Skip to content

Commit

Permalink
Enable bash strict mode
Browse files Browse the repository at this point in the history 
Ensure scripts do not continue in case of an unforeseen error.

Continuing after an error may lead to a critical step of the process
being skipped, thus silently producing the wrong result.

Related changes:

- Remove two explicit exit code checks, as this checking is now done
  implicitly by the shell.

- Remove the over-zealous trap specification in make_key.
  The EXIT trap already fires on INT/QUIT signals.

- Remove the 'exit 1' statement in make_key.
  The exit code is already propagated on error.

- Switch boolean expression order in make_key to make use of
  short-circuit evaluation (and thus only evaluate $3 if it is set).

- Overwrite existing symlinks when linking signing keys

- Ignore SIGPIPE from `yes`

- Explicitly allow DEVICE_LIST_xxx variable to be empty

- Remove '|| exit' clauses (these had been added only to "cd"
  commands, in response to a ShellCheck warning); these are now
  redundant

- Temporarily disable strict mode flags when invoking Android build
  scripts and functions, as these are incompatible with them
  • Loading branch information
@CyberShadow
CyberShadow committed Aug 14, 2021
1 parent 0d9466b commit ff69cbd
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 31 deletions.
52 changes: 24 additions & 28 deletions src/build.sh
View file
Expand Up @@ -17,10 +17,12 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

set -eEuo pipefail

repo_log="$LOGS_DIR/repo-$(date +%Y%m%d).log"

# cd to working directory
cd "$SRC_DIR" || exit
cd "$SRC_DIR"

if [ -f /root/userscripts/begin.sh ]; then
echo ">> [$(date)] Running begin.sh"
Expand All @@ -38,7 +40,7 @@ first_branch=$(cut -d ',' -f 1 <<< "$BRANCH_NAME")
if [ -n "$DEVICE_LIST" ]; then
device_list_first_branch="DEVICE_LIST_${first_branch//[^[:alnum:]]/_}"
device_list_first_branch=${device_list_first_branch^^}
read -r "${device_list_first_branch?}" <<< "$DEVICE_LIST,${!device_list_first_branch}"
read -r "${device_list_first_branch?}" <<< "$DEVICE_LIST,${!device_list_first_branch:-}"
fi

# If needed, migrate from the old SRC_DIR structure
Expand All @@ -55,11 +57,11 @@ fi

if [ "$LOCAL_MIRROR" = true ]; then

cd "$MIRROR_DIR" || exit
cd "$MIRROR_DIR"

if [ ! -d .repo ]; then
echo ">> [$(date)] Initializing mirror repository" | tee -a "$repo_log"
yes | repo init -u https://github.com/LineageOS/mirror --mirror --no-clone-bundle -p linux &>> "$repo_log"
( yes||: ) | repo init -u https://github.com/LineageOS/mirror --mirror --no-clone-bundle -p linux &>> "$repo_log"
fi

# Copy local manifests to the appropriate folder in order take them into consideration
Expand Down Expand Up @@ -124,26 +126,26 @@ for branch in ${BRANCH_NAME//,/ }; do
android_version_major=$(cut -d '.' -f 1 <<< $android_version)

mkdir -p "$SRC_DIR/$branch_dir"
cd "$SRC_DIR/$branch_dir" || exit
cd "$SRC_DIR/$branch_dir"

echo ">> [$(date)] Branch: $branch"
echo ">> [$(date)] Devices: $devices"

# Remove previous changes of vendor/cm, vendor/lineage and frameworks/base (if they exist)
for path in "vendor/cm" "vendor/lineage" "frameworks/base" "packages/apps/PermissionController"; do
if [ -d "$path" ]; then
cd "$path" || exit
cd "$path"
git reset -q --hard
git clean -q -fd
cd "$SRC_DIR/$branch_dir" || exit
cd "$SRC_DIR/$branch_dir"
fi
done

echo ">> [$(date)] (Re)initializing branch repository" | tee -a "$repo_log"
if [ "$LOCAL_MIRROR" = true ]; then
yes | repo init -u https://github.com/LineageOS/android.git --reference "$MIRROR_DIR" -b "$branch" &>> "$repo_log"
( yes||: ) | repo init -u https://github.com/LineageOS/android.git --reference "$MIRROR_DIR" -b "$branch" &>> "$repo_log"
else
yes | repo init -u https://github.com/LineageOS/android.git -b "$branch" &>> "$repo_log"
( yes||: ) | repo init -u https://github.com/LineageOS/android.git -b "$branch" &>> "$repo_log"
fi

# Copy local manifests to the appropriate folder in order take them into consideration
Expand Down Expand Up @@ -178,7 +180,7 @@ for branch in ${BRANCH_NAME//,/ }; do
# If needed, apply the microG's signature spoofing patch
if [ "$SIGNATURE_SPOOFING" = "yes" ] || [ "$SIGNATURE_SPOOFING" = "restricted" ]; then
# Determine which patch should be applied to the current Android source tree
cd frameworks/base || exit
cd frameworks/base
if [ "$SIGNATURE_SPOOFING" = "yes" ]; then
echo ">> [$(date)] Applying the standard signature spoofing patch ($patch_name) to frameworks/base"
echo ">> [$(date)] WARNING: the standard signature spoofing patch introduces a security threat"
Expand All @@ -187,21 +189,13 @@ for branch in ${BRANCH_NAME//,/ }; do
echo ">> [$(date)] Applying the restricted signature spoofing patch (based on $patch_name) to frameworks/base"
sed 's/android:protectionLevel="dangerous"/android:protectionLevel="signature|privileged"/' "/root/signature_spoofing_patches/$patch_name" | patch --quiet --force -p1
fi
if [ $? -ne 0 ]; then
echo ">> [$(date)] ERROR: failed to apply $patch_name"
exit 1
fi
git clean -q -f
cd ../..

if [ -n "$permissioncontroller_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then
cd packages/apps/PermissionController || exit
cd packages/apps/PermissionController
echo ">> [$(date)] Applying the PermissionController patch ($permissioncontroller_patch) to packages/apps/PermissionController"
patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$permissioncontroller_patch"
if [ $? -ne 0 ]; then
echo ">> [$(date)] ERROR: failed to apply $permissioncontroller_patch"
exit 1
fi
git clean -q -f
cd ../../..
fi
Expand Down Expand Up @@ -253,8 +247,10 @@ for branch in ${BRANCH_NAME//,/ }; do

# Prepare the environment
echo ">> [$(date)] Preparing build environment"
set +eu
# shellcheck source=/dev/null
source build/envsetup.sh > /dev/null
set -eu

if [ -f /root/userscripts/before.sh ]; then
echo ">> [$(date)] Running before.sh"
Expand All @@ -271,12 +267,12 @@ for branch in ${BRANCH_NAME//,/ }; do

if [ "$LOCAL_MIRROR" = true ]; then
echo ">> [$(date)] Syncing mirror repository" | tee -a "$repo_log"
cd "$MIRROR_DIR" || exit
cd "$MIRROR_DIR"
repo sync --force-sync --no-clone-bundle &>> "$repo_log"
fi

echo ">> [$(date)] Syncing branch repository" | tee -a "$repo_log"
cd "$SRC_DIR/$branch_dir" || exit
cd "$SRC_DIR/$branch_dir"
repo sync -c --force-sync &>> "$repo_log"
fi

Expand All @@ -291,7 +287,7 @@ for branch in ${BRANCH_NAME//,/ }; do
else
source_dir="$SRC_DIR/$branch_dir"
fi
cd "$source_dir" || exit
cd "$source_dir"

if [ "$ZIP_SUBDIR" = true ]; then
zipsubdir=$codename
Expand All @@ -316,15 +312,15 @@ for branch in ${BRANCH_NAME//,/ }; do
# Start the build
echo ">> [$(date)] Starting build for $codename, $branch branch" | tee -a "$DEBUG_LOG"
build_successful=false
if brunch "$codename" &>> "$DEBUG_LOG"; then
if ( set +eu ; brunch "$codename" ) &>> "$DEBUG_LOG"; then
currentdate=$(date +%Y%m%d)
if [ "$builddate" != "$currentdate" ]; then
find out/target/product/"$codename" -maxdepth 1 -name "lineage-*-$currentdate-*.zip*" -type f -exec sh /root/fix_build_date.sh {} "$currentdate" "$builddate" \; &>> "$DEBUG_LOG"
fi

# Move produced ZIP files to the main OUT directory
echo ">> [$(date)] Moving build artifacts for $codename to '$ZIP_DIR/$zipsubdir'" | tee -a "$DEBUG_LOG"
cd out/target/product/"$codename" || exit
cd out/target/product/"$codename"
for build in lineage-*.zip; do
sha256sum "$build" > "$ZIP_DIR/$zipsubdir/$build.sha256sum"
cp -v system/build.prop "$ZIP_DIR/$zipsubdir/$build.prop" &>> "$DEBUG_LOG"
Expand All @@ -337,7 +333,7 @@ for branch in ${BRANCH_NAME//,/ }; do
break
fi
done &>> "$DEBUG_LOG"
cd "$source_dir" || exit
cd "$source_dir"
build_successful=true
else
echo ">> [$(date)] Failed build for $codename" | tee -a "$DEBUG_LOG"
Expand Down Expand Up @@ -366,7 +362,7 @@ for branch in ${BRANCH_NAME//,/ }; do

if [ "$BUILD_OVERLAY" = true ]; then
# The Jack server must be stopped manually, as we want to unmount $TMP_DIR/merged
cd "$TMP_DIR" || exit
cd "$TMP_DIR"
if [ -f "$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin" ]; then
"$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin kill-server" &> /dev/null || true
fi
Expand All @@ -382,10 +378,10 @@ for branch in ${BRANCH_NAME//,/ }; do
if [ "$CLEAN_AFTER_BUILD" = true ]; then
echo ">> [$(date)] Cleaning source dir for device $codename" | tee -a "$DEBUG_LOG"
if [ "$BUILD_OVERLAY" = true ]; then
cd "$TMP_DIR" || exit
cd "$TMP_DIR"
rm -rf ./*
else
cd "$source_dir" || exit
cd "$source_dir"
mka clean &>> "$DEBUG_LOG"
fi
fi
Expand Down
4 changes: 3 additions & 1 deletion src/init.sh
View file
Expand Up @@ -17,6 +17,8 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

set -eEuo pipefail

# Copy the user scripts
mkdir -p /root/userscripts
cp -r "$USERSCRIPTS_DIR"/. /root/userscripts
Expand Down Expand Up @@ -52,7 +54,7 @@ if [ "$SIGN_BUILDS" = true ]; then

for c in cyngn{-priv,}-app testkey; do
for e in pk8 x509.pem; do
ln -s releasekey.$e "$KEYS_DIR/$c.$e" 2> /dev/null
ln -sf releasekey.$e "$KEYS_DIR/$c.$e" 2> /dev/null
done
done
fi
Expand Down
6 changes: 4 additions & 2 deletions src/make_key
View file
Expand Up @@ -17,6 +17,8 @@
# Generates a public/private key pair suitable for use in signing
# android .apks and OTA update packages.

set -eEuo pipefail

if [[ "$#" -lt 2 || "$#" -gt 3 ]]; then
cat <<EOF
Usage: $0 <name> <subject> [<keytype>]
Expand All @@ -38,7 +40,7 @@ fi
# touch the disk.

tmpdir=$(mktemp -d)
trap 'rm -rf ${tmpdir}; echo; exit 1' EXIT INT QUIT
trap 'rm -rf ${tmpdir}' EXIT

one=${tmpdir}/one
two=${tmpdir}/two
Expand All @@ -49,7 +51,7 @@ chmod 0600 "${one}" "${two}"
read -rp "Enter password for '$1' (blank for none; password will be visible): " \
password

if [[ "${3}" = "rsa" || "$#" -eq 2 ]]; then
if [[ "$#" -eq 2 || "${3}" = "rsa" ]]; then
( openssl genrsa -f4 2048 | tee "${one}" > "${two}" ) &
hash="-sha256"
elif [ "${3}" = "ec" ]; then
Expand Down

0 comments on commit ff69cbd

Please sign in to comment.