- Fix instances of awk failing on missing globs
- Remove unwanted packages from work/user/managed profiles
- Remove proprietary camera extensions
Signed-off-by: Tad <tad@spotco.us>
- Drop OpenCamera, it doesn't work on lock screens anymore?
- microG on 18.1+:
- set packages forceQueryable
- spoof some sources as Play Store
TODO: backport this to 17.1
- Remove camera extensions
- Churn
- Wording
Signed-off-by: Tad <tad@spotco.us>
- Only enable on Linux 3.0 through 4.9
- Always enable defer option
- Only run twice a second, instead of fifty times a second
Signed-off-by: Tad <tad@spotco.us>
- 19.1/20.0: Enable low ram for <6GB devices
- 20.0: support RROs with exec spawning patch from GrapheneOS
- allow work profiles when low ram is enabled
- churn
- cherrypicks
Signed-off-by: Tad <tad@spotco.us>
this one will break the build when using https://github.com/Divested-Mobile/DivestOS-Build/pull/206 :
> rename: /ssd/tmp/dos/hotdog/LineageOS-20.0/release_keys//incrementals/xxxx-20.0-20230713-dos-hotdog-incremental_*.zip*: not accessible: No such file or directory
the next one is a cosmetic thing only. while the current implementation does not break the build I prefer skipping it if not needed at all instead of just the `|| true` workaround.
"fixes" the message in build output when no delta is requested:
> cp: cannot stat 'xxxx-20.0-20230713-dos-hotdog-incremental_*.zip*': No such file or directory
Signed-off-by: steadfasterX <steadfasterX@users.noreply.github.com>
Unlike other systems which ship privileged microG out of the box:
- User must enable microG repo in F-Droid
- User must install official microG apps (GmsCore/FakeStore/GSF)
- User must enable the microG toggle in Settings
- NOT a privileged app, not all features will work
- gmscore SELinux domain is still disabled
Signed-off-by: Tad <tad@spotco.us>
As dtbo is necessary on avicii, hotdog, hotdogb, instantnoodle, instantnoodlep, kebab, lemonades, pro1x
Which all don't currently have a fastboo.zip provided
Signed-off-by: Tad <tad@spotco.us>
- Simplify Private DNS preset patchsets
based on updated CalyxOS patchset
TODO: backport this
- Add DoH endpoints for all of the presets
Disabled, very few hosts actually support DoH/3
Signed-off-by: Tad <tad@spotco.us>
- Includes CVE-2023-32233 fixes for more devices
- Upstream has reverted the LVT patches, maybe consider handling them
Signed-off-by: Tad <tad@spotco.us>
I don't like hearing the WRRRRRRRRRRRRRRRRRRRRRRRRR of the fans and drives in my nas spinning up every time a build finishes
Signed-off-by: Tad <tad@spotco.us>
20.0:
- akatsuki
- lemonades
- dipper, equuleus, polaris, ursa
19.1:
- kirin, mermaid
- apollon
note lemonades is failing like kebab:
> Sum of sizes in oneplus_dynamic_partitions_partition_list is 3765178368, which is greater than oneplus_dynamic_partitions_size (3753902080)
Signed-off-by: Tad <tad@spotco.us>
The deblobber already removes xtra-daemon which is what actually performs the requests.
This is just extra sanctity.
Signed-off-by: Tad <tad@spotco.us>
when the file `~/.divested.vars.${BDEVICE}` exists it get
sourced after the default variables set by init.sh.
so to make use of this you have to
`export BDEVICE=hotdog`
before `source ../Scripts/init.sh`. Then the file `~/.divested.vars.hotdog` will
be sourced - if existent.
this way one can:
- override defaults without touching the init.sh (makes git pull more convenient)
- set different settings for different devices
Signed-off-by: steadfasterX <steadfasterX@gmail.com>
this commit adds (the currently non-existing) error handling when
using divest's functions and scripts.
all the magic here gets activated when `source ../../Scripts/init.sh`
gets executed which is already a mandatory step before starting any
of the divest functions.
when something fails during patching, resetting or building
each error will be catched + printed including an error code now.
last but not least the executed file and the line number causing that
failure will be shown, too.
as all divest functions get source'd and so not a single build
script gets executed all ERR's needs to be trapped to catch issues.
I am not aware of another way to handle that properly as sourcing
means we cannot track a script or smth while this approach here
just works.
Example for an error thrown in a function call:
> ERROR: $DOS_WORKSPACE_ROOT/Scripts/Common/Functions.sh -> verifyAllPlatformTags() ended with status >1< at line >49<
Final SUCCESS result message after using `patchWorkspace`:
> [FINAL RESULT] No error detected (please check the above output nevertheless!)
Final ERROR result message after using `patchWorkspace`:
> [FINAL RESULT] Serious error(s) found!!!
> Summary error code was: 126. Check & fix all error lines above
Some notes:
- when an error occurs the process continues until the end (like it is now)
i.e. an error will not stop the current and following tasks
- when multiple errors occur the exit codes will be summed
- buildDevice: a (summed) end result gets printed (SUCCESS or ERROR) at the very end
- the trap used to catch any error will also be active for any command executed
on the cli. that means: type "false" -> ENTER and you will get an error, too
same for any script exectued after source init.sh
- when all goes well the trap will be resetted at the end but there are cases
where this might not happen -> that is why `resetEnv` can be executed to
reset the trap, i.e. all becomes as it was before sourcing init.sh
- `resetEnv` gets called automatically:
- after a successful `patchWorkspace` run
- whenever CTRL+C is used (during a running task or just on the cli)
- a process get killed (SIGHUP, TERM)
- the whole implementation might not catch all errors though - it highly depends
on how the function or the script/program called actually handles errors or better
said: if they return a proper exit code on failures.
For example some tools (like some git cmds) might print an error but don't return
a non-zero exit code. This cannot be tracked other then with your eyes or these
must be replaced by other methods returning a non-zero exit code on failures.
Signed-off-by: steadfasterX <steadfasterX@gmail.com>
Fixes the following issue on systems where /bin/sh != /bin/bash (e.g. Ubuntu):
> source [...]/Scripts/Common/Tag_Verifier.sh && verifyTagIfPlatform : 1: source: not found
for these (unsupported) systems the following is still required (not needed on Fedora or other systems using /bin/sh -> /bin/bash):
1. `ln -s /bin/bash ~/.local/bin/sh`
2. .bashrc -> `export PATH="$HOME/.local/bin:$PATH"`
3. .bashrc -> `alias sh='/bin/bash'`
Signed-off-by: steadfasterX <steadfasterX@users.noreply.github.com>
- 18.1: Fix exempted background tasks when dozing (GrapheneOS)
- 20.0: pick a fix for some colors after qpr2
- 20.0: fix the missing notification backdrop
Signed-off-by: Tad <tad@spotco.us>
- 18.1+: Disable NTP fully when automatic time is off, credit GrapheneOS
- 20.0: Handle Tor-over-Orbot when killswitch enabled, credit CalyxOS, BROKEN
Signed-off-by: Tad <tad@spotco.us>
Some devices still don't have these in 2023
https://gitlab.com/LineageOS/issues/android/-/issues/2193
Note, the following still aren't patched:
15.1
kernel/google/msm
kernel/lge/hammerhead
16.0
kernel/cyanogen/msm8974
kernel/lge/hammerhead
18.1
kernel/motorola/msm8974
Signed-off-by: Tad <tad@spotco.us>
Backports of rfc4941bis from Google/Linaro
and workaround for legacy kernels from GrapheneOS
already has rfc4941bis patch:
fairphone_sdm632
google_gs101
google_gs201
google_msm-4.14
google_msm-4.9
google_redbull
oneplus_sdm845
razer_sdm845
xiaomi_sdm845
Signed-off-by: Tad <tad@spotco.us>
And remove the F-Droid repo for it, will be moved to the 'DivestOS Official' repo
This simplifies release management and also allows other systems to benefit from the repo
Downside is users who don't update to this build won't receive any updates for it anymore
Signed-off-by: Tad <tad@spotco.us>
- 17.1: Add more captive portal server options like 18.1+, disabled: needs fixes
- 17.1: Add the hosts toggle like 18.1+
- 18.1: fix junk in patch
- 17.1+: hosts toggle: bugfix: fixup localhost handling by switching to strcmp
- 15.1: fixes to get hmalloc to compile, does NOT boot
Signed-off-by: Tad <tad@spotco.us>
- loose versioning fixes for 4.9
- remove GPG commit verification for GOS repos, they use SSH now. TODO: support that
- 20.0: fixup AudioFX stray lines
- 20.0: broken fix for gs101/201 stray iwlan lines
Signed-off-by: Tad <tad@spotco.us>
This applies 3.4 patches to 3.10 if no other match is available
Note: CVE-2017-13245/3.4/0002.patch ends up applied over CVE-2018-10902/3.18/0003.patch
Signed-off-by: Tad <tad@spotco.us>
- there have been updater checks for all of these on 20.0, expect for aura
- 20.0 has been my daily driver on fajita (and recently bluejay) since mid October
- there are only some minor issues on 20.0 that aren't much of a blocker
- LineageOS has marked 20.0 stable
Signed-off-by: Tad <tad@spotco.us>
- Enable APEX for Pixel 6/7, necessary for camera and pKVM
- Also drop hack removing pKVM for Pixel 6/7
- patch from GrapheneOS
- Extend hmalloc workaround to /apex
- Deblobber:
- actually handle wildcard f/w/b overlays
- move some stuff around
- remove some more Pixel blobs
- flag and disable removal of camera extensions, being able to use the second camera is nice
- Adjust what hardenDefconfig disables, caused boot issues
minimal impact as most of these are already default-disabled
can be narrowed down in future
- Disable some of the bionic hardening patches, causing more boot issues
annoying to lose, but having a phone that boots is more important
- Add LTE only mode to 17.1, 18.1, 19.1, and 20.0, credit GrapheneOS
- Remove Pixel 2 ramdisk compression reverts, fixed upstream
And yes, I know I should've split up this commit...
Signed-off-by: Tad <tad@spotco.us>
This fixes CVE-2018-9422 which was primarily added via b56fabac
May still need to be fixed:
16.0/kernel_google_yellowstone
16.0/kernel_xiaomi_msm8937
Signed-off-by: Tad <tad@spotco.us>