Compare commits
8 Commits
lineage-20
...
lineage-20
| Author | SHA1 | Date | |
|---|---|---|---|
| 4ea2f8ce88 | |||
| d248cb60e5 | |||
| 61e04ffc20 | |||
| e60e8fa9d7 | |||
| de0fbf144a | |||
| e25cb44ccf | |||
| b02af95b18 | |||
| 5582e1d3f1 |
110
.drone.yml
110
.drone.yml
@ -1,110 +0,0 @@
|
||||
kind: pipeline
|
||||
type: docker
|
||||
name: mondrianwifi
|
||||
|
||||
environment:
|
||||
device: mondrianwifi
|
||||
version: 20.0
|
||||
|
||||
steps:
|
||||
- name: sync
|
||||
pull: always
|
||||
image: docker.nyyu.dev/lineage/android:latest
|
||||
commands:
|
||||
- cd /build
|
||||
- rm -rf .repo/repo
|
||||
- repo init -u https://github.com/LineageOS-UL/android.git -b lineage-$version
|
||||
- mkdir -p .repo/local_manifests
|
||||
- cp $DRONE_WORKSPACE_BASE/$device.xml .repo/local_manifests/roomservice.xml
|
||||
- bash $DRONE_WORKSPACE_BASE/sync.sh
|
||||
volumes:
|
||||
- name: build
|
||||
path: /build
|
||||
- name: build
|
||||
pull: always
|
||||
image: docker.nyyu.dev/lineage/android:latest
|
||||
commands:
|
||||
- cd /build
|
||||
- bash -c ". build/envsetup.sh && lunch lineage_$device-userdebug && mka bacon -j6"
|
||||
volumes:
|
||||
- name: build
|
||||
path: /build
|
||||
- name: tools
|
||||
path: /tools
|
||||
- name: copy
|
||||
pull: always
|
||||
image: docker.nyyu.dev/lineage/android:latest
|
||||
commands:
|
||||
- rm -f /http/lineage-$version-*-UNOFFICIAL-$device.zip*
|
||||
- mv -f /build/out/target/product/$device/lineage-$version-*-UNOFFICIAL-$device.zip* /http/
|
||||
- cat /build/changelog-$device-$version.md >> /http/changelog-$device-$version.md
|
||||
- ls -lh /http/lineage-$version-*-UNOFFICIAL-$device.zip*
|
||||
volumes:
|
||||
- name: build
|
||||
path: /build
|
||||
- name: http
|
||||
path: /http
|
||||
- name: clean
|
||||
pull: always
|
||||
image: docker.nyyu.dev/lineage/android:latest
|
||||
commands:
|
||||
- rm -f /build/out/target/product/$device/lineage-$version-*-UNOFFICIAL-$device.zip_* /build/out/target/product/$device/lineage_$device-ota-eng.*.zip
|
||||
- rm -f /build/changelog-$device-$version.md
|
||||
volumes:
|
||||
- name: build
|
||||
path: /build
|
||||
trigger:
|
||||
event:
|
||||
- custom
|
||||
- cron
|
||||
|
||||
volumes:
|
||||
- name: http
|
||||
host:
|
||||
path: /srv/http/drone
|
||||
- name: build
|
||||
host:
|
||||
path: /media/fast/lineage/lineage-20.0
|
||||
- name: tools
|
||||
host:
|
||||
path: /media/fast/lineage/tools
|
||||
|
||||
image_pull_secrets:
|
||||
- dockerconfig
|
||||
---
|
||||
kind: pipeline
|
||||
type: docker
|
||||
name: mondrianwifi-publish
|
||||
|
||||
environment:
|
||||
device: mondrianwifi
|
||||
version: 20.0
|
||||
|
||||
steps:
|
||||
- name: publish
|
||||
pull: always
|
||||
image: docker.nyyu.dev/lineage/android:latest
|
||||
commands:
|
||||
- mv /http/lineage-$version-*-UNOFFICIAL-$device.zip* /publish/$version/$device/
|
||||
- cat /http/changelog-$device-$version.md >> /publish/$version/$device/changelog.md
|
||||
- rm -f /http/changelog-$device-$version.md
|
||||
- ls -lh /publish/$version/$device/
|
||||
volumes:
|
||||
- name: http
|
||||
path: /http
|
||||
- name: publish
|
||||
path: /publish
|
||||
trigger:
|
||||
event:
|
||||
- promote
|
||||
|
||||
volumes:
|
||||
- name: http
|
||||
host:
|
||||
path: /srv/http/drone
|
||||
- name: publish
|
||||
host:
|
||||
path: /mnt/android/lineage
|
||||
|
||||
image_pull_secrets:
|
||||
- dockerconfig
|
||||
@ -22,6 +22,7 @@ pipeline:
|
||||
- repo init -u https://github.com/LineageOS-UL/android.git -b lineage-$version
|
||||
- mkdir -p .repo/local_manifests
|
||||
- cp $CI_WORKSPACE/$device.xml .repo/local_manifests/roomservice.xml
|
||||
- repo forall -c 'git reset --hard --quiet' || true
|
||||
- bash $CI_WORKSPACE/sync.sh
|
||||
volumes:
|
||||
- *build_vol
|
||||
@ -64,6 +65,8 @@ pipeline:
|
||||
image: alpine
|
||||
commands:
|
||||
- rm -f /build/out/target/product/$device/lineage-$version-*-UNOFFICIAL-$device.zip_* /build/out/target/product/$device/lineage_$device-ota-eng.*.zip
|
||||
- rm -rf /build/out/target/product/$device/obj/PACKAGING/target_files_intermediates/*
|
||||
- find /build/out/target/product/$device -type f -name '*.prop' -exec rm -vf {} +
|
||||
- rm -f /build/changelog-$device-$version.md
|
||||
volumes:
|
||||
- *build_vol
|
||||
|
||||
38
fix-store-build-prop-zip.patch
Normal file
38
fix-store-build-prop-zip.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From 497ae885d6a92d473ec3c603bd39e4510380240d Mon Sep 17 00:00:00 2001
|
||||
From: nyyu <mail@nyyu.dev>
|
||||
Date: Sat, 7 Jan 2023 10:54:05 +0100
|
||||
Subject: [PATCH] releasetools: Store the build.prop file in the OTA zip
|
||||
|
||||
Change-Id: I81825a8a4633dff294a372ccf4de8e3aef99750c
|
||||
---
|
||||
tools/releasetools/non_ab_ota.py | 3 +++
|
||||
tools/releasetools/ota_utils.py | 2 +-
|
||||
2 files changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tools/releasetools/non_ab_ota.py b/tools/releasetools/non_ab_ota.py
|
||||
index ad9cbcc82..91492ad76 100644
|
||||
--- a/tools/releasetools/non_ab_ota.py
|
||||
+++ b/tools/releasetools/non_ab_ota.py
|
||||
@@ -308,6 +308,9 @@ endif;
|
||||
script.AddToZip(input_zip, output_zip, input_path=OPTIONS.updater_binary)
|
||||
metadata.required_cache = script.required_cache
|
||||
|
||||
+ common.ZipWriteStr(output_zip, "system/build.prop",
|
||||
+ input_zip.read("SYSTEM/build.prop").decode())
|
||||
+
|
||||
# We haven't written the metadata entry, which will be done in
|
||||
# FinalizeMetadata.
|
||||
common.ZipClose(output_zip)
|
||||
diff --git a/tools/releasetools/ota_utils.py b/tools/releasetools/ota_utils.py
|
||||
index ff98ba9fb..1fb78db61 100644
|
||||
--- a/tools/releasetools/ota_utils.py
|
||||
+++ b/tools/releasetools/ota_utils.py
|
||||
@@ -39,7 +39,7 @@ OPTIONS.boot_variable_file = None
|
||||
|
||||
METADATA_NAME = 'META-INF/com/android/metadata'
|
||||
METADATA_PROTO_NAME = 'META-INF/com/android/metadata.pb'
|
||||
-UNZIP_PATTERN = ['IMAGES/*', 'INSTALL/*', 'META/*', 'OTA/*', 'RADIO/*']
|
||||
+UNZIP_PATTERN = ['IMAGES/*', 'INSTALL/*', 'META/*', 'OTA/*', 'RADIO/*', 'SYSTEM/build.prop']
|
||||
SECURITY_PATCH_LEVEL_PROP_NAME = "ro.build.version.security_patch"
|
||||
|
||||
|
||||
141
microg.patch
Normal file
141
microg.patch
Normal file
@ -0,0 +1,141 @@
|
||||
From 437d7b1ee54df480d212ca97ddc3b8acd2944966 Mon Sep 17 00:00:00 2001
|
||||
From: maxwen <max.weninger@gmail.com>
|
||||
Date: Tue, 25 Sep 2018 09:44:26 +0200
|
||||
Subject: [PATCH] base: use better solution for MicroG FAKE_PACKAGE_SIGNATURE
|
||||
|
||||
make it a privileged permission instead of a runtime one
|
||||
to add extra safety dont trust the signature coming from the
|
||||
package but limit to the microg signature and only allow
|
||||
from FakeStore and GmsCore package names
|
||||
|
||||
https://github.com/microg/GmsCore/blob/master/play-services-core/src/main/res/values/signature.xml
|
||||
|
||||
thanks for the inspiration from Chirayu Desai <chirayudesai1@gmail.com>
|
||||
|
||||
Reference:
|
||||
https://gitlab.com/CalyxOS/platform_frameworks_base/-/commit/ba8cff41aaaafec0982f29dcb1869c1ea61a6cb4
|
||||
|
||||
Only diff is that we keep original permission name so we can
|
||||
continue to use upstream prebuilt microg for now
|
||||
|
||||
Change-Id: I394990d89ab427b94b04db7ca7e06206a476965b
|
||||
---
|
||||
core/res/AndroidManifest.xml | 5 +++
|
||||
core/res/res/values/custom_strings.xml | 22 +++++++++++
|
||||
.../com/android/server/pm/ComputerEngine.java | 37 ++++++++++++++++++-
|
||||
3 files changed, 62 insertions(+), 2 deletions(-)
|
||||
create mode 100644 core/res/res/values/custom_strings.xml
|
||||
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index 7439b2f0921ff..9b89297348992 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -3534,6 +3534,11 @@
|
||||
android:description="@string/permdesc_getPackageSize"
|
||||
android:protectionLevel="normal" />
|
||||
|
||||
+ <!-- @hide Allows an application to change the package signature as
|
||||
+ seen by applications -->
|
||||
+ <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
|
||||
+ android:protectionLevel="signature|privileged" />
|
||||
+
|
||||
<!-- @deprecated No longer useful, see
|
||||
{@link android.content.pm.PackageManager#addPackageToPreferred}
|
||||
for details. -->
|
||||
diff --git a/core/res/res/values/custom_strings.xml b/core/res/res/values/custom_strings.xml
|
||||
new file mode 100644
|
||||
index 0000000000000..aa2d50b869fec
|
||||
--- /dev/null
|
||||
+++ b/core/res/res/values/custom_strings.xml
|
||||
@@ -0,0 +1,22 @@
|
||||
+<?xml version="1.0" encoding="utf-8"?>
|
||||
+<!--
|
||||
+/* //device/apps/common/assets/res/any/strings.xml
|
||||
+**
|
||||
+** Copyright 2006, The Android Open Source Project
|
||||
+**
|
||||
+** Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+** you may not use this file except in compliance with the License.
|
||||
+** You may obtain a copy of the License at
|
||||
+**
|
||||
+** http://www.apache.org/licenses/LICENSE-2.0
|
||||
+**
|
||||
+** Unless required by applicable law or agreed to in writing, software
|
||||
+** distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+** See the License for the specific language governing permissions and
|
||||
+** limitations under the License.
|
||||
+*/
|
||||
+-->
|
||||
+<resources xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
|
||||
+
|
||||
+</resources>
|
||||
diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
|
||||
index 259ca655d2b9f..d029fbf30d37a 100644
|
||||
--- a/services/core/java/com/android/server/pm/ComputerEngine.java
|
||||
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
|
||||
@@ -426,6 +426,15 @@ protected ApplicationInfo androidApplication() {
|
||||
return mLocalAndroidApplication;
|
||||
}
|
||||
|
||||
+ /**
|
||||
+ * The Google signature faked by microG.
|
||||
+ */
|
||||
+ private static final String MICROG_FAKE_SIGNATURE = "308204433082032ba003020102020900c2e08746644a308d300d06092a864886f70d01010405003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3038303832313233313333345a170d3336303130373233313333345a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820120300d06092a864886f70d01010105000382010d00308201080282010100ab562e00d83ba208ae0a966f124e29da11f2ab56d08f58e2cca91303e9b754d372f640a71b1dcb130967624e4656a7776a92193db2e5bfb724a91e77188b0e6a47a43b33d9609b77183145ccdf7b2e586674c9e1565b1f4c6a5955bff251a63dabf9c55c27222252e875e4f8154a645f897168c0b1bfc612eabf785769bb34aa7984dc7e2ea2764cae8307d8c17154d7ee5f64a51a44a602c249054157dc02cd5f5c0e55fbef8519fbe327f0b1511692c5a06f19d18385f5c4dbc2d6b93f68cc2979c70e18ab93866b3bd5db8999552a0e3b4c99df58fb918bedc182ba35e003c1b4b10dd244a8ee24fffd333872ab5221985edab0fc0d0b145b6aa192858e79020103a381d93081d6301d0603551d0e04160414c77d8cc2211756259a7fd382df6be398e4d786a53081a60603551d2304819e30819b8014c77d8cc2211756259a7fd382df6be398e4d786a5a178a4763074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964820900c2e08746644a308d300c0603551d13040530030101ff300d06092a864886f70d010104050003820101006dd252ceef85302c360aaace939bcff2cca904bb5d7a1661f8ae46b2994204d0ff4a68c7ed1a531ec4595a623ce60763b167297a7ae35712c407f208f0cb109429124d7b106219c084ca3eb3f9ad5fb871ef92269a8be28bf16d44c8d9a08e6cb2f005bb3fe2cb96447e868e731076ad45b33f6009ea19c161e62641aa99271dfd5228c5c587875ddb7f452758d661f6cc0cccb7352e424cc4365c523532f7325137593c4ae341f4db41edda0d0b1071a7c440f0fe9ea01cb627ca674369d084bd2fd911ff06cdbf2cfa10dc0f893ae35762919048c7efc64c7144178342f70581c9de573af55b390dd7fdb9418631895d5f759f30112687ff621410c069308a";
|
||||
+ /**
|
||||
+ * List of packages which require signature spoofing.
|
||||
+ */
|
||||
+ private static final List<String> MICROG_FAKE_SIGNATURE_PACKAGES = List.of("com.google.android.gms", "com.android.vending");
|
||||
+
|
||||
ComputerEngine(PackageManagerService.Snapshot args, int version) {
|
||||
mVersion = version;
|
||||
mSettings = new Settings(args.settings);
|
||||
@@ -1619,15 +1628,26 @@ public final PackageInfo generatePackageInfo(PackageStateInternal ps,
|
||||
// Compute GIDs only if requested
|
||||
final int[] gids = (flags & PackageManager.GET_GIDS) == 0 ? EMPTY_INT_ARRAY
|
||||
: mPermissionManager.getGidsForUid(UserHandle.getUid(userId, ps.getAppId()));
|
||||
+
|
||||
+ // Allow microG GmsCore and FakeStore to spoof signature
|
||||
+ final boolean isMicroG = MICROG_FAKE_SIGNATURE_PACKAGES.contains(p.getPackageName());
|
||||
+
|
||||
// Compute granted permissions only if package has requested permissions
|
||||
- final Set<String> permissions = ((flags & PackageManager.GET_PERMISSIONS) == 0
|
||||
- || ArrayUtils.isEmpty(p.getRequestedPermissions())) ? Collections.emptySet()
|
||||
+ // or we matched a microg package
|
||||
+ final Set<String> permissions = (((flags & PackageManager.GET_PERMISSIONS) == 0
|
||||
+ || ArrayUtils.isEmpty(p.getRequestedPermissions()))
|
||||
+ && !isMicroG)
|
||||
+ ? Collections.emptySet()
|
||||
: mPermissionManager.getGrantedPermissions(ps.getPackageName(), userId);
|
||||
|
||||
PackageInfo packageInfo = PackageInfoUtils.generate(p, gids, flags,
|
||||
state.getFirstInstallTime(), ps.getLastUpdateTime(), permissions, state, userId,
|
||||
ps);
|
||||
|
||||
+ if (isMicroG) {
|
||||
+ packageInfo = mayFakeSignature(p, packageInfo, permissions);
|
||||
+ }
|
||||
+
|
||||
if (packageInfo == null) {
|
||||
return null;
|
||||
}
|
||||
@@ -1667,6 +1687,19 @@ public final PackageInfo generatePackageInfo(PackageStateInternal ps,
|
||||
}
|
||||
}
|
||||
|
||||
+ private PackageInfo mayFakeSignature(AndroidPackage p, PackageInfo pi,
|
||||
+ Set<String> permissions) {
|
||||
+ try {
|
||||
+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")) {
|
||||
+ pi.signatures = new Signature[] {new Signature(MICROG_FAKE_SIGNATURE)};
|
||||
+ }
|
||||
+ } catch (Throwable t) {
|
||||
+ // We should never die because of any failures, this is system code!
|
||||
+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t);
|
||||
+ }
|
||||
+ return pi;
|
||||
+ }
|
||||
+
|
||||
public final PackageInfo getPackageInfo(String packageName,
|
||||
@PackageManager.PackageInfoFlagsBits long flags, int userId) {
|
||||
return getPackageInfoInternal(packageName, PackageManager.VERSION_CODE_HIGHEST,
|
||||
9
sync.sh
9
sync.sh
@ -38,6 +38,14 @@ done
|
||||
echo -e "\n" >>"${changelog}"
|
||||
cat "${changelog}"
|
||||
|
||||
cd build/tools
|
||||
git am $CI_WORKSPACE/fix-store-build-prop-zip.patch || git am --abort
|
||||
cd $TOPDIR
|
||||
|
||||
cd system/vold
|
||||
git am $CI_WORKSPACE/vold-add-option-metadata_csum.patch || git am --abort
|
||||
cd $TOPDIR
|
||||
|
||||
cd packages/apps/LineageParts
|
||||
git am $CI_WORKSPACE/fix-always-enable-taskbar-toggle.patch || git am --abort
|
||||
cd $TOPDIR
|
||||
@ -73,6 +81,7 @@ cd frameworks/base
|
||||
#334343 334344
|
||||
git am $CI_WORKSPACE/snet20-2.patch || git am --abort
|
||||
git am $CI_WORKSPACE/snet20-3.patch || git am --abort
|
||||
git am $CI_WORKSPACE/microg.patch || git am --abort
|
||||
cd $TOPDIR
|
||||
|
||||
#. build/envsetup.sh
|
||||
|
||||
53
vold-add-option-metadata_csum.patch
Normal file
53
vold-add-option-metadata_csum.patch
Normal file
@ -0,0 +1,53 @@
|
||||
From 133c414b6df0654ae2d38f44240d0c3a74c851e6 Mon Sep 17 00:00:00 2001
|
||||
From: nyyu <mail@nyyu.dev>
|
||||
Date: Sun, 8 Jan 2023 11:37:40 +0100
|
||||
Subject: [PATCH] vold: add option ^metadata_csum
|
||||
|
||||
Change-Id: I1fe379967968e4be8973e98c4fcb9b5c95bb60e8
|
||||
---
|
||||
Utils.cpp | 2 +-
|
||||
fs/Ext4.cpp | 7 +++++--
|
||||
2 files changed, 6 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/Utils.cpp b/Utils.cpp
|
||||
index a7e85f2..9ffc1dd 100644
|
||||
--- a/Utils.cpp
|
||||
+++ b/Utils.cpp
|
||||
@@ -644,7 +644,7 @@ static status_t readMetadata(const std::string& path, std::string* fsType, std::
|
||||
cmd.push_back(path);
|
||||
|
||||
std::vector<std::string> output;
|
||||
- status_t res = ForkExecvp(cmd, &output, untrusted ? sBlkidUntrustedContext : sBlkidContext);
|
||||
+ status_t res = ForkExecvp(cmd, &output/*, untrusted ? sBlkidUntrustedContext : sBlkidContext*/);
|
||||
if (res != OK) {
|
||||
LOG(WARNING) << "blkid failed to identify " << path;
|
||||
return res;
|
||||
diff --git a/fs/Ext4.cpp b/fs/Ext4.cpp
|
||||
index 0ae5cb3..73971e1 100644
|
||||
--- a/fs/Ext4.cpp
|
||||
+++ b/fs/Ext4.cpp
|
||||
@@ -184,19 +184,22 @@ status_t Format(const std::string& source, unsigned long numSectors, const std::
|
||||
cmd.push_back("-t");
|
||||
cmd.push_back("ext4");
|
||||
|
||||
+ cmd.push_back("-m");
|
||||
+ cmd.push_back("0");
|
||||
+
|
||||
cmd.push_back("-M");
|
||||
cmd.push_back(target);
|
||||
|
||||
bool needs_casefold =
|
||||
android::base::GetBoolProperty("external_storage.casefold.enabled", false);
|
||||
- bool needs_projid = true;
|
||||
+ bool needs_projid = false;
|
||||
|
||||
if (needs_projid) {
|
||||
cmd.push_back("-I");
|
||||
cmd.push_back("512");
|
||||
}
|
||||
|
||||
- std::string options("has_journal");
|
||||
+ std::string options("has_journal,^metadata_csum");
|
||||
if (android::base::GetBoolProperty("vold.has_quota", false)) {
|
||||
options += ",quota";
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user