[guardian-dev] deterministic, repeatable build of LilDebi
Hans of Guardian
hans at guardianproject.info
Sun Apr 13 20:52:41 EDT 2014
On Apr 12, 2014, at 1:01 PM, Michael Rogers wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 12/04/14 15:31, Michael Rogers wrote:
>> An APK is a jar is a zip - I don't think the command line jar tool
>> allows you to specify the timestamps or the order of the manifest,
>> but we should be able to knock something together using
>> java.util.zip...
>
> This seems to do the trick - you can feed it two APKs with identical
> contents but different hashes and get two APKs with the same hash:
>
> http://code.briarproject.org/akwizgran/sortjar
Looks promising, can it also change the timestamps in the zip file? I've been using the timestamp from the most recent commit in git as the canonical timestamp (check external/Makefile).
.hc
More information about the Guardian-dev
mailing list