mirror/ docker-lineage-cicd
1
0
Fork 0
mirror of https://github.com/lineageos4microg/docker-lineage-cicd synced 2024-05-19 03:26:08 +02:00
Code Issues

Revert "Merge pull request #212 from CyberShadow/pull-20210814-073027" 

This reverts commit 1d05824958, reversing
changes made to 95d75b6613.
This commit is contained in:
Philip Nagler-Frank 2022-01-27 18:59:11 +01:00
parent 1a3ad5a03e
commit a1255785de
5 changed files with 48 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/shellcheck.yml vendored
View File

@ -1,14 +0,0 @@
on: [ push, pull_request ]
name: ShellCheck
jobs:
shellcheck:
name: Shellcheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@94e0aab03ca135d11a35e5bfc14e6746dc56e7e9
with:
additional_files: src/make_key

65
src/build.sh
View File

@ -17,12 +17,10 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
set -eEuo pipefail
repo_log="$LOGS_DIR/repo-$(date +%Y%m%d).log"
# cd to working directory
cd "$SRC_DIR"
cd "$SRC_DIR" || exit
if [ -f /root/userscripts/begin.sh ]; then
echo ">> [$(date)] Running begin.sh"
@ -38,9 +36,9 @@ fi
# Treat DEVICE_LIST as DEVICE_LIST_<first_branch>
first_branch=$(cut -d ',' -f 1 <<< "$BRANCH_NAME")
if [ -n "$DEVICE_LIST" ]; then
device_list_first_branch="DEVICE_LIST_${first_branch//[^[:alnum:]]/_}"
device_list_first_branch="DEVICE_LIST_$(sed 's/[^[:alnum:]]/_/g' <<< "$first_branch")"
device_list_first_branch=${device_list_first_branch^^}
read -r "${device_list_first_branch?}" <<< "$DEVICE_LIST,${!device_list_first_branch:-}"
read "$device_list_first_branch" <<< "$DEVICE_LIST,${!device_list_first_branch}"
fi
# If needed, migrate from the old SRC_DIR structure
@ -57,11 +55,11 @@ fi
if [ "$LOCAL_MIRROR" = true ]; then
cd "$MIRROR_DIR"
cd "$MIRROR_DIR" || exit
if [ ! -d .repo ]; then
echo ">> [$(date)] Initializing mirror repository" | tee -a "$repo_log"
( yes||: ) | repo init -u https://github.com/LineageOS/mirror --mirror --no-clone-bundle -p linux &>> "$repo_log"
yes | repo init -u https://github.com/LineageOS/mirror --mirror --no-clone-bundle -p linux &>> "$repo_log"
fi
# Copy local manifests to the appropriate folder in order take them into consideration
@ -81,7 +79,7 @@ if [ "$LOCAL_MIRROR" = true ]; then
fi
for branch in ${BRANCH_NAME//,/ }; do
branch_dir=${branch//[^[:alnum:]]/_}
branch_dir=$(sed 's/[^[:alnum:]]/_/g' <<< "$branch")
branch_dir=${branch_dir^^}
device_list_cur_branch="DEVICE_LIST_$branch_dir"
devices=${!device_list_cur_branch}
@ -126,7 +124,7 @@ for branch in ${BRANCH_NAME//,/ }; do
android_version_major=$(cut -d '.' -f 1 <<< $android_version)
mkdir -p "$SRC_DIR/$branch_dir"
cd "$SRC_DIR/$branch_dir"
cd "$SRC_DIR/$branch_dir" || exit
echo ">> [$(date)] Branch: $branch"
echo ">> [$(date)] Devices: $devices"
@ -134,18 +132,18 @@ for branch in ${BRANCH_NAME//,/ }; do
# Remove previous changes of vendor/cm, vendor/lineage and frameworks/base (if they exist)
for path in "vendor/cm" "vendor/lineage" "frameworks/base" "packages/apps/PermissionController"; do
if [ -d "$path" ]; then
cd "$path"
cd "$path" || exit
git reset -q --hard
git clean -q -fd
cd "$SRC_DIR/$branch_dir"
cd "$SRC_DIR/$branch_dir" || exit
fi
done
echo ">> [$(date)] (Re)initializing branch repository" | tee -a "$repo_log"
if [ "$LOCAL_MIRROR" = true ]; then
( yes||: ) | repo init -u https://github.com/LineageOS/android.git --reference "$MIRROR_DIR" -b "$branch" &>> "$repo_log"
yes | repo init -u https://github.com/LineageOS/android.git --reference "$MIRROR_DIR" -b "$branch" &>> "$repo_log"
else
( yes||: ) | repo init -u https://github.com/LineageOS/android.git -b "$branch" &>> "$repo_log"
yes | repo init -u https://github.com/LineageOS/android.git -b "$branch" &>> "$repo_log"
fi
# Copy local manifests to the appropriate folder in order take them into consideration
@ -180,7 +178,7 @@ for branch in ${BRANCH_NAME//,/ }; do
# If needed, apply the microG's signature spoofing patch
if [ "$SIGNATURE_SPOOFING" = "yes" ] || [ "$SIGNATURE_SPOOFING" = "restricted" ]; then
# Determine which patch should be applied to the current Android source tree
cd frameworks/base
cd frameworks/base || exit
if [ "$SIGNATURE_SPOOFING" = "yes" ]; then
echo ">> [$(date)] Applying the standard signature spoofing patch ($patch_name) to frameworks/base"
echo ">> [$(date)] WARNING: the standard signature spoofing patch introduces a security threat"
@ -189,13 +187,21 @@ for branch in ${BRANCH_NAME//,/ }; do
echo ">> [$(date)] Applying the restricted signature spoofing patch (based on $patch_name) to frameworks/base"
sed 's/android:protectionLevel="dangerous"/android:protectionLevel="signature|privileged"/' "/root/signature_spoofing_patches/$patch_name" | patch --quiet --force -p1
fi
if [ $? -ne 0 ]; then
echo ">> [$(date)] ERROR: failed to apply $patch_name"
exit 1
fi
git clean -q -f
cd ../..
if [ -n "$permissioncontroller_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then
cd packages/apps/PermissionController
cd packages/apps/PermissionController || exit
echo ">> [$(date)] Applying the PermissionController patch ($permissioncontroller_patch) to packages/apps/PermissionController"
patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$permissioncontroller_patch"
if [ $? -ne 0 ]; then
echo ">> [$(date)] ERROR: failed to apply $permissioncontroller_patch"
exit 1
fi
git clean -q -f
cd ../../..
fi
@ -247,10 +253,7 @@ for branch in ${BRANCH_NAME//,/ }; do
# Prepare the environment
echo ">> [$(date)] Preparing build environment"
set +eu
# shellcheck source=/dev/null
source build/envsetup.sh > /dev/null
set -eu
if [ -f /root/userscripts/before.sh ]; then
echo ">> [$(date)] Running before.sh"
@ -267,27 +270,23 @@ for branch in ${BRANCH_NAME//,/ }; do
if [ "$LOCAL_MIRROR" = true ]; then
echo ">> [$(date)] Syncing mirror repository" | tee -a "$repo_log"
cd "$MIRROR_DIR"
cd "$MIRROR_DIR" || exit
repo sync --force-sync --no-clone-bundle &>> "$repo_log"
fi
echo ">> [$(date)] Syncing branch repository" | tee -a "$repo_log"
cd "$SRC_DIR/$branch_dir"
cd "$SRC_DIR/$branch_dir" || exit
repo sync -c --force-sync &>> "$repo_log"
fi
if [ "$BUILD_OVERLAY" = true ]; then
lowerdir=$SRC_DIR/$branch_dir
upperdir=$TMP_DIR/device
workdir=$TMP_DIR/workdir
merged=$TMP_DIR/merged
mkdir -p "$upperdir" "$workdir" "$merged"
mount -t overlay overlay -o lowerdir="$lowerdir",upperdir="$upperdir",workdir="$workdir" "$merged"
mkdir -p "$TMP_DIR/device" "$TMP_DIR/workdir" "$TMP_DIR/merged"
mount -t overlay overlay -o lowerdir="$SRC_DIR/$branch_dir",upperdir="$TMP_DIR/device",workdir="$TMP_DIR/workdir" "$TMP_DIR/merged"
source_dir="$TMP_DIR/merged"
else
source_dir="$SRC_DIR/$branch_dir"
fi
cd "$source_dir"
cd "$source_dir" || exit
if [ "$ZIP_SUBDIR" = true ]; then
zipsubdir=$codename
@ -312,7 +311,7 @@ for branch in ${BRANCH_NAME//,/ }; do
# Start the build
echo ">> [$(date)] Starting build for $codename, $branch branch" | tee -a "$DEBUG_LOG"
build_successful=false
if ( set +eu ; brunch "$codename" ) &>> "$DEBUG_LOG"; then
if brunch "$codename" &>> "$DEBUG_LOG"; then
currentdate=$(date +%Y%m%d)
if [ "$builddate" != "$currentdate" ]; then
find out/target/product/"$codename" -maxdepth 1 -name "lineage-*-$currentdate-*.zip*" -type f -exec sh /root/fix_build_date.sh {} "$currentdate" "$builddate" \; &>> "$DEBUG_LOG"
@ -320,7 +319,7 @@ for branch in ${BRANCH_NAME//,/ }; do
# Move produced ZIP files to the main OUT directory
echo ">> [$(date)] Moving build artifacts for $codename to '$ZIP_DIR/$zipsubdir'" | tee -a "$DEBUG_LOG"
cd out/target/product/"$codename"
cd out/target/product/"$codename" || exit
for build in lineage-*.zip; do
sha256sum "$build" > "$ZIP_DIR/$zipsubdir/$build.sha256sum"
cp -v system/build.prop "$ZIP_DIR/$zipsubdir/$build.prop" &>> "$DEBUG_LOG"
@ -333,7 +332,7 @@ for branch in ${BRANCH_NAME//,/ }; do
break
fi
done &>> "$DEBUG_LOG"
cd "$source_dir"
cd "$source_dir" || exit
build_successful=true
else
echo ">> [$(date)] Failed build for $codename" | tee -a "$DEBUG_LOG"
@ -362,7 +361,7 @@ for branch in ${BRANCH_NAME//,/ }; do
if [ "$BUILD_OVERLAY" = true ]; then
# The Jack server must be stopped manually, as we want to unmount $TMP_DIR/merged
cd "$TMP_DIR"
cd "$TMP_DIR" || exit
if [ -f "$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin" ]; then
"$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin kill-server" &> /dev/null || true
fi
@ -378,10 +377,10 @@ for branch in ${BRANCH_NAME//,/ }; do
if [ "$CLEAN_AFTER_BUILD" = true ]; then
echo ">> [$(date)] Cleaning source dir for device $codename" | tee -a "$DEBUG_LOG"
if [ "$BUILD_OVERLAY" = true ]; then
cd "$TMP_DIR"
cd "$TMP_DIR" || exit
rm -rf ./*
else
cd "$source_dir"
cd "$source_dir" || exit
mka clean &>> "$DEBUG_LOG"
fi
fi

2
src/fix_date.sh
View File

@ -1,3 +1,3 @@
#!/bin/sh
mv "$1" "$(echo "$1" | sed "s|$2|$3|")"
mv "$1" $(echo "$1" | sed "s|$2|$3|")

6
src/init.sh
View File

@ -17,8 +17,6 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
set -eEuo pipefail
# Copy the user scripts
mkdir -p /root/userscripts
cp -r "$USERSCRIPTS_DIR"/. /root/userscripts
@ -54,7 +52,7 @@ if [ "$SIGN_BUILDS" = true ]; then
for c in cyngn{-priv,}-app testkey; do
for e in pk8 x509.pem; do
ln -sf releasekey.$e "$KEYS_DIR/$c.$e" 2> /dev/null
ln -s releasekey.$e "$KEYS_DIR/$c.$e" 2> /dev/null
done
done
fi
@ -66,7 +64,7 @@ else
cronFile=/tmp/buildcron
printf "SHELL=/bin/bash\n" > $cronFile
printenv -0 | sed -e 's/=\x0/=""\n/g' | sed -e 's/\x0/\n/g' | sed -e "s/_=/PRINTENV=/g" >> $cronFile
printf '\n%s /usr/bin/flock -n /var/lock/build.lock /root/build.sh >> /var/log/docker.log 2>&1\n' "$CRONTAB_TIME" >> $cronFile
printf "\n$CRONTAB_TIME /usr/bin/flock -n /var/lock/build.lock /root/build.sh >> /var/log/docker.log 2>&1\n" >> $cronFile
crontab $cronFile
rm $cronFile

28
src/make_key
View File

@ -17,9 +17,7 @@
# Generates a public/private key pair suitable for use in signing
# android .apks and OTA update packages.
set -eEuo pipefail
if [[ "$#" -lt 2 || "$#" -gt 3 ]]; then
if [ "$#" -lt 2 -o "$#" -gt 3 ]; then
cat <<EOF
Usage: $0 <name> <subject> [<keytype>]
@ -29,7 +27,7 @@ EOF
exit 2
fi
if [[ -e "$1.pk8" || -e "$1.x509.pem" ]]; then
if [[ -e $1.pk8 || -e $1.x509.pem ]]; then
echo "$1.pk8 and/or $1.x509.pem already exist; please delete them first"
echo "if you want to replace them."
exit 1
@ -40,38 +38,38 @@ fi
# touch the disk.
tmpdir=$(mktemp -d)
trap 'rm -rf ${tmpdir}' EXIT
trap 'rm -rf ${tmpdir}; echo; exit 1' EXIT INT QUIT
one=${tmpdir}/one
two=${tmpdir}/two
mknod "${one}" p
mknod "${two}" p
chmod 0600 "${one}" "${two}"
mknod ${one} p
mknod ${two} p
chmod 0600 ${one} ${two}
read -rp "Enter password for '$1' (blank for none; password will be visible): " \
read -p "Enter password for '$1' (blank for none; password will be visible): " \
password
if [[ "$#" -eq 2 || "${3}" = "rsa" ]]; then
( openssl genrsa -f4 2048 | tee "${one}" > "${two}" ) &
if [ "${3}" = "rsa" -o "$#" -eq 2 ]; then
( openssl genrsa -f4 2048 | tee ${one} > ${two} ) &
hash="-sha256"
elif [ "${3}" = "ec" ]; then
( openssl ecparam -name prime256v1 -genkey -noout | tee "${one}" > "${two}" ) &
( openssl ecparam -name prime256v1 -genkey -noout | tee ${one} > ${two} ) &
hash="-sha256"
else
echo "Only accepts RSA or EC keytypes."
exit 1
fi
openssl req -new -x509 ${hash} -key "${two}" -out "$1".x509.pem \
openssl req -new -x509 ${hash} -key ${two} -out $1.x509.pem \
-days 10000 -subj "$2" &
if [ "${password}" == "" ]; then
echo "creating ${1}.pk8 with no password"
openssl pkcs8 -in "${one}" -topk8 -outform DER -out "$1".pk8 -nocrypt
openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 -nocrypt
else
echo "creating ${1}.pk8 with password [${password}]"
export password
openssl pkcs8 -in "${one}" -topk8 -outform DER -out "$1".pk8 \
openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 \
-passout env:password
unset password
fi