Bug#868486: diffoscope often fails to detect APKs
Hans-Christoph Steiner
hans at eds.org
Sat Jul 15 22:32:42 UTC 2017
Package: diffoscope
Version: 83
APKs are basically a ZIP file with a JAR signature, but not necessarily
the CAFEBABE byte sequence that marks a JAR. This means that comparing
APKs with diffoscope often results in a straight binary diff, which is
useless.
Here's one example:
https://verification.f-droid.org/im.zom.messenger_1510005.binary.apk.diffoscope.html
im.zom.messenger_1510005.binary.apk is available here:
https://verification.f-droid.org/Zom-15.1.0-alpha-5-zomrelease-release-unsigned.apk
im.zom.messenger_1510005.apk is available here:
https://github.com/zom/Zom-Android/releases/download/15.1.0-alpha-5/Zom-15.1.0-alpha-5-zomrelease-release.apk
You can get lots and lots of APKs from here:
https://f-droid.org/packages
I'd like a way to force the file type in diffoscope. We are calling it
from a build process, so we already know all files are going to be APKs.
Also, I tried to get this added to libfile, but upstream is not willing
to accept detection routines that rely on more complicated things like
presence of a file in a ZIP. They just want byte patterns, which is not
enough to consistently detect APKs.
More information about the Reproducible-builds
mailing list