mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-24 23:19:31 -05:00
Many changes
- Missing credit in LICENSE - Update TODO - hardenLocationConf: don't change version - hardenDefconfig: Fix reboot on shutdown - changeDefaultDNS: replace a level3 dns straggler for tethering config - Don't remove CompanionDeviceManager if microG is included - Update cherry picks - init.sh: update comment wording
This commit is contained in:
parent
115dd21832
commit
b56929d3d9
2
LICENSE
2
LICENSE
@ -7,7 +7,7 @@ Misc - GPLv3
|
||||
Patches/
|
||||
Common/
|
||||
android_vendor_divested - GPLv3
|
||||
default_wallpaper.png - Unsplash
|
||||
default_wallpaper.png - Unsplash, Pawel Czerwinski
|
||||
[Everything Else] - Apache-2.0
|
||||
LineageOS-*/
|
||||
android_kernel_* - GPLv2
|
||||
|
@ -69,7 +69,8 @@ echo "Deblobbing...";
|
||||
#AudioFX (Audio Effects)
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then
|
||||
blobs=$blobs"|fmas_eq.dat";
|
||||
blobs=$blobs"|libasphere.so|libdownmix.so|libeffectproxy.so|libfmas.so|libldnhncr.so|libmmieffectswrapper.so|libreverbwrapper.so|libshoebox.so|libspeakerbundle.so|libvisualizer.so|libvolumelistener.so|libLifevibes_lvverx.so|libhwdap.so";
|
||||
blobs=$blobs"|libasphere.so|libdownmix.so|libeffectproxy.so|libfmas.so|libldnhncr.so|libmmieffectswrapper.so|libreverbwrapper.so|libshoebox.so|libvisualizer.so|libvolumelistener.so|libLifevibes_lvverx.so|libhwdap.so";
|
||||
#blobs=$blobs"|libspeakerbundle.so|libmotaudioutils.so"; #XXX: Breaks audio on Motorola devices (?)
|
||||
blobs=$blobs"|libqcbassboost.so|libqcreverb.so|libqcvirt.so"; #Qualcomm
|
||||
#blobs=$blobs"|libbundlewrapper.so|libqcompostprocbundle.so|libqcomvoiceprocessing.so|libqcomvisualizer.so";
|
||||
blobs=$blobs"|libhwdap.*.so|libswdap.*.so|lib_dlb_msd.so"; #Dolby
|
||||
@ -328,7 +329,6 @@ echo "Deblobbing...";
|
||||
blobs=$blobs"|com.motorola.motosignature.jar|com.motorola.motosignature.xml|MotoSignatureApp.apk";
|
||||
blobs=$blobs"|TriggerEnroll.apk|TriggerTrainingService.apk|com.motorola.triggerenroll.xml";
|
||||
blobs=$blobs"|audio.motvr.default.so";
|
||||
#blobs=$blobs"|libmotaudioutils.so"; #breaks phone call audio (?)
|
||||
blobs=$blobs"|libcce-socketjni.so|libmotocare.so";
|
||||
#blobs=$blobs"|qmi_motext_hook|libmdmcutback.so|libqmimotext.so|libmotext_inf.so"; #necessary for radio
|
||||
makes=$makes"|com.motorola.cameraone.xml";
|
||||
|
@ -296,6 +296,7 @@ pushToServer() {
|
||||
export -f pushToServer;
|
||||
|
||||
removeBuildFingerprint() {
|
||||
#Removes the vendor fingerprint, allowing one to be generated instead
|
||||
awk -i inplace '!/BUILD_FINGERPRINT/' lineage*.mk;
|
||||
}
|
||||
export -f removeBuildFingerprint;
|
||||
@ -371,7 +372,7 @@ hardenLocationConf() {
|
||||
else
|
||||
local deviceDir=$(dirname "$gpsConfig");
|
||||
fi;
|
||||
#Debugging (adb logcat | grep -i -e locsvc -e izat -e gps -e gnss -e location)
|
||||
#Debugging: adb logcat | grep -i -e locsvc -e izat -e gps -e gnss -e location -e xtra
|
||||
#sed -i 's|DEBUG_LEVEL = .|DEBUG_LEVEL = 4|' "$gpsConfig" &> /dev/null || true;
|
||||
#Enable GLONASS
|
||||
if [ "$DOS_GPS_GLONASS_FORCED" = true ]; then
|
||||
@ -403,24 +404,27 @@ hardenLocationConf() {
|
||||
sed -i 's|http://xtrapath|https://xtrapath|' "$gpsConfig" &>/dev/null || true;
|
||||
#sed -i 's|http://gllto|https://gllto|' "$gpsConfig" &>/dev/null || true; XXX: GLPals has an invaid certificate
|
||||
#XTRA: Use format version 3 if possible
|
||||
if grep -sq "XTRA_VERSION_CHECK" "$gpsConfig"; then #Using hardware/qcom/gps OR precompiled blob OR device specific implementation
|
||||
sed -i 's|XTRA_VERSION_CHECK=0|XTRA_VERSION_CHECK=1|' "$gpsConfig" &>/dev/null || true;
|
||||
sed -i 's|xtra2.bin|xtra3grc.bin|' "$gpsConfig" &>/dev/null || true;
|
||||
elif grep -sq "BOARD_VENDOR_QCOM_LOC_PDK_FEATURE_SET := true" "$deviceDir"BoardConfig.mk "$deviceDir"boards/*gps.mk; then
|
||||
if ! grep -sq "USE_DEVICE_SPECIFIC_LOC_API := true" "$deviceDir"BoardConfig.mk "$deviceDir"boards/*gps.mk; then
|
||||
if ! grep -sq "libloc" ./"$deviceDir"/*proprietary*.txt; then #Using hardware/qcom/gps
|
||||
sed -i 's|xtra2.bin|xtra3grc.bin|' "$gpsConfig" &>/dev/null || true;
|
||||
fi;
|
||||
fi;
|
||||
fi;
|
||||
#if grep -sq "XTRA_VERSION_CHECK" "$gpsConfig"; then #Using hardware/qcom/gps OR precompiled blob OR device specific implementation
|
||||
# sed -i 's|XTRA_VERSION_CHECK=0|XTRA_VERSION_CHECK=1|' "$gpsConfig" &>/dev/null || true;
|
||||
# sed -i 's|xtra2.bin|xtra3grc.bin|' "$gpsConfig" &>/dev/null || true;
|
||||
#elif grep -sq "BOARD_VENDOR_QCOM_LOC_PDK_FEATURE_SET := true" "$deviceDir"BoardConfig.mk "$deviceDir"boards/*gps.mk; then
|
||||
# if ! grep -sq "USE_DEVICE_SPECIFIC_LOC_API := true" "$deviceDir"BoardConfig.mk "$deviceDir"boards/*gps.mk; then
|
||||
# if ! grep -sq "libloc" ./"$deviceDir"/*proprietary*.txt; then #Using hardware/qcom/gps
|
||||
# sed -i 's|xtra2.bin|xtra3grc.bin|' "$gpsConfig" &>/dev/null || true;
|
||||
# fi;
|
||||
# fi;
|
||||
#fi;
|
||||
#if [[ "$gpsConfig" = *"gps_debug.conf" ]]; then
|
||||
# echo "XTRA_SERVER_1=https://xtrapath4.izatcloud.net/xtra2.bin" >> "$gpsConfig";
|
||||
# echo "XTRA_SERVER_2=https://xtrapath5.izatcloud.net/xtra2.bin" >> "$gpsConfig";
|
||||
# echo "XTRA_SERVER_3=https://xtrapath6.izatcloud.net/xtra2.bin" >> "$gpsConfig";
|
||||
#fi;
|
||||
echo "Enhanced location services for $gpsConfig";
|
||||
}
|
||||
export -f hardenLocationConf;
|
||||
|
||||
hardenLocationFWB() {
|
||||
local dir=$1;
|
||||
#Debugging (adb logcat | grep -i -e locsvc -e izat -e gps -e gnss -e location)
|
||||
#sed -i 's|DEBUG_LEVEL = .|DEBUG_LEVEL = 4|' "$gpsConfig" &> /dev/null || true;
|
||||
#Enable GLONASS
|
||||
if [ "$DOS_GPS_GLONASS_FORCED" = true ]; then
|
||||
sed -i 's|A_GLONASS_POS_PROTOCOL_SELECT=0.*</item>|A_GLONASS_POS_PROTOCOL_SELECT=15</item>|' "$dir"/frameworks/base/core/res/res/values*/*.xml &>/dev/null || true;
|
||||
@ -475,7 +479,7 @@ export -f hardenUserdata;
|
||||
hardenBootArgs() {
|
||||
cd "$DOS_BUILD_BASE$1";
|
||||
if [[ "$1" != *"device/samsung/klte"* ]] && [[ "$1" != *"device/samsung/msm8974-common"* ]]; then
|
||||
sed -i 's/BOARD_KERNEL_CMDLINE := /BOARD_KERNEL_CMDLINE := page_poison=1 slab_nomerge slub_debug=FZP kpti=on pti=on page_alloc.shuffle=1 init_on_alloc=1 init_on_free=1 lockdown=confidentiality /' BoardConfig*.mk */BoardConfig*.mk &>/dev/null || true;
|
||||
sed -i 's/BOARD_KERNEL_CMDLINE := /BOARD_KERNEL_CMDLINE := slab_nomerge slub_debug=FZP page_poison=1 kpti=on pti=on page_alloc.shuffle=1 init_on_alloc=1 init_on_free=1 lockdown=confidentiality /' BoardConfig*.mk */BoardConfig*.mk &>/dev/null || true;
|
||||
fi;
|
||||
echo "Hardened kernel command line arguments for $1";
|
||||
cd "$DOS_BUILD_BASE";
|
||||
@ -592,6 +596,7 @@ changeDefaultDNS() {
|
||||
sed -i "s/8\.8\.8\.8/$dnsPrimary/" $files &>/dev/null || true;
|
||||
sed -i "s/2001:4860:4860::8888/$dnsPrimaryV6/" $files &>/dev/null || true;
|
||||
sed -i "s/8\.8\.4\.4/$dnsSecondary/" $files &>/dev/null || true;
|
||||
sed -i "s/4\.4\.4\.4/$dnsSecondary/" $files &>/dev/null || true;
|
||||
sed -i "s/2001:4860:4860::8844/$dnsSecondaryV6/" $files &>/dev/null || true;
|
||||
}
|
||||
export -f changeDefaultDNS;
|
||||
@ -640,7 +645,7 @@ hardenDefconfig() {
|
||||
fi;
|
||||
done
|
||||
#Disable supported options
|
||||
#Disabled: MSM_SMP2P_TEST, MAGIC_SYSRQ (breaks compile on many kernels), KALLSYMS (breaks boot on select devices), IKCONFIG (breaks recovery)
|
||||
#Disabled: MSM_SMP2P_TEST, MAGIC_SYSRQ (breaks compile), KALLSYMS (breaks boot on select devices), IKCONFIG (breaks recovery), MSM_DLOAD_MODE (breaks compile)
|
||||
declare -a optionsNo=("ACPI_APEI_EINJ" "ACPI_CUSTOM_METHOD" "ACPI_TABLE_UPGRADE" "BINFMT_AOUT" "BINFMT_MISC" "CHECKPOINT_RESTORE" "COMPAT_BRK" "COMPAT_VDSO" "CP_ACCESS64" "DEBUG_KMEMLEAK" "DEVKMEM" "DEVMEM" "DEVPORT" "EARJACK_DEBUGGER" "GCC_PLUGIN_RANDSTRUCT_PERFORMANCE" "HARDENED_USERCOPY_FALLBACK" "HIBERNATION" "HWPOISON_INJECT" "IA32_EMULATION" "IOMMU_NON_SECURE" "INPUT_EVBUG" "IP_DCCP" "IP_SCTP" "KEXEC" "KEXEC_FILE" "KSM" "LDISC_AUTOLOAD" "LEGACY_PTYS" "LIVEPATCH" "MEM_SOFT_DIRTY" "MMIOTRACE" "MMIOTRACE_TEST" "MODIFY_LDT_SYSCALL" "MSM_BUSPM_DEV" "NEEDS_SYSCALL_FOR_CMPXCHG" "NOTIFIER_ERROR_INJECTION" "OABI_COMPAT" "PAGE_OWNER" "PROC_KCORE" "PROC_PAGE_MONITOR" "PROC_VMCORE" "RDS" "RDS_TCP" "SECURITY_SELINUX_DISABLE" "SECURITY_WRITABLE_HOOKS" "SLAB_MERGE_DEFAULT" "STACKLEAK_METRICS" "STACKLEAK_RUNTIME_DISABLE" "TIMER_STATS" "TSC" "TSPP2" "UKSM" "UPROBES" "USELIB" "USERFAULTFD" "VIDEO_VIVID" "WLAN_FEATURE_MEMDUMP" "X86_IOPL_IOPERM" "X86_PTDUMP" "X86_VSYSCALL_EMULATION" "ZSMALLOC_STAT");
|
||||
#if [[ "$1" != *"kernel/htc/msm8994"* ]] && [[ "$1" != *"kernel/samsung/smdk4412"* ]] && [[ "$1" != *"kernel/htc/flounder"* ]] && [[ "$1" != *"kernel/amazon/hdx-common"* ]] && [[ "$1" != *"msm899"* ]] && [[ "$1" != *"sdm8"* ]] && [[ "$1" != *"sdm6"* ]]; then
|
||||
#optionsNo+=("DIAG_CHAR" "DIAG_OVER_USB" "USB_QCOM_DIAG_BRIDGE" "DIAGFWD_BRIDGE_CODE" "DIAG_SDIO_PIPE" "DIAG_HSIC_PIPE");
|
||||
@ -667,6 +672,10 @@ hardenDefconfig() {
|
||||
sed -i 's/^\treturn VERITY_STATE_DISABLE;//' drivers/md/dm-android-verity.c &>/dev/null || true;
|
||||
#sed -i 's/#if 0/#if 1/' drivers/power/reset/msm-poweroff.c &>/dev/null || true;
|
||||
|
||||
#Workaround broken MSM_DLOAD_MODE=y+PANIC_ON_OOPS=y for devices that oops on shutdown
|
||||
#MSM_DLOAD_MODE can't be disabled as it breaks compile
|
||||
sed -i 's/set_dload_mode(in_panic)/set_dload_mode(0)/' arch/arm/mach-msm/restart.c &>/dev/null || true;
|
||||
|
||||
editKernelLocalversion "-dos";
|
||||
|
||||
echo "Hardened defconfig for $1";
|
||||
|
@ -108,7 +108,6 @@ patchWorkspace() {
|
||||
|
||||
source build/envsetup.sh;
|
||||
repopick -i 288970; #update webview
|
||||
repopick -it O_asb_2020-10;
|
||||
|
||||
export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails
|
||||
|
||||
|
@ -99,7 +99,7 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch";
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #don't grant location permission to system browsers (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL (MSe)
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #enable fingerprint failed lockout after 5 attempts (GrapheneOS)
|
||||
rm -rf packages/CompanionDeviceManager; #Used to support Android Wear (which hard depends on GMS)
|
||||
if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS)
|
||||
rm -rf packages/Osu packages/Osu2; #Automatic Wi-Fi connection non-sense
|
||||
rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
|
||||
|
||||
|
@ -133,7 +133,6 @@ patchWorkspace() {
|
||||
repopick -it hh-p-sepolicy;
|
||||
repopick -i 232948; #wahoo: liblight: close fd
|
||||
repopick -i 288970; #update webview
|
||||
repopick -it P_asb-2020-10;
|
||||
|
||||
source "$DOS_SCRIPTS/Patch.sh";
|
||||
source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh";
|
||||
|
@ -106,7 +106,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frame
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL (MSe)
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #enable fingerprint failed lockout after 5 attempts (GrapheneOS)
|
||||
sed -i '301i\ if(packageList.length() > 0) { packageList += ","; } packageList += "net.sourceforge.opencamera";' core/java/android/hardware/Camera.java; #add Open Camera to aux camera whitelist
|
||||
rm -rf packages/CompanionDeviceManager; #Used to support Android Wear (which hard depends on GMS)
|
||||
if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS)
|
||||
rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
|
||||
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
|
||||
|
@ -73,7 +73,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11090/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/^4.12.2/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12153/^4.13.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12762/^4.12/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080/3.4/0009.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch
|
||||
@ -133,5 +132,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15393/^5.7.6/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25643/^5.9/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/^5.3.11/0001.patch
|
||||
editKernelLocalversion "-dos.p133"
|
||||
editKernelLocalversion "-dos.p132"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
@ -85,6 +85,7 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_fra
|
||||
|
||||
enterAndClear "frameworks/base";
|
||||
hardenLocationFWB "$DOS_BUILD_BASE"; #XXX 17REBASE
|
||||
hardenLocationConf services/core/java/com/android/server/location/gps_debug.conf;
|
||||
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
|
||||
sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
|
||||
sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify user when location is requested via SUPL
|
||||
@ -101,7 +102,7 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Re
|
||||
if [ "$DOS_GRAPHENE_EXEC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning.patch"; fi; #add exec-based spawning support (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL (MSe)
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #enable fingerprint failed lockout after 5 attempts (GrapheneOS)
|
||||
rm -rf packages/CompanionDeviceManager; #Used to support Android Wear (which hard depends on GMS)
|
||||
if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS)
|
||||
rm -rf packages/OsuLogin; #Automatic Wi-Fi connection non-sense
|
||||
rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
|
||||
|
||||
|
@ -37,7 +37,7 @@ export DOS_MALWARE_SCAN_ENABLED=true; #Set true to perform a fast scan on patchW
|
||||
export DOS_MALWARE_SCAN_SETTING="quick"; #buildAll() scan speed. Options: quick, extra, slow, full
|
||||
|
||||
#Deblobber
|
||||
export DOS_DEBLOBBER_REMOVE_ACCESSORIES=true; #Set false to allow use of external accessories
|
||||
export DOS_DEBLOBBER_REMOVE_ACCESSORIES=true; #Set false to allow use of external accessories that depend on blobs
|
||||
export DOS_DEBLOBBER_REMOVE_AUDIOFX=true; #Set true to remove AudioFX
|
||||
export DOS_DEBLOBBER_REMOVE_GRAPHICS=false; #Set true to remove all graphics blobs and use SwiftShader CPU renderer #TODO: Needs work
|
||||
export DOS_DEBLOBBER_REMOVE_RENDERSCRIPT=false; #Set true to remove RenderScript blobs
|
||||
@ -51,16 +51,16 @@ export DOS_DEBLOBBER_REPLACE_TIME=false; #Set true to replace Qualcomm Time Serv
|
||||
export DOS_GPS_GLONASS_FORCED=false; #Enables GLONASS on all devices
|
||||
export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms
|
||||
export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature
|
||||
export DOS_HOSTS_BLOCKING=true; #Switch to false to prevent inclusion of our HOSTS file
|
||||
export DOS_HOSTS_BLOCKING=true; #Set false to prevent inclusion of a HOSTS file
|
||||
export DOS_HOSTS_BLOCKING_APP="DNS66"; #App installed when built-in blocking is disabled. Options: DNS66
|
||||
export DOS_HOSTS_BLOCKING_LIST="https://divestos.org/hosts"; #Must be in the format "127.0.0.1 bad.domain.tld"
|
||||
export DOS_LOWRAM_ENABLED=false; #Switch to true to enable low_ram on all devices
|
||||
export DOS_LOWRAM_ENABLED=false; #Set true to enable low_ram on all devices
|
||||
export DOS_MICROG_INCLUDED="NLP"; #Determines inclusion of microG. Options: NONE, NLP, FULL
|
||||
export DOS_NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches XXX: Unused, see 1dc9247
|
||||
export DOS_NON_COMMERCIAL_USE_PATCHES=false; #Set true to allow inclusion of non-commercial use patches XXX: Unused, see 1dc9247
|
||||
export DOS_OPTIMIZE_IMAGES=false; #Set true to apply lossless optimizations to image resources
|
||||
export DOS_OVERCLOCKS_ENABLED=false; #Switch to true to enable overclocks #XXX: Most devices have their processors directly under their RAM, heatsinking is mostly into the ground plane, potentially inflicting damage to RAM and the processor itself
|
||||
export DOS_STRONG_ENCRYPTION_ENABLED=false; #Switch to true to enable AES-256bit FDE encryption on 14.1+15.1 XXX: THIS WILL **DESTROY** EXISTING INSTALLS!
|
||||
export DOS_WIREGUARD_INCLUDED=false; #Switch to true to enable WireGuard kernel module inclusion
|
||||
export DOS_OVERCLOCKS_ENABLED=false; #Set true to enable overclocks #XXX: Most devices have their processors directly under their RAM, heatsinking is mostly into the ground plane, potentially inflicting damage to RAM and the processor itself
|
||||
export DOS_STRONG_ENCRYPTION_ENABLED=false; #Set true to enable AES 256-bit FDE encryption on 14.1+15.1 XXX: THIS WILL **DESTROY** EXISTING INSTALLS!
|
||||
export DOS_WIREGUARD_INCLUDED=false; #Set true to enable WireGuard kernel module inclusion for devices with kernel 3.10+
|
||||
|
||||
#Servers
|
||||
export DOS_DEFAULT_DNS_PRESET="Cloudflare-BL"; #Sets default DNS. Options: See changeDefaultDNS() in Scripts/Common/Functions.sh
|
||||
|
30
TODO
30
TODO
@ -1,20 +1,8 @@
|
||||
Last updated: 2019-10-07
|
||||
Last updated: 2020-10-12
|
||||
|
||||
High Priority (Release blockers)
|
||||
Project
|
||||
- GPG all the things!
|
||||
- Create cryptocurrency addresses
|
||||
- Setup Stripe
|
||||
Servers
|
||||
- Gitea/GitLab on a Kimsufi dedicated (KS-3C: $14 setup + $22/mo)
|
||||
- Apache on an OVH VPS (SSD1: $4.50/mo)
|
||||
- Mirrorbits on an OVH VPS (SSD1: $4.50/mo)
|
||||
- 2x Mirror slaves on an OVH VPS (SSD2: 2x$7.80 = $15.60/mo)
|
||||
- 1x Mirror slave on a 1/10Gbps server for high-speed incrementals
|
||||
High Priority
|
||||
Website
|
||||
- Switch from Shadow to Piwik and update Privacy Policy
|
||||
- mod_removeip for GDPR and update Privacy Policy
|
||||
- Update cryptocurrency addresses
|
||||
|
||||
Medium Priority
|
||||
Build
|
||||
@ -26,9 +14,13 @@ Medium Priority
|
||||
- Various other branding (logo, snazzy bootanimation, setupwizard, etc.)
|
||||
Project
|
||||
- Create various XMPP conference rooms
|
||||
- Database verification in Hypatia
|
||||
- More cryptocurrency addresses
|
||||
Servers
|
||||
- Dedicated build servers
|
||||
- Ejabberd on an OVH VPS (SSD1: $4.50/mo)
|
||||
- Dedicated build server
|
||||
- ejabberd for a chat room
|
||||
Website
|
||||
- Update cryptocurrency addresses
|
||||
|
||||
Low Priority
|
||||
Build
|
||||
@ -48,13 +40,13 @@ Longterm
|
||||
- Switch to AOSP and create clean trees for all of the major devices
|
||||
Linux Patches
|
||||
- Automate pulling of CVE patches from Android and Qualcomm bulletins
|
||||
- Get more CVE patches, especially for 3.4
|
||||
- Get more CVE patches
|
||||
- Investigate rebasing kernel trees on newer CAF ones
|
||||
- Proper backports of CVE patches
|
||||
- Proper backports of security features
|
||||
Project
|
||||
- Create an Mobile Device Manager solution
|
||||
- Create our own device (free hardware, isolated modem, kernel 5.0+, etc.)
|
||||
- Create our own device (free hardware, isolated modem, kernel 5.4+, etc.)
|
||||
- General auditing of everything
|
||||
- Partner with various projects
|
||||
- Purchase one of each supported device
|
||||
@ -63,7 +55,7 @@ Longterm
|
||||
|
||||
Contributions to other projects (via labor or funding)
|
||||
Add Tor support: Materialistic, microG, Slide, Transistor, Wikipedia
|
||||
Resurrect: Blockinger, microG, Pandoroid
|
||||
Resurrect: Blockinger, Pandoroid
|
||||
Amexia
|
||||
- More icons
|
||||
Conversations
|
||||
|
Loading…
Reference in New Issue
Block a user