| 20 Oct 2025 |
 Atemu | In reply to @mio:chat.mio19.uk
releaseScript says: evaluation warning: releaseScript should be used only if signing.enable = true; Otherwise, the build might be using incorrect keys / certificate metadata. I set signing.enable = true; then I got an error error: The option `signing.keyStorePath' was accessed but has no value defined. Try setting the option. I set it to /keys and added --impure error: path '/keys/f-droid.x509.pem' does not exist Hmm, that sounds like a bug in the release script. @cyclopentane:aidoskyneen.eu tested it for GOS but I'm not sure about LOS. | 08:45:45 |
| Atemu | --impure won't make paths available in the sandbox btw. | 08:46:15 |
| Atemu | That reqires additional setup | 08:46:34 |
| Atemu | Pretty sure the docs mention it | 08:46:48 |
 mio | Atemu I successfully built los23 with robotnix - https://github.com/nix-community/robotnix/pull/306 | 08:53:47 |
| Atemu | Very cool! | 09:21:53 |
| 21 Oct 2025 |
| mio | I am worried that malicious software might use the publicly available signing key to gain permission on my system. Is it fine as long as I don't download random apk | 07:25:59 |
| mio | * I am worried that malicious software might use the publicly available default test signing key to gain permission on my system. Is it fine as long as I don't download random apk | 07:26:40 |
| Atemu | Yup | 07:41:09 |
| Atemu | And even then it'd need to install itself as an existing system app | 07:41:43 |
| Atemu | The only thing you really lose is protection against evil maids and I don't think you're sufficiently proteced against those with signing either, so that's why I never bothered | 07:43:13 |
| 23 Oct 2025 |
 pentane ⭔ | btw mio - sorry for not taking care of your PR earlier, had a lot to do these days. I'm currently running a test build for my device (FP4), and another bump today. Is it okay if I cherry-pick your mke2fs commit and add you as a co-author to the version bump I'm currently running? | 11:39:18 |
| pentane ⭔ | (had to rewrite the avbtool patch unfortunately because it breaks GrapheneOS) | 11:39:40 |
 puffnfresh | > ninja: build stopped: subcommand failed.
> 21:30:16 ninja failed with: exit status 1
>
> #### failed to build some targets (10:18:37 (hh:mm:ss)) ####
>
For full logs, run:
nix log /nix/store/2iqphyk1l3q5d0l6wb5cagzal195vaxv-robotnix-shiba-2025100900.drv
failed after 10 hous 😢
| 21:36:22 |
| puffnfresh | ran out of disk space at 99% 🙃 | 21:38:18 |
| Atemu | been there, done that lol | 21:59:42 |
| 25 Oct 2025 |
| mio | yes | 02:15:57 |
| 27 Oct 2025 |
| puffnfresh | I've got Robotnix built GrapheneOS on my Pixel 8 and despite the README, I'm pretty happy and I'm going to use it as my daily phone | 22:19:53 |
| puffnfresh | I had to hack up the release scripts a bunch to get it signed, so I'll try to turn that into a PR of some sort | 22:20:11 |
| pentane ⭔ | that'd be great! | 22:21:16 |
| pentane ⭔ | I've been wanting to take care of the signing for months now but never got around to | 22:21:36 |
| 30 Oct 2025 |
|  @edrex:matrix.org left the room. | 07:14:55 |
| 31 Oct 2025 |
|  @dguibert:beeper.com left the room. | 16:50:36 |
| 1 Nov 2025 |
| mio | I encountered the same error with gos error: The option 'signing.keyStorePath' was accessed but has no value defined. Try setting the option when signing.enable = true; | 00:58:25 |
| mio | That would be great! | 00:58:48 |
| mio | I want to install signed GrapheneOS and lock my pixel bootloader | 01:00:49 |
| puffnfresh | mostly I copied the releaseScript and replaced the flags with these flags:
https://github.com/GrapheneOS/script/blob/16/generate-release.sh#L70-L169 | 07:43:52 |
| puffnfresh | so I'll try to turn that into a PR soon | 09:01:44 |
| 4 Nov 2025 |
 magic_rb | pentane ⭔ i remember you pointing me toward docs on how to switch from lineageos upstream builds to a robotnix built build, but i cannot find it now, can you once again point me at it 🙏 | 19:13:56 |
| Atemu | @magic_rb:matrix.redalder.org: https://wiki.lineageos.org/signing_builds#using-a-script | 19:21:16 |
