mirror/docker-lineage-cicd
1
0
Fork 0
mirror of https://github.com/lineageos4microg/docker-lineage-cicd synced 2024-11-09 10:09:56 +01:00
Code Issues

Merge pull request #212 from CyberShadow/pull-20210814-073027

Browse Source 
Shell correctness improvements
This commit is contained in:
Philip Nagler-Frank 2022-01-25 19:12:11 +01:00 committed by GitHub
commit 1d05824958
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 67 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/shellcheck.yml vendored Normal file
View File

@ -0,0 +1,14 @@
on: [ push, pull_request ]
name: ShellCheck
jobs:
shellcheck:
name: Shellcheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@94e0aab03ca135d11a35e5bfc14e6746dc56e7e9
with:
additional_files: src/make_key

65
src/build.sh
View File

@ -17,10 +17,12 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
set -eEuo pipefail
repo_log="$LOGS_DIR/repo-$(date +%Y%m%d).log"
# cd to working directory
cd "$SRC_DIR" || exit
cd "$SRC_DIR"
if [ -f /root/userscripts/begin.sh ]; then
echo ">> [$(date)] Running begin.sh"
@ -36,9 +38,9 @@ fi
# Treat DEVICE_LIST as DEVICE_LIST_<first_branch>
first_branch=$(cut -d ',' -f 1 <<< "$BRANCH_NAME")
if [ -n "$DEVICE_LIST" ]; then
device_list_first_branch="DEVICE_LIST_$(sed 's/[^[:alnum:]]/_/g' <<< "$first_branch")"
device_list_first_branch="DEVICE_LIST_${first_branch//[^[:alnum:]]/_}"
device_list_first_branch=${device_list_first_branch^^}
read "$device_list_first_branch" <<< "$DEVICE_LIST,${!device_list_first_branch}"
read -r "${device_list_first_branch?}" <<< "$DEVICE_LIST,${!device_list_first_branch:-}"
fi
# If needed, migrate from the old SRC_DIR structure
@ -55,11 +57,11 @@ fi
if [ "$LOCAL_MIRROR" = true ]; then
cd "$MIRROR_DIR" || exit
cd "$MIRROR_DIR"
if [ ! -d .repo ]; then
echo ">> [$(date)] Initializing mirror repository" | tee -a "$repo_log"
yes | repo init -u https://github.com/LineageOS/mirror --mirror --no-clone-bundle -p linux &>> "$repo_log"
( yes||: ) | repo init -u https://github.com/LineageOS/mirror --mirror --no-clone-bundle -p linux &>> "$repo_log"
fi
# Copy local manifests to the appropriate folder in order take them into consideration
@ -79,7 +81,7 @@ if [ "$LOCAL_MIRROR" = true ]; then
fi
for branch in ${BRANCH_NAME//,/ }; do
branch_dir=$(sed 's/[^[:alnum:]]/_/g' <<< "$branch")
branch_dir=${branch//[^[:alnum:]]/_}
branch_dir=${branch_dir^^}
device_list_cur_branch="DEVICE_LIST_$branch_dir"
devices=${!device_list_cur_branch}
@ -124,7 +126,7 @@ for branch in ${BRANCH_NAME//,/ }; do
android_version_major=$(cut -d '.' -f 1 <<< $android_version)
mkdir -p "$SRC_DIR/$branch_dir"
cd "$SRC_DIR/$branch_dir" || exit
cd "$SRC_DIR/$branch_dir"
echo ">> [$(date)] Branch: $branch"
echo ">> [$(date)] Devices: $devices"
@ -132,18 +134,18 @@ for branch in ${BRANCH_NAME//,/ }; do
# Remove previous changes of vendor/cm, vendor/lineage and frameworks/base (if they exist)
for path in "vendor/cm" "vendor/lineage" "frameworks/base" "packages/apps/PermissionController"; do
if [ -d "$path" ]; then
cd "$path" || exit
cd "$path"
git reset -q --hard
git clean -q -fd
cd "$SRC_DIR/$branch_dir" || exit
cd "$SRC_DIR/$branch_dir"
fi
done
echo ">> [$(date)] (Re)initializing branch repository" | tee -a "$repo_log"
if [ "$LOCAL_MIRROR" = true ]; then
yes | repo init -u https://github.com/LineageOS/android.git --reference "$MIRROR_DIR" -b "$branch" &>> "$repo_log"
( yes||: ) | repo init -u https://github.com/LineageOS/android.git --reference "$MIRROR_DIR" -b "$branch" &>> "$repo_log"
else
yes | repo init -u https://github.com/LineageOS/android.git -b "$branch" &>> "$repo_log"
( yes||: ) | repo init -u https://github.com/LineageOS/android.git -b "$branch" &>> "$repo_log"
fi
# Copy local manifests to the appropriate folder in order take them into consideration
@ -178,7 +180,7 @@ for branch in ${BRANCH_NAME//,/ }; do
# If needed, apply the microG's signature spoofing patch
if [ "$SIGNATURE_SPOOFING" = "yes" ] || [ "$SIGNATURE_SPOOFING" = "restricted" ]; then
# Determine which patch should be applied to the current Android source tree
cd frameworks/base || exit
cd frameworks/base
if [ "$SIGNATURE_SPOOFING" = "yes" ]; then
echo ">> [$(date)] Applying the standard signature spoofing patch ($patch_name) to frameworks/base"
echo ">> [$(date)] WARNING: the standard signature spoofing patch introduces a security threat"
@ -187,21 +189,13 @@ for branch in ${BRANCH_NAME//,/ }; do
echo ">> [$(date)] Applying the restricted signature spoofing patch (based on $patch_name) to frameworks/base"
sed 's/android:protectionLevel="dangerous"/android:protectionLevel="signature|privileged"/' "/root/signature_spoofing_patches/$patch_name" | patch --quiet --force -p1
fi
if [ $? -ne 0 ]; then
echo ">> [$(date)] ERROR: failed to apply $patch_name"
exit 1
fi
git clean -q -f
cd ../..
if [ -n "$permissioncontroller_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then
cd packages/apps/PermissionController || exit
cd packages/apps/PermissionController
echo ">> [$(date)] Applying the PermissionController patch ($permissioncontroller_patch) to packages/apps/PermissionController"
patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$permissioncontroller_patch"
if [ $? -ne 0 ]; then
echo ">> [$(date)] ERROR: failed to apply $permissioncontroller_patch"
exit 1
fi
git clean -q -f
cd ../../..
fi
@ -253,7 +247,10 @@ for branch in ${BRANCH_NAME//,/ }; do
# Prepare the environment
echo ">> [$(date)] Preparing build environment"
set +eu
# shellcheck source=/dev/null
source build/envsetup.sh > /dev/null
set -eu
if [ -f /root/userscripts/before.sh ]; then
echo ">> [$(date)] Running before.sh"
@ -270,23 +267,27 @@ for branch in ${BRANCH_NAME//,/ }; do
if [ "$LOCAL_MIRROR" = true ]; then
echo ">> [$(date)] Syncing mirror repository" | tee -a "$repo_log"
cd "$MIRROR_DIR" || exit
cd "$MIRROR_DIR"
repo sync --force-sync --no-clone-bundle &>> "$repo_log"
fi
echo ">> [$(date)] Syncing branch repository" | tee -a "$repo_log"
cd "$SRC_DIR/$branch_dir" || exit
cd "$SRC_DIR/$branch_dir"
repo sync -c --force-sync &>> "$repo_log"
fi
if [ "$BUILD_OVERLAY" = true ]; then
mkdir -p "$TMP_DIR/device" "$TMP_DIR/workdir" "$TMP_DIR/merged"
mount -t overlay overlay -o lowerdir="$SRC_DIR/$branch_dir",upperdir="$TMP_DIR/device",workdir="$TMP_DIR/workdir" "$TMP_DIR/merged"
lowerdir=$SRC_DIR/$branch_dir
upperdir=$TMP_DIR/device
workdir=$TMP_DIR/workdir
merged=$TMP_DIR/merged
mkdir -p "$upperdir" "$workdir" "$merged"
mount -t overlay overlay -o lowerdir="$lowerdir",upperdir="$upperdir",workdir="$workdir" "$merged"
source_dir="$TMP_DIR/merged"
else
source_dir="$SRC_DIR/$branch_dir"
fi
cd "$source_dir" || exit
cd "$source_dir"
if [ "$ZIP_SUBDIR" = true ]; then
zipsubdir=$codename
@ -311,7 +312,7 @@ for branch in ${BRANCH_NAME//,/ }; do
# Start the build
echo ">> [$(date)] Starting build for $codename, $branch branch" | tee -a "$DEBUG_LOG"
build_successful=false
if brunch "$codename" &>> "$DEBUG_LOG"; then
if ( set +eu ; brunch "$codename" ) &>> "$DEBUG_LOG"; then
currentdate=$(date +%Y%m%d)
if [ "$builddate" != "$currentdate" ]; then
find out/target/product/"$codename" -maxdepth 1 -name "lineage-*-$currentdate-*.zip*" -type f -exec sh /root/fix_build_date.sh {} "$currentdate" "$builddate" \; &>> "$DEBUG_LOG"
@ -319,7 +320,7 @@ for branch in ${BRANCH_NAME//,/ }; do
# Move produced ZIP files to the main OUT directory
echo ">> [$(date)] Moving build artifacts for $codename to '$ZIP_DIR/$zipsubdir'" | tee -a "$DEBUG_LOG"
cd out/target/product/"$codename" || exit
cd out/target/product/"$codename"
for build in lineage-*.zip; do
sha256sum "$build" > "$ZIP_DIR/$zipsubdir/$build.sha256sum"
cp -v system/build.prop "$ZIP_DIR/$zipsubdir/$build.prop" &>> "$DEBUG_LOG"
@ -332,7 +333,7 @@ for branch in ${BRANCH_NAME//,/ }; do
break
fi
done &>> "$DEBUG_LOG"
cd "$source_dir" || exit
cd "$source_dir"
build_successful=true
else
echo ">> [$(date)] Failed build for $codename" | tee -a "$DEBUG_LOG"
@ -361,7 +362,7 @@ for branch in ${BRANCH_NAME//,/ }; do
if [ "$BUILD_OVERLAY" = true ]; then
# The Jack server must be stopped manually, as we want to unmount $TMP_DIR/merged
cd "$TMP_DIR" || exit
cd "$TMP_DIR"
if [ -f "$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin" ]; then
"$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin kill-server" &> /dev/null || true
fi
@ -377,10 +378,10 @@ for branch in ${BRANCH_NAME//,/ }; do
if [ "$CLEAN_AFTER_BUILD" = true ]; then
echo ">> [$(date)] Cleaning source dir for device $codename" | tee -a "$DEBUG_LOG"
if [ "$BUILD_OVERLAY" = true ]; then
cd "$TMP_DIR" || exit
cd "$TMP_DIR"
rm -rf ./*
else
cd "$source_dir" || exit
cd "$source_dir"
mka clean &>> "$DEBUG_LOG"
fi
fi

2
src/fix_date.sh
View File

@ -1,3 +1,3 @@
#!/bin/sh
mv "$1" $(echo "$1" | sed "s|$2|$3|")
mv "$1" "$(echo "$1" | sed "s|$2|$3|")"

6
src/init.sh
View File

@ -17,6 +17,8 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
set -eEuo pipefail
# Copy the user scripts
mkdir -p /root/userscripts
cp -r "$USERSCRIPTS_DIR"/. /root/userscripts
@ -52,7 +54,7 @@ if [ "$SIGN_BUILDS" = true ]; then
for c in cyngn{-priv,}-app testkey; do
for e in pk8 x509.pem; do
ln -s releasekey.$e "$KEYS_DIR/$c.$e" 2> /dev/null
ln -sf releasekey.$e "$KEYS_DIR/$c.$e" 2> /dev/null
done
done
fi
@ -64,7 +66,7 @@ else
cronFile=/tmp/buildcron
printf "SHELL=/bin/bash\n" > $cronFile
printenv -0 | sed -e 's/=\x0/=""\n/g' | sed -e 's/\x0/\n/g' | sed -e "s/_=/PRINTENV=/g" >> $cronFile
printf "\n$CRONTAB_TIME /usr/bin/flock -n /var/lock/build.lock /root/build.sh >> /var/log/docker.log 2>&1\n" >> $cronFile
printf '\n%s /usr/bin/flock -n /var/lock/build.lock /root/build.sh >> /var/log/docker.log 2>&1\n' "$CRONTAB_TIME" >> $cronFile
crontab $cronFile
rm $cronFile

28
src/make_key
View File

@ -17,7 +17,9 @@
# Generates a public/private key pair suitable for use in signing
# android .apks and OTA update packages.
if [ "$#" -lt 2 -o "$#" -gt 3 ]; then
set -eEuo pipefail
if [[ "$#" -lt 2 || "$#" -gt 3 ]]; then
cat <<EOF
Usage: $0 <name> <subject> [<keytype>]
@ -27,7 +29,7 @@ EOF
exit 2
fi
if [[ -e $1.pk8 || -e $1.x509.pem ]]; then
if [[ -e "$1.pk8" || -e "$1.x509.pem" ]]; then
echo "$1.pk8 and/or $1.x509.pem already exist; please delete them first"
echo "if you want to replace them."
exit 1
@ -38,38 +40,38 @@ fi
# touch the disk.
tmpdir=$(mktemp -d)
trap 'rm -rf ${tmpdir}; echo; exit 1' EXIT INT QUIT
trap 'rm -rf ${tmpdir}' EXIT
one=${tmpdir}/one
two=${tmpdir}/two
mknod ${one} p
mknod ${two} p
chmod 0600 ${one} ${two}
mknod "${one}" p
mknod "${two}" p
chmod 0600 "${one}" "${two}"
read -p "Enter password for '$1' (blank for none; password will be visible): " \
read -rp "Enter password for '$1' (blank for none; password will be visible): " \
password
if [ "${3}" = "rsa" -o "$#" -eq 2 ]; then
( openssl genrsa -f4 2048 | tee ${one} > ${two} ) &
if [[ "$#" -eq 2 || "${3}" = "rsa" ]]; then
( openssl genrsa -f4 2048 | tee "${one}" > "${two}" ) &
hash="-sha256"
elif [ "${3}" = "ec" ]; then
( openssl ecparam -name prime256v1 -genkey -noout | tee ${one} > ${two} ) &
( openssl ecparam -name prime256v1 -genkey -noout | tee "${one}" > "${two}" ) &
hash="-sha256"
else
echo "Only accepts RSA or EC keytypes."
exit 1
fi
openssl req -new -x509 ${hash} -key ${two} -out $1.x509.pem \
openssl req -new -x509 ${hash} -key "${two}" -out "$1".x509.pem \
-days 10000 -subj "$2" &
if [ "${password}" == "" ]; then
echo "creating ${1}.pk8 with no password"
openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 -nocrypt
openssl pkcs8 -in "${one}" -topk8 -outform DER -out "$1".pk8 -nocrypt
else
echo "creating ${1}.pk8 with password [${password}]"
export password
openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 \
openssl pkcs8 -in "${one}" -topk8 -outform DER -out "$1".pk8 \
-passout env:password
unset password
fi