Skip to content

Signing key rotation for reproducible builds

F-Droid seems to push more and more for reproducible builds. I think this is a good thing. However, switching to reproducible builds currently requires users to reinstall the app, which is a lot of friction. For me, this is the reason why I currently don't even consider working on getting reproducible builds for the apps I maintain.

The Android signature scheme supports signing key rotation. So apps can be seamlessly migrated to a different signing key (Android 9+), supporting reproducible builds without having to reinstall. However, I have not seen any discussions about this at F-Droid yet. I only see messages in the news like "you need to reinstall app XY because it is now built reproducibly", sounding as if reproducibility was a bad thing.

Wouldn't it be possible to have a process where F-Droid and app developers pass around the apk and both sign it (for a few versions until users have upgraded)? Then apps could switch to reproducible builds without having to annoy and/or unsettle the users.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information