From 4daef3694168494c38e1a8aaa8901558d8ca4c4e Mon Sep 17 00:00:00 2001 From: Pete Date: Mon, 4 Dec 2023 11:56:25 +0000 Subject: [PATCH 01/21] Add variables to control whether or not tasks are implemented --- Dockerfile | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/Dockerfile b/Dockerfile index c912d92..1f51436 100644 --- a/Dockerfile +++ b/Dockerfile @@ -121,6 +121,20 @@ ENV REPO_INIT_ARGS "" # Allowed values: positive, non-null integers ENV RETRY_FETCHES= + +# variables to control whether or not tasks are implemented +ENV INIT_MIRROR true +ENV SYNC_MIRROR true +ENV RESET_VENDOR_UNDO_PATCHES true +ENV CALL_REPO_INIT true +ENV CALL_REPO_SYNC true +ENV APPLY_PATCHES true +ENV PREPARE_BUILD_ENVIRONMENT true +ENV CALL_BREAKFAST true +ENV CALL_MKA true +ENV ZIP_UP_IMAGES false +ENV MAKE_IMG_ZIP_FILE false + # You can optionally specify a USERSCRIPTS_DIR volume containing these scripts: # * begin.sh, run at the very beginning # * before.sh, run after the syncing and patching, before starting the builds From 34091c52165380a67f5c6227fd017ebb130237fd Mon Sep 17 00:00:00 2001 From: Pete Date: Mon, 4 Dec 2023 12:10:49 +0000 Subject: [PATCH 02/21] Make init mirror switchable --- src/build.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/build.sh b/src/build.sh index 0915658..d22367e 100755 --- a/src/build.sh +++ b/src/build.sh @@ -76,15 +76,18 @@ if [ -n "${RETRY_FETCHES-}" ]; then fi fi - if [ "$LOCAL_MIRROR" = true ]; then cd "$MIRROR_DIR" - - if [ ! -d .repo ]; then - echo ">> [$(date)] Initializing mirror repository" | tee -a "$repo_log" - ( yes||: ) | repo init -u https://github.com/LineageOS/mirror --mirror --no-clone-bundle -p linux --git-lfs &>> "$repo_log" + if [ "$INIT_MIRROR" = true ]; then + if [ ! -d .repo ]; then + echo ">> [$(date)] Initializing mirror repository" | tee -a "$repo_log" + ( yes||: ) | repo init -u https://github.com/LineageOS/mirror --mirror --no-clone-bundle -p linux --git-lfs &>> "$repo_log" + fi + else + echo ">> [$(date)] Initializing mirror repository disabled" | tee -a "$repo_log" fi +fi # Copy local manifests to the appropriate folder in order take them into consideration echo ">> [$(date)] Copying '$LMANIFEST_DIR/*.xml' to '.repo/local_manifests/'" @@ -449,7 +452,6 @@ for branch in ${BRANCH_NAME//,/ }; do fi done - fi done From 50e4d53130464f4d9dcec6fb7dd1f3a0249a8cd4 Mon Sep 17 00:00:00 2001 From: Pete Date: Mon, 4 Dec 2023 12:16:19 +0000 Subject: [PATCH 03/21] Make sync mirror switchable --- src/build.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/build.sh b/src/build.sh index d22367e..2af616e 100755 --- a/src/build.sh +++ b/src/build.sh @@ -101,9 +101,12 @@ fi "https://gitlab.com/the-muppets/manifest/raw/mirror/default.xml" .repo/local_manifests/proprietary_gitlab.xml fi - echo ">> [$(date)] Syncing mirror repository" | tee -a "$repo_log" - repo sync "${jobs_arg[@]}" "${retry_fetches_arg[@]}" --force-sync --no-clone-bundle &>> "$repo_log" -fi + if [ "$SYNC_MIRROR" = true ]; then + echo ">> [$(date)] Syncing mirror repository" | tee -a "$repo_log" + repo sync "${jobs_arg[@]}" --force-sync --no-clone-bundle &>> "$repo_log" + else + echo ">> [$(date)] Sync mirror repository disabled" | tee -a "$repo_log" + fi for branch in ${BRANCH_NAME//,/ }; do branch_dir=${branch//[^[:alnum:]]/_} From 898da798fa5b8e4aadfe732aee952beece36ff17 Mon Sep 17 00:00:00 2001 From: Pete Date: Mon, 4 Dec 2023 12:26:56 +0000 Subject: [PATCH 04/21] Make reset vendor & undo patches switchable --- src/build.sh | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/src/build.sh b/src/build.sh index 2af616e..376168e 100755 --- a/src/build.sh +++ b/src/build.sh @@ -172,16 +172,20 @@ for branch in ${BRANCH_NAME//,/ }; do echo ">> [$(date)] Branch: $branch" echo ">> [$(date)] Devices: $devices" - # Remove previous changes of vendor/cm, vendor/lineage and frameworks/base (if they exist) - # TODO: maybe reset everything using https://source.android.com/setup/develop/repo#forall - for path in "vendor/cm" "vendor/lineage" "frameworks/base" "packages/apps/PermissionController" "packages/modules/Permission"; do - if [ -d "$path" ]; then - cd "$path" - git reset -q --hard - git clean -q -fd - cd "$SRC_DIR/$branch_dir" - fi - done + if [ "$RESET_VENDOR_UNDO_PATCHES" = true ]; then + # Remove previous changes of vendor/cm, vendor/lineage and frameworks/base (if they exist) + # TODO: maybe reset everything using https://source.android.com/setup/develop/repo#forall + for path in "vendor/cm" "vendor/lineage" "frameworks/base" "packages/apps/PermissionController" "packages/modules/Permission"; do + if [ -d "$path" ]; then + cd "$path" + git reset -q --hard + git clean -q -fd + cd "$SRC_DIR/$branch_dir" + fi + done + else + echo ">> [$(date)] Resetting vendor and undoing patches disabled" | tee -a "$repo_log" + fi echo ">> [$(date)] (Re)initializing branch repository" | tee -a "$repo_log" if [ "$LOCAL_MIRROR" = true ]; then From e4cf653a9cd5d4ed29e9efbaeaa18c1984d2f5a9 Mon Sep 17 00:00:00 2001 From: Pete Date: Mon, 4 Dec 2023 12:28:40 +0000 Subject: [PATCH 05/21] Make syncing branch repository switchable --- src/build.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/build.sh b/src/build.sh index 376168e..d2830ce 100755 --- a/src/build.sh +++ b/src/build.sh @@ -206,9 +206,13 @@ for branch in ${BRANCH_NAME//,/ }; do "https://gitlab.com/the-muppets/manifest/raw/$themuppets_branch/muppets.xml" .repo/local_manifests/proprietary_gitlab.xml fi - echo ">> [$(date)] Syncing branch repository" | tee -a "$repo_log" - builddate=$(date +%Y%m%d) - repo sync "${jobs_arg[@]}" "${retry_fetches_arg[@]}" -c --force-sync &>> "$repo_log" + if [ "$CALL_REPO_INIT" = true ]; then + echo ">> [$(date)] Syncing branch repository" | tee -a "$repo_log" + builddate=$(date +%Y%m%d) + repo sync "${jobs_arg[@]}" -c --force-sync &>> "$repo_log" + else + echo ">> [$(date)] Syncing branch repository disabled" | tee -a "$repo_log" + fi if [ ! -d "vendor/$vendor" ]; then echo ">> [$(date)] Missing \"vendor/$vendor\", aborting" From 8f2815fac2d1c2cab2a5d458fead0f7c3017965b Mon Sep 17 00:00:00 2001 From: Pete Date: Mon, 4 Dec 2023 15:48:48 +0000 Subject: [PATCH 06/21] Make syncing branch repository switchable --- src/build.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/build.sh b/src/build.sh index d2830ce..da03eb5 100755 --- a/src/build.sh +++ b/src/build.sh @@ -87,7 +87,6 @@ if [ "$LOCAL_MIRROR" = true ]; then else echo ">> [$(date)] Initializing mirror repository disabled" | tee -a "$repo_log" fi -fi # Copy local manifests to the appropriate folder in order take them into consideration echo ">> [$(date)] Copying '$LMANIFEST_DIR/*.xml' to '.repo/local_manifests/'" @@ -107,6 +106,7 @@ fi else echo ">> [$(date)] Sync mirror repository disabled" | tee -a "$repo_log" fi +fi for branch in ${BRANCH_NAME//,/ }; do branch_dir=${branch//[^[:alnum:]]/_} @@ -206,9 +206,9 @@ for branch in ${BRANCH_NAME//,/ }; do "https://gitlab.com/the-muppets/manifest/raw/$themuppets_branch/muppets.xml" .repo/local_manifests/proprietary_gitlab.xml fi - if [ "$CALL_REPO_INIT" = true ]; then + builddate=$(date +%Y%m%d) + if [ "$CALL_REPO_SYNC" = true ]; then echo ">> [$(date)] Syncing branch repository" | tee -a "$repo_log" - builddate=$(date +%Y%m%d) repo sync "${jobs_arg[@]}" -c --force-sync &>> "$repo_log" else echo ">> [$(date)] Syncing branch repository disabled" | tee -a "$repo_log" From f9bc6d81252abdd9199e56eb56f7a3f728153bfd Mon Sep 17 00:00:00 2001 From: Pete Date: Mon, 4 Dec 2023 12:34:40 +0000 Subject: [PATCH 07/21] Make applying patches switchable --- src/build.sh | 64 ++++++++++++++++++++++++++++------------------------ 1 file changed, 34 insertions(+), 30 deletions(-) diff --git a/src/build.sh b/src/build.sh index da03eb5..ba59057 100755 --- a/src/build.sh +++ b/src/build.sh @@ -231,40 +231,44 @@ for branch in ${BRANCH_NAME//,/ }; do los_ver_minor=$(sed -n -e 's/^\s*PRODUCT_VERSION_MINOR = //p' "$makefile_containing_version") los_ver="$los_ver_major.$los_ver_minor" + if [ "$APPLY_PATCHES" = true ]; then # If needed, apply the microG's signature spoofing patch - if [ "$SIGNATURE_SPOOFING" = "yes" ] || [ "$SIGNATURE_SPOOFING" = "restricted" ]; then - # Determine which patch should be applied to the current Android source tree - cd frameworks/base - if [ "$SIGNATURE_SPOOFING" = "yes" ]; then - echo ">> [$(date)] Applying the standard signature spoofing patch ($frameworks_base_patch) to frameworks/base" - echo ">> [$(date)] WARNING: the standard signature spoofing patch introduces a security threat" - patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$frameworks_base_patch" - else - echo ">> [$(date)] Applying the restricted signature spoofing patch (based on $frameworks_base_patch) to frameworks/base" - sed 's/android:protectionLevel="dangerous"/android:protectionLevel="signature|privileged"/' "/root/signature_spoofing_patches/$frameworks_base_patch" | patch --quiet --force -p1 - fi - git clean -q -f - cd ../.. - - if [ -n "$apps_permissioncontroller_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then - cd packages/apps/PermissionController - echo ">> [$(date)] Applying the apps/PermissionController patch ($apps_permissioncontroller_patch) to packages/apps/PermissionController" - patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$apps_permissioncontroller_patch" + if [ "$SIGNATURE_SPOOFING" = "yes" ] || [ "$SIGNATURE_SPOOFING" = "restricted" ]; then + # Determine which patch should be applied to the current Android source tree + cd frameworks/base + if [ "$SIGNATURE_SPOOFING" = "yes" ]; then + echo ">> [$(date)] Applying the standard signature spoofing patch ($frameworks_base_patch) to frameworks/base" + echo ">> [$(date)] WARNING: the standard signature spoofing patch introduces a security threat" + patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$frameworks_base_patch" + else + echo ">> [$(date)] Applying the restricted signature spoofing patch (based on $frameworks_base_patch) to frameworks/base" + sed 's/android:protectionLevel="dangerous"/android:protectionLevel="signature|privileged"/' "/root/signature_spoofing_patches/$frameworks_base_patch" | patch --quiet --force -p1 + fi git clean -q -f - cd ../../.. - fi + cd ../.. - if [ -n "$modules_permission_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then - cd packages/modules/Permission - echo ">> [$(date)] Applying the modules/Permission patch ($modules_permission_patch) to packages/modules/Permission" - patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$modules_permission_patch" - git clean -q -f - cd ../../.. - fi + if [ -n "$apps_permissioncontroller_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then + cd packages/apps/PermissionController + echo ">> [$(date)] Applying the apps/PermissionController patch ($apps_permissioncontroller_patch) to packages/apps/PermissionController" + patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$apps_permissioncontroller_patch" + git clean -q -f + cd ../../.. + fi - # Override device-specific settings for the location providers - mkdir -p "vendor/$vendor/overlay/microg/frameworks/base/core/res/res/values/" - cp /root/signature_spoofing_patches/frameworks_base_config.xml "vendor/$vendor/overlay/microg/frameworks/base/core/res/res/values/config.xml" + if [ -n "$modules_permission_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then + cd packages/modules/Permission + echo ">> [$(date)] Applying the modules/Permission patch ($modules_permission_patch) to packages/modules/Permission" + patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$modules_permission_patch" + git clean -q -f + cd ../../.. + fi + + # Override device-specific settings for the location providers + mkdir -p "vendor/$vendor/overlay/microg/frameworks/base/core/res/res/values/" + cp /root/signature_spoofing_patches/frameworks_base_config.xml "vendor/$vendor/overlay/microg/frameworks/base/core/res/res/values/config.xml" + fi + else + echo ">> [$(date)] Applying patches disabled" fi echo ">> [$(date)] Setting \"$RELEASE_TYPE\" as release type" From 5d2bac89e7e1cd4175ab9ad4ecc0168b472c4544 Mon Sep 17 00:00:00 2001 From: Pete Date: Mon, 4 Dec 2023 12:45:28 +0000 Subject: [PATCH 08/21] Make calling envsetup.sh and breakfast switchable --- src/build.sh | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/src/build.sh b/src/build.sh index ba59057..abc2259 100755 --- a/src/build.sh +++ b/src/build.sh @@ -322,12 +322,16 @@ for branch in ${BRANCH_NAME//,/ }; do fi fi - # Prepare the environment - echo ">> [$(date)] Preparing build environment" - set +eu - # shellcheck source=/dev/null - source build/envsetup.sh > /dev/null - set -eu + if [ "$PREPARE_BUILD_ENVIRONMENT" = true ]; then + # Prepare the environment + echo ">> [$(date)] Preparing build environment" + set +eu + # shellcheck source=/dev/null + source build/envsetup.sh > /dev/null + set -eu + else + echo ">> [$(date)] Preparing build environment disabled" + fi if [ -f /root/userscripts/before.sh ]; then echo ">> [$(date)] Running before.sh" @@ -365,10 +369,16 @@ for branch in ${BRANCH_NAME//,/ }; do DEBUG_LOG="$LOGS_DIR/$logsubdir/lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename.log" - set +eu - breakfast "$codename" "$BUILD_TYPE" &>> "$DEBUG_LOG" - breakfast_returncode=$? - set -eu + breakfast_returncode=0 + if [ "$CALL_BREAKFAST" = true ]; then + set +eu + breakfast "$codename" "$BUILD_TYPE" &>> "$DEBUG_LOG" + breakfast_returncode=$? + set -eu + else + echo ">> [$(date)] Calling breakfast disabled" + fi + if [ $breakfast_returncode -ne 0 ]; then echo ">> [$(date)] breakfast failed for $codename, $branch branch" | tee -a "$DEBUG_LOG" # call post-build.sh so the failure is logged in a way that is more visible From fd213ff4b00e630e84f8895100bf65432937638f Mon Sep 17 00:00:00 2001 From: Pete Date: Mon, 4 Dec 2023 12:48:39 +0000 Subject: [PATCH 09/21] Make calling mka switchable --- src/build.sh | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/src/build.sh b/src/build.sh index abc2259..c4c65b6 100755 --- a/src/build.sh +++ b/src/build.sh @@ -394,20 +394,22 @@ for branch in ${BRANCH_NAME//,/ }; do /root/userscripts/pre-build.sh "$codename" &>> "$DEBUG_LOG" || echo ">> [$(date)] Warning: pre-build.sh failed!" fi - # Start the build - echo ">> [$(date)] Starting build for $codename, $branch branch" | tee -a "$DEBUG_LOG" - build_successful=false - if (set +eu ; mka "${jobs_arg[@]}" bacon) &>> "$DEBUG_LOG"; then + build_successful=true + if [ "$CALL_MKA" = true ]; then + # Start the build + echo ">> [$(date)] Starting build for $codename, $branch branch" | tee -a "$DEBUG_LOG" + build_successful=false + if (set +eu ; mka "${jobs_arg[@]}" bacon) &>> "$DEBUG_LOG"; then - # Move produced ZIP files to the main OUT directory - echo ">> [$(date)] Moving build artifacts for $codename to '$ZIP_DIR/$zipsubdir'" | tee -a "$DEBUG_LOG" - cd out/target/product/"$codename" - files_to_hash=() - for build in lineage-*.zip; do - cp -v system/build.prop "$ZIP_DIR/$zipsubdir/$build.prop" &>> "$DEBUG_LOG" - mv "$build" "$ZIP_DIR/$zipsubdir/" &>> "$DEBUG_LOG" - files_to_hash+=( "$build" ) - done + # Move produced ZIP files to the main OUT directory + echo ">> [$(date)] Moving build artifacts for $codename to '$ZIP_DIR/$zipsubdir'" | tee -a "$DEBUG_LOG" + cd out/target/product/"$codename" + files_to_hash=() + for build in lineage-*.zip; do + cp -v system/build.prop "$ZIP_DIR/$zipsubdir/$build.prop" &>> "$DEBUG_LOG" + mv "$build" "$ZIP_DIR/$zipsubdir/" &>> "$DEBUG_LOG" + files_to_hash+=( "$build" ) + done cd "$source_dir/out/target/product/$codename/obj/PACKAGING/target_files_intermediates/lineage_$codename-target_files-eng.root/IMAGES/" for image in recovery boot vendor_boot dtbo super_empty vbmeta vendor_kernel_boot; do @@ -424,9 +426,13 @@ for branch in ${BRANCH_NAME//,/ }; do done cd "$source_dir" build_successful=true + else + echo ">> [$(date)] Failed build for $codename" | tee -a "$DEBUG_LOG" + fi else - echo ">> [$(date)] Failed build for $codename" | tee -a "$DEBUG_LOG" - fi + echo ">> [$(date)] Calling mka for $codename, $branch branch disabled" + fi + # Remove old zips and logs if [ "$DELETE_OLD_ZIPS" -gt "0" ]; then From 031bad1b3966dd533c8946610fcfb64f2b004101 Mon Sep 17 00:00:00 2001 From: Pete Date: Mon, 4 Dec 2023 16:05:35 +0000 Subject: [PATCH 10/21] Make repo init switchable --- src/build.sh | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/build.sh b/src/build.sh index c4c65b6..182d248 100755 --- a/src/build.sh +++ b/src/build.sh @@ -187,11 +187,15 @@ for branch in ${BRANCH_NAME//,/ }; do echo ">> [$(date)] Resetting vendor and undoing patches disabled" | tee -a "$repo_log" fi - echo ">> [$(date)] (Re)initializing branch repository" | tee -a "$repo_log" - if [ "$LOCAL_MIRROR" = true ]; then - ( yes||: ) | repo init -u https://github.com/LineageOS/android.git --reference "$MIRROR_DIR" -b "$branch" --git-lfs &>> "$repo_log" + if [ "$CALL_REPO_INIT" = true ]; then + echo ">> [$(date)] (Re)initializing branch repository" | tee -a "$repo_log" + if [ "$LOCAL_MIRROR" = true ]; then + ( yes||: ) | repo init -u https://github.com/LineageOS/android.git --reference "$MIRROR_DIR" -b "$branch" --git-lfs &>> "$repo_log" + else + ( yes||: ) | repo init -u https://github.com/LineageOS/android.git -b "$branch" --git-lfs &>> "$repo_log" + fi else - ( yes||: ) | repo init -u https://github.com/LineageOS/android.git -b "$branch" --git-lfs &>> "$repo_log" + echo ">> [$(date)] Calling repo init disabled" fi # Copy local manifests to the appropriate folder in order take them into consideration @@ -433,7 +437,6 @@ for branch in ${BRANCH_NAME//,/ }; do echo ">> [$(date)] Calling mka for $codename, $branch branch disabled" fi - # Remove old zips and logs if [ "$DELETE_OLD_ZIPS" -gt "0" ]; then if [ "$ZIP_SUBDIR" = true ]; then From 0ab43084fb54104df2103ddacfb82af6951b5dd0 Mon Sep 17 00:00:00 2001 From: Pete Date: Tue, 5 Dec 2023 12:00:24 +0000 Subject: [PATCH 11/21] Make the -img.zip file --- src/build.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/build.sh b/src/build.sh index 182d248..7f00c2e 100755 --- a/src/build.sh +++ b/src/build.sh @@ -404,6 +404,15 @@ for branch in ${BRANCH_NAME//,/ }; do echo ">> [$(date)] Starting build for $codename, $branch branch" | tee -a "$DEBUG_LOG" build_successful=false if (set +eu ; mka "${jobs_arg[@]}" bacon) &>> "$DEBUG_LOG"; then + if [ "$MAKE_IMG_ZIP_FILE" = true ]; then + # make the `-img.zip` file + echo ">> [$(date)] Making -img.zip file" | tee -a "$DEBUG_LOG" + infile="out/target/product/$codename/obj/PACKAGING/target_files_intermediates/lineage_$codename-target_files-eng.root.zip" + img_zip_file="out/target/product/$codename/lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename-img.zip" + img_from_target_files "$infile" "$img_zip_file" &>> "$DEBUG_LOG" + else + echo ">> [$(date)] Making -img.zip file disabled" + fi # Move produced ZIP files to the main OUT directory echo ">> [$(date)] Moving build artifacts for $codename to '$ZIP_DIR/$zipsubdir'" | tee -a "$DEBUG_LOG" From 23d31d6688c405b7b314f4d949becfbeea8081ee Mon Sep 17 00:00:00 2001 From: Pete Date: Tue, 5 Dec 2023 12:31:07 +0000 Subject: [PATCH 12/21] Zip up the .img files --- src/build.sh | 64 +++++++++++++++++++++++++++++++++++----------------- 1 file changed, 43 insertions(+), 21 deletions(-) diff --git a/src/build.sh b/src/build.sh index 7f00c2e..4d84829 100755 --- a/src/build.sh +++ b/src/build.sh @@ -414,25 +414,48 @@ for branch in ${BRANCH_NAME//,/ }; do echo ">> [$(date)] Making -img.zip file disabled" fi - # Move produced ZIP files to the main OUT directory - echo ">> [$(date)] Moving build artifacts for $codename to '$ZIP_DIR/$zipsubdir'" | tee -a "$DEBUG_LOG" - cd out/target/product/"$codename" - files_to_hash=() - for build in lineage-*.zip; do - cp -v system/build.prop "$ZIP_DIR/$zipsubdir/$build.prop" &>> "$DEBUG_LOG" - mv "$build" "$ZIP_DIR/$zipsubdir/" &>> "$DEBUG_LOG" - files_to_hash+=( "$build" ) - done - cd "$source_dir/out/target/product/$codename/obj/PACKAGING/target_files_intermediates/lineage_$codename-target_files-eng.root/IMAGES/" - - for image in recovery boot vendor_boot dtbo super_empty vbmeta vendor_kernel_boot; do - if [ -f "$image.img" ]; then - recovery_name="lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename-$image.img" - echo ">> [$(date)] Copying $image.img" to "$ZIP_DIR/$zipsubdir/$recovery_name" >> "$DEBUG_LOG" - cp "$image.img" "$ZIP_DIR/$zipsubdir/$recovery_name" &>> "$DEBUG_LOG" - files_to_hash+=( "$recovery_name" ) - fi + # Move produced ZIP files to the main OUT directory + echo ">> [$(date)] Moving build artifacts for $codename to '$ZIP_DIR/$zipsubdir'" | tee -a "$DEBUG_LOG" + cd out/target/product/"$codename" + files_to_hash=() + for build in lineage-*.zip; do + cp -v system/build.prop "$ZIP_DIR/$zipsubdir/$build.prop" &>> "$DEBUG_LOG" + mv "$build" "$ZIP_DIR/$zipsubdir/" &>> "$DEBUG_LOG" + files_to_hash+=( "$build" ) done + + cd "$source_dir/out/target/product/$codename/obj/PACKAGING/target_files_intermediates/lineage_$codename-target_files-eng.root/IMAGES/" + if [ "$ZIP_UP_IMAGES" = true ]; then + # zipping the .img files + echo ">> [$(date)] Zipping the .img files" | tee -a "$DEBUG_LOG" + + files_to_zip=() + images_zip_file="lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename-images.zip" + cd "$source_dir/out/target/product/$codename/obj/PACKAGING/target_files_intermediates/lineage_$codename-target_files-eng.root/IMAGES/" + + for image in recovery boot vendor_boot dtbo super_empty vbmeta vendor_kernel_boot; do + if [ -f "$image.img" ]; then + echo ">> [$(date)] Adding $image.img" to "$images_zip_file" | tee -a "$DEBUG_LOG" + files_to_zip+=( "$image.img" ) + fi + done + + zip "$images_zip_file" "${files_to_zip[@]}" + mv "$images_zip_file" "$ZIP_DIR/$zipsubdir/" + files_to_hash+=( "$images_zip_file" ) + else + # just copy the mages to the zips directory + echo ">> [$(date)] Zipping the '-img' files disabled" + for image in recovery boot vendor_boot dtbo super_empty vbmeta vendor_kernel_boot; do + if [ -f "$image.img" ]; then + recovery_name="lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename-$image.img" + echo ">> [$(date)] Copying $image.img" to "$ZIP_DIR/$zipsubdir/$recovery_name" >> "$DEBUG_LOG" + cp "$image.img" "$ZIP_DIR/$zipsubdir/$recovery_name" &>> "$DEBUG_LOG" + files_to_hash+=( "$recovery_name" ) + fi + done + fi + cd "$ZIP_DIR/$zipsubdir" for f in "${files_to_hash[@]}"; do sha256sum "$f" > "$ZIP_DIR/$zipsubdir/$f.sha256sum" @@ -444,6 +467,7 @@ for branch in ${BRANCH_NAME//,/ }; do fi else echo ">> [$(date)] Calling mka for $codename, $branch branch disabled" + fi fi # Remove old zips and logs @@ -463,7 +487,7 @@ for branch in ${BRANCH_NAME//,/ }; do fi if [ -f /root/userscripts/post-build.sh ]; then echo ">> [$(date)] Running post-build.sh for $codename" >> "$DEBUG_LOG" - /root/userscripts/post-build.sh "$codename" $build_successful "$branch" &>> "$DEBUG_LOG" || echo ">> [$(date)] Warning: post-build.sh failed!" + /root/userscripts/post-build.sh "$codename" "$build_successful" "$branch" &>> "$DEBUG_LOG" || echo ">> [$(date)] Warning: post-build.sh failed!" fi echo ">> [$(date)] Finishing build for $codename" | tee -a "$DEBUG_LOG" @@ -492,8 +516,6 @@ for branch in ${BRANCH_NAME//,/ }; do (set +eu ; mka "${jobs_arg[@]}" clean) &>> "$DEBUG_LOG" fi fi - - fi done fi done From d5c8f2302cc1a08a9b872f7cb2336afa7a7f7cca Mon Sep 17 00:00:00 2001 From: Pete Date: Thu, 7 Dec 2023 16:54:45 +0000 Subject: [PATCH 13/21] Dont create a .prop file for the -img.zip --- src/build.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/build.sh b/src/build.sh index 4d84829..ff62454 100755 --- a/src/build.sh +++ b/src/build.sh @@ -403,21 +403,27 @@ for branch in ${BRANCH_NAME//,/ }; do # Start the build echo ">> [$(date)] Starting build for $codename, $branch branch" | tee -a "$DEBUG_LOG" build_successful=false + files_to_hash=() + if (set +eu ; mka "${jobs_arg[@]}" bacon) &>> "$DEBUG_LOG"; then if [ "$MAKE_IMG_ZIP_FILE" = true ]; then # make the `-img.zip` file echo ">> [$(date)] Making -img.zip file" | tee -a "$DEBUG_LOG" infile="out/target/product/$codename/obj/PACKAGING/target_files_intermediates/lineage_$codename-target_files-eng.root.zip" - img_zip_file="out/target/product/$codename/lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename-img.zip" + img_zip_file="lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename-img.zip" img_from_target_files "$infile" "$img_zip_file" &>> "$DEBUG_LOG" + + # move it to the zips directory + mv "$img_zip_file" "$ZIP_DIR/$zipsubdir/" &>> "$DEBUG_LOG" + files_to_hash+=( "$img_zip_file" ) else echo ">> [$(date)] Making -img.zip file disabled" fi - # Move produced ZIP files to the main OUT directory + # Move the ROM zip files to the main OUT directory echo ">> [$(date)] Moving build artifacts for $codename to '$ZIP_DIR/$zipsubdir'" | tee -a "$DEBUG_LOG" cd out/target/product/"$codename" - files_to_hash=() + for build in lineage-*.zip; do cp -v system/build.prop "$ZIP_DIR/$zipsubdir/$build.prop" &>> "$DEBUG_LOG" mv "$build" "$ZIP_DIR/$zipsubdir/" &>> "$DEBUG_LOG" From 5480a67eb63c999352a4c6af74e2ced94a40fc18 Mon Sep 17 00:00:00 2001 From: Pete Date: Mon, 1 Jan 2024 15:00:45 +0000 Subject: [PATCH 14/21] Add switchable git lfs pull call --- Dockerfile | 1 + src/build.sh | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/Dockerfile b/Dockerfile index 1f51436..7ed8a8d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -128,6 +128,7 @@ ENV SYNC_MIRROR true ENV RESET_VENDOR_UNDO_PATCHES true ENV CALL_REPO_INIT true ENV CALL_REPO_SYNC true +ENV CALL_GIT_LFS_PULL false ENV APPLY_PATCHES true ENV PREPARE_BUILD_ENVIRONMENT true ENV CALL_BREAKFAST true diff --git a/src/build.sh b/src/build.sh index ff62454..9ff67dc 100755 --- a/src/build.sh +++ b/src/build.sh @@ -218,6 +218,13 @@ for branch in ${BRANCH_NAME//,/ }; do echo ">> [$(date)] Syncing branch repository disabled" | tee -a "$repo_log" fi + if [ "$CALL_GIT_LFS_PULL" = true ]; then + echo ">> [$(date)] Calling git lfs pull" | tee -a "$repo_log" + repo forall -v -c git lfs pull &>> "$repo_log" + else + echo ">> [$(date)] Calling git lfs pull disabled" | tee -a "$repo_log" + fi + if [ ! -d "vendor/$vendor" ]; then echo ">> [$(date)] Missing \"vendor/$vendor\", aborting" exit 1 From dbcdbc891325f66ece7b21a6c1ecc938276a6702 Mon Sep 17 00:00:00 2001 From: Pete Fotheringham Date: Thu, 25 Jan 2024 07:08:05 +0000 Subject: [PATCH 15/21] Update README.md: add settings to control 'switchable' build steps --- README.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/README.md b/README.md index dbb16a9..6e8cf2f 100644 --- a/README.md +++ b/README.md @@ -177,6 +177,34 @@ your builds with your own keys (**highly recommended**): * `SIGN_BUILDS (false)`: set to `true` to sign the builds with the keys contained in `/srv/keys`; if no keys are present, a new set will be generated +### Settings to control 'switchable' build steps + +Some of the the steps in the build process (e.g `repo sync`, `mka`) can take a long time to complete. When working on a build, it may be desirable to skip some of the steps. The following environment variables (and their default values) control whether or not each step is performed +``` +# variables to control whether or not tasks are implemented +ENV INIT_MIRROR true +ENV SYNC_MIRROR true +ENV RESET_VENDOR_UNDO_PATCHES true +ENV CALL_REPO_INIT true +ENV CALL_REPO_SYNC true +ENV CALL_GIT_LFS_PULL false +ENV APPLY_PATCHES true +ENV PREPARE_BUILD_ENVIRONMENT true +ENV CALL_BREAKFAST true +ENV CALL_MKA true +ENV ZIP_UP_IMAGES false +ENV MAKE_IMG_ZIP_FILE false +``` + +To `switch` an operation, change the default value of the the variable in a `-e clause` in the `docker run` command e.g. +` -e "CALL_REPO-SYNC=false" \` + +The `ZIP_UP_IMAGES` and `MAKE_IMG_ZIP_FILE` variables control how the `.img` files created by the buid are handled: +- by default, the `img` files are copied - unzipped - to the `zips` directory +- if `ZIP_UP_IMAGES` is set `true`, the images are zipped and the resulting `...images.zip` is copied to the `zips` directory +- if `MAKE_IMG_ZIP_FILE` is set `true`, a flashsable `...-img.zip` file is created, which can be installed using `fastboot flash` or `fastboot update` + + ### Other settings Other useful settings are: From d1b4d0f34ed315dda4846643479b68771cfc4173 Mon Sep 17 00:00:00 2001 From: Pete Fotheringham Date: Thu, 25 Jan 2024 07:10:42 +0000 Subject: [PATCH 16/21] Update README.md: indebt the 'Settings' paragraphs --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 6e8cf2f..8489d14 100644 --- a/README.md +++ b/README.md @@ -72,7 +72,7 @@ to the LineageOS official builds, just signed with the test keys. When multiple branches are selected, use `DEVICE_LIST_` to specify the list of devices for each specific branch (see [the examples](#examples)). -### GMS / microG +#### GMS / microG To include microG (or possibly the actual Google Mobile Services) in your build, LineageOS expects certain Makefiles in `vendor/partner_gms` and variable @@ -90,7 +90,7 @@ official lineageos4microg builds. To include it in your build, create an XML ``` -### Additional custom apps +#### Additional custom apps If you wish to add other apps to your ROM, you can include a repository with source code or prebuilt APKs. For prebuilt apks, see the [android_vendor_partner_gms][android_vendor_partner_gms] @@ -108,7 +108,7 @@ Include the repo with another manifest file like this: And when starting the build, set the `CUSTOM_PACKAGES` variable to a list of app names (defined by `LOCAL_MODULE` in `Android.mk`) separated by spaces. -### Signature spoofing +#### Signature spoofing There are two options for the [signature spoofing patch][signature-spoofing] required for [microG][microg]: @@ -134,7 +134,7 @@ FAKE_SIGNATURE permission must be included in the build as system apps (e.g. as part of GMS or `CUSTOM_PACKAGES`) -### Proprietary files +#### Proprietary files Some proprietary files are needed to create a LineageOS build, but they're not included in the LineageOS repo for legal reasons. You can obtain these blobs in @@ -149,7 +149,7 @@ The third way is the easiest one and is enabled by default; if you're OK with that just move on, otherwise set `INCLUDE_PROPRIETARY (true)` to `false` and manually provide the blobs (not explained in this guide). -### Over the Air updates +#### Over the Air updates To enable OTA for you builds, you need to run a server that speaks the protocol understood by the [LineageOS updater app][updater] and provide the URL to this @@ -169,7 +169,7 @@ image. Follow these steps to prepare your builds for OTA: If you don't setup a OTA server you won't be able to update the device from the updater app (but you can still update it manually with the recovery of course). -### Signing +#### Signing By default, builds are signed with the Android test keys. If you want to sign your builds with your own keys (**highly recommended**): @@ -177,7 +177,7 @@ your builds with your own keys (**highly recommended**): * `SIGN_BUILDS (false)`: set to `true` to sign the builds with the keys contained in `/srv/keys`; if no keys are present, a new set will be generated -### Settings to control 'switchable' build steps +#### Settings to control 'switchable' build steps Some of the the steps in the build process (e.g `repo sync`, `mka`) can take a long time to complete. When working on a build, it may be desirable to skip some of the steps. The following environment variables (and their default values) control whether or not each step is performed ``` @@ -205,7 +205,7 @@ The `ZIP_UP_IMAGES` and `MAKE_IMG_ZIP_FILE` variables control how the `.img` fil - if `MAKE_IMG_ZIP_FILE` is set `true`, a flashsable `...-img.zip` file is created, which can be installed using `fastboot flash` or `fastboot update` -### Other settings +#### Other settings Other useful settings are: From 8deb5e880224092191c1ae06b2097ed34e76abf7 Mon Sep 17 00:00:00 2001 From: Pete Fotheringham Date: Thu, 25 Jan 2024 07:12:10 +0000 Subject: [PATCH 17/21] Update README.md: remove WITH_SU setting --- README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/README.md b/README.md index 8489d14..dc70687 100644 --- a/README.md +++ b/README.md @@ -211,9 +211,6 @@ Other useful settings are: * `CCACHE_SIZE (50G)`: change this if you want to give more (or less) space to ccache - * `WITH_SU (false)`: set to `true` to embed `su` in the build (note that, even - when set to `false`, you can still enable root by flashing the - [su installable ZIP][los-extras]). This is only for lineage version 16 and below. * `RELEASE_TYPE (UNOFFICIAL)`: change the release type of your builds * `BUILD_TYPE (userdebug)`: type of your builds, see [Android docs](https://source.android.com/docs/setup/build/building#choose-a-target) * `BUILD_OVERLAY (false)`: normally each build is done on the source tree, then From 4b0c22fbf5cb8c17ecfb367a13891b7cf102e7a4 Mon Sep 17 00:00:00 2001 From: Pete Fotheringham Date: Tue, 30 Jan 2024 08:03:59 +0000 Subject: [PATCH 18/21] Reset 'builddate` when each device build starts Fixes #562 --- src/build.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/build.sh b/src/build.sh index 9ff67dc..dc7009e 100755 --- a/src/build.sh +++ b/src/build.sh @@ -351,7 +351,9 @@ for branch in ${BRANCH_NAME//,/ }; do for codename in ${devices//,/ }; do if [ -n "$codename" ]; then - + + builddate=$(date +%Y%m%d) + if [ "$BUILD_OVERLAY" = true ]; then lowerdir=$SRC_DIR/$branch_dir upperdir=$TMP_DIR/device From 70318caf1bb6b60b38ef7ceb439e6a811065f8a1 Mon Sep 17 00:00:00 2001 From: Pete Date: Wed, 14 Feb 2024 21:27:39 +0000 Subject: [PATCH 19/21] Sig spoofing patches for Android 14 / LOS 21 --- .../android_frameworks_base-Android14.patch | 124 ++++++++++++++++++ ...ackages_modules_Permission-Android14.patch | 12 ++ 2 files changed, 136 insertions(+) create mode 100644 src/signature_spoofing_patches/android_frameworks_base-Android14.patch create mode 100644 src/signature_spoofing_patches/packages_modules_Permission-Android14.patch diff --git a/src/signature_spoofing_patches/android_frameworks_base-Android14.patch b/src/signature_spoofing_patches/android_frameworks_base-Android14.patch new file mode 100644 index 0000000..9ec072c --- /dev/null +++ b/src/signature_spoofing_patches/android_frameworks_base-Android14.patch @@ -0,0 +1,124 @@ +diff --git a/core/api/current.txt b/core/api/current.txt +index 288ab479c0fb..2124d89c6e6f 100644 +--- a/core/api/current.txt ++++ b/core/api/current.txt +@@ -95,6 +95,7 @@ package android { + field public static final String EXECUTE_APP_ACTION = "android.permission.EXECUTE_APP_ACTION"; + field public static final String EXPAND_STATUS_BAR = "android.permission.EXPAND_STATUS_BAR"; + field public static final String FACTORY_TEST = "android.permission.FACTORY_TEST"; ++ field public static final String FAKE_PACKAGE_SIGNATURE = "android.permission.FAKE_PACKAGE_SIGNATURE"; + field public static final String FOREGROUND_SERVICE = "android.permission.FOREGROUND_SERVICE"; + field public static final String FOREGROUND_SERVICE_CAMERA = "android.permission.FOREGROUND_SERVICE_CAMERA"; + field public static final String FOREGROUND_SERVICE_CONNECTED_DEVICE = "android.permission.FOREGROUND_SERVICE_CONNECTED_DEVICE"; +@@ -326,6 +327,7 @@ package android { + field public static final String CALL_LOG = "android.permission-group.CALL_LOG"; + field public static final String CAMERA = "android.permission-group.CAMERA"; + field public static final String CONTACTS = "android.permission-group.CONTACTS"; ++ field public static final String FAKE_PACKAGE = "android.permission-group.FAKE_PACKAGE"; + field public static final String LOCATION = "android.permission-group.LOCATION"; + field public static final String MICROPHONE = "android.permission-group.MICROPHONE"; + field public static final String NEARBY_DEVICES = "android.permission-group.NEARBY_DEVICES"; +diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml +index 14cb052b121f..593999bc4ef7 100644 +--- a/core/res/AndroidManifest.xml ++++ b/core/res/AndroidManifest.xml +@@ -4258,6 +4258,22 @@ + android:description="@string/permdesc_getPackageSize" + android:protectionLevel="normal" /> + ++ ++ ++ ++ ++ ++ ++ + +diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml +index 9c018c30f9e3..661297bab701 100644 +--- a/core/res/res/values/strings.xml ++++ b/core/res/res/values/strings.xml +@@ -990,6 +990,19 @@ + Preview, %1$s + + ++ ++ ++ Spoof package signature ++ ++ Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only! ++ ++ Spoof package signature ++ ++ allow to spoof package signature ++ ++ Allow ++ <b>%1$s</b> to spoof package signature? ++ + + + disable or modify status bar +diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java +index 78f1fa60b69f..1e29d3697b89 100644 +--- a/services/core/java/com/android/server/pm/ComputerEngine.java ++++ b/services/core/java/com/android/server/pm/ComputerEngine.java +@@ -1450,6 +1450,29 @@ public class ComputerEngine implements Computer { + return result; + } + ++ private boolean requestsFakeSignature(AndroidPackage p) { ++ return p.getMetaData() != null && ++ p.getMetaData().getString("fake-signature") != null; ++ } ++ ++ private PackageInfo mayFakeSignature(AndroidPackage p, PackageInfo pi, ++ Set permissions) { ++ try { ++ if (p.getMetaData() != null && ++ p.getTargetSdkVersion() > Build.VERSION_CODES.LOLLIPOP_MR1) { ++ String sig = p.getMetaData().getString("fake-signature"); ++ if (sig != null && ++ permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")) { ++ pi.signatures = new Signature[] {new Signature(sig)}; ++ } ++ } ++ } catch (Throwable t) { ++ // We should never die because of any failures, this is system code! ++ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); ++ } ++ return pi; ++ } ++ + public final PackageInfo generatePackageInfo(PackageStateInternal ps, + @PackageManager.PackageInfoFlagsBits long flags, int userId) { + if (!mUserManager.exists(userId)) return null; +@@ -1483,13 +1506,15 @@ public class ComputerEngine implements Computer { + || ArrayUtils.isEmpty(p.getPermissions())) ? Collections.emptySet() + : mPermissionManager.getInstalledPermissions(ps.getPackageName()); + // Compute granted permissions only if package has requested permissions +- final Set grantedPermissions = ((flags & PackageManager.GET_PERMISSIONS) == 0 ++ final Set grantedPermissions = (((flags & PackageManager.GET_PERMISSIONS) == 0 ++ && !requestsFakeSignature(p)) + || ArrayUtils.isEmpty(p.getRequestedPermissions())) ? Collections.emptySet() + : mPermissionManager.getGrantedPermissions(ps.getPackageName(), userId); + +- PackageInfo packageInfo = PackageInfoUtils.generate(p, gids, flags, ++ PackageInfo packageInfo = mayFakeSignature(p, PackageInfoUtils.generate(p, gids, flags, + state.getFirstInstallTimeMillis(), ps.getLastUpdateTime(), installedPermissions, +- grantedPermissions, state, userId, ps); ++ grantedPermissions, state, userId, ps), ++ grantedPermissions); + + if (packageInfo == null) { + return null; diff --git a/src/signature_spoofing_patches/packages_modules_Permission-Android14.patch b/src/signature_spoofing_patches/packages_modules_Permission-Android14.patch new file mode 100644 index 0000000..9aace22 --- /dev/null +++ b/src/signature_spoofing_patches/packages_modules_Permission-Android14.patch @@ -0,0 +1,12 @@ +diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java +index d4354bd72..4b90f9327 100644 +--- a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java ++++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java +@@ -21,6 +21,7 @@ import static android.Manifest.permission_group.CALENDAR; + import static android.Manifest.permission_group.CALL_LOG; + import static android.Manifest.permission_group.CAMERA; + import static android.Manifest.permission_group.CONTACTS; ++import static android.Manifest.permission_group.FAKE_PACKAGE; + import static android.Manifest.permission_group.LOCATION; + import static android.Manifest.permission_group.MICROPHONE; + import static android.Manifest.permission_group.NEARBY_DEVICES; From 47545fb5fb1108804d800486dd73aec731538ef8 Mon Sep 17 00:00:00 2001 From: Pete Date: Wed, 14 Feb 2024 21:51:47 +0000 Subject: [PATCH 20/21] Handle the 'lineage-21.0' BRANCH_NAME value --- src/build.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/build.sh b/src/build.sh index dc7009e..fe63dd8 100755 --- a/src/build.sh +++ b/src/build.sh @@ -158,6 +158,12 @@ for branch in ${BRANCH_NAME//,/ }; do frameworks_base_patch="android_frameworks_base-Android13.patch" modules_permission_patch="packages_modules_Permission-Android13.patch" ;; + lineage-21.0*) + themuppets_branch="lineage-20.0" + android_version="14" + frameworks_base_patch="android_frameworks_base-Android14.patch" + modules_permission_patch="packages_modules_Permission-Android14.patch" + ;; *) echo ">> [$(date)] Building branch $branch is not (yet) suppported" exit 1 From ff2706779619478eecd86c528b91a07682a6d2e4 Mon Sep 17 00:00:00 2001 From: Pete Date: Thu, 15 Feb 2024 13:28:44 +0000 Subject: [PATCH 21/21] fix build signing for Android 14 --- src/init.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/init.sh b/src/init.sh index fb6e014..dae4142 100755 --- a/src/init.sh +++ b/src/init.sh @@ -59,6 +59,22 @@ if [ "$SIGN_BUILDS" = true ]; then fi done fi + + # Android 14 requires to set a BUILD file for bazel to avoid errors: + cat > $"KEYS_DIR"/BUILD << _EOB +# adding an empty BUILD file fixes the A14 build error: +# "ERROR: no such package 'keys': BUILD file not found in any of the following directories. Add a BUILD file to a directory to mark it as a package." +# adding the filegroup "android_certificate_directory" fixes the A14 build error: +# "no such target '//keys:android_certificate_directory': target 'android_certificate_directory' not declared in package 'keys'" +filegroup( +name = "android_certificate_directory", +srcs = glob([ + "*.pk8", + "*.pem", +]), +visibility = ["//visibility:public"], +) +_EOB for c in cyngn{-priv,}-app testkey; do for e in pk8 x509.pem; do