Machine abstraction, Pixel 3a and Android 10

[ypid]

Status: Successfully boots on sargo.

Known issues: Backup app missing form build? It has been build because I needed to fix an issue/update it.

Depends on: https://github.com/hashbang/aosp-build/pull/5 Merged Depends on: https://github.com/hashbang/aosp-build/pull/12 Merged

[ypid]

I did a second clean built and successfully tested a OTA update <3. Remaining issues:

• Backup app missing. Probably because of the rename of the upstream project and me not following the wiki to the last point yet. Edit: Upstream provides prebuilts but no in tree building options. Further tracked here: https://github.com/hashbang/os/issues/41

Workaround found and tested:

• F-Droid does not build. I already tried building from latest master (bc78eba6baab5c0bc01f983338ebf4489f5d44df), same issue: packages/apps/F-Droid/Android.mk:16: error: writing to readonly directory: "packages/apps/F-Droid/app/build/outputs/apk/full/release/app-full-release-unsigned.apk". ClientWhitelist.java can be changed for now to allow the official F-Droid build. Installing with the priv ext throws an "PackageManagerCompat: java.lang.SecurityException: Caller does not have same cert as new installer package org.fdroid.fdroid.privilege" but works so far.
• Chromium/Vanadium building untested, no WebView. Applied workaround: https://github.com/hashbang/os/pull/40/commits/ecc5c8a343e6082c39a25042bb6a927004100d51. Tested successfully. Browser is not included for now. Installing one out of system seems like a good enough solution for now.

Fixed:

• Patch level is shown as 2019-09-06 (October 6, 2019). Build system allowed this to happen, fixed in https://github.com/hashbang/aosp-build/pull/8/commits/5cca3fa61e051cab247419f93f72205e31dca49b
• OS does not boot with locked Bootloader "Can't find valid operating system. The device will not start". Fixed in https://github.com/hashbang/aosp-build/pull/8/commits/3e1802b3f3b6d0e09eeb276ba5fbe29e29a5ce7a
• Alarm does not go off. Fixed in: https://github.com/hashbang/os/pull/40/commits/b9681994ad9dffbf1ab38868eebceefc9d6ce01d. I am not sure if I am doing something wrong. This patch does not make it into the final ota image and on my phone. DeskClock still targets SDK 28. Even though I did multiple clean builds by now. The only thing I did not do yet is a clean flash. I will try that in a bit. Edit: Works now with my 2019-12-05 patch level clean build.

Not relevant, fixed for myself:

• No circular icons (ref: https://source.android.com/devices/tech/display/circular-icons). https://github.com/GrapheneOS/platform_frameworks_base/commit/ee36a2431df6e54907a30d4e3100b05da86ff205. I did not include it as patch here as I see the goal of Hashbang OS to be based on GrapheneOS at some point anyway.

[ypid]

@lrvick Why did you drop the "ignore allowBackup="false" of apps" patch in aae983ab50e525a459bef8e78fbf0c1d5e2b986e? I think this is still useful so I ported it to Android 10 (only a small change) and am testing it in my next build. Edit: Working.

You still have it mentioned in the README: "Backup - Minor OS changes made to allow backing up any app".

[ypid]

I am done for now. My 4th build is good enough for me to actually use it. I have a few other improvements/ideas laying around but I want to tested them more before I feel comfortable submitting them.

See you when it is time to build the 2019-12-05 security patches :wink: Also then, I will maybe reattempt to build F-Droid in tree.

[ypid]

No changes are needed to build the 2019-12-05 patch level. Confirmed working on sargo.

[rkunschke]

I wanted to try the build so i cloned you're repository and changed the branch to machine-abstraction I set up a docker repo with docker run -d -p 5000:5000 --restart=always --name aosp-build registry:2 and started the generation of keys with: make DEVICE=sargo keys and got this error Generating Key: "releasekey" /usr/local/bin/keys: line 16: make_key: command not found Generating Key: "platform" /usr/local/bin/keys: line 16: make_key: command not found Generating Key: "shared" /usr/local/bin/keys: line 16: make_key: command not found Generating Key: "media" /usr/local/bin/keys: line 16: make_key: command not found Generating Key: "verity" /usr/local/bin/keys: line 16: make_key: command not found Generating Key: "avb" Generating RSA private key, 2048 bit long modulus (2 primes) ................+++++ ........................+++++ e is 65537 (0x010001) Generating Key: "avb_pkmd" /usr/local/bin/keys: line 23: avbtool: command not found make: *** [Makefile:33: keys] Error 127 What did i do wrong?

[ypid]

Hi @rkunschke

I guess the docs are not precise about that. Fixed in https://github.com/hashbang/os/pull/40/commits/a09df67ad003057bcf50dda6f8a9419fb235049a and https://github.com/hashbang/aosp-build/pull/12.

$ make tools
$ ll build/base/out/.path/make_key 
lrwxrwxrwx 1 builder builder 19 2019-12-22 09:43 build/base/out/.path/make_key -> ../.path_interposer

docker run -d -p 5000:5000 --restart=always --name aosp-build registry:2

The project provides a Makefile which you should use. Not sure where you got that command. Looks random. Such manual docker commands should not be required :)

[rkunschke]

@ypid make tools gives me this error

mkdir -p config/keys build/base release build/external docker run --rm --tty --interactive --name "aosp-build-aosp-local" --hostname "aosp-build-aosp-local" --user 0:0 --env DEVICE=crosshatch --security-opt seccomp=unconfined --volume .../os/config: home/build/config --volume /.../os/release:/home/build/release --volume /.../os/scripts:/home/build/scripts --volume.../os/build/:/home/build/build/ hashbang/aosp-build:latest tools /usr/local/bin/tools: line 8: cd: /home/build/base: No such file or directory make: *** [Makefile:80: tools] Error 1

make DEVICE=sargo does this

docker build \ --tag hashbang/aosp-build:latest \ --file /.../os2/config/container/Dockerfile \ \ /.../os2 unable to prepare context: unable to evaluate symlinks in Dockerfile path: lstat /.../os2/config/container: no such file or directory make: *** [Makefile:60: image] Error 1

I just want to build a flashable file what am i doing wrong? i am on /ypid/os/ one the machine-abstraction branch. This should work with this commands or am i wrong?

[ypid]

I guess the project still requires some knowledge of Docker, Makefiles and Android and the ability to fix issues yourself to get started.

You need to run those commands in https://github.com/hashbang/aosp-build which builds the image that https://github.com/hashbang/os can then use.

Please try to get some understanding how this all is supposed to fit together!

[rkunschke]

Thank you for this tip. My problem was that i try'ed to build in os repository. Now the build is working without a problem so far. If the build fishes I will give you some feedback :) thank you

I think I know understand. aosp build starts a docker container which pulls os and builds it.

[ypid]

A build error (ref: https://github.com/hashbang/aosp-build/issues/9) prevents me from building the 2020-01-05 security patches. Any input would be highly appreciated.

[ypid]

https://github.com/hashbang/aosp-build/issues/9 does not longer prevent me to build the update. Only a small fix was needed to build 2020-01-05 for sargo, ref: https://github.com/hashbang/aosp-build/pull/12 and https://github.com/hashbang/os/pull/40/commits/9481753dff89f1ebb4848aee7d8b598aca1e4fb5. Confirmed working on sargo.

[lrvick]

@lrvick Why did you drop the "ignore allowBackup="false" of apps" patch in aae983a? I think this is still useful so I ported it to Android 10 (only a small change) and am testing it in my next build. Edit: Working.

You still have it mentioned in the README: "Backup - Minor OS changes made to allow backing up any app".

I was skeptical if it was actually useful in practice as many apps seem to ignore it.

Happy to see it included back if you have confirmed it does in fact play nice for you.

[lrvick]

This is a lot of solid work in the right direction and gets us close!

That said, I see the lack of chromium/F-droid as a major regression we need to address before we merge to master.

Also we can't take the GrapheneOS webview as this is just an unsigned binary on github with no supply chain integrity. We will have to find a solution to build this from source as well.

Will be continuing to play with this and likely merge most of it once I get a working build (even if missing features)

[lrvick]

Honestly, the more I think about it, it may be better to just drop chromium from the project entirely and stick with the default webview by default until maybe there is a nice in-tree chromium-webview that builds from source... but even then leave the standalone browser out of it.

My thinking is:

1. The base OS itself is never going to be updated as often as a standalone browser via f-droid would be, and browsers need constant updates.
2. Any effort done to get a standalone browser in f-droid proper would benefit all users regardless of their ROM.
3. The f-droid team -is- interested in seeing bromite merge if someone can get it to work in their VM. That would pave the way for other forks as well.

[ypid]

I was skeptical if it was actually useful in practice as many apps seem to ignore it. Happy to see it included back if you have confirmed it does in fact play nice for you.

This has proven to be useful for me. When you check logcat while making an adb backup, you can see what apps do not want to be backed up. When I applied this patch and restored my backup, a few more apps worked right away that had to be setup manually without the patch.

Also we can't take the GrapheneOS webview as this is just an unsigned binary on github with no supply chain integrity. We will have to find a solution to build this from source as well.

They are at least signed by Daniel Micay’s OpenPGP key. But I agree with you.

it may be better to just drop chromium from the project entirely and stick with the default webview

Sounds reasonable to me. This is also what I do right now, I don’t include the browser in the build and let F-Droid install/update my browser. The only issue is the webview, because I did not find a way to install it without root as I figured it must be part of the /system build?

[ypid]

2020-02-05 and 2020-03-05 can be build. For 2020-03-05 https://github.com/hashbang/os/pull/40/commits/967a7c30b394ec9f5db6de88199b701c82cc1dd4 was needed.

Currently the WebView is broken but I assume that is because the app ID of Vanadium was changed. I pushed an untested commit which should fix that. I guess I will make another build in a few days to see if that works.

I generated the repo XML files for all supported devices. Generating those took hours. @lrvick Is that just my connection or does it take very long for you as well?

Happy building :)

[ypid]

Unfortunately, my quick and dirty attempt to fix the web view did not work. I will leave it as this for now until the next security patch. Feel free to pick up the work. This is still a workaround anyway.

[lrvick]

It does take quite a while, but better than actually cloning all the repos from scratch to get the hashes... tradeoffs.

On Mon, Mar 9, 2020 at 2:27 PM Robin Schneider notifications@github.com wrote:

2020-02-05 and 2020-03-05 can be build. For 2020-03-05 967a7c3 https://github.com/hashbang/os/commit/967a7c30b394ec9f5db6de88199b701c82cc1dd4 was needed.

Currently the WebView is broken but I assume that is because the app ID of Vanadium was changed. I pushed an untested commit which should fix that. I guess I will make another build in a few days to see if that works.

I generated the repo XML files for all supported devices. Generating those took hours. @lrvick https://github.com/lrvick Is that just my connection or does it take very long for you as well?

Happy building :)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/hashbang/os/pull/40?email_source=notifications&email_token=AAAQ4UAK5VHZGIBF3BHO4NTRGVNKXA5CNFSM4JLM4Y52YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEOJEIBQ#issuecomment-596788230, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAQ4UAV3RKV5LEI3VPYKF3RGVNKXANCNFSM4JLM4Y5Q .

[ypid]

No changes are needed to build the 2020-04-05 patch level. Confirmed working on sargo.

[ypid]

No changes are needed to build the 2020-05-05 patch level. Confirmed working on sargo.

[ypid]

https://github.com/hashbang/aosp-build/pull/23 is required to build 2020-06-05. Confirmed working on sargo.

[ypid]

No changes are needed to build the 2020-07-05 patch level. Confirmed working on sargo.

[ypid]

No changes are needed to build the 2020-08-05 patch level. Confirmed working on sargo.

[ypid]

I am going to merge this. The browser integration changes with GrapheneOS anyway.