From 372fce8edd4b00d657d0298dcf0d853008be505e Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Fri, 18 Oct 2019 12:03:29 +0200 Subject: [PATCH 1/6] Build Android module --- Dockerfile | 15 ++++++++++++--- src/build.sh | 31 ++++++++++++------------------- 2 files changed, 24 insertions(+), 22 deletions(-) diff --git a/Dockerfile b/Dockerfile index b50ef6c..43fdc12 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ ENV MIRROR_DIR /srv/mirror ENV SRC_DIR /srv/src ENV TMP_DIR /srv/tmp ENV CCACHE_DIR /srv/ccache -ENV ZIP_DIR /srv/zips +ENV APK_DIR /srv/apk ENV LMANIFEST_DIR /srv/local_manifests ENV DELTA_DIR /srv/delta ENV KEYS_DIR /srv/keys @@ -97,6 +97,15 @@ ENV ZIP_SUBDIR true # Write the verbose logs to $LOGS_DIR/$codename instead of $LOGS_DIR/ ENV LOGS_SUBDIR true +# Path to the source code of the module to build +ENV MODULE_PATH packages/apps/Settings + +# Module name (defined in the makefile) +ENV MODULE_NAME Settings + +# When the app is defined as a priv app +ENV PRIV_APP true + # Apply the MicroG's signature spoofing patch # Valid values are "no", "yes" (for the original MicroG's patch) and # "restricted" (to grant the permission only to the system privileged apps). @@ -141,7 +150,7 @@ VOLUME $MIRROR_DIR VOLUME $SRC_DIR VOLUME $TMP_DIR VOLUME $CCACHE_DIR -VOLUME $ZIP_DIR +VOLUME $APK_DIR VOLUME $LMANIFEST_DIR VOLUME $DELTA_DIR VOLUME $KEYS_DIR @@ -159,7 +168,7 @@ RUN mkdir -p $MIRROR_DIR RUN mkdir -p $SRC_DIR RUN mkdir -p $TMP_DIR RUN mkdir -p $CCACHE_DIR -RUN mkdir -p $ZIP_DIR +RUN mkdir -p $APK_DIR RUN mkdir -p $LMANIFEST_DIR RUN mkdir -p $DELTA_DIR RUN mkdir -p $KEYS_DIR diff --git a/src/build.sh b/src/build.sh index f3fdeaa..cd63319 100755 --- a/src/build.sh +++ b/src/build.sh @@ -29,8 +29,8 @@ fi # If requested, clean the OUT dir in order to avoid clutter if [ "$CLEAN_OUTDIR" = true ]; then - echo ">> [$(date)] Cleaning '$ZIP_DIR'" - rm -rf "$ZIP_DIR/"* + echo ">> [$(date)] Cleaning '$APK_DIR'" + rm -rf "$APK_DIR/"* fi # Treat DEVICE_LIST as DEVICE_LIST_ @@ -295,7 +295,7 @@ for branch in ${BRANCH_NAME//,/ }; do if [ "$ZIP_SUBDIR" = true ]; then zipsubdir=$codename - mkdir -p "$ZIP_DIR/$zipsubdir" + mkdir -p "$APK_DIR/$zipsubdir" else zipsubdir= fi @@ -326,7 +326,8 @@ for branch in ${BRANCH_NAME//,/ }; do echo ">> [$(date)] Starting build for $codename, $branch branch" | tee -a "$DEBUG_LOG" build_successful=false echo "ANDROID_JACK_VM_ARGS=${ANDROID_JACK_VM_ARGS}" - if brunch $codename &>> "$DEBUG_LOG"; then + cd $MODULE_PATH + if mma &>> "$DEBUG_LOG"; then currentdate=$(date +%Y%m%d) if [ "$builddate" != "$currentdate" ]; then find out/target/product/$codename -maxdepth 1 -name "e-*-$currentdate-*.zip*" -type f -exec sh /root/fix_build_date.sh {} $currentdate $builddate \; &>> "$DEBUG_LOG" @@ -354,12 +355,13 @@ for branch in ${BRANCH_NAME//,/ }; do fi fi # Move produced ZIP files to the main OUT directory - echo ">> [$(date)] Moving build artifacts for $codename to '$ZIP_DIR/$zipsubdir'" | tee -a "$DEBUG_LOG" - cd out/target/product/$codename - for build in e-*.zip; do - sha256sum "$build" > "$ZIP_DIR/$zipsubdir/$build.sha256sum" - done - find . -maxdepth 1 -name 'e-*.zip*' -type f -exec mv {} "$ZIP_DIR/$zipsubdir/" \; &>> "$DEBUG_LOG" + echo ">> [$(date)] Moving build artifacts for $codename to '$APK_DIR'" | tee -a "$DEBUG_LOG" + if [ "${PRIV_APP}" = true ]; then + cd out/target/product/system/priv-app/${MODULE_NAME}/ + else + cd out/target/product/system/app/${MODULE_NAME}/ + fi + mv ${MODULE_NAME}.apk $APK_DIR/ cd "$source_dir" build_successful=true else @@ -419,15 +421,6 @@ for branch in ${BRANCH_NAME//,/ }; do fi done -# Create the OpenDelta's builds JSON file -if ! [ -z "$OPENDELTA_BUILDS_JSON" ]; then - echo ">> [$(date)] Creating OpenDelta's builds JSON file (ZIP_DIR/$OPENDELTA_BUILDS_JSON)" - if [ "$ZIP_SUBDIR" != true ]; then - echo ">> [$(date)] WARNING: OpenDelta requires zip builds separated per device! You should set ZIP_SUBDIR to true" - fi - /usr/bin/python /root/opendelta_builds_json.py "$ZIP_DIR" -o "$ZIP_DIR/$OPENDELTA_BUILDS_JSON" -fi - if [ "$DELETE_OLD_LOGS" -gt "0" ]; then find "$LOGS_DIR" -maxdepth 1 -name repo-*.log | sort | head -n -$DELETE_OLD_LOGS | xargs -r rm fi -- GitLab From 0ba553e4eb1d1979a57aae75865e8554ba7174c2 Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Fri, 18 Oct 2019 12:13:53 +0200 Subject: [PATCH 2/6] Fix docker dind issue --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 39894e9..b15d938 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,7 +9,7 @@ build_image: stage: build image: docker:git services: - - docker:dind + - docker:18-dind script: - docker pull $CONTAINER_IMAGE:$CI_COMMIT_REF_NAME || true - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.gitlab.e.foundation:5000 -- GitLab From 5cf8f96e5015327a6ab3df2e25d0111b1d7e9f89 Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Fri, 18 Oct 2019 17:19:56 +0200 Subject: [PATCH 3/6] Clean the docker-lineage-cicd to build only module --- Dockerfile | 125 ------ README.md | 2 +- src/build.sh | 378 +++--------------- src/fix_date.sh | 3 - src/init.sh | 40 -- src/make_key | 78 ---- src/opendelta_builds_json.py | 49 --- .../android_frameworks_base-KK-LP.patch | 66 --- .../android_frameworks_base-M.patch | 104 ----- .../android_frameworks_base-N.patch | 104 ----- .../android_frameworks_base-O.patch | 102 ----- .../android_frameworks_base-P.patch | 88 ---- .../frameworks_base_config.xml | 25 -- 13 files changed, 59 insertions(+), 1105 deletions(-) delete mode 100755 src/fix_date.sh delete mode 100755 src/make_key delete mode 100755 src/opendelta_builds_json.py delete mode 100644 src/signature_spoofing_patches/android_frameworks_base-KK-LP.patch delete mode 100644 src/signature_spoofing_patches/android_frameworks_base-M.patch delete mode 100644 src/signature_spoofing_patches/android_frameworks_base-N.patch delete mode 100644 src/signature_spoofing_patches/android_frameworks_base-O.patch delete mode 100644 src/signature_spoofing_patches/android_frameworks_base-P.patch delete mode 100644 src/signature_spoofing_patches/frameworks_base_config.xml diff --git a/Dockerfile b/Dockerfile index 43fdc12..9ea70b7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,15 +4,9 @@ MAINTAINER Nicola Corna # Environment variables ####################### -ENV MIRROR_DIR /srv/mirror ENV SRC_DIR /srv/src -ENV TMP_DIR /srv/tmp ENV CCACHE_DIR /srv/ccache ENV APK_DIR /srv/apk -ENV LMANIFEST_DIR /srv/local_manifests -ENV DELTA_DIR /srv/delta -ENV KEYS_DIR /srv/keys -ENV LOGS_DIR /srv/logs ENV USERSCRIPTS_DIR /srv/userscripts ENV DEBIAN_FRONTEND noninteractive @@ -34,69 +28,18 @@ ENV CCACHE_SIZE 50G # See https://github.com/LineageOS/android_vendor_cm/branches for possible options ENV BRANCH_NAME 'cm-14.1' -# Environment for the device list (separate by comma if more than one) -# eg. DEVICE_LIST=hammerhead,bullhead,angler -ENV DEVICE_LIST '' - -# Release type string -ENV RELEASE_TYPE 'UNOFFICIAL' - # Repo use for build ENV REPO 'https://github.com/LineageOS/android.git' -# Repo use for build -ENV MIRROR 'https://github.com/LineageOS/mirror' - -# OTA URL that will be used inside CMUpdater -# Use this in combination with LineageOTA to make sure your device can auto-update itself from this buildbot -ENV OTA_URL '' - # User identity ENV USER_NAME 'LineageOS Buildbot' ENV USER_MAIL 'lineageos-buildbot@docker.host' -# Include proprietary files, downloaded automatically from github.com/TheMuppets/ -# Only some branches are supported -ENV INCLUDE_PROPRIETARY true - -# Mount an overlay filesystem over the source dir to do each build on a clean source -ENV BUILD_OVERLAY false - -# Clone the full LineageOS mirror (> 200 GB) -ENV LOCAL_MIRROR false - -# If you want to preserve old ZIPs set this to 'false' -ENV CLEAN_OUTDIR false - -# Change this cron rule to what fits best for you -# Use 'now' to start the build immediately -# For example, '0 10 * * *' means 'Every day at 10:00 UTC' -ENV CRONTAB_TIME 'now' - # Clean artifacts output after each build ENV CLEAN_AFTER_BUILD true - -# Provide root capabilities builtin inside the ROM (see http://lineageos.org/Update-and-Build-Prep/) -ENV WITH_SU false - # Provide a default JACK configuration in order to avoid out-of-memory issues ENV ANDROID_JACK_VM_ARGS "-Dfile.encoding=UTF-8 -XX:+TieredCompilation -Xmx4G" -# Custom packages to be installed -ENV CUSTOM_PACKAGES '' - -# Sign the builds with the keys in $KEYS_DIR -ENV SIGN_BUILDS false - -# When SIGN_BUILDS = true but no keys have been provided, generate a new set with this subject -ENV KEYS_SUBJECT '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com' - -# Move the resulting zips to $ZIP_DIR/$codename instead of $ZIP_DIR/ -ENV ZIP_SUBDIR true - -# Write the verbose logs to $LOGS_DIR/$codename instead of $LOGS_DIR/ -ENV LOGS_SUBDIR true - # Path to the source code of the module to build ENV MODULE_PATH packages/apps/Settings @@ -106,55 +49,11 @@ ENV MODULE_NAME Settings # When the app is defined as a priv app ENV PRIV_APP true -# Apply the MicroG's signature spoofing patch -# Valid values are "no", "yes" (for the original MicroG's patch) and -# "restricted" (to grant the permission only to the system privileged apps). -# -# The original ("yes") patch allows user apps to gain the ability to spoof -# themselves as other apps, which can be a major security threat. Using the -# restricted patch and embedding the apps that requires it as system privileged -# apps is a much secure option. See the README.md ("Custom mode") for an -# example. -ENV SIGNATURE_SPOOFING "no" - -# Generate delta files -ENV BUILD_DELTA false - -# Delete old zips in $ZIP_DIR, keep only the N latest one (0 to disable) -ENV DELETE_OLD_ZIPS 0 - -# Delete old deltas in $DELTA_DIR, keep only the N latest one (0 to disable) -ENV DELETE_OLD_DELTAS 0 - -# Delete old logs in $LOGS_DIR, keep only the N latest one (0 to disable) -ENV DELETE_OLD_LOGS 0 - -# Create a JSON file that indexes the build zips at the end of the build process -# (for the updates in OpenDelta). The file will be created in $ZIP_DIR with the -# specified name; leave empty to skip it. -# Requires ZIP_SUBDIR. -ENV OPENDELTA_BUILDS_JSON '' - -# You can optionally specify a USERSCRIPTS_DIR volume containing these scripts: -# * begin.sh, run at the very beginning -# * before.sh, run after the syncing and patching, before starting the builds -# * pre-build.sh, run before the build of every device -# * post-build.sh, run after the build of every device -# * end.sh, run at the very end -# Each script will be run in $SRC_DIR and must be owned and writeable only by -# root - # Create Volume entry points ############################ -VOLUME $MIRROR_DIR VOLUME $SRC_DIR -VOLUME $TMP_DIR VOLUME $CCACHE_DIR VOLUME $APK_DIR -VOLUME $LMANIFEST_DIR -VOLUME $DELTA_DIR -VOLUME $KEYS_DIR -VOLUME $LOGS_DIR VOLUME $USERSCRIPTS_DIR VOLUME /root/.ssh @@ -164,15 +63,9 @@ COPY src/ /root/ # Create missing directories ############################ -RUN mkdir -p $MIRROR_DIR RUN mkdir -p $SRC_DIR -RUN mkdir -p $TMP_DIR RUN mkdir -p $CCACHE_DIR RUN mkdir -p $APK_DIR -RUN mkdir -p $LMANIFEST_DIR -RUN mkdir -p $DELTA_DIR -RUN mkdir -p $KEYS_DIR -RUN mkdir -p $LOGS_DIR RUN mkdir -p $USERSCRIPTS_DIR # Install build dependencies @@ -197,24 +90,6 @@ RUN apt-get install -y bc bison bsdmainutils build-essential ccache cgpt cron \ RUN curl https://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo RUN chmod a+x /usr/local/bin/repo -# Download and build delta tools -################################ -RUN cd /root/ && \ - mkdir delta && \ - git clone --depth=1 https://github.com/omnirom/android_packages_apps_OpenDelta.git OpenDelta && \ - gcc -o delta/zipadjust OpenDelta/jni/zipadjust.c OpenDelta/jni/zipadjust_run.c -lz && \ - cp OpenDelta/server/minsignapk.jar OpenDelta/server/opendelta.sh delta/ && \ - chmod +x delta/opendelta.sh && \ - rm -rf OpenDelta/ && \ - sed -i -e 's|^\s*HOME=.*|HOME=/root|; \ - s|^\s*BIN_XDELTA=.*|BIN_XDELTA=xdelta3|; \ - s|^\s*FILE_MATCH=.*|FILE_MATCH=lineage-\*.zip|; \ - s|^\s*PATH_CURRENT=.*|PATH_CURRENT=$SRC_DIR/out/target/product/$DEVICE|; \ - s|^\s*PATH_LAST=.*|PATH_LAST=$SRC_DIR/delta_last/$DEVICE|; \ - s|^\s*KEY_X509=.*|KEY_X509=$KEYS_DIR/releasekey.x509.pem|; \ - s|^\s*KEY_PK8=.*|KEY_PK8=$KEYS_DIR/releasekey.pk8|; \ - s|publish|$DELTA_DIR|g' /root/delta/opendelta.sh - # Set the work directory ######################## WORKDIR $SRC_DIR diff --git a/README.md b/README.md index f6792bc..eddedcc 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# docker-lineage-cicd +# docker-lineage-module-cicd Docker microservice for LineageOS Continuous Integration and Continous Deployment diff --git a/src/build.sh b/src/build.sh index cd63319..8c07747 100755 --- a/src/build.sh +++ b/src/build.sh @@ -17,8 +17,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -repo_log="$LOGS_DIR/repo-$(date +%Y%m%d).log" - # cd to working directory cd "$SRC_DIR" @@ -33,48 +31,10 @@ if [ "$CLEAN_OUTDIR" = true ]; then rm -rf "$APK_DIR/"* fi -# Treat DEVICE_LIST as DEVICE_LIST_ -first_branch=$(cut -d ',' -f 1 <<< "$BRANCH_NAME") -if [ -n "$DEVICE_LIST" ]; then - device_list_first_branch="DEVICE_LIST_$(sed 's/.*-\([a-zA-Z]*\)$/\1/' <<< $first_branch)" - device_list_first_branch=${device_list_first_branch^^} - read $device_list_first_branch <<< "$DEVICE_LIST,${!device_list_first_branch}" -fi - -sync_successful=true - -if [ "$LOCAL_MIRROR" = true ]; then - - cd "$MIRROR_DIR" - - if [ ! -d .repo ]; then - echo ">> [$(date)] Initializing mirror repository" | tee -a "$repo_log" - yes | repo init -u "$MIRROR" --mirror --no-clone-bundle -p linux &>> "$repo_log" - fi - - # Copy local manifests to the appropriate folder in order take them into consideration - echo ">> [$(date)] Copying '$LMANIFEST_DIR/*.xml' to '.repo/local_manifests/'" - mkdir -p .repo/local_manifests - rsync -a --delete --include '*.xml' --exclude '*' "$LMANIFEST_DIR/" .repo/local_manifests/ - - rm -f .repo/local_manifests/proprietary.xml - if [ "$INCLUDE_PROPRIETARY" = true ]; then - wget -q -O .repo/local_manifests/proprietary.xml "https://raw.githubusercontent.com/TheMuppets/manifests/mirror/default.xml" - fi - - echo ">> [$(date)] Syncing mirror repository" | tee -a "$repo_log" - repo sync --force-sync --no-clone-bundle &>> "$repo_log" - - if [ $? != 0 ]; then - sync_successful=false - fi -fi for branch in ${BRANCH_NAME//,/ }; do branch_dir=$(sed 's/.*-\([a-zA-Z]*\)$/\1/' <<< $branch) branch_dir=${branch_dir^^} - device_list_cur_branch="DEVICE_LIST_$branch_dir" - devices=${!device_list_cur_branch} if [ -n "$branch" ] && [ -n "$devices" ]; then @@ -82,7 +42,7 @@ for branch in ${BRANCH_NAME//,/ }; do cd "$SRC_DIR/$branch_dir" echo ">> [$(date)] Branch: $branch" - echo ">> [$(date)] Devices: $devices" + echo ">> [$(date)] Module: $module (under $path)" # Remove previous changes of vendor/cm, vendor/lineage and frameworks/base (if they exist) for path in "vendor/cm" "vendor/lineage" "frameworks/base"; do @@ -94,39 +54,12 @@ for branch in ${BRANCH_NAME//,/ }; do fi done - echo ">> [$(date)] (Re)initializing branch repository" | tee -a "$repo_log" - if [ "$LOCAL_MIRROR" = true ]; then - yes | repo init -u "$REPO" --reference "$MIRROR_DIR" -b "$branch" &>> "$repo_log" - else - yes | repo init -u "$REPO" -b "$branch" &>> "$repo_log" - fi - - # Copy local manifests to the appropriate folder in order take them into consideration - echo ">> [$(date)] Copying '$LMANIFEST_DIR/*.xml' to '.repo/local_manifests/'" - mkdir -p .repo/local_manifests - rsync -a --delete --include '*.xml' --exclude '*' "$LMANIFEST_DIR/" .repo/local_manifests/ - - rm -f .repo/local_manifests/proprietary.xml - if [ "$INCLUDE_PROPRIETARY" = true ]; then - if [[ $branch =~ nougat$ ]]; then - themuppets_branch=cm-14.1 - echo ">> [$(date)] Use branch $themuppets_branch on github.com/TheMuppets" - elif [[ $branch =~ oreo$ ]]; then - themuppets_branch=lineage-15.1 - echo ">> [$(date)] Use branch $themuppets_branch on github.com/TheMuppets" - elif [[ $branch =~ pie$ ]]; then - themuppets_branch=lineage-16.0 - echo ">> [$(date)] Use branch $themuppets_branch on github.com/TheMuppets" - else - themuppets_branch=cm-14.1 - echo ">> [$(date)] Can't find a matching branch on github.com/TheMuppets, using $themuppets_branch" - fi - wget -q -O .repo/local_manifests/proprietary.xml "https://raw.githubusercontent.com/TheMuppets/manifests/$themuppets_branch/muppets.xml" - fi + echo ">> [$(date)] (Re)initializing branch repository" + yes | repo init -u "$REPO" -b "$branch" - echo ">> [$(date)] Syncing branch repository" | tee -a "$repo_log" + echo ">> [$(date)] Syncing branch repository" builddate=$(date +%Y%m%d) - repo sync -c --force-sync &>> "$repo_log" + repo sync -c -d --force-sync if [ $? != 0 ]; then sync_successful=false @@ -145,93 +78,28 @@ for branch in ${BRANCH_NAME//,/ }; do fi android_version_major=$(cut -d '.' -f 1 <<< $android_version) - if [ "$android_version_major" -ge "8" ]; then - vendor="lineage" - else - vendor="cm" - fi - - if [ ! -d "vendor/$vendor" ]; then - echo ">> [$(date)] Missing \"vendor/$vendor\", aborting" - exit 1 - fi - - # Set up our overlay - mkdir -p "vendor/$vendor/overlay/microg/" - sed -i "1s;^;PRODUCT_PACKAGE_OVERLAYS := vendor/$vendor/overlay/microg\n;" "vendor/$vendor/config/common.mk" - - los_ver_major=$(sed -n -e 's/^\s*PRODUCT_VERSION_MAJOR = //p' "vendor/$vendor/config/common.mk") - los_ver_minor=$(sed -n -e 's/^\s*PRODUCT_VERSION_MINOR = //p' "vendor/$vendor/config/common.mk") - los_ver="$los_ver_major.$los_ver_minor" - - # If needed, apply the microG's signature spoofing patch - if [ "$SIGNATURE_SPOOFING" = "yes" ] || [ "$SIGNATURE_SPOOFING" = "restricted" ]; then - # Determine which patch should be applied to the current Android source tree - patch_name="" - case $android_version in - 4.4* ) patch_name="android_frameworks_base-KK-LP.patch" ;; - 5.* ) patch_name="android_frameworks_base-KK-LP.patch" ;; - 6.* ) patch_name="android_frameworks_base-M.patch" ;; - 7.* ) patch_name="android_frameworks_base-N.patch" ;; - 8.* ) patch_name="android_frameworks_base-O.patch" ;; - 9* ) patch_name="android_frameworks_base-P.patch" ;; #not sure why 9 not 9.0 but here's a fix that will work until android 90 - esac - - if ! [ -z $patch_name ]; then - cd frameworks/base - if [ "$SIGNATURE_SPOOFING" = "yes" ]; then - echo ">> [$(date)] Applying the standard signature spoofing patch ($patch_name) to frameworks/base" - echo ">> [$(date)] WARNING: the standard signature spoofing patch introduces a security threat" - patch --quiet -p1 -i "/root/signature_spoofing_patches/$patch_name" - else - echo ">> [$(date)] Applying the restricted signature spoofing patch (based on $patch_name) to frameworks/base" - sed 's/android:protectionLevel="dangerous"/android:protectionLevel="signature|privileged"/' "/root/signature_spoofing_patches/$patch_name" | patch --quiet -p1 - fi - git clean -q -f - cd ../.. - - # Override device-specific settings for the location providers - mkdir -p "vendor/$vendor/overlay/microg/frameworks/base/core/res/res/values/" - cp /root/signature_spoofing_patches/frameworks_base_config.xml "vendor/$vendor/overlay/microg/frameworks/base/core/res/res/values/config.xml" - else - echo ">> [$(date)] ERROR: can't find a suitable signature spoofing patch for the current Android version ($android_version)" - exit 1 - fi - fi - - echo ">> [$(date)] Setting \"$RELEASE_TYPE\" as release type" - sed -i "/\$(filter .*\$(${vendor^^}_BUILDTYPE)/,+2d" "vendor/$vendor/config/common.mk" - - # Set a custom updater URI if a OTA URL is provided - echo ">> [$(date)] Adding OTA URL overlay (for custom URL $OTA_URL)" - if ! [ -z "$OTA_URL" ]; then - updater_url_overlay_dir="vendor/$vendor/overlay/microg/packages/apps/Updater/res/values/" - mkdir -p "$updater_url_overlay_dir" - - if [ -n "$(grep updater_server_url packages/apps/Updater/res/values/strings.xml)" ]; then - # "New" updater configuration: full URL (with placeholders {device}, {type} and {incr}) - sed "s|{name}|updater_server_url|g; s|{url}|$OTA_URL/v1/{device}/{type}/{incr}|g" /root/packages_updater_strings.xml > "$updater_url_overlay_dir/strings.xml" - elif [ -n "$(grep conf_update_server_url_def packages/apps/Updater/res/values/strings.xml)" ]; then - # "Old" updater configuration: just the URL - sed "s|{name}|conf_update_server_url_def|g; s|{url}|$OTA_URL|g" /root/packages_updater_strings.xml > "$updater_url_overlay_dir/strings.xml" - else - echo ">> [$(date)] ERROR: no known Updater URL property found" - exit 1 - fi - fi - - # Add custom packages to be installed - if ! [ -z "$CUSTOM_PACKAGES" ]; then - echo ">> [$(date)] Adding custom packages ($CUSTOM_PACKAGES)" - sed -i "1s;^;PRODUCT_PACKAGES += $CUSTOM_PACKAGES\n\n;" "vendor/$vendor/config/common.mk" - fi - - if [ "$SIGN_BUILDS" = true ]; then - echo ">> [$(date)] Adding keys path ($KEYS_DIR)" - # Soong (Android 9+) complains if the signing keys are outside the build path - ln -sf "$KEYS_DIR" user-keys - sed -i "1s;^;PRODUCT_DEFAULT_DEV_CERTIFICATE := user-keys/releasekey\nPRODUCT_OTA_PUBLIC_KEYS := user-keys/releasekey\nPRODUCT_EXTRA_RECOVERY_KEYS := user-keys/releasekey\n\n;" "vendor/$vendor/config/common.mk" - fi + # if [ "$android_version_major" -ge "8" ]; then + # vendor="lineage" + # else + # vendor="cm" + # fi + # + # if [ ! -d "vendor/$vendor" ]; then + # echo ">> [$(date)] Missing \"vendor/$vendor\", aborting" + # exit 1 + # fi + # + # # Set up our overlay + # mkdir -p "vendor/$vendor/overlay/microg/" + # sed -i "1s;^;PRODUCT_PACKAGE_OVERLAYS := vendor/$vendor/overlay/microg\n;" "vendor/$vendor/config/common.mk" + + + # if [ "$SIGN_BUILDS" = true ]; then + # echo ">> [$(date)] Adding keys path ($KEYS_DIR)" + # # Soong (Android 9+) complains if the signing keys are outside the build path + # ln -sf "$KEYS_DIR" user-keys + # sed -i "1s;^;PRODUCT_DEFAULT_DEV_CERTIFICATE := user-keys/releasekey\nPRODUCT_OTA_PUBLIC_KEYS := user-keys/releasekey\nPRODUCT_EXTRA_RECOVERY_KEYS := user-keys/releasekey\n\n;" "vendor/$vendor/config/common.mk" + # fi if [ "$android_version_major" -ge "7" ]; then jdk_version=8 @@ -254,177 +122,47 @@ for branch in ${BRANCH_NAME//,/ }; do /root/userscripts/before.sh fi - for codename in ${devices//,/ }; do - build_device=true - if ! [ -z "$codename" ]; then - - currentdate=$(date +%Y%m%d) - if [ "$builddate" != "$currentdate" ]; then - # Sync the source code - builddate=$currentdate - - if [ "$LOCAL_MIRROR" = true ]; then - echo ">> [$(date)] Syncing mirror repository" | tee -a "$repo_log" - cd "$MIRROR_DIR" - repo sync --force-sync --no-clone-bundle &>> "$repo_log" - - if [ $? != 0 ]; then - sync_successful=false - build_device=false - fi - fi - - echo ">> [$(date)] Syncing branch repository" | tee -a "$repo_log" - cd "$SRC_DIR/$branch_dir" - repo sync -c --force-sync &>> "$repo_log" - - if [ $? != 0 ]; then - sync_successful=false - build_device=false - fi - fi - - if [ "$BUILD_OVERLAY" = true ]; then - mkdir -p "$TMP_DIR/device" "$TMP_DIR/workdir" "$TMP_DIR/merged" - mount -t overlay overlay -o lowerdir="$SRC_DIR/$branch_dir",upperdir="$TMP_DIR/device",workdir="$TMP_DIR/workdir" "$TMP_DIR/merged" - source_dir="$TMP_DIR/merged" - else - source_dir="$SRC_DIR/$branch_dir" - fi - cd "$source_dir" - - if [ "$ZIP_SUBDIR" = true ]; then - zipsubdir=$codename - mkdir -p "$APK_DIR/$zipsubdir" - else - zipsubdir= - fi - if [ "$LOGS_SUBDIR" = true ]; then - logsubdir=$codename - mkdir -p "$LOGS_DIR/$logsubdir" - else - logsubdir= - fi - - DEBUG_LOG="$LOGS_DIR/$logsubdir/eelo-$los_ver-$builddate-$RELEASE_TYPE-$codename.log" - - if [ -f /root/userscripts/pre-build.sh ]; then - echo ">> [$(date)] Running pre-build.sh for $codename" >> "$DEBUG_LOG" - /root/userscripts/pre-build.sh $codename &>> "$DEBUG_LOG" - - if [ $? != 0 ]; then - build_device=false - fi - fi - - if [ "$build_device" = false ]; then - echo ">> [$(date)] No build for $codename" >> "$DEBUG_LOG" - continue - fi - - # Start the build - echo ">> [$(date)] Starting build for $codename, $branch branch" | tee -a "$DEBUG_LOG" - build_successful=false - echo "ANDROID_JACK_VM_ARGS=${ANDROID_JACK_VM_ARGS}" - cd $MODULE_PATH - if mma &>> "$DEBUG_LOG"; then - currentdate=$(date +%Y%m%d) - if [ "$builddate" != "$currentdate" ]; then - find out/target/product/$codename -maxdepth 1 -name "e-*-$currentdate-*.zip*" -type f -exec sh /root/fix_build_date.sh {} $currentdate $builddate \; &>> "$DEBUG_LOG" - fi - - if [ "$BUILD_DELTA" = true ]; then - if [ -d "delta_last/$codename/" ]; then - # If not the first build, create delta files - echo ">> [$(date)] Generating delta files for $codename" | tee -a "$DEBUG_LOG" - cd /root/delta - if ./opendelta.sh $codename &>> "$DEBUG_LOG"; then - echo ">> [$(date)] Delta generation for $codename completed" | tee -a "$DEBUG_LOG" - else - echo ">> [$(date)] Delta generation for $codename failed" | tee -a "$DEBUG_LOG" - fi - if [ "$DELETE_OLD_DELTAS" -gt "0" ]; then - /usr/bin/python /root/clean_up.py -n $DELETE_OLD_DELTAS -V $los_ver -N 1 "$DELTA_DIR/$codename" &>> $DEBUG_LOG - fi - cd "$source_dir" - else - # If the first build, copy the current full zip in $source_dir/delta_last/$codename/ - echo ">> [$(date)] No previous build for $codename; using current build as base for the next delta" | tee -a "$DEBUG_LOG" - mkdir -p delta_last/$codename/ &>> "$DEBUG_LOG" - find out/target/product/$codename -maxdepth 1 -name 'e-*.zip' -type f -exec cp {} "$source_dir/delta_last/$codename/" \; &>> "$DEBUG_LOG" - fi - fi - # Move produced ZIP files to the main OUT directory - echo ">> [$(date)] Moving build artifacts for $codename to '$APK_DIR'" | tee -a "$DEBUG_LOG" - if [ "${PRIV_APP}" = true ]; then - cd out/target/product/system/priv-app/${MODULE_NAME}/ - else - cd out/target/product/system/app/${MODULE_NAME}/ - fi - mv ${MODULE_NAME}.apk $APK_DIR/ - cd "$source_dir" - build_successful=true - else - echo ">> [$(date)] Failed build for $codename" | tee -a "$DEBUG_LOG" - fi + if [ -f /root/userscripts/pre-build.sh ]; then + echo ">> [$(date)] Running pre-build.sh" + /root/userscripts/pre-build.sh + fi - # Remove old zips and logs - if [ "$DELETE_OLD_ZIPS" -gt "0" ]; then - if [ "$ZIP_SUBDIR" = true ]; then - /usr/bin/python /root/clean_up.py -n $DELETE_OLD_ZIPS -V $los_ver -N 1 "$ZIP_DIR/$zipsubdir" - else - /usr/bin/python /root/clean_up.py -n $DELETE_OLD_ZIPS -V $los_ver -N 1 -c $codename "$ZIP_DIR" - fi - fi - if [ "$DELETE_OLD_LOGS" -gt "0" ]; then - if [ "$LOGS_SUBDIR" = true ]; then - /usr/bin/python /root/clean_up.py -n $DELETE_OLD_LOGS -V $los_ver -N 1 "$LOGS_DIR/$logsubdir" - else - /usr/bin/python /root/clean_up.py -n $DELETE_OLD_LOGS -V $los_ver -N 1 -c $codename "$LOGS_DIR" - fi - fi - if [ -f /root/userscripts/post-build.sh ]; then - echo ">> [$(date)] Running post-build.sh for $codename" >> "$DEBUG_LOG" - /root/userscripts/post-build.sh $codename $build_successful &>> "$DEBUG_LOG" - fi - echo ">> [$(date)] Finishing build for $codename" | tee -a "$DEBUG_LOG" + # Start the build + echo ">> [$(date)] Starting build for $MODULE_NAME, $branch branch" + echo "ANDROID_JACK_VM_ARGS=${ANDROID_JACK_VM_ARGS}" + cd $MODULE_PATH + if mma ; then - if [ "$BUILD_OVERLAY" = true ]; then - # The Jack server must be stopped manually, as we want to unmount $TMP_DIR/merged - cd "$TMP_DIR" - if [ -f "$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin" ]; then - "$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin kill-server" &> /dev/null || true - fi - lsof | grep "$TMP_DIR/merged" | awk '{ print $2 }' | sort -u | xargs -r kill &> /dev/null + # Move produced ZIP files to the main OUT directory + echo ">> [$(date)] Moving build artifacts for $MODULE_NAME to '$APK_DIR'" + if [ "${PRIV_APP}" = true ]; then + cd out/target/product/generic/system/priv-app/${MODULE_NAME}/ + else + cd out/target/product/generic/system/app/${MODULE_NAME}/ + fi + mv ${MODULE_NAME}.apk $APK_DIR/ + cd "$source_dir" + else + echo ">> [$(date)] Failed build for $MODULE_NAME" + fi - while [ -n "$(lsof | grep $TMP_DIR/merged)" ]; do - sleep 1 - done - umount "$TMP_DIR/merged" - fi + if [ -f /root/userscripts/post-build.sh ]; then + echo ">> [$(date)] Running post-build.sh for $MODULE_NAME" + /root/userscripts/post-build.sh + fi + echo ">> [$(date)] Finishing build for $MODULE_NAME" - if [ "$CLEAN_AFTER_BUILD" = true ]; then - echo ">> [$(date)] Cleaning source dir for device $codename" | tee -a "$DEBUG_LOG" - if [ "$BUILD_OVERLAY" = true ]; then - cd "$TMP_DIR" - rm -rf ./* - else - cd "$source_dir" - mka clean &>> "$DEBUG_LOG" - fi - fi - fi - done + if [ "$CLEAN_AFTER_BUILD" = true ]; then + echo ">> [$(date)] Cleaning source dir" + cd "$source_dir" + mka clean + fi fi done -if [ "$DELETE_OLD_LOGS" -gt "0" ]; then - find "$LOGS_DIR" -maxdepth 1 -name repo-*.log | sort | head -n -$DELETE_OLD_LOGS | xargs -r rm -fi - if [ -f /root/userscripts/end.sh ]; then echo ">> [$(date)] Running end.sh" /root/userscripts/end.sh diff --git a/src/fix_date.sh b/src/fix_date.sh deleted file mode 100755 index 405c73f..0000000 --- a/src/fix_date.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -mv "$1" $(echo "$1" | sed "s|$2|$3|") diff --git a/src/init.sh b/src/init.sh index 9cfdbae..824ad59 100755 --- a/src/init.sh +++ b/src/init.sh @@ -32,31 +32,6 @@ fi git config --global user.name $USER_NAME git config --global user.email $USER_MAIL -if [ "$SIGN_BUILDS" = true ]; then - if [ -z "$(ls -A "$KEYS_DIR")" ]; then - echo ">> [$(date)] SIGN_BUILDS = true but empty \$KEYS_DIR, generating new keys" - for c in releasekey platform shared media; do - echo ">> [$(date)] Generating $c..." - /root/make_key "$KEYS_DIR/$c" "$KEYS_SUBJECT" <<< '' &> /dev/null - done - else - for c in releasekey platform shared media; do - for e in pk8 x509.pem; do - if [ ! -f "$KEYS_DIR/$c.$e" ]; then - echo ">> [$(date)] SIGN_BUILDS = true and not empty \$KEYS_DIR, but \"\$KEYS_DIR/$c.$e\" is missing" - exit 1 - fi - done - done - fi - - for c in cyngn{-priv,}-app testkey; do - for e in pk8 x509.pem; do - ln -s releasekey.$e "$KEYS_DIR/$c.$e" 2> /dev/null - done - done -fi - # Define memory to use for jack (depending of runner tag) if [[ -n ${CI_RUNNER_TAGS} ]] then @@ -68,18 +43,3 @@ then echo "ANDROID_JACK_VM_ARGS set to ${ANDROID_JACK_VM_ARGS}" fi fi - -if [ "$CRONTAB_TIME" = "now" ]; then - /root/build.sh -else - # Initialize the cronjob - cronFile=/tmp/buildcron - printf "SHELL=/bin/bash\n" > $cronFile - printenv -0 | sed -e 's/=\x0/=""\n/g' | sed -e 's/\x0/\n/g' | sed -e "s/_=/PRINTENV=/g" >> $cronFile - printf "\n$CRONTAB_TIME /usr/bin/flock -n /var/lock/build.lock /root/build.sh >> /var/log/docker.log 2>&1\n" >> $cronFile - crontab $cronFile - rm $cronFile - - # Run crond in foreground - cron -f 2>&1 -fi diff --git a/src/make_key b/src/make_key deleted file mode 100755 index a6cf49c..0000000 --- a/src/make_key +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash -# -# Copyright (C) 2009 The Android Open Source Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Generates a public/private key pair suitable for use in signing -# android .apks and OTA update packages. - -if [ "$#" -lt 2 -o "$#" -gt 3 ]; then - cat < [] - -Creates .pk8 key and .x509.pem cert. Cert contains the -given . A keytype of "rsa" or "ec" is accepted. -EOF - exit 2 -fi - -if [[ -e $1.pk8 || -e $1.x509.pem ]]; then - echo "$1.pk8 and/or $1.x509.pem already exist; please delete them first" - echo "if you want to replace them." - exit 1 -fi - -# Use named pipes to connect get the raw RSA private key to the cert- -# and .pk8-creating programs, to avoid having the private key ever -# touch the disk. - -tmpdir=$(mktemp -d) -trap 'rm -rf ${tmpdir}; echo; exit 1' EXIT INT QUIT - -one=${tmpdir}/one -two=${tmpdir}/two -mknod ${one} p -mknod ${two} p -chmod 0600 ${one} ${two} - -read -p "Enter password for '$1' (blank for none; password will be visible): " \ - password - -if [ "${3}" = "rsa" -o "$#" -eq 2 ]; then - ( openssl genrsa -f4 2048 | tee ${one} > ${two} ) & - hash="-sha256" -elif [ "${3}" = "ec" ]; then - ( openssl ecparam -name prime256v1 -genkey -noout | tee ${one} > ${two} ) & - hash="-sha256" -else - echo "Only accepts RSA or EC keytypes." - exit 1 -fi - -openssl req -new -x509 ${hash} -key ${two} -out $1.x509.pem \ - -days 10000 -subj "$2" & - -if [ "${password}" == "" ]; then - echo "creating ${1}.pk8 with no password" - openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 -nocrypt -else - echo "creating ${1}.pk8 with password [${password}]" - export password - openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 \ - -passout env:password - unset password -fi - -wait -wait diff --git a/src/opendelta_builds_json.py b/src/opendelta_builds_json.py deleted file mode 100755 index 9ae338e..0000000 --- a/src/opendelta_builds_json.py +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/env python - -# Copyright (C) 2017 Nicola Corna -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -from sys import argv -from argparse import ArgumentParser -import os -import json - -if __name__ == "__main__": - parser = ArgumentParser(description='Generate an OpenDelta\'s builds.json ' - 'file') - parser.add_argument('path', metavar='PATH', type=str, help='the directory ' - 'containing the zips') - parser.add_argument('-o', "--output", type=str, help='output file; ' - 'if unspecified, print to stdout') - args = parser.parse_args() - - data = {} - builddirs = ['./' + s for s in os.listdir(args.path)] - for builddir in builddirs: - try: - builds = os.listdir(os.path.join(args.path, builddir)) - data[builddir] = [dict() for x in range(len(builds))] - for i in range(0, len(builds)): - data[builddir][i]["filename"] = builds[i] - data[builddir][i]["timestamp"] = int(os.path.getmtime( - os.path.join(args.path, builddir, builds[i]))) - except OSError: - pass - - if args.output: - with open(args.output, "w") as f: - f.write(json.dumps(data, separators=(',',':'))) - else: - print(json.dumps(data, separators=(',',':'))) diff --git a/src/signature_spoofing_patches/android_frameworks_base-KK-LP.patch b/src/signature_spoofing_patches/android_frameworks_base-KK-LP.patch deleted file mode 100644 index 5571a58..0000000 --- a/src/signature_spoofing_patches/android_frameworks_base-KK-LP.patch +++ /dev/null @@ -1,66 +0,0 @@ -diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java -index e6da288..66684d3 100644 ---- a/core/java/android/content/pm/PackageParser.java -+++ b/core/java/android/content/pm/PackageParser.java -@@ -447,10 +447,23 @@ public class PackageParser { - } - } - if ((flags&PackageManager.GET_SIGNATURES) != 0) { -- int N = (p.mSignatures != null) ? p.mSignatures.length : 0; -- if (N > 0) { -- pi.signatures = new Signature[N]; -- System.arraycopy(p.mSignatures, 0, pi.signatures, 0, N); -+ boolean handledFakeSignature = false; -+ try { -+ if (p.requestedPermissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") && p.mAppMetaData != null -+ && p.mAppMetaData.get("fake-signature") instanceof String) { -+ pi.signatures = new Signature[] {new Signature(p.mAppMetaData.getString("fake-signature"))}; -+ handledFakeSignature = true; -+ } -+ } catch (Throwable t) { -+ // We should never die because of any failures, this is system code! -+ Log.w("PackageParser.FAKE_PACKAGE_SIGNATURE", t); -+ } -+ if (!handledFakeSignature) { -+ int N = (p.mSignatures != null) ? p.mSignatures.length : 0; -+ if (N > 0) { -+ pi.signatures = new Signature[N]; -+ System.arraycopy(p.mSignatures, 0, pi.signatures, 0, N); -+ } - } - } - return pi; -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index 558a475..4e7aa65 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -1562,6 +1562,13 @@ - android:label="@string/permlab_getPackageSize" - android:description="@string/permdesc_getPackageSize" /> - -+ -+ -+ - -diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml -index 790e166..8e66470 100644 ---- a/core/res/res/values/strings.xml -+++ b/core/res/res/values/strings.xml -@@ -1135,6 +1135,11 @@ - Allows the app to retrieve its code, data, and cache sizes - - -+ mimic package signature -+ -+ Allows the app to use mimic another app\'s package signature. -+ -+ - directly install apps - - Allows the app to install new or updated diff --git a/src/signature_spoofing_patches/android_frameworks_base-M.patch b/src/signature_spoofing_patches/android_frameworks_base-M.patch deleted file mode 100644 index 72d68e7..0000000 --- a/src/signature_spoofing_patches/android_frameworks_base-M.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 7357f8c0c8a6bdc09555ab47dae83f28346b8470 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Beno=C3=AEt=20Mauduit?= -Date: Wed, 22 Jun 2016 15:04:56 +0200 -Subject: [PATCH 1/1] Add signature Spoofing permission -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is needed by GmsCore (https://microg.org/) to pretend -the existence of the official Play Services to applications calling -Google APIs. - -Signed-off-by: Benoît Mauduit ---- - core/res/AndroidManifest.xml | 7 +++++++ - core/res/res/values/config.xml | 2 ++ - core/res/res/values/strings.xml | 5 +++++ - .../android/server/pm/PackageManagerService.java | 23 ++++++++++++++++++++-- - 4 files changed, 35 insertions(+), 2 deletions(-) - -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index ea0e39c..a936983 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -1654,6 +1654,13 @@ - android:description="@string/permdesc_getPackageSize" - android:protectionLevel="normal" /> - -+ -+ -+ - -diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml -index c7846cf..916d8a5 100644 ---- a/core/res/res/values/config.xml -+++ b/core/res/res/values/config.xml -@@ -1298,6 +1298,8 @@ - - - com.android.location.fused -+ -+ com.google.android.gms - - - -diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml -index 58135db..e65367a 100644 ---- a/core/res/res/values/strings.xml -+++ b/core/res/res/values/strings.xml -@@ -616,6 +616,11 @@ - - - -+ Spoof package signature -+ -+ Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Grant this permission with caution only! -+ -+ - disable or modify status bar - - Allows the app to disable the status bar or add and remove system icons. -diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java -index 0493180..35f49d7 100644 ---- a/services/core/java/com/android/server/pm/PackageManagerService.java -+++ b/services/core/java/com/android/server/pm/PackageManagerService.java -@@ -2816,8 +2816,27 @@ public class PackageManagerService extends IPackageManager.Stub { - final Set permissions = permissionsState.getPermissions(userId); - final PackageUserState state = ps.readUserState(userId); - -- return PackageParser.generatePackageInfo(p, gids, flags, -- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); -+ return mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags, -+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId), -+ permissions); -+ } -+ -+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi, -+ Set permissions) { -+ try { -+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") -+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1 -+ && p.mAppMetaData != null) { -+ String sig = p.mAppMetaData.getString("fake-signature"); -+ if (sig != null) { -+ pi.signatures = new Signature[] {new Signature(sig)}; -+ } -+ } -+ } catch (Throwable t) { -+ // We should never die because of any failures, this is system code! -+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); -+ } -+ return pi; - } - - @Override --- -2.8.1 - diff --git a/src/signature_spoofing_patches/android_frameworks_base-N.patch b/src/signature_spoofing_patches/android_frameworks_base-N.patch deleted file mode 100644 index 6e6125c..0000000 --- a/src/signature_spoofing_patches/android_frameworks_base-N.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 7357f8c0c8a6bdc09555ab47dae83f28346b8470 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Beno=C3=AEt=20Mauduit?= -Date: Wed, 22 Jun 2016 15:04:56 +0200 -Subject: [PATCH 1/1] Add signature Spoofing permission -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is needed by GmsCore (https://microg.org/) to pretend -the existence of the official Play Services to applications calling -Google APIs. - -Signed-off-by: Benoît Mauduit ---- - core/res/AndroidManifest.xml | 7 +++++++ - core/res/res/values/config.xml | 2 ++ - core/res/res/values/strings.xml | 5 +++++ - .../android/server/pm/PackageManagerService.java | 23 ++++++++++++++++++++-- - 4 files changed, 35 insertions(+), 2 deletions(-) - -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index ea0e39c..a936983 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -1654,6 +1654,13 @@ - android:description="@string/permdesc_getPackageSize" - android:protectionLevel="normal" /> - -+ -+ -+ - -diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml -index c7846cf..916d8a5 100644 ---- a/core/res/res/values/config.xml -+++ b/core/res/res/values/config.xml -@@ -1298,6 +1298,8 @@ - - - com.android.location.fused -+ -+ com.google.android.gms - - - -diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml -index 58135db..e65367a 100644 ---- a/core/res/res/values/strings.xml -+++ b/core/res/res/values/strings.xml -@@ -616,6 +616,11 @@ - - - -+ Spoof package signature -+ -+ Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Grant this permission with caution only! -+ -+ - disable or modify status bar - - Allows the app to disable the status bar or add and remove system icons. -diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java -index 0493180..35f49d7 100644 ---- a/services/core/java/com/android/server/pm/PackageManagerService.java -+++ b/services/core/java/com/android/server/pm/PackageManagerService.java -@@ -3067,8 +3067,27 @@ public class PackageManagerService extends IPackageManager.Stub { - ? Collections.emptySet() : permissionsState.getPermissions(userId); - final PackageUserState state = ps.readUserState(userId); - -- return PackageParser.generatePackageInfo(p, gids, flags, -- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); -+ return mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags, -+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId), -+ permissions); -+ } -+ -+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi, -+ Set permissions) { -+ try { -+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") -+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1 -+ && p.mAppMetaData != null) { -+ String sig = p.mAppMetaData.getString("fake-signature"); -+ if (sig != null) { -+ pi.signatures = new Signature[] {new Signature(sig)}; -+ } -+ } -+ } catch (Throwable t) { -+ // We should never die because of any failures, this is system code! -+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); -+ } -+ return pi; - } - - @Override --- -2.8.1 - diff --git a/src/signature_spoofing_patches/android_frameworks_base-O.patch b/src/signature_spoofing_patches/android_frameworks_base-O.patch deleted file mode 100644 index cc1d338..0000000 --- a/src/signature_spoofing_patches/android_frameworks_base-O.patch +++ /dev/null @@ -1,102 +0,0 @@ -commit 4e9d677b35b9656c22c922c9abca4107ab95c9b4 -Author: Bernhard Rosenkränzer -Date: Tue Aug 29 00:34:27 2017 +0200 - - Add permission to allow an APK to fake a signature. - - This is needed by GmsCore (https://microg.org/) to pretend - the existence of the official Play Services to applications calling - Google APIs. - - Forward-ported from https://github.com/microg/android_packages_apps_GmsCore/blob/master/patches/android_frameworks_base-N.patch - - Change-Id: I603fd09200432f7e1bf997072188cdfa6da1594f - Signed-off-by: Bernhard Rosenkränzer - -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index 794d4f8b78b..b3189077256 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -2075,6 +2075,13 @@ - android:description="@string/permdesc_getPackageSize" - android:protectionLevel="normal" /> - -+ -+ -+ - -diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml -index 3613acf44aa..d1636c862c5 100644 ---- a/core/res/res/values/config.xml -+++ b/core/res/res/values/config.xml -@@ -1385,6 +1385,8 @@ - - - com.android.location.fused -+ -+ com.google.android.gms - - - -diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml -index 3eebe7eb68d..7405386cd49 100644 ---- a/core/res/res/values/strings.xml -+++ b/core/res/res/values/strings.xml -@@ -764,6 +764,10 @@ - - - -+ -+ Spoof package signature -+ -+ Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only! - - disable or modify status bar - -diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java -index f36b762c5e9..048a057d39c 100644 ---- a/services/core/java/com/android/server/pm/PackageManagerService.java -+++ b/services/core/java/com/android/server/pm/PackageManagerService.java -@@ -3571,8 +3571,9 @@ public class PackageManagerService extends IPackageManager.Stub - flags |= MATCH_ANY_USER; - } - -- PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags, -- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); -+ PackageInfo packageInfo = mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags, -+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId), -+ permissions); - - if (packageInfo == null) { - return null; -@@ -3584,6 +3585,24 @@ public class PackageManagerService extends IPackageManager.Stub - return packageInfo; - } - -+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi, -+ Set permissions) { -+ try { -+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") -+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1 -+ && p.mAppMetaData != null) { -+ String sig = p.mAppMetaData.getString("fake-signature"); -+ if (sig != null) { -+ pi.signatures = new Signature[] {new Signature(sig)}; -+ } -+ } -+ } catch (Throwable t) { -+ // We should never die because of any failures, this is system code! -+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); -+ } -+ return pi; -+ } -+ - @Override - public void checkPackageStartable(String packageName, int userId) { - final int callingUid = Binder.getCallingUid(); diff --git a/src/signature_spoofing_patches/android_frameworks_base-P.patch b/src/signature_spoofing_patches/android_frameworks_base-P.patch deleted file mode 100644 index ad0fdf2..0000000 --- a/src/signature_spoofing_patches/android_frameworks_base-P.patch +++ /dev/null @@ -1,88 +0,0 @@ -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index 66c497e9977..c1b2e703109 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -2341,6 +2341,13 @@ - android:description="@string/permdesc_getPackageSize" - android:protectionLevel="normal" /> - -+ -+ -+ - -diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml -index 0b5dd7e70e8..bbdba64f2ba 100644 ---- a/core/res/res/values/config.xml -+++ b/core/res/res/values/config.xml -@@ -1650,6 +1650,8 @@ - - - com.android.location.fused -+ -+ com.google.android.gms - - - -diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml -index 3c5159c89bf..7583f1c567f 100644 ---- a/core/res/res/values/strings.xml -+++ b/core/res/res/values/strings.xml -@@ -786,6 +786,11 @@ - - - -+ Spoof package signature -+ -+ Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only! -+ -+ - disable or modify status bar - - Allows the app to disable the status bar or add and remove system icons. -diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java -index 9ed2b9c1854..4c5ce24cfa7 100644 ---- a/services/core/java/com/android/server/pm/PackageManagerService.java -+++ b/services/core/java/com/android/server/pm/PackageManagerService.java -@@ -3937,8 +3937,9 @@ public class PackageManagerService extends IPackageManager.Stub - final Set permissions = ArrayUtils.isEmpty(p.requestedPermissions) - ? Collections.emptySet() : permissionsState.getPermissions(userId); - -- PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags, -- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); -+ PackageInfo packageInfo = mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags, -+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId), -+ permissions); - - if (packageInfo == null) { - return null; -@@ -3974,6 +3975,24 @@ public class PackageManagerService extends IPackageManager.Stub - } - } - -+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi, -+ Set permissions) { -+ try { -+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") -+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1 -+ && p.mAppMetaData != null) { -+ String sig = p.mAppMetaData.getString("fake-signature"); -+ if (sig != null) { -+ pi.signatures = new Signature[] {new Signature(sig)}; -+ } -+ } -+ } catch (Throwable t) { -+ // We should never die because of any failures, this is system code! -+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); -+ } -+ return pi; -+ } -+ - @Override - public void checkPackageStartable(String packageName, int userId) { - final int callingUid = Binder.getCallingUid(); diff --git a/src/signature_spoofing_patches/frameworks_base_config.xml b/src/signature_spoofing_patches/frameworks_base_config.xml deleted file mode 100644 index 5925277..0000000 --- a/src/signature_spoofing_patches/frameworks_base_config.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - - true - true - - -- GitLab From 5b88a241f7264c8c11596e5e733f050d69c7d6df Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Fri, 18 Oct 2019 17:20:17 +0200 Subject: [PATCH 4/6] Display out dir content --- src/build.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/src/build.sh b/src/build.sh index 8c07747..117d65a 100755 --- a/src/build.sh +++ b/src/build.sh @@ -140,6 +140,7 @@ for branch in ${BRANCH_NAME//,/ }; do else cd out/target/product/generic/system/app/${MODULE_NAME}/ fi + ls mv ${MODULE_NAME}.apk $APK_DIR/ cd "$source_dir" else -- GitLab From ef4833b37809a989721625b7d588f7f8b0aabb4c Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Fri, 18 Oct 2019 17:33:15 +0200 Subject: [PATCH 5/6] Start the build --- src/init.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/init.sh b/src/init.sh index 824ad59..7f9a66f 100755 --- a/src/init.sh +++ b/src/init.sh @@ -43,3 +43,5 @@ then echo "ANDROID_JACK_VM_ARGS set to ${ANDROID_JACK_VM_ARGS}" fi fi + +/root/build.sh -- GitLab From 7a511094377db6f17ed0633de95e5b067646da03 Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Fri, 18 Oct 2019 19:10:49 +0200 Subject: [PATCH 6/6] Fix issues --- src/build.sh | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/src/build.sh b/src/build.sh index 117d65a..c4c06f4 100755 --- a/src/build.sh +++ b/src/build.sh @@ -25,24 +25,17 @@ if [ -f /root/userscripts/begin.sh ]; then /root/userscripts/begin.sh fi -# If requested, clean the OUT dir in order to avoid clutter -if [ "$CLEAN_OUTDIR" = true ]; then - echo ">> [$(date)] Cleaning '$APK_DIR'" - rm -rf "$APK_DIR/"* -fi - - for branch in ${BRANCH_NAME//,/ }; do branch_dir=$(sed 's/.*-\([a-zA-Z]*\)$/\1/' <<< $branch) branch_dir=${branch_dir^^} - if [ -n "$branch" ] && [ -n "$devices" ]; then + if [ -n "$branch" ] ; then mkdir -p "$SRC_DIR/$branch_dir" cd "$SRC_DIR/$branch_dir" echo ">> [$(date)] Branch: $branch" - echo ">> [$(date)] Module: $module (under $path)" + echo ">> [$(date)] Module: $MODULE_NAME (under $MODULE_PATH)" # Remove previous changes of vendor/cm, vendor/lineage and frameworks/base (if they exist) for path in "vendor/cm" "vendor/lineage" "frameworks/base"; do @@ -122,6 +115,9 @@ for branch in ${BRANCH_NAME//,/ }; do /root/userscripts/before.sh fi + source_dir="$SRC_DIR/$branch_dir" + cd "$source_dir" + if [ -f /root/userscripts/pre-build.sh ]; then echo ">> [$(date)] Running pre-build.sh" /root/userscripts/pre-build.sh @@ -135,6 +131,7 @@ for branch in ${BRANCH_NAME//,/ }; do # Move produced ZIP files to the main OUT directory echo ">> [$(date)] Moving build artifacts for $MODULE_NAME to '$APK_DIR'" + cd "$source_dir" if [ "${PRIV_APP}" = true ]; then cd out/target/product/generic/system/priv-app/${MODULE_NAME}/ else -- GitLab