Unobtainium, the FOSS Chromium and WebView
- The app complies with the inclusion criteria
- The original app author has been notified (and supports the inclusion)
- All related fdroiddata and rfp issues have been referenced in this merge request
Bromite tried before, this is a completely new approach.
I've managed to remove the GMS libs and VR SDK(that one is easy, build flag), the two evident blobs in every Chromium or WebView apk out there. Decompile your WebView and see for yourself, no matter if "LineageOS for microG", "CopperheadOS" or some privacy-focused fork.
More than that, as it's fdroid policy I'm used to, I've removed bundled Android SDK and NDK(symlink to system SDK/NDK during build, works best), removed bundled binutils(flag permits to use system ones), removed Google's prebuilts of NodeJS(to be downloaded from upstream NodeJS instead), removed prebuilt of GN(will be compiled before the browser), removed bundled Clang and LLVM, and much more. More or less, everything evident is out.
Unfortunately, there are a lot of exceptions still to be made here.
- As Chromium isn't using gradle, the support libs are downloaded to a specific folder and still stay there. It's not really different and may be trusted.
- There are myriads of other JARs, AARs and SOs here and there, which Google doesn't even consider blobs, so they are not downloaded during "runhooks", but just live in the source repo. Rebuilding every single one of them - you're welcome to show me how it can be maintained, but many of them can actually be removed without harm as they aren't actually used. Problem is, every rebuild is so incredibly long, it's almost impossible to test for them separately. I've deleted some by searching for occurrences in the out/ directory after build, as whatever has been used should've occurred in the logs as well.
- Someone with Debian and packaging skills please help with this, don't have the true fdroid VM here
- Added a huuuuuuge timeout, but I'm certain it won't be enough. Takes 6 hours of fully committed 4 cores on my desktop, but on HDD.
- And potentially more fun awaiting us
So, I pushed for Archive and only one Arch-Target pair for now, considering the exceptions and all. At least it will be a huge improvement over status quo in the Android world in general. Maybe Replicant team will get interested too, they are definitely not that secure using a 3-year-old WebView