Challenges with Reproducible Builds for Cake Wallet v5.1.2 Android Overview

[xrviv]

Hi Cake Wallet team! 👋

We're from WalletScrutiny, a project that verifies the reproducibility of cryptocurrency wallet applications. We recently attempted to reproduce the build of Cake Wallet v5.1.2 for Android using a containerized approach, but encountered several challenges that prevented us from completing the verification.

We'd like to share our findings and work together to improve the reproducibility of Cake Wallet builds.

Full report here including asciicast, log, and Dockerfile.

Build Environment

• Base Image: 

  ghcr.io/cake-tech/cake_wallet:debian12-flutter3.27.4-go1.24.1-ruststablenightly
  

• Repository: https://github.com/cake-tech/cake_wallet

• Tag: 

  v5.1.2
  

• Flutter Version: 3.19.x

• Host System: Ubuntu 24.04 LTS with Docker

Issues Encountered

1. Non-Standard Flutter Project Structure

The project structure deviates significantly from standard Flutter conventions:

• No root 

  pubspec.yaml
  

   file (only 

  pubspec_base.yaml
  

  )

• Multi-package architecture with numerous cryptocurrency-specific sub-packages

• Dependency management distributed across multiple 

  pubspec.yaml
  

   files

2. Git Hardlink Errors in Docker Environment

When running 

flutter pub get

 on various packages:

Git error. Command: git clone /root/.pub-cache/git/cache/on_chain-8476dad96536db3ce10ac36e9fb9e4dfc6ab2c93 /root/.pub-cache/_temp/dirUGFBAU
stderr: Cloning into '/root/.pub-cache/_temp/dirUGFBAU'...
fatal: hardlink different from source at '/root/.pub-cache/_temp/dirUGFBAU/.git/objects/pack/pack-7910b64676df8894d6a9e1ba0437d268e0febcdd.pack'
exit code: 128

This appears to be due to Docker's overlay filesystem being incompatible with Git's hardlink functionality.

3. Android Configuration and Native Library Challenges

• Missing 

  AndroidManifest.xml
  

   (only 

  AndroidManifestBase.xml
  

   template exists)

• No explicit Flutter embedding version declaration

• Complex native cryptocurrency libraries requiring compilation

Our Attempted Fixes

1. Git Hardlink Resolution:

RUN git config --global core.hardlinks false\
ENV PUB_CACHE=/tmp/pub_cache\
ENV GIT_CONFIG_NOSYSTEM=1\
RUN rm -rf /tmp/pub_cache/git/cache/*

2. Package-by-Package Build Process:

RUN cd  cw_core && flutter pub  get && flutter packages  pub  run  build_runner  build  --delete-conflicting-outputs\
# Repeated for each package

3. Android Configuration Fixes:

RUN cp  android/app/src/main/AndroidManifestBase.xml  android/app/src/main/AndroidManifest.xml\
RUN sed  -i  '/<\/application>/i \        <meta-data android:name="flutterEmbedding" android:value="2" />'  android/app/src/main/AndroidManifest.xml

Despite these fixes, the build failed during final APK compilation with minimal error information:

[   +2 ms] ensureAnalyticsSent: 0ms\
[        ] Running 1 shutdown hook\
[        ] Shutdown hooks complete\
[        ] exiting with code 1

Request for Guidance

We'd appreciate any guidance on:

1. Documentation: Is there a specific build process document for v5.1.2 that we missed?

2. Build Script: Would you consider providing a reference build script specifically designed for reproducibility testing?

3. Project Structure: Are there any plans to adopt a more standard Flutter project structure in future versions?

4. Docker Setup: Any specific Docker configurations that your team uses internally for builds?

Looking Forward

We'd be happy to collaborate on improving the reproducibility of Cake Wallet builds. Our goal is to help users verify that the code they see is the code they run, increasing trust and security in the wallet ecosystem.

Thank you for your time and for developing this valuable privacy-focused wallet!

Best regards, The WalletScrutiny Team

[MrCyjaneK]

We are happy that you want to help.

1. I'd recommend by checking out docs
2. see 1
3. no
4. I'd recommend reading Dockerfile that we use on CI

Your help is most welcome in our core dependency: MrCyjaneK/monero_c#113, as long as that issue remains open there's no way to fully reproducibly build cake_wallet.