Wouldn’t it be easier to fix the tor build to make it reproducible? (if that is the problem)
Discussion
More downstream benefits too
Apparently many devs gave tried. It does look hard to make Tor and all their libs reproducible.
Are the builds for amethyst already currently reproducable themselves?
Almost, the Tor libs break our reproducibility
Well that sucks. Is there anyway to decouple? Any chance you have some links to this issue with the tor libs? Its something I'd like to read up on
Waiy i think i just caught up on the issue. Is it basically because youre not buikding and signing your own versuon of the tor aar so the dependency on their signed version breaks it?
I found the tor-android issue with reproducible builds ans submitted a pr. Hopefully i can get this fixed for you in the next month or so if the contributors monitor it.