mirror of
https://github.com/lineageos4microg/docker-lineage-cicd
synced 2024-11-09 10:09:56 +01:00
Introduce env var USER_BUILD_SPOOFING
If set to "yes", applies a patch which allows LineageOS' built-in signature spoofing to function even in the user build variant, not just userdebug or eng.
This commit is contained in:
parent
d9f25d3b55
commit
fc017cb2ed
@ -102,8 +102,16 @@ ENV LOGS_SUBDIR true
|
|||||||
# restricted patch and embedding the apps that requires it as system privileged
|
# restricted patch and embedding the apps that requires it as system privileged
|
||||||
# apps is a much secure option. See the README.md ("Custom mode") for an
|
# apps is a much secure option. See the README.md ("Custom mode") for an
|
||||||
# example.
|
# example.
|
||||||
|
#
|
||||||
|
# LineageOS versions 18.1, 19.1, 20.0 and 21.0 and up include built-in
|
||||||
|
# signature spoofing for microG, and custom patches are not required. They may
|
||||||
|
# still, however, optionally be enabled
|
||||||
ENV SIGNATURE_SPOOFING "no"
|
ENV SIGNATURE_SPOOFING "no"
|
||||||
|
|
||||||
|
# Enable the built-in signature spoofing for the user build type, not just
|
||||||
|
# userdebug and eng
|
||||||
|
ENV USER_BUILD_SPOOFING "no"
|
||||||
|
|
||||||
# Delete old zips in $ZIP_DIR, keep only the N latest one (0 to disable)
|
# Delete old zips in $ZIP_DIR, keep only the N latest one (0 to disable)
|
||||||
ENV DELETE_OLD_ZIPS 0
|
ENV DELETE_OLD_ZIPS 0
|
||||||
|
|
||||||
|
23
README.md
23
README.md
@ -110,8 +110,14 @@ And when starting the build, set the `CUSTOM_PACKAGES` variable to a list of app
|
|||||||
|
|
||||||
#### Signature spoofing
|
#### Signature spoofing
|
||||||
|
|
||||||
There are two options for the [signature spoofing patch][signature-spoofing]
|
For LineageOS versions 18.1, 19.1, 20.0 and 21.0, built-in support for
|
||||||
required for [microG][microg]:
|
signature spoofing has been added. This specifically only allows microG to
|
||||||
|
spoof its signature; no other apps are allowed to do so. If this is fine, the
|
||||||
|
`SIGNATURE_SPOOFING` environment variable may be left unset (defaulting to
|
||||||
|
`no`).
|
||||||
|
|
||||||
|
If not, two custom [signature spoofing patches][signature-spoofing] are
|
||||||
|
provided:
|
||||||
* "Original" [patches][signature-spoofing-patches]
|
* "Original" [patches][signature-spoofing-patches]
|
||||||
* Restricted patches
|
* Restricted patches
|
||||||
|
|
||||||
@ -124,15 +130,19 @@ A more strict option is the restricted patch, where the FAKE_SIGNATURE
|
|||||||
permission can be obtained only by privileged system apps, embedded in the ROM
|
permission can be obtained only by privileged system apps, embedded in the ROM
|
||||||
during the build process.
|
during the build process.
|
||||||
|
|
||||||
The signature spoofing patch can be optionally included with:
|
The custom signature spoofing patch can be optionally included with:
|
||||||
|
|
||||||
* `SIGNATURE_SPOOFING (no)`: `yes` to use the original patch, `restricted` for
|
* `SIGNATURE_SPOOFING (no)`: `yes` to use the original patch, `restricted` for
|
||||||
the restricted one, `no` for none of them
|
the restricted one, `no` for none of them to and default to built-in
|
||||||
|
signature spoofing.
|
||||||
|
|
||||||
If in doubt, use `restricted`: note that packages that requires the
|
If in doubt, use `restricted`: note that packages that requires the
|
||||||
FAKE_SIGNATURE permission must be included in the build as system apps
|
FAKE_SIGNATURE permission must be included in the build as system apps
|
||||||
(e.g. as part of GMS or `CUSTOM_PACKAGES`)
|
(e.g. as part of GMS or `CUSTOM_PACKAGES`)
|
||||||
|
|
||||||
|
These patches are currently disabled for LineageOS 21 entirely. If you have an
|
||||||
|
use case which requires the use of custom patches on 21,
|
||||||
|
[please open an issue][issue-tracker].
|
||||||
|
|
||||||
#### Proprietary files
|
#### Proprietary files
|
||||||
|
|
||||||
@ -409,7 +419,7 @@ The LineageOS for MicroG project is not in a position to offer much by way of te
|
|||||||
- the number of active volunteer maintainers / contributors is very small, and we spend what time we have trying to ensure that the process of making regular builds keeps going. We can generally investigate problems with the build tools, but not with the ROM itself;
|
- the number of active volunteer maintainers / contributors is very small, and we spend what time we have trying to ensure that the process of making regular builds keeps going. We can generally investigate problems with the build tools, but not with the ROM itself;
|
||||||
- we don't have access to any devices for testing / debugging
|
- we don't have access to any devices for testing / debugging
|
||||||
|
|
||||||
The [project issue tracker](https://github.com/lineageos4microg/docker-lineage-cicd/issues) is mostly for tracking problems with the Docker build tool. It is ***not*** intended for tracking problems with ***installing*** or ***running*** the LineageOS for MicroG ROM. If you run into such problems, our advice is to work through the following steps to see if they help. (Make a backup of your user apps & data first):
|
The [project issue tracker][issue-tracker] is mostly for tracking problems with the Docker build tool. It is ***not*** intended for tracking problems with ***installing*** or ***running*** the LineageOS for MicroG ROM. If you run into such problems, our advice is to work through the following steps to see if they help. (Make a backup of your user apps & data first):
|
||||||
- full power off and restart
|
- full power off and restart
|
||||||
- factory reset
|
- factory reset
|
||||||
- format data partition
|
- format data partition
|
||||||
@ -469,7 +479,7 @@ We build for the same devices as LineageOS using [their list of build targets](h
|
|||||||
|
|
||||||
We currently make builds monthly, starting on the first day of the month. The devices included in a build run are defined by the content of the [LOS target list](https://github.com/LineageOS/hudson/blob/master/lineage-build-targets) ***at the point the build run starts***. Our monthly build run takes 15-16 days to complete. You can see the current status of the build in [the dedicated matrix room](https://matrix.to/#/#microg-lineage-os-builds:matrix.domainepublic.net)
|
We currently make builds monthly, starting on the first day of the month. The devices included in a build run are defined by the content of the [LOS target list](https://github.com/LineageOS/hudson/blob/master/lineage-build-targets) ***at the point the build run starts***. Our monthly build run takes 15-16 days to complete. You can see the current status of the build in [the dedicated matrix room](https://matrix.to/#/#microg-lineage-os-builds:matrix.domainepublic.net)
|
||||||
|
|
||||||
If builds for any devices fail during a build run, we will try the build again ***after the main build run has completed***. If you do not see a new build for your device when you expect it, please check whether the build failure was reported in the matrix room. If it was, there is no need to report it - we will deal with it! If the failure was not reported in the matrix room, then please report it in [our issue tracker](https://github.com/lineageos4microg/docker-lineage-cicd/issues) or in [the XDA Forums thread](https://xdaforums.com/t/lineageos-for-microg.3700997/)
|
If builds for any devices fail during a build run, we will try the build again ***after the main build run has completed***. If you do not see a new build for your device when you expect it, please check whether the build failure was reported in the matrix room. If it was, there is no need to report it - we will deal with it! If the failure was not reported in the matrix room, then please report it in [our issue tracker][issue-tracker] or in [the XDA Forums thread](https://xdaforums.com/t/lineageos-for-microg.3700997/)
|
||||||
|
|
||||||
|
|
||||||
### Project Scope
|
### Project Scope
|
||||||
@ -553,3 +563,4 @@ Upstream projects have their own channels for supporting users.
|
|||||||
[a6000-xda]: https://xdaforums.com/t/eol-rom-8-1-0_r43-f2fs-lineageos-15-1-arm-stable-final-android-go.3733747/
|
[a6000-xda]: https://xdaforums.com/t/eol-rom-8-1-0_r43-f2fs-lineageos-15-1-arm-stable-final-android-go.3733747/
|
||||||
[a6000-device-tree-deps]: https://github.com/dev-harsh1998/android_device_lenovo_a6000/blob/lineage-15.1/lineage.dependencies
|
[a6000-device-tree-deps]: https://github.com/dev-harsh1998/android_device_lenovo_a6000/blob/lineage-15.1/lineage.dependencies
|
||||||
[a6000-common-tree-deps]: https://github.com/dev-harsh1998/android_device_lenovo_msm8916-common/blob/lineage-15.1/lineage.dependencies
|
[a6000-common-tree-deps]: https://github.com/dev-harsh1998/android_device_lenovo_msm8916-common/blob/lineage-15.1/lineage.dependencies
|
||||||
|
[issue-tracker]: https://github.com/lineageos4microg/docker-lineage-cicd/issues
|
||||||
|
17
src/build.sh
17
src/build.sh
@ -175,23 +175,26 @@ for branch in ${BRANCH_NAME//,/ }; do
|
|||||||
android_version="11"
|
android_version="11"
|
||||||
frameworks_base_patch="android_frameworks_base-R.patch"
|
frameworks_base_patch="android_frameworks_base-R.patch"
|
||||||
apps_permissioncontroller_patch="packages_apps_PermissionController-R.patch"
|
apps_permissioncontroller_patch="packages_apps_PermissionController-R.patch"
|
||||||
|
user_build_spoofing_patch="android_frameworks_base-user_build.patch"
|
||||||
;;
|
;;
|
||||||
lineage-19.1*)
|
lineage-19.1*)
|
||||||
themuppets_branch="lineage-19.1"
|
themuppets_branch="lineage-19.1"
|
||||||
android_version="12"
|
android_version="12"
|
||||||
frameworks_base_patch="android_frameworks_base-S.patch"
|
frameworks_base_patch="android_frameworks_base-S.patch"
|
||||||
modules_permission_patch="packages_modules_Permission-S.patch"
|
modules_permission_patch="packages_modules_Permission-S.patch"
|
||||||
|
user_build_spoofing_patch="android_frameworks_base-user_build.patch"
|
||||||
;;
|
;;
|
||||||
lineage-20.0*)
|
lineage-20.0*)
|
||||||
themuppets_branch="lineage-20.0"
|
themuppets_branch="lineage-20.0"
|
||||||
android_version="13"
|
android_version="13"
|
||||||
frameworks_base_patch="android_frameworks_base-Android13.patch"
|
frameworks_base_patch="android_frameworks_base-Android13.patch"
|
||||||
modules_permission_patch="packages_modules_Permission-Android13.patch"
|
modules_permission_patch="packages_modules_Permission-Android13.patch"
|
||||||
|
user_build_spoofing_patch="android_frameworks_base-user_build.patch"
|
||||||
;;
|
;;
|
||||||
lineage-21.0*)
|
lineage-21.0*)
|
||||||
themuppets_branch="lineage-21.0"
|
themuppets_branch="lineage-21.0"
|
||||||
android_version="14"
|
android_version="14"
|
||||||
frameworks_base_patch="android_frameworks_base-Android14.patch"
|
user_build_spoofing_patch="android_frameworks_base-user_build.patch"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
echo ">> [$(date)] Building branch $branch is not (yet) suppported"
|
echo ">> [$(date)] Building branch $branch is not (yet) suppported"
|
||||||
@ -278,6 +281,18 @@ for branch in ${BRANCH_NAME//,/ }; do
|
|||||||
los_ver="$los_ver_major.$los_ver_minor"
|
los_ver="$los_ver_major.$los_ver_minor"
|
||||||
|
|
||||||
if [ "$APPLY_PATCHES" = true ]; then
|
if [ "$APPLY_PATCHES" = true ]; then
|
||||||
|
# If user build variant should also enable LOS signature spoofing
|
||||||
|
if [ "$USER_BUILD_SPOOFING" = "yes" ]; then
|
||||||
|
if [ -n "$user_build_spoofing_patch" ]; then
|
||||||
|
cd frameworks/base
|
||||||
|
echo ">> [$(date)] Applying the user build variant signature spoofing patch ($user_build_spoofing_patch) to frameworks/base"
|
||||||
|
patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$user_build_spoofing_patch"
|
||||||
|
git clean -q -f
|
||||||
|
cd ../..
|
||||||
|
else
|
||||||
|
echo ">> [$(date)] WARNING: User build signature spoofing requested, but branch ($branch) does not support built-in signature spoofing"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
# If needed, apply the microG's signature spoofing patch
|
# If needed, apply the microG's signature spoofing patch
|
||||||
if [ "$SIGNATURE_SPOOFING" = "yes" ] || [ "$SIGNATURE_SPOOFING" = "restricted" ]; then
|
if [ "$SIGNATURE_SPOOFING" = "yes" ] || [ "$SIGNATURE_SPOOFING" = "restricted" ]; then
|
||||||
# Determine which patch should be applied to the current Android source tree
|
# Determine which patch should be applied to the current Android source tree
|
||||||
|
Loading…
Reference in New Issue
Block a user