Add to F-Droid

[airon90]

This app is released under GPL3+ so it could be added in F-Droid database of FLOSS Android apps. You can see the status of inclusion here

[licaon-kter]

Everything can be compiled from source or loaded from a FOSS libs maven repo?

The server can be changed or it is hardcoded?

What license is the server under?

Can I host a server?

[FultonBrowne]

hey @airon90, how would I get started with that?

[IzzySoft]

From a quick glance at the build.gradle, I'm afraid the Google Play Location and MS Analytics libraries will be show-stoppers for F-Droid – so this would need a build flavor coming without those. Then there are the questions raised by licaon-kter: for inclusion with F-Droid, it must be entirely FOSS and be covered by a FOSS license (ideally including the server part, though if that's not given it can be dealt with by flagging the app NonFreeNet as long as the app itself meets the requirements).

[FultonBrowne]

@IzzySoft I am pretty sure I can remove google play location, but the analytics is my only way to git info about where translation needs to happen.

[FultonBrowne]

@licaon-kter here is the server
https://github.com/FultonBrowne/Ara-Server

[licaon-kter]

@FultonBrowne

analytics is my only way to git info about where translation needs to happen.

If that is not FOSS then we can't include it in its current state.

Can't you add a button of sorts so users can "Submit request for language" or something? You need all sorts of data about devices (what data do you extract anyway?) instead of a simple "locale" entry?

The server can be changed in the app or it is hardcoded?

[FultonBrowne]

@licaon-kter I will see what i can do, the server is hard coded but I have been planning to change that before v1.0. I am pretty sure app center analytics Is open source.

[FultonBrowne]

https://github.com/microsoft/appcenter-sdk-android

[licaon-kter]

@FultonBrowne MIT? Nice.

Are the appcenter libs hosted on a trusted (by F-Droid) maven repo? If not we'd need to also build them from source at app build time.

Oh, lest not forget, any keys for that analytics need to be included in the public source code.

Now, is this analytics submission an opt-in or opt-out thing? If Opt-out we'll set a "Tracking" flag for the app.

[FultonBrowne]

@licaon-kter It is opt-out but I can change that if needed (note all analytics are totally anonymous even with an ara account) the keys are in the source and it is an a trusted repo https://mvnrepository.com/artifact/com.microsoft.appcenter/appcenter-distribute/2.5.1

[FultonBrowne]

@licaon-kter I switched to opt-in and got rid of all GMS

[IzzySoft]

analytics is my only way to git info about where translation needs to happen.

Could some FOSS analytics package with opt-in be used for that? To name names (without knowing whether the candidate covers that), there's e.g. ACRA which is accepted by F-Droid. With some reservations, Bugsnag would be OK as well IIRC (provided you made sure it's opt-in – which ACRA is by default).

[FultonBrowne]

@IzzySoft I will look in to it, I like the MS one because I can see cloud and analytics stuff all on one site.

[IzzySoft]

@FultonBrowne thanks! I understand that. But a) us tin-foils mistrust those cloud analytics (especially from the "big offenders" often named "GAFAM" (Google, Amazon, FB, MS) – and, more importantly, b) those services are in most cases proprietary, including their modules, and thus not accepted by F-Droid (not 100% sure if this applies in this case, but I suspect so).

[licaon-kter]

@IzzySoft it's MIT licensed, see the link...might be ok....not sure about its deps though

[FultonBrowne]

@licaon-kter deps??

[IzzySoft]

Dependencies I guess. Will probably require NonFreeNet. Well, Licaon-kter is one of our packagers, he's got deeper knowledge in what stuff might depend on (or will find out at build time).

[FultonBrowne]

got it, thanks @IzzySoft

[FultonBrowne]

@IzzySoft @licaon-kter any update or questions?

[IzzySoft]

@FultonBrowne the scanner report at the RFP still says "error", and a.o. yields

WARNING: Found JAR file at WolframAlpha-1.1/WolframAlpha-1.1.jar
WARNING: Found JAR file at WolframAlpha-1.1/build/libs/WolframAlpha-1.1.jar
WARNING: Found JAR file at rome-1.0/rome-1.0.jar
ERROR: Found usual suspect 'google.*play.*services' at line 157 at app/build.gradle
ERROR: Found unknown maven repo 'http://dl.bintray.com/jetbrains/spek' at app/build.gradle

Did you do anything about those, so we shall trigger a rescan? As pointed out, we don't "include JARs" (everything needs to be built from source) – and we don't accept proprietary components (here: Google Play Services) or allow "unknown maven repos" (especially not via insecure http).

[FultonBrowne]

@IzzySoft I deleted all of those ( i used then in testing like 6 months ago) I think a re-scan would be great.

[IzzySoft]

Thanks! I've triggered the bot, rescan should happen within 24h now.

[FultonBrowne]

thanks @IzzySoft

[IzzySoft]

Scanner results look promising – no more "error", and the 2 warnings we can safely ignore (a font and an image).

Now, to get things rolling, two more questions:

• Would you consider adding Fastlane file structure to your repo? That way you can provide screenshots and maintain the app description yourself (among other things). You can use the very same structure for your Play Store deployments, btw.
• You're already tagging your releases, which is great! Do you have a "consisting naming schema" for your tags (the last one, "beta4", seems a "naming misfit" 😉)? Would you want the Alphas published as well, for example? From what I see I'd guess the naming schema would be v<versionName> – but unfortunately, tag names do not match versionName (e.g. "v1.0Beta3" => "Beta 3", expected "1.0Beta3") – and it also seems you often forget to increase versionCode. Could we get that fixed (and have a tag covering the Fastlane data, if you go for that)?

[FultonBrowne]

@IzzySoft does the file structure need to be present in the tagged location?

[IzzySoft]

@FultonBrowne Yes. F-Droid will "stick to the tag". That's what I meant by "have a tag covering the Fastlane data".

[FultonBrowne]

@IzzySoft as of now I can't add the fast line data. my next release (coming very soon) will have fastline.

[IzzySoft]

OK, just ping me once it's there then 😉

[FultonBrowne]

@IzzySoft sorry I am taking a while, I will most likely be ready in a day or 2

[FultonBrowne]

I understand @IzzySoft this is my first project so I am still learning, I appreciate your patients. I will be VERY careful with versioning names and will ping you on the next version.

[IzzySoft]

@FultonBrowne thanks, and no bad feelings. It's just frustrating (for both sides I guess). Keeping my fingers crossed! 🤞

[FultonBrowne]

@IzzySoft I think we can release now.

[IzzySoft]

Thanks! I've setup metadata and tagged the RFP for our packagers. Might take a little; if nothing is happening there within 2 weeks, feel free to ping me again to check.

[FultonBrowne]

thanks @IzzySoft, will do.

[FultonBrowne]

Hey @IzzySoft nothings really happened for a while, there has been no activity for 14 days

[licaon-kter]

Umm https://github.com/microsoft/appcenter-sdk-android/blob/master/build.gradle#L26 so the Microsoft lib is under MIT but depends on Google Services which is not-FOSS? And Push on https://github.com/microsoft/appcenter-sdk-android/blob/master/sdk/appcenter-push/build.gradle#L12 Firebase?

Also builds fine but...wow so many links

https://AraLogIn.b2clogin.com/AraLogIn.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1_changeInfo&client_id=e4e16983-2565-496c-aa70-8fe0f1bf0907&nonce=defaultNonce&redirect_uri=https%3A%2F%2Fjwt.ms&scope=openid&response_type=id_token&prompt=login
https://AraLogIn.b2clogin.com/AraLogIn.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1_passwordReset&client_id=c6063f12-fa37-47bc-aa5d-604e60d197c2&nonce=defaultNonce&redirect_uri=https%3A%2F%2Faralogin.b2clogin.com%2Faralogin.onmicrosoft.com%2Foauth2%2Fauthresp&scope=openid&response_type=code&prompt=login
https://api.cognitive.microsoft.com
https://app-measurement.com/a
https://ara-server.azurewebsites.net/
https://ara-server.azurewebsites.net/api
https://ara-server.azurewebsites.net/skillsdata/ https://ara-server.azurewebsites.net/store
https://arafilestore.file.core.windows.net/ara-server-files/alphabet.txt?sv=2019-02-02&ss=bfqt&srt=sco&sp=rwdlacup&se=2024-04-01T22:11:11Z&st=2019-12-19T15:11:11Z&spr=https&sig=lfjMHSahA6fw8enCbx0hFTE1uAVJWvPmC4m6blVSuuo%3D 
https://arafilestore.file.core.windows.net/ara-server-files/main.tflite?sv=2019-02-02&ss=bfqt&srt=sco&sp=rwdlacup&se=2024-04-01T22:11:11Z&st=2019-12-19T15:11:11Z&spr=https&sig=lfjMHSahA6fw8enCbx0hFTE1uAVJWvPmC4m6blVSuuo%3D
https://google.com/search?
https://pagead2.googlesyndication.com/pagead/gen_204?id=gmob-apps
https://plus.google.com/
https://www.google.com
https://www.googleadservices.com/pagead/conversion/app/deeplink?id_type=adid&sdk_version=%s&rdid=%s&bundleid=%s 
https://www.googleapis.com/auth/appstate
https://www.googleapis.com/auth/datastoremobile
https://www.googleapis.com/auth/drive 
https://www.googleapis.com/auth/drive.appdata
https://www.googleapis.com/auth/drive.apps
https://www.googleapis.com/auth/drive.file 
https://www.googleapis.com/auth/fitness.activity.read 
https://www.googleapis.com/auth/fitness.activity.write
https://www.googleapis.com/auth/fitness.blood_glucose.read 
https://www.googleapis.com/auth/fitness.blood_glucose.write
https://www.googleapis.com/auth/fitness.blood_pressure.read 
https://www.googleapis.com/auth/fitness.blood_pressure.write
https://www.googleapis.com/auth/fitness.body.read 
https://www.googleapis.com/auth/fitness.body.write
https://www.googleapis.com/auth/fitness.body_temperature.read 
https://www.googleapis.com/auth/fitness.body_temperature.write
https://www.googleapis.com/auth/fitness.location.read 
https://www.googleapis.com/auth/fitness.location.write
https://www.googleapis.com/auth/fitness.nutrition.read
https://www.googleapis.com/auth/fitness.nutrition.write
https://www.googleapis.com/auth/fitness.oxygen_saturation.read
https://www.googleapis.com/auth/fitness.oxygen_saturation.write
https://www.googleapis.com/auth/fitness.reproductive_health.read
https://www.googleapis.com/auth/fitness.reproductive_health.write
https://www.googleapis.com/auth/games
https://www.googleapis.com/auth/games.firstparty 
https://www.googleapis.com/auth/games_lite
https://www.googleapis.com/auth/plus.login
https://www.googleapis.com/auth/plus.me

I'm afraid this is a no go.

Sorry for the late response.

[FultonBrowne]

@licaon-kter I do heavily rely on the Microsoft stuff, is there anything I can do? I am planning in the far future to replace that with my own stuff but it will be a while, like maybe a year plus.

[FultonBrowne]

@IzzySoft After working for a little and due to the deprecation of some of the microsoft services I was using, I now have no trackers in my app, this has also resulted in the removal of google services from my app.

[IzzySoft]

Thanks! I've reopened the RFP, adjusted metadata to point to the latest release, and triggered the bot again. Licaon-kter already gave his love to your last comment, so he's aware that things have changed and will hopefully pick up from there again 😉

[FultonBrowne]

Thanks :]

[airon90]

@FultonBrowne See this report. There is a problem with Gradle

[FultonBrowne]

Thanks @airon90 I'll get right to it

[FultonBrowne]

@IzzySoft I think i fixed the gradle issue thx @airon90 for finding it

[IzzySoft]

That's good for your releases' security, great! What about the other one: is ara-client required to build the app? If so, we've got 2 more show-stoppers ther: the two bintray maven repos…

[FultonBrowne]

The binaries are from an early concept of the app, I just forgot they where there, but there gone now.
ara-client is a universal kotlin library I am making for the eventual ara ios app and web site

[IzzySoft]

Implies "gone now" that's also covered by a tag? Then I'd trigger the bot again for a rescan.

[FultonBrowne]

@IzzySoft its not tagged, I am planning a release by the end of this week, so there will be a new tag then (I have a couple of bugs I need to work out)

[IzzySoft]

That's fine! Can you ping me once the tag is there? Thanks!

[FultonBrowne]

will do, thx

[FultonBrowne]

@IzzySoft the release is ready (tag v1.0beta11) 👍

[IzzySoft]

Thanks, bot triggered!

[IzzySoft]

Uh, same things again:

ERROR: Found unknown maven repo 'https://dl.bintray.com/kotlin/kotlinx' at ara-client/build.gradle
ERROR: Found unknown maven repo 'https://dl.bintray.com/kotlin/ktor' at ara-client/build.gradle

Are those two needed? If so, maybe they are available from one of the trusted maven repos? If not, we'd need to build them from source – either as a srclib hosted at F-Droid, or as a git sub-module in your repo. With KotlinX being quite central to Kotlin (if I got that right), I'd assume it must be possible somehow as we've got several Kotlin apps in F-Droid. But I'm neither dev nor packager… You could check with other apps labeled Kotlin in our RFPs, especially those are already included, to see how it was solved there.

[FultonBrowne]

@IzzySoft I was able to get stuff on trusted maven repos (I think). is there a copy of that scanning bot I could use to test it on my machine?

[licaon-kter]

Clone fdroidserver (See f-droid.org docs for deps and stuff ), run fdroid import --url thisrepo; fdroid scanner --verbose appid :)

[FultonBrowne]

thanks @licaon-kter will do 👍

[FultonBrowne]

@licaon-kter @IzzySoft my current commit looks clean I'll ping you when I am ready to release