mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-09-30 13:15:38 +00:00
f3e672fb18
PRODUCT_OTA_PUBLIC_KEYS is meant to be set by a vendor tree, something we don't use. Override it at the source and set it explicitely as well. This ensures that the compiled recovery.img and the one generated by sign_target_files_apks.py includes the real public keys for verification. 11.0 signing is ignored. This will need to be extensively tested as breakage can mean brick on locked devices. Although in failure cases it seems test-keys are accepted. -- After much testing there appears to be a deeper issue with how keys are inserted into the recovery and handled
118 lines
4.3 KiB
Bash
118 lines
4.3 KiB
Bash
#!/bin/bash
|
|
#DivestOS: A privacy focused mobile distribution
|
|
#Copyright (c) 2017-2020 Divested Computing Group
|
|
#
|
|
#This program is free software: you can redistribute it and/or modify
|
|
#it under the terms of the GNU General Public License as published by
|
|
#the Free Software Foundation, either version 3 of the License, or
|
|
#(at your option) any later version.
|
|
#
|
|
#This program is distributed in the hope that it will be useful,
|
|
#but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
#GNU General Public License for more details.
|
|
#
|
|
#You should have received a copy of the GNU General Public License
|
|
#along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
#Last verified: 2018-04-27
|
|
|
|
patchAllKernels() {
|
|
startPatcher "kernel_asus_fugu kernel_asus_msm8953 kernel_cyanogen_msm8916 kernel_cyanogen_msm8974 kernel_google_yellowstone kernel_lge_hammerhead kernel_oneplus_msm8998 kernel_xiaomi_sdm845";
|
|
}
|
|
export -f patchAllKernels;
|
|
|
|
resetWorkspace() {
|
|
repo forall -c 'git add -A && git reset --hard' && rm -rf out && repo sync -j20 --force-sync;
|
|
}
|
|
export -f resetWorkspace;
|
|
|
|
scanWorkspaceForMalware() {
|
|
local scanQueue="$DOS_BUILD_BASE/android $DOS_BUILD_BASE/art $DOS_BUILD_BASE/bionic $DOS_BUILD_BASE/bootable $DOS_BUILD_BASE/build $DOS_BUILD_BASE/compatibility $DOS_BUILD_BASE/dalvik $DOS_BUILD_BASE/device $DOS_BUILD_BASE/hardware $DOS_BUILD_BASE/libcore $DOS_BUILD_BASE/libnativehelper $DOS_BUILD_BASE/packages $DOS_BUILD_BASE/pdk $DOS_BUILD_BASE/platform_testing $DOS_BUILD_BASE/sdk $DOS_BUILD_BASE/system";
|
|
scanQueue=$scanQueue" $DOS_BUILD_BASE/lineage-sdk $DOS_BUILD_BASE/vendor/lineage";
|
|
scanForMalware true "$scanQueue";
|
|
}
|
|
export -f scanWorkspaceForMalware;
|
|
|
|
buildDevice() {
|
|
cd "$DOS_BUILD_BASE";
|
|
export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1";
|
|
breakfast "lineage_$1-user" && mka target-files-package otatools && processRelease $1 true $2;
|
|
}
|
|
export -f buildDevice;
|
|
|
|
buildDeviceDebug() {
|
|
cd "$DOS_BUILD_BASE";
|
|
unset OTA_KEY_OVERRIDE_DIR;
|
|
brunch "lineage_$1-eng";
|
|
}
|
|
export -f buildDeviceDebug;
|
|
|
|
buildAll() {
|
|
cd "$DOS_BUILD_BASE";
|
|
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
|
|
if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi;
|
|
#SD800
|
|
buildDevice hammerhead; #broken Bluetooth + maybe broken sepolicy
|
|
#SD801
|
|
buildDevice ham;
|
|
#SD615
|
|
buildDevice kipper;
|
|
#SD625
|
|
buildDevice zenfone3; #broken - ninja: error: 'android.hidl.base@1.0.so', missing and no known rule to make it
|
|
#SD835
|
|
buildDevice cheeseburger verity; #needs manual patching - vendor common makefile + 17.1 isn't booting
|
|
buildDevice dumpling verity;
|
|
#SD845
|
|
buildDevice beryllium;
|
|
#Intel
|
|
buildDevice fugu; #broken - ninja: error: 'libpcre2.so' missing and no known rule to make it
|
|
#Tegra
|
|
buildDevice yellowstone; #broken sepolicy?
|
|
}
|
|
export -f buildAll;
|
|
|
|
patchWorkspace() {
|
|
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
|
|
|
|
#source build/envsetup.sh;
|
|
#repopick -it pie-firewall;
|
|
|
|
source "$DOS_SCRIPTS/Patch.sh";
|
|
source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh";
|
|
source "$DOS_SCRIPTS/Defaults.sh";
|
|
source "$DOS_SCRIPTS/Rebrand.sh";
|
|
source "$DOS_SCRIPTS_COMMON/Optimize.sh";
|
|
source "$DOS_SCRIPTS_COMMON/Deblob.sh";
|
|
source "$DOS_SCRIPTS_COMMON/Patch_CVE.sh";
|
|
source build/envsetup.sh;
|
|
}
|
|
export -f patchWorkspace;
|
|
|
|
enableDexPreOpt() {
|
|
cd "$DOS_BUILD_BASE$1";
|
|
if [ -f BoardConfig.mk ]; then
|
|
echo "WITH_DEXPREOPT := true" >> BoardConfig.mk;
|
|
echo "WITH_DEXPREOPT_DEBUG_INFO := false" >> BoardConfig.mk;
|
|
if true; then
|
|
echo "WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := false" >> BoardConfig.mk;
|
|
echo "Enabled full dexpreopt for $1";
|
|
else
|
|
echo "WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := true" >> BoardConfig.mk;
|
|
echo "Enabled core dexpreopt for $1";
|
|
fi;
|
|
fi;
|
|
cd "$DOS_BUILD_BASE";
|
|
}
|
|
export -f enableDexPreOpt;
|
|
|
|
enableLowRam() {
|
|
cd "$DOS_BUILD_BASE$1";
|
|
if [ -f lineage.mk ]; then echo -e '\n$(call inherit-product, vendor/divested/build/target/product/lowram.mk)' >> lineage.mk; fi;
|
|
if [ -f BoardConfig.mk ]; then echo 'MALLOC_SVELTE := true' >> BoardConfig.mk; fi;
|
|
if [ -f BoardConfigCommon.mk ]; then echo 'MALLOC_SVELTE := true' >> BoardConfigCommon.mk; fi;
|
|
echo "Enabled lowram for $1";
|
|
cd "$DOS_BUILD_BASE";
|
|
}
|
|
export -f enableLowRam;
|