diffs in verification attempt

Question

diffs in verification attempt

Opened this issue a month ago · 1 comments

Thanks to your latest update, we were able to build version 2.1.1 and conduct verification on the reproducibility of the app.

We integrated the dockerfile contents with walletscrutiny's scripts and managed to find diffs:

===== Begin Results =====
appId:          ch.swissbitcoinpay.checkout
signer:         17d9c0bf025008da16d5a146e1beaca6ddcfe3cb0cf063da23c847d3007eb621
apkVersionName: 2.1.1
apkVersionCode: 381
verdict:        
appHash:        62df7d225d6178688f451604552fb5d79525a257ac59e281f0c02f4c96e4d343
commit:         b350085a6f30027a83a8fdb18b73c5aed073cc97

Diff:
Files /tmp/fromPlay_ch.swissbitcoinpay.checkout_381/AndroidManifest.xml and /tmp/fromBuild_ch.swissbitcoinpay.checkout_381/AndroidManifest.xml differ
Files /tmp/fromPlay_ch.swissbitcoinpay.checkout_381/assets/index.android.bundle and /tmp/fromBuild_ch.swissbitcoinpay.checkout_381/assets/index.android.bundle differ
Files /tmp/fromPlay_ch.swissbitcoinpay.checkout_381/res/drawable-mdpi-v4/src_assets_images_bitcoinwhiteborder.png and /tmp/fromBuild_ch.swissbitcoinpay.checkout_381/res/drawable-mdpi-v4/src_assets_images_bitcoinwhiteborder.png differ
Files /tmp/fromPlay_ch.swissbitcoinpay.checkout_381/res/drawable-mdpi-v4/src_assets_images_boltcardblack.png and /tmp/fromBuild_ch.swissbitcoinpay.checkout_381/res/drawable-mdpi-v4/src_assets_images_boltcardblack.png differ
Files /tmp/fromPlay_ch.swissbitcoinpay.checkout_381/res/drawable-mdpi-v4/src_assets_images_boltcard.png and /tmp/fromBuild_ch.swissbitcoinpay.checkout_381/res/drawable-mdpi-v4/src_assets_images_boltcard.png differ
Files /tmp/fromPlay_ch.swissbitcoinpay.checkout_381/res/drawable-mdpi-v4/src_assets_images_logosquarerounded.png and /tmp/fromBuild_ch.swissbitcoinpay.checkout_381/res/drawable-mdpi-v4/src_assets_images_logosquarerounded.png differ
Files /tmp/fromPlay_ch.swissbitcoinpay.checkout_381/res/mipmap-hdpi-v4/ic_launcher_adaptive_fore.png and /tmp/fromBuild_ch.swissbitcoinpay.checkout_381/res/mipmap-hdpi-v4/ic_launcher_adaptive_fore.png differ
Files /tmp/fromPlay_ch.swissbitcoinpay.checkout_381/resources.arsc and /tmp/fromBuild_ch.swissbitcoinpay.checkout_381/resources.arsc differ
Only in /tmp/fromPlay_ch.swissbitcoinpay.checkout_381: stamp-cert-sha256

Revision, tag (and its signature):

===== End Results =====

I have yet to perform an analysis on these results.
Here is the related merge request on walletscrutiny's gitlab.
Next, I will try to do the same for split apks.

Answer 1 · 2024-08-23T08:26:27.000Z

This is the analysis for the split apks:

https://gitlab.com/walletscrutiny/walletScrutinyCom/-/blob/5264d394f4f411271b808f0f553c12c6c94f94da/_android/ch.swissbitcoinpay.checkout.md