Tavi
44f54b0486
Update CVE patchers
...
Likely breakage
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-19 14:14:02 -04:00
Tavi
f7bb9e0c06
Fixup + Churn
...
run tested: flame, fajita
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-17 22:17:10 -04:00
Tavi
22c1d450ce
Update CVE patchers
...
Likely breakage
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-17 20:42:49 -04:00
Tavi
3b0bc40f20
Churn + Fixes
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-17 14:50:15 -04:00
Tavi
03a3bdbeda
15.1: August 2024 ASB work
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-17 13:19:18 -04:00
Tavi
7251c3f1d1
Churn
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-17 12:35:07 -04:00
Tavi
a892dbaa4a
16.0: Picks
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-17 10:06:44 -04:00
Tavi
439af0cc9d
17.1: August 2024 ASB work
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-17 10:04:17 -04:00
Tavi
c3555ebac2
Churn
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-17 08:35:02 -04:00
Tavi
4b0bf74d68
Picks
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-16 19:39:52 -04:00
Tavi
e3894395a7
Reconcile picks
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-16 19:37:04 -04:00
Alexander-Kochanski
51ea0e709b
Update TODO-device_additions
...
Requested support for crownlte (Galaxy Note 9)
2024-08-15 22:20:39 +00:00
Tavi
69bd4382ac
Picks
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-11 21:26:34 -04:00
Tavi
dda4cd7ab5
Fixups + Churn
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-11 01:09:10 -04:00
Tavi
dbfbdc93cf
Update CVE patchers
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-09 14:57:56 -04:00
Tavi
ce04374a01
Picks
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-09 14:18:31 -04:00
Tavi
653819edcd
Update CVE patchers
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-08 15:02:19 -04:00
Tavi
e876478d40
Revert "Push marlin/sailfish to 20"
...
This reverts commit d021933c6c
.
2024-08-07 20:03:39 -04:00
Tavi
d021933c6c
Push marlin/sailfish to 20
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-07 20:03:25 -04:00
Tavi
e1586ec317
Always handle alternative property files for oem_unlock_supported
...
Some of these devices were not being patched, such as:
- pro1x
- oneplus/sm8150-common
- oneplus/sm8250-common
- oneplus/sm8350-common
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-07 15:19:36 -04:00
Tavi
8f6fa700a4
Fix an issue with property additions being added on same line
...
This caused the OEM unlock toggle to not appear on select devices such as:
- taimen/walleye
- enchilada/fajita
- FP3
- FP4
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-07 14:50:55 -04:00
Tavi
63829126db
Fixup
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-07 14:24:05 -04:00
Tavi
4d5d69cf34
Update CVE patchers
...
Likely some breakage
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-07 12:25:52 -04:00
Tavi
9abdaa0d51
CVE-2024-41020
...
required changes to the patcher
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 21:30:00 -04:00
Tavi
9936408a59
Better patching of CVE-2024-41012
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 21:02:44 -04:00
Tavi
2187d4bf36
Better patching of CVE-2024-36971
...
4.6 and higher is impacted
need backport for 4.9 and 4.14
not patched kernels:
LineageOS-17.1
kernel_xiaomi_sm6150
LineageOS-19.1
kernel_xiaomi_sm8150
LineageOS-20.0
kernel_fairphone_sdm632
kernel_google_msm-4.14
kernel_google_msm-4.9
kernel_oneplus_sdm845
kernel_oneplus_sm8150
kernel_razer_sdm845
kernel_samsung_exynos9810
kernel_sony_sdm845
kernel_xiaomi_msm8937
kernel_xiaomi_sdm845
kernel_xiaomi_sm6150
kernel_xiaomi_vayu
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 20:25:40 -04:00
Tavi
aed895e1ad
More backports
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 16:49:08 -04:00
Tavi
d2d0c48a25
Reconcile picks
...
no effective change:
https://review.lineageos.org/q/topic:%22P_asb_2024-05%22
gains 8 patches:
https://review.lineageos.org/q/topic:%22Q_asb_2024-06%22
https://review.lineageos.org/q/topic:%22Q_asb_2024-07%22
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 16:27:33 -04:00
Tavi
f07e0f4722
Update CVE patchers
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 16:01:39 -04:00
Tavi
2bb4d94f88
Fixup + Churn
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-01 00:28:48 -04:00
Tavi
9c4c46478d
Disable 72ff1b1a
for now due to more compatibility issues
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 22:19:53 -04:00
Tavi
094b4f4f41
Update CVE patchers
...
Likely breakage
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 22:19:43 -04:00
Tavi
0c4b0672e4
Fix spacing
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 20:52:05 -04:00
Tavi
72ff1b1a4d
16.0+: Relaxed fix for DNS leaks with app based VPNs from GrapheneOS
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 20:50:20 -04:00
Tavi
5fb3319508
Update commons
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 20:31:27 -04:00
Tavi
59b9517c08
Update CVE patchers
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-29 18:28:29 -04:00
Tavi
9f5886d80b
Fixup
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-27 18:31:21 -04:00
Tavi
c45060675e
Going the distance... [pt3]
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-27 18:00:56 -04:00
ryneeverett
3999fe1e1f
Container: Scripted builds
...
I had a hard time following the [Build
Guide](https://divestos.org/pages/build ) and IMO a script does a much
better job of removing the ambiguity and is more likely to be updated
if it fails. Per
https://github.com/Divested-Mobile/DivestOS-Website/issues/40 I think
this script, as documentation, makes it much more clear what it means to
"color in the lines" and suggests an efficient way of doing so. I'd like
to update the Build Guide too, but I wanted to get your feedback on some
of this first.
The main thing I'm not thrilled with is that the workspace needs to be
patched and reset twice (if I understand correctly). I got this notion
from your guidance on a Reddit post a couple months back which I can't
find now that Reddit seems to have taken down your content.
Unfortunately I don't recall the details but the basic issue is that
generating the signing keys was giving an error and the solution was to
patch the workspace. But one of the workspace patching "phases" is to
copy the keys to the kernel and this fails if the keys don't exist yet.
So it's not clear how to get around doing this step twice.
A couple notes on future work:
- How to do incremental updates? There's no story on this yet and I
haven't looked into it.
- I found a wealth of information on building android in docker in this
repository: https://github.com/lineageos4microg/docker-lineage-cicd .
It might be worth considering trying to integrate DivestOS into that
project or building on top of their image.
2024-07-26 22:02:12 +00:00
ryneeverett
8216403729
Container: Store DivestOS directory in a volume
...
This essentially serves as a cache of sources because otherwise all the
downloaded source disappears when the container exits.
2024-07-26 22:02:12 +00:00
ryneeverett
0408730f50
Container: Correct build path
2024-07-26 22:02:12 +00:00
ryneeverett
7f13b9d6a8
Container: Use named volume for ccache.
...
I don't think there's any reason to want a named path here.
2024-07-26 22:02:12 +00:00
ryneeverett
3827a096da
Container: Find git config at XDG_CONFIG_HOME
2024-07-26 22:02:12 +00:00
ryneeverett
41bc2deded
Container: Portable scripts
...
This allows bash to be found if not located in /bin.
2024-07-26 22:02:12 +00:00
ryneeverett
4d22f558ba
Container: Allow duplicate group id.
...
The image build would otherwise fail if the user's group id already
exists in the base image.
2024-07-26 22:02:12 +00:00
ryneeverett
4c0e3c835c
Container: Set up ccache (per Build Guide)
2024-07-26 22:02:12 +00:00
ryneeverett
7d9e3d30cd
Container: Add gocryptfs (per Build Guide)
2024-07-26 22:02:12 +00:00
ryneeverett
ca83cc1dc8
Container: Update dependencies
...
See https://github.com/Divested-Mobile/DivestOS-Website/issues/39 .
2024-07-26 22:02:12 +00:00
Tavi
33ee2a1c28
Update CVE patchers
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-24 17:24:31 -04:00
Tavi
1f65053495
Fixup
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-18 21:44:00 -04:00