Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-09-28 20:26:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

processRelease features

Browse Source 
- support removing device out after complete
- support malware scan before sign
- Update cherry picks
This commit is contained in:
Tad 2019-10-13 20:35:24 -04:00
parent bffcd06644
commit e13c6c7c9c
7 changed files with 43 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Scripts/Common/Functions.sh
View File

@ -174,6 +174,12 @@ processRelease() {
echo -e "\e[0;32m\t+ Verified Boot 2.0\e[0m";
fi;
#Malware Scan
if [ "$DOS_MALWARE_SCAN_BEFORE_SIGN" = true ]; then
echo -e "\e[0;32mScanning files for malware before signing\e[0m";
scanForMalware false "$OUT_DIR/system";
fi;
#Target Files
echo -e "\e[0;32mSigning target files\e[0m";
build/tools/releasetools/sign_target_files_apks -o -d "$KEY_DIR" \
@ -228,7 +234,16 @@ processRelease() {
cp -v $OUT_DIR/$PREFIX-fastboot.zip* $ARCHIVE/fastboot/ || true;
cp -v $OUT_DIR/$PREFIX-ota.zip* $ARCHIVE/;
cp -v $OUT_DIR/$PREFIX-incremental_*.zip* $ARCHIVE/incrementals/ || true;
#Remove to make space for next build
if [ "$DOS_REMOVE_AFTER" = true ]; then
echo -e "\e[0;32mRemoving to reclaim space\e[0m";
#TODO: add a sanity check
rm -rf "$OUT_DIR";
fi;
fi;
sync;
echo -e "\e[0;32mRelease processing complete\e[0m";
}
export -f processRelease;

4
Scripts/LineageOS-11.0/Functions.sh
View File

@ -59,12 +59,14 @@ patchWorkspace() {
source build/envsetup.sh;
repopick -it asb-2018.09-cm11-qcom;
repopick -i 230054 230392; #asb disclaimer
repopick -it asb-2019.03-cm11;
#repopick -it asb-2019.03-cm11;
#repopick -it asb-2019.04-cm11 -e 246293;
repopick -it asb-2019.05-cm11;
repopick -it asb-2019.06-cm11;
repopick -it asb-2019.07-cm11;
repopick -it asb-2019.08-cm11;
repopick -it asb-2019.09-cm11;
repopick -it asb-2019.10-cm11;
source "$DOS_SCRIPTS/Patch.sh";
source "$DOS_SCRIPTS/Defaults.sh";

4
Scripts/LineageOS-15.1/Functions.sh
View File

@ -100,9 +100,7 @@ export -f buildAll;
patchWorkspace() {
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
source build/envsetup.sh;
repopick -it tzdata-2019c-o;
repopick -it O_asb_2019-10;
#source build/envsetup.sh;
export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails

15
Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_essential_msm8998.sh
View File

@ -1,8 +1,5 @@
#!/bin/bash
cd "$DOS_BUILD_BASE""kernel/essential/msm8998"
git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0187-0188.patch --exclude=Makefile
git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0188-0189.patch --exclude=Makefile
git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0192-0193.patch --exclude=Makefile
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0016.patch
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
@ -60,13 +57,10 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13914/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13917/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13920/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3597/ANY/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5831/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5857/4.4/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5858/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5896/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5898/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5905/ANY/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5906/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5908/4.4/0003.patch
@ -75,7 +69,8 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5910/4.4/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7273/^4.15.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8043/^4.15.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10491/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10503/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10503/ANY/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10515/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10524/ANY/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch
@ -89,10 +84,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17055/^5.3.2/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17056/^5.3.2/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0011.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0012.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2181/4.4/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2264/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2323/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2331/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2333/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2341/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
@ -100,6 +92,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14875/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11274/ANY/0001.patch
editKernelLocalversion "-dos.p101"
editKernelLocalversion "-dos.p92"
cd "$DOS_BUILD_BASE"

13
Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_google_marlin.sh
View File

@ -113,9 +113,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11818/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11939/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11984/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11988/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11988/ANY/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-12011/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13094/^4.17.3/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18690/^4.17/0001.patch
@ -125,9 +122,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7273/^4.15.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8043/^4.15.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10491/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10512/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10529/ANY/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10638/^4.1/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11486/^5.0.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11833/^5.1.2/0001.patch
@ -148,13 +142,8 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15916/^5.0.1/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17052/^5.3.2/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2181/3.18/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2215/^3.18/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2263/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2290/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2331/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2341/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2345/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3460/^5.1/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
@ -166,5 +155,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
editKernelLocalversion "-dos.p166"
editKernelLocalversion "-dos.p155"
cd "$DOS_BUILD_BASE"

2
Scripts/LineageOS-16.0/Functions.sh
View File

@ -112,8 +112,6 @@ patchWorkspace() {
source build/envsetup.sh;
repopick -f 254249; #g3 nfc
repopick -it tzdata-2019c-p;
repopick -it P_asb_2019-10;
source "$DOS_SCRIPTS/Patch.sh";
source "$DOS_SCRIPTS/Defaults.sh";

28
Scripts/init.sh
View File

@ -17,12 +17,21 @@
#Sets settings used by all other scripts
#
#START OF USER CONFIGURABLE OPTIONS
#
#General
export ANDROID_HOME="/home/$USER/Android/Sdk";
export DOS_WORKSPACE_ROOT="/mnt/Drive-3/"; #XXX: THIS MUST BE CORRECT TO BUILD!
export DOS_SIGNING_KEYS=$DOS_WORKSPACE_ROOT"Signing_Keys/4096";
#export USE_CCACHE=1;
#export CCACHE_DIR="";
#export DOS_BINARY_PATCHER="";
#export DOS_TOR_WRAPPER="torsocks"; #Uncomment to perform select build operations over Tor
export DOS_MALWARE_SCAN_ENABLED=true; #Set true to perform a fast scan on patchWorkspace() and a through scan on buildAll()
export DOS_MALWARE_SCAN_SETTING="quick"; #buildAll() scan speed. Options: quick, extra, slow, full
#Deblobber
export DOS_DEBLOBBER_REMOVE_ACCESSORIES=true; #Set false to allow use of external accessories
export DOS_DEBLOBBER_REMOVE_AUDIOFX=true; #Set true to remove AudioFX
export DOS_DEBLOBBER_REMOVE_GRAPHICS=false; #Set true to remove all graphics blobs and use SwiftShader CPU renderer #TODO: Needs work
@ -33,7 +42,7 @@ export DOS_DEBLOBBER_REMOVE_IPA=false; #Set true to remove all IPA blobs
export DOS_DEBLOBBER_REMOVE_IR=false; #Set true to remove all IR blobs
export DOS_DEBLOBBER_REPLACE_TIME=false; #Set true to replace Qualcomm Time Services with the open source Sony TimeKeep reimplementation #TODO: Needs work
export DOS_BUILDALL_SUPERSEDED=false; #Set true to build superseded devices when running buildAll()
#Features
export DOS_GPS_GLONASS_FORCED=true; #Enables GLONASS on all devices
export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms
export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature
@ -41,8 +50,6 @@ export DOS_HOSTS_BLOCKING=true; #Switch to false to prevent inclusion of our HOS
export DOS_HOSTS_BLOCKING_APP="DNS66"; #App installed when built-in blocking is disabled. Options: Blokada, DNS66
export DOS_HOSTS_BLOCKING_LIST="https://divestos.org/hosts"; #Must be in the format "127.0.0.1 bad.domain.tld"
export DOS_LOWRAM_ENABLED=false; #Switch to true to enable low_ram on all devices
export DOS_MALWARE_SCAN_ENABLED=true; #Set true to perform a fast scan on patchWorkspace() and a through scan on buildAll()
export DOS_MALWARE_SCAN_SETTING="quick"; #buildAll() scan speed. Options: quick, extra, slow, full
export DOS_MICROG_INCLUDED="NLP"; #Determines inclusion of microG. Options: NONE, NLP, FULL
export DOS_NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches XXX: Unused, see 1dc9247
export DOS_OPTIMIZE_IMAGES=false; #Set true to apply lossless optimizations to image resources
@ -50,13 +57,19 @@ export DOS_OVERCLOCKS_ENABLED=false; #Switch to false to disable overclocks #XXX
export DOS_STRONG_ENCRYPTION_ENABLED=false; #Switch to true to enable AES-256bit encryption on 14.1+15.1 XXX: THIS WILL **DESTROY** EXISTING INSTALLS!
export DOS_WIREGUARD_INCLUDED=false; #Switch to true to enable WireGuard kernel module inclusion
#Servers
export DOS_DEFAULT_DNS_PRESET="OpenNIC"; #Sets default DNS. Options: CensurfriDNS, Cloudflare, OpenNIC, DNSWATCH, Google, Neustar(-NOBL), OpenDNS, Quad9(-NOBL), Verisign, Yandex(-NOBL)
export DOS_GPS_NTP_SERVER="1.android.pool.ntp.org"; #Options: Any NTP pool
export DOS_GPS_SUPL_HOST="supl.google.com"; #Options: supl.{google,vodafone,sonyericsson}.com
export DOS_AUTO_ARCHIVE_BUILDS=true; #Copies files to $DOS_BUILDS after signing
#Release Processing
export DOS_BUILDALL_SUPERSEDED=false; #Set true to build superseded devices when running buildAll()
export DOS_MALWARE_SCAN_BEFORE_SIGN=false; #Scan device files for malware before signing
export DOS_GENERATE_DELTAS=true; #Creates deltas from existing target_files in $DOS_BUILDS
export DOS_AUTO_ARCHIVE_BUILDS=true; #Copies files to $DOS_BUILDS after signing
export DOS_REMOVE_AFTER=true; #Removes device OUT directory after complete to reclaim space. Requires AUTO_ARCHIVE_BUILDS=true
#Branding
export DOS_BRANDING_NAME="DivestOS";
export DOS_BRANDING_ZIP_PREFIX="divested";
export DOS_BRANDING_BOOTANIMATION_FONT="Fira-Sans-Bold"; #Options: $ convert -list font
@ -68,17 +81,16 @@ export DOS_BRANDING_LINK_PRIVACY="https://divestos.org/index.php?page=privacy_po
export DOS_BRANDING_SERVER_OTA="https://divestos.org/updater.php";
export DOS_BRANDING_SERVER_OTA_ONION=$DOS_BRANDING_SERVER_OTA;
#Theme
export DOS_THEME_50="FFCA28"; #Amber 400
export DOS_THEME_100="FFC107"; #Amber 500
export DOS_THEME_200="FFA726"; #Orange 400
export DOS_THEME_300="FF9800"; #Orange 500
export DOS_THEME_500="FF5722"; #Deep Orange 500
export DOS_THEME_700="E64A19"; #Deep Orange 700
#export USE_CCACHE=1;
#export CCACHE_DIR="";
export ANDROID_HOME="/home/$USER/Android/Sdk";
#
#END OF USER CONFIGURABLE OPTIONS
#
gpgVerifyGitHead() {
if [ -r "$HOME/.gnupg" ]; then