From 546277d9489e5ebd21817d905e4e59d1ffbd8a97 Mon Sep 17 00:00:00 2001 From: 0xh3rman <119309671+0xh3rman@users.noreply.github.com> Date: Fri, 13 Feb 2026 18:40:08 +0900 Subject: [PATCH 1/2] Bump Gradle image; add consumer ProGuard rules Upgrade Gradle base image to gradle:9.0.0-jdk17 to align with AGP 9.x. Enable android.nonFinalResIds=true to support the AGP migration. Add placeholder consumer ProGuard rules for perpetual and referral feature modules. Update reproducible/base_image_tag.txt to reflect the new base image date. --- Dockerfile | 2 +- features/perpetual/presents/consumer-rules.pro | 1 + features/perpetual/viewmodels/consumer-rules.pro | 1 + features/referral/presents/consumer-rules.pro | 1 + features/referral/viewmodels/consumer-rules.pro | 1 + gradle.properties | 2 +- package-lock.json | 6 ------ reproducible/base_image_tag.txt | 2 +- 8 files changed, 7 insertions(+), 9 deletions(-) create mode 100644 features/perpetual/presents/consumer-rules.pro create mode 100644 features/perpetual/viewmodels/consumer-rules.pro create mode 100644 features/referral/presents/consumer-rules.pro create mode 100644 features/referral/viewmodels/consumer-rules.pro delete mode 100644 package-lock.json diff --git a/Dockerfile b/Dockerfile index 21362ee66..331067fce 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1.4 # Pinned Android build environment on top of Gradle. -ARG GRADLE_IMAGE=gradle:8.13-jdk17 +ARG GRADLE_IMAGE=gradle:9.0.0-jdk17 ARG CMDLINE_TOOLS_VERSION=11076708 ARG ANDROID_API_LEVEL=35 ARG ANDROID_BUILD_TOOLS_VERSION=35.0.0 diff --git a/features/perpetual/presents/consumer-rules.pro b/features/perpetual/presents/consumer-rules.pro new file mode 100644 index 000000000..e54e24ae4 --- /dev/null +++ b/features/perpetual/presents/consumer-rules.pro @@ -0,0 +1 @@ +# Consumer ProGuard rules for this library module. diff --git a/features/perpetual/viewmodels/consumer-rules.pro b/features/perpetual/viewmodels/consumer-rules.pro new file mode 100644 index 000000000..e54e24ae4 --- /dev/null +++ b/features/perpetual/viewmodels/consumer-rules.pro @@ -0,0 +1 @@ +# Consumer ProGuard rules for this library module. diff --git a/features/referral/presents/consumer-rules.pro b/features/referral/presents/consumer-rules.pro new file mode 100644 index 000000000..e54e24ae4 --- /dev/null +++ b/features/referral/presents/consumer-rules.pro @@ -0,0 +1 @@ +# Consumer ProGuard rules for this library module. diff --git a/features/referral/viewmodels/consumer-rules.pro b/features/referral/viewmodels/consumer-rules.pro new file mode 100644 index 000000000..e54e24ae4 --- /dev/null +++ b/features/referral/viewmodels/consumer-rules.pro @@ -0,0 +1 @@ +# Consumer ProGuard rules for this library module. diff --git a/gradle.properties b/gradle.properties index 84326269d..e23763493 100644 --- a/gradle.properties +++ b/gradle.properties @@ -21,7 +21,7 @@ kotlin.code.style=official # resources declared in the library itself and none from the library's dependencies, # thereby reducing the size of the R class for that library android.nonTransitiveRClass=true -android.nonFinalResIds=false +android.nonFinalResIds=true firebasePerformanceInstrumentationEnabled=false # Re-enable when finish migration to AGP 9.0 diff --git a/package-lock.json b/package-lock.json deleted file mode 100644 index 9edda4715..000000000 --- a/package-lock.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "name": "gem-android", - "lockfileVersion": 3, - "requires": true, - "packages": {} -} diff --git a/reproducible/base_image_tag.txt b/reproducible/base_image_tag.txt index ad246b8a5..c4ce84370 100644 --- a/reproducible/base_image_tag.txt +++ b/reproducible/base_image_tag.txt @@ -1 +1 @@ -base-2026-02-04 +base-2026-02-13 From 40efcafb1bf35d145a679855b139e97b609b907c Mon Sep 17 00:00:00 2001 From: 0xh3rman <119309671+0xh3rman@users.noreply.github.com> Date: Fri, 13 Feb 2026 20:12:17 +0900 Subject: [PATCH 2/2] update reproducible readme about AGP 9 --- reproducible/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/reproducible/README.md b/reproducible/README.md index e1ba7f150..b3edb182c 100644 --- a/reproducible/README.md +++ b/reproducible/README.md @@ -15,7 +15,7 @@ This folder contains the tooling to rebuild tagged releases inside Docker and co - unzip, curl - uv for tool installs, plus `apksigcopier` and `diffoscope`: `uv tool install apksigcopier diffoscope` - Android SDK build-tools `dexdump` for `diff_dexdump.py` (e.g., `${ANDROID_HOME}/build-tools//dexdump`) -- Tooling snapshot: Gradle 8.13-bin, AGP 8.13.1, Kotlin compiler/KGP 2.2.21/1.9.24, KSP 2.2.21-2.0.4; R8 is the AGP-bundled version (map-id flag not exposed). +- Tooling snapshot: Gradle wrapper 9.2.1, AGP 9.0.0, Kotlin/KSP from `gradle/libs.versions.toml`; R8 is the AGP-bundled version (AGP still does not expose a public map-id seed/template flag). ## Step-by-step verification 1) Auth + credentials: @@ -32,10 +32,10 @@ This folder contains the tooling to rebuild tagged releases inside Docker and co 6) Optional dexdump diff: `./diff_dexdump.py [--out-dir DIR] [--dexdump PATH] [--tag TAG]` to write per-dex dumps/diffs (defaults to `artifacts/reproducible//dexdump` when `--tag` is provided). ## Known issues -- AGP 8.13.1 (bundled R8) randomizes map-id; we patch via `fix_pg_map_id.py` and confirm payload identity by copying the official signing block (apksigcopier). Deterministic map-id support is still required for strict reproducibility. -- Kotlin 2.2.x constrains AGP/R8 upgrades; AGP 9.0.0-beta03 + Gradle 9.2.1 (R8 9.0.27) rejects `-pg-map-id-seed` and lacks Studio support, so we remain on AGP 8.13.1/Gradle 8.13-bin. +- AGP 9.0.0 (bundled R8) still does not provide a public DSL/property to set deterministic map-id values for release builds; we patch via `fix_pg_map_id.py` and confirm payload identity by copying the official signing block (apksigcopier). +- `R8_MAP_ID_SEED` is kept as reproducible tooling input, but AGP 9.0.0 does not currently wire it to a supported map-id flag. ## Path forward -1) Upgrade to an AGP that supports Kotlin 2.2.x and bundles a map-id-capable R8. -2) Re-enable deterministic map-id (seed or fixed id) in release builds. +1) Track AGP/R8 support for deterministic map-id configuration (seed/template/fixed id) through public APIs. +2) Wire deterministic map-id into release builds once AGP exposes it. 3) Re-run `./verify_apk.py ` and confirm hashes match without signature copying.