| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Trisquel 9 doesn't have mvn-debian but has mvn instead.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
| |
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This uses spaces everywhere instead of mixing spaces and tabs.
In addition it also fix a line over 80 characters.
This should contain no functional changes.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Reviewed-by: Fil Lupin <fillupin@protonmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As we got report of data corruption in the package.xml file with
that script, it is better not to run it at each boot.
The corruption probably comes from having the device being shut
down precisely between the 5 seconds in which it modifies the
packages.xml files, which leaves a temporary file and an empty
packages.xml.
To keep the code simple, we will do two releases: one that doesn't
run this script automatically and one that does.
This way users will install the one that does the migration and once
done they will install the final image.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
| |
These scripts enable users to cleanly shutdown and reboot the
device from the shell.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Wipe comes from wipe 2.3.1 from http://wipe.sourceforge.net/.
As there doesn't seem to be any git repository, the tarball
was imported in git the subsequent commit added support for
Android.
Wipe is strongly needed as without it it's not very convenient
to securely delete files from the internal storage.
Without wipe, one would have to port GNU/Linux to the device
if it's not already done, or reuse the Replicant 11 kernel
otherwise, and run a distribution like Parabola to securely
erase files.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
| |
Signed-off-by: belgin <belginstirbu@hotmail.com>
Acked-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The gen_key_migration_script script was modified to generate a
key-migration.sh script that can run multiple times.
In addition, prints were added to inform the user of the script
success of failure.
So we need to update the generated script as well for the changes
to be taken into account.
This modified version was generated with the following command in
the top directory of the replicant-6.0 source code:
$ ./vendor/replicant-scripts/images/gen_key_migration_script/gen_key_migration_script.py \
gen-script \
vendor/replicant/prebuilt/common/bin/key-migration.sh \
vendor/replicant-data/distros/releases/certificates/ \
vendor/replicant-security/
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The calls to otasigcheck.sh have already been removed in the build
repository with the following commit:
57b200aeb4af062d2c7714de34fafe9b5d6e201c
57b200aeb Recovery: Remove check for matching application signatures with their data
So it is not needed anymore. Removing otasigcheck.sh also makes sure that
it's not possible to call it anymore.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The applications built from Replicant are signed with a key that is
generated during the build procedure The issue is that the data of an
application becomes inaccessible to it if the application signature change.
This affects all the applications built during and signed during the build
of Replicant images, which includes all system applications.
This is why, during the installation of a new Replicant version, the
otasigcheck.sh is run: it verifies if the application signatures expected
by the applications data match the signatures of the new applications
that are part of the new Replicant image being installed.
Without this check, users installing a new Replicant minor version (like
Replicant 6.0 0004) and keeping the data from the previous minor version
(like Replicant 6.0 0003) with a key that change will make at least some
system applications like the launcher crash as they will not be able to
access their data.
If the check detects an incompatibility, on a Galaxy SIII (GT-I9300), we
end up the installation aborting and the following message being displayed
on the screen:
detected filesystem ext4 for /dev/block/mmcblk0p12
Can't install this package on top of incompatible data. Ples
se try another package or run a factory test
E:Failed to install /sideload/package.zip
E:Please take note of all the above lines for reports.
This design has several issues:
- You cannot upgrade between Replicant minor versions if the keys signing
applications shipped in the new version changed. This is really
problematic as to upgrade, users need to delete all their application
data and restart creating them from scratch which is very time consuming.
With frequent updates that would becomes too much time consuming to do.
- It is also very fragile: if the data partition is encrypted,
otasigcheck.sh cannot do the check, and the check is skipped completely,
with the consequences explained before (the system applications end up
not being able to access their data).
To fix that:
- This patch adds a new script (key-migration.sh) to this repository.
It takes care of migrating the applications data to the new keys during
the first boot (so after the data partition will have been mounted).
- The call to otasigcheck.sh during the installation of new Replicant
versions will be removed in the build repository.
- otasigcheck.sh will be removed in this repository in the next commit.
- A python script generating this key-migration.sh script will be added
to the vendor_replicant-scripts repository to enable users and developers
to generate a key-migration.sh script with the keys they want. This
should make downgrade easier as the key-migration.sh could also be run
manually in the recovery and make the migration to self-built images much
easier.
Also, the otasigcheck.sh script has already been removed in LineageOS 17.1
by the following commit in vendor/lineage:
commit 95621f3c73b94a87ca4528748535bb114ae1613f
Author: Michael Bestas <mkbestas@lineageos.org>
Date: Sat Aug 4 17:46:35 2018 +0300
Revert "ota: Validate any installed data's signature against our own"
* otasigcheck doesn't work on encrypted devices and makes
the zip installation fail since oreo.
* The build part of this was never ported to oreo.
This reverts commit aff5e54c4ef5fec7e67e830f83ee64424005d07c.
Change-Id: I411f33c1db64844091c1692ef4706ae541925d4f
This key-migration.sh script has been generated by the following command in
the Replicant source code directory:
$ ./vendor/replicant-scripts/images/gen_key_migration_script/gen_key_migration_script.py \
gen-script \
vendor/replicant/prebuilt/common/bin/key-migration.sh \
vendor/replicant-data/distros/releases/certificates/ \
vendor/replicant-security/
This work is based on the following commit from the android_vendor_cm
repository[1]:
2f7c7decc Add startup script to update the package signatures
commit 2f7c7decc4cd5b42f044a7841a74468e4cacd694 (refs/changes/27/156327/3)
Author: Gabriele M <moto.falcon.git@gmail.com>
Date: Fri Jan 13 17:03:45 2017 +0100
Add startup script to update the package signatures
This allows to jump straight to LineageOS without wiping
userdata first.
Change-Id: I208bcada9380cbd69f3bec6c64e3c9e0eb1104c8
[1] https://github.com/LineageOS/android_vendor_cm.git
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
| |
Without that fix the help looks like that:
./build.sh [espresso3g|espressowifi|i9100|i9300|i9305|maguro|...]
The issue here is that square brackets are commonly used to indicate
optional arguments, but here an argument is required.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
|
|
| |
androidsw.sh and llvmpipe.sh were merged into a single
graphics.sh script in order to improve the user interface.
Since the scripts Android.mk was adjusted as well to use
graphics.sh, we need to adjust the PRODUCT_PACKAGES to
reflect that too.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sign-build sometimes fails when there is multiple files
matching the *-target_files-*.zip pattern for TARGET_FILES:
when checking if TARGET_FILES is a file with
[ -f $TARGET_FILES ], it can fail because -f expects ai
single path.
When it happens the failure looks like that:
vendor/replicant/sign-build: 111: [:
[...]/out/target/product/maguro/obj/PACKAGING/target_files_intermediates/replicant_maguro-target_files-3c9b1e0289.zip:
unexpected operator
The TARGET_FILES files we are sigining in sign-build.sh
have their build rules in build/core/Makefile where the
resulting path of the file is defined in this way:
BUILT_TARGET_FILES_PACKAGE := $(intermediates)/$(name).zip
name is in turn defined like this:
name := $(name)-target_files-$(FILE_NAME_TAG)
and FILE_NAME_TAG like this:
FILE_NAME_TAG := $(BUILD_NUMBER)
Since we have access to the device name and the
BUILD_NUMBER that is used to construct the FILE_NAME_TAG,
we can use them to find out the name of the file to sign
instead of relying on fragile glob ('*') patterns.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using libagl for everything had the side effect of making it
impossible to use applications like IceCatMobile, as libagl
OpenGL implementation was not complete enough. Using LLVMpipe
fixes that.
Using LLVMpipe for everything has the side effect of making
some system components like SurfaceFlinger way slower.
As we have patched the EGL loader to enable to override the
default OpenGL implementation for specific binaries, and
that we used that to switch the affected system components
back to libagl, we can now switch to LLVMpipe.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: David Ludovino <dllud@riseup.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using LLVMpipe by default, some system binaries are too
slow to make the device usable.
This overrides the OpenGL implementation for the following
binaries:
- bootanimation
- surfaceflinger
- system_server
When loading a binary, the EGL loader will then check if
there is an empty file corresponding to the cmdline in
/system/etc/libGLES_android and use libagl if it exists.
For instance to make SurfaceFlinger use libagl, we first
need to look at /proc/<pid>/cmdline. Here it returns
/system/bin/surfaceflinger. Once we have that, we can then
create the following empty file to make it use libagl:
/system/etc/libGLES_android/system/bin/surfaceflinger
Signed-off-by: Andrés Domínguez <andresdju@gmail.com>
GNUtoo@cyberdimension.org: squashed commits, commit message: added background
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: David Ludovino <dllud@riseup.net>
|
|
|
|
|
|
|
|
|
| |
It's a good idea to ship the scripts on the devices as it could help
users working around issues with the default renderer settings,
do some debugging or benchmarks, without needing to (re)compile an
image.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
F-Droid was removed by the following commit:
950958a7 Remove F-Droid until we can make a FSDG compliant version
but even if it's not shipped anymore in the images, its apk was still
downloaded.
This fixes it by removing the F-Droid apk download.
Signed-off-by: Andrés Domínguez <andresdju@gmail.com>
GNUtoo@cyberdimension.org: commit message
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the following commit in frameworks_opt_net_wifi:
"94f9a24 Add native Android support for external WiFi dongles",
we can now use the system settings to setup connection with
external WiFi adapters.
Even if the power on/off of the internal WiFi chip was not looked into,
it has been tested on most of the devices supported by Replicant.
It would be a good idea to look into it later on to potentially improve
the power consumption.
Here are the test results:
+--------+-----------+----------+
| Device | WiFi | Status |
+--------+-----------+----------+
| I9100 | ath9k_htc | Failing |
+--------+-----------+----------+
| I9100 | internal | Firmware |
+--------+-----------+----------+
| I9250 | ath9k_htc | Working |
+--------+-----------+----------+
| I9250 | internal | Firmware |
+--------+-----------+----------+
| I9300 | ath9k_htc | Working |
+--------+-----------+----------+
| I9300 | internal | Firmware |
+--------+-----------+----------+
| I9305 | ath9k_htc | Working |
+--------+-----------+----------+
| I9305 | internal | Firmware |
+--------+-----------+----------+
| N7000 | ath9k_htc | Failing |
+--------+-----------+----------+
| N7000 | internal | Firmware |
+--------+-----------+----------+
Here the failures are probably due to the hardware not being able to
give enough current to the USB WiFi adapter.
Firmware means that the WiFi is not working without the nonfree firmware.
Working means that the device was successfully able to connect to
a WiFi network.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
| |
When building for the first time, the log directory doesn't exist.
This fix makes sure it's created.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
| |
This can help debug software and hardware issues so it's best to
ship it as it is time consuming to build an image just for adding
it.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
| |
As all supported devices have an USB otg port, we can ship it
from common.mk.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
| |
This makes the Replicant additions more clear
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
| |
The FDroidPrivilegedExtension package was updated in the manifest to
0.2.8 version. In this new version the package name is
F-DroidPrivilegedExtension.
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Acked-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Once the source code is downloaded and the dependencies are
installed, it makes it easier for people to build Replicant.
It also saves the builds logs, to enable to later look at why
the build failed without needing to re-run the build.
However users still have to take care of running repo --sync
if necessary. This ensure that the local modifications are not
lost and also simplifies the procedure for testing patches.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's been more than one year that Replicant is aware that
shipping F-Droid as-is is not compliant with the Free System
Distrbution Guidelines(FSDG)[1].
This is beacause we hoped to resolve the issue upstream in
a timely manner, but that didn't happen.
As we now focus on a longer term solution[2], it doesn't make
any sense to keep F-Droid as-is in Replicant.
That new approach would enable to have an extremely low
maintenance cost for both F-Droid and Replicant if it
is merged upstream.
It would also enable users and developers of other
Android distributions to use it.
References:
-----------
[1]https://www.gnu.org/distros/free-system-distribution-guidelines.html
[2]https://gitlab.com/fdroid/fdroidclient/issues/564#note_162158449
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
|
|
|
|
|
|
|
| |
Create either all or none keys and certificates.
Signed-off-by: doak <doak+dev@posteo.net>
Acked-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes several issues:
* Mostly all fields have to be set (at least it seems like this)
to create certificates using 'make_key' successfully.
* Handle default values.
* Avoid unwanted whitespaces in 'SUBJECT' due of linebreak.
Signed-off-by: doak <doak+dev@posteo.net>
[GNUtoo@cyberdimension.org: added linebreak in commit message]
Acked-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
| |
Signed-off-by: doak <doak+dev@posteo.net>
Acked-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
| |
Signed-off-by: doak <doak+dev@posteo.net>
Acked-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
|
|
| |
Add workspace layouts for tablets and show RepWifi on the workspace.
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
|
|
| |
Breaks installation from SD card in some cases otherwise.
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|\
| |
| |
| | |
into replicant-6.0
|
| |
| |
| |
| |
| |
| |
| | |
adb root doesn't rely on su to work, so the daemon shouldn't
be started.
Change-Id: Ice9131b7efe9344df5d77fdbc465ce0b82dbe07f
|
| |
| |
| |
| |
| |
| | |
* Avoid confusion
Change-Id: I823d77e037b0d0dc2a4b9f0466d594213c72e179
|
| |
| |
| |
| | |
Change-Id: Ic2daf7ae920126fa6af420225bf9eac101c534e3
|
| |
| |
| |
| |
| |
| |
| | |
Update seapp_contexts and mac_permissions.xml for the new
LineageOS updater
Change-Id: I171b35ad5578202724efc3f823f7e7a461e5e5cd
|