| 9 Nov 2025 |
 puffnfresh | at the time, I hadn't specified that as an extra-apk, and specifying it solved the problem - so I think it's opposite to what you're saying | 04:42:20 |
| puffnfresh | I actually generated my keys from the official scripts, so I do have that | 07:22:11 |
| puffnfresh | and that's why the PR includes support for 4096 keys - that's what I'm using | 07:22:28 |
| puffnfresh | I haven't tested Robotnix's key generation since my first attempt at signing, so gmscompat_lib being missing would probably be a problem | 07:23:25 |
 pentane ⭔ | Okay it seems like we're talking about two different things | 09:53:58 |
| pentane ⭔ | this error message refers to the payload private key of the APEX in question | 09:57:12 |
| pentane ⭔ | the test-keys variant of that payload private key is present in the GrapheneOS source tree (see https://github.com/GrapheneOS/platform_packages_modules_Virtualization/tree/16/build/apex), but not in the otaTools derivation which releaseScript cds into | 09:59:45 |
| pentane ⭔ | okay, scratch that. so I investigated this, and it seems like the otatools AOSP build target (i.e. otatools.zip in the config.build.android version) erroneously doesn't include the APEX payload test keys | 10:05:23 |
| pentane ⭔ | so that was the reason for why you were getting these error messages | 10:05:33 |
| pentane ⭔ | I don't see rn though why there should be a guarantee that this happens consistently (for instance, looking into the otaTools derivation, the APEX container test keys are there, and likewise for the normal APK signing keys) | 10:06:47 |
| pentane ⭔ | if you're interested - I'm currently experimenting with patching sign_target_files_apks to throw error messages if one of the test keys hasn't been replaced. Don't think we should do that in production though, I'd probably write a small validation program in Rust that takes META/apkcerts.txt and META/apexkeys.txt, and the signTargetFilesArgs from target_files.zip as an option to check whether the args exhaustively cover all the keys | 10:09:06 |
| pentane ⭔ | FWIW here's my current patch for https://github.com/GrapheneOS/platform_build: | 10:10:03 |
| pentane ⭔ | Download debug.patch | 10:10:36 |
| pentane ⭔ | * I don't see rn though why there should be a guarantee that this happens consistently (for instance, looking into the otaTools derivation, the APEX *container* test keys *are* there, and likewise for the normal APK signing keys) | 10:11:17 |
| pentane ⭔ | Oh and we should also write a better abstraction for the non-standard keys, it kinda pisses me off that we need to specify them separately in keysToGenerate and in keyMappings in modules/signing.nix | 10:22:18 |
| pentane ⭔ | https://github.com/nix-community/robotnix/commit/75cf4f78b6fbb3a402a22b848ec967880ddf56f6
https://github.com/nix-community/robotnix/commit/fc99ff973428ef1c2e2bff427ce403d01a5f2b19 | 22:01:43 |
| puffnfresh | compiling 2025-11-09 now and will test signing using that branch | 22:17:11 |
 magic_rb | @cyclopentane:aidoskyneen.eu are you polish? The text on your github pfp looks polish | 22:03:45 |
| pentane ⭔ | (already tested 2025-11-09 on a tegu with the official signing script btw, I'll merge as soon as upstream pushed 2025110800 to stable) | 22:18:03 |
| pentane ⭔ | can you save the output of the signing script and post it here? | 22:18:48 |
| 10 Nov 2025 |
| puffnfresh | I used the upstream GrapheneOS generation scripts, which use the same keys for everything | 02:19:24 |
| puffnfresh | so I don't have things like com.android.tzdata.pem | 02:19:52 |
| puffnfresh | so I used the Robotnix generation scripts, generated those, then copied keys/shiba from my keys into the directory | 02:21:15 |
| puffnfresh | so it's a bit of a mess, I guess - but the scripts run fine after doing that | 02:21:28 |
| pentane ⭔ | haha no, I'm German, the text on my pfp is the watermark from the avatar generator :D | 14:30:16 |
| 11 Nov 2025 |
|  oak 🏳️🌈♥️ changed their profile picture. | 19:19:20 |
| 10 Nov 2025 |
| pentane ⭔ | Hm yeah that should work out | 14:30:43 |
| magic_rb | Ah lol, was wondering if im dealing with a fellow slavic person, as a slovak myself | 14:48:56 |
| 11 Nov 2025 |
| puffnfresh | flashed with the new release script, but getting: no operating system found, g.co/ABH | 06:04:12 |
| puffnfresh | it's probably my problem, because my keys weren't generated through the generation script | 06:04:35 |
