From f3e672fb183c91bbbc376e1c449e3e787f8932f7 Mon Sep 17 00:00:00 2001 From: Tad Date: Mon, 5 Apr 2021 22:57:59 -0400 Subject: [PATCH] Failed attempt at fixing signing PRODUCT_OTA_PUBLIC_KEYS is meant to be set by a vendor tree, something we don't use. Override it at the source and set it explicitely as well. This ensures that the compiled recovery.img and the one generated by sign_target_files_apks.py includes the real public keys for verification. 11.0 signing is ignored. This will need to be extensively tested as breakage can mean brick on locked devices. Although in failure cases it seems test-keys are accepted. -- After much testing there appears to be a deeper issue with how keys are inserted into the recovery and handled --- .../Common/android_build/0001-OTA_Keys.patch | 29 ----------- .../android_build/0001-OTA_Keys.patch | 45 +++++++++++----- .../android_build/0001-OTA_Keys.patch | 45 ++++++++++++++++ .../android_build/0001-OTA_Keys.patch | 45 ++++++++++++++++ .../android_build/0002-OTA_Keys.patch | 45 ++++++++++++++++ .../android_build/0002-OTA_Keys.patch | 28 +++++----- Scripts/Common/Functions.sh | 52 ++++++++----------- Scripts/LineageOS-14.1/Functions.sh | 4 +- Scripts/LineageOS-15.1/Functions.sh | 7 --- Scripts/LineageOS-15.1/Patch.sh | 3 +- Scripts/LineageOS-16.0/Functions.sh | 7 --- Scripts/LineageOS-16.0/Patch.sh | 3 +- Scripts/LineageOS-17.1/Functions.sh | 7 --- Scripts/LineageOS-17.1/Patch.sh | 3 +- Scripts/LineageOS-18.1/Functions.sh | 7 --- Scripts/LineageOS-18.1/Patch.sh | 1 - Scripts/init.sh | 3 ++ 17 files changed, 211 insertions(+), 123 deletions(-) delete mode 100644 Patches/Common/android_build/0001-OTA_Keys.patch create mode 100644 Patches/LineageOS-15.1/android_build/0001-OTA_Keys.patch create mode 100644 Patches/LineageOS-16.0/android_build/0001-OTA_Keys.patch create mode 100644 Patches/LineageOS-17.1/android_build/0002-OTA_Keys.patch diff --git a/Patches/Common/android_build/0001-OTA_Keys.patch b/Patches/Common/android_build/0001-OTA_Keys.patch deleted file mode 100644 index 1d7b3597..00000000 --- a/Patches/Common/android_build/0001-OTA_Keys.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 2dc326c8e10dcee50439b49d329142c3c92273c4 Mon Sep 17 00:00:00 2001 -From: Tad -Date: Sat, 14 Sep 2019 20:14:42 -0400 -Subject: [PATCH] Support OTA recovery key override - -Change-Id: I454674073684325a4bc484ef783665fb58b5a503 ---- - core/Makefile | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/core/Makefile b/core/Makefile -index f2a524d58..7c9735cf9 100644 ---- a/core/Makefile -+++ b/core/Makefile -@@ -1217,6 +1217,11 @@ endif - # substitute other keys for this one. - OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem - -+ifneq ($(OTA_KEY_OVERRIDE_DIR),) -+ OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem -+ PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra -+endif -+ - # Generate a file containing the keys that will be read by the - # recovery binary. - RECOVERY_INSTALL_OTA_KEYS := \ --- -2.21.0 - diff --git a/Patches/LineageOS-14.1/android_build/0001-OTA_Keys.patch b/Patches/LineageOS-14.1/android_build/0001-OTA_Keys.patch index 3cf1cc15..08ae9683 100644 --- a/Patches/LineageOS-14.1/android_build/0001-OTA_Keys.patch +++ b/Patches/LineageOS-14.1/android_build/0001-OTA_Keys.patch @@ -1,29 +1,46 @@ -From 3d9a2560ff4ce717b91724d941c3607abe8fa09f Mon Sep 17 00:00:00 2001 +From 7982c8a06516e8b1d113953a3f3cf2e32a3a7ba5 Mon Sep 17 00:00:00 2001 From: Tad -Date: Sat, 14 Sep 2019 20:12:26 -0400 -Subject: [PATCH] Support OTA recovery key override +Date: Mon, 5 Apr 2021 23:11:12 -0400 +Subject: [PATCH] Allow setting OTA public keys from environment variable -Change-Id: Icafdb77a0c39353aaefbdf65a83f76be6e3e5f63 +Change-Id: Iaa8890283c30441bf8543a8ca1cd9296e9453d91 --- - core/Makefile | 5 +++++ - 1 file changed, 5 insertions(+) + core/Makefile | 5 ++--- + core/product_config.mk | 5 +++++ + 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/core/Makefile b/core/Makefile -index 3fb424733..a87bce4df 100644 +index 3fb424733..67e0170e6 100644 --- a/core/Makefile +++ b/core/Makefile -@@ -1038,6 +1038,11 @@ ifneq ($(OTA_PACKAGE_SIGNING_KEY),) - PRODUCT_EXTRA_RECOVERY_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) - endif +@@ -1033,9 +1033,8 @@ endif + # substitute other keys for this one. + OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem +-ifneq ($(OTA_PACKAGE_SIGNING_KEY),) +- OTA_PUBLIC_KEYS := $(OTA_PACKAGE_SIGNING_KEY).x509.pem +- PRODUCT_EXTRA_RECOVERY_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) +ifneq ($(OTA_KEY_OVERRIDE_DIR),) + OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem + endif + + # Generate a file containing the keys that will be read by the +diff --git a/core/product_config.mk b/core/product_config.mk +index 7b440b1ef..f26ebb6d5 100644 +--- a/core/product_config.mk ++++ b/core/product_config.mk +@@ -422,6 +422,11 @@ PRODUCT_OTA_PUBLIC_KEYS := $(sort \ + PRODUCT_EXTRA_RECOVERY_KEYS := $(sort \ + $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_EXTRA_RECOVERY_KEYS)) + ++ifneq ($(OTA_KEY_OVERRIDE_DIR),) ++ PRODUCT_OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem + PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra +endif + - # Generate a file containing the keys that will be read by the - # recovery binary. - RECOVERY_INSTALL_OTA_KEYS := \ + PRODUCT_DEX_PREOPT_DEFAULT_FLAGS := \ + $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEX_PREOPT_DEFAULT_FLAGS)) + PRODUCT_DEX_PREOPT_BOOT_FLAGS := \ -- -2.21.0 +2.30.2 diff --git a/Patches/LineageOS-15.1/android_build/0001-OTA_Keys.patch b/Patches/LineageOS-15.1/android_build/0001-OTA_Keys.patch new file mode 100644 index 00000000..f06acc68 --- /dev/null +++ b/Patches/LineageOS-15.1/android_build/0001-OTA_Keys.patch @@ -0,0 +1,45 @@ +From 6b2e3eb190363d4e5957890826e97f5674b38539 Mon Sep 17 00:00:00 2001 +From: Tad +Date: Mon, 5 Apr 2021 23:03:18 -0400 +Subject: [PATCH] Allow setting OTA public keys from environment variable + +Change-Id: Ie7edd059b8d701d5ec0d0d922e23d034f69e579f +--- + core/Makefile | 4 ++++ + core/product_config.mk | 5 +++++ + 2 files changed, 9 insertions(+) + +diff --git a/core/Makefile b/core/Makefile +index f2a524d58..92c7928d3 100644 +--- a/core/Makefile ++++ b/core/Makefile +@@ -1217,6 +1217,10 @@ endif + # substitute other keys for this one. + OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem + ++ifneq ($(OTA_KEY_OVERRIDE_DIR),) ++ OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem ++endif ++ + # Generate a file containing the keys that will be read by the + # recovery binary. + RECOVERY_INSTALL_OTA_KEYS := \ +diff --git a/core/product_config.mk b/core/product_config.mk +index bcab7a384..401d27054 100644 +--- a/core/product_config.mk ++++ b/core/product_config.mk +@@ -404,6 +404,11 @@ PRODUCT_OTA_PUBLIC_KEYS := $(sort \ + PRODUCT_EXTRA_RECOVERY_KEYS := $(sort \ + $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_EXTRA_RECOVERY_KEYS)) + ++ifneq ($(OTA_KEY_OVERRIDE_DIR),) ++ PRODUCT_OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem ++ PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra ++endif ++ + PRODUCT_DEX_PREOPT_DEFAULT_FLAGS := \ + $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEX_PREOPT_DEFAULT_FLAGS)) + PRODUCT_DEX_PREOPT_BOOT_FLAGS := \ +-- +2.30.2 + diff --git a/Patches/LineageOS-16.0/android_build/0001-OTA_Keys.patch b/Patches/LineageOS-16.0/android_build/0001-OTA_Keys.patch new file mode 100644 index 00000000..27029b2b --- /dev/null +++ b/Patches/LineageOS-16.0/android_build/0001-OTA_Keys.patch @@ -0,0 +1,45 @@ +From d77b1a23b87813edb3133d314760249e1873cdf8 Mon Sep 17 00:00:00 2001 +From: Tad +Date: Mon, 5 Apr 2021 23:00:41 -0400 +Subject: [PATCH] Allow setting OTA public keys from environment variable + +Change-Id: Id2338b2d30f7c477583a34f4171d37b70f0a6e92 +--- + core/Makefile | 4 ++++ + core/product_config.mk | 5 +++++ + 2 files changed, 9 insertions(+) + +diff --git a/core/Makefile b/core/Makefile +index 404bb5413..bd23c8be3 100644 +--- a/core/Makefile ++++ b/core/Makefile +@@ -1413,6 +1413,10 @@ endif + # substitute other keys for this one. + OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem + ++ifneq ($(OTA_KEY_OVERRIDE_DIR),) ++ OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem ++endif ++ + # Generate a file containing the keys that will be read by the + # recovery binary. + RECOVERY_INSTALL_OTA_KEYS := \ +diff --git a/core/product_config.mk b/core/product_config.mk +index 2c3f21f1d..a300efbcf 100644 +--- a/core/product_config.mk ++++ b/core/product_config.mk +@@ -399,6 +399,11 @@ PRODUCT_OTA_PUBLIC_KEYS := $(sort \ + PRODUCT_EXTRA_RECOVERY_KEYS := $(sort \ + $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_EXTRA_RECOVERY_KEYS)) + ++ifneq ($(OTA_KEY_OVERRIDE_DIR),) ++ PRODUCT_OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem ++ PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra ++endif ++ + PRODUCT_DEX_PREOPT_DEFAULT_COMPILER_FILTER := \ + $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEX_PREOPT_DEFAULT_COMPILER_FILTER)) + PRODUCT_DEX_PREOPT_DEFAULT_FLAGS := \ +-- +2.30.2 + diff --git a/Patches/LineageOS-17.1/android_build/0002-OTA_Keys.patch b/Patches/LineageOS-17.1/android_build/0002-OTA_Keys.patch new file mode 100644 index 00000000..fe3fa88d --- /dev/null +++ b/Patches/LineageOS-17.1/android_build/0002-OTA_Keys.patch @@ -0,0 +1,45 @@ +From 1dd6a60f1fe8305f74795225a26a8301c690d898 Mon Sep 17 00:00:00 2001 +From: Tad +Date: Mon, 5 Apr 2021 22:55:30 -0400 +Subject: [PATCH] Allow setting OTA public keys from environment variable + +Change-Id: I23c4acdff039f141afafcd0e736a341992f2f8ec +--- + core/Makefile | 4 ++++ + core/product_config.mk | 5 +++++ + 2 files changed, 9 insertions(+) + +diff --git a/core/Makefile b/core/Makefile +index a5eef489f..64468d841 100644 +--- a/core/Makefile ++++ b/core/Makefile +@@ -1891,6 +1891,10 @@ endif + # substitute other keys for this one. + OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem + ++ifneq ($(OTA_KEY_OVERRIDE_DIR),) ++ OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem ++endif ++ + # Generate a file containing the keys that will be read by the + # recovery binary. + RECOVERY_INSTALL_OTA_KEYS := \ +diff --git a/core/product_config.mk b/core/product_config.mk +index 9460357ca..be4bfec75 100644 +--- a/core/product_config.mk ++++ b/core/product_config.mk +@@ -326,6 +326,11 @@ ENFORCE_SYSTEM_CERTIFICATE_WHITELIST := $(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_RE + PRODUCT_OTA_PUBLIC_KEYS := $(sort $(PRODUCT_OTA_PUBLIC_KEYS)) + PRODUCT_EXTRA_RECOVERY_KEYS := $(sort $(PRODUCT_EXTRA_RECOVERY_KEYS)) + ++ifneq ($(OTA_KEY_OVERRIDE_DIR),) ++ PRODUCT_OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem ++ PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra ++endif ++ + # Resolve and setup per-module dex-preopt configs. + DEXPREOPT_DISABLED_MODULES := + # If a module has multiple setups, the first takes precedence. +-- +2.30.2 + diff --git a/Patches/LineageOS-18.1/android_build/0002-OTA_Keys.patch b/Patches/LineageOS-18.1/android_build/0002-OTA_Keys.patch index a6153692..b8ef51ff 100644 --- a/Patches/LineageOS-18.1/android_build/0002-OTA_Keys.patch +++ b/Patches/LineageOS-18.1/android_build/0002-OTA_Keys.patch @@ -1,29 +1,29 @@ -From 7cea4afe3e17c1dc8910c8ae9ad551bf280173ea Mon Sep 17 00:00:00 2001 +From e09adb8a973f11208058c4c74aa32b9899b1d6df Mon Sep 17 00:00:00 2001 From: Tad -Date: Wed, 31 Mar 2021 01:26:27 -0400 -Subject: [PATCH] Support OTA recovery key override +Date: Mon, 5 Apr 2021 22:53:31 -0400 +Subject: [PATCH] Allow setting OTA public keys from environment variable -Change-Id: I216c121a54331e9424dfc1543f85752b07229d9b +Change-Id: Ic8076ff80fbf39c47e20a2fbfda4a6d8592d431b --- core/product_config.mk | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/core/product_config.mk b/core/product_config.mk -index a16af05cf..0152a3543 100644 +index a16af05cf..4849d5009 100644 --- a/core/product_config.mk +++ b/core/product_config.mk -@@ -280,6 +280,11 @@ $(foreach pair,$(PRODUCT_UPDATABLE_BOOT_JARS), \ - ENFORCE_SYSTEM_CERTIFICATE := $(PRODUCT_ENFORCE_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT) - ENFORCE_SYSTEM_CERTIFICATE_ALLOW_LIST := $(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_ALLOW_LIST) - -+ifneq ($(OTA_KEY_OVERRIDE_DIR),) -+ OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem -+ PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra -+endif -+ +@@ -283,6 +283,11 @@ ENFORCE_SYSTEM_CERTIFICATE_ALLOW_LIST := $(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_R PRODUCT_OTA_PUBLIC_KEYS := $(sort $(PRODUCT_OTA_PUBLIC_KEYS)) PRODUCT_EXTRA_RECOVERY_KEYS := $(sort $(PRODUCT_EXTRA_RECOVERY_KEYS)) ++ifneq ($(OTA_KEY_OVERRIDE_DIR),) ++ PRODUCT_OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem ++ PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra ++endif ++ + # Resolve and setup per-module dex-preopt configs. + DEXPREOPT_DISABLED_MODULES := + # If a module has multiple setups, the first takes precedence. -- 2.30.2 diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh index e775e9fa..b6656ba4 100644 --- a/Scripts/Common/Functions.sh +++ b/Scripts/Common/Functions.sh @@ -154,7 +154,7 @@ processRelease() { local ARCHIVE="$DOS_BUILDS/$DOS_VERSION/release_keys/"; local OUT_DIR="$DOS_BUILD_BASE/out/target/product/$DEVICE/"; - local RELEASETOOLS_PREFIX="build/tools/releasetools/"; #XXX: FIXME 18REBASE + local RELEASETOOLS_PREFIX="build/tools/releasetools/"; if [[ "$DOS_VERSION" == "LineageOS-18.1" ]]; then local RELEASETOOLS_PREFIX=""; fi; @@ -183,7 +183,7 @@ processRelease() { #Malware Scan if [ "$DOS_MALWARE_SCAN_BEFORE_SIGN" = true ]; then echo -e "\e[0;32mScanning files for malware before signing\e[0m"; - scanForMalware false "$OUT_DIR/obj/PACKAGING/target_files_intermediates/*$DEVICE-target_files-*.zip"; + scanForMalware false $OUT_DIR/obj/PACKAGING/target_files_intermediates/*$DEVICE-target_files-*.zip; fi; #Target Files @@ -191,26 +191,28 @@ processRelease() { "$RELEASETOOLS_PREFIX"sign_target_files_apks -o -d "$KEY_DIR" \ "${VERITY_SWITCHES[@]}" \ $OUT_DIR/obj/PACKAGING/target_files_intermediates/*$DEVICE-target_files-*.zip \ - $OUT_DIR/$PREFIX-target_files.zip; - sha512sum $OUT_DIR/$PREFIX-target_files.zip > $OUT_DIR/$PREFIX-target_files.zip.sha512sum; + "$OUT_DIR/$PREFIX-target_files.zip"; + sha512sum "$OUT_DIR/$PREFIX-target_files.zip" > "$OUT_DIR/$PREFIX-target_files.zip.sha512sum"; local INCREMENTAL_ID=$(grep "ro.build.version.incremental" $OUT_DIR/system/build.prop | cut -f2 -d "=" | sed 's/\.//g'); - echo $INCREMENTAL_ID > $OUT_DIR/$PREFIX-target_files.zip.id; + echo "$INCREMENTAL_ID" > "$OUT_DIR/$PREFIX-target_files.zip.id"; #Image - if [ ! -f $OUT_DIR/recovery.img ]; then + unzip -l $OUT_DIR/$PREFIX-target_files.zip | grep -q recovery.img; + local hasRecoveryImg="$?"; + if [ "$hasRecoveryImg" == "0" ]; then echo -e "\e[0;32mCreating fastboot image\e[0m"; - "$RELEASETOOLS_PREFIX"img_from_target_files $OUT_DIR/$PREFIX-target_files.zip \ - $OUT_DIR/$PREFIX-fastboot.zip || exit 1; - sha512sum $OUT_DIR/$PREFIX-fastboot.zip > $OUT_DIR/$PREFIX-fastboot.zip.sha512sum; + "$RELEASETOOLS_PREFIX"img_from_target_files "$bootOnly" "$OUT_DIR/$PREFIX-target_files.zip" \ + "$OUT_DIR/$PREFIX-fastboot.zip"; + sha512sum "$OUT_DIR/$PREFIX-fastboot.zip" > "$OUT_DIR/$PREFIX-fastboot.zip.sha512sum"; fi #OTA echo -e "\e[0;32mCreating OTA\e[0m"; "$RELEASETOOLS_PREFIX"ota_from_target_files $BLOCK_SWITCHES -k "$KEY_DIR/releasekey" \ - $OUT_DIR/$PREFIX-target_files.zip \ - $OUT_DIR/$PREFIX-ota.zip; - md5sum $OUT_DIR/$PREFIX-ota.zip > $OUT_DIR/$PREFIX-ota.zip.md5sum; - sha512sum $OUT_DIR/$PREFIX-ota.zip > $OUT_DIR/$PREFIX-ota.zip.sha512sum; + "$OUT_DIR/$PREFIX-target_files.zip" \ + "$OUT_DIR/$PREFIX-ota.zip"; + md5sum "$OUT_DIR/$PREFIX-ota.zip" > "$OUT_DIR/$PREFIX-ota.zip.md5sum"; + sha512sum "$OUT_DIR/$PREFIX-ota.zip" > "$OUT_DIR/$PREFIX-ota.zip.sha512sum"; #Deltas if [ "$DOS_GENERATE_DELTAS" = true ]; then @@ -218,31 +220,23 @@ processRelease() { if [[ -f "$LAST_TARGET_FILES.id" ]]; then local LAST_INCREMENTAL_ID=$(cat "$LAST_TARGET_FILES.id"); echo -e "\e[0;32mGenerating incremental OTA against $LAST_INCREMENTAL_ID\e[0m"; - #TODO: Verify GPG signature and checksum of target-files first! + #TODO: Verify GPG signature and checksum of previous target-files first! "$RELEASETOOLS_PREFIX"ota_from_target_files $BLOCK_SWITCHES -t 8 -k "$KEY_DIR/releasekey" -i \ "$LAST_TARGET_FILES" \ - $OUT_DIR/$PREFIX-target_files.zip \ - $OUT_DIR/$PREFIX-incremental_$LAST_INCREMENTAL_ID.zip; - sha512sum $OUT_DIR/$PREFIX-incremental_$LAST_INCREMENTAL_ID.zip > $OUT_DIR/$PREFIX-incremental_$LAST_INCREMENTAL_ID.zip.sha512sum; + "$OUT_DIR/$PREFIX-target_files.zip" \ + "$OUT_DIR/$PREFIX-incremental_$LAST_INCREMENTAL_ID.zip"; + sha512sum "$OUT_DIR/$PREFIX-incremental_$LAST_INCREMENTAL_ID.zip" > "$OUT_DIR/$PREFIX-incremental_$LAST_INCREMENTAL_ID.zip.sha512sum"; fi; done; fi; #Extract signed recovery - unzip -l $OUT_DIR/$PREFIX-target_files.zip | grep -q recovery.img; - local hasRecoveryImg=$?; if [ "$hasRecoveryImg" == "0" ]; then echo -e "\e[0;32mExtracting signed recovery.img\e[0m"; - mkdir $OUT_DIR/rec_tmp; - unzip $OUT_DIR/$PREFIX-target_files.zip IMAGES/recovery.img -d $OUT_DIR/rec_tmp; - mv $OUT_DIR/rec_tmp/IMAGES/recovery.img $OUT_DIR/$PREFIX-recovery.img; - sha512sum $OUT_DIR/$PREFIX-recovery.img > $OUT_DIR/$PREFIX-recovery.img.sha512sum; - #else - # echo -e "\e[0;32mExtracting signed boot.img\e[0m"; - # mkdir $OUT_DIR/rec_tmp; - # unzip $OUT_DIR/$PREFIX-target_files.zip IMAGES/boot.img -d $OUT_DIR/rec_tmp; - # mv $OUT_DIR/rec_tmp/IMAGES/boot.img $OUT_DIR/$PREFIX-boot.img; - # sha512sum $OUT_DIR/$PREFIX-boot.img > $OUT_DIR/$PREFIX-boot.img.sha512sum; + mkdir "$OUT_DIR/rec_tmp"; + unzip "$OUT_DIR/$PREFIX-target_files.zip" "IMAGES/recovery.img" -d "$OUT_DIR/rec_tmp"; + mv "$OUT_DIR/rec_tmp/IMAGES/recovery.img" "$OUT_DIR/$PREFIX-recovery.img"; + sha512sum "$OUT_DIR/$PREFIX-recovery.img" > "$OUT_DIR/$PREFIX-recovery.img.sha512sum"; fi; #File name fixes diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh index f7866ff4..894d4f58 100644 --- a/Scripts/LineageOS-14.1/Functions.sh +++ b/Scripts/LineageOS-14.1/Functions.sh @@ -37,14 +37,14 @@ export -f scanWorkspaceForMalware; buildDevice() { cd "$DOS_BUILD_BASE"; export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1"; - brunch "lineage_$1-user" && processRelease $1 true $2; + breakfast "lineage_$1-user" && mka target-files-package otatools && processRelease $1 true $2; } export -f buildDevice; buildDeviceUserDebug() { cd "$DOS_BUILD_BASE"; export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1"; - brunch "lineage_$1-userdebug" && processRelease $1 true $2; + breakfast "lineage_$1-userdebug" && mka target-files-package otatools && processRelease $1 true $2; } export -f buildDeviceUserDebug; diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh index e4518c06..7f7e0350 100644 --- a/Scripts/LineageOS-15.1/Functions.sh +++ b/Scripts/LineageOS-15.1/Functions.sh @@ -41,13 +41,6 @@ buildDevice() { } export -f buildDevice; -buildDeviceUserDebug() { - cd "$DOS_BUILD_BASE"; - export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1"; - breakfast "lineage_$1-userdebug" && mka target-files-package otatools && processRelease $1 true $2; -} -export -f buildDeviceUserDebug; - buildDeviceDebug() { cd "$DOS_BUILD_BASE"; unset OTA_KEY_OVERRIDE_DIR; diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index 8f244a71..728be81c 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -63,8 +63,7 @@ sed -i 's/!= 2048/< 2048/' tools/dumpkey/DumpPublicKey.java; #Allow 4096-bit key sed -i 's/(!has_serial_number || serial_number_matched)/!has_serial_number/' recovery.cpp; #Abort on serial number specific packages (GrapheneOS) enterAndClear "build/make"; -patch -p1 < "$DOS_PATCHES_COMMON/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification -awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk; +patch -p1 < "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; #Switch to Silence diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh index 0b2e08e6..c9261eeb 100644 --- a/Scripts/LineageOS-16.0/Functions.sh +++ b/Scripts/LineageOS-16.0/Functions.sh @@ -41,13 +41,6 @@ buildDevice() { } export -f buildDevice; -buildDeviceUserDebug() { - cd "$DOS_BUILD_BASE"; - export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1"; - breakfast "lineage_$1-userdebug" && mka target-files-package otatools && processRelease $1 true $2; -} -export -f buildDeviceUserDebug; - buildDeviceDebug() { cd "$DOS_BUILD_BASE"; unset OTA_KEY_OVERRIDE_DIR; diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index 6ee99916..6a8dad35 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -69,8 +69,7 @@ patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-No_SerialNum_Restrictio enterAndClear "build/make"; git revert --no-edit 271f6ffa045064abcac066e97f2cb53ccb3e5126 61f7ee9386be426fd4eadc2c8759362edb5bef8; #Add back PicoTTS and language files -patch -p1 < "$DOS_PATCHES_COMMON/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification -awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk; +patch -p1 < "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; #Switch to Silence diff --git a/Scripts/LineageOS-17.1/Functions.sh b/Scripts/LineageOS-17.1/Functions.sh index 55bc0b34..8b701369 100644 --- a/Scripts/LineageOS-17.1/Functions.sh +++ b/Scripts/LineageOS-17.1/Functions.sh @@ -41,13 +41,6 @@ buildDevice() { } export -f buildDevice; -buildDeviceUserDebug() { - cd "$DOS_BUILD_BASE"; - export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1"; - breakfast "lineage_$1-userdebug" && mka target-files-package otatools && processRelease $1 true $2; -} -export -f buildDeviceUserDebug; - buildDeviceDebug() { cd "$DOS_BUILD_BASE"; unset OTA_KEY_OVERRIDE_DIR; diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh index 7a14631e..3387a415 100644 --- a/Scripts/LineageOS-17.1/Patch.sh +++ b/Scripts/LineageOS-17.1/Patch.sh @@ -66,8 +66,7 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bio enterAndClear "build/make"; patch -p1 < "$DOS_PATCHES/android_build/0001-Restore_TTS.patch"; #Add back PicoTTS and language files -patch -p1 < "$DOS_PATCHES_COMMON/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification -awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk; +patch -p1 < "$DOS_PATCHES/android_build/0002-OTA_Keys.patch"; #add correct keys to recovery for OTA verification sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/gsi_common.mk; #Switch to Silence awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX diff --git a/Scripts/LineageOS-18.1/Functions.sh b/Scripts/LineageOS-18.1/Functions.sh index bf6aea9d..7ba67e39 100644 --- a/Scripts/LineageOS-18.1/Functions.sh +++ b/Scripts/LineageOS-18.1/Functions.sh @@ -41,13 +41,6 @@ buildDevice() { } export -f buildDevice; -buildDeviceUserDebug() { - cd "$DOS_BUILD_BASE"; - export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1"; - breakfast "lineage_$1-userdebug" && mka target-files-package otatools && processRelease $1 true $2; -} -export -f buildDeviceUserDebug; - buildDeviceDebug() { cd "$DOS_BUILD_BASE"; unset OTA_KEY_OVERRIDE_DIR; diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh index 4189f5ef..a64fa731 100644 --- a/Scripts/LineageOS-18.1/Patch.sh +++ b/Scripts/LineageOS-18.1/Patch.sh @@ -63,7 +63,6 @@ patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-No_SerialNum_Restrictio enterAndClear "build/make"; patch -p1 < "$DOS_PATCHES/android_build/0001-Restore_TTS.patch"; #Add back PicoTTS and language files patch -p1 < "$DOS_PATCHES/android_build/0002-OTA_Keys.patch"; #add correct keys to recovery for OTA verification -awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk; sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/aosp_product.mk; #Switch to Silence awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX diff --git a/Scripts/init.sh b/Scripts/init.sh index d3ca3fde..56cf083a 100644 --- a/Scripts/init.sh +++ b/Scripts/init.sh @@ -151,6 +151,8 @@ export DOS_SCRIPTS_CVES=$DOS_SCRIPTS"CVE_Patchers/"; export KBUILD_BUILD_USER="emy"; export KBUILD_BUILD_HOST="dosbm"; +export BUILD_USERNAME="emy"; +export BUILD_HOSTNAME="dosbm"; export ANDROID_JACK_VM_ARGS="-Xmx6144m -Xms512m -Dfile.encoding=UTF-8 -XX:+TieredCompilation"; export JACK_SERVER_VM_ARGUMENTS="${ANDROID_JACK_VM_ARGS}"; @@ -158,6 +160,7 @@ export EXPERIMENTAL_USE_JAVA8=true; export GRADLE_OPTS="-Xmx2048m"; export TZ=:/etc/localtime; export LC_ALL=C; +export LANG=en_US.UTF-8; alias patch='patch --no-backup-if-mismatch'; #START OF VERIFICATION