Commit Graph

2387 Commits

Author SHA1 Message Date
Tavi
44f54b0486
Update CVE patchers
Likely breakage

Signed-off-by: Tavi <tavi@divested.dev>
2024-08-19 14:14:02 -04:00
Tavi
f7bb9e0c06
Fixup + Churn
run tested: flame, fajita

Signed-off-by: Tavi <tavi@divested.dev>
2024-08-17 22:17:10 -04:00
Tavi
22c1d450ce
Update CVE patchers
Likely breakage

Signed-off-by: Tavi <tavi@divested.dev>
2024-08-17 20:42:49 -04:00
Tavi
3b0bc40f20
Churn + Fixes
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-17 14:50:15 -04:00
Tavi
03a3bdbeda
15.1: August 2024 ASB work
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-17 13:19:18 -04:00
Tavi
7251c3f1d1
Churn
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-17 12:35:07 -04:00
Tavi
a892dbaa4a
16.0: Picks
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-17 10:06:44 -04:00
Tavi
439af0cc9d
17.1: August 2024 ASB work
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-17 10:04:17 -04:00
Tavi
c3555ebac2
Churn
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-17 08:35:02 -04:00
Tavi
4b0bf74d68
Picks
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-16 19:39:52 -04:00
Tavi
e3894395a7
Reconcile picks
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-16 19:37:04 -04:00
Alexander-Kochanski
51ea0e709b Update TODO-device_additions
Requested support for crownlte (Galaxy Note 9)
2024-08-15 22:20:39 +00:00
Tavi
69bd4382ac
Picks
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-11 21:26:34 -04:00
Tavi
dda4cd7ab5
Fixups + Churn
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-11 01:09:10 -04:00
Tavi
dbfbdc93cf
Update CVE patchers
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-09 14:57:56 -04:00
Tavi
ce04374a01
Picks
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-09 14:18:31 -04:00
Tavi
653819edcd
Update CVE patchers
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-08 15:02:19 -04:00
Tavi
e876478d40 Revert "Push marlin/sailfish to 20"
This reverts commit d021933c6c.
2024-08-07 20:03:39 -04:00
Tavi
d021933c6c
Push marlin/sailfish to 20
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-07 20:03:25 -04:00
Tavi
e1586ec317
Always handle alternative property files for oem_unlock_supported
Some of these devices were not being patched, such as:
- pro1x
- oneplus/sm8150-common
- oneplus/sm8250-common
- oneplus/sm8350-common

Signed-off-by: Tavi <tavi@divested.dev>
2024-08-07 15:19:36 -04:00
Tavi
8f6fa700a4
Fix an issue with property additions being added on same line
This caused the OEM unlock toggle to not appear on select devices such as:
- taimen/walleye
- enchilada/fajita
- FP3
- FP4

Signed-off-by: Tavi <tavi@divested.dev>
2024-08-07 14:50:55 -04:00
Tavi
63829126db
Fixup
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-07 14:24:05 -04:00
Tavi
4d5d69cf34
Update CVE patchers
Likely some breakage

Signed-off-by: Tavi <tavi@divested.dev>
2024-08-07 12:25:52 -04:00
Tavi
9abdaa0d51
CVE-2024-41020
required changes to the patcher

Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 21:30:00 -04:00
Tavi
9936408a59
Better patching of CVE-2024-41012
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 21:02:44 -04:00
Tavi
2187d4bf36
Better patching of CVE-2024-36971
4.6 and higher is impacted
need backport for 4.9 and 4.14

not patched kernels:
	LineageOS-17.1
		kernel_xiaomi_sm6150

	LineageOS-19.1
		kernel_xiaomi_sm8150

	LineageOS-20.0
		kernel_fairphone_sdm632
		kernel_google_msm-4.14
		kernel_google_msm-4.9
		kernel_oneplus_sdm845
		kernel_oneplus_sm8150
		kernel_razer_sdm845
		kernel_samsung_exynos9810
		kernel_sony_sdm845
		kernel_xiaomi_msm8937
		kernel_xiaomi_sdm845
		kernel_xiaomi_sm6150
		kernel_xiaomi_vayu

Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 20:25:40 -04:00
Tavi
aed895e1ad
More backports
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 16:49:08 -04:00
Tavi
d2d0c48a25
Reconcile picks
no effective change:
https://review.lineageos.org/q/topic:%22P_asb_2024-05%22

gains 8 patches:
https://review.lineageos.org/q/topic:%22Q_asb_2024-06%22
https://review.lineageos.org/q/topic:%22Q_asb_2024-07%22

Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 16:27:33 -04:00
Tavi
f07e0f4722
Update CVE patchers
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 16:01:39 -04:00
Tavi
2bb4d94f88
Fixup + Churn
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-01 00:28:48 -04:00
Tavi
9c4c46478d
Disable 72ff1b1a for now due to more compatibility issues
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 22:19:53 -04:00
Tavi
094b4f4f41 Update CVE patchers
Likely breakage

Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 22:19:43 -04:00
Tavi
0c4b0672e4
Fix spacing
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 20:52:05 -04:00
Tavi
72ff1b1a4d
16.0+: Relaxed fix for DNS leaks with app based VPNs from GrapheneOS
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 20:50:20 -04:00
Tavi
5fb3319508
Update commons
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 20:31:27 -04:00
Tavi
59b9517c08
Update CVE patchers
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-29 18:28:29 -04:00
Tavi
9f5886d80b
Fixup
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-27 18:31:21 -04:00
Tavi
c45060675e
Going the distance... [pt3]
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-27 18:00:56 -04:00
ryneeverett
3999fe1e1f Container: Scripted builds
I had a hard time following the [Build
Guide](https://divestos.org/pages/build) and IMO a script does a much
better job of removing the ambiguity and is more likely to be updated
if it fails. Per
https://github.com/Divested-Mobile/DivestOS-Website/issues/40 I think
this script, as documentation, makes it much more clear what it means to
"color in the lines" and suggests an efficient way of doing so. I'd like
to update the Build Guide too, but I wanted to get your feedback on some
of this first.

The main thing I'm not thrilled with is that the workspace needs to be
patched and reset twice (if I understand correctly). I got this notion
from your guidance on a Reddit post a couple months back which I can't
find now that Reddit seems to have taken down your content.
Unfortunately I don't recall the details but the basic issue is that
generating the signing keys was giving an error and the solution was to
patch the workspace. But one of the workspace patching "phases" is to
copy the keys to the kernel and this fails if the keys don't exist yet.
So it's not clear how to get around doing this step twice.

A couple notes on future work:
- How to do incremental updates? There's no story on this yet and I
  haven't looked into it.
- I found a wealth of information on building android in docker in this
  repository: https://github.com/lineageos4microg/docker-lineage-cicd.
  It might be worth considering trying to integrate DivestOS into that
  project or building on top of their image.
2024-07-26 22:02:12 +00:00
ryneeverett
8216403729 Container: Store DivestOS directory in a volume
This essentially serves as a cache of sources because otherwise all the
downloaded source disappears when the container exits.
2024-07-26 22:02:12 +00:00
ryneeverett
0408730f50 Container: Correct build path 2024-07-26 22:02:12 +00:00
ryneeverett
7f13b9d6a8 Container: Use named volume for ccache.
I don't think there's any reason to want a named path here.
2024-07-26 22:02:12 +00:00
ryneeverett
3827a096da Container: Find git config at XDG_CONFIG_HOME 2024-07-26 22:02:12 +00:00
ryneeverett
41bc2deded Container: Portable scripts
This allows bash to be found if not located in /bin.
2024-07-26 22:02:12 +00:00
ryneeverett
4d22f558ba Container: Allow duplicate group id.
The image build would otherwise fail if the user's group id already
exists in the base image.
2024-07-26 22:02:12 +00:00
ryneeverett
4c0e3c835c Container: Set up ccache (per Build Guide) 2024-07-26 22:02:12 +00:00
ryneeverett
7d9e3d30cd Container: Add gocryptfs (per Build Guide) 2024-07-26 22:02:12 +00:00
ryneeverett
ca83cc1dc8 Container: Update dependencies
See https://github.com/Divested-Mobile/DivestOS-Website/issues/39.
2024-07-26 22:02:12 +00:00
Tavi
33ee2a1c28
Update CVE patchers
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-24 17:24:31 -04:00
Tavi
1f65053495
Fixup
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-18 21:44:00 -04:00