Many changes

- 15.1: Fixup ether here too
- Change F-Droid application id to allow installation of official F-Droid side by side
- Remove FDroidPriv patch and use sed instead
- Optimize: Switch VM_MAX_READAHEAD to 512KB
- Misc tweaks
- Update TODO
This commit is contained in:
Tad 2018-05-20 23:28:01 -04:00
parent 29e49a5147
commit 67db210756
13 changed files with 32 additions and 75 deletions

View File

@ -0,0 +1,6 @@
Try and automatically add the following when parsing AndroidManifest
<meta-data android:name="firebase_analytics_collection_deactivated" android:value="true" />
<meta-data android:name="google_analytics_adid_collection_enabled" android:value="false" />
core/java/android/content/pm/PackageItemInfo.java ?

View File

@ -1,27 +0,0 @@
From 0494963c9882396a96a1796d3ef748771d6cb91c Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 21 Mar 2018 19:20:02 -0400
Subject: [PATCH] Switch to our release key
---
app/src/main/java/org/fdroid/fdroid/privileged/ClientWhitelist.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/app/src/main/java/org/fdroid/fdroid/privileged/ClientWhitelist.java b/app/src/main/java/org/fdroid/fdroid/privileged/ClientWhitelist.java
index ef2087a..8cca796 100644
--- a/app/src/main/java/org/fdroid/fdroid/privileged/ClientWhitelist.java
+++ b/app/src/main/java/org/fdroid/fdroid/privileged/ClientWhitelist.java
@@ -34,8 +34,8 @@ import java.util.HashSet;
public class ClientWhitelist {
public static HashSet<Pair<String, String>> whitelist = new HashSet<>(Arrays.asList(
- // certificate SHA-256 of https//f-droid.org/F-Droid.apk
- new Pair<>("org.fdroid.fdroid", "43238d512c1e5eb2d6569f4a3afbf5523418b82e0a3ed1552770abb9a9c9ccab")
+ //release-key
+ new Pair<>("org.fdroid.fdroid", "cb1ee2ec40d05ed678f42ae701cdfa29eea79d0e6d633276de230bf3494067c3")
));
}
--
2.16.2

View File

@ -1,27 +0,0 @@
From 0494963c9882396a96a1796d3ef748771d6cb91c Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 21 Mar 2018 19:20:02 -0400
Subject: [PATCH] Switch to our release key
---
app/src/main/java/org/fdroid/fdroid/privileged/ClientWhitelist.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/app/src/main/java/org/fdroid/fdroid/privileged/ClientWhitelist.java b/app/src/main/java/org/fdroid/fdroid/privileged/ClientWhitelist.java
index ef2087a..8cca796 100644
--- a/app/src/main/java/org/fdroid/fdroid/privileged/ClientWhitelist.java
+++ b/app/src/main/java/org/fdroid/fdroid/privileged/ClientWhitelist.java
@@ -34,8 +34,8 @@ import java.util.HashSet;
public class ClientWhitelist {
public static HashSet<Pair<String, String>> whitelist = new HashSet<>(Arrays.asList(
- // certificate SHA-256 of https//f-droid.org/F-Droid.apk
- new Pair<>("org.fdroid.fdroid", "43238d512c1e5eb2d6569f4a3afbf5523418b82e0a3ed1552770abb9a9c9ccab")
+ //release-key
+ new Pair<>("org.fdroid.fdroid", "cb1ee2ec40d05ed678f42ae701cdfa29eea79d0e6d633276de230bf3494067c3")
));
}
--
2.16.2

@ -1 +1 @@
Subproject commit d5a19c050de1586595062dc296cda164796ce1c6
Subproject commit 23d54093920eae1ff0be7782d32c8bf2696f6182

View File

@ -72,7 +72,7 @@ echo "Deblobbing..."
#Diagnostics [Qualcomm]
blobs=$blobs"|[/]diag[/]|diag_callback_client|diag_dci_sample|diag_klog|diag_mdlog|diag_mdlog-getlogs|diag_mdlog-wrap|diag[/]mdm|diag_qshrink4_daemon|diag_socket_log|diag_uart_log|drmdiagapp|ibdrmdiag.so|ssr_diag|test_diag";
#Dirac (Audio Effects) [Dirac]
#Dirac (Audio Codec + Effects) [Dirac]
blobs=$blobs"|libDiracAPI_SHARED.so|.*dirac.*";
#Discretix (DRM/HDCP) [Discretix Technologies]

View File

@ -34,5 +34,8 @@ sed -i 's|config_notifications_round_rect_clipping">true|config_notifications_ro
sed -i 's|config_showTemperatureWarning">0|config_showTemperatureWarning">1|' packages/SystemUI/res/values/config.xml; #XXX: Doesn't seem to work?
#sed -i 's|||'
enter "kernel"
sed -i "s/#define VM_MAX_READAHEAD\t128/#define VM_MAX_READAHEAD\t512/" */*/include/linux/mm.h; #Lee Susman <lsusman@codeaurora.org>: Change the VM_MAX_READAHEAD value from the default 128KB to 512KB. This will allow the readahead window to grow to a maximum size of 512KB, which greatly benefits to sequential read throughput.
cd $base;
echo "Optimizing complete!";

View File

@ -115,10 +115,11 @@ cp $patches"android_packages_apps_FDroid/default_repos.xml" app/src/main/res/val
sed -i 's|outputs/apk/|outputs/apk/release/|' Android.mk;
sed -i 's|gradle|./gradlew|' Android.mk; #Gradle 4.0 fix
sed -i 's|/$(fdroid_dir) \&\&| \&\&|' Android.mk; #One line wouldn't work... no matter what I tried.
#TODO: Change the package ID until https://gitlab.com/fdroid/fdroidclient/issues/843 is implemented
sed -i 's/org\.fdroid\.fdroid/org.fdroid.fdroid_dos/' app/build.gradle; #Change the package ID until https://gitlab.com/fdroid/fdroidclient/issues/843 is implemented
enterAndClear "packages/apps/FDroidPrivilegedExtension";
patch -p1 < $patches"android_packages_apps_FDroidPrivilegedExtension/0001-Release_Key.patch"; #Change to release key
sed -i 's/43238d512c1e5eb2d6569f4a3afbf5523418b82e0a3ed1552770abb9a9c9ccab/cb1ee2ec40d05ed678f42ae701cdfa29eea79d0e6d633276de230bf3494067c3/' app/src/main/java/org/fdroid/fdroid/privileged/ClientWhitelist.java;
sed -i 's/\"org\.fdroid\.fdroid/\"org.fdroid.fdroid_dos/' app/src/main/java/org/fdroid/fdroid/privileged/ClientWhitelist.java;
#release-keys: CB:1E:E2:EC:40:D0:5E:D6:78:F4:2A:E7:01:CD:FA:29:EE:A7:9D:0E:6D:63:32:76:DE:23:0B:F3:49:40:67:C3
#test-keys: C8:A2:E9:BC:CF:59:7C:2F:B6:DC:66:BE:E2:93:FC:13:F2:FC:47:EC:77:BC:6B:2B:0D:52:C1:1F:51:19:2A:B8

View File

@ -4,7 +4,6 @@ git apply $cvePatchesLinux/0010-Accelerated_AES/3.4/0002.patch
git apply $cvePatchesLinux/0012-Copperhead-Deny_USB/3.4/3.4-Backport.patch
git apply $cvePatchesLinux/CVE-2016-3894/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-6828/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-7910/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-11473/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-16526/^4.13/0001.patch
@ -16,5 +15,5 @@ git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0005.patch
git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
editKernelLocalversion "-dos.p16"
editKernelLocalversion "-dos.p15"
cd $base

View File

@ -64,7 +64,7 @@ git apply $cvePatchesLinux/CVE-2017-8281/3.10/0003.patch
git apply $cvePatchesLinux/CVE-2017-9723/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2018-3563/3.10/0001.patch
git apply $cvePatchesLinux/CVE-2018-3584/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2018-3585/3.10/0001.patch
#git apply $cvePatchesLinux/CVE-2018-3585/3.10/0001.patch
git apply $cvePatchesLinux/CVE-2018-5825/3.10/0001.patch
git apply $cvePatchesLinux/LVT-2017-0003/3.10/0001.patch
git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch

View File

@ -58,6 +58,7 @@ buildAll() {
brunch lineage_bullhead-user;
brunch lineage_d802-user;
brunch lineage_d855-user;
brunch lineage_ether-user;
brunch lineage_flo-user;
brunch lineage_flounder-user;
brunch lineage_griffin-user;

View File

@ -34,5 +34,8 @@ sed -i 's|config_notifications_round_rect_clipping">true|config_notifications_ro
sed -i 's|config_showTemperatureWarning">0|config_showTemperatureWarning">1|' packages/SystemUI/res/values/config.xml; #XXX: Doesn't seem to work?
#sed -i 's|||'
enter "kernel"
sed -i "s/#define VM_MAX_READAHEAD\t128/#define VM_MAX_READAHEAD\t512/" */*/include/linux/mm.h; #Lee Susman <lsusman@codeaurora.org>: Change the VM_MAX_READAHEAD value from the default 128KB to 512KB. This will allow the readahead window to grow to a maximum size of 512KB, which greatly benefits to sequential read throughput.
cd $base;
echo "Optimizing complete!";

View File

@ -65,6 +65,8 @@ patch -p1 < $patches"android_build/0001-Automated_Build_Signing.patch"; #Automat
if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then patch -p1 < $patches"android_build/Copperhead/0002-Deny_USB.patch"; fi; #Deny USB support (Copperhead CC BY-NC-SA)
awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk;
sed -i 's/messaging/Silence/' target/product/*.mk; #Replace AOSP Messaging app with Silence
sed -i 's/ro.secure=0/ro.secure=1/' core/main.mk;
#sed -i 's/ro.adb.secure=0/ro.adb.secure=1/' core/main.mk;
enterAndClear "device/qcom/sepolicy";
patch -p1 < $patches"android_device_qcom_sepolicy/0001-Camera_Fix.patch"; #Fix camera on -user builds XXX: REMOVE THIS TRASH
@ -111,11 +113,11 @@ cp $patches"android_packages_apps_FDroid/default_repos.xml" app/src/main/res/val
sed -i 's|outputs/apk/|outputs/apk/release/|' Android.mk;
sed -i 's|gradle|./gradlew|' Android.mk; #Gradle 4.0 fix
sed -i 's|/$(fdroid_dir) \&\&| \&\&|' Android.mk; #One line wouldn't work... no matter what I tried.
#TODO: Change the package ID until https://gitlab.com/fdroid/fdroidclient/issues/843 is implemented
#TODO: WifiPermissionsUtil: Denied: no location permission
sed -i 's/org\.fdroid\.fdroid/org.fdroid.fdroid_dos/' app/build.gradle; #Change the package ID until https://gitlab.com/fdroid/fdroidclient/issues/843 is implemented
enterAndClear "packages/apps/FDroidPrivilegedExtension";
patch -p1 < $patches"android_packages_apps_FDroidPrivilegedExtension/0001-Release_Key.patch"; #Change to release key
sed -i 's/43238d512c1e5eb2d6569f4a3afbf5523418b82e0a3ed1552770abb9a9c9ccab/cb1ee2ec40d05ed678f42ae701cdfa29eea79d0e6d633276de230bf3494067c3/' app/src/main/java/org/fdroid/fdroid/privileged/ClientWhitelist.java;
sed -i 's/\"org\.fdroid\.fdroid/\"org.fdroid.fdroid_dos/' app/src/main/java/org/fdroid/fdroid/privileged/ClientWhitelist.java;
#release-keys: CB:1E:E2:EC:40:D0:5E:D6:78:F4:2A:E7:01:CD:FA:29:EE:A7:9D:0E:6D:63:32:76:DE:23:0B:F3:49:40:67:C3
#test-keys: C8:A2:E9:BC:CF:59:7C:2F:B6:DC:66:BE:E2:93:FC:13:F2:FC:47:EC:77:BC:6B:2B:0D:52:C1:1F:51:19:2A:B8

18
TODO
View File

@ -1,9 +1,10 @@
Last updated: 2018-05-15
Last updated: 2018-05-20
High Priority (Release blockers)
Build
- Automate incremental update generation
- Update HOSTS file
- Switch HOSTS to release variant
- New RSA 4096 signing keys
Project
- Create cryptocurrency addresses
- Setup Stripe
@ -19,7 +20,7 @@ Medium Priority
Build
- Add more device overclocks
- Add support for more devices
- Fix F-Droid signing
- Support 11.0
Design
- Facelift of Extirpater
- Facelift of Hypatia
@ -34,12 +35,12 @@ Medium Priority
- Get signoff from Copperhead on inclusion of disabled patches
Website
- Cache updater and device page outputs using (PHP)Redis
- Switch from Shadow to Piwik
- Update Terms of Service and Privacy Policy
- Switch from Shadow to Piwik and update Privacy Policy
Low Priority
Build
- Move overclocks to separate repo
- Support 13.0
Website
- Switch to a wiki
WiFiDatabaseMerger
@ -70,12 +71,11 @@ Longterm
Contributions to other projects (via labor or funding)
Add Tor support: Materialistic, microG, RadioDroid, Slide, Wikipedia
Resurrect: Blockinger, microG, Pandoroid
Amexia
- More icons
Anuto
- Save/load support
Blockinger
- Resurrection
Briar
- Repeater support
Conversations
@ -85,12 +85,8 @@ Contributions to other projects (via labor or funding)
- Polish edges
F-Droid
- Loading of repos from /system (#843)
microG
- Resurrection
Orbot
- Better tracking of Tor releases
Pandoroid
- Resurrection
Funding of new projects
- Anti-theft