Adding Fedora to the list, and fixing many instructions; or a separate script for Linux?

[boredsquirrel]

Hey, before doing a PR I want to check if everything in there is okay.

Only Ubuntu is officially supported, even though this makes little sense. I would like to prefer the use of the official google binaries, so every distro will work, especially Fedora. Fedora has broken packages and I would not add any guide on how to install android-tools, as that is unreliable.

But adding Fedora instructions, while not having it in the "officially supportes OSses" list would be weird. So should fedora (using only official google binaries) be supported?

I want to edit the guide to be general on Linux and also remove the weird BSD packages. Some are not available on most Distros. Also the issues with packages seem to be ubuntu-specific and unsure if still a problem. For example the google binary .zip needs unzip and not bsdtar on most distros.

I would add the nessecary plugdev group for Fedora users, or simply advise to use sudo -i for usb stuff, as that just works on Linux.

I would also like to automate some checks like sha256 verification and exit when failing.

I would also like to unzip the platform tools to ~/.local/bin/ so they are already in the path most of the time. And use the full path for following commands anyways.

Discovering the device name is not trivial, and it needs to be input several times. storing it as a variable using read -p "Device name: " devicename would make more sense.

In general using the official platform binaries I would prefer to not use the path and put everything in a script that works everywhere. Every check is done, if it fails it stops, if not it proceeds. But this would not fit in the website really well.

Also adding the need to relock the bootloader at the end, with a mention that this may be unwanted when still testing it.

So in the end I am wondering, why not provide an automated script that works on more distros?

script:

• check OS version using the used package manager
• add user to group plugdev when on Fedora
• download the system packages (Arch: android-tools, others: signify, unzip, sha256)
• download the official platform tools
• do verification, unzip to directory already in PATH or ERROR
• xdg-open the releases page and read the full download link for the .zip
• cut the device name from that and store as variable
• dowload according .zip.sig signature
• verifiy, then extract or ERROR
• delete the .zip and cd into the extracted folder using former input (cut away the .zip using basename)
• deactivate fwupd using systemctl AND
• run the flashing script
• AND activate fwupd again

website:

• move the linux guide to some few explanations about fastboot bugs, signify, needed udev rules or the need of root.

If there is a really good install script for Linux, why not use another one for the download and verification?

The platform tools work everywhere, finding the names for signify etc. on most package managers (Debian, Ubuntu, Fedora, OpenSuse, Arch, nix-env, gentoo) should not be a problem. so the whole thing could be automated.

I would like to create such a script but only if you approve it. I think this is the biggest hurdle of installing GrapheneOS currently.

[thestinger]

Arch, Debian and Ubuntu are currently supported. Fedora wasn't added simply because it had missing packages for the udev rules (plugdev should not be needed) and signify. It might have both of those available now. The udev rules might be bundled with their weird variant of platform-tools if it's not a separate package.

The web installer is the recommended installation method and is much simpler than trying to make more automated portable scripts. There isn't much point trying to make more automated scripts. There's no point in verifying a signature in a script unless the script itself is verified by the user since you'll be getting it from the same place. The signature is mainly valuable to avoid running malware on the computer. The install on the device can be verified via key fingerprint shown at boot and Auditor. The SoC firmware is always verified.

fwupd bug has been fixed but I don't know if they've done a release yet and only rolling releases will get it quickly. Convince distributions to backport it to make things easier.

The udev rules really shouldn't be required and aren't needed on Android or ChromeOS because local users should be able to use USB devices by default. They also actually have a proper system for granting access to a specific app/site rather than everything run by a user being able to do anything.

[boredsquirrel]

yes signify is available on fedora now

are you referring to this bug? then it is fixed in this commit but I am not sure how to find the version and check which distros already ship it.

As it is very old it should be all, lets hope that.

I agree the web installer is nice, and yes the script would be a bit redundant as you need to check it for sure. Verification is already a bit weird as the hash is on that website, at least for platform tools. The source for the signify pubkey could be excluded from that script so downloaded manually, or simply mentioned well (scripts can just be opened with a text editor).

The web installer simply restricts user to use Chromium Browsers, which is controversial, lets not dive into that as its not a nice state we are in. So having an easy CLI way would be cool, and not hard actually.

Poorly I lost the logs of my last install I kept and dont remember if sudo was needed using the correct platform tools.

But I think in general the CLI section should not be dropped and needs some fixes.

[thestinger]

No, this https://github.com/fwupd/fwupd/commit/cbc4821d8198ec79418a848525d74f24903cbce9.

[thestinger]

It's in 1.9.10

[boredsquirrel]

Thanks, sorry for late reply.

I installed the platform-tools and there still seem to be the udev rules missing. I am not sure why plugdev would not be needed, because its the default of the udev rules afaik.

If there is a good source of udev rules that work on all Google Pixels, I would like to fix the Fedora package. On the issue about broken fastboot they are still at the question

how is the build process broken, how should it be fixed?

And note that if the udev rules (with or without plugdev dependency) are not installed the web installer cant work. Simply because it cant use root, especially on Wayland.

Also even using root the CLI method had issues unpacking the images, and thus could not find them, I already filed that "bug report" even though probably just a Fedora Problem.

I would like to fix Fedora Support also to make secureblue work, which is fedora based and has Chromium preinstalled.

[thestinger]

Fedora will need to fix their packages before it can be listed as a supported OS and included in the instructions.