2017-10-29 01:48:53 -04:00
#!/bin/bash
2020-11-17 10:11:40 -05:00
#DivestOS: A privacy focused mobile distribution
2022-05-01 01:13:46 -04:00
#Copyright (c) 2017-2022 Divested Computing Group
2017-11-05 10:58:01 -05:00
#
#This program is free software: you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation, either version 3 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Public License
#along with this program. If not, see <https://www.gnu.org/licenses/>.
2017-10-29 01:48:53 -04:00
#Sets settings used by all other scripts
2019-10-13 20:35:24 -04:00
#
2018-06-02 17:51:18 -04:00
#START OF USER CONFIGURABLE OPTIONS
2019-10-13 20:35:24 -04:00
#
#General
2020-01-26 22:24:35 -05:00
export DOS_WORKSPACE_ROOT = "/mnt/dos/" ; #XXX: THIS MUST BE CORRECT TO BUILD!
#export DOS_BUILDS=$DOS_WORKSPACE_ROOT"Builds/";
2023-08-24 01:17:08 -04:00
export DOS_BUILDS = "/mnt/Storage-1/DivestOS/Builds/" ; #XXX: THIS MUST BE CORRECT TO BUILD!
2023-03-08 00:22:01 -05:00
export DOS_SIGNING_KEYS = " $DOS_WORKSPACE_ROOT /Signing_Keys/4096pro " ;
export DOS_SIGNING_GPG = " $DOS_WORKSPACE_ROOT /Signing_Keys/gnupg " ;
2019-10-13 20:35:24 -04:00
#export USE_CCACHE=1;
#export CCACHE_DIR="";
2020-04-08 13:44:52 -04:00
export CCACHE_COMPRESS = 1;
export CCACHE_COMPRESSLEVEL = 1;
2018-07-04 15:35:16 -04:00
#export DOS_BINARY_PATCHER="";
2021-10-16 15:28:15 -04:00
export DOS_TOR_WRAPPER = "" ;
2019-01-14 03:12:50 -05:00
#export DOS_TOR_WRAPPER="torsocks"; #Uncomment to perform select build operations over Tor
2023-03-08 00:02:28 -05:00
export DOS_MALWARE_SCAN_ENABLED = false; #Set true to perform a fast scan on patchWorkspace() and a through scan on buildAll()
2019-10-13 20:35:24 -04:00
export DOS_MALWARE_SCAN_SETTING = "quick" ; #buildAll() scan speed. Options: quick, extra, slow, full
2021-10-16 13:51:54 -04:00
export DOS_REFRESH_PATCHES = true; #Set true to refresh branch-specific patches on apply
2018-06-29 00:55:21 -04:00
2019-10-13 20:35:24 -04:00
#Deblobber
2020-10-11 19:22:14 -04:00
export DOS_DEBLOBBER_REMOVE_ACCESSORIES = true; #Set false to allow use of external accessories that depend on blobs
2021-10-23 15:19:51 -04:00
export DOS_DEBLOBBER_REMOVE_ATFWD = true; #Set true to remove basic ATFWD blobs
2018-06-29 00:55:21 -04:00
export DOS_DEBLOBBER_REMOVE_AUDIOFX = true; #Set true to remove AudioFX
2022-12-18 21:47:25 -05:00
export DOS_DEBLOBBER_REMOVE_APTX = false; #Set true to remove aptX Bluetooth codec
2022-10-12 00:30:49 -04:00
export DOS_DEBLOBBER_REMOVE_CNE = true; #Set true to remove all CNE blobs #XXX: Breaks Wi-Fi calling
Many fixes to get bluejay booting & working proper
- Enable APEX for Pixel 6/7, necessary for camera and pKVM
- Also drop hack removing pKVM for Pixel 6/7
- patch from GrapheneOS
- Extend hmalloc workaround to /apex
- Deblobber:
- actually handle wildcard f/w/b overlays
- move some stuff around
- remove some more Pixel blobs
- flag and disable removal of camera extensions, being able to use the second camera is nice
- Adjust what hardenDefconfig disables, caused boot issues
minimal impact as most of these are already default-disabled
can be narrowed down in future
- Disable some of the bionic hardening patches, causing more boot issues
annoying to lose, but having a phone that boots is more important
- Add LTE only mode to 17.1, 18.1, 19.1, and 20.0, credit GrapheneOS
- Remove Pixel 2 ramdisk compression reverts, fixed upstream
And yes, I know I should've split up this commit...
Signed-off-by: Tad <tad@spotco.us>
2022-12-23 22:00:31 -05:00
export DOS_DEBLOBBER_REMOVE_DPM = true; #Set true to remove all DPM blobs #XXX: Maybe breaks multi-sim and carrier aggregation (LTE+)
2021-10-23 15:19:51 -04:00
export DOS_DEBLOBBER_REMOVE_DPP = false; #Set true to remove all Display Post Processing blobs #XXX: Breaks boot on select devices
2018-06-30 14:49:22 -04:00
export DOS_DEBLOBBER_REMOVE_FP = false; #Set true to remove all fingerprint reader blobs
2021-10-23 15:19:51 -04:00
export DOS_DEBLOBBER_REMOVE_GRAPHICS = false; #Set true to remove all graphics blobs and use SwiftShader CPU renderer #TODO: Needs work
2023-08-05 15:42:58 -04:00
export DOS_DEBLOBBER_REMOVE_EUICC = true; #Set true to remove all Google eUICC blobs
2023-08-21 08:10:18 -04:00
export DOS_DEBLOBBER_REMOVE_EUICC_FULL = false; #Set true to remove all hardware eUICC blobs
2023-07-14 15:45:35 -04:00
export DOS_DEBLOBBER_REMOVE_IMS = false; #Set true to remove all IMS blobs #XXX: Carriers are phasing out 3G, making IMS mandatory for calls
2019-03-23 12:49:58 -04:00
export DOS_DEBLOBBER_REMOVE_IPA = false; #Set true to remove all IPA blobs
2019-03-24 13:39:14 -04:00
export DOS_DEBLOBBER_REMOVE_IR = false; #Set true to remove all IR blobs
2021-10-23 15:19:51 -04:00
export DOS_DEBLOBBER_REMOVE_RCS = true; #Set true to remove all RCS blobs
export DOS_DEBLOBBER_REMOVE_RENDERSCRIPT = false; #Set true to remove RenderScript blobs
2020-10-20 07:20:40 -04:00
export DOS_DEBLOBBER_REPLACE_TIME = false; #Set true to replace Qualcomm Time Services with the open source Sony TimeKeep reimplementation #TODO: Needs testing
2019-04-03 19:04:37 -04:00
2019-10-13 20:35:24 -04:00
#Features
2020-02-19 22:07:57 -05:00
export DOS_GPS_GLONASS_FORCED = false; #Enables GLONASS on all devices
Many fixes to get bluejay booting & working proper
- Enable APEX for Pixel 6/7, necessary for camera and pKVM
- Also drop hack removing pKVM for Pixel 6/7
- patch from GrapheneOS
- Extend hmalloc workaround to /apex
- Deblobber:
- actually handle wildcard f/w/b overlays
- move some stuff around
- remove some more Pixel blobs
- flag and disable removal of camera extensions, being able to use the second camera is nice
- Adjust what hardenDefconfig disables, caused boot issues
minimal impact as most of these are already default-disabled
can be narrowed down in future
- Disable some of the bionic hardening patches, causing more boot issues
annoying to lose, but having a phone that boots is more important
- Add LTE only mode to 17.1, 18.1, 19.1, and 20.0, credit GrapheneOS
- Remove Pixel 2 ramdisk compression reverts, fixed upstream
And yes, I know I should've split up this commit...
Signed-off-by: Tad <tad@spotco.us>
2022-12-23 22:00:31 -05:00
export DOS_DEFCONFIG_DISABLER = true; #Enables the disablement of various kernel options
export DOS_GRAPHENE_BIONIC = true; #Enables the bionic hardening patchset on 16.0+17.1+18.1+19.1+20.0
export DOS_GRAPHENE_CONSTIFY = true; #Enables 'Constify JNINativeMethod tables' patchset on 16.0+17.1+18.1+19.1+20.0
export DOS_GRAPHENE_MALLOC = true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms on 16.0+17.1+18.1+19.1+20.0
export DOS_GRAPHENE_EXEC = true; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1+19.1+20.0
2020-10-11 19:22:14 -04:00
export DOS_HOSTS_BLOCKING = true; #Set false to prevent inclusion of a HOSTS file
2021-09-05 21:27:18 -04:00
export DOS_HOSTS_BLOCKING_LIST = "https://divested.dev/hosts-wildcards" ; #Must be in the format "127.0.0.1 bad.domain.tld"
2023-07-07 19:59:49 -04:00
export DOS_MICROG_SUPPORT = true; #Opt-in unprivileged microG support on 17.1+18.1+19.1+20.0
2022-04-10 20:24:01 -04:00
export DOS_SENSORS_PERM = false; #Set true to provide a per-app sensors permission for 14.1/15.1 #XXX: can break things like camera
2023-07-14 15:45:35 -04:00
export DOS_STRONG_ENCRYPTION_ENABLED = false; #Set true to enable AES 256-bit FDE encryption on 14.1+15.1 #XXX: THIS WILL **DESTROY** EXISTING INSTALLS!
export DOS_USE_KSM = false; #Set true to use KSM for increased memory efficiency at the cost of easier side-channel attacks and increased CPU usage #XXX: testing only
2021-10-02 01:43:18 -04:00
export DOS_WEBVIEW_LFS = true; #Whether to `git lfs pull` in the WebView repository
#alias DOS_WEBVIEW_CHERRYPICK='git pull "https://github.com/LineageOS/android_external_chromium-webview" refs/changes/00/316600/2';
2019-04-03 19:04:37 -04:00
2019-10-13 20:35:24 -04:00
#Servers
2021-06-26 14:13:03 -04:00
export DOS_DEFAULT_DNS_PRESET = "Quad9" ; #Sets default DNS. Options: See changeDefaultDNS() in Scripts/Common/Functions.sh
2021-06-10 04:31:15 -04:00
export DOS_GPS_NTP_SERVER = "2.android.pool.ntp.org" ; #Options: Any NTP pool
2022-04-25 21:27:29 -04:00
export DOS_GPS_SUPL_HOST = "supl.google.com" ; #Options: Any *valid* SUPL server
2018-06-02 17:56:21 -04:00
2019-10-13 20:35:24 -04:00
#Release Processing
export DOS_MALWARE_SCAN_BEFORE_SIGN = false; #Scan device files for malware before signing
2019-08-29 14:37:06 -04:00
export DOS_GENERATE_DELTAS = true; #Creates deltas from existing target_files in $DOS_BUILDS
2019-10-13 20:35:24 -04:00
export DOS_AUTO_ARCHIVE_BUILDS = true; #Copies files to $DOS_BUILDS after signing
export DOS_REMOVE_AFTER = true; #Removes device OUT directory after complete to reclaim space. Requires AUTO_ARCHIVE_BUILDS=true
2022-03-15 14:29:33 -04:00
export DOS_REMOVE_AFTER_FULL = false; #Removes the entire OUT directory
2020-06-17 13:18:16 -04:00
export DOS_GPG_SIGNING = true;
export DOS_GPG_SIGNING_KEY = "B8744D67F9F1E14E145DFD8E7F627E920F316994" ;
2019-08-29 14:37:06 -04:00
2019-10-13 20:35:24 -04:00
#Branding
2018-06-29 00:55:21 -04:00
export DOS_BRANDING_NAME = "DivestOS" ;
export DOS_BRANDING_ZIP_PREFIX = "divested" ;
2021-06-12 17:17:11 -04:00
export DOS_BRANDING_BOOTANIMATION_FONT = "Fira-Sans-Heavy" ; #Options: $ convert -list font
2018-06-29 00:55:21 -04:00
export DOS_BRANDING_BOOTANIMATION_STYLE = "plasma" ; #Options: gradient, plasma
#export DOS_BRANDING_BOOTANIMATION_COLOR="#FF5722-#FF8A65"; #gradient
export DOS_BRANDING_BOOTANIMATION_COLOR = "#FF5722-#03A9F4" ; #plasma
2023-06-20 23:14:26 -04:00
export DOS_BRANDING_LINK_ABOUT = "https://divestos.org/pages/about" ;
export DOS_BRANDING_LINK_PRIVACY = "https://divestos.org/pages/privacy_policy" ;
2019-05-23 11:34:26 -04:00
export DOS_BRANDING_SERVER_OTA = "https://divestos.org/updater.php" ;
2023-03-08 00:22:01 -05:00
export DOS_BRANDING_SERVER_OTA_ONION = " $DOS_BRANDING_SERVER_OTA " ; #TODO: need to handle allow cleartext
2018-06-22 23:41:08 -04:00
2019-10-13 20:35:24 -04:00
#Theme
2018-06-29 00:55:21 -04:00
export DOS_THEME_50 = "FFCA28" ; #Amber 400
export DOS_THEME_100 = "FFC107" ; #Amber 500
export DOS_THEME_200 = "FFA726" ; #Orange 400
export DOS_THEME_300 = "FF9800" ; #Orange 500
export DOS_THEME_500 = "FF5722" ; #Deep Orange 500
export DOS_THEME_700 = "E64A19" ; #Deep Orange 700
2019-10-13 20:35:24 -04:00
#
2018-06-02 17:51:18 -04:00
#END OF USER CONFIGURABLE OPTIONS
2019-10-13 20:35:24 -04:00
#
2023-04-14 14:49:18 -04:00
[ -f " $HOME /.divested.vars " ] && source $HOME /.divested.vars && echo " included $HOME /.divested.vars config "
2023-04-14 05:32:55 -04:00
[ -f " $HOME /.divested.vars. ${ BDEVICE } " ] && source $HOME /.divested.vars.${ BDEVICE } && echo " included $HOME /.divested.vars. ${ BDEVICE } config "
2018-06-02 17:51:18 -04:00
2020-12-21 17:09:19 -05:00
umask 0022;
2018-08-31 00:02:52 -04:00
gpgVerifyGitHead( ) {
2022-08-24 15:50:36 -04:00
if [ -r " $DOS_TMP_GNUPG /pubring.kbx " ] ; then
if git -C " $1 " verify-commit HEAD & >/dev/null; then
2018-08-31 00:02:52 -04:00
echo -e " \e[0;32mGPG Verified Git HEAD Successfully: $1 \e[0m " ;
else
echo -e " \e[0;31mWARNING: GPG Verification of Git HEAD Failed: $1 \e[0m " ;
2022-08-24 15:50:36 -04:00
#sleep 60;
2018-08-31 00:02:52 -04:00
fi ;
#git -C $1 log --show-signature -1;
else
2022-08-26 22:00:59 -04:00
echo -e " \e[0;33mWARNING: keyring is unavailable, GPG verification of $1 will not be performed!\e[0m " ;
2018-08-31 00:02:52 -04:00
fi ;
}
export -f gpgVerifyGitHead;
2018-06-02 17:51:18 -04:00
BUILD_WORKING_DIR = ${ PWD ##*/ } ;
2023-03-08 00:22:01 -05:00
export DOS_VERSION = " $BUILD_WORKING_DIR " ;
2018-06-03 08:02:43 -04:00
if [ -d ".repo" ] ; then
echo " Detected $BUILD_WORKING_DIR " ;
else
echo "Not a valid workspace!" ;
return 1;
fi ;
2017-10-29 01:48:53 -04:00
2023-03-08 00:22:01 -05:00
export DOS_BUILD_BASE = " $DOS_WORKSPACE_ROOT /Build/ $BUILD_WORKING_DIR / " ;
2018-06-29 00:55:21 -04:00
if [ ! -d " $DOS_BUILD_BASE " ] ; then
2018-06-03 08:02:43 -04:00
echo "Path mismatch! Please update init.sh!" ;
return 1;
fi ;
2017-11-05 14:30:15 -05:00
2018-07-04 15:35:16 -04:00
export DOS_TMP_DIR = "/tmp/dos_tmp" ;
2018-12-18 21:34:32 -05:00
mkdir -p " $DOS_TMP_DIR " ;
2018-07-09 08:16:36 -04:00
export DOS_HOSTS_FILE = " $DOS_TMP_DIR /hosts " ;
2022-08-24 15:50:36 -04:00
export DOS_TMP_GNUPG = " $DOS_TMP_DIR /gnupg- $RANDOM " ;
mkdir -p " $DOS_TMP_GNUPG " ;
export GNUPGHOME = " $DOS_TMP_GNUPG " ;
chmod 700 " $DOS_TMP_GNUPG " ;
2023-03-08 00:22:01 -05:00
export DOS_VERIFICATION_KEYRING = " $DOS_WORKSPACE_ROOT /Misc/pubring.kbx " ;
2022-08-24 15:50:36 -04:00
cp " $DOS_VERIFICATION_KEYRING " " $DOS_TMP_GNUPG / " ;
2018-07-04 15:35:16 -04:00
2023-03-08 00:22:01 -05:00
export DOS_PREBUILT_APPS = " $DOS_WORKSPACE_ROOT /PrebuiltApps/ " ;
export DOS_PATCHES_COMMON = " $DOS_WORKSPACE_ROOT /Patches/Common/ " ;
export DOS_PATCHES = " $DOS_WORKSPACE_ROOT /Patches/ $BUILD_WORKING_DIR / " ;
export DOS_PATCHES_LINUX_CVES = " $DOS_WORKSPACE_ROOT /Patches/Linux/ " ;
export DOS_WALLPAPERS = " $DOS_WORKSPACE_ROOT /Patches/Wallpapers/ " ;
2017-10-29 01:48:53 -04:00
2023-03-08 00:22:01 -05:00
export DOS_SCRIPTS_COMMON = " $DOS_WORKSPACE_ROOT /Scripts/Common/ " ;
export DOS_SCRIPTS = " $DOS_WORKSPACE_ROOT /Scripts/ $BUILD_WORKING_DIR / " ;
2018-06-29 00:55:21 -04:00
if [ ! -d " $DOS_SCRIPTS " ] ; then
2018-06-03 08:02:43 -04:00
echo " $BUILD_WORKING_DIR is not supported! " ;
return 1;
fi ;
2023-03-08 00:22:01 -05:00
export DOS_SCRIPTS_CVES = " $DOS_SCRIPTS /CVE_Patchers/ " ;
2017-10-29 01:48:53 -04:00
2018-04-23 08:59:18 -04:00
export KBUILD_BUILD_USER = "emy" ;
export KBUILD_BUILD_HOST = "dosbm" ;
2021-04-05 22:57:59 -04:00
export BUILD_USERNAME = "emy" ;
export BUILD_HOSTNAME = "dosbm" ;
2017-10-29 01:48:53 -04:00
2022-11-10 16:50:18 -05:00
export ANDROID_JACK_VM_ARGS = "-Xmx8192m -Xms512m -Dfile.encoding=UTF-8 -XX:+TieredCompilation" ;
2018-04-23 08:43:28 -04:00
export JACK_SERVER_VM_ARGUMENTS = " ${ ANDROID_JACK_VM_ARGS } " ;
2018-10-20 13:13:32 -04:00
export EXPERIMENTAL_USE_JAVA8 = true;
2018-04-23 08:59:18 -04:00
export GRADLE_OPTS = "-Xmx2048m" ;
2018-10-20 13:13:32 -04:00
export TZ = :/etc/localtime;
2018-04-28 03:16:35 -04:00
export LC_ALL = C;
2023-03-08 00:22:01 -05:00
export LANG = C.UTF-8;
2018-04-28 03:16:35 -04:00
2023-08-21 17:56:38 -04:00
if [ [ " $DOS_VERSION " != "LineageOS-20.0" ] ] ; then export DOS_DEBLOBBER_REMOVE_EUICC_FULL = true; fi ;
2018-08-31 00:02:52 -04:00
#START OF VERIFICATION
2023-03-08 00:22:01 -05:00
gpgVerifyGitHead " $DOS_WORKSPACE_ROOT " ;
gpgVerifyGitHead " $DOS_PREBUILT_APPS " ;
gpgVerifyGitHead " $DOS_PATCHES_LINUX_CVES " ;
gpgVerifyGitHead " $DOS_WALLPAPERS " ;
2018-08-31 00:02:52 -04:00
#END OF VERIFICATION
2021-10-16 19:15:19 -04:00
source " $DOS_SCRIPTS_COMMON /Shell.sh " ;
2018-06-29 00:55:21 -04:00
source " $DOS_SCRIPTS_COMMON /Functions.sh " ;
2022-08-26 23:02:25 -04:00
source " $DOS_SCRIPTS_COMMON /Tag_Verifier.sh " ;
2018-06-29 00:55:21 -04:00
source " $DOS_SCRIPTS /Functions.sh " ;
2023-03-08 16:02:02 -05:00
[ [ -f " $DOS_BUILD_BASE /.repo/local_manifests/roomservice.xml " ] ] && echo "roomservice manifest found! Please fix your manifests before continuing!" ;
[ [ -f " $DOS_BUILD_BASE /DOS_PATCHED_FLAG " ] ] && echo "NOTE: THIS WORKSPACE IS ALREADY PATCHED, PLEASE RESET BEFORE PATCHING AGAIN!" ;