res/util: move resdl funcs and make shell scripts

2024-11-10 19:10:45 +00:00 · 2021-06-05 19:06:41 +05:30 · 2021-06-05 19:06:41 +05:30 · de845739ec
commit de845739ec
parent 6381625b8a
9 changed files with 182 additions and 176 deletions
--- a/conf/defconf-minimal.txt
+++ b/conf/defconf-minimal.txt
@ -44,7 +44,7 @@ stuff_arch_sdk="
 ";
 stuff_util="
-  /util/funcs.txt
+  /util/func-defconf.sh
 ";
 stuff_other="
@ -160,8 +160,8 @@ post_build_actions() {
 pre_install_actions() {
-  unzip -o "$zipfile" "util/funcs.txt" -d "$filedir/";
+  unzip -o "$zipfile" "util/func-defconf.sh" -d "$filedir/";
-  . "$filedir/util/funcs.txt";
+  . "$filedir/util/func-defconf.sh";
  user_conf;
  microg_cleanup;
  return 0;
--- a/conf/defconf-minimaliap.txt
+++ b/conf/defconf-minimaliap.txt
@ -48,7 +48,7 @@ stuff_arch_sdk="
 ";
 stuff_util="
-  /util/funcs.txt
+  /util/func-defconf.sh
 ";
 stuff_other="
@ -160,8 +160,8 @@ post_build_actions() {
 pre_install_actions() {
-  unzip -o "$zipfile" "util/funcs.txt" -d "$filedir/";
+  unzip -o "$zipfile" "util/func-defconf.sh" -d "$filedir/";
-  . "$filedir/util/funcs.txt";
+  . "$filedir/util/func-defconf.sh";
  user_conf;
  microg_cleanup;
  return 0;
--- a/conf/defconf-nogoolag.txt
+++ b/conf/defconf-nogoolag.txt
@ -54,7 +54,7 @@ stuff_arch_sdk="
 ";
 stuff_util="
-  /util/funcs.txt
+  /util/func-defconf.sh
 ";
 stuff_other="
@ -169,8 +169,8 @@ post_build_actions() {
 pre_install_actions() {
-  unzip -o "$zipfile" "util/funcs.txt" -d "$filedir/";
+  unzip -o "$zipfile" "util/func-defconf.sh" -d "$filedir/";
-  . "$filedir/util/funcs.txt";
+  . "$filedir/util/func-defconf.sh";
  user_conf;
  microg_cleanup;
  return 0;
--- a/conf/defconf-standard.txt
+++ b/conf/defconf-standard.txt
@ -66,7 +66,7 @@ stuff_arch_sdk="
 ";
 stuff_util="
-  /util/funcs.txt
+  /util/func-defconf.sh
 ";
 stuff_other="
@ -175,8 +175,8 @@ post_build_actions() {
 pre_install_actions() {
-  unzip -o "$zipfile" "util/funcs.txt" -d "$filedir/";
+  unzip -o "$zipfile" "util/func-defconf.sh" -d "$filedir/";
-  . "$filedir/util/funcs.txt";
+  . "$filedir/util/func-defconf.sh";
  user_conf;
  microg_cleanup;
  return 0;
--- a/conf/defconf-unlp.txt
+++ b/conf/defconf-unlp.txt
@ -44,7 +44,7 @@ stuff_arch_sdk="
 ";
 stuff_util="
-  /util/funcs.txt
+  /util/func-defconf.sh
 ";
 stuff_other="
@ -143,8 +143,8 @@ post_build_actions() {
 pre_install_actions() {
-  unzip -o "$zipfile" "util/funcs.txt" -d "$filedir/";
+  unzip -o "$zipfile" "util/func-defconf.sh" -d "$filedir/";
-  . "$filedir/util/funcs.txt";
+  . "$filedir/util/func-defconf.sh";
  user_conf;
  microg_cleanup;
  return 0;
--- a/conf/resdl-download.txt
+++ b/conf/resdl-download.txt
@ -62,6 +62,7 @@ stuff_download="
 pre_update_actions() {
  . "$resdir/util/func-resdl.sh";
  return 0;
 }
@ -75,163 +76,3 @@ post_update_actions() {
  return 0;
 }
 unzipmaps() {
  mapsfile="system/framework/com.google.android.maps";
  [ -f "$resdldir/$mapsfile.zip" ] || return 0;
  echo " ";
  echo " - Unzipping maps JAR...";
  rm -rf "$resdldir/$mapsfile.jar";
  unzip -oq -j "$resdldir/$mapsfile.zip" "$mapsfile.jar" -d "$resdldir/$(dirname "$mapsfile")/";
  rm -rf "$resdldir/$mapsfile.zip";
 }
 updatedelta() {
  newlog=""
  oldlogs=""
  for log in $(ls -td "$reldir"/update-*.log); do
    [ "$(basename "$log")" = "update-$updatetime.log" ] && newlog="$(basename "$log")" || oldlogs="$oldlogs $(basename "$log")";
  done;
  [ "$newlog" ] && [ "$oldlogs" ] || return 0;
  echo " ";
  echo " - Checking resdl delta between updates...";
  for entry in $(grep -oE "FILE: [^,;]*" "$reldir/$newlog" | cut -d" " -f2); do
    line="$(grep "FILE: $entry," "$reldir/$newlog")";
    file="$entry";
    url="$(echo "$line" | grep -oE "URL: [^,;]*" | cut -d" " -f2)";
    oldurl="";
    for log in $oldlogs; do
      oldurl="$(grep "FILE: $file," "$reldir/$log" | grep -oE "URL: [^,;]*" | cut -d" " -f2)";
      [ "$oldurl" ] && break;
    done;
    [ "$oldurl" ] || oldurl="None";
    [ "$url" = "$oldurl" ] && continue;
    echo " -- Updated file: $file"
    echo "   ++ Old URL: $oldurl"
    echo "   ++ New URL: $url"
    echo "   ++ Old name: $(basename "$oldurl")"
    echo "   ++ New name: $(basename "$url")"
  done;
 }
 verifycerts() {
  [ "$stuff_repo" ] || echo "$stuff_download" | grep -qE "^[ ]*[^ ]+.apk[ ]+" || return 0;
  [ "$(which jarsigner)" ] && [ "$(which openssl)" ] || {
    echo " ";
    echo " !! Not checking certificates (missing jarsigner or openssl)";
    return 0;
  }
  certdir="$resdldir/util/certs";
  echo " ";
  echo " - Checking certs for repos...";
  for repo in $(echo "$stuff_repo" | select_word 1); do
    [ -f "$tmpdir/repos/$repo.jar" ] || continue;
    certobject="repo/$repo.cer";
    unzip -l "$tmpdir/repos/$repo.jar" "META-INF/*" | grep -q "META-INF/.*.RSA" && jarsigner -verify "$tmpdir/repos/$repo.jar" > /dev/null || {
      echo "  !! Verification failed for repo ($repo)";
      continue;
    }
    [ -f "$certdir/$certobject" ] || {
      echo "  -- Adding cert for new repo ($repo)";
      mkdir -p "$certdir/$(dirname "$certobject")";
      unzip -p "$tmpdir/repos/$repo.jar" "META-INF/*.RSA" | openssl pkcs7 -inform der -print_certs > "$certdir/$certobject";
      continue;
    }
    unzip -p "$tmpdir/repos/$repo.jar" "META-INF/*.RSA" | openssl pkcs7 -inform der -print_certs > "$tmpdir/tmp.cer";
    [ "$(diff -w "$tmpdir/tmp.cer" "$certdir/$certobject")" ] && {
      echo "  !! Cert mismatch for repo ($repo)";
      cp -f "$tmpdir/tmp.cer" "$certdir/$certobject.new";
    }
  done;
  echo " ";
  echo " - Checking certs for APKs...";
  for object in $(echo "$stuff_download" | grep -E "^[ ]*[^ ]+.apk[ ]+" | select_word 1); do
    [ -f "$resdldir/$object" ] || continue;
    certobject="$(dirname "$object")/$(basename "$object" .apk).cer";
    unzip -l "$resdldir/$object" "META-INF/*" | grep -q "META-INF/.*.RSA" && jarsigner -verify "$resdldir/$object" > /dev/null || {
      echo "  !! Verification failed for APK ($object)";
      continue;
    }
    [ -f "$certdir/$certobject" ] || {
      echo "  -- Adding cert for new APK ($object)";
      mkdir -p "$certdir/$(dirname "$certobject")";
      unzip -p "$resdldir/$object" "META-INF/*.RSA" | openssl pkcs7 -inform der -print_certs > "$certdir/$certobject";
      continue;
    }
    unzip -p "$resdldir/$object" "META-INF/*.RSA" | openssl pkcs7 -inform der -print_certs > "$tmpdir/tmp.cer";
    [ "$(diff -w "$tmpdir/tmp.cer" "$certdir/$certobject")" ] && {
      echo "  !! Cert mismatch for APK ($object)";
      cp -f "$tmpdir/tmp.cer" "$certdir/$certobject.new";
    }
  done;
 }
 checkwhitelist() {
  echo "$stuff_download" | grep -qE "^[ ]*/system/priv-app/[^ ]+.apk[ ]+" || return 0;
  [ "$(which aapt)" ] || {
    echo " ";
    echo " !! Not checking privperms (missing aapt)";
    return 0;
  }
  privpermlist="util/privperms.lst";
  privpermurl="https://developer.android.com/reference/android/Manifest.permission";
  echo " ";
  echo " - Getting priv-app permissions...";
  curl -L "$privpermurl" -o "$tmpdir/tmppage" || { echo "ERROR: Android permission docpage failed to download"; return 1; }
  lines="$(grep -nE "<!-- [=]* [A-Z ]* [=]* -->" "$tmpdir/tmppage" | grep -A1 "ENUM CONSTANTS DETAIL" | sed "s|:| |g" | select_word 1)";
  for line in $lines; do
    [ "$startline" ] && endline="$line" || startline="$line";
  done;
  cat "$tmpdir/tmppage" | head -n"$endline" | tail -n+"$startline" | tr -d "\n" | sed "s|<div data|\n|g" | grep -E -e "Protection level: [a-z|]*privileged" -e "Not for use by third-party applications" | grep -oE "android.permission.[A-Z_]*" > "$tmpdir/tmplist";
  echo "android.permission.FAKE_PACKAGE_SIGNATURE" >> "$tmpdir/tmplist";
  cat "$resdldir/$privpermlist" "$tmpdir/tmplist" 2>/dev/null | sort -u > "$tmpdir/sortedlist";
  mkdir -p "$resdldir/$(dirname "$privpermlist")"
  mv -f "$tmpdir/sortedlist" "$resdldir/$privpermlist";
  echo " ";
  echo " - Checking priv-app permissions...";
  for object in $(echo "$stuff_download" | grep -E "^[ ]*/system/priv-app/[^ ]+.apk[ ]+" | select_word 1); do
    [ -f "$resdldir/$object" ] || { echo "ERROR: Privapp $object not found"; continue; }
    privperms="";
    privapppackage="$(aapt dump badging "$resdldir/$object" | grep -oE "package: name=[^ ]*" | sed "s|'| |g" | select_word 3)"
    privappperms="$(aapt dump permissions "$resdldir/$object" | grep -oE "uses-permission: name=[^ ]*" | sed "s|'| |g" | select_word 3 | sort -u)";
    for privperm in in $privappperms; do
      grep -q "^$privperm$" "$resdldir/$privpermlist" || continue;
      grep -q "name=\"$privperm\"" "$resdir/system/etc/permissions/$privapppackage.xml" 2>/dev/null && continue;
      privperms="$privperm $privperms";
    done;
    [ "$privperms" ] || continue;
    echo " ";
    echo " -- File: $object";
    echo " -- Package: $privapppackage";
    for permentry in $privperms; do
      echo "   ++ Needs whitelisting perm $permentry";
    done;
  done;
 }
--- a/res/util/func-defconf.sh
+++ b/res/util/func-defconf.sh
--- a/res/util/func-resdl.sh
+++ b/res/util/func-resdl.sh
@ -0,0 +1,165 @@
 # Functions for use by resdl updater
 # Extract maps jar from release zip
 unzipmaps() {
  mapsfile="system/framework/com.google.android.maps";
  [ -f "$resdldir/$mapsfile.zip" ] || return 0;
  echo " ";
  echo " - Unzipping maps JAR...";
  rm -rf "$resdldir/$mapsfile.jar";
  unzip -oq -j "$resdldir/$mapsfile.zip" "$mapsfile.jar" -d "$resdldir/$(dirname "$mapsfile")/";
  rm -rf "$resdldir/$mapsfile.zip";
 }
 # Get update delta
 updatedelta() {
  newlog=""
  oldlogs=""
  for log in $(ls -td "$reldir"/update-*.log); do
    [ "$(basename "$log")" = "update-$updatetime.log" ] && newlog="$(basename "$log")" || oldlogs="$oldlogs $(basename "$log")";
  done;
  [ "$newlog" ] && [ "$oldlogs" ] || return 0;
  echo " ";
  echo " - Checking resdl delta between updates...";
  for entry in $(grep -oE "FILE: [^,;]*" "$reldir/$newlog" | cut -d" " -f2); do
    line="$(grep "FILE: $entry," "$reldir/$newlog")";
    file="$entry";
    url="$(echo "$line" | grep -oE "URL: [^,;]*" | cut -d" " -f2)";
    oldurl="";
    for log in $oldlogs; do
      oldurl="$(grep "FILE: $file," "$reldir/$log" | grep -oE "URL: [^,;]*" | cut -d" " -f2)";
      [ "$oldurl" ] && break;
    done;
    [ "$oldurl" ] || oldurl="None";
    [ "$url" = "$oldurl" ] && continue;
    echo " -- Updated file: $file"
    echo "   ++ Old URL: $oldurl"
    echo "   ++ New URL: $url"
    echo "   ++ Old name: $(basename "$oldurl")"
    echo "   ++ New name: $(basename "$url")"
  done;
 }
 # Verify signatures of JARs and APKs
 verifycerts() {
  [ "$stuff_repo" ] || echo "$stuff_download" | grep -qE "^[ ]*[^ ]+.apk[ ]+" || return 0;
  [ "$(which jarsigner)" ] && [ "$(which openssl)" ] || {
    echo " ";
    echo " !! Not checking certificates (missing jarsigner or openssl)";
    return 0;
  }
  certdir="$resdldir/util/certs";
  echo " ";
  echo " - Checking certs for repos...";
  for repo in $(echo "$stuff_repo" | select_word 1); do
    [ -f "$tmpdir/repos/$repo.jar" ] || continue;
    certobject="repo/$repo.cer";
    unzip -l "$tmpdir/repos/$repo.jar" "META-INF/*" | grep -q "META-INF/.*.RSA" && jarsigner -verify "$tmpdir/repos/$repo.jar" > /dev/null || {
      echo "  !! Verification failed for repo ($repo)";
      continue;
    }
    [ -f "$certdir/$certobject" ] || {
      echo "  -- Adding cert for new repo ($repo)";
      mkdir -p "$certdir/$(dirname "$certobject")";
      unzip -p "$tmpdir/repos/$repo.jar" "META-INF/*.RSA" | openssl pkcs7 -inform der -print_certs > "$certdir/$certobject";
      continue;
    }
    unzip -p "$tmpdir/repos/$repo.jar" "META-INF/*.RSA" | openssl pkcs7 -inform der -print_certs > "$tmpdir/tmp.cer";
    [ "$(diff -w "$tmpdir/tmp.cer" "$certdir/$certobject")" ] && {
      echo "  !! Cert mismatch for repo ($repo)";
      cp -f "$tmpdir/tmp.cer" "$certdir/$certobject.new";
    }
  done;
  echo " ";
  echo " - Checking certs for APKs...";
  for object in $(echo "$stuff_download" | grep -E "^[ ]*[^ ]+.apk[ ]+" | select_word 1); do
    [ -f "$resdldir/$object" ] || continue;
    certobject="$(dirname "$object")/$(basename "$object" .apk).cer";
    unzip -l "$resdldir/$object" "META-INF/*" | grep -q "META-INF/.*.RSA" && jarsigner -verify "$resdldir/$object" > /dev/null || {
      echo "  !! Verification failed for APK ($object)";
      continue;
    }
    [ -f "$certdir/$certobject" ] || {
      echo "  -- Adding cert for new APK ($object)";
      mkdir -p "$certdir/$(dirname "$certobject")";
      unzip -p "$resdldir/$object" "META-INF/*.RSA" | openssl pkcs7 -inform der -print_certs > "$certdir/$certobject";
      continue;
    }
    unzip -p "$resdldir/$object" "META-INF/*.RSA" | openssl pkcs7 -inform der -print_certs > "$tmpdir/tmp.cer";
    [ "$(diff -w "$tmpdir/tmp.cer" "$certdir/$certobject")" ] && {
      echo "  !! Cert mismatch for APK ($object)";
      cp -f "$tmpdir/tmp.cer" "$certdir/$certobject.new";
    }
  done;
 }
 # Check for needed priv-perm whitelists
 checkwhitelist() {
  echo "$stuff_download" | grep -qE "^[ ]*/system/priv-app/[^ ]+.apk[ ]+" || return 0;
  [ "$(which aapt)" ] || {
    echo " ";
    echo " !! Not checking privperms (missing aapt)";
    return 0;
  }
  privpermlist="util/privperms.lst";
  privpermurl="https://developer.android.com/reference/android/Manifest.permission";
  echo " ";
  echo " - Getting priv-app permissions...";
  curl -L "$privpermurl" -o "$tmpdir/tmppage" || { echo "ERROR: Android permission docpage failed to download"; return 1; }
  lines="$(grep -nE "<!-- [=]* [A-Z ]* [=]* -->" "$tmpdir/tmppage" | grep -A1 "ENUM CONSTANTS DETAIL" | sed "s|:| |g" | select_word 1)";
  for line in $lines; do
    [ "$startline" ] && endline="$line" || startline="$line";
  done;
  cat "$tmpdir/tmppage" | head -n"$endline" | tail -n+"$startline" | tr -d "\n" | sed "s|<div data|\n|g" | grep -E -e "Protection level: [a-z|]*privileged" -e "Not for use by third-party applications" | grep -oE "android.permission.[A-Z_]*" > "$tmpdir/tmplist";
  echo "android.permission.FAKE_PACKAGE_SIGNATURE" >> "$tmpdir/tmplist";
  cat "$resdldir/$privpermlist" "$tmpdir/tmplist" 2>/dev/null | sort -u > "$tmpdir/sortedlist";
  mkdir -p "$resdldir/$(dirname "$privpermlist")"
  mv -f "$tmpdir/sortedlist" "$resdldir/$privpermlist";
  echo " ";
  echo " - Checking priv-app permissions...";
  for object in $(echo "$stuff_download" | grep -E "^[ ]*/system/priv-app/[^ ]+.apk[ ]+" | select_word 1); do
    [ -f "$resdldir/$object" ] || { echo "ERROR: Privapp $object not found"; continue; }
    privperms="";
    privapppackage="$(aapt dump badging "$resdldir/$object" | grep -oE "package: name=[^ ]*" | sed "s|'| |g" | select_word 3)"
    privappperms="$(aapt dump permissions "$resdldir/$object" | grep -oE "uses-permission: name=[^ ]*" | sed "s|'| |g" | select_word 3 | sort -u)";
    for privperm in in $privappperms; do
      grep -q "^$privperm$" "$resdldir/$privpermlist" || continue;
      grep -q "name=\"$privperm\"" "$resdir/system/etc/permissions/$privapppackage.xml" 2>/dev/null && continue;
      privperms="$privperm $privperms";
    done;
    [ "$privperms" ] || continue;
    echo " ";
    echo " -- File: $object";
    echo " -- Package: $privapppackage";
    for permentry in $privperms; do
      echo "   ++ Needs whitelisting perm $permentry";
    done;
  done;
 }
--- a/test.sh
+++ b/test.sh
@ -38,4 +38,4 @@ done;
  # Can't add directives because it's all dynamic
 echo " ";
-shellcheck -s sh -e 1087,1090,2034,2154 "$@" -- ./src/META-INF/com/google/android/update-binary ./build.sh ./test.sh ./update.sh ./conf/*.txt;
+shellcheck -s sh -e 1087,1090,2034,2154 "$@" -- ./src/META-INF/com/google/android/update-binary ./build.sh ./test.sh ./update.sh ./conf/*.txt ./res/util/*.sh;