| 7 Sep 2021 |
 danielrf | https://github.com/danielfullmer/robotnix/blob/d9018fbaed2eadf81b85b6dd075a4994230e3b97/modules/signing.nix#L103 | 22:26:32 |
 kranzes | Ive got another small question | 22:26:41 |
| kranzes | let me find it real quick sry | 22:27:27 |
| kranzes | i'll @ you once i encounter it | 22:31:29 |
| danielrf | ok, no problem | 22:31:36 |
 cde | danielrf: are you doing per-device apex keys? | 23:12:59 |
| danielrf | Nope, currently shared keys for APEX packages | 23:13:37 |
| cde | cool | 23:13:44 |
| cde | that makes more sense too | 23:13:51 |
| cde | tried to update an APEX out of band yet? | 23:14:03 |
| danielrf | I checked upstream (google) and they do the same. APEX packages are identical (including signatures) across devices | 23:14:13 |
| danielrf | No, I've never tried an actual APEX update | 23:14:21 |
| cde | it would be good to have to say extend wahoo support | 23:15:19 |
| cde | I think marlin got apex updates even after eol although I don't know if it had many useful / relevant apex packages. | 23:15:50 |
| danielrf | hmm, could be worth looking into | 23:19:26 |
| kranzes | danielrf
[kranzes@pongo /home/1TB-HDD/Android]$ store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh ./keys
Generating miatoll/releasekey key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating miatoll/platform key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating miatoll/shared key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating miatoll/media key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating miatoll/networkstack key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.hotspot2.osulogin key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.wifi.resources key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.conscrypt key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.media key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.media.swcodec key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.resolv key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.tzdata key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.adbd key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.art.release key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.cellbroadcast key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.extservices key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.i18n key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.ipsec key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.mediaprovider key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.neuralnetworks key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.os.statsd key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.runtime key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.permission key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.sdkext key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.telephony key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.tethering key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.wifi key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.vndk.current key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.vndk.v27 key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.vndk.v28 key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.vndk.v29 key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating microg key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating bromitewebview key
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 24: make_key: command not found
Generating com.android.conscrypt APEX AVB key
Generating RSA private key, 4096 bit long modulus (2 primes)
............................................................................................................................................................................................................................................................................................................................++++
...............................................................................................................................................++++
e is 65537 (0x010001)
store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh: line 34: avbtool: command not found
| 23:41:25 |
| kranzes | 🤔 | 23:41:34 |
| kranzes | {
description = "A (not so) basic robotnix configuration";
inputs = {
robotnix.url = "github:Kranzes/robotnix-forklineageos";
device_xiaomi_miatoll = { url = "github:sairam1411/device_xiaomi_miatoll"; flake = false; };
device_xiaomi_sm6250-common = { url = "github:sairam1411/device_xiaomi_sm6250-common"; flake = false; };
vendor_xiaomi_miatoll = { url = "github:sairam1411/vendor_xiaomi_miatoll"; flake = false; };
vendor_xiaomi_sm6250-common = { url = "github:sairam1411/vendor_xiaomi_sm6250-common"; flake = false; };
kernel_xiaomi_sm6250 = { url = "github:sairam1411/kernel_xiaomi_sm6250"; flake = false; };
};
outputs = { self, robotnix, ... }@inputs: {
robotnixConfigurations."miatoll" = robotnix.lib.robotnixSystem ({ config, pkgs, ... }: {
device = "miatoll";
flavor = "lineageos";
androidVersion = 11;
signing.enable = true;
signing.keyStorePath = "/home/1TB-HDD/Android/keys";
apps.bromite.enable = false;
apps.chromium.enable = false;
webview = {
chromium = {
enable = false;
availableByDefault = false;
};
bromite = {
enable = true;
availableByDefault = true;
};
};
microg.enable = true;
source.dirs = {
"device/xiaomi/miatoll".src = inputs.device_xiaomi_miatoll;
"device/xiaomi/sm6250-common".src = inputs.device_xiaomi_sm6250-common;
"vendor/xiaomi/miatoll".src = inputs.vendor_xiaomi_miatoll;
"vendor/xiaomi/sm6250-common".src = inputs.vendor_xiaomi_sm6250-common;
"kernel/xiaomi/sm6250".src = inputs.kernel_xiaomi_sm6250;
};
});
defaultPackage.x86_64-linux = self.robotnixConfigurations."miatoll".generateKeysScript;
};
}
| 23:42:06 |
| danielrf | take a look at /store/nix/store/y7cph0jkl19apk6wi22sl8fb9as40kxp-generate_keys.sh. It should have a line starting with export PATH | 23:44:39 |
| danielrf | and in that PATH should be something ending with android-key-tools/bin | 23:44:53 |
| danielrf | make_key should be in that directory. Does it exist? | 23:45:11 |
| kranzes | #!nix/store/kxj6cblcsd1qcbbxlmbswwrn89zcmgd6-bash-4.4-p23/bin/bash
./
set -euo pipefail
if [[ "$#" -ne 1 ]]; then
echo "Usage: $0 <keysdir>"
echo "$#"
exit 1
fi
mkdir -p "$1"
cd "$1"
export PATH=/nix/store/5phzsq8z7g5d82zfnm6bz5bvi2if2am0-openssl-1.1.1k-bin/bin:/nix/store/nnblnlg5ig16ky8cf8p4ijwgn547apfg-android-key-tools/bin:$PATH
KEYS=( miatoll/releasekey miatoll/platform miatoll/shared miatoll/media miatoll/networkstack com.android.hotspot2.osulogin com.android.wifi.resources com.android.conscrypt com.android.media com.android.media.swcodec com.android.resolv com.android.tzdata com.android.adbd com.android.art.release com.android.cellbroadcast com.android.extservices com.android.i18n com.android.ipsec com.android.mediaprovider com.android.neuralnetworks com.android.os.statsd com.android.runtime com.android.permission com.android.sdkext com.android.telephony com.android.tethering com.android.wifi com.android.vndk.current com.android.vndk.v27 com.android.vndk.v28 com.android.vndk.v29 microg bromitewebview )
APEX_KEYS=( com.android.conscrypt com.android.media com.android.media.swcodec com.android.resolv com.android.tzdata com.android.adbd com.android.art.release com.android.cellbroadcast com.android.extservices com.android.i18n com.android.ipsec com.android.mediaprovider com.android.neuralnetworks com.android.os.statsd com.android.runtime com.android.permission com.android.sdkext com.android.telephony com.android.tethering com.android.wifi com.android.vndk.current com.android.vndk.v27 com.android.vndk.v28 com.android.vndk.v29 )
mkdir -p "miatoll"
for key in "${KEYS[@]}"; do
if [[ ! -e "$key".pk8 ]]; then
echo "Generating $key key"
# make_key exits with unsuccessful code 1 instead of 0
make_key "$key" "/CN=Robotnix ${key/\// }/" && exit 1
else
echo "Skipping generating $key since it is already exists"
fi
done
for key in "${APEX_KEYS[@]}"; do
if [[ ! -e "$key".pem ]]; then
echo "Generating $key APEX AVB key"
openssl genrsa -out "$key".pem 4096
avbtool extract_public_key --key "$key".pem --output "$key".avbpubkey
else
echo "Skipping generating $key APEX key since it is already exists"
fi
done
if [[ ! -e "miatoll/avb.pem" ]]; then
# TODO: Maybe switch to 4096 bit avb key to match apex? Any device-specific problems with doing that?
echo "Generating Device AVB key"
openssl genrsa -out miatoll/avb.pem 2048
avbtool extract_public_key --key miatoll/avb.pem --output miatoll/avb_pkmd.bin
else
echo "Skipping generating device AVB key since it is already exists"
fi
| 23:45:35 |
| kranzes | its trying to use the wrong store | 23:46:13 |
| kranzes | remember im using --store to change the store | 23:46:21 |
| danielrf | Ah, that would explain it! | 23:46:27 |
| kranzes | i guess i can just make it sign with the default store | 23:46:40 |
| danielrf | you could also nix-copy-closure the generateKeysScript from your other store to your main /nix/store | 23:47:13 |
| kranzes | overkill | 23:47:26 |
| kranzes | all keys generated | 23:48:12 |
| kranzes | do i need to chgrp/chmod the keys dir? | 23:48:30 |
