diff --git a/data/web/core.telegram.org/reproducible-builds.html b/data/web/core.telegram.org/reproducible-builds.html index bfb74de550..4db7854a93 100644 --- a/data/web/core.telegram.org/reproducible-builds.html +++ b/data/web/core.telegram.org/reproducible-builds.html @@ -161,7 +161,7 @@ Otherwise, something went wrong.

To provide a stable and easily reproducible environment, Telegram iOS builds are compiled on a virtual machine. Parallels is used to verify the builds.

-

Due to recent changes introduced in XCode 14 by Apple, the instruction below doesn't work at the moment. We will update this page as soon as Apple resolves the issue. Read more about the issue

+

Despite the compiler bugs introduced by Apple in Xcode 14 (read more), we were able to restore deterministic builds using manually crafted linker flags. Use the steps below to verify builds compiled with XCode 13 and below, see here for XCode 14 instructions.

Step 1. Install the Parallels virtual machine

Parallels can be obtained here, it features a fully-functional trial version.

@@ -393,6 +393,31 @@ BAZEL="$HOME/bazel/bazel" sh buildbox/build-telegram.sh verify< +
+

iOS, XCode 14

+

Due to compiler bugs introduced by Apple in Xcode 14 (read more), you will need to use the modified instructions below to verify the latest builds:

+

Remove steps 6, 7

+

Steps 1-4.1 are replaced with:

+
Running Darwin-Containers:
+
    +
  1. Checkout the latest DarwinContainers code: git clone https://github.com/ali-fareed/darwin-containers.git
    2. +
  2. Open darwin-containers/DarwinContainers.xcodeproj
    3. +
  3. Select DarwinContainersDaemon target
    4. +
  4. In Signing & Capabilities select your team and set a unique bundle id
    5. +
  5. Run
    6. +
+
Creating an OS image:
+

./darwin-containers fetch

+

Download the appropriate macOS restore image (e.g. 13.0):

+

./darwin-containers fetch "macOS 13.0"

+

Create a new OS image:

+

./darwin-containers create --source "macOS 13.0" --tag "macos-13.0-xcode-14.1" --manual

+

Follow the installation instructions. Set username to containerhost and password to containerhost.
Enable Remote Login and allow full disk access for remote users.
Connect to the guest VM using SSH with username containerhost and password containerhost.
Create directory ~/.ssh and set up the authorized_keys using the public key string printed by the darwin-containers create command earlier.
Upload the appropriate version of Xcode via scp and install to /Applications. Run it at least once to complete installation.
Shutdown the guest OS.

+
Obtaining verification IPA:
+

python3 -u build-system/Make/Make.py remote-build --darwinContainers="path-to-darwin-containers-script" --darwinContainersHost="unix://$HOME/.darwin-containers.sock" --configurationPath="build-system/appstore-configuration.json" --codesigningInformationPath=build-system/fake-codesigning --configuration=release_arm64

+

For more information see:

+

build-system/Make/RemoteBuild.py
.gitlab-ci.yml lane verify_beta_testflight

+

iOS: Notes

  1. You will get a warning if the archive created in Step 7 contains encrypted files. If all these files are in the PlugIns subfolder, they represent various system extensions (e.g. external sharing, Siri, 3D touch). Decrypting such files using existing ways of receiving app archives via Jailbreak is non-trivial (but we're working on resolving this issue). If you do manage to decrypt them, e.g. on iOS 8, they will be matched.

    @@ -417,6 +442,9 @@ BAZEL="$HOME/bazel/bazel" sh buildbox/build-telegram.sh verify<

Troubleshooting: iOS

+
+

UPD: Despite the fact that the issue below persists, we were able to restore deterministic builds using manually crafted linker flags. See these updated steps for XCode 14.

+

Due to recent changes introduced in XCode 14 by Apple, it is currently not possible to create reproducible builds for iOS using tools officially supported by Apple. We will update this page as soon as Apple resolves the issue.

To confirm the issue for yourself, follow these steps: