robotnix
robotnix copied to clipboard
danielfullmer
update GrapheneOS to latest, incl. Android 13 + support for Pixel 6a, 7+7 Pro
this is a fairly major overhaul to update the Graphene build process for android 13+. this includes:
- using adevtool over apv, as the latter has been archived and is no longer in development
- updating the kernel build process to pull a set of manifests
- fixing some quirks in the android build process that don't seem to have affected earlier versions -- namely, files copied from mounted sources are not writable the way the android build system expects.
- ensuring we get a target for the ANDROID_PRODUCT_OUT env var, which for whatever reason is no longer set by choosecombo.
- updating chromium/vanadium to the latest version offered by GrapheneOS. I also pulled in a lot of the upstream patching done by nixpkgs in an effort to keep the build closer to what comes out of that process. I was disappointed to learn that the chromium derivation in nixpkgs doesn't even pretend to support building for an android target as just overriding the upstream derivation would be a better bet for long-term maintenance.
the kernel build process could probably be reworked to function in an FHS environment but it took more than a week of continuous debugging to get anything that functioned at all so it will be a little bit before I have the energy to revisit that. for the time being, the build works by substituting the kernel sandbox for the nix one and using an android gcc cross compiler over clang (I couldn't find a working clang compiler in nixpkgs that had an android target enabled and could actually compile anything non-trivial).
the adevtool ux also needs a little work, probably to set up an upstream hash nix file that provides the default hash if one isn't set by the user.
I have not tested that this PR continues to support earlier versions of GrapheneOS. if that's a hard requirement, I'll start testing earlier builds, but I saw notes in the docs that said only the latest versions are supported. a lot of this work can probably generalized to bring android 13 support across the board for all flavors.
I think this does break/drop some needed pars for devices older than the Pixel 6 including the Pixel 5/4a (redbull). I made a few minor changes to test it for the Pixel 5 (just getting the right buildConfig since the kernel is redbull but the device is redfin). Best I can tell the issue is related to the how the prebuilt dependencies are setup/patched.
Nix Build Log Excerpt
Setting up for build
+ cd private/msm-google
+ make LLVM=1 DEPMOD=depmod O=/build/kernel/android/redbull/out/android-msm-pixel-4.19/private/msm-google mrproper
make[1]: Entering directory '/build/kernel/android/redbull/out/android-msm-pixel-4.19/private/msm-google'
/build/kernel/android/redbull/private/msm-google/scripts/gcc-version.sh: line 26: aarch64-linux-gnu-gcc: command not found
/build/kernel/android/redbull/private/msm-google/scripts/gcc-version.sh: line 27: aarch64-linux-gnu-gcc: command not found
/build/kernel/android/redbull/private/msm-google/scripts/gcc-version.sh: line 26: aarch64-linux-gnu-gcc: command not found
/build/kernel/android/redbull/private/msm-google/scripts/gcc-version.sh: line 26: aarch64-linux-gnu-gcc: command not found
/build/kernel/android/redbull/private/msm-google/scripts/gcc-version.sh: line 26: echo: write error: Broken pipe
/build/kernel/android/redbull/private/msm-google/scripts/gcc-version.sh: line 27: aarch64-linux-gnu-gcc: command not found
/build/kernel/android/redbull/private/msm-google/scripts/gcc-version.sh: line 27: aarch64-linux-gnu-gcc: command not found
/build/kernel/android/redbull/private/msm-google/scripts/gcc-version.sh: line 27: echo: write error: Broken pipe
Target not found
find: 'arch/arm64/boot/dts/': No such file or directory
find: 'arch/arm64/boot/dts/': No such file or directory
find: 'arch/arm64/boot/dts/google': No such file or directory
find: 'arch/arm64/boot/dts/google': No such file or directory
find: 'arch/arm64/boot/dts/google': No such file or directory
make[1]: Leaving directory '/build/kernel/android/redbull/out/android-msm-pixel-4.19/private/msm-google'
+ set +x
+ cd private/msm-google
+ make LLVM=1 DEPMOD=depmod O=/build/kernel/android/redbull/out/android-msm-pixel-4.19/private/msm-google redbull_defconfig
make[1]: Entering directory '/build/kernel/android/redbull/out/android-msm-pixel-4.19/private/msm-google'
HOSTCC scripts/basic/fixdep
GEN ./Makefile
/nix/store/y5jcw4ymq7qi735wbm7va9yw3nj2qpb9-binutils-2.39/bin/ld: cannot find crtbegin.o: No such file or directory
/nix/store/y5jcw4ymq7qi735wbm7va9yw3nj2qpb9-binutils-2.39/bin/ld: cannot find -lgcc: No such file or directory
/nix/store/y5jcw4ymq7qi735wbm7va9yw3nj2qpb9-binutils-2.39/bin/ld: cannot find -lgcc: No such file or directory
clang-12: error: linker command failed with exit code 1 (use -v to see invocation)
make[2]: *** [scripts/Makefile.host:90: scripts/basic/fixdep] Error 1
make[1]: *** [/build/kernel/android/redbull/private/msm-google/Makefile:485: scripts_basic] Error 2
make[1]: Leaving directory '/build/kernel/android/redbull/out/android-msm-pixel-4.19/private/msm-google'
make: *** [Makefile:146: sub-make] Error 2
ahh I know what this is - it's related to the TODO I have in there to set up the kernel build environment variables I have in there - the build instructions for the older kernels are a bit different from the newer devices as of android 13. a bunch of environment variables have to be set because there's no wrapping build script like build_cloudripper.sh and instead build/build.sh gets called directly. I'll push a fix when I get a chance later today.
only if you choose to enable those settings. if you leave them off it should work as it always has, unless I broke something without noticing.
On Thu, Apr 27, 2023, 2:22 PM Ryan Trinkle @.***> wrote:
Is there some sops-related setup that's needed in order to use this?
— Reply to this email directly, view it on GitHub https://github.com/danielfullmer/robotnix/pull/203#issuecomment-1526133843, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACOKBHE5FAPMECQ2DYBG2TXDK2ODANCNFSM6AAAAAAWUSYSVE . You are receiving this because you authored the thread.Message ID: @.***>
I think this does break/drop some needed pars for devices older than the Pixel 6 including the Pixel 5/4a (redbull). I made a few minor changes to test it for the Pixel 5 (just getting the right buildConfig since the kernel is redbull but the device is redfin). Best I can tell the issue is related to the how the prebuilt dependencies are setup/patched. Nix Build Log Excerpt
Setting up for build + cd private/msm-google + make LLVM=1 DEPMOD=depmod O=/build/kernel/android/redbull/out/android-msm-pixel-4.19/private/msm-google mrproper make[1]: Entering directory '/build/kernel/android/redbull/out/android-msm-pixel-4.19/private/msm-google' /build/kernel/android/redbull/private/msm-google/scripts/gcc-version.sh: line 26: aarch64-linux-gnu-gcc: command not found /build/kernel/android/redbull/private/msm-google/scripts/gcc-version.sh: line 27: aarch64-linux-gnu-gcc: command not found /build/kernel/android/redbull/private/msm-google/scripts/gcc-version.sh: line 26: aarch64-linux-gnu-gcc: command not found /build/kernel/android/redbull/private/msm-google/scripts/gcc-version.sh: line 26: aarch64-linux-gnu-gcc: command not found /build/kernel/android/redbull/private/msm-google/scripts/gcc-version.sh: line 26: echo: write error: Broken pipe /build/kernel/android/redbull/private/msm-google/scripts/gcc-version.sh: line 27: aarch64-linux-gnu-gcc: command not found /build/kernel/android/redbull/private/msm-google/scripts/gcc-version.sh: line 27: aarch64-linux-gnu-gcc: command not found /build/kernel/android/redbull/private/msm-google/scripts/gcc-version.sh: line 27: echo: write error: Broken pipe Target not found find: 'arch/arm64/boot/dts/': No such file or directory find: 'arch/arm64/boot/dts/': No such file or directory find: 'arch/arm64/boot/dts/google': No such file or directory find: 'arch/arm64/boot/dts/google': No such file or directory find: 'arch/arm64/boot/dts/google': No such file or directory make[1]: Leaving directory '/build/kernel/android/redbull/out/android-msm-pixel-4.19/private/msm-google' + set +x + cd private/msm-google + make LLVM=1 DEPMOD=depmod O=/build/kernel/android/redbull/out/android-msm-pixel-4.19/private/msm-google redbull_defconfig make[1]: Entering directory '/build/kernel/android/redbull/out/android-msm-pixel-4.19/private/msm-google' HOSTCC scripts/basic/fixdep GEN ./Makefile /nix/store/y5jcw4ymq7qi735wbm7va9yw3nj2qpb9-binutils-2.39/bin/ld: cannot find crtbegin.o: No such file or directory /nix/store/y5jcw4ymq7qi735wbm7va9yw3nj2qpb9-binutils-2.39/bin/ld: cannot find -lgcc: No such file or directory /nix/store/y5jcw4ymq7qi735wbm7va9yw3nj2qpb9-binutils-2.39/bin/ld: cannot find -lgcc: No such file or directory clang-12: error: linker command failed with exit code 1 (use -v to see invocation) make[2]: *** [scripts/Makefile.host:90: scripts/basic/fixdep] Error 1 make[1]: *** [/build/kernel/android/redbull/private/msm-google/Makefile:485: scripts_basic] Error 2 make[1]: Leaving directory '/build/kernel/android/redbull/out/android-msm-pixel-4.19/private/msm-google' make: *** [Makefile:146: sub-make] Error 2
I did some digging into this. it's not hard to fix the fact that it's picking up the wrong config -- "redbull" isn't the deviceFamily like I thought it was + the redfin family needs ".vintf" on the build config / "/vintf" on the builtRelpath. but the environment vars are actually correct for redfin. the issue and what's going to prevent this from building is that neither the main AOSP tree nor the kernel tree includes a "aarch64-linux-gnu-gcc". moreover, it's running the host's ld instead of the one included in build-tools for discernible reason (I'm guessing it's not provided in the redfin kernel tree?).
I'm gonna be honest, I've spent days/upwards of a full week trying to make gcc work as the compiler for the later devices. so it comes as a shock that the build process for the earlier devices is this drastically different. is "aarch64-linux-gnu-gcc" supposed to be "aarch64-unknown-linux-multi-gcc" from nixpkgs cross compilers? why is it trying to use an aarch64 compiler to build something that runs on the host (fixdep)?
does this build even work from a clean tree on a non-Nixos system? the build system is supposed to try and pull its whole toolchain from the kernel tree, but the current manifests don't include an x86 gcc or an aarch64 one that targets linux-gnu. when I get some more time, I'll dig into what environment variables normally get set by the wrapper build scripts for the newer devices cause I think the graphene build instructions are missing something drastic.
ok talked to the devs in the grapheneos matrix and found out that it's using the system linker because of an old kernel bug that was fixed but the fix can't be backported to the kernel trees for the older devices as they're stuck at 4.19/4.14. I pushed a patch that allows the redfin kernel to build. let me know if you have any troubles @Princemachiavelli
I tried to build Oriole from you branch with the following:
robotnixConfigurations = {
"tabi" = robotnix.lib.robotnixSystem ({ config, pkgs, ... }: {
# These two are required options
device = "oriole";
flavor = "grapheneos";
apv.enable = false;
adevtool.hash = "sha256-FZ5MAr9xlhwwT6OIZKAgC82sLn/Mcn/RHwZmiU37jxc=";
});
};
but it complains with the following:
╭─jaen@glados ~/Config
╰─$ nix build .#robotnixConfigurations.tabi.img
warning: Git tree '/home/jaen/Config' is dirty
trace: warning: oriole is not a supported device for GrapheneOS
error:
… while calling the 'derivationStrict' builtin
at //builtin/derivation.nix:9:12: (source not available)
… while evaluating derivation 'oriole-img-2023050100.zip'
whose name attribute is located at /nix/store/crfrzvvz4yccklxcckdad3v0akbxyn2l-source/pkgs/stdenv/generic/make-derivation.nix:270:7
… while evaluating attribute 'buildCommand' of derivation 'oriole-img-2023050100.zip'
at /nix/store/crfrzvvz4yccklxcckdad3v0akbxyn2l-source/pkgs/build-support/trivial-builders.nix:81:14:
80| enableParallelBuilding = true;
81| inherit buildCommand name;
| ^
82| passAsFile = [ "buildCommand" ]
(stack trace truncated; use '--show-trace' to show the full trace)
error: The option `kernel.relpath' is used but not defined.
I have previously managed to build a working Oriole ROM from this, if it helps – https://github.com/yu-re-ka/robotnix. I'm not sure I can help much, since it's been a while since I've done it and a lot of it was groping around in the dark, but there's this change you're missing: https://github.com/yu-re-ka/robotnix/commit/fef5f8fcd48e817dafa21dacab4f0a5a24c0e327. I don't quite remember if the error that prompted this was the same or not and you seem to have commented that out altogether, but maybe it will be helpful?
Hmm, adding kernel.enable = true; helped it progress. I'll report back if I'll get something bootable.
Okay, so I've ran this overnight and was greeted with the following in the morning:
╰─$ nix build .#robotnixConfigurations.tabi.img
warning: Git tree '/home/jaen/Config' is dirty
error: builder for '/nix/store/c452pp42kxlg5l614z3cs0q3632qjl6y-robotnix-oriole-2023050500.drv' failed with exit code 1;
last 10 log lines:
> HOST_CROSS_OS=windows
> HOST_CROSS_ARCH=x86
> HOST_CROSS_2ND_ARCH=x86_64
> HOST_BUILD_TYPE=release
> BUILD_ID=TQ2A.230505.002
> OUT_DIR=out
> PRODUCT_SOONG_NAMESPACES=device/generic/goldfish device/generic/goldfish-opengl hardware/google/camera hardware/google/camera/devices/EmulatedCamera
> ============================================
> installing
> cp: cannot stat '/otatools.zip': No such file or directory
For full logs, run 'nix log /nix/store/c452pp42kxlg5l614z3cs0q3632qjl6y-robotnix-oriole-2023050500.drv'.
error: 1 dependencies of derivation '/nix/store/2lrhkh5nh9hc4x3ziqkjyhl3nb52zdkv-oriole-img-2023050500.zip.drv' failed to build
Here's the full logs:
╰─$ nix log /nix/store/vm27wfv6ll3h4afqc73aajzbai1ysvlp-robotnix-oriole-2023050500.drv
warning: The interpretation of store paths arguments ending in `.drv` recently changed. If this command is now failing try again with '/nix/store/vm27wfv6ll3h4afqc73aajzbai1ysvlp-robotnix-oriole-2023050500.drv!*'
@nix { "action": "setPhase", "phase": "unpackPhase" }
unpacking sources
@nix { "action": "setPhase", "phase": "patchPhase" }
patching sources
@nix { "action": "setPhase", "phase": "buildPhase" }
building
Build type choices are:
1. release
2. debug
Which would you like? [1] release
Which product would you like? [aosp_arm64] oriole
In file included from build/make/core/config.mk:353:
In file included from build/make/core/envsetup.mk:354:
build/make/core/product_config.mk:228: error: Can not locate config makefile for product "oriole".
04:40:19 dumpvars failed with: exit status 1
** Not a valid product: oriole
Variant choices are:
1. user
2. userdebug
3. eng
Which would you like? [eng] user
============================================
PLATFORM_VERSION_CODENAME=REL
PLATFORM_VERSION=13
TARGET_PRODUCT=aosp_arm64
TARGET_BUILD_VARIANT=user
TARGET_BUILD_TYPE=release
TARGET_ARCH=arm64
TARGET_ARCH_VARIANT=armv8-a
TARGET_CPU_VARIANT=generic
TARGET_2ND_ARCH=arm
TARGET_2ND_ARCH_VARIANT=armv8-a
TARGET_2ND_CPU_VARIANT=generic
HOST_ARCH=x86_64
HOST_2ND_ARCH=x86
HOST_OS=linux
HOST_OS_EXTRA=Linux-6.2.11-xanmod1-x86_64
HOST_CROSS_OS=windows
HOST_CROSS_ARCH=x86
HOST_CROSS_2ND_ARCH=x86_64
HOST_BUILD_TYPE=release
BUILD_ID=TQ2A.230505.002
OUT_DIR=out
PRODUCT_SOONG_NAMESPACES=device/generic/goldfish device/generic/goldfish-opengl hardware/google/camera hardware/google/camera/devices/EmulatedCamera
============================================
@nix { "action": "setPhase", "phase": "installPhase" }
installing
cp: cannot stat '/otatools.zip': No such file or directory
I also had to disable pixel.useUpstreamDriverBinaries = true that I have previously built with, because otherwise it errored out with:
╰─$ nix build .#robotnixConfigurations.tabi.img
warning: Git tree '/home/jaen/Config' is dirty
error:
… while evaluating a branch condition
at /nix/store/cxn063ifw1p77gw0a243k5nm6njg4l3i-source/default.nix:83:5:
82| config =
83| if failedAssertions != [ ]
| ^
84| then throw "\nFailed assertions:\n${lib.concatStringsSep "\n" (map (x: "- ${x}") failedAssertions)}"
… while calling the 'map' builtin
at /nix/store/cxn063ifw1p77gw0a243k5nm6njg4l3i-source/default.nix:80:22:
79| # From nixpkgs/nixos/modules/system/activation/top-level.nix
80| failedAssertions = map (x: x.message) (lib.filter (x: !x.assertion) eval.config.assertions);
| ^
81|
(stack trace truncated; use '--show-trace' to show the full trace)
error: no items found for google_devices oriole drivers
will take a look this week when I get a chance. it looks oriole is missing from the list of supported devices somewhere. that's why kernel.enable isn't automatically set to true and why the firmware isn't getting pulled in. also, just to confirm, you've unset adevtool.hash and set the value to the computed hash after running it once like that? won't help until I figure out which list oriole got dropped from but it will be necessary afterwards.
On Mon, May 22, 2023, 12:45 AM Tomek Mańko @.***> wrote:
Okay, so I've ran this overnight and was greeted with the following in the morning:
╰─$ nix build .#robotnixConfigurations.tabi.img warning: Git tree '/home/jaen/Config' is dirty error: builder for '/nix/store/c452pp42kxlg5l614z3cs0q3632qjl6y-robotnix-oriole-2023050500.drv' failed with exit code 1; last 10 log lines: > HOST_CROSS_OS=windows > HOST_CROSS_ARCH=x86 > HOST_CROSS_2ND_ARCH=x86_64 > HOST_BUILD_TYPE=release > BUILD_ID=TQ2A.230505.002 > OUT_DIR=out > PRODUCT_SOONG_NAMESPACES=device/generic/goldfish device/generic/goldfish-opengl hardware/google/camera hardware/google/camera/devices/EmulatedCamera > ============================================ > installing > cp: cannot stat '/otatools.zip': No such file or directory For full logs, run 'nix log /nix/store/c452pp42kxlg5l614z3cs0q3632qjl6y-robotnix-oriole-2023050500.drv'. error: 1 dependencies of derivation '/nix/store/2lrhkh5nh9hc4x3ziqkjyhl3nb52zdkv-oriole-img-2023050500.zip.drv' failed to build
I also had to disable pixel.useUpstreamDriverBinaries = true that I have previously built with, because otherwise it errored out with:
╰─$ nix build .#robotnixConfigurations.tabi.img warning: Git tree '/home/jaen/Config' is dirty error: … while evaluating a branch condition
at /nix/store/cxn063ifw1p77gw0a243k5nm6njg4l3i-source/default.nix:83:5: 82| config = 83| if failedAssertions != [ ] | ^ 84| then throw "\nFailed assertions:\n${lib.concatStringsSep "\n" (map (x: "- ${x}") failedAssertions)}" … while calling the 'map' builtin at /nix/store/cxn063ifw1p77gw0a243k5nm6njg4l3i-source/default.nix:80:22: 79| # From nixpkgs/nixos/modules/system/activation/top-level.nix 80| failedAssertions = map (x: x.message) (lib.filter (x: !x.assertion) eval.config.assertions); | ^ 81| (stack trace truncated; use '--show-trace' to show the full trace) error: no items found for google_devices oriole drivers— Reply to this email directly, view it on GitHub https://github.com/danielfullmer/robotnix/pull/203#issuecomment-1556519527, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACOKBCNI2PT7FD4XMCEINTXHLVPTANCNFSM6AAAAAAWUSYSVE . You are receiving this because you authored the thread.Message ID: @.***>
Ah, no, I have just copied whatever you had in your config. I'll keep it in mind for when you update the branch.
@cassandracomar okay, so it seems the issue was rather trivial in the end and I managed to build a flashable image with this diff:
diff --git a/flavors/grapheneos/default.nix b/flavors/grapheneos/default.nix
index 21e7307..857f5d1 100644
--- a/flavors/grapheneos/default.nix
+++ b/flavors/grapheneos/default.nix
@@ -10,7 +10,7 @@ let
upstreamParams = import ./upstream-params.nix;
grapheneOSRelease = "${config.apv.buildID}.${upstreamParams.buildNumber}";
- phoneDeviceFamilies = [ "crosshatch" "bonito" "coral" "sunfish" "redfin" "barbet" "bluejay" "pantah" ];
+ phoneDeviceFamilies = [ "crosshatch" "bonito" "coral" "sunfish" "redfin" "barbet" "raviole" "bluejay" "pantah" ];
supportedDeviceFamilies = phoneDeviceFamilies ++ [ "generic" ];
kernelPrefix = if config.androidVersion >= 13 then "kernel/android" else "kernel/google";
diff --git a/modules/pixel/default.nix b/modules/pixel/default.nix
index c3ae149..e0c3c70 100644
--- a/modules/pixel/default.nix
+++ b/modules/pixel/default.nix
@@ -63,9 +63,10 @@ mkMerge [
apv.ota = mkDefault (fetchItem otaList);
# Exclude all devices by default
- # source.excludeGroups = mkDefault (lib.attrNames deviceMap);
- # # But include names related to our device
- # source.includeGroups = mkDefault [ config.device config.deviceFamily ];
+ source.excludeGroups = mkDefault (lib.attrNames deviceMap ++ lib.mapAttrsToList (name: device: device.family) deviceMap ++ [ "slider" ]);
+ # But include names related to our device
+ source.includeGroups = mkDefault ([ config.device config.deviceFamily ]
+ ++ lib.optional (config.deviceFamily == "raviole") "slider");
signing.avb.enable = mkDefault true;
})
I'm not even sure the second change is necessary, but kind of don't wanna recompile the whole world again to find out whether that's true or not xD
I had minor issue with flashing (but maybe that's because I haven't set up proper permissions for adb/fastboot and had to use sudo), where flashing the image complained that:
fastboot: error: ANDROID_PRODUCT_OUT not set
Setting this to platform-tool's binary directory fixed the issue and allowed me to flash – not sure if that's something wrong on my end (with how I have those tools set up) or if it's something with the image itself (though probably the former).
I'll now try to use sops-nix for AVB keys, because that's the feature that initially prompted me to try this PR. Will let you know how it works out.
Ok, so update on trying to build a signed image with SOPS. There was an issue in the fingerprint script, where it tried to call dirname on an empty argument. I'm not enough of a bash wizard to understand what is the exact semantic difference, but changing from if [ -n $GNUPGHOME ] to either of if [ -n "$GNUPGHOME" ] or if [[ -n $GNUPGHOME ]] fixed the conditional.
Another problem was that I couldn't use my .sops.yaml file as-is, because I put signing keys in a subdirectory and had a path_regex to use an age key for this (for other things I still use GPG for now) and the paths didn't match in the sandbox. It's probably not a very big deal to use a different sops config for signing to work this around, but it would be good to a) document that discrepancy, b) maybe eventually fix this in a follow up PR, so that's not necessary?
I also had to put the keys.txt in a fairly open place with open permissions (or at least with o+x) – it's probably a general issue with extra-sandbox-paths that I was not aware of (I haven't used it before), but maybe it would be useful to document that as well?
I have managed to flash the signed build and it boots, but I have problems with re-locking the bootloader:
╰─$ sudo fastboot flash avb_custom_key ./avb_pkmd.bin
Warning: skip copying avb_custom_key image avb footer (avb_custom_key partition size: 0, avb_custom_key image size: 520).
Sending 'avb_custom_key' (0 KB) OKAY [ 0.000s]
Writing 'avb_custom_key' (bootloader) avb custom key: flash done
OKAY [ 0.056s]
Finished. Total time: 0.057s
I have no idea if I'm doing something wrong or is there some problem with the PR, as it's the first time I'm trying this.
EDIT: I have since figured that out and things seem to mostly work.
Are you Daniel Fulmer?
On Thu, Jun 8, 2023, 6:52 AM Tomek Mańko @.***> wrote:
Ok, so update on trying to build a signed image with SOPS. There was an issue in the fingerprint script, where it tried to call dirname on an empty argument. I'm not enough of a bash wizard to understand what is the exact semantic difference, but changing from if [ -n $GNUPGHOME ] to either of if [ -n "$GNUPGHOME" ] or if [[ -n $GNUPGHOME ]] fixed the conditional.
Another problem was that I couldn't use my .sops.yaml file as-is, because I put signing keys in a subdirectory and had a path_regex to use an age key for this (for other things I still use GPG for now) and the paths didn't match in the sandbox. It's probably not a very big deal to use a different sops config for signing to work this around, but it would be good to a) document that discrepancy, b) maybe eventually fix this in a follow up PR, so that's not necessary?
I also had to put the keys.txt in a fairly open place with open permissions (or at least with o+x) – it's probably a general issue with extra-sandbox-paths that I was not aware of (I haven't used it before), but maybe it would be useful to document that as well?
I have managed to flash the signed build and it boots, but I have problems with re-locking the bootloader:
╰─$ sudo fastboot flash avb_custom_key ./avb_pkmd.bin Warning: skip copying avb_custom_key image avb footer (avb_custom_key partition size: 0, avb_custom_key image size: 520). Sending 'avb_custom_key' (0 KB) OKAY [ 0.000s] Writing 'avb_custom_key' (bootloader) avb custom key: flash done OKAY [ 0.056s] Finished. Total time: 0.057s
I have no idea if I'm doing something wrong or is there some problem with the PR, as it's the first time I'm trying this.
— Reply to this email directly, view it on GitHub https://github.com/danielfullmer/robotnix/pull/203#issuecomment-1582617288, or unsubscribe https://github.com/notifications/unsubscribe-auth/BANFWFBCCRFZZR4E6GJKH7DXKHKILANCNFSM6AAAAAAWUSYSVE . You are receiving this because you are subscribed to this thread.Message ID: @.***>
pixel 8 is published and there are also new grapheneos released. Would some one to update it?
I'm using this branch currently and I managed to update it previously from TQ2A.230505.002 to TQ3A.230605.010, so I can try updating it again when I have time and see how that works out — but:
a) unsure when I will have time as I haven't touched it it since June (and that might mean my understanding on how to update this might've bitrotted), b) I'm not convinced I'll be able to fix any build issues if Android 14 changed things around again, c) I only have a Pixel 6 test against.
@jaen note that during the LineageOS 20 bringup, I've added some Android 13 support. It wasn't too hard all around, so I wouldn't expect Android 14 to be too hard either.
Don't stress the support for individual devices. Let's get it working on some device first and then figure out whether the rest work aswell.
I'll try to pull in some of the flake changes separately aswell. I had done something similar including basic Darwin support and it kinda worked but ultimately failed in a build or something IIRC. I'll pick that up again and merge it with these flake changes.
