WIP: Add verification script for Muun Wallet (Play Store)
Adds support for verifying builds of Muun Wallet for Android. As is the script outputs the following differences:
Only in /tmp/fromPlay_io.muun.apollo_502/original/META-INF: APOLLORE.RSA
Only in /tmp/fromPlay_io.muun.apollo_502/original/META-INF: APOLLORE.SF
Files /tmp/fromPlay_io.muun.apollo_502/original/META-INF/MANIFEST.MF and /tmp/fromBuild_io.muun.apollo_502/original/META-INF/MANIFEST.MF differ
Files /tmp/fromPlay_io.muun.apollo_502/res/values/strings.xml and /tmp/fromBuild_io.muun.apollo_502/res/values/strings.xml differ
I believe the first three are to be expected since the built APK has no signature information. The last one however is different:
$ diff /tmp/fromPlay_io.muun.apollo_502/res/values/strings.xml /tmp/fromBuild_io.muun.apollo_502/res/values/strings.xml
76c76
< <string name="com.crashlytics.android.build_id">79a4d6b75ce84bd6ae254b900862f3a4</string>
---
> <string name="com.crashlytics.android.build_id">b8c86404219046eda8f32c66a3f45467</string>
I haven't found a way to have Crashlytics generate a deterministic build_id
. I haven't even found documentation around the value
With that said, I'm not sure whether this is considered enough to qualify as reproducible. I'll keep trying to have Crashlytics cooperate