spoofing) for MicroG. Otherwise, Wire runs as downloaded (even the PlayStore version), no modification at all, and get its notifications through "GCM". IMHO (but I'm no purist) this makes me "Google-free" enough, but I guess the FDroid guys have other restraints.

@eighthave

This comment has been minimized.

Copy link

eighthave commented May 25, 2017

@bgermann

This comment has been minimized.

Copy link
Contributor

bgermann commented May 25, 2017

That is not true. The proprietary spotify-player (still in wire-android-sync-engine) and Localytics dependencies would have to be patched out additionally.

From f-droid Inclusion Policy about Play Services/MicroG:

We cannot build apps using Google's proprietary "play-services". Please talk to upstream about an untainted build flavor (either using microg or removing non-free deps completely).

@Larx

This comment has been minimized.

Copy link

Larx commented May 25, 2017

I don't want to spam this thread, just wanted to point out that Wire is already completely usable without the Google packages on the device.

@bgermann

This comment has been minimized.

Copy link
Contributor

bgermann commented May 25, 2017

@Larx Even if it is usable without Google packages on the device, the Google dependencies are still needed for the compilation. For a free version those dependencies would have to be removed or replaced by MicroG.

@bgermann

This comment has been minimized.

Copy link
Contributor

bgermann commented Jul 26, 2017

I had a look at the MicroG libraries. The play-services-base, play-services-location and play-services-gcm dependencies could be replaced by the MicroG libraries, but as of now there are no replacements for firebase-messaging (maybe Google will free this one) and play-services-maps (only API version 1).

@grote

This comment has been minimized.

Copy link

grote commented Jul 26, 2017

play-services-maps (only API version 1).

Did you look into whether Lost could be a free replacement here?

@grote

This comment has been minimized.

Copy link

grote commented Jul 26, 2017

Sorry not Lost, but there's also osmdroid and maps libraries by Mapzen and Mapbox which should be compatible.

@bgermann

This comment has been minimized.

Copy link
Contributor

bgermann commented Jul 26, 2017

The MicroG lib uses osmdroid under the hood. Upstream does not support V2 either. There is a feature request for Mapzen. I do not see hints for Mapbox supporting any version of the Google API.

So there seems to be no trivial solution. Maybe the V2 calls can be replaced by V1 calls easily and then MicroG/osmdroid can be used.

@Mis012

This comment has been minimized.

Copy link

Mis012 commented Sep 1, 2017

MicroG supports maps api v2, I think. It's just not written correctly somewhere.

@bgermann

This comment has been minimized.

Copy link
Contributor

bgermann commented Sep 1, 2017

@Mis012

This comment has been minimized.

Copy link

Mis012 commented Sep 1, 2017

oh I see. Maybe someone from here could help with that? For example a callback may be relatively easy thing to implement?

@h-2

This comment has been minimized.

Copy link

h-2 commented Sep 2, 2017

@Mis012 Can we move discussion about MicroG to a different thread? It won't help bring it to F-Droid...

@hex-m hex-m referenced this issue Sep 20, 2017

Closed

Get Wire on F-Droid #5

@ghost

This comment has been minimized.

Copy link

ghost commented Feb 14, 2018

It's very important for dataprivacy reasons to get Wire on F-Droid.
Please publish your app there. :)
What is the current status?

@colans

This comment has been minimized.

Copy link

colans commented Feb 14, 2018

If you really want to be using F-Driod, you should consider switching to https://riot.im/.

The MicroG issue here is related to a similar one in that queue: vector-im/riot-android#994.

@ghost

This comment has been minimized.

Copy link

ghost commented Feb 17, 2018

colans:
If you really want to be using F-Driod, you should consider switching to https://riot.im/.

Why the hell?!? unhelpful!
We want use wire and not matrix! We are here in the wire github repo and not in riot.im.


Back to topic, please bring your app to F-Droid, it's:

  1. the only googlefree way to use wire (the version from website includes google (gcm))
  2. compfortable (to update) for useres without PlayStore

Thank you guys for your great work!! :)

@ghost

This comment has been minimized.

Copy link

ghost commented Feb 22, 2018

Take an example on Tutanota.

One of our aims with Tutanota is to offer a secure alternative to mainstream mail services like Gmail and Yahoo that spy on their users.

To fully leave Google behind, we as the Tutanota developers have yet to do our share: Right now the Android app relies on Google's GCM for push notifications. That's why it is so important for us to publish the Tutanota app on F-Droid.

So are there positiv news for us?

https://tutanota.com/blog/posts/secure-mail-open-source

@bgermann

This comment has been minimized.

Copy link
Contributor

bgermann commented Feb 22, 2018

the new Android app will finally come without any ties to Google services

So no. unhelpful!

@ghost

This comment has been minimized.

Copy link

ghost commented Mar 9, 2018

Freeze?

@strypey

This comment has been minimized.

Copy link

strypey commented Jul 12, 2018

Mapzen has shut down, so their Lost API etc may not be a replacement for Google location services, but Mapzen posted this guide to some alternatives: https://mapzen.com/blog/migration

@mnemi

This comment has been minimized.

Copy link

mnemi commented Oct 3, 2018

It looks like Tutanota was able to overcome the GCM issue and release their app on f-droid. Maybe this will be helpful to Wire? https://f-droid.org/en/2018/09/03/replacing-gcm-in-tutanota.html

@fungs

This comment has been minimized.

Copy link

fungs commented Oct 4, 2018

@mnemi, the last paragraph is very true: there should be an open standard for push notification and everybody should pick a trusted provider for him or herself, reducing the number of active connections and controlling the flow of data.

AFAIK GCM is not the main issue for bringing Wire to FDroid as it has a working websocket implementation which could be selected at compile time.

@selurvedu

This comment has been minimized.

Copy link

selurvedu commented Oct 11, 2018

Wire always worked just fine without GCM. See my short report in #1833.

@fungs

This comment has been minimized.

Copy link

fungs commented Oct 12, 2018

@selurvedu: The question is whether it can be built from sources using the fdroid tool chain without google requirements.

@tuxayo

This comment has been minimized.

Copy link

tuxayo commented Dec 5, 2018

About FCM (ex GCM) see #1903

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.