Failed attempt at fixing signing

PRODUCT_OTA_PUBLIC_KEYS is meant to be set by a vendor tree, something
we don't use.

Override it at the source and set it explicitely as well.

This ensures that the compiled recovery.img and the one generated by
sign_target_files_apks.py includes the real public keys for verification.

11.0 signing is ignored.

This will need to be extensively tested as breakage can mean brick on locked
devices.
Although in failure cases it seems test-keys are accepted.

--

After much testing there appears to be a deeper issue with how keys
are inserted into the recovery and handled

Patches/Common/android_build/0001-OTA_Keys.patch

@@ -1,29 +0,0 @@
-From 2dc326c8e10dcee50439b49d329142c3c92273c4 Mon Sep 17 00:00:00 2001
-From: Tad <tad@spotco.us>
-Date: Sat, 14 Sep 2019 20:14:42 -0400
-Subject: [PATCH] Support OTA recovery key override
-
-Change-Id: I454674073684325a4bc484ef783665fb58b5a503
----
- core/Makefile | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/core/Makefile b/core/Makefile
-index f2a524d58..7c9735cf9 100644
---- a/core/Makefile
-+++ b/core/Makefile
-@@ -1217,6 +1217,11 @@ endif
- # substitute other keys for this one.
- OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
- 
-+ifneq ($(OTA_KEY_OVERRIDE_DIR),)
-+    OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
-+    PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra
-+endif
-+
- # Generate a file containing the keys that will be read by the
- # recovery binary.
- RECOVERY_INSTALL_OTA_KEYS := \
--- 
-2.21.0
-

Patches/LineageOS-14.1/android_build/0001-OTA_Keys.patch

@@ -1,29 +1,46 @@
-From 3d9a2560ff4ce717b91724d941c3607abe8fa09f Mon Sep 17 00:00:00 2001
+From 7982c8a06516e8b1d113953a3f3cf2e32a3a7ba5 Mon Sep 17 00:00:00 2001
 From: Tad <tad@spotco.us>
-Date: Sat, 14 Sep 2019 20:12:26 -0400
-Subject: [PATCH] Support OTA recovery key override
+Date: Mon, 5 Apr 2021 23:11:12 -0400
+Subject: [PATCH] Allow setting OTA public keys from environment variable
 
-Change-Id: Icafdb77a0c39353aaefbdf65a83f76be6e3e5f63
+Change-Id: Iaa8890283c30441bf8543a8ca1cd9296e9453d91
 ---
- core/Makefile | 5 +++++
- 1 file changed, 5 insertions(+)
+ core/Makefile          | 5 ++---
+ core/product_config.mk | 5 +++++
+ 2 files changed, 7 insertions(+), 3 deletions(-)
 
 diff --git a/core/Makefile b/core/Makefile
-index 3fb424733..a87bce4df 100644
+index 3fb424733..67e0170e6 100644
 --- a/core/Makefile
 +++ b/core/Makefile
-@@ -1038,6 +1038,11 @@ ifneq ($(OTA_PACKAGE_SIGNING_KEY),)
-     PRODUCT_EXTRA_RECOVERY_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
- endif
+@@ -1033,9 +1033,8 @@ endif
+ # substitute other keys for this one.
+ OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
  
+-ifneq ($(OTA_PACKAGE_SIGNING_KEY),)
+-    OTA_PUBLIC_KEYS := $(OTA_PACKAGE_SIGNING_KEY).x509.pem
+-    PRODUCT_EXTRA_RECOVERY_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
 +ifneq ($(OTA_KEY_OVERRIDE_DIR),)
 +    OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
+ endif
+ 
+ # Generate a file containing the keys that will be read by the
+diff --git a/core/product_config.mk b/core/product_config.mk
+index 7b440b1ef..f26ebb6d5 100644
+--- a/core/product_config.mk
++++ b/core/product_config.mk
+@@ -422,6 +422,11 @@ PRODUCT_OTA_PUBLIC_KEYS := $(sort \
+ PRODUCT_EXTRA_RECOVERY_KEYS := $(sort \
+     $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_EXTRA_RECOVERY_KEYS))
+ 
++ifneq ($(OTA_KEY_OVERRIDE_DIR),)
++    PRODUCT_OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
 +    PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra
 +endif
 +
- # Generate a file containing the keys that will be read by the
- # recovery binary.
- RECOVERY_INSTALL_OTA_KEYS := \
+ PRODUCT_DEX_PREOPT_DEFAULT_FLAGS := \
+     $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEX_PREOPT_DEFAULT_FLAGS))
+ PRODUCT_DEX_PREOPT_BOOT_FLAGS := \
 -- 
-2.21.0
+2.30.2
 

Patches/LineageOS-15.1/android_build/0001-OTA_Keys.patch

@@ -0,0 +1,45 @@
+From 6b2e3eb190363d4e5957890826e97f5674b38539 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Mon, 5 Apr 2021 23:03:18 -0400
+Subject: [PATCH] Allow setting OTA public keys from environment variable
+
+Change-Id: Ie7edd059b8d701d5ec0d0d922e23d034f69e579f
+---
+ core/Makefile          | 4 ++++
+ core/product_config.mk | 5 +++++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/core/Makefile b/core/Makefile
+index f2a524d58..92c7928d3 100644
+--- a/core/Makefile
++++ b/core/Makefile
+@@ -1217,6 +1217,10 @@ endif
+ # substitute other keys for this one.
+ OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+ 
++ifneq ($(OTA_KEY_OVERRIDE_DIR),)
++    OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
++endif
++
+ # Generate a file containing the keys that will be read by the
+ # recovery binary.
+ RECOVERY_INSTALL_OTA_KEYS := \
+diff --git a/core/product_config.mk b/core/product_config.mk
+index bcab7a384..401d27054 100644
+--- a/core/product_config.mk
++++ b/core/product_config.mk
+@@ -404,6 +404,11 @@ PRODUCT_OTA_PUBLIC_KEYS := $(sort \
+ PRODUCT_EXTRA_RECOVERY_KEYS := $(sort \
+     $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_EXTRA_RECOVERY_KEYS))
+ 
++ifneq ($(OTA_KEY_OVERRIDE_DIR),)
++    PRODUCT_OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
++    PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra
++endif
++
+ PRODUCT_DEX_PREOPT_DEFAULT_FLAGS := \
+     $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEX_PREOPT_DEFAULT_FLAGS))
+ PRODUCT_DEX_PREOPT_BOOT_FLAGS := \
+-- 
+2.30.2
+

Patches/LineageOS-16.0/android_build/0001-OTA_Keys.patch

@@ -0,0 +1,45 @@
+From d77b1a23b87813edb3133d314760249e1873cdf8 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Mon, 5 Apr 2021 23:00:41 -0400
+Subject: [PATCH] Allow setting OTA public keys from environment variable
+
+Change-Id: Id2338b2d30f7c477583a34f4171d37b70f0a6e92
+---
+ core/Makefile          | 4 ++++
+ core/product_config.mk | 5 +++++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/core/Makefile b/core/Makefile
+index 404bb5413..bd23c8be3 100644
+--- a/core/Makefile
++++ b/core/Makefile
+@@ -1413,6 +1413,10 @@ endif
+ # substitute other keys for this one.
+ OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+ 
++ifneq ($(OTA_KEY_OVERRIDE_DIR),)
++    OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
++endif
++
+ # Generate a file containing the keys that will be read by the
+ # recovery binary.
+ RECOVERY_INSTALL_OTA_KEYS := \
+diff --git a/core/product_config.mk b/core/product_config.mk
+index 2c3f21f1d..a300efbcf 100644
+--- a/core/product_config.mk
++++ b/core/product_config.mk
+@@ -399,6 +399,11 @@ PRODUCT_OTA_PUBLIC_KEYS := $(sort \
+ PRODUCT_EXTRA_RECOVERY_KEYS := $(sort \
+     $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_EXTRA_RECOVERY_KEYS))
+ 
++ifneq ($(OTA_KEY_OVERRIDE_DIR),)
++    PRODUCT_OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
++    PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra
++endif
++
+ PRODUCT_DEX_PREOPT_DEFAULT_COMPILER_FILTER := \
+     $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEX_PREOPT_DEFAULT_COMPILER_FILTER))
+ PRODUCT_DEX_PREOPT_DEFAULT_FLAGS := \
+-- 
+2.30.2
+

Patches/LineageOS-17.1/android_build/0002-OTA_Keys.patch

@@ -0,0 +1,45 @@
+From 1dd6a60f1fe8305f74795225a26a8301c690d898 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Mon, 5 Apr 2021 22:55:30 -0400
+Subject: [PATCH] Allow setting OTA public keys from environment variable
+
+Change-Id: I23c4acdff039f141afafcd0e736a341992f2f8ec
+---
+ core/Makefile          | 4 ++++
+ core/product_config.mk | 5 +++++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/core/Makefile b/core/Makefile
+index a5eef489f..64468d841 100644
+--- a/core/Makefile
++++ b/core/Makefile
+@@ -1891,6 +1891,10 @@ endif
+ # substitute other keys for this one.
+ OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+ 
++ifneq ($(OTA_KEY_OVERRIDE_DIR),)
++    OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
++endif
++
+ # Generate a file containing the keys that will be read by the
+ # recovery binary.
+ RECOVERY_INSTALL_OTA_KEYS := \
+diff --git a/core/product_config.mk b/core/product_config.mk
+index 9460357ca..be4bfec75 100644
+--- a/core/product_config.mk
++++ b/core/product_config.mk
+@@ -326,6 +326,11 @@ ENFORCE_SYSTEM_CERTIFICATE_WHITELIST := $(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_RE
+ PRODUCT_OTA_PUBLIC_KEYS := $(sort $(PRODUCT_OTA_PUBLIC_KEYS))
+ PRODUCT_EXTRA_RECOVERY_KEYS := $(sort $(PRODUCT_EXTRA_RECOVERY_KEYS))
+ 
++ifneq ($(OTA_KEY_OVERRIDE_DIR),)
++    PRODUCT_OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
++    PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra
++endif
++
+ # Resolve and setup per-module dex-preopt configs.
+ DEXPREOPT_DISABLED_MODULES :=
+ # If a module has multiple setups, the first takes precedence.
+-- 
+2.30.2
+

Patches/LineageOS-18.1/android_build/0002-OTA_Keys.patch

@@ -1,29 +1,29 @@
-From 7cea4afe3e17c1dc8910c8ae9ad551bf280173ea Mon Sep 17 00:00:00 2001
+From e09adb8a973f11208058c4c74aa32b9899b1d6df Mon Sep 17 00:00:00 2001
 From: Tad <tad@spotco.us>
-Date: Wed, 31 Mar 2021 01:26:27 -0400
-Subject: [PATCH] Support OTA recovery key override
+Date: Mon, 5 Apr 2021 22:53:31 -0400
+Subject: [PATCH] Allow setting OTA public keys from environment variable
 
-Change-Id: I216c121a54331e9424dfc1543f85752b07229d9b
+Change-Id: Ic8076ff80fbf39c47e20a2fbfda4a6d8592d431b
 ---
  core/product_config.mk | 5 +++++
  1 file changed, 5 insertions(+)
 
 diff --git a/core/product_config.mk b/core/product_config.mk
-index a16af05cf..0152a3543 100644
+index a16af05cf..4849d5009 100644
 --- a/core/product_config.mk
 +++ b/core/product_config.mk
-@@ -280,6 +280,11 @@ $(foreach pair,$(PRODUCT_UPDATABLE_BOOT_JARS), \
- ENFORCE_SYSTEM_CERTIFICATE := $(PRODUCT_ENFORCE_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT)
- ENFORCE_SYSTEM_CERTIFICATE_ALLOW_LIST := $(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_ALLOW_LIST)
- 
-+ifneq ($(OTA_KEY_OVERRIDE_DIR),)
-+    OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
-+    PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra
-+endif
-+
+@@ -283,6 +283,11 @@ ENFORCE_SYSTEM_CERTIFICATE_ALLOW_LIST := $(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_R
  PRODUCT_OTA_PUBLIC_KEYS := $(sort $(PRODUCT_OTA_PUBLIC_KEYS))
  PRODUCT_EXTRA_RECOVERY_KEYS := $(sort $(PRODUCT_EXTRA_RECOVERY_KEYS))
  
++ifneq ($(OTA_KEY_OVERRIDE_DIR),)
++    PRODUCT_OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
++    PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra
++endif
++
+ # Resolve and setup per-module dex-preopt configs.
+ DEXPREOPT_DISABLED_MODULES :=
+ # If a module has multiple setups, the first takes precedence.
 -- 
 2.30.2
 

Scripts/Common/Functions.sh

@@ -154,7 +154,7 @@ processRelease() {
 	local ARCHIVE="$DOS_BUILDS/$DOS_VERSION/release_keys/";
 	local OUT_DIR="$DOS_BUILD_BASE/out/target/product/$DEVICE/";
 
-	local RELEASETOOLS_PREFIX="build/tools/releasetools/"; #XXX: FIXME 18REBASE
+	local RELEASETOOLS_PREFIX="build/tools/releasetools/";
 	if [[ "$DOS_VERSION" == "LineageOS-18.1" ]]; then
 		local RELEASETOOLS_PREFIX="";
 	fi;
@@ -183,7 +183,7 @@ processRelease() {
 	#Malware Scan
 	if [ "$DOS_MALWARE_SCAN_BEFORE_SIGN" = true ]; then
 		echo -e "\e[0;32mScanning files for malware before signing\e[0m";
-		scanForMalware false "$OUT_DIR/obj/PACKAGING/target_files_intermediates/*$DEVICE-target_files-*.zip";
+		scanForMalware false $OUT_DIR/obj/PACKAGING/target_files_intermediates/*$DEVICE-target_files-*.zip;
 	fi;
 
 	#Target Files
@@ -191,26 +191,28 @@ processRelease() {
 	"$RELEASETOOLS_PREFIX"sign_target_files_apks -o -d "$KEY_DIR" \
 		"${VERITY_SWITCHES[@]}" \
 		$OUT_DIR/obj/PACKAGING/target_files_intermediates/*$DEVICE-target_files-*.zip \
-		$OUT_DIR/$PREFIX-target_files.zip;
-	sha512sum $OUT_DIR/$PREFIX-target_files.zip > $OUT_DIR/$PREFIX-target_files.zip.sha512sum;
+		"$OUT_DIR/$PREFIX-target_files.zip";
+	sha512sum "$OUT_DIR/$PREFIX-target_files.zip" > "$OUT_DIR/$PREFIX-target_files.zip.sha512sum";
 	local INCREMENTAL_ID=$(grep "ro.build.version.incremental" $OUT_DIR/system/build.prop | cut -f2 -d "=" | sed 's/\.//g');
-	echo $INCREMENTAL_ID > $OUT_DIR/$PREFIX-target_files.zip.id;
+	echo "$INCREMENTAL_ID" > "$OUT_DIR/$PREFIX-target_files.zip.id";
 
 	#Image
-	if [ ! -f $OUT_DIR/recovery.img ]; then
+	unzip -l $OUT_DIR/$PREFIX-target_files.zip | grep -q recovery.img;
+	local hasRecoveryImg="$?";
+	if [ "$hasRecoveryImg" == "0" ]; then
 		echo -e "\e[0;32mCreating fastboot image\e[0m";
-		"$RELEASETOOLS_PREFIX"img_from_target_files $OUT_DIR/$PREFIX-target_files.zip \
-			$OUT_DIR/$PREFIX-fastboot.zip || exit 1;
-		sha512sum $OUT_DIR/$PREFIX-fastboot.zip > $OUT_DIR/$PREFIX-fastboot.zip.sha512sum;
+		"$RELEASETOOLS_PREFIX"img_from_target_files "$bootOnly" "$OUT_DIR/$PREFIX-target_files.zip" \
+			"$OUT_DIR/$PREFIX-fastboot.zip";
+		sha512sum "$OUT_DIR/$PREFIX-fastboot.zip" > "$OUT_DIR/$PREFIX-fastboot.zip.sha512sum";
 	fi
 
 	#OTA
 	echo -e "\e[0;32mCreating OTA\e[0m";
 	"$RELEASETOOLS_PREFIX"ota_from_target_files $BLOCK_SWITCHES -k "$KEY_DIR/releasekey" \
-		$OUT_DIR/$PREFIX-target_files.zip  \
-		$OUT_DIR/$PREFIX-ota.zip;
-	md5sum $OUT_DIR/$PREFIX-ota.zip > $OUT_DIR/$PREFIX-ota.zip.md5sum;
-	sha512sum $OUT_DIR/$PREFIX-ota.zip > $OUT_DIR/$PREFIX-ota.zip.sha512sum;
+		"$OUT_DIR/$PREFIX-target_files.zip"  \
+		"$OUT_DIR/$PREFIX-ota.zip";
+	md5sum "$OUT_DIR/$PREFIX-ota.zip" > "$OUT_DIR/$PREFIX-ota.zip.md5sum";
+	sha512sum "$OUT_DIR/$PREFIX-ota.zip" > "$OUT_DIR/$PREFIX-ota.zip.sha512sum";
 
 	#Deltas
 	if [ "$DOS_GENERATE_DELTAS" = true ]; then
@@ -218,31 +220,23 @@ processRelease() {
 			if [[ -f "$LAST_TARGET_FILES.id" ]]; then
 				local LAST_INCREMENTAL_ID=$(cat "$LAST_TARGET_FILES.id");
 				echo -e "\e[0;32mGenerating incremental OTA against $LAST_INCREMENTAL_ID\e[0m";
-				#TODO: Verify GPG signature and checksum of target-files first!
+				#TODO: Verify GPG signature and checksum of previous target-files first!
 				"$RELEASETOOLS_PREFIX"ota_from_target_files $BLOCK_SWITCHES -t 8 -k "$KEY_DIR/releasekey" -i \
 					"$LAST_TARGET_FILES" \
-					$OUT_DIR/$PREFIX-target_files.zip \
-					$OUT_DIR/$PREFIX-incremental_$LAST_INCREMENTAL_ID.zip;
-				sha512sum $OUT_DIR/$PREFIX-incremental_$LAST_INCREMENTAL_ID.zip > $OUT_DIR/$PREFIX-incremental_$LAST_INCREMENTAL_ID.zip.sha512sum;
+					"$OUT_DIR/$PREFIX-target_files.zip" \
+					"$OUT_DIR/$PREFIX-incremental_$LAST_INCREMENTAL_ID.zip";
+				sha512sum "$OUT_DIR/$PREFIX-incremental_$LAST_INCREMENTAL_ID.zip" > "$OUT_DIR/$PREFIX-incremental_$LAST_INCREMENTAL_ID.zip.sha512sum";
 			fi;
 		done;
 	fi;
 
 	#Extract signed recovery
-	unzip -l $OUT_DIR/$PREFIX-target_files.zip | grep -q recovery.img;
-	local hasRecoveryImg=$?;
 	if [ "$hasRecoveryImg" == "0" ]; then
 		echo -e "\e[0;32mExtracting signed recovery.img\e[0m";
-		mkdir $OUT_DIR/rec_tmp;
-		unzip $OUT_DIR/$PREFIX-target_files.zip IMAGES/recovery.img -d $OUT_DIR/rec_tmp;
-		mv $OUT_DIR/rec_tmp/IMAGES/recovery.img $OUT_DIR/$PREFIX-recovery.img;
-		sha512sum $OUT_DIR/$PREFIX-recovery.img > $OUT_DIR/$PREFIX-recovery.img.sha512sum;
-	#else
-	#	echo -e "\e[0;32mExtracting signed boot.img\e[0m";
-	#	mkdir $OUT_DIR/rec_tmp;
-	#	unzip $OUT_DIR/$PREFIX-target_files.zip IMAGES/boot.img -d $OUT_DIR/rec_tmp;
-	#	mv $OUT_DIR/rec_tmp/IMAGES/boot.img $OUT_DIR/$PREFIX-boot.img;
-	#	sha512sum $OUT_DIR/$PREFIX-boot.img > $OUT_DIR/$PREFIX-boot.img.sha512sum;
+		mkdir "$OUT_DIR/rec_tmp";
+		unzip "$OUT_DIR/$PREFIX-target_files.zip" "IMAGES/recovery.img" -d "$OUT_DIR/rec_tmp";
+		mv "$OUT_DIR/rec_tmp/IMAGES/recovery.img" "$OUT_DIR/$PREFIX-recovery.img";
+		sha512sum "$OUT_DIR/$PREFIX-recovery.img" > "$OUT_DIR/$PREFIX-recovery.img.sha512sum";
 	fi;
 
 	#File name fixes

Scripts/LineageOS-14.1/Functions.sh

@@ -37,14 +37,14 @@ export -f scanWorkspaceForMalware;
 buildDevice() {
 	cd "$DOS_BUILD_BASE";
 	export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1";
-	brunch "lineage_$1-user" && processRelease $1 true $2;
+	breakfast "lineage_$1-user" && mka target-files-package otatools && processRelease $1 true $2;
 }
 export -f buildDevice;
 
 buildDeviceUserDebug() {
 	cd "$DOS_BUILD_BASE";
 	export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1";
-	brunch "lineage_$1-userdebug" && processRelease $1 true $2;
+	breakfast "lineage_$1-userdebug" && mka target-files-package otatools && processRelease $1 true $2;
 }
 export -f buildDeviceUserDebug;
 

Scripts/LineageOS-15.1/Functions.sh

@@ -41,13 +41,6 @@ buildDevice() {
 }
 export -f buildDevice;
 
-buildDeviceUserDebug() {
-	cd "$DOS_BUILD_BASE";
-	export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1";
-	breakfast "lineage_$1-userdebug" && mka target-files-package otatools && processRelease $1 true $2;
-}
-export -f buildDeviceUserDebug;
-
 buildDeviceDebug() {
 	cd "$DOS_BUILD_BASE";
 	unset OTA_KEY_OVERRIDE_DIR;

Scripts/LineageOS-15.1/Patch.sh

@@ -63,8 +63,7 @@ sed -i 's/!= 2048/< 2048/' tools/dumpkey/DumpPublicKey.java; #Allow 4096-bit key
 sed -i 's/(!has_serial_number || serial_number_matched)/!has_serial_number/' recovery.cpp; #Abort on serial number specific packages (GrapheneOS)
 
 enterAndClear "build/make";
-patch -p1 < "$DOS_PATCHES_COMMON/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
-awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk;
+patch -p1 < "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
 sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk;
 sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; #Switch to Silence
 

Scripts/LineageOS-16.0/Functions.sh

@@ -41,13 +41,6 @@ buildDevice() {
 }
 export -f buildDevice;
 
-buildDeviceUserDebug() {
-	cd "$DOS_BUILD_BASE";
-	export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1";
-	breakfast "lineage_$1-userdebug" && mka target-files-package otatools && processRelease $1 true $2;
-}
-export -f buildDeviceUserDebug;
-
 buildDeviceDebug() {
 	cd "$DOS_BUILD_BASE";
 	unset OTA_KEY_OVERRIDE_DIR;

Scripts/LineageOS-16.0/Patch.sh

@@ -69,8 +69,7 @@ patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-No_SerialNum_Restrictio
 
 enterAndClear "build/make";
 git revert --no-edit 271f6ffa045064abcac066e97f2cb53ccb3e5126 61f7ee9386be426fd4eadc2c8759362edb5bef8; #Add back PicoTTS and language files
-patch -p1 < "$DOS_PATCHES_COMMON/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
-awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk;
+patch -p1 < "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
 sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk;
 sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; #Switch to Silence
 

Scripts/LineageOS-17.1/Functions.sh

@@ -41,13 +41,6 @@ buildDevice() {
 }
 export -f buildDevice;
 
-buildDeviceUserDebug() {
-	cd "$DOS_BUILD_BASE";
-	export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1";
-	breakfast "lineage_$1-userdebug" && mka target-files-package otatools && processRelease $1 true $2;
-}
-export -f buildDeviceUserDebug;
-
 buildDeviceDebug() {
 	cd "$DOS_BUILD_BASE";
 	unset OTA_KEY_OVERRIDE_DIR;

Scripts/LineageOS-17.1/Patch.sh

@@ -66,8 +66,7 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bio
 
 enterAndClear "build/make";
 patch -p1 < "$DOS_PATCHES/android_build/0001-Restore_TTS.patch"; #Add back PicoTTS and language files
-patch -p1 < "$DOS_PATCHES_COMMON/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
-awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk;
+patch -p1 < "$DOS_PATCHES/android_build/0002-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
 sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk;
 sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/gsi_common.mk; #Switch to Silence
 awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX

Scripts/LineageOS-18.1/Functions.sh

@@ -41,13 +41,6 @@ buildDevice() {
 }
 export -f buildDevice;
 
-buildDeviceUserDebug() {
-	cd "$DOS_BUILD_BASE";
-	export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1";
-	breakfast "lineage_$1-userdebug" && mka target-files-package otatools && processRelease $1 true $2;
-}
-export -f buildDeviceUserDebug;
-
 buildDeviceDebug() {
 	cd "$DOS_BUILD_BASE";
 	unset OTA_KEY_OVERRIDE_DIR;

Scripts/LineageOS-18.1/Patch.sh

@@ -63,7 +63,6 @@ patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-No_SerialNum_Restrictio
 enterAndClear "build/make";
 patch -p1 < "$DOS_PATCHES/android_build/0001-Restore_TTS.patch"; #Add back PicoTTS and language files
 patch -p1 < "$DOS_PATCHES/android_build/0002-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
-awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk;
 sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk;
 sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/aosp_product.mk; #Switch to Silence
 awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX

Scripts/init.sh

@@ -151,6 +151,8 @@ export DOS_SCRIPTS_CVES=$DOS_SCRIPTS"CVE_Patchers/";
 
 export KBUILD_BUILD_USER="emy";
 export KBUILD_BUILD_HOST="dosbm";
+export BUILD_USERNAME="emy";
+export BUILD_HOSTNAME="dosbm";
 
 export ANDROID_JACK_VM_ARGS="-Xmx6144m -Xms512m -Dfile.encoding=UTF-8 -XX:+TieredCompilation";
 export JACK_SERVER_VM_ARGUMENTS="${ANDROID_JACK_VM_ARGS}";
@@ -158,6 +160,7 @@ export EXPERIMENTAL_USE_JAVA8=true;
 export GRADLE_OPTS="-Xmx2048m";
 export TZ=:/etc/localtime;
 export LC_ALL=C;
+export LANG=en_US.UTF-8;
 alias patch='patch --no-backup-if-mismatch';
 
 #START OF VERIFICATION