PRODUCT_OTA_PUBLIC_KEYS is meant to be set by a vendor tree, something
we don't use.
Override it at the source and set it explicitely as well.
This ensures that the compiled recovery.img and the one generated by
sign_target_files_apks.py includes the real public keys for verification.
11.0 signing is ignored.
This will need to be extensively tested as breakage can mean brick on locked
devices.
Although in failure cases it seems test-keys are accepted.
--
After much testing there appears to be a deeper issue with how keys
are inserted into the recovery and handled
- Deblobber: don't remove mfc_fw.bin, used for media decode
- Deblobber: don't remove es305_fw.bin, used for audio processing
- don't force dexpreopt on manta, likely breaks Wi-Fi
- fix some SELinux denials on manta
- Add m7 and avicii (untested)
- Use low_ram target on <2GB devices
Silly me, this never did anything due to the git reset...
- Update Chromium WebView cherrypick
This should be most of it
also
- properly update webview, repopick doesn't seem to handle the branch
- always cd back to base, to prevent script breakage
VoLTE tested working on mata/17.1!
VoWiFi tested working with DOS_DEBLOBBER_REMOVE_CNE=false
- Disable Graphene exec spawning feature, subtly breaks many apps
Maybe missing some patches?
- Build old versions for devices with broken IMS
- Ensure shell umask is always 0022
- fwb overlay: drop the MMS user-agent overrides
- Drop the BlobBlocker and ModuleBlocker
They were unused and unkempt.
- Put volteOverride behind DOS_DEBLOBBER_REMOVE_IMS and comment it
- SUPL NTP fix
- Remove debug info from dexpreopt, saves a few MB
- 15.1+: enable full dexpreopt, for perf and memory benefits
- 17.1: change oneplus/msm8998-common kernel
- 17.1: add OpenCamera to AUX list
- Resurrect verity for devices missed previously
- Update some CVE patchers
- deblobber: remove some lingering atfwd blobs
