Closed Lanchon closed 1 year ago
FintasticMan
commented
1 year ago Petefoth has posted the command used for the official builds here. They do use the restricted patch. I don't imagine that they would provide additional builds for the non-restricted patch, because the builds already take so long.
Lanchon
commented
1 year ago thank you for that link!
petefoth
commented
1 year ago my questions:
1. i couldn't find the actual command passed to the builder to produce your builds anywhere. am i just being silly or is that not actually published? in any case, i wanted to see which sig spoof patch was now being included in your builds.
Answered accurately by @FintasticMan :)
2. assuming you are building the restricted version: since you now easily can, would you consider providing separate builds for both types of sig spoof? or maybe for just for devices people request? (i guess they'd be very few?)
Sorry, but no. As @FintasticMan mentioned, the full build cycle takes ~16 days, we need to find time to find and fix any problems, and we need to give our build server some time off :)
This issue tracker is not the place for a discussion about whether the restricted sig spoofing is a restriction anyone's freedom, or just a pragmatic balance between functionality and security. But anyone is entirely at liberty to make their own builds of l4m, using our Docker image or any other build tool, with restricted or full signature spoofing.
And it is becoming ridiculously cheap to do so using virtual machines in the cloud. For example. I make my personal and test builds (of l4m, /e/OS, IodéOS) using a 'ROCK-48' 48GB RAM, 16 vCPUs, cloud VM with 400GB of disk from Katapult. A typical build run for a single device run, including a full repo sync, will complete in a small number of hours, and cost me less than £3. (At the moment it costs nothing as I am still working through the £100 free credit they give out on signing up)
@Lanchon - do you need any more information, or is it OK to close this issue
Lanchon
commented
1 year ago thanks for the info!
i kinda thought it was wasteful to have everybody in my situation burning energy to produce the same build, but no biggy.
i'm already building. i expected mirror would only mirror the necessary repos for the build but it mirrors everything. it's been running for a couple hours and the mirror is clocking at 240GB and not finished. (once the build tree is checked out later, i hope to be able to turn mirror off for the next build and still be able to fetch only repo's newer commits, and wipe the mirror.)
just a pragmatic balance between functionality and security is the decision to deny root to the device owner; while the maker of that decision enjoys being root on other's people devices. not too distant from this case.
i'd never use such an environment as a mater of principle, but it turns out i actually use sigspoof from time to time. i'm the developer of DexPatcher, and every once in a while i remove anti-features, fix bugs, or add features to apps we are forced to use due to critical mass. but as you say, this is not the place.
thanks for taking the time explain,
cheers!
hi,
a few years ago i chose not to use l4m due to its restricted sig spoof approach, which would curtail my freedoms. i talked to l4m members at that time and they dismissed my requests and arguments, in much the same way lineageos guys dismissed microg's requests.
now i returned to look around and found that the docker builder supports both standard and restricted patches. great call guys!!!
my questions:
1) i couldn't find the actual command passed to the builder to produce your builds anywhere. am i just being silly or is that not actually published? in any case, i wanted to see which sig spoof patch was now being included in your builds.
2) assuming you are building the restricted version: since you now easily can, would you consider providing separate builds for both types of sig spoof? or maybe for just for devices people request? (i guess they'd be very few?)
thanks!