From 9c4a51a8695c5431ede57ab18e25cb16bf108950 Mon Sep 17 00:00:00 2001 From: Pete Date: Wed, 14 Feb 2024 21:27:39 +0000 Subject: [PATCH 01/18] Sig spoofing patches for Android 14 / LOS 21 --- .../android_frameworks_base-Android14.patch | 124 ++++++++++++++++++ ...ackages_modules_Permission-Android14.patch | 12 ++ 2 files changed, 136 insertions(+) create mode 100644 src/signature_spoofing_patches/android_frameworks_base-Android14.patch create mode 100644 src/signature_spoofing_patches/packages_modules_Permission-Android14.patch diff --git a/src/signature_spoofing_patches/android_frameworks_base-Android14.patch b/src/signature_spoofing_patches/android_frameworks_base-Android14.patch new file mode 100644 index 0000000..9ec072c --- /dev/null +++ b/src/signature_spoofing_patches/android_frameworks_base-Android14.patch @@ -0,0 +1,124 @@ +diff --git a/core/api/current.txt b/core/api/current.txt +index 288ab479c0fb..2124d89c6e6f 100644 +--- a/core/api/current.txt ++++ b/core/api/current.txt +@@ -95,6 +95,7 @@ package android { + field public static final String EXECUTE_APP_ACTION = "android.permission.EXECUTE_APP_ACTION"; + field public static final String EXPAND_STATUS_BAR = "android.permission.EXPAND_STATUS_BAR"; + field public static final String FACTORY_TEST = "android.permission.FACTORY_TEST"; ++ field public static final String FAKE_PACKAGE_SIGNATURE = "android.permission.FAKE_PACKAGE_SIGNATURE"; + field public static final String FOREGROUND_SERVICE = "android.permission.FOREGROUND_SERVICE"; + field public static final String FOREGROUND_SERVICE_CAMERA = "android.permission.FOREGROUND_SERVICE_CAMERA"; + field public static final String FOREGROUND_SERVICE_CONNECTED_DEVICE = "android.permission.FOREGROUND_SERVICE_CONNECTED_DEVICE"; +@@ -326,6 +327,7 @@ package android { + field public static final String CALL_LOG = "android.permission-group.CALL_LOG"; + field public static final String CAMERA = "android.permission-group.CAMERA"; + field public static final String CONTACTS = "android.permission-group.CONTACTS"; ++ field public static final String FAKE_PACKAGE = "android.permission-group.FAKE_PACKAGE"; + field public static final String LOCATION = "android.permission-group.LOCATION"; + field public static final String MICROPHONE = "android.permission-group.MICROPHONE"; + field public static final String NEARBY_DEVICES = "android.permission-group.NEARBY_DEVICES"; +diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml +index 14cb052b121f..593999bc4ef7 100644 +--- a/core/res/AndroidManifest.xml ++++ b/core/res/AndroidManifest.xml +@@ -4258,6 +4258,22 @@ + android:description="@string/permdesc_getPackageSize" + android:protectionLevel="normal" /> + ++ ++ ++ ++ ++ ++ ++ + +diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml +index 9c018c30f9e3..661297bab701 100644 +--- a/core/res/res/values/strings.xml ++++ b/core/res/res/values/strings.xml +@@ -990,6 +990,19 @@ + Preview, %1$s + + ++ ++ ++ Spoof package signature ++ ++ Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only! ++ ++ Spoof package signature ++ ++ allow to spoof package signature ++ ++ Allow ++ <b>%1$s</b> to spoof package signature? ++ + + + disable or modify status bar +diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java +index 78f1fa60b69f..1e29d3697b89 100644 +--- a/services/core/java/com/android/server/pm/ComputerEngine.java ++++ b/services/core/java/com/android/server/pm/ComputerEngine.java +@@ -1450,6 +1450,29 @@ public class ComputerEngine implements Computer { + return result; + } + ++ private boolean requestsFakeSignature(AndroidPackage p) { ++ return p.getMetaData() != null && ++ p.getMetaData().getString("fake-signature") != null; ++ } ++ ++ private PackageInfo mayFakeSignature(AndroidPackage p, PackageInfo pi, ++ Set permissions) { ++ try { ++ if (p.getMetaData() != null && ++ p.getTargetSdkVersion() > Build.VERSION_CODES.LOLLIPOP_MR1) { ++ String sig = p.getMetaData().getString("fake-signature"); ++ if (sig != null && ++ permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")) { ++ pi.signatures = new Signature[] {new Signature(sig)}; ++ } ++ } ++ } catch (Throwable t) { ++ // We should never die because of any failures, this is system code! ++ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); ++ } ++ return pi; ++ } ++ + public final PackageInfo generatePackageInfo(PackageStateInternal ps, + @PackageManager.PackageInfoFlagsBits long flags, int userId) { + if (!mUserManager.exists(userId)) return null; +@@ -1483,13 +1506,15 @@ public class ComputerEngine implements Computer { + || ArrayUtils.isEmpty(p.getPermissions())) ? Collections.emptySet() + : mPermissionManager.getInstalledPermissions(ps.getPackageName()); + // Compute granted permissions only if package has requested permissions +- final Set grantedPermissions = ((flags & PackageManager.GET_PERMISSIONS) == 0 ++ final Set grantedPermissions = (((flags & PackageManager.GET_PERMISSIONS) == 0 ++ && !requestsFakeSignature(p)) + || ArrayUtils.isEmpty(p.getRequestedPermissions())) ? Collections.emptySet() + : mPermissionManager.getGrantedPermissions(ps.getPackageName(), userId); + +- PackageInfo packageInfo = PackageInfoUtils.generate(p, gids, flags, ++ PackageInfo packageInfo = mayFakeSignature(p, PackageInfoUtils.generate(p, gids, flags, + state.getFirstInstallTimeMillis(), ps.getLastUpdateTime(), installedPermissions, +- grantedPermissions, state, userId, ps); ++ grantedPermissions, state, userId, ps), ++ grantedPermissions); + + if (packageInfo == null) { + return null; diff --git a/src/signature_spoofing_patches/packages_modules_Permission-Android14.patch b/src/signature_spoofing_patches/packages_modules_Permission-Android14.patch new file mode 100644 index 0000000..9aace22 --- /dev/null +++ b/src/signature_spoofing_patches/packages_modules_Permission-Android14.patch @@ -0,0 +1,12 @@ +diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java +index d4354bd72..4b90f9327 100644 +--- a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java ++++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java +@@ -21,6 +21,7 @@ import static android.Manifest.permission_group.CALENDAR; + import static android.Manifest.permission_group.CALL_LOG; + import static android.Manifest.permission_group.CAMERA; + import static android.Manifest.permission_group.CONTACTS; ++import static android.Manifest.permission_group.FAKE_PACKAGE; + import static android.Manifest.permission_group.LOCATION; + import static android.Manifest.permission_group.MICROPHONE; + import static android.Manifest.permission_group.NEARBY_DEVICES; From e813c32135b3ecac29e5a337c5372644bb0b1ee3 Mon Sep 17 00:00:00 2001 From: Pete Date: Wed, 14 Feb 2024 21:51:47 +0000 Subject: [PATCH 02/18] Handle the 'lineage-21.0' BRANCH_NAME value --- src/build.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/build.sh b/src/build.sh index 57a0d0d..706ecc0 100755 --- a/src/build.sh +++ b/src/build.sh @@ -152,6 +152,12 @@ for branch in ${BRANCH_NAME//,/ }; do frameworks_base_patch="android_frameworks_base-Android13.patch" modules_permission_patch="packages_modules_Permission-Android13.patch" ;; + lineage-21.0*) + themuppets_branch="lineage-20.0" + android_version="14" + frameworks_base_patch="android_frameworks_base-Android14.patch" + modules_permission_patch="packages_modules_Permission-Android14.patch" + ;; *) echo ">> [$(date)] Building branch $branch is not (yet) suppported" exit 1 From a62c3e3db236ddf68e7ee4fb8b5d92bd7ea272d7 Mon Sep 17 00:00:00 2001 From: Pete Date: Thu, 15 Feb 2024 13:28:44 +0000 Subject: [PATCH 03/18] fix build signing for Android 14 --- src/init.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/init.sh b/src/init.sh index fb6e014..dae4142 100755 --- a/src/init.sh +++ b/src/init.sh @@ -59,6 +59,22 @@ if [ "$SIGN_BUILDS" = true ]; then fi done fi + + # Android 14 requires to set a BUILD file for bazel to avoid errors: + cat > $"KEYS_DIR"/BUILD << _EOB +# adding an empty BUILD file fixes the A14 build error: +# "ERROR: no such package 'keys': BUILD file not found in any of the following directories. Add a BUILD file to a directory to mark it as a package." +# adding the filegroup "android_certificate_directory" fixes the A14 build error: +# "no such target '//keys:android_certificate_directory': target 'android_certificate_directory' not declared in package 'keys'" +filegroup( +name = "android_certificate_directory", +srcs = glob([ + "*.pk8", + "*.pem", +]), +visibility = ["//visibility:public"], +) +_EOB for c in cyngn{-priv,}-app testkey; do for e in pk8 x509.pem; do From 8099ad0bc6e98c26cdf8a1cd7607c81868ce3727 Mon Sep 17 00:00:00 2001 From: Pete Date: Thu, 15 Feb 2024 17:07:59 +0000 Subject: [PATCH 04/18] Fix typos and copy / paste errors --- src/build.sh | 2 +- src/init.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/build.sh b/src/build.sh index 706ecc0..42812a0 100755 --- a/src/build.sh +++ b/src/build.sh @@ -153,7 +153,7 @@ for branch in ${BRANCH_NAME//,/ }; do modules_permission_patch="packages_modules_Permission-Android13.patch" ;; lineage-21.0*) - themuppets_branch="lineage-20.0" + themuppets_branch="lineage-21.0" android_version="14" frameworks_base_patch="android_frameworks_base-Android14.patch" modules_permission_patch="packages_modules_Permission-Android14.patch" diff --git a/src/init.sh b/src/init.sh index dae4142..2ce1a0f 100755 --- a/src/init.sh +++ b/src/init.sh @@ -61,7 +61,7 @@ if [ "$SIGN_BUILDS" = true ]; then fi # Android 14 requires to set a BUILD file for bazel to avoid errors: - cat > $"KEYS_DIR"/BUILD << _EOB + cat > "$KEYS_DIR"/BUILD << _EOB # adding an empty BUILD file fixes the A14 build error: # "ERROR: no such package 'keys': BUILD file not found in any of the following directories. Add a BUILD file to a directory to mark it as a package." # adding the filegroup "android_certificate_directory" fixes the A14 build error: From 3bc509aa14b688cad4fdb0583238e5ea00c1bf51 Mon Sep 17 00:00:00 2001 From: Pete Date: Thu, 15 Feb 2024 17:07:59 +0000 Subject: [PATCH 05/18] Fix typos and copy / paste errors --- src/build.sh | 2 +- src/init.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/build.sh b/src/build.sh index fe63dd8..8592150 100755 --- a/src/build.sh +++ b/src/build.sh @@ -159,7 +159,7 @@ for branch in ${BRANCH_NAME//,/ }; do modules_permission_patch="packages_modules_Permission-Android13.patch" ;; lineage-21.0*) - themuppets_branch="lineage-20.0" + themuppets_branch="lineage-21.0" android_version="14" frameworks_base_patch="android_frameworks_base-Android14.patch" modules_permission_patch="packages_modules_Permission-Android14.patch" diff --git a/src/init.sh b/src/init.sh index dae4142..2ce1a0f 100755 --- a/src/init.sh +++ b/src/init.sh @@ -61,7 +61,7 @@ if [ "$SIGN_BUILDS" = true ]; then fi # Android 14 requires to set a BUILD file for bazel to avoid errors: - cat > $"KEYS_DIR"/BUILD << _EOB + cat > "$KEYS_DIR"/BUILD << _EOB # adding an empty BUILD file fixes the A14 build error: # "ERROR: no such package 'keys': BUILD file not found in any of the following directories. Add a BUILD file to a directory to mark it as a package." # adding the filegroup "android_certificate_directory" fixes the A14 build error: From 0279cba9335952e43739593aeea381e2ee8e1727 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 13:57:07 +0000 Subject: [PATCH 06/18] Bump docker/metadata-action from 5.5.0 to 5.5.1 Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.5.0 to 5.5.1. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/dbef88086f6cef02e264edb7dbf63250c17cef6c...8e5442c4ef9f78752691e2d8f8d19755c6f78e81) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 484a951..fa12f05 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -35,7 +35,7 @@ jobs: # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta - uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} flavor: latest=${{ github.ref == 'refs/heads/master' }} From 40718bf6a2aaea999e297a5a04311861064219a2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Feb 2024 13:49:46 +0000 Subject: [PATCH 07/18] Bump ubuntu from `e6173d4` to `e9569c2` Bumps ubuntu from `e6173d4` to `e9569c2`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c912d92..59ece43 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:e6173d4dc55e76b87c4af8db8821b1feae4146dd47341e4d431118c7dd060a74 +FROM ubuntu:22.04@sha256:e9569c25505f33ff72e88b2990887c9dcf230f23259da296eb814fc2b41af999 LABEL maintainer="Nicola Corna " # Environment variables From b1dcd2f99318e38967ded38a8fe7efd9ed3bb7e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Feb 2024 13:23:32 +0000 Subject: [PATCH 08/18] Bump ubuntu from `e9569c2` to `f9d633f` Bumps ubuntu from `e9569c2` to `f9d633f`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 59ece43..a60877b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:e9569c25505f33ff72e88b2990887c9dcf230f23259da296eb814fc2b41af999 +FROM ubuntu:22.04@sha256:f9d633ff6640178c2d0525017174a688e2c1aef28f0a0130b26bd5554491f0da LABEL maintainer="Nicola Corna " # Environment variables From 24de3383e81b0ce15308bceeef156deb82c0e1a1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Mar 2024 13:07:41 +0000 Subject: [PATCH 09/18] Bump ubuntu from `f9d633f` to `77906da` Bumps ubuntu from `f9d633f` to `77906da`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index a60877b..b0a643b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:f9d633ff6640178c2d0525017174a688e2c1aef28f0a0130b26bd5554491f0da +FROM ubuntu:22.04@sha256:77906da86b60585ce12215807090eb327e7386c8fafb5402369e421f44eff17e LABEL maintainer="Nicola Corna " # Environment variables From 29049c52b682f1add0937c2e301d99721ede0438 Mon Sep 17 00:00:00 2001 From: Pete Fotheringham Date: Wed, 13 Mar 2024 08:21:02 +0000 Subject: [PATCH 10/18] Fix the posix spwan error - make the 'otapackage` target instead of bacon - rename the ROM zip file from "lineage_$codename-ota-eng.root.zip" to the expected "lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename.zip" --- src/build.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/build.sh b/src/build.sh index 42812a0..743bf94 100755 --- a/src/build.sh +++ b/src/build.sh @@ -377,11 +377,16 @@ for branch in ${BRANCH_NAME//,/ }; do # Start the build echo ">> [$(date)] Starting build for $codename, $branch branch" | tee -a "$DEBUG_LOG" build_successful=false - if (set +eu ; mka "${jobs_arg[@]}" bacon) &>> "$DEBUG_LOG"; then + if (set +eu ; mka "${jobs_arg[@]}" otapackage ) &>> "$DEBUG_LOG"; then # Move produced ZIP files to the main OUT directory echo ">> [$(date)] Moving build artifacts for $codename to '$ZIP_DIR/$zipsubdir'" | tee -a "$DEBUG_LOG" cd out/target/product/"$codename" + + # the zip produced by 'mka otapackage' is "lineage_$device-ota-eng.root.zip + # we need it to be "lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename.zip" + mv "lineage_$codename-ota-eng.root.zip" "lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename.zip" + files_to_hash=() for build in lineage-*.zip; do cp -v system/build.prop "$ZIP_DIR/$zipsubdir/$build.prop" &>> "$DEBUG_LOG" From 6674357b40833042c78f44e4aa09c77c4ac0286c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Mar 2024 13:48:57 +0000 Subject: [PATCH 11/18] Bump docker/build-push-action from 5.1.0 to 5.3.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.1.0 to 5.3.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/4a13e500e55cf31b7a5d59a38ab2040ab0f42f56...2cdde995de11925a030ce8070c3d77a52ffcf1c0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index fa12f05..aa0207a 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -43,7 +43,7 @@ jobs: # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action - name: Build and push Docker image - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 with: context: . push: ${{ github.event_name != 'pull_request' && !startsWith(github.ref, 'refs/pull') && github.actor != 'dependabot[bot]' }} From 21000ebbd0e6221d9155ffa7436018ac09613eb7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Mar 2024 13:49:00 +0000 Subject: [PATCH 12/18] Bump docker/login-action from 3.0.0 to 3.1.0 Bumps [docker/login-action](https://github.com/docker/login-action) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/343f7c4344506bcbf9b4de18042ae17996df046d...e92390c5fb421da1463c202d546fed0ec5c39f20) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index fa12f05..18a18cb 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -25,7 +25,7 @@ jobs: # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} if: github.event_name != 'pull_request' && !startsWith(github.ref, 'refs/pull') && github.actor != 'dependabot[bot]' - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 with: registry: ${{ env.REGISTRY }} username: ${{ secrets.DOCKERHUB_USERNAME }} From cfc5745d04d5a0300c96b0a0968490b3373cf7b7 Mon Sep 17 00:00:00 2001 From: Pete Fotheringham Date: Sat, 30 Mar 2024 07:50:15 +0000 Subject: [PATCH 13/18] Update build.sh: correct name of ota zip file --- src/build.sh | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/src/build.sh b/src/build.sh index 24a451e..3c43668 100755 --- a/src/build.sh +++ b/src/build.sh @@ -357,9 +357,9 @@ for branch in ${BRANCH_NAME//,/ }; do for codename in ${devices//,/ }; do if [ -n "$codename" ]; then - + builddate=$(date +%Y%m%d) - + if [ "$BUILD_OVERLAY" = true ]; then lowerdir=$SRC_DIR/$branch_dir upperdir=$TMP_DIR/device @@ -438,11 +438,14 @@ for branch in ${BRANCH_NAME//,/ }; do # Move the ROM zip files to the main OUT directory echo ">> [$(date)] Moving build artifacts for $codename to '$ZIP_DIR/$zipsubdir'" | tee -a "$DEBUG_LOG" cd out/target/product/"$codename" - - # the zip produced by 'mka otapackage' is "lineage_$device-ota-eng.root.zip - # we need it to be "lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename.zip" - mv "lineage_$codename-ota-eng.root.zip" "lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename.zip" - + + # rename the zip produced by 'mka otapackage' from "lineage_$device-ota.zip" + # for 21.0 and "lineage_$device-ota-eng.root.zip" for 20.0 to + # "lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename.zip" + for otapackage in lineage_*.zip; do + mv "$otapackage" "lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename".zip &>> "$DEBUG_LOG" + done + files_to_hash=() for build in lineage-*.zip; do cp -v system/build.prop "$ZIP_DIR/$zipsubdir/$build.prop" &>> "$DEBUG_LOG" @@ -450,14 +453,14 @@ for branch in ${BRANCH_NAME//,/ }; do files_to_hash+=( "$build" ) done - cd "$source_dir/out/target/product/$codename/obj/PACKAGING/target_files_intermediates/lineage_$codename-target_files-eng.root/IMAGES/" +# cd "$source_dir/out/target/product/$codename/obj/PACKAGING/target_files_intermediates/lineage_$codename-target_files-eng.root/IMAGES/" if [ "$ZIP_UP_IMAGES" = true ]; then # zipping the .img files echo ">> [$(date)] Zipping the .img files" | tee -a "$DEBUG_LOG" files_to_zip=() images_zip_file="lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename-images.zip" - cd "$source_dir/out/target/product/$codename/obj/PACKAGING/target_files_intermediates/lineage_$codename-target_files-eng.root/IMAGES/" +# cd "$source_dir/out/target/product/$codename/obj/PACKAGING/target_files_intermediates/lineage_$codename-target_files-eng.root/IMAGES/" for image in recovery boot vendor_boot dtbo super_empty vbmeta vendor_kernel_boot; do if [ -f "$image.img" ]; then From 393bf054783fdf7f445b9c4c7bfe4ac4dc682a24 Mon Sep 17 00:00:00 2001 From: Pete Fotheringham Date: Wed, 3 Apr 2024 15:53:32 +0100 Subject: [PATCH 14/18] Move cleanup code to a function. Call it after breakfast fails or build completes --- src/build.sh | 57 +++++++++++++++++++++++++++++----------------------- 1 file changed, 32 insertions(+), 25 deletions(-) diff --git a/src/build.sh b/src/build.sh index 3c43668..64158c9 100755 --- a/src/build.sh +++ b/src/build.sh @@ -17,6 +17,36 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +do_cleanup() { + echo ">> [$(date)] Cleaning up" | tee -a "$DEBUG_LOG" + + if [ "$BUILD_OVERLAY" = true ]; then + # The Jack server must be stopped manually, as we want to unmount $TMP_DIR/merged + cd "$TMP_DIR" + if [ -f "$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin" ]; then + "$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin kill-server" &> /dev/null || true + fi + lsof | grep "$TMP_DIR/merged" | awk '{ print $2 }' | sort -u | xargs -r kill &> /dev/null || true + + while lsof | grep -q "$TMP_DIR"/merged; do + sleep 1 + done + + umount "$TMP_DIR/merged" + fi + + if [ "$CLEAN_AFTER_BUILD" = true ]; then + echo ">> [$(date)] Cleaning source dir for device $codename" | tee -a "$DEBUG_LOG" + if [ "$BUILD_OVERLAY" = true ]; then + cd "$TMP_DIR" + rm -rf ./* || true + else + cd "$source_dir" + (set +eu ; mka "${jobs_arg[@]}" clean) &>> "$DEBUG_LOG" + fi + fi +} + set -eEuo pipefail repo_log="$LOGS_DIR/repo-$(date +%Y%m%d).log" @@ -405,6 +435,7 @@ for branch in ${BRANCH_NAME//,/ }; do echo ">> [$(date)] Running post-build.sh for $codename" >> "$DEBUG_LOG" /root/userscripts/post-build.sh "$codename" false "$branch" &>> "$DEBUG_LOG" || echo ">> [$(date)] Warning: post-build.sh failed!" fi + do_cleanup continue fi @@ -520,31 +551,7 @@ for branch in ${BRANCH_NAME//,/ }; do fi echo ">> [$(date)] Finishing build for $codename" | tee -a "$DEBUG_LOG" - if [ "$BUILD_OVERLAY" = true ]; then - # The Jack server must be stopped manually, as we want to unmount $TMP_DIR/merged - cd "$TMP_DIR" - if [ -f "$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin" ]; then - "$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin kill-server" &> /dev/null || true - fi - lsof | grep "$TMP_DIR/merged" | awk '{ print $2 }' | sort -u | xargs -r kill &> /dev/null || true - - while lsof | grep -q "$TMP_DIR"/merged; do - sleep 1 - done - - umount "$TMP_DIR/merged" - fi - - if [ "$CLEAN_AFTER_BUILD" = true ]; then - echo ">> [$(date)] Cleaning source dir for device $codename" | tee -a "$DEBUG_LOG" - if [ "$BUILD_OVERLAY" = true ]; then - cd "$TMP_DIR" - rm -rf ./* || true - else - cd "$source_dir" - (set +eu ; mka "${jobs_arg[@]}" clean) &>> "$DEBUG_LOG" - fi - fi + do_cleanup done fi done From 13e9fa8f252c327ca729b90e4112b470dab9637b Mon Sep 17 00:00:00 2001 From: Pete Fotheringham Date: Wed, 3 Apr 2024 19:11:52 +0100 Subject: [PATCH 15/18] Use mka otaimage bacon: see if we hit the posix spawn error --- src/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/build.sh b/src/build.sh index 64158c9..2dab177 100755 --- a/src/build.sh +++ b/src/build.sh @@ -451,7 +451,7 @@ for branch in ${BRANCH_NAME//,/ }; do build_successful=false files_to_hash=() - if (set +eu ; mka "${jobs_arg[@]}" otapackage) &>> "$DEBUG_LOG"; then + if (set +eu ; mka "${jobs_arg[@]}" otapackage bacon) &>> "$DEBUG_LOG"; then if [ "$MAKE_IMG_ZIP_FILE" = true ]; then # make the `-img.zip` file echo ">> [$(date)] Making -img.zip file" | tee -a "$DEBUG_LOG" From fa45feae0b416a3a78664ea24f41b804da5424f4 Mon Sep 17 00:00:00 2001 From: Pete Fotheringham Date: Wed, 3 Apr 2024 20:49:55 +0100 Subject: [PATCH 16/18] No need to rename the image file --- src/build.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/build.sh b/src/build.sh index 2dab177..feea272 100755 --- a/src/build.sh +++ b/src/build.sh @@ -473,9 +473,9 @@ for branch in ${BRANCH_NAME//,/ }; do # rename the zip produced by 'mka otapackage' from "lineage_$device-ota.zip" # for 21.0 and "lineage_$device-ota-eng.root.zip" for 20.0 to # "lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename.zip" - for otapackage in lineage_*.zip; do - mv "$otapackage" "lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename".zip &>> "$DEBUG_LOG" - done + # for otapackage in lineage_*.zip; do + # mv "$otapackage" "lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename".zip &>> "$DEBUG_LOG" + # done files_to_hash=() for build in lineage-*.zip; do @@ -484,14 +484,14 @@ for branch in ${BRANCH_NAME//,/ }; do files_to_hash+=( "$build" ) done -# cd "$source_dir/out/target/product/$codename/obj/PACKAGING/target_files_intermediates/lineage_$codename-target_files-eng.root/IMAGES/" + cd "$source_dir/out/target/product/$codename/obj/PACKAGING/target_files_intermediates/lineage_$codename-target_files-eng.root/IMAGES/" if [ "$ZIP_UP_IMAGES" = true ]; then # zipping the .img files echo ">> [$(date)] Zipping the .img files" | tee -a "$DEBUG_LOG" files_to_zip=() images_zip_file="lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename-images.zip" -# cd "$source_dir/out/target/product/$codename/obj/PACKAGING/target_files_intermediates/lineage_$codename-target_files-eng.root/IMAGES/" + # cd "$source_dir/out/target/product/$codename/obj/PACKAGING/target_files_intermediates/lineage_$codename-target_files-eng.root/IMAGES/" for image in recovery boot vendor_boot dtbo super_empty vbmeta vendor_kernel_boot; do if [ -f "$image.img" ]; then From 04b2d1689e002fc96c43f79f5c905c59ccce107a Mon Sep 17 00:00:00 2001 From: Pete Fotheringham Date: Thu, 4 Apr 2024 09:31:53 +0100 Subject: [PATCH 17/18] Fix path of IMAGES directory for 21.0 --- src/build.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/build.sh b/src/build.sh index feea272..0ab3c14 100755 --- a/src/build.sh +++ b/src/build.sh @@ -483,8 +483,10 @@ for branch in ${BRANCH_NAME//,/ }; do mv "$build" "$ZIP_DIR/$zipsubdir/" &>> "$DEBUG_LOG" files_to_hash+=( "$build" ) done - - cd "$source_dir/out/target/product/$codename/obj/PACKAGING/target_files_intermediates/lineage_$codename-target_files-eng.root/IMAGES/" + img_dir=$(find "$source_dir/out/target/product/$codename/obj/PACKAGING" -name "IMAGES") + if [ -d "$img_dir" ]; then + cd "$img_dir" + fi if [ "$ZIP_UP_IMAGES" = true ]; then # zipping the .img files echo ">> [$(date)] Zipping the .img files" | tee -a "$DEBUG_LOG" From 901a33a1d26b0fc6e3e151583eff1102cbc856f7 Mon Sep 17 00:00:00 2001 From: Pete Fotheringham Date: Thu, 4 Apr 2024 17:33:57 +0100 Subject: [PATCH 18/18] Tidy up code and comments --- src/build.sh | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/src/build.sh b/src/build.sh index 0ab3c14..ce50f35 100755 --- a/src/build.sh +++ b/src/build.sh @@ -452,6 +452,7 @@ for branch in ${BRANCH_NAME//,/ }; do files_to_hash=() if (set +eu ; mka "${jobs_arg[@]}" otapackage bacon) &>> "$DEBUG_LOG"; then + if [ "$MAKE_IMG_ZIP_FILE" = true ]; then # make the `-img.zip` file echo ">> [$(date)] Making -img.zip file" | tee -a "$DEBUG_LOG" @@ -466,34 +467,28 @@ for branch in ${BRANCH_NAME//,/ }; do echo ">> [$(date)] Making -img.zip file disabled" fi - # Move the ROM zip files to the main OUT directory echo ">> [$(date)] Moving build artifacts for $codename to '$ZIP_DIR/$zipsubdir'" | tee -a "$DEBUG_LOG" cd out/target/product/"$codename" - # rename the zip produced by 'mka otapackage' from "lineage_$device-ota.zip" - # for 21.0 and "lineage_$device-ota-eng.root.zip" for 20.0 to - # "lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename.zip" - # for otapackage in lineage_*.zip; do - # mv "$otapackage" "lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename".zip &>> "$DEBUG_LOG" - # done - + # Move the ROM zip files to the main OUT directory files_to_hash=() for build in lineage-*.zip; do cp -v system/build.prop "$ZIP_DIR/$zipsubdir/$build.prop" &>> "$DEBUG_LOG" mv "$build" "$ZIP_DIR/$zipsubdir/" &>> "$DEBUG_LOG" files_to_hash+=( "$build" ) done + + # Now handle the .img files - where are they? img_dir=$(find "$source_dir/out/target/product/$codename/obj/PACKAGING" -name "IMAGES") if [ -d "$img_dir" ]; then cd "$img_dir" fi + if [ "$ZIP_UP_IMAGES" = true ]; then - # zipping the .img files echo ">> [$(date)] Zipping the .img files" | tee -a "$DEBUG_LOG" files_to_zip=() images_zip_file="lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename-images.zip" - # cd "$source_dir/out/target/product/$codename/obj/PACKAGING/target_files_intermediates/lineage_$codename-target_files-eng.root/IMAGES/" for image in recovery boot vendor_boot dtbo super_empty vbmeta vendor_kernel_boot; do if [ -f "$image.img" ]; then @@ -506,8 +501,9 @@ for branch in ${BRANCH_NAME//,/ }; do mv "$images_zip_file" "$ZIP_DIR/$zipsubdir/" files_to_hash+=( "$images_zip_file" ) else - # just copy the mages to the zips directory echo ">> [$(date)] Zipping the '-img' files disabled" + + # rename and copy the images to the zips directory for image in recovery boot vendor_boot dtbo super_empty vbmeta vendor_kernel_boot; do if [ -f "$image.img" ]; then recovery_name="lineage-$los_ver-$builddate-$RELEASE_TYPE-$codename-$image.img" @@ -518,6 +514,7 @@ for branch in ${BRANCH_NAME//,/ }; do done fi + # create the checksum files cd "$ZIP_DIR/$zipsubdir" for f in "${files_to_hash[@]}"; do sha256sum "$f" > "$ZIP_DIR/$zipsubdir/$f.sha256sum" @@ -547,6 +544,8 @@ for branch in ${BRANCH_NAME//,/ }; do /usr/bin/python /root/clean_up.py -n "$DELETE_OLD_LOGS" -V "$los_ver" -N 1 -c "$codename" "$LOGS_DIR" fi fi + + # call post-build.sh if [ -f /root/userscripts/post-build.sh ]; then echo ">> [$(date)] Running post-build.sh for $codename" >> "$DEBUG_LOG" /root/userscripts/post-build.sh "$codename" "$build_successful" "$branch" &>> "$DEBUG_LOG" || echo ">> [$(date)] Warning: post-build.sh failed!"