From b56929d3d9ade1fd5484ba3b4c2b391a41056f12 Mon Sep 17 00:00:00 2001 From: Tad Date: Sun, 11 Oct 2020 19:22:14 -0400 Subject: [PATCH] Many changes - Missing credit in LICENSE - Update TODO - hardenLocationConf: don't change version - hardenDefconfig: Fix reboot on shutdown - changeDefaultDNS: replace a level3 dns straggler for tethering config - Don't remove CompanionDeviceManager if microG is included - Update cherry picks - init.sh: update comment wording --- LICENSE | 2 +- Scripts/Common/Deblob.sh | 4 +- Scripts/Common/Functions.sh | 39 ++++++++++++------- Scripts/LineageOS-15.1/Functions.sh | 1 - Scripts/LineageOS-15.1/Patch.sh | 2 +- Scripts/LineageOS-16.0/Functions.sh | 1 - Scripts/LineageOS-16.0/Patch.sh | 2 +- .../android_kernel_oppo_msm8974.sh | 3 +- Scripts/LineageOS-17.1/Patch.sh | 3 +- Scripts/init.sh | 14 +++---- TODO | 30 ++++++-------- 11 files changed, 50 insertions(+), 51 deletions(-) diff --git a/LICENSE b/LICENSE index c382a76a..fcd6f1ff 100644 --- a/LICENSE +++ b/LICENSE @@ -7,7 +7,7 @@ Misc - GPLv3 Patches/ Common/ android_vendor_divested - GPLv3 - default_wallpaper.png - Unsplash + default_wallpaper.png - Unsplash, Pawel Czerwinski [Everything Else] - Apache-2.0 LineageOS-*/ android_kernel_* - GPLv2 diff --git a/Scripts/Common/Deblob.sh b/Scripts/Common/Deblob.sh index 8dfb8d4c..8461301f 100644 --- a/Scripts/Common/Deblob.sh +++ b/Scripts/Common/Deblob.sh @@ -69,7 +69,8 @@ echo "Deblobbing..."; #AudioFX (Audio Effects) if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then blobs=$blobs"|fmas_eq.dat"; - blobs=$blobs"|libasphere.so|libdownmix.so|libeffectproxy.so|libfmas.so|libldnhncr.so|libmmieffectswrapper.so|libreverbwrapper.so|libshoebox.so|libspeakerbundle.so|libvisualizer.so|libvolumelistener.so|libLifevibes_lvverx.so|libhwdap.so"; + blobs=$blobs"|libasphere.so|libdownmix.so|libeffectproxy.so|libfmas.so|libldnhncr.so|libmmieffectswrapper.so|libreverbwrapper.so|libshoebox.so|libvisualizer.so|libvolumelistener.so|libLifevibes_lvverx.so|libhwdap.so"; + #blobs=$blobs"|libspeakerbundle.so|libmotaudioutils.so"; #XXX: Breaks audio on Motorola devices (?) blobs=$blobs"|libqcbassboost.so|libqcreverb.so|libqcvirt.so"; #Qualcomm #blobs=$blobs"|libbundlewrapper.so|libqcompostprocbundle.so|libqcomvoiceprocessing.so|libqcomvisualizer.so"; blobs=$blobs"|libhwdap.*.so|libswdap.*.so|lib_dlb_msd.so"; #Dolby @@ -328,7 +329,6 @@ echo "Deblobbing..."; blobs=$blobs"|com.motorola.motosignature.jar|com.motorola.motosignature.xml|MotoSignatureApp.apk"; blobs=$blobs"|TriggerEnroll.apk|TriggerTrainingService.apk|com.motorola.triggerenroll.xml"; blobs=$blobs"|audio.motvr.default.so"; - #blobs=$blobs"|libmotaudioutils.so"; #breaks phone call audio (?) blobs=$blobs"|libcce-socketjni.so|libmotocare.so"; #blobs=$blobs"|qmi_motext_hook|libmdmcutback.so|libqmimotext.so|libmotext_inf.so"; #necessary for radio makes=$makes"|com.motorola.cameraone.xml"; diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh index 9a620c45..48fcd55b 100644 --- a/Scripts/Common/Functions.sh +++ b/Scripts/Common/Functions.sh @@ -296,6 +296,7 @@ pushToServer() { export -f pushToServer; removeBuildFingerprint() { + #Removes the vendor fingerprint, allowing one to be generated instead awk -i inplace '!/BUILD_FINGERPRINT/' lineage*.mk; } export -f removeBuildFingerprint; @@ -371,7 +372,7 @@ hardenLocationConf() { else local deviceDir=$(dirname "$gpsConfig"); fi; - #Debugging (adb logcat | grep -i -e locsvc -e izat -e gps -e gnss -e location) + #Debugging: adb logcat | grep -i -e locsvc -e izat -e gps -e gnss -e location -e xtra #sed -i 's|DEBUG_LEVEL = .|DEBUG_LEVEL = 4|' "$gpsConfig" &> /dev/null || true; #Enable GLONASS if [ "$DOS_GPS_GLONASS_FORCED" = true ]; then @@ -403,24 +404,27 @@ hardenLocationConf() { sed -i 's|http://xtrapath|https://xtrapath|' "$gpsConfig" &>/dev/null || true; #sed -i 's|http://gllto|https://gllto|' "$gpsConfig" &>/dev/null || true; XXX: GLPals has an invaid certificate #XTRA: Use format version 3 if possible - if grep -sq "XTRA_VERSION_CHECK" "$gpsConfig"; then #Using hardware/qcom/gps OR precompiled blob OR device specific implementation - sed -i 's|XTRA_VERSION_CHECK=0|XTRA_VERSION_CHECK=1|' "$gpsConfig" &>/dev/null || true; - sed -i 's|xtra2.bin|xtra3grc.bin|' "$gpsConfig" &>/dev/null || true; - elif grep -sq "BOARD_VENDOR_QCOM_LOC_PDK_FEATURE_SET := true" "$deviceDir"BoardConfig.mk "$deviceDir"boards/*gps.mk; then - if ! grep -sq "USE_DEVICE_SPECIFIC_LOC_API := true" "$deviceDir"BoardConfig.mk "$deviceDir"boards/*gps.mk; then - if ! grep -sq "libloc" ./"$deviceDir"/*proprietary*.txt; then #Using hardware/qcom/gps - sed -i 's|xtra2.bin|xtra3grc.bin|' "$gpsConfig" &>/dev/null || true; - fi; - fi; - fi; + #if grep -sq "XTRA_VERSION_CHECK" "$gpsConfig"; then #Using hardware/qcom/gps OR precompiled blob OR device specific implementation + # sed -i 's|XTRA_VERSION_CHECK=0|XTRA_VERSION_CHECK=1|' "$gpsConfig" &>/dev/null || true; + # sed -i 's|xtra2.bin|xtra3grc.bin|' "$gpsConfig" &>/dev/null || true; + #elif grep -sq "BOARD_VENDOR_QCOM_LOC_PDK_FEATURE_SET := true" "$deviceDir"BoardConfig.mk "$deviceDir"boards/*gps.mk; then + # if ! grep -sq "USE_DEVICE_SPECIFIC_LOC_API := true" "$deviceDir"BoardConfig.mk "$deviceDir"boards/*gps.mk; then + # if ! grep -sq "libloc" ./"$deviceDir"/*proprietary*.txt; then #Using hardware/qcom/gps + # sed -i 's|xtra2.bin|xtra3grc.bin|' "$gpsConfig" &>/dev/null || true; + # fi; + # fi; + #fi; + #if [[ "$gpsConfig" = *"gps_debug.conf" ]]; then + # echo "XTRA_SERVER_1=https://xtrapath4.izatcloud.net/xtra2.bin" >> "$gpsConfig"; + # echo "XTRA_SERVER_2=https://xtrapath5.izatcloud.net/xtra2.bin" >> "$gpsConfig"; + # echo "XTRA_SERVER_3=https://xtrapath6.izatcloud.net/xtra2.bin" >> "$gpsConfig"; + #fi; echo "Enhanced location services for $gpsConfig"; } export -f hardenLocationConf; hardenLocationFWB() { local dir=$1; - #Debugging (adb logcat | grep -i -e locsvc -e izat -e gps -e gnss -e location) - #sed -i 's|DEBUG_LEVEL = .|DEBUG_LEVEL = 4|' "$gpsConfig" &> /dev/null || true; #Enable GLONASS if [ "$DOS_GPS_GLONASS_FORCED" = true ]; then sed -i 's|A_GLONASS_POS_PROTOCOL_SELECT=0.*|A_GLONASS_POS_PROTOCOL_SELECT=15|' "$dir"/frameworks/base/core/res/res/values*/*.xml &>/dev/null || true; @@ -475,7 +479,7 @@ export -f hardenUserdata; hardenBootArgs() { cd "$DOS_BUILD_BASE$1"; if [[ "$1" != *"device/samsung/klte"* ]] && [[ "$1" != *"device/samsung/msm8974-common"* ]]; then - sed -i 's/BOARD_KERNEL_CMDLINE := /BOARD_KERNEL_CMDLINE := page_poison=1 slab_nomerge slub_debug=FZP kpti=on pti=on page_alloc.shuffle=1 init_on_alloc=1 init_on_free=1 lockdown=confidentiality /' BoardConfig*.mk */BoardConfig*.mk &>/dev/null || true; + sed -i 's/BOARD_KERNEL_CMDLINE := /BOARD_KERNEL_CMDLINE := slab_nomerge slub_debug=FZP page_poison=1 kpti=on pti=on page_alloc.shuffle=1 init_on_alloc=1 init_on_free=1 lockdown=confidentiality /' BoardConfig*.mk */BoardConfig*.mk &>/dev/null || true; fi; echo "Hardened kernel command line arguments for $1"; cd "$DOS_BUILD_BASE"; @@ -592,6 +596,7 @@ changeDefaultDNS() { sed -i "s/8\.8\.8\.8/$dnsPrimary/" $files &>/dev/null || true; sed -i "s/2001:4860:4860::8888/$dnsPrimaryV6/" $files &>/dev/null || true; sed -i "s/8\.8\.4\.4/$dnsSecondary/" $files &>/dev/null || true; + sed -i "s/4\.4\.4\.4/$dnsSecondary/" $files &>/dev/null || true; sed -i "s/2001:4860:4860::8844/$dnsSecondaryV6/" $files &>/dev/null || true; } export -f changeDefaultDNS; @@ -640,7 +645,7 @@ hardenDefconfig() { fi; done #Disable supported options - #Disabled: MSM_SMP2P_TEST, MAGIC_SYSRQ (breaks compile on many kernels), KALLSYMS (breaks boot on select devices), IKCONFIG (breaks recovery) + #Disabled: MSM_SMP2P_TEST, MAGIC_SYSRQ (breaks compile), KALLSYMS (breaks boot on select devices), IKCONFIG (breaks recovery), MSM_DLOAD_MODE (breaks compile) declare -a optionsNo=("ACPI_APEI_EINJ" "ACPI_CUSTOM_METHOD" "ACPI_TABLE_UPGRADE" "BINFMT_AOUT" "BINFMT_MISC" "CHECKPOINT_RESTORE" "COMPAT_BRK" "COMPAT_VDSO" "CP_ACCESS64" "DEBUG_KMEMLEAK" "DEVKMEM" "DEVMEM" "DEVPORT" "EARJACK_DEBUGGER" "GCC_PLUGIN_RANDSTRUCT_PERFORMANCE" "HARDENED_USERCOPY_FALLBACK" "HIBERNATION" "HWPOISON_INJECT" "IA32_EMULATION" "IOMMU_NON_SECURE" "INPUT_EVBUG" "IP_DCCP" "IP_SCTP" "KEXEC" "KEXEC_FILE" "KSM" "LDISC_AUTOLOAD" "LEGACY_PTYS" "LIVEPATCH" "MEM_SOFT_DIRTY" "MMIOTRACE" "MMIOTRACE_TEST" "MODIFY_LDT_SYSCALL" "MSM_BUSPM_DEV" "NEEDS_SYSCALL_FOR_CMPXCHG" "NOTIFIER_ERROR_INJECTION" "OABI_COMPAT" "PAGE_OWNER" "PROC_KCORE" "PROC_PAGE_MONITOR" "PROC_VMCORE" "RDS" "RDS_TCP" "SECURITY_SELINUX_DISABLE" "SECURITY_WRITABLE_HOOKS" "SLAB_MERGE_DEFAULT" "STACKLEAK_METRICS" "STACKLEAK_RUNTIME_DISABLE" "TIMER_STATS" "TSC" "TSPP2" "UKSM" "UPROBES" "USELIB" "USERFAULTFD" "VIDEO_VIVID" "WLAN_FEATURE_MEMDUMP" "X86_IOPL_IOPERM" "X86_PTDUMP" "X86_VSYSCALL_EMULATION" "ZSMALLOC_STAT"); #if [[ "$1" != *"kernel/htc/msm8994"* ]] && [[ "$1" != *"kernel/samsung/smdk4412"* ]] && [[ "$1" != *"kernel/htc/flounder"* ]] && [[ "$1" != *"kernel/amazon/hdx-common"* ]] && [[ "$1" != *"msm899"* ]] && [[ "$1" != *"sdm8"* ]] && [[ "$1" != *"sdm6"* ]]; then #optionsNo+=("DIAG_CHAR" "DIAG_OVER_USB" "USB_QCOM_DIAG_BRIDGE" "DIAGFWD_BRIDGE_CODE" "DIAG_SDIO_PIPE" "DIAG_HSIC_PIPE"); @@ -667,6 +672,10 @@ hardenDefconfig() { sed -i 's/^\treturn VERITY_STATE_DISABLE;//' drivers/md/dm-android-verity.c &>/dev/null || true; #sed -i 's/#if 0/#if 1/' drivers/power/reset/msm-poweroff.c &>/dev/null || true; + #Workaround broken MSM_DLOAD_MODE=y+PANIC_ON_OOPS=y for devices that oops on shutdown + #MSM_DLOAD_MODE can't be disabled as it breaks compile + sed -i 's/set_dload_mode(in_panic)/set_dload_mode(0)/' arch/arm/mach-msm/restart.c &>/dev/null || true; + editKernelLocalversion "-dos"; echo "Hardened defconfig for $1"; diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh index 3aacbf56..937096f7 100644 --- a/Scripts/LineageOS-15.1/Functions.sh +++ b/Scripts/LineageOS-15.1/Functions.sh @@ -108,7 +108,6 @@ patchWorkspace() { source build/envsetup.sh; repopick -i 288970; #update webview - repopick -it O_asb_2020-10; export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index e5031e47..aa81a70a 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -99,7 +99,7 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #don't grant location permission to system browsers (GrapheneOS) patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL (MSe) patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #enable fingerprint failed lockout after 5 attempts (GrapheneOS) -rm -rf packages/CompanionDeviceManager; #Used to support Android Wear (which hard depends on GMS) +if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS) rm -rf packages/Osu packages/Osu2; #Automatic Wi-Fi connection non-sense rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh index 6f7fee7f..81e59055 100644 --- a/Scripts/LineageOS-16.0/Functions.sh +++ b/Scripts/LineageOS-16.0/Functions.sh @@ -133,7 +133,6 @@ patchWorkspace() { repopick -it hh-p-sepolicy; repopick -i 232948; #wahoo: liblight: close fd repopick -i 288970; #update webview - repopick -it P_asb-2020-10; source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh"; diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index be61c6e6..fb9adedc 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -106,7 +106,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frame patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL (MSe) patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #enable fingerprint failed lockout after 5 attempts (GrapheneOS) sed -i '301i\ if(packageList.length() > 0) { packageList += ","; } packageList += "net.sourceforge.opencamera";' core/java/android/hardware/Camera.java; #add Open Camera to aux camera whitelist -rm -rf packages/CompanionDeviceManager; #Used to support Android Wear (which hard depends on GMS) +if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS) rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_oppo_msm8974.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_oppo_msm8974.sh index 7ad46e14..e2cd92d9 100644 --- a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_oppo_msm8974.sh +++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_oppo_msm8974.sh @@ -73,7 +73,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11090/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/^4.12.2/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12153/^4.13.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12762/^4.12/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080/3.4/0009.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch @@ -133,5 +132,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15393/^5.7.6/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25643/^5.9/0001.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/^5.3.11/0001.patch -editKernelLocalversion "-dos.p133" +editKernelLocalversion "-dos.p132" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh index a3a5d731..dfe1a3e0 100644 --- a/Scripts/LineageOS-17.1/Patch.sh +++ b/Scripts/LineageOS-17.1/Patch.sh @@ -85,6 +85,7 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_fra enterAndClear "frameworks/base"; hardenLocationFWB "$DOS_BUILD_BASE"; #XXX 17REBASE +hardenLocationConf services/core/java/com/android/server/location/gps_debug.conf; sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify user when location is requested via SUPL @@ -101,7 +102,7 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Re if [ "$DOS_GRAPHENE_EXEC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning.patch"; fi; #add exec-based spawning support (GrapheneOS) patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL (MSe) patch -p1 < "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #enable fingerprint failed lockout after 5 attempts (GrapheneOS) -rm -rf packages/CompanionDeviceManager; #Used to support Android Wear (which hard depends on GMS) +if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS) rm -rf packages/OsuLogin; #Automatic Wi-Fi connection non-sense rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps diff --git a/Scripts/init.sh b/Scripts/init.sh index 6f804253..5298dd91 100644 --- a/Scripts/init.sh +++ b/Scripts/init.sh @@ -37,7 +37,7 @@ export DOS_MALWARE_SCAN_ENABLED=true; #Set true to perform a fast scan on patchW export DOS_MALWARE_SCAN_SETTING="quick"; #buildAll() scan speed. Options: quick, extra, slow, full #Deblobber -export DOS_DEBLOBBER_REMOVE_ACCESSORIES=true; #Set false to allow use of external accessories +export DOS_DEBLOBBER_REMOVE_ACCESSORIES=true; #Set false to allow use of external accessories that depend on blobs export DOS_DEBLOBBER_REMOVE_AUDIOFX=true; #Set true to remove AudioFX export DOS_DEBLOBBER_REMOVE_GRAPHICS=false; #Set true to remove all graphics blobs and use SwiftShader CPU renderer #TODO: Needs work export DOS_DEBLOBBER_REMOVE_RENDERSCRIPT=false; #Set true to remove RenderScript blobs @@ -51,16 +51,16 @@ export DOS_DEBLOBBER_REPLACE_TIME=false; #Set true to replace Qualcomm Time Serv export DOS_GPS_GLONASS_FORCED=false; #Enables GLONASS on all devices export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature -export DOS_HOSTS_BLOCKING=true; #Switch to false to prevent inclusion of our HOSTS file +export DOS_HOSTS_BLOCKING=true; #Set false to prevent inclusion of a HOSTS file export DOS_HOSTS_BLOCKING_APP="DNS66"; #App installed when built-in blocking is disabled. Options: DNS66 export DOS_HOSTS_BLOCKING_LIST="https://divestos.org/hosts"; #Must be in the format "127.0.0.1 bad.domain.tld" -export DOS_LOWRAM_ENABLED=false; #Switch to true to enable low_ram on all devices +export DOS_LOWRAM_ENABLED=false; #Set true to enable low_ram on all devices export DOS_MICROG_INCLUDED="NLP"; #Determines inclusion of microG. Options: NONE, NLP, FULL -export DOS_NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches XXX: Unused, see 1dc9247 +export DOS_NON_COMMERCIAL_USE_PATCHES=false; #Set true to allow inclusion of non-commercial use patches XXX: Unused, see 1dc9247 export DOS_OPTIMIZE_IMAGES=false; #Set true to apply lossless optimizations to image resources -export DOS_OVERCLOCKS_ENABLED=false; #Switch to true to enable overclocks #XXX: Most devices have their processors directly under their RAM, heatsinking is mostly into the ground plane, potentially inflicting damage to RAM and the processor itself -export DOS_STRONG_ENCRYPTION_ENABLED=false; #Switch to true to enable AES-256bit FDE encryption on 14.1+15.1 XXX: THIS WILL **DESTROY** EXISTING INSTALLS! -export DOS_WIREGUARD_INCLUDED=false; #Switch to true to enable WireGuard kernel module inclusion +export DOS_OVERCLOCKS_ENABLED=false; #Set true to enable overclocks #XXX: Most devices have their processors directly under their RAM, heatsinking is mostly into the ground plane, potentially inflicting damage to RAM and the processor itself +export DOS_STRONG_ENCRYPTION_ENABLED=false; #Set true to enable AES 256-bit FDE encryption on 14.1+15.1 XXX: THIS WILL **DESTROY** EXISTING INSTALLS! +export DOS_WIREGUARD_INCLUDED=false; #Set true to enable WireGuard kernel module inclusion for devices with kernel 3.10+ #Servers export DOS_DEFAULT_DNS_PRESET="Cloudflare-BL"; #Sets default DNS. Options: See changeDefaultDNS() in Scripts/Common/Functions.sh diff --git a/TODO b/TODO index 9b3a4457..cdd6db86 100644 --- a/TODO +++ b/TODO @@ -1,20 +1,8 @@ -Last updated: 2019-10-07 +Last updated: 2020-10-12 -High Priority (Release blockers) - Project - - GPG all the things! - - Create cryptocurrency addresses - - Setup Stripe - Servers - - Gitea/GitLab on a Kimsufi dedicated (KS-3C: $14 setup + $22/mo) - - Apache on an OVH VPS (SSD1: $4.50/mo) - - Mirrorbits on an OVH VPS (SSD1: $4.50/mo) - - 2x Mirror slaves on an OVH VPS (SSD2: 2x$7.80 = $15.60/mo) - - 1x Mirror slave on a 1/10Gbps server for high-speed incrementals +High Priority Website - - Switch from Shadow to Piwik and update Privacy Policy - mod_removeip for GDPR and update Privacy Policy - - Update cryptocurrency addresses Medium Priority Build @@ -26,9 +14,13 @@ Medium Priority - Various other branding (logo, snazzy bootanimation, setupwizard, etc.) Project - Create various XMPP conference rooms + - Database verification in Hypatia + - More cryptocurrency addresses Servers - - Dedicated build servers - - Ejabberd on an OVH VPS (SSD1: $4.50/mo) + - Dedicated build server + - ejabberd for a chat room + Website + - Update cryptocurrency addresses Low Priority Build @@ -48,13 +40,13 @@ Longterm - Switch to AOSP and create clean trees for all of the major devices Linux Patches - Automate pulling of CVE patches from Android and Qualcomm bulletins - - Get more CVE patches, especially for 3.4 + - Get more CVE patches - Investigate rebasing kernel trees on newer CAF ones - Proper backports of CVE patches - Proper backports of security features Project - Create an Mobile Device Manager solution - - Create our own device (free hardware, isolated modem, kernel 5.0+, etc.) + - Create our own device (free hardware, isolated modem, kernel 5.4+, etc.) - General auditing of everything - Partner with various projects - Purchase one of each supported device @@ -63,7 +55,7 @@ Longterm Contributions to other projects (via labor or funding) Add Tor support: Materialistic, microG, Slide, Transistor, Wikipedia - Resurrect: Blockinger, microG, Pandoroid + Resurrect: Blockinger, Pandoroid Amexia - More icons Conversations