# Custom WebRTC for Rosetta Android (Audio E2EE Timestamp)

This setup builds a custom `libwebrtc.aar` for Android and patches audio E2EE so
`FrameEncryptor/FrameDecryptor` receive non-empty `additional_data` with RTP timestamp bytes.

## Why

Stock `io.github.webrtc-sdk:android:125.6422.07` can call audio frame encryptor with empty
`additional_data` (`ad=0`), so nonce derivation based on timestamp is unavailable.

Desktop uses frame timestamp for nonce. This patch aligns Android with that approach by passing
an 8-byte big-endian timestamp payload in `additional_data` (absolute RTP timestamp,
including sender start offset):

- bytes `0..3` = `0`
- bytes `4..7` = RTP timestamp (big-endian)

## Files

- `build_custom_webrtc.sh` — reproducible build script
- `patches/0001-audio-e2ee-pass-rtp-timestamp-as-additional-data.patch` — WebRTC patch
- `patches/0002-android-build-on-mac-host.patch` — allows Android target build on macOS host
- `patches/0003-macos-host-java-ijar.patch` — enables host tools (`ijar`/`jdk`) on macOS
- `patches/0004-macos-linker-missing-L-dirs.patch` — skips invalid host `-L...` paths for lld
- `patches/0005-macos-server-utils-socket.patch` — handles macOS socket errno in Android Java compile helper

## Build

Recommended on Linux (macOS is supported via additional patches in this folder).

Bootstrap `depot_tools` first:

```bash
cd /path/to/rosetta-android/tools/webrtc-custom
./bootstrap_depot_tools.sh
```

Then run:

```bash
cd /path/to/rosetta-android/tools/webrtc-custom
./build_custom_webrtc.sh
```

Optional env vars:

- `WEBRTC_ROOT` — checkout root (default: `$HOME/webrtc_android`)
- `WEBRTC_SRC` — direct path to `src/`
- `WEBRTC_BRANCH` — default `branch-heads/6422`
- `WEBRTC_TAG` — use a specific tag/commit instead of branch
- `OUT_AAR` — output AAR path (default: `app/libs/libwebrtc-custom.aar`)
- `SYNC_JOBS` — `gclient sync` jobs (default: `1`, safer for googlesource limits)
- `SYNC_RETRIES` — sync retry attempts (default: `8`)
- `SYNC_RETRY_BASE_SEC` — base retry delay in seconds (default: `20`)
- `MAC_ANDROID_NDK_ROOT` — local Android NDK path on macOS (default: `~/Library/Android/sdk/ndk/27.1.12297006`)

## Troubleshooting (HTTP 429 / RESOURCE_EXHAUSTED)

If build fails with:

- `The requested URL returned error: 429`
- `RESOURCE_EXHAUSTED`
- `Short term server-time rate limit exceeded`

run with conservative sync settings:

```bash
SYNC_JOBS=1 SYNC_RETRIES=12 SYNC_RETRY_BASE_SEC=30 ./build_custom_webrtc.sh
```

The script now retries `fetch`, `git fetch`, and `gclient sync` with backoff.

## Integration in app

`app/build.gradle.kts` already prefers local `app/libs/libwebrtc-custom.aar` if present.
If file exists, Maven WebRTC dependency is not used.

## Maintenance policy

- Keep patch small and isolated to `audio/channel_send.cc` + `audio/channel_receive.cc`.
- Pin WebRTC branch/tag for releases.
- Rebuild AAR on version bumps and verify `e2ee_diag.txt` shows `ad=8` (or non-zero).