diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 39894e967ccfcde40a177abc2ae07a605d9855e1..b15d938a04044b975f772acea466a96530b8d192 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,7 +9,7 @@ build_image: stage: build image: docker:git services: - - docker:dind + - docker:18-dind script: - docker pull $CONTAINER_IMAGE:$CI_COMMIT_REF_NAME || true - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.gitlab.e.foundation:5000 diff --git a/Dockerfile b/Dockerfile index b50ef6c1cfc4305a1ff46487d52d6edfdfe8c59e..9ea70b74024a474189a388e3f89fa7d689506219 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,15 +4,9 @@ MAINTAINER Nicola Corna # Environment variables ####################### -ENV MIRROR_DIR /srv/mirror ENV SRC_DIR /srv/src -ENV TMP_DIR /srv/tmp ENV CCACHE_DIR /srv/ccache -ENV ZIP_DIR /srv/zips -ENV LMANIFEST_DIR /srv/local_manifests -ENV DELTA_DIR /srv/delta -ENV KEYS_DIR /srv/keys -ENV LOGS_DIR /srv/logs +ENV APK_DIR /srv/apk ENV USERSCRIPTS_DIR /srv/userscripts ENV DEBIAN_FRONTEND noninteractive @@ -34,118 +28,32 @@ ENV CCACHE_SIZE 50G # See https://github.com/LineageOS/android_vendor_cm/branches for possible options ENV BRANCH_NAME 'cm-14.1' -# Environment for the device list (separate by comma if more than one) -# eg. DEVICE_LIST=hammerhead,bullhead,angler -ENV DEVICE_LIST '' - -# Release type string -ENV RELEASE_TYPE 'UNOFFICIAL' - # Repo use for build ENV REPO 'https://github.com/LineageOS/android.git' -# Repo use for build -ENV MIRROR 'https://github.com/LineageOS/mirror' - -# OTA URL that will be used inside CMUpdater -# Use this in combination with LineageOTA to make sure your device can auto-update itself from this buildbot -ENV OTA_URL '' - # User identity ENV USER_NAME 'LineageOS Buildbot' ENV USER_MAIL 'lineageos-buildbot@docker.host' -# Include proprietary files, downloaded automatically from github.com/TheMuppets/ -# Only some branches are supported -ENV INCLUDE_PROPRIETARY true - -# Mount an overlay filesystem over the source dir to do each build on a clean source -ENV BUILD_OVERLAY false - -# Clone the full LineageOS mirror (> 200 GB) -ENV LOCAL_MIRROR false - -# If you want to preserve old ZIPs set this to 'false' -ENV CLEAN_OUTDIR false - -# Change this cron rule to what fits best for you -# Use 'now' to start the build immediately -# For example, '0 10 * * *' means 'Every day at 10:00 UTC' -ENV CRONTAB_TIME 'now' - # Clean artifacts output after each build ENV CLEAN_AFTER_BUILD true - -# Provide root capabilities builtin inside the ROM (see http://lineageos.org/Update-and-Build-Prep/) -ENV WITH_SU false - # Provide a default JACK configuration in order to avoid out-of-memory issues ENV ANDROID_JACK_VM_ARGS "-Dfile.encoding=UTF-8 -XX:+TieredCompilation -Xmx4G" -# Custom packages to be installed -ENV CUSTOM_PACKAGES '' +# Path to the source code of the module to build +ENV MODULE_PATH packages/apps/Settings -# Sign the builds with the keys in $KEYS_DIR -ENV SIGN_BUILDS false +# Module name (defined in the makefile) +ENV MODULE_NAME Settings -# When SIGN_BUILDS = true but no keys have been provided, generate a new set with this subject -ENV KEYS_SUBJECT '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com' - -# Move the resulting zips to $ZIP_DIR/$codename instead of $ZIP_DIR/ -ENV ZIP_SUBDIR true - -# Write the verbose logs to $LOGS_DIR/$codename instead of $LOGS_DIR/ -ENV LOGS_SUBDIR true - -# Apply the MicroG's signature spoofing patch -# Valid values are "no", "yes" (for the original MicroG's patch) and -# "restricted" (to grant the permission only to the system privileged apps). -# -# The original ("yes") patch allows user apps to gain the ability to spoof -# themselves as other apps, which can be a major security threat. Using the -# restricted patch and embedding the apps that requires it as system privileged -# apps is a much secure option. See the README.md ("Custom mode") for an -# example. -ENV SIGNATURE_SPOOFING "no" - -# Generate delta files -ENV BUILD_DELTA false - -# Delete old zips in $ZIP_DIR, keep only the N latest one (0 to disable) -ENV DELETE_OLD_ZIPS 0 - -# Delete old deltas in $DELTA_DIR, keep only the N latest one (0 to disable) -ENV DELETE_OLD_DELTAS 0 - -# Delete old logs in $LOGS_DIR, keep only the N latest one (0 to disable) -ENV DELETE_OLD_LOGS 0 - -# Create a JSON file that indexes the build zips at the end of the build process -# (for the updates in OpenDelta). The file will be created in $ZIP_DIR with the -# specified name; leave empty to skip it. -# Requires ZIP_SUBDIR. -ENV OPENDELTA_BUILDS_JSON '' - -# You can optionally specify a USERSCRIPTS_DIR volume containing these scripts: -# * begin.sh, run at the very beginning -# * before.sh, run after the syncing and patching, before starting the builds -# * pre-build.sh, run before the build of every device -# * post-build.sh, run after the build of every device -# * end.sh, run at the very end -# Each script will be run in $SRC_DIR and must be owned and writeable only by -# root +# When the app is defined as a priv app +ENV PRIV_APP true # Create Volume entry points ############################ -VOLUME $MIRROR_DIR VOLUME $SRC_DIR -VOLUME $TMP_DIR VOLUME $CCACHE_DIR -VOLUME $ZIP_DIR -VOLUME $LMANIFEST_DIR -VOLUME $DELTA_DIR -VOLUME $KEYS_DIR -VOLUME $LOGS_DIR +VOLUME $APK_DIR VOLUME $USERSCRIPTS_DIR VOLUME /root/.ssh @@ -155,15 +63,9 @@ COPY src/ /root/ # Create missing directories ############################ -RUN mkdir -p $MIRROR_DIR RUN mkdir -p $SRC_DIR -RUN mkdir -p $TMP_DIR RUN mkdir -p $CCACHE_DIR -RUN mkdir -p $ZIP_DIR -RUN mkdir -p $LMANIFEST_DIR -RUN mkdir -p $DELTA_DIR -RUN mkdir -p $KEYS_DIR -RUN mkdir -p $LOGS_DIR +RUN mkdir -p $APK_DIR RUN mkdir -p $USERSCRIPTS_DIR # Install build dependencies @@ -188,24 +90,6 @@ RUN apt-get install -y bc bison bsdmainutils build-essential ccache cgpt cron \ RUN curl https://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo RUN chmod a+x /usr/local/bin/repo -# Download and build delta tools -################################ -RUN cd /root/ && \ - mkdir delta && \ - git clone --depth=1 https://github.com/omnirom/android_packages_apps_OpenDelta.git OpenDelta && \ - gcc -o delta/zipadjust OpenDelta/jni/zipadjust.c OpenDelta/jni/zipadjust_run.c -lz && \ - cp OpenDelta/server/minsignapk.jar OpenDelta/server/opendelta.sh delta/ && \ - chmod +x delta/opendelta.sh && \ - rm -rf OpenDelta/ && \ - sed -i -e 's|^\s*HOME=.*|HOME=/root|; \ - s|^\s*BIN_XDELTA=.*|BIN_XDELTA=xdelta3|; \ - s|^\s*FILE_MATCH=.*|FILE_MATCH=lineage-\*.zip|; \ - s|^\s*PATH_CURRENT=.*|PATH_CURRENT=$SRC_DIR/out/target/product/$DEVICE|; \ - s|^\s*PATH_LAST=.*|PATH_LAST=$SRC_DIR/delta_last/$DEVICE|; \ - s|^\s*KEY_X509=.*|KEY_X509=$KEYS_DIR/releasekey.x509.pem|; \ - s|^\s*KEY_PK8=.*|KEY_PK8=$KEYS_DIR/releasekey.pk8|; \ - s|publish|$DELTA_DIR|g' /root/delta/opendelta.sh - # Set the work directory ######################## WORKDIR $SRC_DIR diff --git a/README.md b/README.md index f6792bca041fc3f995c447c15eb55436c0afe36c..eddedcc8c4c92ce138390e60de21b689c5f8f7cc 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# docker-lineage-cicd +# docker-lineage-module-cicd Docker microservice for LineageOS Continuous Integration and Continous Deployment diff --git a/src/build.sh b/src/build.sh index f3fdeaae6c60427464eca52048f4b215c300cb55..c4c06f46a1ec49049c493597469f98df354c368b 100755 --- a/src/build.sh +++ b/src/build.sh @@ -17,8 +17,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -repo_log="$LOGS_DIR/repo-$(date +%Y%m%d).log" - # cd to working directory cd "$SRC_DIR" @@ -27,62 +25,17 @@ if [ -f /root/userscripts/begin.sh ]; then /root/userscripts/begin.sh fi -# If requested, clean the OUT dir in order to avoid clutter -if [ "$CLEAN_OUTDIR" = true ]; then - echo ">> [$(date)] Cleaning '$ZIP_DIR'" - rm -rf "$ZIP_DIR/"* -fi - -# Treat DEVICE_LIST as DEVICE_LIST_ -first_branch=$(cut -d ',' -f 1 <<< "$BRANCH_NAME") -if [ -n "$DEVICE_LIST" ]; then - device_list_first_branch="DEVICE_LIST_$(sed 's/.*-\([a-zA-Z]*\)$/\1/' <<< $first_branch)" - device_list_first_branch=${device_list_first_branch^^} - read $device_list_first_branch <<< "$DEVICE_LIST,${!device_list_first_branch}" -fi - -sync_successful=true - -if [ "$LOCAL_MIRROR" = true ]; then - - cd "$MIRROR_DIR" - - if [ ! -d .repo ]; then - echo ">> [$(date)] Initializing mirror repository" | tee -a "$repo_log" - yes | repo init -u "$MIRROR" --mirror --no-clone-bundle -p linux &>> "$repo_log" - fi - - # Copy local manifests to the appropriate folder in order take them into consideration - echo ">> [$(date)] Copying '$LMANIFEST_DIR/*.xml' to '.repo/local_manifests/'" - mkdir -p .repo/local_manifests - rsync -a --delete --include '*.xml' --exclude '*' "$LMANIFEST_DIR/" .repo/local_manifests/ - - rm -f .repo/local_manifests/proprietary.xml - if [ "$INCLUDE_PROPRIETARY" = true ]; then - wget -q -O .repo/local_manifests/proprietary.xml "https://raw.githubusercontent.com/TheMuppets/manifests/mirror/default.xml" - fi - - echo ">> [$(date)] Syncing mirror repository" | tee -a "$repo_log" - repo sync --force-sync --no-clone-bundle &>> "$repo_log" - - if [ $? != 0 ]; then - sync_successful=false - fi -fi - for branch in ${BRANCH_NAME//,/ }; do branch_dir=$(sed 's/.*-\([a-zA-Z]*\)$/\1/' <<< $branch) branch_dir=${branch_dir^^} - device_list_cur_branch="DEVICE_LIST_$branch_dir" - devices=${!device_list_cur_branch} - if [ -n "$branch" ] && [ -n "$devices" ]; then + if [ -n "$branch" ] ; then mkdir -p "$SRC_DIR/$branch_dir" cd "$SRC_DIR/$branch_dir" echo ">> [$(date)] Branch: $branch" - echo ">> [$(date)] Devices: $devices" + echo ">> [$(date)] Module: $MODULE_NAME (under $MODULE_PATH)" # Remove previous changes of vendor/cm, vendor/lineage and frameworks/base (if they exist) for path in "vendor/cm" "vendor/lineage" "frameworks/base"; do @@ -94,39 +47,12 @@ for branch in ${BRANCH_NAME//,/ }; do fi done - echo ">> [$(date)] (Re)initializing branch repository" | tee -a "$repo_log" - if [ "$LOCAL_MIRROR" = true ]; then - yes | repo init -u "$REPO" --reference "$MIRROR_DIR" -b "$branch" &>> "$repo_log" - else - yes | repo init -u "$REPO" -b "$branch" &>> "$repo_log" - fi - - # Copy local manifests to the appropriate folder in order take them into consideration - echo ">> [$(date)] Copying '$LMANIFEST_DIR/*.xml' to '.repo/local_manifests/'" - mkdir -p .repo/local_manifests - rsync -a --delete --include '*.xml' --exclude '*' "$LMANIFEST_DIR/" .repo/local_manifests/ - - rm -f .repo/local_manifests/proprietary.xml - if [ "$INCLUDE_PROPRIETARY" = true ]; then - if [[ $branch =~ nougat$ ]]; then - themuppets_branch=cm-14.1 - echo ">> [$(date)] Use branch $themuppets_branch on github.com/TheMuppets" - elif [[ $branch =~ oreo$ ]]; then - themuppets_branch=lineage-15.1 - echo ">> [$(date)] Use branch $themuppets_branch on github.com/TheMuppets" - elif [[ $branch =~ pie$ ]]; then - themuppets_branch=lineage-16.0 - echo ">> [$(date)] Use branch $themuppets_branch on github.com/TheMuppets" - else - themuppets_branch=cm-14.1 - echo ">> [$(date)] Can't find a matching branch on github.com/TheMuppets, using $themuppets_branch" - fi - wget -q -O .repo/local_manifests/proprietary.xml "https://raw.githubusercontent.com/TheMuppets/manifests/$themuppets_branch/muppets.xml" - fi + echo ">> [$(date)] (Re)initializing branch repository" + yes | repo init -u "$REPO" -b "$branch" - echo ">> [$(date)] Syncing branch repository" | tee -a "$repo_log" + echo ">> [$(date)] Syncing branch repository" builddate=$(date +%Y%m%d) - repo sync -c --force-sync &>> "$repo_log" + repo sync -c -d --force-sync if [ $? != 0 ]; then sync_successful=false @@ -145,93 +71,28 @@ for branch in ${BRANCH_NAME//,/ }; do fi android_version_major=$(cut -d '.' -f 1 <<< $android_version) - if [ "$android_version_major" -ge "8" ]; then - vendor="lineage" - else - vendor="cm" - fi - - if [ ! -d "vendor/$vendor" ]; then - echo ">> [$(date)] Missing \"vendor/$vendor\", aborting" - exit 1 - fi - - # Set up our overlay - mkdir -p "vendor/$vendor/overlay/microg/" - sed -i "1s;^;PRODUCT_PACKAGE_OVERLAYS := vendor/$vendor/overlay/microg\n;" "vendor/$vendor/config/common.mk" - - los_ver_major=$(sed -n -e 's/^\s*PRODUCT_VERSION_MAJOR = //p' "vendor/$vendor/config/common.mk") - los_ver_minor=$(sed -n -e 's/^\s*PRODUCT_VERSION_MINOR = //p' "vendor/$vendor/config/common.mk") - los_ver="$los_ver_major.$los_ver_minor" - - # If needed, apply the microG's signature spoofing patch - if [ "$SIGNATURE_SPOOFING" = "yes" ] || [ "$SIGNATURE_SPOOFING" = "restricted" ]; then - # Determine which patch should be applied to the current Android source tree - patch_name="" - case $android_version in - 4.4* ) patch_name="android_frameworks_base-KK-LP.patch" ;; - 5.* ) patch_name="android_frameworks_base-KK-LP.patch" ;; - 6.* ) patch_name="android_frameworks_base-M.patch" ;; - 7.* ) patch_name="android_frameworks_base-N.patch" ;; - 8.* ) patch_name="android_frameworks_base-O.patch" ;; - 9* ) patch_name="android_frameworks_base-P.patch" ;; #not sure why 9 not 9.0 but here's a fix that will work until android 90 - esac - - if ! [ -z $patch_name ]; then - cd frameworks/base - if [ "$SIGNATURE_SPOOFING" = "yes" ]; then - echo ">> [$(date)] Applying the standard signature spoofing patch ($patch_name) to frameworks/base" - echo ">> [$(date)] WARNING: the standard signature spoofing patch introduces a security threat" - patch --quiet -p1 -i "/root/signature_spoofing_patches/$patch_name" - else - echo ">> [$(date)] Applying the restricted signature spoofing patch (based on $patch_name) to frameworks/base" - sed 's/android:protectionLevel="dangerous"/android:protectionLevel="signature|privileged"/' "/root/signature_spoofing_patches/$patch_name" | patch --quiet -p1 - fi - git clean -q -f - cd ../.. - - # Override device-specific settings for the location providers - mkdir -p "vendor/$vendor/overlay/microg/frameworks/base/core/res/res/values/" - cp /root/signature_spoofing_patches/frameworks_base_config.xml "vendor/$vendor/overlay/microg/frameworks/base/core/res/res/values/config.xml" - else - echo ">> [$(date)] ERROR: can't find a suitable signature spoofing patch for the current Android version ($android_version)" - exit 1 - fi - fi - - echo ">> [$(date)] Setting \"$RELEASE_TYPE\" as release type" - sed -i "/\$(filter .*\$(${vendor^^}_BUILDTYPE)/,+2d" "vendor/$vendor/config/common.mk" - - # Set a custom updater URI if a OTA URL is provided - echo ">> [$(date)] Adding OTA URL overlay (for custom URL $OTA_URL)" - if ! [ -z "$OTA_URL" ]; then - updater_url_overlay_dir="vendor/$vendor/overlay/microg/packages/apps/Updater/res/values/" - mkdir -p "$updater_url_overlay_dir" - - if [ -n "$(grep updater_server_url packages/apps/Updater/res/values/strings.xml)" ]; then - # "New" updater configuration: full URL (with placeholders {device}, {type} and {incr}) - sed "s|{name}|updater_server_url|g; s|{url}|$OTA_URL/v1/{device}/{type}/{incr}|g" /root/packages_updater_strings.xml > "$updater_url_overlay_dir/strings.xml" - elif [ -n "$(grep conf_update_server_url_def packages/apps/Updater/res/values/strings.xml)" ]; then - # "Old" updater configuration: just the URL - sed "s|{name}|conf_update_server_url_def|g; s|{url}|$OTA_URL|g" /root/packages_updater_strings.xml > "$updater_url_overlay_dir/strings.xml" - else - echo ">> [$(date)] ERROR: no known Updater URL property found" - exit 1 - fi - fi - - # Add custom packages to be installed - if ! [ -z "$CUSTOM_PACKAGES" ]; then - echo ">> [$(date)] Adding custom packages ($CUSTOM_PACKAGES)" - sed -i "1s;^;PRODUCT_PACKAGES += $CUSTOM_PACKAGES\n\n;" "vendor/$vendor/config/common.mk" - fi - - if [ "$SIGN_BUILDS" = true ]; then - echo ">> [$(date)] Adding keys path ($KEYS_DIR)" - # Soong (Android 9+) complains if the signing keys are outside the build path - ln -sf "$KEYS_DIR" user-keys - sed -i "1s;^;PRODUCT_DEFAULT_DEV_CERTIFICATE := user-keys/releasekey\nPRODUCT_OTA_PUBLIC_KEYS := user-keys/releasekey\nPRODUCT_EXTRA_RECOVERY_KEYS := user-keys/releasekey\n\n;" "vendor/$vendor/config/common.mk" - fi + # if [ "$android_version_major" -ge "8" ]; then + # vendor="lineage" + # else + # vendor="cm" + # fi + # + # if [ ! -d "vendor/$vendor" ]; then + # echo ">> [$(date)] Missing \"vendor/$vendor\", aborting" + # exit 1 + # fi + # + # # Set up our overlay + # mkdir -p "vendor/$vendor/overlay/microg/" + # sed -i "1s;^;PRODUCT_PACKAGE_OVERLAYS := vendor/$vendor/overlay/microg\n;" "vendor/$vendor/config/common.mk" + + + # if [ "$SIGN_BUILDS" = true ]; then + # echo ">> [$(date)] Adding keys path ($KEYS_DIR)" + # # Soong (Android 9+) complains if the signing keys are outside the build path + # ln -sf "$KEYS_DIR" user-keys + # sed -i "1s;^;PRODUCT_DEFAULT_DEV_CERTIFICATE := user-keys/releasekey\nPRODUCT_OTA_PUBLIC_KEYS := user-keys/releasekey\nPRODUCT_EXTRA_RECOVERY_KEYS := user-keys/releasekey\n\n;" "vendor/$vendor/config/common.mk" + # fi if [ "$android_version_major" -ge "7" ]; then jdk_version=8 @@ -254,184 +115,52 @@ for branch in ${BRANCH_NAME//,/ }; do /root/userscripts/before.sh fi - for codename in ${devices//,/ }; do - build_device=true - if ! [ -z "$codename" ]; then - - currentdate=$(date +%Y%m%d) - if [ "$builddate" != "$currentdate" ]; then - # Sync the source code - builddate=$currentdate - - if [ "$LOCAL_MIRROR" = true ]; then - echo ">> [$(date)] Syncing mirror repository" | tee -a "$repo_log" - cd "$MIRROR_DIR" - repo sync --force-sync --no-clone-bundle &>> "$repo_log" - - if [ $? != 0 ]; then - sync_successful=false - build_device=false - fi - fi - - echo ">> [$(date)] Syncing branch repository" | tee -a "$repo_log" - cd "$SRC_DIR/$branch_dir" - repo sync -c --force-sync &>> "$repo_log" - - if [ $? != 0 ]; then - sync_successful=false - build_device=false - fi - fi - - if [ "$BUILD_OVERLAY" = true ]; then - mkdir -p "$TMP_DIR/device" "$TMP_DIR/workdir" "$TMP_DIR/merged" - mount -t overlay overlay -o lowerdir="$SRC_DIR/$branch_dir",upperdir="$TMP_DIR/device",workdir="$TMP_DIR/workdir" "$TMP_DIR/merged" - source_dir="$TMP_DIR/merged" - else - source_dir="$SRC_DIR/$branch_dir" - fi - cd "$source_dir" - - if [ "$ZIP_SUBDIR" = true ]; then - zipsubdir=$codename - mkdir -p "$ZIP_DIR/$zipsubdir" - else - zipsubdir= - fi - if [ "$LOGS_SUBDIR" = true ]; then - logsubdir=$codename - mkdir -p "$LOGS_DIR/$logsubdir" - else - logsubdir= - fi - - DEBUG_LOG="$LOGS_DIR/$logsubdir/eelo-$los_ver-$builddate-$RELEASE_TYPE-$codename.log" - - if [ -f /root/userscripts/pre-build.sh ]; then - echo ">> [$(date)] Running pre-build.sh for $codename" >> "$DEBUG_LOG" - /root/userscripts/pre-build.sh $codename &>> "$DEBUG_LOG" - - if [ $? != 0 ]; then - build_device=false - fi - fi - - if [ "$build_device" = false ]; then - echo ">> [$(date)] No build for $codename" >> "$DEBUG_LOG" - continue - fi - - # Start the build - echo ">> [$(date)] Starting build for $codename, $branch branch" | tee -a "$DEBUG_LOG" - build_successful=false - echo "ANDROID_JACK_VM_ARGS=${ANDROID_JACK_VM_ARGS}" - if brunch $codename &>> "$DEBUG_LOG"; then - currentdate=$(date +%Y%m%d) - if [ "$builddate" != "$currentdate" ]; then - find out/target/product/$codename -maxdepth 1 -name "e-*-$currentdate-*.zip*" -type f -exec sh /root/fix_build_date.sh {} $currentdate $builddate \; &>> "$DEBUG_LOG" - fi + source_dir="$SRC_DIR/$branch_dir" + cd "$source_dir" - if [ "$BUILD_DELTA" = true ]; then - if [ -d "delta_last/$codename/" ]; then - # If not the first build, create delta files - echo ">> [$(date)] Generating delta files for $codename" | tee -a "$DEBUG_LOG" - cd /root/delta - if ./opendelta.sh $codename &>> "$DEBUG_LOG"; then - echo ">> [$(date)] Delta generation for $codename completed" | tee -a "$DEBUG_LOG" - else - echo ">> [$(date)] Delta generation for $codename failed" | tee -a "$DEBUG_LOG" - fi - if [ "$DELETE_OLD_DELTAS" -gt "0" ]; then - /usr/bin/python /root/clean_up.py -n $DELETE_OLD_DELTAS -V $los_ver -N 1 "$DELTA_DIR/$codename" &>> $DEBUG_LOG - fi - cd "$source_dir" - else - # If the first build, copy the current full zip in $source_dir/delta_last/$codename/ - echo ">> [$(date)] No previous build for $codename; using current build as base for the next delta" | tee -a "$DEBUG_LOG" - mkdir -p delta_last/$codename/ &>> "$DEBUG_LOG" - find out/target/product/$codename -maxdepth 1 -name 'e-*.zip' -type f -exec cp {} "$source_dir/delta_last/$codename/" \; &>> "$DEBUG_LOG" - fi - fi - # Move produced ZIP files to the main OUT directory - echo ">> [$(date)] Moving build artifacts for $codename to '$ZIP_DIR/$zipsubdir'" | tee -a "$DEBUG_LOG" - cd out/target/product/$codename - for build in e-*.zip; do - sha256sum "$build" > "$ZIP_DIR/$zipsubdir/$build.sha256sum" - done - find . -maxdepth 1 -name 'e-*.zip*' -type f -exec mv {} "$ZIP_DIR/$zipsubdir/" \; &>> "$DEBUG_LOG" - cd "$source_dir" - build_successful=true - else - echo ">> [$(date)] Failed build for $codename" | tee -a "$DEBUG_LOG" - fi - - # Remove old zips and logs - if [ "$DELETE_OLD_ZIPS" -gt "0" ]; then - if [ "$ZIP_SUBDIR" = true ]; then - /usr/bin/python /root/clean_up.py -n $DELETE_OLD_ZIPS -V $los_ver -N 1 "$ZIP_DIR/$zipsubdir" - else - /usr/bin/python /root/clean_up.py -n $DELETE_OLD_ZIPS -V $los_ver -N 1 -c $codename "$ZIP_DIR" - fi - fi - if [ "$DELETE_OLD_LOGS" -gt "0" ]; then - if [ "$LOGS_SUBDIR" = true ]; then - /usr/bin/python /root/clean_up.py -n $DELETE_OLD_LOGS -V $los_ver -N 1 "$LOGS_DIR/$logsubdir" - else - /usr/bin/python /root/clean_up.py -n $DELETE_OLD_LOGS -V $los_ver -N 1 -c $codename "$LOGS_DIR" - fi - fi - if [ -f /root/userscripts/post-build.sh ]; then - echo ">> [$(date)] Running post-build.sh for $codename" >> "$DEBUG_LOG" - /root/userscripts/post-build.sh $codename $build_successful &>> "$DEBUG_LOG" - fi - echo ">> [$(date)] Finishing build for $codename" | tee -a "$DEBUG_LOG" + if [ -f /root/userscripts/pre-build.sh ]; then + echo ">> [$(date)] Running pre-build.sh" + /root/userscripts/pre-build.sh + fi - if [ "$BUILD_OVERLAY" = true ]; then - # The Jack server must be stopped manually, as we want to unmount $TMP_DIR/merged - cd "$TMP_DIR" - if [ -f "$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin" ]; then - "$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin kill-server" &> /dev/null || true - fi - lsof | grep "$TMP_DIR/merged" | awk '{ print $2 }' | sort -u | xargs -r kill &> /dev/null + # Start the build + echo ">> [$(date)] Starting build for $MODULE_NAME, $branch branch" + echo "ANDROID_JACK_VM_ARGS=${ANDROID_JACK_VM_ARGS}" + cd $MODULE_PATH + if mma ; then + + # Move produced ZIP files to the main OUT directory + echo ">> [$(date)] Moving build artifacts for $MODULE_NAME to '$APK_DIR'" + cd "$source_dir" + if [ "${PRIV_APP}" = true ]; then + cd out/target/product/generic/system/priv-app/${MODULE_NAME}/ + else + cd out/target/product/generic/system/app/${MODULE_NAME}/ + fi + ls + mv ${MODULE_NAME}.apk $APK_DIR/ + cd "$source_dir" + else + echo ">> [$(date)] Failed build for $MODULE_NAME" + fi - while [ -n "$(lsof | grep $TMP_DIR/merged)" ]; do - sleep 1 - done - umount "$TMP_DIR/merged" - fi + if [ -f /root/userscripts/post-build.sh ]; then + echo ">> [$(date)] Running post-build.sh for $MODULE_NAME" + /root/userscripts/post-build.sh + fi + echo ">> [$(date)] Finishing build for $MODULE_NAME" - if [ "$CLEAN_AFTER_BUILD" = true ]; then - echo ">> [$(date)] Cleaning source dir for device $codename" | tee -a "$DEBUG_LOG" - if [ "$BUILD_OVERLAY" = true ]; then - cd "$TMP_DIR" - rm -rf ./* - else - cd "$source_dir" - mka clean &>> "$DEBUG_LOG" - fi - fi - fi - done + if [ "$CLEAN_AFTER_BUILD" = true ]; then + echo ">> [$(date)] Cleaning source dir" + cd "$source_dir" + mka clean + fi fi done -# Create the OpenDelta's builds JSON file -if ! [ -z "$OPENDELTA_BUILDS_JSON" ]; then - echo ">> [$(date)] Creating OpenDelta's builds JSON file (ZIP_DIR/$OPENDELTA_BUILDS_JSON)" - if [ "$ZIP_SUBDIR" != true ]; then - echo ">> [$(date)] WARNING: OpenDelta requires zip builds separated per device! You should set ZIP_SUBDIR to true" - fi - /usr/bin/python /root/opendelta_builds_json.py "$ZIP_DIR" -o "$ZIP_DIR/$OPENDELTA_BUILDS_JSON" -fi - -if [ "$DELETE_OLD_LOGS" -gt "0" ]; then - find "$LOGS_DIR" -maxdepth 1 -name repo-*.log | sort | head -n -$DELETE_OLD_LOGS | xargs -r rm -fi - if [ -f /root/userscripts/end.sh ]; then echo ">> [$(date)] Running end.sh" /root/userscripts/end.sh diff --git a/src/fix_date.sh b/src/fix_date.sh deleted file mode 100755 index 405c73f56aa3f69ed5265f8f3e7af9788d6c8f4c..0000000000000000000000000000000000000000 --- a/src/fix_date.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -mv "$1" $(echo "$1" | sed "s|$2|$3|") diff --git a/src/init.sh b/src/init.sh index 9cfdbaea2318c7e1d2466cc209f3fb517708dc5d..7f9a66f41509bf14a48ebc5a2079828fa911fa6c 100755 --- a/src/init.sh +++ b/src/init.sh @@ -32,31 +32,6 @@ fi git config --global user.name $USER_NAME git config --global user.email $USER_MAIL -if [ "$SIGN_BUILDS" = true ]; then - if [ -z "$(ls -A "$KEYS_DIR")" ]; then - echo ">> [$(date)] SIGN_BUILDS = true but empty \$KEYS_DIR, generating new keys" - for c in releasekey platform shared media; do - echo ">> [$(date)] Generating $c..." - /root/make_key "$KEYS_DIR/$c" "$KEYS_SUBJECT" <<< '' &> /dev/null - done - else - for c in releasekey platform shared media; do - for e in pk8 x509.pem; do - if [ ! -f "$KEYS_DIR/$c.$e" ]; then - echo ">> [$(date)] SIGN_BUILDS = true and not empty \$KEYS_DIR, but \"\$KEYS_DIR/$c.$e\" is missing" - exit 1 - fi - done - done - fi - - for c in cyngn{-priv,}-app testkey; do - for e in pk8 x509.pem; do - ln -s releasekey.$e "$KEYS_DIR/$c.$e" 2> /dev/null - done - done -fi - # Define memory to use for jack (depending of runner tag) if [[ -n ${CI_RUNNER_TAGS} ]] then @@ -69,17 +44,4 @@ then fi fi -if [ "$CRONTAB_TIME" = "now" ]; then - /root/build.sh -else - # Initialize the cronjob - cronFile=/tmp/buildcron - printf "SHELL=/bin/bash\n" > $cronFile - printenv -0 | sed -e 's/=\x0/=""\n/g' | sed -e 's/\x0/\n/g' | sed -e "s/_=/PRINTENV=/g" >> $cronFile - printf "\n$CRONTAB_TIME /usr/bin/flock -n /var/lock/build.lock /root/build.sh >> /var/log/docker.log 2>&1\n" >> $cronFile - crontab $cronFile - rm $cronFile - - # Run crond in foreground - cron -f 2>&1 -fi +/root/build.sh diff --git a/src/make_key b/src/make_key deleted file mode 100755 index a6cf49c0dd8f7ba513eab4203f39805547a0eddb..0000000000000000000000000000000000000000 --- a/src/make_key +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash -# -# Copyright (C) 2009 The Android Open Source Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Generates a public/private key pair suitable for use in signing -# android .apks and OTA update packages. - -if [ "$#" -lt 2 -o "$#" -gt 3 ]; then - cat < [] - -Creates .pk8 key and .x509.pem cert. Cert contains the -given . A keytype of "rsa" or "ec" is accepted. -EOF - exit 2 -fi - -if [[ -e $1.pk8 || -e $1.x509.pem ]]; then - echo "$1.pk8 and/or $1.x509.pem already exist; please delete them first" - echo "if you want to replace them." - exit 1 -fi - -# Use named pipes to connect get the raw RSA private key to the cert- -# and .pk8-creating programs, to avoid having the private key ever -# touch the disk. - -tmpdir=$(mktemp -d) -trap 'rm -rf ${tmpdir}; echo; exit 1' EXIT INT QUIT - -one=${tmpdir}/one -two=${tmpdir}/two -mknod ${one} p -mknod ${two} p -chmod 0600 ${one} ${two} - -read -p "Enter password for '$1' (blank for none; password will be visible): " \ - password - -if [ "${3}" = "rsa" -o "$#" -eq 2 ]; then - ( openssl genrsa -f4 2048 | tee ${one} > ${two} ) & - hash="-sha256" -elif [ "${3}" = "ec" ]; then - ( openssl ecparam -name prime256v1 -genkey -noout | tee ${one} > ${two} ) & - hash="-sha256" -else - echo "Only accepts RSA or EC keytypes." - exit 1 -fi - -openssl req -new -x509 ${hash} -key ${two} -out $1.x509.pem \ - -days 10000 -subj "$2" & - -if [ "${password}" == "" ]; then - echo "creating ${1}.pk8 with no password" - openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 -nocrypt -else - echo "creating ${1}.pk8 with password [${password}]" - export password - openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 \ - -passout env:password - unset password -fi - -wait -wait diff --git a/src/opendelta_builds_json.py b/src/opendelta_builds_json.py deleted file mode 100755 index 9ae338ea963853d7316a92d9c75e447debe95076..0000000000000000000000000000000000000000 --- a/src/opendelta_builds_json.py +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/env python - -# Copyright (C) 2017 Nicola Corna -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -from sys import argv -from argparse import ArgumentParser -import os -import json - -if __name__ == "__main__": - parser = ArgumentParser(description='Generate an OpenDelta\'s builds.json ' - 'file') - parser.add_argument('path', metavar='PATH', type=str, help='the directory ' - 'containing the zips') - parser.add_argument('-o', "--output", type=str, help='output file; ' - 'if unspecified, print to stdout') - args = parser.parse_args() - - data = {} - builddirs = ['./' + s for s in os.listdir(args.path)] - for builddir in builddirs: - try: - builds = os.listdir(os.path.join(args.path, builddir)) - data[builddir] = [dict() for x in range(len(builds))] - for i in range(0, len(builds)): - data[builddir][i]["filename"] = builds[i] - data[builddir][i]["timestamp"] = int(os.path.getmtime( - os.path.join(args.path, builddir, builds[i]))) - except OSError: - pass - - if args.output: - with open(args.output, "w") as f: - f.write(json.dumps(data, separators=(',',':'))) - else: - print(json.dumps(data, separators=(',',':'))) diff --git a/src/signature_spoofing_patches/android_frameworks_base-KK-LP.patch b/src/signature_spoofing_patches/android_frameworks_base-KK-LP.patch deleted file mode 100644 index 5571a587565685ae54b62aa07cf538ea9a826cf9..0000000000000000000000000000000000000000 --- a/src/signature_spoofing_patches/android_frameworks_base-KK-LP.patch +++ /dev/null @@ -1,66 +0,0 @@ -diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java -index e6da288..66684d3 100644 ---- a/core/java/android/content/pm/PackageParser.java -+++ b/core/java/android/content/pm/PackageParser.java -@@ -447,10 +447,23 @@ public class PackageParser { - } - } - if ((flags&PackageManager.GET_SIGNATURES) != 0) { -- int N = (p.mSignatures != null) ? p.mSignatures.length : 0; -- if (N > 0) { -- pi.signatures = new Signature[N]; -- System.arraycopy(p.mSignatures, 0, pi.signatures, 0, N); -+ boolean handledFakeSignature = false; -+ try { -+ if (p.requestedPermissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") && p.mAppMetaData != null -+ && p.mAppMetaData.get("fake-signature") instanceof String) { -+ pi.signatures = new Signature[] {new Signature(p.mAppMetaData.getString("fake-signature"))}; -+ handledFakeSignature = true; -+ } -+ } catch (Throwable t) { -+ // We should never die because of any failures, this is system code! -+ Log.w("PackageParser.FAKE_PACKAGE_SIGNATURE", t); -+ } -+ if (!handledFakeSignature) { -+ int N = (p.mSignatures != null) ? p.mSignatures.length : 0; -+ if (N > 0) { -+ pi.signatures = new Signature[N]; -+ System.arraycopy(p.mSignatures, 0, pi.signatures, 0, N); -+ } - } - } - return pi; -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index 558a475..4e7aa65 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -1562,6 +1562,13 @@ - android:label="@string/permlab_getPackageSize" - android:description="@string/permdesc_getPackageSize" /> - -+ -+ -+ - -diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml -index 790e166..8e66470 100644 ---- a/core/res/res/values/strings.xml -+++ b/core/res/res/values/strings.xml -@@ -1135,6 +1135,11 @@ - Allows the app to retrieve its code, data, and cache sizes - - -+ mimic package signature -+ -+ Allows the app to use mimic another app\'s package signature. -+ -+ - directly install apps - - Allows the app to install new or updated diff --git a/src/signature_spoofing_patches/android_frameworks_base-M.patch b/src/signature_spoofing_patches/android_frameworks_base-M.patch deleted file mode 100644 index 72d68e7ebfc5490fa41f88cb10f591e5824512c4..0000000000000000000000000000000000000000 --- a/src/signature_spoofing_patches/android_frameworks_base-M.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 7357f8c0c8a6bdc09555ab47dae83f28346b8470 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Beno=C3=AEt=20Mauduit?= -Date: Wed, 22 Jun 2016 15:04:56 +0200 -Subject: [PATCH 1/1] Add signature Spoofing permission -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is needed by GmsCore (https://microg.org/) to pretend -the existence of the official Play Services to applications calling -Google APIs. - -Signed-off-by: Benoît Mauduit ---- - core/res/AndroidManifest.xml | 7 +++++++ - core/res/res/values/config.xml | 2 ++ - core/res/res/values/strings.xml | 5 +++++ - .../android/server/pm/PackageManagerService.java | 23 ++++++++++++++++++++-- - 4 files changed, 35 insertions(+), 2 deletions(-) - -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index ea0e39c..a936983 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -1654,6 +1654,13 @@ - android:description="@string/permdesc_getPackageSize" - android:protectionLevel="normal" /> - -+ -+ -+ - -diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml -index c7846cf..916d8a5 100644 ---- a/core/res/res/values/config.xml -+++ b/core/res/res/values/config.xml -@@ -1298,6 +1298,8 @@ - - - com.android.location.fused -+ -+ com.google.android.gms - - - -diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml -index 58135db..e65367a 100644 ---- a/core/res/res/values/strings.xml -+++ b/core/res/res/values/strings.xml -@@ -616,6 +616,11 @@ - - - -+ Spoof package signature -+ -+ Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Grant this permission with caution only! -+ -+ - disable or modify status bar - - Allows the app to disable the status bar or add and remove system icons. -diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java -index 0493180..35f49d7 100644 ---- a/services/core/java/com/android/server/pm/PackageManagerService.java -+++ b/services/core/java/com/android/server/pm/PackageManagerService.java -@@ -2816,8 +2816,27 @@ public class PackageManagerService extends IPackageManager.Stub { - final Set permissions = permissionsState.getPermissions(userId); - final PackageUserState state = ps.readUserState(userId); - -- return PackageParser.generatePackageInfo(p, gids, flags, -- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); -+ return mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags, -+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId), -+ permissions); -+ } -+ -+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi, -+ Set permissions) { -+ try { -+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") -+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1 -+ && p.mAppMetaData != null) { -+ String sig = p.mAppMetaData.getString("fake-signature"); -+ if (sig != null) { -+ pi.signatures = new Signature[] {new Signature(sig)}; -+ } -+ } -+ } catch (Throwable t) { -+ // We should never die because of any failures, this is system code! -+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); -+ } -+ return pi; - } - - @Override --- -2.8.1 - diff --git a/src/signature_spoofing_patches/android_frameworks_base-N.patch b/src/signature_spoofing_patches/android_frameworks_base-N.patch deleted file mode 100644 index 6e6125c663ebd4027808ddb3e7ed6a5b67400452..0000000000000000000000000000000000000000 --- a/src/signature_spoofing_patches/android_frameworks_base-N.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 7357f8c0c8a6bdc09555ab47dae83f28346b8470 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Beno=C3=AEt=20Mauduit?= -Date: Wed, 22 Jun 2016 15:04:56 +0200 -Subject: [PATCH 1/1] Add signature Spoofing permission -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is needed by GmsCore (https://microg.org/) to pretend -the existence of the official Play Services to applications calling -Google APIs. - -Signed-off-by: Benoît Mauduit ---- - core/res/AndroidManifest.xml | 7 +++++++ - core/res/res/values/config.xml | 2 ++ - core/res/res/values/strings.xml | 5 +++++ - .../android/server/pm/PackageManagerService.java | 23 ++++++++++++++++++++-- - 4 files changed, 35 insertions(+), 2 deletions(-) - -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index ea0e39c..a936983 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -1654,6 +1654,13 @@ - android:description="@string/permdesc_getPackageSize" - android:protectionLevel="normal" /> - -+ -+ -+ - -diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml -index c7846cf..916d8a5 100644 ---- a/core/res/res/values/config.xml -+++ b/core/res/res/values/config.xml -@@ -1298,6 +1298,8 @@ - - - com.android.location.fused -+ -+ com.google.android.gms - - - -diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml -index 58135db..e65367a 100644 ---- a/core/res/res/values/strings.xml -+++ b/core/res/res/values/strings.xml -@@ -616,6 +616,11 @@ - - - -+ Spoof package signature -+ -+ Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Grant this permission with caution only! -+ -+ - disable or modify status bar - - Allows the app to disable the status bar or add and remove system icons. -diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java -index 0493180..35f49d7 100644 ---- a/services/core/java/com/android/server/pm/PackageManagerService.java -+++ b/services/core/java/com/android/server/pm/PackageManagerService.java -@@ -3067,8 +3067,27 @@ public class PackageManagerService extends IPackageManager.Stub { - ? Collections.emptySet() : permissionsState.getPermissions(userId); - final PackageUserState state = ps.readUserState(userId); - -- return PackageParser.generatePackageInfo(p, gids, flags, -- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); -+ return mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags, -+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId), -+ permissions); -+ } -+ -+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi, -+ Set permissions) { -+ try { -+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") -+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1 -+ && p.mAppMetaData != null) { -+ String sig = p.mAppMetaData.getString("fake-signature"); -+ if (sig != null) { -+ pi.signatures = new Signature[] {new Signature(sig)}; -+ } -+ } -+ } catch (Throwable t) { -+ // We should never die because of any failures, this is system code! -+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); -+ } -+ return pi; - } - - @Override --- -2.8.1 - diff --git a/src/signature_spoofing_patches/android_frameworks_base-O.patch b/src/signature_spoofing_patches/android_frameworks_base-O.patch deleted file mode 100644 index cc1d338581ff6dc666007982937a7b4952b54835..0000000000000000000000000000000000000000 --- a/src/signature_spoofing_patches/android_frameworks_base-O.patch +++ /dev/null @@ -1,102 +0,0 @@ -commit 4e9d677b35b9656c22c922c9abca4107ab95c9b4 -Author: Bernhard Rosenkränzer -Date: Tue Aug 29 00:34:27 2017 +0200 - - Add permission to allow an APK to fake a signature. - - This is needed by GmsCore (https://microg.org/) to pretend - the existence of the official Play Services to applications calling - Google APIs. - - Forward-ported from https://github.com/microg/android_packages_apps_GmsCore/blob/master/patches/android_frameworks_base-N.patch - - Change-Id: I603fd09200432f7e1bf997072188cdfa6da1594f - Signed-off-by: Bernhard Rosenkränzer - -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index 794d4f8b78b..b3189077256 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -2075,6 +2075,13 @@ - android:description="@string/permdesc_getPackageSize" - android:protectionLevel="normal" /> - -+ -+ -+ - -diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml -index 3613acf44aa..d1636c862c5 100644 ---- a/core/res/res/values/config.xml -+++ b/core/res/res/values/config.xml -@@ -1385,6 +1385,8 @@ - - - com.android.location.fused -+ -+ com.google.android.gms - - - -diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml -index 3eebe7eb68d..7405386cd49 100644 ---- a/core/res/res/values/strings.xml -+++ b/core/res/res/values/strings.xml -@@ -764,6 +764,10 @@ - - - -+ -+ Spoof package signature -+ -+ Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only! - - disable or modify status bar - -diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java -index f36b762c5e9..048a057d39c 100644 ---- a/services/core/java/com/android/server/pm/PackageManagerService.java -+++ b/services/core/java/com/android/server/pm/PackageManagerService.java -@@ -3571,8 +3571,9 @@ public class PackageManagerService extends IPackageManager.Stub - flags |= MATCH_ANY_USER; - } - -- PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags, -- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); -+ PackageInfo packageInfo = mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags, -+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId), -+ permissions); - - if (packageInfo == null) { - return null; -@@ -3584,6 +3585,24 @@ public class PackageManagerService extends IPackageManager.Stub - return packageInfo; - } - -+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi, -+ Set permissions) { -+ try { -+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") -+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1 -+ && p.mAppMetaData != null) { -+ String sig = p.mAppMetaData.getString("fake-signature"); -+ if (sig != null) { -+ pi.signatures = new Signature[] {new Signature(sig)}; -+ } -+ } -+ } catch (Throwable t) { -+ // We should never die because of any failures, this is system code! -+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); -+ } -+ return pi; -+ } -+ - @Override - public void checkPackageStartable(String packageName, int userId) { - final int callingUid = Binder.getCallingUid(); diff --git a/src/signature_spoofing_patches/android_frameworks_base-P.patch b/src/signature_spoofing_patches/android_frameworks_base-P.patch deleted file mode 100644 index ad0fdf2d9f0928e0b2fa89b0c9221fbf8ec064f3..0000000000000000000000000000000000000000 --- a/src/signature_spoofing_patches/android_frameworks_base-P.patch +++ /dev/null @@ -1,88 +0,0 @@ -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index 66c497e9977..c1b2e703109 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -2341,6 +2341,13 @@ - android:description="@string/permdesc_getPackageSize" - android:protectionLevel="normal" /> - -+ -+ -+ - -diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml -index 0b5dd7e70e8..bbdba64f2ba 100644 ---- a/core/res/res/values/config.xml -+++ b/core/res/res/values/config.xml -@@ -1650,6 +1650,8 @@ - - - com.android.location.fused -+ -+ com.google.android.gms - - - -diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml -index 3c5159c89bf..7583f1c567f 100644 ---- a/core/res/res/values/strings.xml -+++ b/core/res/res/values/strings.xml -@@ -786,6 +786,11 @@ - - - -+ Spoof package signature -+ -+ Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only! -+ -+ - disable or modify status bar - - Allows the app to disable the status bar or add and remove system icons. -diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java -index 9ed2b9c1854..4c5ce24cfa7 100644 ---- a/services/core/java/com/android/server/pm/PackageManagerService.java -+++ b/services/core/java/com/android/server/pm/PackageManagerService.java -@@ -3937,8 +3937,9 @@ public class PackageManagerService extends IPackageManager.Stub - final Set permissions = ArrayUtils.isEmpty(p.requestedPermissions) - ? Collections.emptySet() : permissionsState.getPermissions(userId); - -- PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags, -- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); -+ PackageInfo packageInfo = mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags, -+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId), -+ permissions); - - if (packageInfo == null) { - return null; -@@ -3974,6 +3975,24 @@ public class PackageManagerService extends IPackageManager.Stub - } - } - -+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi, -+ Set permissions) { -+ try { -+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") -+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1 -+ && p.mAppMetaData != null) { -+ String sig = p.mAppMetaData.getString("fake-signature"); -+ if (sig != null) { -+ pi.signatures = new Signature[] {new Signature(sig)}; -+ } -+ } -+ } catch (Throwable t) { -+ // We should never die because of any failures, this is system code! -+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); -+ } -+ return pi; -+ } -+ - @Override - public void checkPackageStartable(String packageName, int userId) { - final int callingUid = Binder.getCallingUid(); diff --git a/src/signature_spoofing_patches/frameworks_base_config.xml b/src/signature_spoofing_patches/frameworks_base_config.xml deleted file mode 100644 index 59252771c7f23dbc651e5244fa7a42a41c82797b..0000000000000000000000000000000000000000 --- a/src/signature_spoofing_patches/frameworks_base_config.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - - true - true - -