 | Robotnix | 231 Members |
| Build Android (AOSP) using Nix | https://github.com/nix-community/robotnix | 70 Servers |
| Robotnix | 231 Members |
| Build Android (AOSP) using Nix | https://github.com/nix-community/robotnix | 70 Servers |
| Sender | Message | Time |
|---|---|---|
| 27 Jan 2025 | ||
 Atemu | No | 20:54:45 |
| Atemu | This is about signing keys | 20:54:48 |
| Atemu | They're encoded in the system app metadata for some reason | 20:55:03 |
| Atemu | So if you change ROMs, you must change the singing keys | 20:55:20 |
| Atemu | cyclopentane ⭔ migrated her phone from and to offical LOS keys a few times, so it works fine but you do need to do it beforehand | 20:55:51 |
| Atemu | https://wiki.lineageos.org/signing_builds#using-a-script | 20:56:23 |
| Atemu | * cyclopentane ⭔ migrated her phone from and to offical LOS keys a few times, so it works fine but you do need to do it before flashing | 20:56:40 |
 pentane | If you want to keep your data, you need to run a key migration script to change the keys on your userdata partition from the LineageOS release keys to the test-keys (the ones Robotnix uses per default), as described here: https://wiki.lineageos.org/signing_builds#test-keys-to-official-or-vice-versa | 20:56:46 |
| pentane | You can find the script here: https://github.com/LineageOS/scripts/blob/main/key-migration/migration.sh | 20:57:10 |
| Atemu | Oops, I had the wrong link | 20:57:10 |
| Atemu | No wait, I didn't | 20:57:44 |
| Atemu | ^^' | 20:57:51 |
| pentane | It's the same but slightly different anchors | 20:57:55 |
 autra | Thanks! Is it compulsory even if I don't plan to relock the bootloader and I'm fine with the warning at boot? | 20:58:04 |
| pentane | It's needed if you want to keep your data | 20:58:16 |
| pentane | If you're okay with wiping your phone, then you don't need to migrate keys | 20:58:28 |
| Atemu | Signing isn't cumpulsory though; I don't sign my builds for instance and just use test keys | 20:58:32 |
| autra | ok so if I understand correctly, either I keep my signed build but follow the migration instruction, or I rebuild with signing disabled. | 21:00:21 |
| Atemu | No, you need to migrate either way | 21:00:34 |
| Atemu | Signing cannot be disabled I think | 21:00:45 |
| pentane | Wait a sec, there seems to be some confusion as to what "signing" means here: | 21:01:10 |
| Atemu | It falls back to test keys which are effectively unsigned because the private key is public but technically still a signature | 21:01:12 |
| pentane | When you build a LineageOS image, the system image is cryptographically signed. There are three options for the keys the image can be signed with:
| 21:03:24 |
| pentane | When you run LineageOS and install apps that save stuff to your phone, that data is somehow "coupled" to the keys your LineageOS install was signed with (don't ask me about the details though). If you try to boot a LineageOS install with an image that was signed with different build keys than the ones your user data was coupled to, it will complain and not boot. | 21:04:52 |
| pentane | * When you run LineageOS and install apps that save stuff to your phone, that data is somehow "coupled" to the keys your LineageOS install was signed with (don't ask me about the details though). If you try to boot a LineageOS install with an image that was signed with different build keys than the ones your user data was coupled to, it will complain and not boot (I believe). | 21:05:58 |
| pentane | In that case, you have two options:
| 21:06:15 |
| pentane | in your case, you probably had an official LineageOS build install first, and now your userdata is coupled to the official LineageOS release-keys. If you want to install a robotnix-built LOS image with the test-keys, you need to run the migration script to change your keys from release-keys to test-keys. | 21:08:10 |
| pentane | What I did was:
| 21:10:13 |
| pentane | Man, we should write a guide about this some day :D | 21:10:47 |
| Atemu | Yes, PRs welcome :) | 21:10:59 |