fix: fdroid build

.github/workflows/release.yml

@@ -30,13 +30,17 @@ jobs:
       - uses: actions/setup-java@v4
         with:
           distribution: "zulu"
-          java-version: "17"
+          java-version: "21"
       - name: Fetch secrets
         run: |
           curl -u ${{ secrets.BASIC_AUTH }} -o android/app/app.key ${{ secrets.URL_PREFIX }}app.key
           curl -u ${{ secrets.BASIC_AUTH }} -o android/key.properties ${{ secrets.URL_PREFIX }}key.properties
       - name: Build
+        env:
+          LDFLAGS: -Wl,--build-id=none
         run: dart run fl_build -p android
+      - name: Verify F-Droid native libraries
+        run: scripts/release/verify-fdroid-native-libs.sh
       - name: Rename for fdroid
         shell: bash
         run: |

pubspec.lock

@@ -918,10 +918,10 @@ packages:
     dependency: transitive
     description:
       name: matcher
-      sha256: "12956d0ad8390bbcc63ca2e1469c0619946ccb52809807067a7020d57e647aa6"
+      sha256: dc0b7dc7651697ea4ff3e69ef44b0407ea32c487a39fff6a4004fa585e901861
       url: "https://pub.dev"
     source: hosted
-    version: "0.12.18"
+    version: "0.12.19"
   material_color_utilities:
     dependency: transitive
     description:
@@ -1506,26 +1506,26 @@ packages:
     dependency: "direct dev"
     description:
       name: test
-      sha256: "54c516bbb7cee2754d327ad4fca637f78abfc3cbcc5ace83b3eda117e42cd71a"
+      sha256: "280d6d890011ca966ad08df7e8a4ddfab0fb3aa49f96ed6de56e3521347a9ae7"
       url: "https://pub.dev"
     source: hosted
-    version: "1.29.0"
+    version: "1.30.0"
   test_api:
     dependency: transitive
     description:
       name: test_api
-      sha256: "93167629bfc610f71560ab9312acdda4959de4df6fac7492c89ff0d3886f6636"
+      sha256: "8161c84903fd860b26bfdefb7963b3f0b68fee7adea0f59ef805ecca346f0c7a"
       url: "https://pub.dev"
     source: hosted
-    version: "0.7.9"
+    version: "0.7.10"
   test_core:
     dependency: transitive
     description:
       name: test_core
-      sha256: "394f07d21f0f2255ec9e3989f21e54d3c7dc0e6e9dbce160e5a9c1a6be0e2943"
+      sha256: "0381bd1585d1a924763c308100f2138205252fb90c9d4eeaf28489ee65ccde51"
       url: "https://pub.dev"
     source: hosted
-    version: "0.6.15"
+    version: "0.6.16"
   tuple:
     dependency: transitive
     description:

scripts/release/verify-fdroid-native-libs.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+REPO_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+APK_DIR="${APK_DIR:-$REPO_ROOT/build/app/outputs/flutter-apk}"
+APP_NAME="${APP_NAME:-ServerBox}"
+
+require_cmd() {
+  local name="$1"
+  if ! command -v "$name" >/dev/null 2>&1; then
+    echo "command not found: $name" >&2
+    exit 1
+  fi
+}
+
+require_cmd find
+require_cmd readelf
+require_cmd unzip
+
+shopt -s nullglob
+
+tmp_dir="$(mktemp -d)"
+trap 'rm -rf "$tmp_dir"' EXIT
+
+failures=()
+apks=()
+patterns=(
+  "${APP_NAME}_*_arm64.apk"
+  "${APP_NAME}_*_arm.apk"
+  "${APP_NAME}_*_amd64.apk"
+)
+
+for pattern in "${patterns[@]}"; do
+  matches=("$APK_DIR"/$pattern)
+  if [[ ${#matches[@]} -ne 1 ]]; then
+    echo "expected exactly 1 APK for pattern: $pattern" >&2
+    echo "found ${#matches[@]} matches" >&2
+    echo "APK_DIR: $APK_DIR" >&2
+    if [[ ${#matches[@]} -gt 0 ]]; then
+      printf '  %s\n' "${matches[@]}" >&2
+    else
+      ls -la "$APK_DIR" || true
+    fi
+    exit 1
+  fi
+  apks+=("${matches[0]}")
+done
+
+for apk in "${apks[@]}"; do
+  apk_name="$(basename "$apk")"
+  extract_dir="$tmp_dir/$apk_name"
+  mkdir -p "$extract_dir"
+  unzip -qq "$apk" "lib/*/*.so" -d "$extract_dir"
+
+  while IFS= read -r so_file; do
+    if readelf -n "$so_file" | grep -q 'Build ID'; then
+      failures+=("$apk_name:${so_file#$extract_dir/}")
+    fi
+  done < <(find "$extract_dir" -type f -name '*.so' | sort)
+done
+
+if [[ ${#failures[@]} -ne 0 ]]; then
+  echo 'native libraries still contain ELF build-id notes:' >&2
+  printf '  %s\n' "${failures[@]}" >&2
+  exit 1
+fi
+
+echo 'F-Droid native library verification passed.'