From a1255785deb98db59e7cf9718d53ccc5917471eb Mon Sep 17 00:00:00 2001 From: Philip Nagler-Frank Date: Thu, 27 Jan 2022 18:59:11 +0100 Subject: [PATCH] Revert "Merge pull request #212 from CyberShadow/pull-20210814-073027" This reverts commit 1d05824958441f0e1cb90f09ec53086b835b093d, reversing changes made to 95d75b66135b60ae9fd02bcfdd5e9caaf32a42d2. --- .github/workflows/shellcheck.yml | 14 ------- src/build.sh | 65 ++++++++++++++++---------------- src/fix_date.sh | 2 +- src/init.sh | 6 +-- src/make_key | 28 +++++++------- 5 files changed, 48 insertions(+), 67 deletions(-) delete mode 100644 .github/workflows/shellcheck.yml diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml deleted file mode 100644 index 1e827fb..0000000 --- a/.github/workflows/shellcheck.yml +++ /dev/null @@ -1,14 +0,0 @@ -on: [ push, pull_request ] - -name: ShellCheck - -jobs: - shellcheck: - name: Shellcheck - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Run ShellCheck - uses: ludeeus/action-shellcheck@94e0aab03ca135d11a35e5bfc14e6746dc56e7e9 - with: - additional_files: src/make_key diff --git a/src/build.sh b/src/build.sh index 46e1b93..2d33441 100755 --- a/src/build.sh +++ b/src/build.sh @@ -17,12 +17,10 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -set -eEuo pipefail - repo_log="$LOGS_DIR/repo-$(date +%Y%m%d).log" # cd to working directory -cd "$SRC_DIR" +cd "$SRC_DIR" || exit if [ -f /root/userscripts/begin.sh ]; then echo ">> [$(date)] Running begin.sh" @@ -38,9 +36,9 @@ fi # Treat DEVICE_LIST as DEVICE_LIST_ first_branch=$(cut -d ',' -f 1 <<< "$BRANCH_NAME") if [ -n "$DEVICE_LIST" ]; then - device_list_first_branch="DEVICE_LIST_${first_branch//[^[:alnum:]]/_}" + device_list_first_branch="DEVICE_LIST_$(sed 's/[^[:alnum:]]/_/g' <<< "$first_branch")" device_list_first_branch=${device_list_first_branch^^} - read -r "${device_list_first_branch?}" <<< "$DEVICE_LIST,${!device_list_first_branch:-}" + read "$device_list_first_branch" <<< "$DEVICE_LIST,${!device_list_first_branch}" fi # If needed, migrate from the old SRC_DIR structure @@ -57,11 +55,11 @@ fi if [ "$LOCAL_MIRROR" = true ]; then - cd "$MIRROR_DIR" + cd "$MIRROR_DIR" || exit if [ ! -d .repo ]; then echo ">> [$(date)] Initializing mirror repository" | tee -a "$repo_log" - ( yes||: ) | repo init -u https://github.com/LineageOS/mirror --mirror --no-clone-bundle -p linux &>> "$repo_log" + yes | repo init -u https://github.com/LineageOS/mirror --mirror --no-clone-bundle -p linux &>> "$repo_log" fi # Copy local manifests to the appropriate folder in order take them into consideration @@ -81,7 +79,7 @@ if [ "$LOCAL_MIRROR" = true ]; then fi for branch in ${BRANCH_NAME//,/ }; do - branch_dir=${branch//[^[:alnum:]]/_} + branch_dir=$(sed 's/[^[:alnum:]]/_/g' <<< "$branch") branch_dir=${branch_dir^^} device_list_cur_branch="DEVICE_LIST_$branch_dir" devices=${!device_list_cur_branch} @@ -126,7 +124,7 @@ for branch in ${BRANCH_NAME//,/ }; do android_version_major=$(cut -d '.' -f 1 <<< $android_version) mkdir -p "$SRC_DIR/$branch_dir" - cd "$SRC_DIR/$branch_dir" + cd "$SRC_DIR/$branch_dir" || exit echo ">> [$(date)] Branch: $branch" echo ">> [$(date)] Devices: $devices" @@ -134,18 +132,18 @@ for branch in ${BRANCH_NAME//,/ }; do # Remove previous changes of vendor/cm, vendor/lineage and frameworks/base (if they exist) for path in "vendor/cm" "vendor/lineage" "frameworks/base" "packages/apps/PermissionController"; do if [ -d "$path" ]; then - cd "$path" + cd "$path" || exit git reset -q --hard git clean -q -fd - cd "$SRC_DIR/$branch_dir" + cd "$SRC_DIR/$branch_dir" || exit fi done echo ">> [$(date)] (Re)initializing branch repository" | tee -a "$repo_log" if [ "$LOCAL_MIRROR" = true ]; then - ( yes||: ) | repo init -u https://github.com/LineageOS/android.git --reference "$MIRROR_DIR" -b "$branch" &>> "$repo_log" + yes | repo init -u https://github.com/LineageOS/android.git --reference "$MIRROR_DIR" -b "$branch" &>> "$repo_log" else - ( yes||: ) | repo init -u https://github.com/LineageOS/android.git -b "$branch" &>> "$repo_log" + yes | repo init -u https://github.com/LineageOS/android.git -b "$branch" &>> "$repo_log" fi # Copy local manifests to the appropriate folder in order take them into consideration @@ -180,7 +178,7 @@ for branch in ${BRANCH_NAME//,/ }; do # If needed, apply the microG's signature spoofing patch if [ "$SIGNATURE_SPOOFING" = "yes" ] || [ "$SIGNATURE_SPOOFING" = "restricted" ]; then # Determine which patch should be applied to the current Android source tree - cd frameworks/base + cd frameworks/base || exit if [ "$SIGNATURE_SPOOFING" = "yes" ]; then echo ">> [$(date)] Applying the standard signature spoofing patch ($patch_name) to frameworks/base" echo ">> [$(date)] WARNING: the standard signature spoofing patch introduces a security threat" @@ -189,13 +187,21 @@ for branch in ${BRANCH_NAME//,/ }; do echo ">> [$(date)] Applying the restricted signature spoofing patch (based on $patch_name) to frameworks/base" sed 's/android:protectionLevel="dangerous"/android:protectionLevel="signature|privileged"/' "/root/signature_spoofing_patches/$patch_name" | patch --quiet --force -p1 fi + if [ $? -ne 0 ]; then + echo ">> [$(date)] ERROR: failed to apply $patch_name" + exit 1 + fi git clean -q -f cd ../.. if [ -n "$permissioncontroller_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then - cd packages/apps/PermissionController + cd packages/apps/PermissionController || exit echo ">> [$(date)] Applying the PermissionController patch ($permissioncontroller_patch) to packages/apps/PermissionController" patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$permissioncontroller_patch" + if [ $? -ne 0 ]; then + echo ">> [$(date)] ERROR: failed to apply $permissioncontroller_patch" + exit 1 + fi git clean -q -f cd ../../.. fi @@ -247,10 +253,7 @@ for branch in ${BRANCH_NAME//,/ }; do # Prepare the environment echo ">> [$(date)] Preparing build environment" - set +eu - # shellcheck source=/dev/null source build/envsetup.sh > /dev/null - set -eu if [ -f /root/userscripts/before.sh ]; then echo ">> [$(date)] Running before.sh" @@ -267,27 +270,23 @@ for branch in ${BRANCH_NAME//,/ }; do if [ "$LOCAL_MIRROR" = true ]; then echo ">> [$(date)] Syncing mirror repository" | tee -a "$repo_log" - cd "$MIRROR_DIR" + cd "$MIRROR_DIR" || exit repo sync --force-sync --no-clone-bundle &>> "$repo_log" fi echo ">> [$(date)] Syncing branch repository" | tee -a "$repo_log" - cd "$SRC_DIR/$branch_dir" + cd "$SRC_DIR/$branch_dir" || exit repo sync -c --force-sync &>> "$repo_log" fi if [ "$BUILD_OVERLAY" = true ]; then - lowerdir=$SRC_DIR/$branch_dir - upperdir=$TMP_DIR/device - workdir=$TMP_DIR/workdir - merged=$TMP_DIR/merged - mkdir -p "$upperdir" "$workdir" "$merged" - mount -t overlay overlay -o lowerdir="$lowerdir",upperdir="$upperdir",workdir="$workdir" "$merged" + mkdir -p "$TMP_DIR/device" "$TMP_DIR/workdir" "$TMP_DIR/merged" + mount -t overlay overlay -o lowerdir="$SRC_DIR/$branch_dir",upperdir="$TMP_DIR/device",workdir="$TMP_DIR/workdir" "$TMP_DIR/merged" source_dir="$TMP_DIR/merged" else source_dir="$SRC_DIR/$branch_dir" fi - cd "$source_dir" + cd "$source_dir" || exit if [ "$ZIP_SUBDIR" = true ]; then zipsubdir=$codename @@ -312,7 +311,7 @@ for branch in ${BRANCH_NAME//,/ }; do # Start the build echo ">> [$(date)] Starting build for $codename, $branch branch" | tee -a "$DEBUG_LOG" build_successful=false - if ( set +eu ; brunch "$codename" ) &>> "$DEBUG_LOG"; then + if brunch "$codename" &>> "$DEBUG_LOG"; then currentdate=$(date +%Y%m%d) if [ "$builddate" != "$currentdate" ]; then find out/target/product/"$codename" -maxdepth 1 -name "lineage-*-$currentdate-*.zip*" -type f -exec sh /root/fix_build_date.sh {} "$currentdate" "$builddate" \; &>> "$DEBUG_LOG" @@ -320,7 +319,7 @@ for branch in ${BRANCH_NAME//,/ }; do # Move produced ZIP files to the main OUT directory echo ">> [$(date)] Moving build artifacts for $codename to '$ZIP_DIR/$zipsubdir'" | tee -a "$DEBUG_LOG" - cd out/target/product/"$codename" + cd out/target/product/"$codename" || exit for build in lineage-*.zip; do sha256sum "$build" > "$ZIP_DIR/$zipsubdir/$build.sha256sum" cp -v system/build.prop "$ZIP_DIR/$zipsubdir/$build.prop" &>> "$DEBUG_LOG" @@ -333,7 +332,7 @@ for branch in ${BRANCH_NAME//,/ }; do break fi done &>> "$DEBUG_LOG" - cd "$source_dir" + cd "$source_dir" || exit build_successful=true else echo ">> [$(date)] Failed build for $codename" | tee -a "$DEBUG_LOG" @@ -362,7 +361,7 @@ for branch in ${BRANCH_NAME//,/ }; do if [ "$BUILD_OVERLAY" = true ]; then # The Jack server must be stopped manually, as we want to unmount $TMP_DIR/merged - cd "$TMP_DIR" + cd "$TMP_DIR" || exit if [ -f "$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin" ]; then "$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin kill-server" &> /dev/null || true fi @@ -378,10 +377,10 @@ for branch in ${BRANCH_NAME//,/ }; do if [ "$CLEAN_AFTER_BUILD" = true ]; then echo ">> [$(date)] Cleaning source dir for device $codename" | tee -a "$DEBUG_LOG" if [ "$BUILD_OVERLAY" = true ]; then - cd "$TMP_DIR" + cd "$TMP_DIR" || exit rm -rf ./* else - cd "$source_dir" + cd "$source_dir" || exit mka clean &>> "$DEBUG_LOG" fi fi diff --git a/src/fix_date.sh b/src/fix_date.sh index 2f99928..405c73f 100755 --- a/src/fix_date.sh +++ b/src/fix_date.sh @@ -1,3 +1,3 @@ #!/bin/sh -mv "$1" "$(echo "$1" | sed "s|$2|$3|")" +mv "$1" $(echo "$1" | sed "s|$2|$3|") diff --git a/src/init.sh b/src/init.sh index fa71554..d1563d4 100755 --- a/src/init.sh +++ b/src/init.sh @@ -17,8 +17,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -set -eEuo pipefail - # Copy the user scripts mkdir -p /root/userscripts cp -r "$USERSCRIPTS_DIR"/. /root/userscripts @@ -54,7 +52,7 @@ if [ "$SIGN_BUILDS" = true ]; then for c in cyngn{-priv,}-app testkey; do for e in pk8 x509.pem; do - ln -sf releasekey.$e "$KEYS_DIR/$c.$e" 2> /dev/null + ln -s releasekey.$e "$KEYS_DIR/$c.$e" 2> /dev/null done done fi @@ -66,7 +64,7 @@ else cronFile=/tmp/buildcron printf "SHELL=/bin/bash\n" > $cronFile printenv -0 | sed -e 's/=\x0/=""\n/g' | sed -e 's/\x0/\n/g' | sed -e "s/_=/PRINTENV=/g" >> $cronFile - printf '\n%s /usr/bin/flock -n /var/lock/build.lock /root/build.sh >> /var/log/docker.log 2>&1\n' "$CRONTAB_TIME" >> $cronFile + printf "\n$CRONTAB_TIME /usr/bin/flock -n /var/lock/build.lock /root/build.sh >> /var/log/docker.log 2>&1\n" >> $cronFile crontab $cronFile rm $cronFile diff --git a/src/make_key b/src/make_key index 7f92028..a6cf49c 100755 --- a/src/make_key +++ b/src/make_key @@ -17,9 +17,7 @@ # Generates a public/private key pair suitable for use in signing # android .apks and OTA update packages. -set -eEuo pipefail - -if [[ "$#" -lt 2 || "$#" -gt 3 ]]; then +if [ "$#" -lt 2 -o "$#" -gt 3 ]; then cat < [] @@ -29,7 +27,7 @@ EOF exit 2 fi -if [[ -e "$1.pk8" || -e "$1.x509.pem" ]]; then +if [[ -e $1.pk8 || -e $1.x509.pem ]]; then echo "$1.pk8 and/or $1.x509.pem already exist; please delete them first" echo "if you want to replace them." exit 1 @@ -40,38 +38,38 @@ fi # touch the disk. tmpdir=$(mktemp -d) -trap 'rm -rf ${tmpdir}' EXIT +trap 'rm -rf ${tmpdir}; echo; exit 1' EXIT INT QUIT one=${tmpdir}/one two=${tmpdir}/two -mknod "${one}" p -mknod "${two}" p -chmod 0600 "${one}" "${two}" +mknod ${one} p +mknod ${two} p +chmod 0600 ${one} ${two} -read -rp "Enter password for '$1' (blank for none; password will be visible): " \ +read -p "Enter password for '$1' (blank for none; password will be visible): " \ password -if [[ "$#" -eq 2 || "${3}" = "rsa" ]]; then - ( openssl genrsa -f4 2048 | tee "${one}" > "${two}" ) & +if [ "${3}" = "rsa" -o "$#" -eq 2 ]; then + ( openssl genrsa -f4 2048 | tee ${one} > ${two} ) & hash="-sha256" elif [ "${3}" = "ec" ]; then - ( openssl ecparam -name prime256v1 -genkey -noout | tee "${one}" > "${two}" ) & + ( openssl ecparam -name prime256v1 -genkey -noout | tee ${one} > ${two} ) & hash="-sha256" else echo "Only accepts RSA or EC keytypes." exit 1 fi -openssl req -new -x509 ${hash} -key "${two}" -out "$1".x509.pem \ +openssl req -new -x509 ${hash} -key ${two} -out $1.x509.pem \ -days 10000 -subj "$2" & if [ "${password}" == "" ]; then echo "creating ${1}.pk8 with no password" - openssl pkcs8 -in "${one}" -topk8 -outform DER -out "$1".pk8 -nocrypt + openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 -nocrypt else echo "creating ${1}.pk8 with password [${password}]" export password - openssl pkcs8 -in "${one}" -topk8 -outform DER -out "$1".pk8 \ + openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 \ -passout env:password unset password fi