diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2ef10b1df5c84e5c0b03bb20bc5604fa8a4349a7..d16304200bd3615e258181fcae96b4ff233ec984 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,7 +6,7 @@ variables: stage: build image: docker:git services: - - docker:20.10.16-dind + - docker:28.4.0-dind script: - "docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY" - "docker pull $CI_REGISTRY_IMAGE:$IMAGE_TAG || true" diff --git a/Dockerfile b/Dockerfile index 0676d4ea22c6af3627ba934b2f425c673659036a..87713950908ffb8e88302c028e925534642c8de4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:20.04 +FROM ubuntu:24.04 MAINTAINER Romain Hunault # Environment variables @@ -46,6 +46,10 @@ ENV RELEASE_TYPE 'UNOFFICIAL' # Repo use for build ENV REPO 'https://gitlab.e.foundation/e/os/android.git' +ENV LINEAGE_REPO 'https://github.com/LineageOS/android.git' + +# If we have a change ref for lineage like refs/changes/42/436442/31 +ENV CHANGE_REF='' # Optional parameter to repo init --depth N # A size of 0 deactivates --depth N @@ -67,6 +71,9 @@ ENV CLEAN_OUTDIR false # For example, '0 10 * * *' means 'Every day at 10:00 UTC' ENV CRONTAB_TIME 'now' +# Clean source code before build +ENV CLEAN_SRC_BUILD false + # Clean artifacts output after each build ENV CLEAN_AFTER_BUILD true @@ -145,6 +152,8 @@ ENV BUILD_FLASH_PACKAGE false # specify a custom manifest URL ENV REPO_CUSTOM_MANIFEST false +# Build lineage from source +ENV IS_LINEAGE_BUILD false # You can optionally specify a USERSCRIPTS_DIR volume containing these scripts: # * begin.sh, run at the very beginning @@ -185,29 +194,19 @@ RUN mkdir -p $USERSCRIPTS_DIR RUN apt-get -qq update RUN apt-get -qqy upgrade -RUN apt-get install -y bc bison bsdmainutils build-essential ccache cgpt clang cron \ - curl flex g++-multilib gcc-multilib git git-lfs gnupg gperf imagemagick img2simg kmod jq \ - lib32ncurses5-dev libncurses5 lib32readline-dev lib32z1-dev libtinfo5 liblz4-tool \ - libncurses5-dev libsdl1.2-dev libssl-dev libxml2 \ - libxml2-utils lsof lzop maven openjdk-8-jdk pngcrush \ - procps python python3 rsync schedtool simg2img squashfs-tools software-properties-common wget xdelta3 xsltproc xxd yasm \ +RUN apt-get install -y android-sdk-libsparse-utils bc bison bsdmainutils build-essential ccache cgpt clang cron \ + curl flex g++-multilib gcc-multilib git git-lfs gnupg gperf imagemagick kmod jq \ + lib32readline-dev lib32z1-dev liblz4-tool \ + libsdl1.2-dev libssl-dev libxml2 \ + libxml2-utils lsof lzop maven pngcrush \ + procps python3 python-is-python3 rsync schedtool squashfs-tools software-properties-common wget xdelta3 xsltproc xxd yasm \ zip zlib1g-dev RUN curl https://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo RUN chmod a+x /usr/local/bin/repo -RUN ln -fs /usr/bin/python3 /usr/bin/python - -# Use adoptopenjdk.net to be able to use OpeJDK8 on debian:buster -RUN curl -q https://packages.adoptium.net/artifactory/api/gpg/key/public | apt-key add - -RUN add-apt-repository --yes https://packages.adoptium.net/artifactory/deb -RUN apt-get -qq update && apt-get install -y temurin-8-jdk -RUN update-alternatives --set java /usr/lib/jvm/temurin-8-jdk-amd64/bin/java - - -# Fix jack server SSL issue during build for openjdk (adoptopenjdk won't work for nougat and oreo) -RUN perl -0777 -i -p -e 's/(jdk.tls.disabledAlgorithms=.*?), TLSv1, TLSv1\.1/$1/g' \ - /etc/java-8-openjdk/security/java.security +RUN wget https://archive.ubuntu.com/ubuntu/pool/universe/n/ncurses/libtinfo5_6.3-2_amd64.deb && dpkg -i libtinfo5_6.3-2_amd64.deb && rm -f libtinfo5_6.3-2_amd64.deb +RUN wget https://archive.ubuntu.com/ubuntu/pool/universe/n/ncurses/libncurses5_6.3-2_amd64.deb && dpkg -i libncurses5_6.3-2_amd64.deb && rm -f libncurses5_6.3-2_amd64.deb # Set the work directory ######################## diff --git a/Dockerfile.community b/Dockerfile.community index 87bbd640335be6e4cb116348da7f1d22ba7724e9..6cee5eb912a10586d9a92452daa7e3661555741b 100644 --- a/Dockerfile.community +++ b/Dockerfile.community @@ -1,4 +1,4 @@ -FROM ubuntu:20.04 +FROM ubuntu:24.04 MAINTAINER Romain Hunault # Environment variables @@ -177,23 +177,19 @@ RUN mkdir -p $USERSCRIPTS_DIR RUN apt-get -qq update RUN apt-get -qqy upgrade -RUN apt-get install -y bc bison bsdmainutils build-essential ccache cgpt clang cron \ +RUN apt-get install -y android-sdk-libsparse-utils bc bison bsdmainutils build-essential ccache cgpt clang cron \ curl flex g++-multilib gcc-multilib git git-lfs gnupg gperf imagemagick kmod jq \ - lib32ncurses5-dev libncurses5 lib32readline-dev lib32z1-dev libtinfo5 liblz4-tool \ - libncurses5-dev libsdl1.2-dev libssl-dev libxml2 \ + lib32readline-dev lib32z1-dev liblz4-tool \ + libsdl1.2-dev libssl-dev libxml2 \ libxml2-utils lsof lzop maven pngcrush \ - procps python python3 rsync schedtool squashfs-tools software-properties-common wget xdelta3 xsltproc xxd yasm \ + procps python3 python-is-python3 rsync schedtool squashfs-tools software-properties-common wget xdelta3 xsltproc xxd yasm \ zip zlib1g-dev RUN curl https://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo RUN chmod a+x /usr/local/bin/repo -RUN ln -fs /usr/bin/python3 /usr/bin/python -# Use adoptopenjdk.net to be able to use OpeJDK8 on debian:buster -RUN curl -q https://packages.adoptium.net/artifactory/api/gpg/key/public | apt-key add - -RUN add-apt-repository --yes https://packages.adoptium.net/artifactory/deb -RUN apt-get -qq update && apt-get install -y temurin-8-jdk -RUN update-alternatives --set java /usr/lib/jvm/temurin-8-jdk-amd64/bin/java +RUN wget https://archive.ubuntu.com/ubuntu/pool/universe/n/ncurses/libtinfo5_6.3-2_amd64.deb && dpkg -i libtinfo5_6.3-2_amd64.deb && rm -f libtinfo5_6.3-2_amd64.deb +RUN wget https://archive.ubuntu.com/ubuntu/pool/universe/n/ncurses/libncurses5_6.3-2_amd64.deb && dpkg -i libncurses5_6.3-2_amd64.deb && rm -f libncurses5_6.3-2_amd64.deb # Set the work directory ######################## diff --git a/build-community.sh b/build-community.sh index 5d3c5e61de3c109cabc78c29bd752d0c25d25ec8..7bea9c504d4a53b32ea1a0ec360c6046cc15c028 100755 --- a/build-community.sh +++ b/build-community.sh @@ -123,6 +123,9 @@ for branch in ${BRANCH_NAME//,/ }; do elif [[ "${BRANCH_NAME}" =~ $regex_part1"a15"$regex_part2 || "${BRANCH_NAME}" =~ "a15" ]]; then themuppets_branch="lineage-22.2" android_version="15" + elif [[ "${BRANCH_NAME}" =~ $regex_part1"a16"$regex_part2 || "${BRANCH_NAME}" =~ "a16" ]]; then + themuppets_branch="lineage-23.0" + android_version="16" else echo ">> [$(date)] Building branch $branch is not (yet) suppported" exit 1 diff --git a/src/apex.list b/src/apex.list index bf13f934346f9553e3ca73c904e6df884b2eaca1..80d46d47452c0b84af81b187981fde5024abe874 100644 --- a/src/apex.list +++ b/src/apex.list @@ -5,8 +5,10 @@ com.android.appsearch com.android.appsearch.apk com.android.art com.android.bluetooth +com.android.bt com.android.btservices com.android.cellbroadcast +com.android.crashrecovery com.android.compos com.android.configinfrastructure com.android.connectivity.resources @@ -48,6 +50,7 @@ com.android.telephony com.android.telephonymodules com.android.tethering com.android.tzdata +com.android.uprobestats com.android.uwb com.android.uwb.resources com.android.virt diff --git a/src/build.sh b/src/build.sh index 301d3f6b9cfa27ee6bd1472831e2a752314b4fdf..ba10b9a15d6d94473003598423f9c91691815d9b 100755 --- a/src/build.sh +++ b/src/build.sh @@ -91,32 +91,15 @@ exit_script() { sync_successful=true use_openjdk_from_ubuntu=false -branch_dir=$(sed -E 's/^v[0-9](\.[0-9]*){0,2}(-(beta|alpha|rc)(\.[0-9]*){0,1}){0,1}-(nougat|oreo|pie|q|r|s|t|u|a14|a15)(-[a-zA-Z0-9_]*)*$/\5/' <<<"${BRANCH_NAME}") +branch_dir=$(sed -E 's/^v[0-9](\.[0-9]*){0,2}(-(beta|alpha|rc)(\.[0-9]*){0,1}){0,1}-(s|t|u|a14|a15|a16)(-[a-zA-Z0-9_]*)*$/\5/' <<<"${BRANCH_NAME}") branch_dir=${branch_dir^^} +default_key_dir="user-keys" if [ -n "${BRANCH_NAME}" ] && [ -n "${DEVICE}" ]; then vendor=lineage regex_part1="^v[0-9](\.[0-9]*){0,2}(-(beta|alpha|rc)(\.[0-9]*){0,1}){0,1}-(" regex_part2=")(-[a-zA-Z0-9_]*)*$" - if [[ "${BRANCH_NAME}" =~ $regex_part1"nougat"$regex_part2 ]]; then - vendor="cm" - themuppets_branch="cm-14.1" - android_version="7.1.2" - use_openjdk_from_ubuntu=true - elif [[ "${BRANCH_NAME}" =~ $regex_part1"oreo"$regex_part2 ]]; then - themuppets_branch="lineage-15.1" - android_version="8.1" - use_openjdk_from_ubuntu=true - elif [[ "${BRANCH_NAME}" =~ $regex_part1"pie"$regex_part2 ]]; then - themuppets_branch="lineage-16.0" - android_version="9" - elif [[ "${BRANCH_NAME}" =~ $regex_part1"q"$regex_part2 ]]; then - themuppets_branch="lineage-17.1" - android_version="10" - elif [[ "${BRANCH_NAME}" =~ $regex_part1"r"$regex_part2 ]]; then - themuppets_branch="lineage-18.1" - android_version="11" - elif [[ "${BRANCH_NAME}" =~ $regex_part1"s"$regex_part2 ]]; then + if [[ "${BRANCH_NAME}" =~ $regex_part1"s"$regex_part2 ]]; then themuppets_branch="lineage-19.1" android_version="12" elif [[ "${BRANCH_NAME}" =~ $regex_part1"t"$regex_part2 ]]; then @@ -131,6 +114,9 @@ if [ -n "${BRANCH_NAME}" ] && [ -n "${DEVICE}" ]; then elif [[ "${BRANCH_NAME}" =~ $regex_part1"a15"$regex_part2 || "${BRANCH_NAME}" =~ "a15" ]]; then themuppets_branch="lineage-22.2" android_version="15" + elif [[ "${BRANCH_NAME}" =~ $regex_part1"a16"$regex_part2 || "${BRANCH_NAME}" =~ "a16" ]]; then + themuppets_branch="lineage-23.0" + android_version="16" else echo ">> [$(date)] Building branch $BRANCH_NAME is not (yet) supported" exit 1 @@ -142,6 +128,12 @@ if [ -n "${BRANCH_NAME}" ] && [ -n "${DEVICE}" ]; then android_version_major=$(cut -d '.' -f 1 <<<$android_version) + if [ "$CLEAN_SRC_BUILD" = true ]; then + echo ">> [$(date)] Cleaning source code" + rm -rf "$SRC_DIR/$branch_dir" + rm -rf "$CCACHE_BASE_DIR/$branch_dir" + fi + mkdir -p "$SRC_DIR/$branch_dir" cd "$SRC_DIR/$branch_dir" || return 1 @@ -150,7 +142,7 @@ if [ -n "${BRANCH_NAME}" ] && [ -n "${DEVICE}" ]; then echo ">> [$(date)] Setting up CCache, CCACHE_DIR=${CCACHE_DIR} CCACHE_SIZE=${CCACHE_SIZE}" - echo ">> [$(date)] Branch: ${BRANCH_NAME}" + echo ">> [$(date)] Branch: ${BRANCH_NAME}" echo ">> [$(date)] Device: ${DEVICE}" # Remove previous changes of vendor/cm, vendor/lineage and frameworks/base (if they exist) @@ -194,9 +186,22 @@ if [ -n "${BRANCH_NAME}" ] && [ -n "${DEVICE}" ]; then REPO_GROUPS="" fi + # Repo init branch + INIT_REPO=$REPO + INIT_BRANCH=${TAG_PREFIX}${BRANCH_NAME} + + if [ "$IS_LINEAGE_BUILD" = true ]; then + INIT_REPO=$LINEAGE_REPO + fi + + # If you have a change ref, override INIT_BRANCH + if [ -n "$CHANGE_REF" ]; then + INIT_BRANCH=$CHANGE_REF + fi + # Repo init source - echo ">> [$(date)] Running: repo init $REPO_INIT_PARAM -u \"$REPO\" -b \"${TAG_PREFIX}${BRANCH_NAME}\" $REPO_GROUPS" - yes | repo init $REPO_INIT_PARAM -u "$REPO" -b "${TAG_PREFIX}${BRANCH_NAME}" $REPO_GROUPS + echo ">> [$(date)] Running: repo init $REPO_INIT_PARAM -u \"$INIT_REPO\" -b \"${INIT_BRANCH}\" $REPO_GROUPS" + yes | repo init $REPO_INIT_PARAM -u "$INIT_REPO" -b "${INIT_BRANCH}" $REPO_GROUPS if [ "$REPO_CUSTOM_MANIFEST" != false ]; then wget -O .repo/manifests/default.xml $REPO_CUSTOM_MANIFEST @@ -249,10 +254,6 @@ if [ -n "${BRANCH_NAME}" ] && [ -n "${DEVICE}" ]; then fi config_file="vendor/lineage/config/version.mk" - if [ ! -f "$config_file" ]; then - # If version.mk doesn't exist, use common.mk - config_file="vendor/lineage/config/common.mk" - fi # Extract version information PRODUCT_VERSION_MAJOR=$(grep -oP 'PRODUCT_VERSION_MAJOR = \K.*' "$config_file") @@ -269,12 +270,7 @@ if [ -n "${BRANCH_NAME}" ] && [ -n "${DEVICE}" ]; then if [ "$SIGN_BUILDS" = true ]; then echo ">> [$(date)] Adding keys path ($KEYS_DIR)" # Soong (Android 9+) complains if the signing keys are outside the build path - ln -sf "$KEYS_DIR" user-keys - if [ "$android_version_major" -lt "10" ]; then - sed -i "1s;^;PRODUCT_DEFAULT_DEV_CERTIFICATE := user-keys/releasekey\nPRODUCT_OTA_PUBLIC_KEYS := user-keys/releasekey\nPRODUCT_EXTRA_RECOVERY_KEYS := user-keys/releasekey\n\n;" "vendor/$vendor/config/common.mk" - elif [ "$android_version_major" -lt "12" ]; then - sed -i "1s;^;PRODUCT_DEFAULT_DEV_CERTIFICATE := user-keys/releasekey\nPRODUCT_OTA_PUBLIC_KEYS := user-keys/releasekey\n\n;" "vendor/$vendor/config/common.mk" - fi + ln -sf "$KEYS_DIR" $default_key_dir fi # Prepare the environment @@ -383,14 +379,6 @@ if [ -n "${BRANCH_NAME}" ] && [ -n "${DEVICE}" ]; then build_success=true fi fi - elif [ "$android_version_major" -lt "12" ]; then - if [ "${BUILD_SUPER_IMAGE}" = true ]; then - if breakfast_device && mka bacon superimage; then - build_success=true - fi - elif brunch "${DEVICE}" "${BUILD_TYPE}"; then - build_success=true - fi elif breakfast_device; then # Apply patch for vendor prebuilt devices. if [ "${DEVICE}" = "one" ] || [ "${DEVICE}" = "two" ]; then @@ -412,39 +400,38 @@ if [ -n "${BRANCH_NAME}" ] && [ -n "${DEVICE}" ]; then fi E_VERSION=e-$E_BRANCH_NAME-$BUILD_NUMBER-$RELEASE_TYPE-${DEVICE}.zip - # Remove release-keys from build as its still using test-keys. - if [ "$SIGN_BUILDS" != true ]; then - SIGN_TARGETS=(-t "+test-keys,-release-keys") - else - SIGN_TARGETS=(-o -d "user-keys") + if [ "$SIGN_BUILDS" = true ]; then + SIGN_TARGETS=(-o -d "$default_key_dir") + SIGN_KEY=(-k "$default_key_dir/releasekey") fi - if [ "$android_version_major" -ge 12 ] && [ "$SIGN_BUILDS" = true ]; then + if [ "$SIGN_BUILDS" = true ]; then APEX_PACKAGE_LIST=$(cat "/root/apex.list") for PACKAGE in $APEX_PACKAGE_LIST; do - if [ -f "user-keys/$PACKAGE.pem" ] && - [ -f "user-keys/$PACKAGE.x509.pem" ] && - [ -f "user-keys/$PACKAGE.pk8" ]; then - SIGN_TARGETS+=(--extra_apks "$PACKAGE.apex=user-keys/$PACKAGE" - --extra_apex_payload_key "$PACKAGE.apex=user-keys/$PACKAGE.pem") + if [ -f "$default_key_dir/$PACKAGE.pem" ] && + [ -f "$default_key_dir/$PACKAGE.x509.pem" ] && + [ -f "$default_key_dir/$PACKAGE.pk8" ]; then + SIGN_TARGETS+=(--extra_apks "$PACKAGE.apex=$default_key_dir/$PACKAGE" + --extra_apex_payload_key "$PACKAGE.apex=$default_key_dir/$PACKAGE.pem") fi done APEXAPK_PACKAGE_LIST=$(cat "/root/apex_apk.list") for PACKAGE in $APEXAPK_PACKAGE_LIST; do - SIGN_TARGETS+=(--extra_apks "$PACKAGE.apk=user-keys/releasekey") + SIGN_TARGETS+=(--extra_apks "$PACKAGE.apk=$default_key_dir/releasekey") done fi if [ "$(find $OUT/obj/PACKAGING/target_files_intermediates/ -name *-target_files*.zip -print -quit)" ]; then - sign_target_files_apks "${SIGN_TARGETS[@]}" \ - $OUT/obj/PACKAGING/target_files_intermediates/*-target_files*.zip "$OUT/$TARGET_FILES" + if [ "$SIGN_BUILDS" = true ]; then + sign_target_files_apks "${SIGN_TARGETS[@]}" \ + $OUT/obj/PACKAGING/target_files_intermediates/*-target_files*.zip "$OUT/$TARGET_FILES" + else + mv $OUT/obj/PACKAGING/target_files_intermediates/*-target_files*.zip "$OUT/$TARGET_FILES" + fi # Generate OTA zip echo ">> [$(date)] Generating OTA zip from target-files-package" - if [ "$SIGN_BUILDS" = true ]; then - SIGN_KEY=(-k "user-keys/releasekey") - fi ota_from_target_files --backup=true "${SIGN_KEY[@]}" "$OUT/$TARGET_FILES" \ "$OUT/$E_VERSION" @@ -602,17 +589,11 @@ if [ -n "${BRANCH_NAME}" ] && [ -n "${DEVICE}" ]; then fi IMG_OUT=$OUT - if [ "$android_version_major" -lt "12" ]; then - IMG_OUT=obj/PACKAGING/target_files_intermediates/lineage_*/IMAGES - fi # Move produced ZIP files to the main OUT directory echo ">> [$(date)] Moving build artifacts for ${DEVICE} to '$ZIP_DIR/$zipsubdir'" cd "${OUT}" || return 1 for build in $(ls e-*.zip); do - if [ "$android_version_major" -lt "12" ]; then - sha256sum "$build" >"$ZIP_DIR/$zipsubdir/$build.sha256sum" - fi find . -maxdepth 1 \( -name 'e-*.zip*' -o -name 'IMG-e*.zip*' -o -name 'QFIL-e*.zip*' \) -type f -exec mv {} "$ZIP_DIR/$zipsubdir/" \; SKIP_DYNAMIC_IMAGES="odm.img product.img system.img system_ext.img vendor.img" diff --git a/src/common.list b/src/common.list new file mode 100644 index 0000000000000000000000000000000000000000..f73e05b999c22d027c4e99073082e1d5cd294104 --- /dev/null +++ b/src/common.list @@ -0,0 +1,10 @@ +releasekey +platform +shared +media +networkstack +nfc +verity +bluetooth +sdk_sandbox + diff --git a/src/init.sh b/src/init.sh index 63f5495eb58c358ce6e7f4d607d221ca3d3c89d8..d16c0c8779c2d7fa4d11538c5714ef261cc034e2 100755 --- a/src/init.sh +++ b/src/init.sh @@ -35,12 +35,12 @@ git config --global user.email "$USER_MAIL" if [ "$SIGN_BUILDS" = true ]; then if [ -z "$(ls -A "$KEYS_DIR")" ]; then echo ">> [$(date)] SIGN_BUILDS = true but empty \$KEYS_DIR, generating new keys" - for c in releasekey platform shared media networkstack; do + for c in $(cat "/root/common.list"); do echo ">> [$(date)] Generating $c..." /root/make_key "$KEYS_DIR/$c" "$KEYS_SUBJECT" <<<'' &>/dev/null done else - for c in releasekey platform shared media networkstack; do + for c in $(cat "/root/common.list"); do for e in pk8 x509.pem; do if [ ! -f "$KEYS_DIR/$c.$e" ]; then echo ">> [$(date)] SIGN_BUILDS = true and not empty \$KEYS_DIR, but \"\$KEYS_DIR/$c.$e\" is missing" diff --git a/src/make_key b/src/make_key index a6cf49c0dd8f7ba513eab4203f39805547a0eddb..d266cc52f96de0f8cf7a8e4f6240a07fb655f2bc 100755 --- a/src/make_key +++ b/src/make_key @@ -50,7 +50,7 @@ read -p "Enter password for '$1' (blank for none; password will be visible): " \ password if [ "${3}" = "rsa" -o "$#" -eq 2 ]; then - ( openssl genrsa -f4 2048 | tee ${one} > ${two} ) & + ( openssl genrsa -f4 4096 | tee ${one} > ${two} ) & hash="-sha256" elif [ "${3}" = "ec" ]; then ( openssl ecparam -name prime256v1 -genkey -noout | tee ${one} > ${two} ) & @@ -69,10 +69,11 @@ if [ "${password}" == "" ]; then else echo "creating ${1}.pk8 with password [${password}]" export password - openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 \ + openssl pkcs8 -in ${one} -topk8 -v1 PBE-SHA1-3DES -outform DER -out $1.pk8 \ -passout env:password unset password fi wait wait +