Small changes

Signed-off-by: Tad <tad@spotco.us>

Scripts/Common/Copy_Keys.sh

@@ -15,6 +15,7 @@
 #You should have received a copy of the GNU General Public License
 #along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
+if [ -d "$DOS_SIGNING_KEYS" ]; then
 echo "Copying verity/avb public keys to kernels...";
 cat "$DOS_SIGNING_KEYS/Amber/verity.x509.pem" >> "kernel/yandex/sdm660/certs/verity.x509.pem";
 cat "$DOS_SIGNING_KEYS/alioth/verity.x509.pem" >> "kernel/xiaomi/sm8250/certs/verity.x509.pem";
@@ -104,3 +105,6 @@ cp -v "$DOS_SIGNING_KEYS/walleye/verifiedboot_relkeys.der.x509" "kernel/google/w
 cp -v "$DOS_SIGNING_KEYS/z2_plus/verifiedboot_relkeys.der.x509" "kernel/zuk/msm8996/verifiedboot_z2_plus_dos_relkeys.der.x509";
 cp -v "$DOS_SIGNING_KEYS/zenfone3/verifiedboot_relkeys.der.x509" "kernel/asus/msm8953/verifiedboot_zenfone3_dos_relkeys.der.x509";
 echo "Copied keys to kernels!";
+else
+echo -e "\e[0;31mSigning keys unavailable, NOT copying public keys to kernels!\e[0m";
+fi;

Scripts/Common/Fix_CVE_Patchers.sh

@@ -17,13 +17,13 @@
 
 commentPatches() {
 	file="$1";
-	if [ -f $file ]; then
+	if [ -f "$file" ]; then
 		shift;
 		for var in "$@"
 		do
 			#escaped=$(printf "%q" "$var");
 			#echo $escaped;
-			sed -i $file -e '\|'$var'| s|^#*|#|';
+			sed -i "$file" -e '\|'$var'| s|^#*|#|';
 		done
 	fi;
 }

Scripts/Common/Functions.sh

@@ -53,6 +53,44 @@ gitReset() {
 }
 export -f gitReset;
 
+applyPatchReal() {
+	currentWorkingPatch=$1;
+	firstLine=$(head -n1 "$currentWorkingPatch");
+	if [[ "$firstLine" = *"Mon Sep 17 00:00:00 2001"* ]] || [[ "$firstLine" = *"Thu Jan  1 00:00:00 1970"* ]]; then
+		git am "$@";
+	else
+		git apply "$@";
+		echo "Applying (as diff): $currentWorkingPatch";
+	fi;
+}
+export -f applyPatchReal;
+
+applyPatch() {
+	currentWorkingPatch=$1;
+	if [ -f "$currentWorkingPatch" ]; then
+		git apply --check "$@" &> /dev/null;
+		if [ "$?" -eq 0 ]; then
+			applyPatchReal "$@";
+		else
+			git apply --reverse --check "$@" &> /dev/null;
+			if [ "$?" -eq 0 ]; then
+				echo "Already applied: $currentWorkingPatch";
+			else
+				git apply --check "$@" --3way &> /dev/null;
+				if [ "$?" -eq 0 ]; then
+					applyPatchReal "$@" --3way;
+					echo "Applied (as 3way): $currentWorkingPatch";
+				else
+					echo -e "\e[0;31mCannot apply: $currentWorkingPatch\e[0m";
+				fi;
+			fi;
+		fi;
+	else
+		echo -e "\e[0;31mPatch doesn't exist: $currentWorkingPatch\e[0m";
+	fi;
+}
+export -f applyPatch;
+
 gpgVerifyDirectory() {
 	if [ -r "$HOME/.gnupg" ]; then
 		for sig in $1/*.asc; do
@@ -711,8 +749,7 @@ hardenDefconfig() {
 	optionsYes+=("THREAD_INFO_IN_TASK" "VMAP_STACK");
 
 	#Linux 4.10
-	optionsYes+=("ARM64_SW_TTBR0_PAN");
-	#Disabled: BUG_ON_DATA_CORRUPTION (boot issues?)
+	optionsYes+=("ARM64_SW_TTBR0_PAN" "BUG_ON_DATA_CORRUPTION");
 
 	#Linux 4.11
 	optionsYes+=("STRICT_KERNEL_RWX" "STRICT_MODULE_RWX");
@@ -790,7 +827,6 @@ hardenDefconfig() {
 
 	if [ "$DOS_DEBLOBBER_REMOVE_IPA" = true ]; then optionsNo+=("IPA" "RMNET_IPA"); fi;
 	optionsNo+=("WIREGUARD"); #Requires root access, which we do not provide
-	#optionsNo+=("LTO_CLANG"); #Can easily require 64GB of RAM on host system to compile
 
 	for option in "${optionsNo[@]}"
 	do