diff --git a/build.Containerfile b/build.Containerfile index 4a03556..0774630 100644 --- a/build.Containerfile +++ b/build.Containerfile @@ -1,13 +1,17 @@ # -# Reproducible reference build -# # Usage: +# # docker build --file build.Containerfile --output . # or # podman build --file build.Containerfile --output . # -# The unsigned APKs are written to the specified output directory. -# Use `apksigner` to sign before installing via `adb install`. +# For improved reproducibility, the project directory entries can be ordered +# like this: +# +# buildah build --cap-add=sys_admin --device /dev/fuse --file build.Containerfile --output . +# +# In any case, the unsigned APKs are written to the specified output +# directory. Use `apksigner` to sign before installing via `adb install`. # FROM debian:bullseye-backports AS build-stage @@ -15,9 +19,10 @@ FROM debian:bullseye-backports AS build-stage # install debian packages ENV DEBIAN_FRONTEND noninteractive RUN /usr/bin/apt-get update && \ - /usr/bin/apt-get --yes install openjdk-11-jdk-headless gradle sdkmanager && \ + /usr/bin/apt-get --yes install disorderfs openjdk-11-jdk-headless gradle sdkmanager && \ /bin/ln -fs /usr/share/zoneinfo/CET /etc/localtime && \ /usr/sbin/dpkg-reconfigure --frontend noninteractive tzdata && \ + /bin/ln -s /proc/self/mounts /etc/mtab && \ /usr/sbin/adduser --disabled-login --gecos "" builder # give up privileges @@ -32,7 +37,14 @@ ENV ANDROID_HOME /home/builder/android-sdk RUN yes | /usr/bin/sdkmanager --licenses >/dev/null # build project -RUN /usr/bin/gradle --project-dir project/ --no-build-cache --no-daemon --no-parallel clean :oeffi:assembleRelease +RUN if [ -e /dev/fuse ] ; \ + then /bin/mv project project.u && /bin/mkdir project && \ + /usr/bin/disorderfs --sort-dirents=yes --reverse-dirents=no project.u project ; \ + fi && \ + /usr/bin/gradle --project-dir project/ --no-build-cache --no-daemon --no-parallel clean :oeffi:assembleRelease && \ + if [ -e /dev/fuse ] ; \ + then /bin/fusermount -u project | true && /bin/rmdir project && /bin/mv project.u project ; \ + fi # export build output FROM scratch AS export-stage