| 29 Oct 2021 |
 hmenke | So it seems to also be in upstream | 18:24:18 |
 danielrf | OK cool. | 18:25:21 |
| hmenke | Thank god I don't have to build Chromium. | 18:25:27 |
| danielrf | Haha, it's a longstanding issue I've been trying to workaround to no avail. | 18:25:56 |
| hmenke | Regarding triChrome, can the user-generated digest not be included in the same way as it is done with the Auditor apk hash? | 18:29:53 |
| hmenke | Or is this some kind of service token that you need a Google Developer account for? | 18:30:21 |
| danielrf | No, it is like the auditor apk | 18:30:31 |
| danielrf | It's just that rebuilding the auditor apk isn't too much of an ask for our users :) | 18:30:42 |
| hmenke | Why not just set some default digest in robotnix and if users want to change it they have to rebuild? | 18:31:31 |
| danielrf | For unsigned builds that would work--but if the user wants to have their own signing keys for chromium/vanadium then their cert digest would need to be included in the build | 18:32:32 |
| danielrf | https://chromium.googlesource.com/chromium/src.git/+/refs/heads/main/chrome/android/java/AndroidManifest_trichrome_chrome.xml | 18:33:26 |
| hmenke | Hm, I guess that will be an issue in the long run because Monochrome is deprecated 😕 | 18:33:34 |
| danielrf | the trichrome_certdigest ends up being used here ^ | 18:33:45 |
| danielrf | Indeed | 18:33:46 |
| danielrf | I tried to look into some way to do the final construction of the apks where we include this digest in a different derivation, or somehow patching the built version with a custom digest after the fact | 18:34:36 |
| danielrf | but didn't get very far | 18:34:40 |
| hmenke | I assume that sideloading is not an option because the WebView is an essential system component. | 18:35:34 |
| hmenke | jinja2 + xml | 18:36:26 |
| danielrf | I'm not sure how sideloading would help | 18:36:26 |
| hmenke | What is the world coming to? | 18:36:27 |
| hmenke | Well, sideloading would help with signed builds insofar as you don't have to replace the keys of the APK. | 18:37:14 |
| hmenke | I can just sideload an APK signed with your keys containing your certDigest. | 18:38:08 |
| danielrf | Oh, yeah if we just have people use builds signed by me than this can be made much easier. But that's not something I want to do | 18:38:51 |
| hmenke | Do you have an idea about how many users robotnix has? I think there should be a discussion about federated build infrastructure again. | 18:39:31 |
| hmenke | Because if a couple of people drive the same config they could share builds. | 18:39:57 |
| danielrf | Open to any suggestions people have, in terms of a survey / wiki / etc to get more information. I'd love to know what combinations of devices/flavors/modules people are using. | 18:41:18 |
| danielrf | At the very least so we know what areas are being tested well vs. not. | 18:42:10 |
| hmenke | My build has returned to being fairly minimal and I'm happy to share my resources with others: https://git.henrimenke.de/henri/android/src/branch/master/sunfish.nix | 18:42:54 |
| hmenke | Right now I'm only building OTA images but I can also build factory images of course. | 18:43:14 |
|  anodae joined the room. | 20:09:50 |
