You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are working on making a reproducible/verifiable builds for our RN app.
Independent security researchers compile app locally and compare with published on googleplay/website build.
We had success making identical js bundle, but the problem is that files libjsc.so differ a lot.
Difference is around several megabytes per each architecture.
So, where do these files come from during ./gradlew assembleRelease ? Are they pulled from repository? Are they built locally, and if yes, what tools are involved? Java,
android build tools, cmake..?
PS. Our production builds are built on appcenter.ms and they don't expose exact software versions on their build containers. I raised a support ticket there, waiting for a response.
The text was updated successfully, but these errors were encountered:
Question
We are working on making a reproducible/verifiable builds for our RN app.
Independent security researchers compile app locally and compare with published on googleplay/website build.
We had success making identical js bundle, but the problem is that files
libjsc.sodiffer a lot.Difference is around several megabytes per each architecture.
So, where do these files come from during
./gradlew assembleRelease? Are they pulled from repository? Are they built locally, and if yes, what tools are involved? Java,android build tools, cmake..?
PS. Our production builds are built on appcenter.ms and they don't expose exact software versions on their build containers. I raised a support ticket there, waiting for a response.
The text was updated successfully, but these errors were encountered: