Bazaar2 Monthly Report - February 2016
February saw us busy with deadlines and much continued work on the reproducible app build process. We also worked on polishing peer-to-peer app and media swapping, as well as continuing our preliminary developer research. We also worked on preparing presentations for DroidCon Tunisia and the Internet Freedom Festival.
Mark Murphy (aka commonsguy) who we welcomed last month began work on streamlining Tor support as well as advising on developer outreach strategies. Chris Lamb (aka lamby), a Debian developer and web programmer joined us and is working on integration, both backend and Debian. Seamlik, another Debian developer, contributed to work on packaging Android SDK for Debian. Mark Koschany joined our team as well contributing to work on the reproducible app build process, packaging apktool and others. Dominik Schuermann will join our team in March to work on Android ROM integration and background updating.
Objective 1 Simple multi-pronged distribution
We met Debian’s deadline for the release freeze of Ubuntu 16.04 LTS (Xenial Xerus)! This means that the F-Droid developer tool suite and a substantial portion of Android SDK got packaged and included in Debian, which also means it will be automatically included in Ubuntu. We are really close to being able to build Android apps exclusively from packages in Debian/Ubuntu. This is really important since Ubuntu LTS releases are by far the most popular GNU/Linux platforms for app developers and as we saw with the recent malware XCodeGhost, tools for developers are now being targeted. Secure development environments need to be easy to setup so that they are used by the many app developers and getting everything packaged in Debian means that it is built only from public sources using Debian’s reproducible build process and is verified 100% free software.
Getting F-Droid and Android SDK packages included in the release is also important since Ubuntu LTS is the main GNU/Linux release pre-installed on laptops, the default for continuous integration services like Travis-CI and it is the base system for popular user-friendly distros like Linux Mint and elementary OS.
- added Tor support for the F-Droid for Android app (just go to settings and check “Use Tor”)
- we fixed a number of key bugs in the new swap UX making wifi sharing usable again.
- we completed the port of F-Droid developer tools to OSX
- we got the entire test suite to complete successfully on OSX
- we got the ‘fdroidserver’ included in both MacPorts and Homebrew for super simple installation.
We have also been working on packaging apktool (used for reverse engineering Android apk files) as well as the android/platform/tools/base for Debian which includes the Android plugin for Gradle and a collection of base tools and libraries for building apps.
In order to do this work other plugins and patches had to be packaged some of which were broken and needed to be repaired before they could be used. Another hurdle was discovering that part of apktools is not free software and therefore violates Debian’s Free Software Guidelines. Mark Koschany will work on resolving this issue along with Debian.
More details on the reproducible build work:
- Packaged gradle-jflex-plugin, intellij-annotations and lombok-patcher (to package apktool and android-platforms-tools-base)
- Repaired ivyplusplus and lombok packages (needed to package lombok-ast which is needed for the Lint tool.)
- Updated the proguard, trove3 and jflex Debian packages (for packaging apktool and android-platform-tools-base)
- Packaged androguard
- Work on mwclient issue blocking Python 2 to Python 3 migration
- Continued research and confirmation of Android Observatory and Virustotal Integration options
- Work on Android Observatory support to fdroidserver
- Continued monitoring of Debian NEW for other Android related packages
Objective 3 Modern App Store with Built-in Circumvention
We have also been busy improving F-Droid’s peer-to-peer app and media swapping capabilities. We updated the code in F-Droid that figures out its network IP address. (This will currently be used for swap and then later in other places. ) We also added new unit tests to make sure that the IP address is being discovered correctly and other fixes to make sure that the user interface for the swap process behaves as it should. Other miscellaneous fixes have been merged into the master and included in an alpha release and we have been reviewing code for some of the Bazaar2 merge requests.