Backport patch to handle verity with openssl 3.0

ref: https://github.com/Divested-Mobile/DivestOS-Website/pull/19

Signed-off-by: Tad <tad@spotco.us>

Patches/Common/android_build/0001-verity-openssl3.patch

@@ -0,0 +1,28 @@
+From b7d70a2cb114ecbe9c931d59d852f5ada771ab52 Mon Sep 17 00:00:00 2001
+From: Kelvin Zhang <zhangkelvin@google.com>
+Date: Thu, 22 Dec 2022 10:30:00 -0800
+Subject: [PATCH] Fix VB 1.0 failure due to openssl output format change
+
+Openssl changed output format, the 'keyid:' prefix is removed, hence old
+regex is unable to extract key id.
+
+Bug: 262902909
+Change-Id: Iea5b6fffed7c27855d87e35292f07a56686e4197
+Merged-In: I446a0b16e482c43542a1c0e41b24e80eb9fbc8e6
+---
+ tools/releasetools/sign_target_files_apks.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
+index 837eaf9c1e..09d0b10a42 100755
+--- a/tools/releasetools/sign_target_files_apks.py
++++ b/tools/releasetools/sign_target_files_apks.py
+@@ -1032,7 +1032,7 @@ def ReplaceVerityKeyId(input_zip, output_zip, key_path):
+     keyid, stderr = p.communicate()
+     assert p.returncode == 0, "Failed to dump certificate: {}".format(stderr)
+     keyid = re.search(
+-        r'keyid:([0-9a-fA-F:]*)', keyid).group(1).replace(':', '').lower()
++            r'Authority Key Identifier:\s*(?:keyid:)?([0-9a-fA-F:]*)', keyid).group(1).replace(':', '').lower()
+     print("Replacing verity keyid with {}".format(keyid))
+     out_buffer.append("veritykeyid=id:%s" % (keyid,))
+ 

Patches/LineageOS-15.1/android_build/0003-verity-openssl3.patch

@@ -0,0 +1,28 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Kelvin Zhang <zhangkelvin@google.com>
+Date: Thu, 22 Dec 2022 10:30:00 -0800
+Subject: [PATCH] Fix VB 1.0 failure due to openssl output format change
+
+Openssl changed output format, the 'keyid:' prefix is removed, hence old
+regex is unable to extract key id.
+
+Bug: 262902909
+Change-Id: Iea5b6fffed7c27855d87e35292f07a56686e4197
+Merged-In: I446a0b16e482c43542a1c0e41b24e80eb9fbc8e6
+---
+ tools/releasetools/sign_target_files_apks.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
+index 94ab84745c..9798985067 100755
+--- a/tools/releasetools/sign_target_files_apks.py
++++ b/tools/releasetools/sign_target_files_apks.py
+@@ -566,7 +566,7 @@ def ReplaceVerityKeyId(targetfile_input_zip, targetfile_output_zip, keypath):
+           stdout=subprocess.PIPE)
+       keyid, stderr = p.communicate()
+       keyid = re.search(
+-          r'keyid:([0-9a-fA-F:]*)', keyid).group(1).replace(':', '').lower()
++          r'Authority Key Identifier:\s*(?:keyid:)?([0-9a-fA-F:]*)', keyid).group(1).replace(':', '').lower()
+       print "Replacing verity keyid with %s error=%s" % (keyid, stderr)
+       out_cmdline.append("veritykeyid=id:%s" % (keyid,))
+     else:

Scripts/LineageOS-15.1/Patch.sh

@@ -71,6 +71,7 @@ if enterAndClear "build/make"; then
 git revert --no-edit ceb64cd86b1cf6be3b1214ace80d8260971f8877; #Re-enable the downgrade check
 applyPatch "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #Add correct keys to recovery for OTA verification (DivestOS)
 applyPatch "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_build/0003-verity-openssl3.patch"; #Fix VB 1.0 failure due to openssl output format change
 sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
 awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
 sed -i 's/2021-10-05/2023-08-05/' core/version_defaults.mk; #Bump Security String #XXX

Scripts/LineageOS-16.0/Patch.sh

@@ -95,6 +95,7 @@ git revert --no-edit 58544f3aa139b4603fa26c39e8d9259402d658b8; #Re-enable the do
 git revert --no-edit 271f6ffa045064abcac066e97f2cb53ccb3e5126 61f7ee9386be426fd4eadc2c8759362edb5bef8; #Add back PicoTTS and language files
 applyPatch "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #Add correct keys to recovery for OTA verification (DivestOS)
 applyPatch "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
+applyPatch "$DOS_PATCHES_COMMON/android_build/0001-verity-openssl3.patch"; #Fix VB 1.0 failure due to openssl output format change
 sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
 sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 17/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
 awk -i inplace '!/Email/' target/product/core.mk; #Remove Email

Scripts/LineageOS-17.1/Patch.sh

@@ -93,6 +93,7 @@ git revert --no-edit 0a9df01b268a238a623f5e0ea5221cebdfee2414; #Re-enable the do
 applyPatch "$DOS_PATCHES/android_build/0001-Restore_TTS.patch"; #Add back PicoTTS and language files (DivestOS)
 applyPatch "$DOS_PATCHES/android_build/0002-OTA_Keys.patch"; #Add correct keys to recovery for OTA verification (DivestOS)
 applyPatch "$DOS_PATCHES/android_build/0003-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
+applyPatch "$DOS_PATCHES_COMMON/android_build/0001-verity-openssl3.patch"; #Fix VB 1.0 failure due to openssl output format change
 sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
 awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
 sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)

Scripts/LineageOS-18.1/Patch.sh

@@ -91,6 +91,7 @@ git revert --no-edit def3f14af17ae92192d2cc7d22349cabfa906fd6; #Re-enable the do
 applyPatch "$DOS_PATCHES/android_build/0001-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_build/0002-OTA_Keys.patch"; #Add correct keys to recovery for OTA verification (DivestOS)
 if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_build/0003-Exec_Based_Spawning.patch"; fi; #Add exec-based spawning support (GrapheneOS) #XXX: most devices override this
+applyPatch "$DOS_PATCHES_COMMON/android_build/0001-verity-openssl3.patch"; #Fix VB 1.0 failure due to openssl output format change
 sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
 awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
 sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)

Scripts/LineageOS-19.1/Patch.sh

@@ -93,6 +93,7 @@ git revert --no-edit 7f4b9a43f3c49a5a896dd4951be0a96584751f46; #Re-enable the do
 applyPatch "$DOS_PATCHES/android_build/0001-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_build/0002-OTA_Keys.patch"; #Add correct keys to recovery for OTA verification (DivestOS)
 if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_build/0003-Exec_Based_Spawning.patch"; fi; #Add exec-based spawning support (GrapheneOS) #XXX: most devices override this
+applyPatch "$DOS_PATCHES_COMMON/android_build/0001-verity-openssl3.patch"; #Fix VB 1.0 failure due to openssl output format change
 sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
 awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
 sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)