Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rework ramp_down_apk #3449

Open
fynngodau opened this issue Mar 27, 2023 · 18 comments
Open

Rework ramp_down_apk #3449

fynngodau opened this issue Mar 27, 2023 · 18 comments
Assignees
Labels
bug Something isn't working faq mirrored-to-jira

Comments

@fynngodau
Copy link
Contributor

fynngodau commented Mar 27, 2023

Where to find the issue

Describe the issue

  • The English title "Will reproducible builds/APKs still be provided?" does not make sense, as reproducible builds are currently not provided.
  • It is unclear what that question has to do with the other question about a community-operated backend.
  • "APK...Android Package Kit = package format to build the app locally by yourself" is strangely formatted and also incorrect, because APKs are already built applications ready to be installed and also used by Google Play in the background

Suggested change

  • Remove the parts about reproducible builds because they are very unfitting.
  • Move parts about APK to ramp_down_stores with following text: "We do not plan on creating an archive where the latest APK file can be downloaded even after this date."
  • "Is a community-operated backend supported?" should be answered more clearly: no, you cannot connect CWA as-is to another infrastructure. You need to compile the app yourself to do that.

Internal Tracking ID: EXPOSUREAPP-14994

@fynngodau fynngodau added the bug Something isn't working label Mar 27, 2023
@MikeMcC399
Copy link
Contributor

There is a translation error.

"Werden reproduzierbare Builds/APKs zur Verfügung gestellt? Wird ein von der Community betriebenes Backend unterstützt?"

has been translated to

"Will reproducible builds/APKs still be provided? Is a community-operated backend supported?"

The word "still" needs to be taken out of the English title, as it implies that they used to be supplied and are no longer being supplied. That is incorrect as @fynngodau pointed out.

@Ein-Tim
Copy link
Contributor

Ein-Tim commented Mar 27, 2023

@MikeMcC399 If you want, I can integrate the fix for the title into #3448

@MikeMcC399
Copy link
Contributor

@Ein-Tim

If you want, I can integrate the fix for the title into #3448

It's a different topic, so it should be kept separate. In any case, I only commented on part of what @fynngodau reported, so @dsarkar should first give his feedback.

@brianebeling
Copy link
Member

Hey, thanks for the feedback. Its difficult to give a definite answer what to do with the suggestions today, however, we will take it into a meeting tomorrow and hopefully be able to quickly provide a fix. I am already preparing an alternative, so we can merge quickly after getting confirmation.

@brianebeling brianebeling self-assigned this Mar 27, 2023
@brianebeling
Copy link
Member

brianebeling commented Mar 27, 2023

Small update: I prepared the changes.

It is unclear what that question has to do with the other question about a community-operated backend.

Building the whole infrastructure, includes the "community-operated" backend (to stay with the terminology used in the faq). As such putting the section about APKs or builds in this FAQ entry seems fitting to me. This might have been combined to save a bit on the amount of articles we include - less is just a bit easier to navigate and this seems like a rarely asked question to me.

When writing these FAQs we go through a big loop where multiple parties need to approve the changes and can make suggestions. In this case there was a lot of back and forth and a lot of work went into these articles, it might be difficult to make structural changes at this point.

For now I just removed the word "still" so it aligns with the german version and is clearer. I don't think "still" is necessarily wrong, just a bit unfortunately phrased - after all we do "still" allow everyone to rebuild everything required to setup their own infrastructure. But you are right that ready made builds were never provided and this is confusingly phrased.

Move parts about APK to ramp_down_stores with following text: "We do not plan on creating an archive where the latest APK file can be downloaded even after this date."

That would be a bit confusing I believe as this FAQ is specifically about the app not being available and most interesting to the everyday user rather than someone wanting to build the APK from source. Maybe you looked at it from the perspective of the APK being available to download from an alternative store? Unfortunately that would open an entirely different can of worms. Rest assured that is something we considered when writing these FAQs though.

"Is a community-operated backend supported?" should be answered more clearly: no, you cannot connect CWA as-is to another infrastructure. You need to compile the app yourself to do that.

I'm not quite sure if this is entirely true.. yes the app will need to be configured in one way or another to work with a "community-operated backend", but I imagine there are abstractions, protocols and standards in place that do not need to be modified to get it to work - think a client consuming the API. You wouldn't change the API surface that the client expects, but rather code that is running the API and vice versa you wouldn't change how the client consumed the API in most cases. That is to say: You would change the URl where you think the API is hosted at, but not the agreed on interface.

Please keep in mind I'm saying this without having done much research. I will take this specific question into the meeting and discuss how to proceed, after all we want to be as clear and truthful as possible, while simultaneously not overloading the FAQ and also staying in compliance with agreed upon terms by different parties.

Huh, this got a bit more lengthy than I initially planned.. thanks a lot for the suggestions, they aren't bad at all. Definitely something that made me think more about the specifics!

@brianebeling
Copy link
Member

"title": "Will reproducible builds/APKs be provided? Is a community-operated backend supported?",
"anchor": "ramp_down_apk",
"active": false,
"textblock": [
    "No, no reproducible builds or APKs are provided by the CWA development (APK = Android Package Kit, it includes all of the software program's code and assets and is used by android to install apps).",
    "However, it is possible (albeit with considerable effort) to set up the required infrastructure in the community itself and run it productively based on the provided documentation. Please note, support for this setup will not be provided by BMG and RKI."
]

What about this to clear up the APK entry? I find it a bit difficult to work the ""Is a community-operated backend supported?" should be answered more clearly: no, you cannot connect CWA as-is to another infrastructure. You need to compile the app yourself to do that." into it cleanly. Well.. more on that after the meeting anyways.

@MikeMcC399
Copy link
Contributor

#ramp_down_apk is a strange FAQ entry. It seems to be trying to talk about CCTG without mentioning it by name. In fact the old PR #1074 which would have introduced CCTG into the FAQs was never merged, presumably it was never approved.

Maybe @fynngodau could say what the plans are for CCTG?

Also what is the real purpose of this FAQ entry? Is it actually helpful for anybody reading it?

@fynngodau
Copy link
Contributor Author

Maybe @fynngodau could say what the plans are for CCTG?

We are sunsetting as well: https://bubu1.eu/cctg/goodbye

As such putting the section about APKs or builds in this FAQ entry seems fitting to me.

The point is that reproducible builds would be largely pointless at this stage. I still do not see the connection: they would not be helpful with setting up community infrastructure; they would merely prove that the latest version of the app on the store (that is being taken down) matches the source code on the repository.

yes the app will need to be configured in one way or another to work with a "community-operated backend",

To change this configuration, you need to compile the application because there is no settings menu in the app that allows this change. Due to trademark, you would need to also change the name of the application – creating a fork like CCTG all over again… on Apple it costs money to publish apps and you can't do exposure notifications in the background; furthermore you cannot publish contact tracing apps to Google Play store unofficially at all as far as I remember. For these reasons I was hoping to make the answer a more definitive "no" and not sound like something that is likely to happen or even possible with the app as-is (as-is = as is installed on users device right now).

In the same way as above, it would not be helpful at all at to provide an APK file of the latest (soon disfunctional) version now, because it wouldn't contain the possibility of changing to a different backend.

@MikeMcC399
Copy link
Contributor

@fynngodau

That is a great summary on https://bubu1.eu/cctg/goodbye and I hope that RKI and BMG reads it!

Also a similar post-project summary from RKI and BMG would be fitting!

@MikeMcC399
Copy link
Contributor

The definition of Android Package Kit (APK) by Google is

"APK is the package file format that the Android operating system uses to distribute and install mobile apps."

APK is not used to "build" the app. The English and German texts on #ramp_down_apk are inaccurate in this respect, as @fynngodau already pointed out.

An APK is a single file. https://www.apkmirror.com/apk/robert-koch-institut/corona-warn-app/ contains all previously released APKs of CWA up to and including the latest 3.1.1 version.

To build the app you need the source code from https://github.com/corona-warn-app/cwa-app-android, however that does not include the Google key which you would need to sign the app to work with the Google Exposure Notification System, so again I am left wondering what the intention of this FAQ article is supposed to be. (See CWA Android: Known issues.)

@brianebeling
Copy link
Member

brianebeling commented Mar 29, 2023

@fynngodau

The point is that reproducible builds would be largely pointless at this stage. I still do not see the connection: they would not be helpful with setting up community infrastructure; they would merely prove that the latest version of the app on the store (that is being taken down) matches the source code on the repository.

Possibly we share a different perspective. But from my perspective are limited in the amount of articles we can publish, since they have been reviewed and changes were requested that cut down on the amount of articles we finally published. Otherwise we could have had provided multiple articles and things would have been easier to understand I presume.

possible with the app as-is (as-is = as is installed on users device right now).

Sorry, I interpreted as-is as "as the source code is available on github". Not necessarily as the app is installed on devices right now. In that case, yes, there is no point using it anymore for that matter.

For these reasons I was hoping to make the answer a more definitive "no" and not sound like something that is likely to happen or even possible with the app as-is

How about:

"title": "Will reproducible builds/APKs be provided? Is a community-operated backend supported?",
"anchor": "ramp_down_apk",
"active": false,
"textblock": [
    "No reproducible builds or APKs are provided by the CWA development (APK = Android Package Kit, is a build of the app that includes all of the required assets and is used by android to install apps). Installing the app, without also replicating the required backend-infrastructure is not sufficient.",
    "However, it is possible (albeit with considerable effort) to set up the required infrastructure in the community itself and run it productively based on the provided documentation. Please note, support for this setup will not be provided by BMG and RKI."
]

@MikeMcC399

Also what is the real purpose of this FAQ entry?

Its supposed to provide an answer to "Can I download the app or apk as-is and run it? No? Can I build the backend then?" in one go and more oriented towards developers or anyone wanting to experiment rather than the everyday user.

APK is not used to "build" the app. The English and German texts on #ramp_down_apk are inaccurate in this respect, as @fynngodau already pointed out.

Please see my suggestion in this version and the version I proposed earlier in this thread already, where this one here is better I think.

@MikeMcC399
Copy link
Contributor

@brianebeling

I suggest you put your text into a PR. It seems to be accurate to me as far as it goes (I would capitalize "Android"). In any case the essence is that there is no technical support for any further use of the code, so it is more to dampen expectations that anything else.

@fynngodau
Copy link
Contributor Author

Installing the app, without also replicating the required backend-infrastructure is not sufficient.

This sounds like "installing the app [as-is] and [also] replicating the required backend [no dash here please] infrastructure" would on the other hand be sufficient. This however is not the case. The article still sounds like the problem is just that the backend is shut down and not also that it is hardcoded into the app.

@MikeMcC399
Copy link
Contributor

@MikeMcC399
Copy link
Contributor

Sorry, I made a mistake in the previous comment.

The definition of APK is still incorrect.
"(APK...Android Package Kit = package format to build the app locally by yourself)"

Google says:
"APK is the package file format that the Android operating system uses to distribute and install mobile apps."

The word "build" needs to be replaced by "install".

This doesn't have much practical impact, apart from attempting to give correct technical information, since no APKs are being provided directly by RKI, neither in the past, nor in the future. So the sentence just describes what the user cannot do without an APK.

@MikeMcC399
Copy link
Contributor

@MikeMcC399
Copy link
Contributor

If no further action is planned by the Open Source team on this issue, then I suggest to close it.

@Ein-Tim
Copy link
Contributor

Ein-Tim commented Jun 13, 2023

I guess this is obsolete now?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working faq mirrored-to-jira
Projects
None yet
Development

No branches or pull requests

5 participants