Initial commit

Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
chenxiaolong · Dec 30, 2023 · 409cd1b · 409cd1b
commit 409cd1b
Show file tree

Hide file tree

Showing 25 changed files with 1,910 additions and 0 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,29 @@
+---
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+jobs:
+  build:
+    name: Build project
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Validate gradle wrapper checksum
+        uses: gradle/wrapper-validation-action@v1
+
+      - name: Set up JDK 20
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: 20
+          cache: gradle
+
+      - name: Build and test
+        # Debug build only since release builds require a signing key
+        run: ./gradlew --no-daemon build zipDebug -x assembleRelease
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,37 @@
+---
+on:
+  push:
+    # Uncomment to test against a branch
+    #branches:
+    #  - ci
+    tags:
+      - 'v*'
+jobs:
+  create_release:
+    name: Create Github release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Get version from tag
+        id: get_version
+        run: |
+          if [[ "${GITHUB_REF}" == refs/tags/* ]]; then
+              version=${GITHUB_REF#refs/tags/v}
+          else
+              version=0.0.0.${GITHUB_REF#refs/heads/}
+          fi
+          echo "version=${version}" >> "${GITHUB_OUTPUT}"
+
+      - name: Check out repository
+        uses: actions/checkout@v3
+
+      - name: Create release
+        uses: softprops/action-gh-release@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          tag_name: v${{ steps.get_version.outputs.version }}
+          name: Version ${{ steps.get_version.outputs.version }}
+          body_path: RELEASE.md
+          draft: true
+          prerelease: false
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,10 @@
+*.iml
+.gradle
+/local.properties
+/.idea/
+.DS_Store
+/build
+/captures
+.externalNativeBuild
+.cxx
+local.properties
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,14 @@
+<!--
+    When adding new changelog entries, use [Issue #0] to link to issues and
+    [PR #0 @user] to link to pull requests. Then run:
+
+        ./gradlew changelogUpdateLinks
+
+    to update the actual links at the bottom of the file.
+-->
+
+### Unreleased
+
+* Initial release
+
+<!-- Do not manually edit the lines below. Use `./gradlew changelogUpdateLinks` to regenerate. -->
diff --git a/LICENSE b/LICENSE
diff --git a/README.md b/README.md
@@ -0,0 +1,50 @@
+# OEMUnlockOnBoot
+
+[![latest release badge](https://img.shields.io/github/v/release/chenxiaolong/OEMUnlockOnBoot?sort=semver)](https://github.com/chenxiaolong/OEMUnlockOnBoot/releases/latest)
+[![license badge](https://img.shields.io/github/license/chenxiaolong/OEMUnlockOnBoot)](./LICENSE)
+
+OEMUnlockOnBoot is a simple Magisk/KernelSU module that ensures the `OEM unlocking` toggle is enabled on every boot. It is meant for use in setups where the bootloader is locked with the user's key (eg. with [avbroot](https://github.com/chenxiaolong/avbroot)) to ensure that the device is always recoverable in the event of a boot failure.
+
+## Usage
+
+1. Download the latest version from the [releases page](https://github.com/chenxiaolong/OEMUnlockOnBoot/releases). To verify the digital signature, see the [verifying digital signatures](#verifying-digital-signatures) section.
+
+2. Install the module from the Magisk/KernelSU app.
+
+3. Reboot. The log file is written to `/data/local/tmp/OEMUnlockOnBoot.log`.
+
+## Verifying digital signatures
+
+First save the public key to a file that lists which keys should be trusted.
+
+```bash
+echo 'OEMUnlockOnBoot ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDOe6/tBnO7xZhAWXRj3ApUYgn+XZ0wnQiXM8B7tPgv4' > OEMUnlockOnBoot_trusted_keys
+```
+
+Then, verify the signature of the zip file using the list of trusted keys.
+
+```bash
+ssh-keygen -Y verify -f OEMUnlockOnBoot_trusted_keys -I OEMUnlockOnBoot -n file -s OEMUnlockOnBoot-<version>-release.zip.sig < OEMUnlockOnBoot-<version>-release.zip
+```
+
+If the file is successfully verified, the output will be:
+
+```
+Good "file" signature for OEMUnlockOnBoot with ED25519 key SHA256:Ct0HoRyrFLrnF9W+A/BKEiJmwx7yWkgaW/JvghKrboA
+```
+
+## Building from source
+
+OEMUnlockOnBoot can be built like most other Android projects using Android Studio or the gradle command line.
+
+To build the module zip:
+
+```bash
+./gradlew zipRelease
+```
+
+The output file is written to `app/build/distributions/release/`.
+
+## License
+
+OEMUnlockOnBoot is licensed under GPLv3. Please see [`LICENSE`](./LICENSE) for the full license text.
diff --git a/RELEASE.md b/RELEASE.md
@@ -0,0 +1,5 @@
+The changelog can be found at: [`CHANGELOG.md`](./CHANGELOG.md).
+
+---
+
+The downloads are digitally signed. Please consider [verifying the digital signatures](./README.md#verifying-digital-signatures) because the module has privileged access to the system.
diff --git a/app/.gitignore b/app/.gitignore
@@ -0,0 +1 @@
+/build