December 2020 Update #67
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We now use new application-specific keys and certificates for included apps like Chromium / webview, Microg, and F-Droid, instead of relying on the device-specific `releasekey`. This allows us to share these keys between multiple devices, push the same app updates to multiple devices, and remove an ugly SELinux workaround for GrapheneOS that robotnix required. Unfortunately, changing app keys will lose any data associated with those apps. Fortunately, most data associated with those apps should be easy to re-create. (Re-login to services in chromium, re-add F-Droid repos, etc.) I hope to avoid breaking changes like this in the future by getting these changes done relatively early in the projects' life. If you've previously generated robotnix keys, you will need to do the following to update to the new key directory layout: Move all keys and certificates beginning with `com.android` (if they exist) from the device subdir (e.g. `crosshatch`) under your `keyStorePath` to the parent directory. The files beginning with `releasekey`, `platform`, `shared`, `media`, `networkstack`, and `avb`/`verity` (if you have it) are device-specific, and should remain under the device subdirectory. For example, I ran the following command on my machine: ```shell $ mv /var/secrets/android-keys/crosshatch/com.android.* /var/secrets/android-keys/ ``` After this, re-run `generateKeysScript` to create new application keys (e.g. Chromium, F-Droid).
danielfullmer
force-pushed
the
update-2020.12
branch
from
d38b7df to
d3396a9
Compare
Additionally added remaining pixel devices supported by GrapheneOS. Our version has only been tested working on crosshatch and sunfish thus far.
danielfullmer
force-pushed
the
update-2020.12
branch
from
d3396a9 to
c1a3e2d
Compare
Wait... Robotnix is supported by NLNet? :O Since when? |
|
Hopefully soon, after we finish the remaining paperwork. Robotnix is already listed as one of the NLNet supported projects: https://nlnet.nl/project/Robotnix/ |
|
Awesome, congrats! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updated Vanilla and GrapheneOS source based on latest releases.
Also included is a new
NEWS.mdfille where I intend to (roughly monthly) highlight changes that you might want to be aware of before updating, and especially any backwards-incompatible changes that may require changes to your configuration. This format is not necessarily final, and is not intended to take the place of (bi)-monthly updates required by NLNet.Currently building for my own device. Will push to master shortly if I don't encounter any further issues.