summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Recovery: Remove check for matching application signatures with their dataHEADreplicant-6.0-0004-transitionreplicant-6.0-0004-rc6replicant-6.0-0004-rc5-transitionreplicant-6.0-0004-rc5replicant-6.0-0004-rc4replicant-6.0-0004-rc3replicant-6.0-0004replicant-6.0Denis 'GNUtoo' Carikli2020-09-242-14/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The applications built from Replicant are signed with a key that is generated during the build procedure The issue is that the data of an application becomes inaccessible to it if the application signature change. This affects all the applications built during and signed during the build of Replicant images, which includes all system applications. This is why, during the installation of a new Replicant version, the otasigcheck.sh is run: it verifies if the application signatures expected by the applications data match the signatures of the new applications that are part of the new Replicant image being installed. Without this check, users installing a new Replicant minor version (like Replicant 6.0 0004) and keeping the data from the previous minor version (like Replicant 6.0 0003) with a key that change will make at least some system applications like the launcher crash as they will not be able to access their data. If the check detects an incompatibility, on a Galaxy SIII (GT-I9300), we end up the installation aborting and the following message being displayed on the screen: detected filesystem ext4 for /dev/block/mmcblk0p12 Can't install this package on top of incompatible data. Ples se try another package or run a factory test E:Failed to install /sideload/package.zip E:Please take note of all the above lines for reports. This design has several issues: - You cannot upgrade between Replicant minor versions if the keys signing applications shipped in the new version changed. This is really problematic as to upgrade, users need to delete all their application data and restart creating them from scratch which is very time consuming. With frequent updates that would becomes too much time consuming to do. - It is also very fragile: if the data partition is encrypted, otasigcheck.sh cannot do the check, and the check is skipped completely, with the consequences explained before (the system applications end up not being able to access their data). To fix that: - This patch removes the call to otasigcheck.sh during the installation of new Replicant versions. - otasigcheck.sh will be removed in the vendor_replicant repository - A new script (key-migration.sh) will be added to the vendor_replicant repository. It will take care of migrating the applications data to the new keys during the first boot (so after the data partition will have been mounted). - A python script generating this key-migration.sh script will be added to the vendor_replicant-scripts repository to enable users and developers to generate a key-migration.sh script with the keys they want. This should make downgrade easier as the key-migration.sh could also be run manually in the recovery and also make the migration to self-built images much easier. Also, the otasigcheck.sh script has already been removed in LineageOS 17.1 by the following commit in vendor/lineage: commit 95621f3c73b94a87ca4528748535bb114ae1613f Author: Michael Bestas <mkbestas@lineageos.org> Date: Sat Aug 4 17:46:35 2018 +0300 Revert "ota: Validate any installed data's signature against our own" * otasigcheck doesn't work on encrypted devices and makes the zip installation fail since oreo. * The build part of this was never ported to oreo. This reverts commit aff5e54c4ef5fec7e67e830f83ee64424005d07c. Change-Id: I411f33c1db64844091c1692ef4706ae541925d4f Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
* Shorten the build fingerprintreplicant-6.0-0004-rc2replicant-6.0-0004-rc1Wolfgang Wiedmeyer2020-01-021-1/+1
| | | | | | | | | | It can exceed its maximum length for devices with longer codenames (e.g. espressowifi). PRODUCT_BRAND is set to "Android" which doesn't say much and TARGET_VENDOR_DEVICE_NAME should always have the same codename that is already set in the build target TARGET_VENDOR_PRODUCT_NAME, so no information is lost. Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* U-Boot and Xloader: use arm-none-eabi toolchainWolfgang Wiedmeyer2020-01-022-2/+2
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* kernel: mkimage dependency for U-Boot kernelsWolfgang Wiedmeyer2020-01-021-1/+6
| | | | | | | | | | | | | | Based on Paul's Replicant 4.2 patch: commit 3e39ecabad250118c613b71e01738bb4c7a4d51c Author: Paul Kocialkowski <contact@paulk.fr> Date: Fri Apr 25 11:43:26 2014 +0200 kernel: mkimage dependency for U-Boot kernels Signed-off-by: Paul Kocialkowski <contact@paulk.fr> Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* bootloaderimage targetPaul Kocialkowski2020-01-022-0/+7
| | | | Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
* U-Boot taskPaul Kocialkowski2020-01-022-0/+57
| | | | Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
* kernel: Add support for the LOADADDR parameter.Denis 'GNUtoo' Carikli2020-01-021-1/+5
| | | | | | | | | | | | | | | | Without that fix we have: Kernel: arch/arm/boot/zImage is ready multiple (or no) load addresses: This is incompatible with uImages Specify LOADADDR on the commandline to build an uImage make[3]: *** [arch/arm/boot/uImage] Error 1 make[2]: *** [uImage] Error 2 make[1]: *** [sub-make] Error 2 make[1]: Leaving directory `/home/gnutoo/embedded/android/replicant-4.0/kernel/goldelico/gta04' make: *** [TARGET_KERNEL_BINARIES] Error 2 While building a recent kernel (3.10 based in that case). Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>
* add heimdall to every buildWolfgang Wiedmeyer2020-01-021-0/+1
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* Enable -fstack-protector-strong for arm.Elliott Hughes2020-01-021-1/+1
| | | | | | | | | | | | | | | | | | | This results in nearly all functions with the possibility of stack corruption getting stack canaries, because it applies to any function taking a reference to the frame or with a local array rather than just the functions with arrays larger than 8 bytes. It was developed for use in Chrome (and Chrome OS) and has also been adopted by various other distributions (Arch, Fedora, Ubuntu, etc). The code size increase ranges from ~1.5% to ~2.5%, compared to ~0.3% to ~0.7% with the more conservative switch. The increase in the performance loss is usually minimal. The overall size increase once everything other than C and C++ code is taken into account is minimal, and it greatly improves the mitigation of stack buffer overflow vulnerabilities. https://lwn.net/Articles/584225/ Change-Id: Iccc20852db8a5e4dd9792f9da6d5e325fc59b0a5
* Add relocation packer as dependencyWolfgang Wiedmeyer2020-01-022-1/+2
| | | | | | Relocation packer is built from source. Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* rename release key dir to replicantWolfgang Wiedmeyer2020-01-022-2/+2
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* Always build superuserWolfgang Wiedmeyer2020-01-021-0/+2
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* Fix libs list for manifest mergerWolfgang Wiedmeyer2020-01-021-0/+4
| | | | | | Newer manifest merger expects colons instead of spaces. Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* keep up with latest manifest merger in DebianWolfgang Wiedmeyer2020-01-021-1/+1
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* Standalone recovery kernel buildWolfgang Wiedmeyer2020-01-022-5/+46
| | | | | | Port of commit f6fe3cf5 from Replicant 4.2 Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* add dependencies to manifest mergerWolfgang Wiedmeyer2020-01-021-1/+1
| | | | | | sdklib and tools.common are needed from Debian Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* use manifest merger from /usrWolfgang Wiedmeyer2020-01-021-1/+1
| | | | It's now available in Debian Stretch
* Clang: use assembler from toolchain, not from systemWolfgang Wiedmeyer2020-01-021-1/+2
| | | | | | This fixes build errors with a more recent binutils. Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* add Mesa to default product packagesWolfgang Wiedmeyer2020-01-021-1/+2
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* clang: fix gcc install pathsWolfgang Wiedmeyer2020-01-021-4/+4
| | | | | | They changed in the latest gcc from 4.9 to 4.9.x Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* java libs: add asm and tools-common-prebuilt from hostWolfgang Wiedmeyer2020-01-023-1/+5
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* add kxml2 to prebuilt java libsWolfgang Wiedmeyer2020-01-022-1/+3
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* make tcclean target workWolfgang Wiedmeyer2020-01-021-6/+6
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* add tcclean target to remove all toolchain build dirsWolfgang Wiedmeyer2020-01-021-1/+12
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* don't add CyanogenMod's keys to PRODUCT_EXTRA_RECOVERY_KEYSWolfgang Wiedmeyer2020-01-023-48/+0
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* add ddmlib from hostWolfgang Wiedmeyer2020-01-022-0/+14
| | | | | | was previously a prebuilt from misc Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* get java libraries from prebuilts/tools from hostWolfgang Wiedmeyer2020-01-026-0/+19
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* proguard and emma.jar from GNU/Linux hostWolfgang Wiedmeyer2020-01-021-2/+2
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* fix gcc tools pathWolfgang Wiedmeyer2020-01-023-7/+7
| | | | | | export androideabi arm toolchain path Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* use arm-linux-androideabi toolchain buildWolfgang Wiedmeyer2020-01-021-1/+1
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* use relocation packer from out dirWolfgang Wiedmeyer2020-01-021-1/+1
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* always build llvm componentsWolfgang Wiedmeyer2020-01-021-3/+1
| | | | | | this way, the prebuilt ones from the sdk are not needed Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* use more prebuilt apps from the hostWolfgang Wiedmeyer2020-01-021-7/+4
| | | | | | | take flex, bison, yasm and findbugs from /usr/bin TODO: cleanup removal of analyzer Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* clang: fix linkingWolfgang Wiedmeyer2020-01-021-2/+11
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* use the GNU/Linux Distribution's arm toolchain for the kernelWolfgang Wiedmeyer2020-01-022-10/+8
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* clang: include extra system headersWolfgang Wiedmeyer2020-01-021-3/+6
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* don't use the prebuilt host toolchainWolfgang Wiedmeyer2020-01-024-39/+21
| | | | | | | this is just an initial version various config parts need cleanup and more testing is necessary Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* remove prebuilt selinux binaries from PATHWolfgang Wiedmeyer2020-01-021-1/+1
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* Take the COPYING note from the smdk4412 kernel, so we don't depend on the ↵Wolfgang Wiedmeyer2020-01-021-1/+1
| | | | | | | | qemu kernel repo it shouldn't matter from which kernel repo the licence text is taken Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* change version strings to ReplicantWolfgang Wiedmeyer2020-01-022-2/+2
| | | | Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* fix pathsWolfgang Wiedmeyer2020-01-022-2/+2
| | | | | Change-Id: Iaafc283244ec47a0599c474a6a42efa4d87fa97c Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* Initial Replicant 4.2 commitPaul Kocialkowski2020-01-022-9/+10
| | | | | | | | | Change-Id: I69b539d5a87304d53b62d112d6895fd36bfc6446 Signed-off-by: Paul Kocialkowski <contact@paulk.fr> Conflicts: envsetup.sh tools/device/cm.mk.template
* Build Gallery3D only when there is OpenGL support, else fallback on legacy appsPaul Kocialkowski2020-01-021-2/+10
| | | | | | | | Change-Id: Ib8f1596e73951000e32bcf8bc9a3f0790d3b37f9 Signed-off-by: Paul Kocialkowski <contact@paulk.fr> Conflicts: target/product/generic_no_telephony.mk
* Replicant SDK namePaul Kocialkowski2020-01-021-1/+1
| | | | | Change-Id: I3b4debf8f58f9dbc3b22aedb4df1402e04394227 Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
* Do not use roomservice when a repository is missingPaul Kocialkowski2020-01-021-11/+0
| | | | | Change-Id: I867fa21cd52b1d0e0a49160b953bde3cd84b1639 Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
* X-Loader taskPaul Kocialkowski2020-01-022-0/+65
| | | | Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
* readd libGLES_android for software renderingWolfgang Wiedmeyer2020-01-021-1/+2
| | | | Change-Id: Ica4a8919ed29e91edb0c6f697da5aa2f68448dc8
* Bump Security Patch Level to 2019-04-01Tim Schumacher2019-08-201-1/+1
| | | | | | | | | | | | | | | | CVE-2019-2027 A-119120561 Crit Change 251187 CVE-2019-2028 A-120644655 Crit Change 254099 CVE-2019-2031 A-120502559 High Change 251188 CVE-2019-2034 A-122035770 High Change 251192 CVE-2019-2035 A-122320256 High Change 251191 CVE-2019-2038 A-121259048 High Change 251190 CVE-2019-2039 A-121260197 High Change 251189 CVE-2019-2029 A-120612744 Crit Change 251193 CVE-2019-2037 A-119870451 High Change 251194 Reference Version: 7.0 Change-Id: I258c7ac961dbc2281b01f4ecd69097e5e08d57b9
* Bump Security Patch Level to 2019-03-01Tim Schumacher2019-08-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2018-20346 A-121156452 High Change 254060/249486 CVE-2019-1985 A-118694079* High Change 246141 CVE-2019-2003 A-116321860 High Change 246849 CVE-2019-2004 A-115739809 High Change 246139 CVE-2019-1989 A-118399205 Crit. Change 246143 CVE-2019-1990 A-118453553 Crit. Change 246142 CVE-2019-2009 A-120665616 Crit. vulnerable feature missing CVE-2019-2010 A-118152591 High Change 246132 CVE-2019-2012 A-120497437 High Change 246131 CVE-2019-2013 A-120497583 High Change 246131 CVE-2019-2014 A-120499324 High Change 246138 CVE-2019-2015 A-120503926 High Change 246130 CVE-2019-2016 A-120664978 High Change 246129 CVE-2019-2017 A-121035711 High Change 246135 CVE-2018-9561 A-111660010[1] High Change 246134 CVE-2018-9561 A-111660010[2] High Change 246134 CVE-2018-9563 A-114237888[1] High Change 246134 CVE-2018-9563 A-114237888[2] High Change 246134 CVE-2018-9564 A-114238578[1] High Change 246134 CVE-2018-9564 A-114238578[2] High Change 246134 CVE-2019-2019 A-115635871 High Change 246136 CVE-2019-2020 A-116788646 High Change 246133 CVE-2019-2021 A-120428041 High Change 246137 CVE-2019-2022 A-120506143 High Change 246131 Reference version: 7.0 Change-Id: I3e73d75b38e88bfa649d2e960704cc4796f7b422
* Bump Security Patch Level to 2019-02-01Tim Schumacher2019-04-051-1/+1
| | | | | | | | | | | | | | | | | | CVE-2019-1987 A-118143775 [1] Crit. Dependency of [2] CVE-2019-1987 A-118143775 [2] Crit. Not applicable CVE-2017-17760 A-78029030* High Change 244765 CVE-2018-5268 A-78029634* High Change 244765 CVE-2018-5269 A-78029727* High Change 244765 CVE-2017-18009 A-78026242* Mod. Change 244765 CVE-2019-1991 A-110166268 Crit. Change 244753 CVE-2019-1992 A-116222069 Crit. Change 244755 CVE-2019-1995 A-32589229 [1] High Change 244756 CVE-2019-1995 A-32589229 [2] High Change 244757 CVE-2019-1997 A-117508900 High Change 244758 Reference Version: 7.0 Change-Id: Iac3b46a870f0a91900fcfe486e863ad1ff3466e6
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 11:22:00 +0000