Bug#850485: diffoscope: APK support issues - traceback on existent directory & missing zipinfo & misleading apktool.yml file

Emanuel Bronshtein e3amn2l at gmx.com
Sat Jan 7 04:49:50 UTC 2017 

Package: diffoscope
Version: 60
Severity: normal

Dear Maintainer,

3 issues regarding APK files (apk.py comparator) below:

#1 - Diffoscope fail to run on APKs if supplied via absolute paths.

Running: (using diffoscope from GIT)

/data/repbdiffs/repos/diffoscope/bin/diffoscope /tmp/1.apk /tmp/2.apk

Result:

Destination directory (/tmp/1.apk) already exists. Use -f switch if you want to overwrite it.
Traceback (most recent call last):
  File "/data/repbdiffs/repos/diffoscope/diffoscope/main.py", line 260, in main
    sys.exit(run_diffoscope(parsed_args))
  File "/data/repbdiffs/repos/diffoscope/diffoscope/main.py", line 236, in run_diffoscope
    parsed_args.path1, parsed_args.path2)
  File "/data/repbdiffs/repos/diffoscope/diffoscope/comparators/utils/compare.py", line 61, in compare_root_paths
    return compare_files(file1, file2)
  File "/data/repbdiffs/repos/diffoscope/diffoscope/comparators/utils/compare.py", line 78, in compare_files
    return file1.compare(file2, source)
  File "/data/repbdiffs/repos/diffoscope/diffoscope/comparators/utils/file.py", line 199, in compare
    if hasattr(self, 'compare_details') or self.as_container:
  File "/data/repbdiffs/repos/diffoscope/diffoscope/comparators/utils/file.py", line 108, in as_container
    self._as_container = self.__class__.CONTAINER_CLASS(self)
  File "/data/repbdiffs/repos/diffoscope/diffoscope/comparators/utils/archive.py", line 44, in __init__
    self._archive = self.open_archive()
  File "/data/repbdiffs/repos/diffoscope/diffoscope/tools.py", line 50, in tool_check
    return original_function(*args, **kwargs)
  File "/data/repbdiffs/repos/diffoscope/diffoscope/comparators/apk.py", line 45, in open_archive
    shell=False, stderr=None, stdout=subprocess.PIPE)
  File "/usr/lib/python3.5/subprocess.py", line 271, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['apktool', 'd', '-k', '-m', '-o', '/tmp/1.apk', '/tmp/1.apk']' returned non-zero exit status 1

it does work when running as:
cd /tmp && /data/repbdiffs/repos/diffoscope/bin/diffoscope 1.apk 2.apk

fix:
	use temporary directory for apktool unpacking.

#2 - apktool.yml file created by apktool is shown as file from APK & contain input filenames (might be unrelated to files content)

apktool generate apktool.yml which contain metadata about the APK, more information:
https://ibotpeaches.github.io/Apktool/documentation/
but shown as file from APK which is incorrect, for example:
diffoscope 1.apk 2.apk
1.apk is: https://f-droid.org/repo/com.poinsart.votar_9.apk
2.apk is: https://verification.f-droid.org/com.poinsart.votar_9.apk

Result:

--- 1.apk
+++ 2.apk
├── apktool.yml
@@ -1,9 +1,9 @@
│  !!brut.androlib.meta.MetaInfo
│ -apkFileName: 1.apk
│ +apkFileName: 2.apk
│  compressionType: false
│  doNotCompress:
│  - arsc
│  isFrameworkApk: false
│  packageInfo: null
│  sdkInfo:
│    minSdkVersion: '9'


it's better to show it as "APK metadata" (similar to "file list","metadata", etc..) instead of apktool.yml

also the apktool.yml contain the filename recevied by apktool at apkFileName field, thus if apktool was run directly on files supplied via command-line (instead of files inside archive) it will show difference that not related to APK content, example above and in:
https://verification.f-droid.org/org.sufficientlysecure.ical_54.apk.diffoscope.html

thus apkFileName field need to be striped from apktool.yml file. (the archive case is supported via zipinfo information, see next issue)

fix:
	1. show apktool.yml difference as "APK metadata" instead of apktool.yml file
	2. remove apkFileName field from apktool.yml result.

#3 missing zipinfo information

on ZIP files the zipinfo utility used to list files inside the archive (may contain difference in file-ordering/permissions/timestamps/etc..), but it is not used on APK files which are ZIP/JAR files.
for example, comparing the zipinfo on APKs:
https://f-droid.org/repo/com.nbossard.packlist_16.apk
https://verification.f-droid.org/com.nbossard.packlist_16.apk
show that there are new-files added & there is file-ordering issue, as happened before apk.py was added. (zip.py handled APK files)

fix:
	use also the zipinfo mechanism as used currently on ZIP files via zip.py comparator on APK files.

More information about the Reproducible-builds mailing list