-
Notifications
You must be signed in to change notification settings - Fork 3
/
1_build.sh
executable file
·269 lines (218 loc) · 7.72 KB
/
1_build.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
#!/usr/bin/env bash
set -e
### VARIABLES
if [ "${#}" -ne 1 ]; then
echo "Usage: ${0} <device codename>"
exit 1
fi
### RESYNC THIS REPO
# This is because the creator of this is forgetful and
# NEVER remembers to sync again before running a build! :/
git pull
# set static variables
AVBROOT_VERSION="3.4.0"
ROM_TARGET="${1}"
export AVBROOT_VERSION ROM_TARGET
# determine rom target code
if [ "${ROM_TARGET}" == "shiba" ] || [ "${ROM_TARGET}" == "husky" ]; then
# pixel 8 / pixel 8 pro
ROM_TARGET_GROUP="shusky"
elif [ "${ROM_TARGET}" == "panther" ] || [ "${ROM_TARGET}" == "cheetah" ]; then
# pixel 7 / pixel 7 pro
ROM_TARGET_GROUP="pantah"
elif [ "${ROM_TARGET}" == "felix" ]; then
# pixel fold
ROM_TARGET_GROUP="${ROM_TARGET}"
else
echo "Unsupported device codename"
exit 1
fi
### CLEANUP PREVIOUS BUILDS
rm -rf device_tmp/ kernel/ kernel_out/ rom/
### FUNCTIONS
# Function to run repo sync until successful
function repo_sync_until_success() {
# disable exit on error - we expect this to fail a few times
set +e
# perform sync
# (using -j4 makes the sync less likely to hit rate limiting)
until repo sync -c -j4 --fail-fast --no-clone-bundle --no-tags; do
echo "repo sync failed, retrying in 1 minute..."
sleep 60
done
# re-enable exit on error - we're done failing now! :)
set -e
}
### SETUP BUILD SYSTEM
# set apt to noninteractive mode
export DEBIAN_FRONTEND=noninteractive
# install all apt dependencies
apt update
apt dist-upgrade -y
apt install -y \
bison \
build-essential \
curl \
expect \
flex \
git \
git-lfs \
jq \
libncurses-dev \
libssl-dev \
openjdk-21-jdk-headless \
python3 \
python3-googleapi \
python3-protobuf \
rsync \
ssh \
unzip \
yarnpkg \
zip
# install repo command
curl -s https://storage.googleapis.com/git-repo-downloads/repo > /usr/bin/repo
chmod +x /usr/bin/repo
# install libncurses5
pushd /var/tmp
curl -O http://launchpadlibrarian.net/648013231/libtinfo5_6.4-2_amd64.deb
dpkg -i libtinfo5_6.4-2_amd64.deb
curl -LO http://launchpadlibrarian.net/648013227/libncurses5_6.4-2_amd64.deb
dpkg -i libncurses5_6.4-2_amd64.deb
rm -f ./*.deb
popd
# configure git
git config --global color.ui false
git config --global user.email "androidbuild@localhost"
git config --global user.name "Android Build"
# install avbroot
pushd /var/tmp
curl -LSs "https://github.com/chenxiaolong/avbroot/releases/download/v${AVBROOT_VERSION}/avbroot-${AVBROOT_VERSION}-x86_64-unknown-linux-gnu.zip" > avbroot.zip
unzip -o -p avbroot.zip avbroot > /usr/bin/avbroot
chmod +x /usr/bin/avbroot
rm -f avbroot.zip
popd
### FETCH LATEST DEVICE-SPECIFIC GRAPHENE TAG
# fetch latest device sources temporarily
git clone "https://github.com/GrapheneOS/device_google_${ROM_TARGET_GROUP}.git" device_tmp/
# determine tag
pushd device_tmp
GRAPHENE_RELEASE=$(git describe --tags --abbrev=0)
# remove any extension (like "-redfin" for example)
GRAPHENE_RELEASE="${GRAPHENE_RELEASE%%-*}"
export GRAPHENE_RELEASE
# write out status
echo "Building GrapheneOS release: ${GRAPHENE_RELEASE}"
popd
# cleanup device sources
rm -rf device_tmp/
### BUILD KERNEL
# fetch kernel sources
mkdir -p kernel/
pushd kernel/
# sync kernel sources
if [ "${ROM_TARGET}" == "husky" ] || [ "${ROM_TARGET}" == "shiba" ]; then
repo init -u https://github.com/GrapheneOS/kernel_manifest-shusky.git -b "refs/tags/${GRAPHENE_RELEASE}" --depth=1 --git-lfs
else
repo init -u https://github.com/GrapheneOS/kernel_manifest-gs.git -b "refs/tags/${GRAPHENE_RELEASE}" --depth=1 --git-lfs
fi
repo_sync_until_success
# fetch & apply ksu and \susfs patches
pushd aosp/
# apply kernelsu
curl -LSs "https://raw.githubusercontent.com/tiann/KernelSU/main/kernel/setup.sh" | bash -
# fetch susfs
git clone "https://gitlab.com/chrisaw/susfs4ksu"
# apply susfs (to KernelSU)
pushd KernelSU/
echo "Applying SUSFS for KernelSU..."
patch -p1 < "../susfs4ksu/kernel_patches/KernelSU/10_enable_susfs_for_ksu.patch"
popd
# determine target kernel version
if [ "${ROM_TARGET}" == "husky" ] || [ "${ROM_TARGET}" == "shiba" ]; then
TARGET_KERNEL_VERSION="5.15"
else
TARGET_KERNEL_VERSION="5.10"
fi
# apply susfs to kernel
echo "Applying SUSFS for kernel..."
patch -p1 < "susfs4ksu/kernel_patches/${TARGET_KERNEL_VERSION}/50_add_susfs_in_kernel.patch"
# copy susfs files to kernel (same for all kernels)
echo "Copying SUSFS files to kernel..."
cp -v "susfs4ksu/kernel_patches/SUSFS/fs/susfs.c" fs/
cp -v "susfs4ksu/kernel_patches/SUSFS/include/linux/susfs.h" include/linux/
# enable wireguard by default
patch -p1 < "../../patches/0001-Disable-defconfig-check.patch"
patch -p1 < "../../patches/0002-Enable-wireguard-by-default.patch"
popd
# build kernel
if [ "${ROM_TARGET_GROUP}" == "pantah" ]; then
# no idea why this is cloudripper.... D:
BUILD_AOSP_KERNEL=1 LTO=full ./build_cloudripper.sh
else
# pixel 8 should use:
#./build_shusky.sh --config=use_source_tree_aosp --config=no_download_gki --disable_32bit --lto=full
BUILD_AOSP_KERNEL=1 LTO=full ./build_${ROM_TARGET_GROUP}.sh
fi
popd
# stash parts we need
if [ "${ROM_TARGET}" == "husky" ] || [ "${ROM_TARGET}" == "shiba" ]; then
mv -v "kernel/out/shusky/dist" "./kernel_out"
else
mv -v "kernel/out/mixed/dist" "./kernel_out"
fi
# remove kernel sources to save space before rom clone
rm -rf kernel/
### BUILD ROM
# fetch rom sources
mkdir -p rom/
pushd rom/
# sync rom sources
repo init -u https://github.com/GrapheneOS/platform_manifest.git -b "refs/tags/${GRAPHENE_RELEASE}" --depth=1 --git-lfs
repo_sync_until_success
# copy kernel sources
cp -Rfv ../kernel_out/* "device/google/${ROM_TARGET_GROUP}-kernel/"
rm -rf ../kernel_out
# fetch vendor binaries
yarnpkg install --cwd vendor/adevtool/
# shellcheck source=/dev/null
. build/envsetup.sh
# determine target release
TARGET_RELEASE=$(find build/release/aconfig/* -type d ! -name 'root' -print -quit | xargs basename)
export TARGET_RELEASE
# build aapt2
m aapt2
# fetch vendor binaries
./vendor/adevtool/bin/run generate-all -d "${ROM_TARGET}"
# start build
lunch "${ROM_TARGET}-${TARGET_RELEASE}-user"
# pixel 6:
#m vendorbootimage target-files-package
m vendorbootimage vendorkernelbootimage target-files-package
# generate keys
mkdir -p "keys/${ROM_TARGET}/"
pushd "keys/${ROM_TARGET}/"
# generate and sign
CN=GrapheneOS
printf "\n" | ../../development/tools/make_key releasekey "/CN=$CN/" || true
printf "\n" | ../../development/tools/make_key platform "/CN=$CN/" || true
printf "\n" | ../../development/tools/make_key shared "/CN=$CN/" || true
printf "\n" | ../../development/tools/make_key media "/CN=$CN/" || true
printf "\n" | ../../development/tools/make_key networkstack "/CN=$CN/" || true
printf "\n" | ../../development/tools/make_key sdk_sandbox "/CN=$CN/" || true
printf "\n" | ../../development/tools/make_key bluetooth "/CN=$CN/" || true
openssl genrsa 4096 | openssl pkcs8 -topk8 -scrypt -out avb.pem -passout pass:""
expect ../../../expect/passphrase-prompts.exp ../../external/avb/avbtool.py extract_public_key --key avb.pem --output avb_pkmd.bin
ssh-keygen -t ed25519 -f id_ed25519 -N ""
popd
# encrypt keys
expect ../expect/passphrase-prompts.exp ./script/encrypt-keys.sh ./keys/${ROM_TARGET}
# generate ota package
m otatools-package
# finalize
expect ../expect/passphrase-prompts.exp script/finalize.sh
# build release
expect ../expect/passphrase-prompts.exp script/generate-release.sh ${ROM_TARGET} ${BUILD_NUMBER}
popd
# Write output
echo "The file you are likely looking for is:"
ls rom/releases/${BUILD_NUMBER}/release-${ROM_TARGET}-${BUILD_NUMBER}/${ROM_TARGET}-ota_update-${BUILD_NUMBER}.zip