mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-24 15:09:34 -05:00
Manifest cleanup + always remove latemount from /cache
formatting/erasing /cache will result in selinux contexts being lost these are normally restored by system/core/rootdir/init.rc in post-fs but latemount causes /cache to not be mounted beforehand preventing it from ever being fixed result is broken ota and recovery updates
This commit is contained in:
parent
c5d2f25797
commit
6c4eadcdc7
@ -67,7 +67,6 @@
|
||||
|
||||
<!-- F-Droid -->
|
||||
<remote name="fdroid" fetch="https://gitlab.com/fdroid/" />
|
||||
<project path="packages/apps/FDroidPrivilegedExtension" name="privileged-extension.git" remote="fdroid" revision="refs/tags/0.2.8" />
|
||||
<!-- END OF ADDITIONAL REPOS -->
|
||||
|
||||
<!-- START OF DEVICE REPOS -->
|
||||
|
@ -67,7 +67,6 @@
|
||||
<!-- START OF ADDITIONAL REPOS -->
|
||||
<!-- F-Droid -->
|
||||
<remote name="fdroid" fetch="https://gitlab.com/fdroid/" />
|
||||
<project path="packages/apps/FDroidPrivilegedExtension" name="privileged-extension.git" remote="fdroid" revision="refs/tags/0.2.8" />
|
||||
<!-- END OF ADDITIONAL REPOS -->
|
||||
|
||||
<!-- START OF DEVICE REPOS -->
|
||||
|
104
Patches/LineageOS-11.0/android_build/1.patch
Normal file
104
Patches/LineageOS-11.0/android_build/1.patch
Normal file
@ -0,0 +1,104 @@
|
||||
From 4eb4173b876ab4b4d71a5be541096d346649bbef Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 30 May 2015 22:47:50 -0400
|
||||
Subject: [PATCH] add optional automated signing
|
||||
|
||||
---
|
||||
core/Makefile | 48 ++++++++++++++++++++++++++++++++++++++++--------
|
||||
1 file changed, 40 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/core/Makefile b/core/Makefile
|
||||
index 7eca2db..82006c9 100644
|
||||
--- a/core/Makefile
|
||||
+++ b/core/Makefile
|
||||
@@ -408,6 +408,11 @@ ifneq ($(OTA_PACKAGE_SIGNING_KEY),)
|
||||
DEFAULT_KEY_CERT_PAIR := $(OTA_PACKAGE_SIGNING_KEY)
|
||||
endif
|
||||
|
||||
+ifneq ($(SIGNING_KEY_DIR),)
|
||||
+ KEY_CERT_DIR := $(SIGNING_KEY_DIR)
|
||||
+ DEFAULT_KEY_CERT_PAIR := $(SIGNING_KEY_DIR)/releasekey
|
||||
+endif
|
||||
+
|
||||
# Rules that need to be present for the all targets, even
|
||||
# if they don't do anything.
|
||||
.PHONY: systemimage
|
||||
@@ -943,13 +948,18 @@ endif
|
||||
# substitute other keys for this one.
|
||||
OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
|
||||
|
||||
-ifneq ($(OTA_PACKAGE_SIGNING_KEY),)
|
||||
- OTA_PUBLIC_KEYS := $(OTA_PACKAGE_SIGNING_KEY).x509.pem
|
||||
- PRODUCT_EXTRA_RECOVERY_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
|
||||
+ifneq ($(SIGNING_KEY_DIR),)
|
||||
+ OTA_PUBLIC_KEYS := $(SIGNING_KEY_DIR)/releasekey.x509.pem
|
||||
+ PRODUCT_EXTRA_RECOVERY_KEYS += $(SIGNING_KEY_DIR)/extra
|
||||
else
|
||||
- PRODUCT_EXTRA_RECOVERY_KEYS += \
|
||||
- build/target/product/security/cm \
|
||||
- build/target/product/security/cm-devkey
|
||||
+ ifneq ($(OTA_PACKAGE_SIGNING_KEY),)
|
||||
+ OTA_PUBLIC_KEYS := $(OTA_PACKAGE_SIGNING_KEY).x509.pem
|
||||
+ PRODUCT_EXTRA_RECOVERY_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
|
||||
+ else
|
||||
+ PRODUCT_EXTRA_RECOVERY_KEYS += \
|
||||
+ build/target/product/security/cm \
|
||||
+ build/target/product/security/cm-devkey
|
||||
+ endif
|
||||
endif
|
||||
|
||||
# Generate a file containing the keys that will be read by the
|
||||
@@ -1593,6 +1603,12 @@ BUILT_TARGET_FILES_PACKAGE := $(intermediates)/$(name).zip
|
||||
$(BUILT_TARGET_FILES_PACKAGE): intermediates := $(intermediates)
|
||||
$(BUILT_TARGET_FILES_PACKAGE): \
|
||||
zip_root := $(intermediates)/$(name)
|
||||
+SIGNED_TARGET_FILES_PACKAGE := $(intermediates)/signed-$(name).zip
|
||||
+MAYBE_SIGNED_TARGET_FILES_PACKAGE := $(BUILT_TARGET_FILES_PACKAGE)
|
||||
+
|
||||
+ifneq ($(SIGNING_KEY_DIR),)
|
||||
+ MAYBE_SIGNED_TARGET_FILES_PACKAGE := $(SIGNED_TARGET_FILES_PACKAGE)
|
||||
+endif
|
||||
|
||||
# $(1): Directory to copy
|
||||
# $(2): Location to copy it to
|
||||
@@ -1868,6 +1884,12 @@ else
|
||||
OTA_FROM_TARGET_SCRIPT := $(TARGET_RELEASETOOL_OTA_FROM_TARGET_SCRIPT)
|
||||
endif
|
||||
|
||||
+ifeq ($(TARGET_RELEASETOOL_SIGN_TARGET_SCRIPT),)
|
||||
+ SIGN_TARGET_SCRIPT := ./build/tools/releasetools/sign_target_files_apks
|
||||
+else
|
||||
+ SIGN_TARGET_SCRIPT := $(TARGET_RELEASETOOL_SIGN_TARGET_SCRIPT)
|
||||
+endif
|
||||
+
|
||||
ifeq ($(WITH_GMS),true)
|
||||
$(INTERNAL_OTA_PACKAGE_TARGET): backuptool := false
|
||||
else
|
||||
@@ -1895,7 +1917,17 @@ ifneq ($(BLOCK_BASED_OTA),false)
|
||||
$(INTERNAL_OTA_PACKAGE_TARGET): block_based := --block
|
||||
endif
|
||||
|
||||
-$(INTERNAL_OTA_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(DISTTOOLS)
|
||||
+$(SIGNED_TARGET_FILES_PACKAGE): $(BUILT_TARGET_FILES_PACKAGE) $(DISTTOOLS)
|
||||
+ @echo "$(SIGN_TARGET_SCRIPT)" > $(PRODUCT_OUT)/sign_script_path
|
||||
+ @echo -e ${CL_YLW}"Sign target files:"${CL_RST}" $@"
|
||||
+ $(hide) $(SIGN_TARGET_SCRIPT) \
|
||||
+ -d $(KEY_CERT_DIR) \
|
||||
+ -o \
|
||||
+ -e SMSSecure.apk,Orbot.apk,Android-IMSI-Catcher-Detector.apk,FreeOTP.apk,F-Droid.apk= \
|
||||
+ $(BUILT_TARGET_FILES_PACKAGE) \
|
||||
+ $(SIGNED_TARGET_FILES_PACKAGE)
|
||||
+
|
||||
+$(INTERNAL_OTA_PACKAGE_TARGET): $(MAYBE_SIGNED_TARGET_FILES_PACKAGE) $(DISTTOOLS)
|
||||
@echo "$(OTA_FROM_TARGET_SCRIPT)" > $(PRODUCT_OUT)/ota_script_path
|
||||
@echo "$(override_device)" > $(PRODUCT_OUT)/ota_override_device
|
||||
@echo -e ${CL_YLW}"Package OTA:"${CL_RST}" $@"
|
||||
@@ -1907,7 +1939,7 @@ $(INTERNAL_OTA_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(DISTTOOLS)
|
||||
--backup=$(backuptool) \
|
||||
--override_device=$(override_device) $(override_prop) \
|
||||
$(if $(OEM_OTA_CONFIG), -o $(OEM_OTA_CONFIG)) \
|
||||
- $(BUILT_TARGET_FILES_PACKAGE) $@
|
||||
+ $(MAYBE_SIGNED_TARGET_FILES_PACKAGE) $@
|
||||
|
||||
CM_TARGET_PACKAGE := $(PRODUCT_OUT)/cm-$(CM_VERSION).zip
|
||||
|
@ -1 +1 @@
|
||||
Subproject commit 8cccc645af2911c40643ebd38f720faaae16f52a
|
||||
Subproject commit 4f224d0eca2ff2c89c409ba8b86c101bccdb582f
|
@ -206,7 +206,7 @@ export -f hardenLocation;
|
||||
|
||||
enableZram() {
|
||||
cd "$DOS_BUILD_BASE$1";
|
||||
sed -i 's|#/dev/block/zram0|/dev/block/zram0|' fstab.* root/fstab.* rootdir/fstab.* rootdir/etc/fstab.* &>/dev/null || true;
|
||||
sed -i 's|#/dev/block/zram0|/dev/block/zram0|' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
|
||||
echo "Enabled zram for $1";
|
||||
cd "$DOS_BUILD_BASE";
|
||||
}
|
||||
@ -214,9 +214,14 @@ export -f enableZram;
|
||||
|
||||
hardenUserdata() {
|
||||
cd "$DOS_BUILD_BASE$1";
|
||||
|
||||
#Remove latemount to allow selinux contexts be restored upon /cache wipe
|
||||
#Fixes broken OTA updater and broken /recovery updater
|
||||
sed -i '/\/cache/s|latemount,||' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
|
||||
|
||||
#TODO: Ensure: noatime,nosuid,nodev
|
||||
sed -i '/\/data/{/discard/!s|nosuid|discard,nosuid|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/etc/fstab.* &>/dev/null || true;
|
||||
sed -i 's|encryptable=/|forceencrypt=/|' fstab.* root/fstab.* rootdir/fstab.* rootdir/etc/fstab.* &>/dev/null || true;
|
||||
sed -i '/\/data/{/discard/!s|nosuid|discard,nosuid|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
|
||||
sed -i 's|encryptable=/|forceencrypt=/|' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
|
||||
echo "Hardened /data for $1";
|
||||
cd "$DOS_BUILD_BASE";
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user