Add ssh key to sourcetree5/17/2023 ![]() ![]() The 13 branch is the main development branch of GrapheneOS. It's easier to port between stable tags that are known to work properly than dealing with a moving target. You likely want to use the most recent stable tag, not the development branch, even for developing a feature. Since this is syncing the sources for the entire operating system and application layer, it will use a lot of bandwidth and storage space. The signify tool (with the proper naming) is also required for signing factory images zips. ncurses5 (provided by the source tree for some tools but not others)Īdditional dependencies for extracting vendor files with adevtool:Īdditional Vanadium (Chromium) build dependencies not provided by the source tree:.freetype2, fontconfig and any OpenType/TrueType font (such as DejaVu but anything works) for OpenJDK despite it being a headless variant without GUI support.The process of moving to a fully self-contained build process with minimal external dependencies is gradual and there are still dependencies that need to be installed on the host system.Īdditional Android Open Source Project build dependencies not provided by the source tree: It runs the build process within a loose sandbox to avoid accidental dependencies on the host system. These prebuilt tools have reproducible builds themselves. To accomplish this, it provides a prebuilt toolchain and other utilities fulfilling most of the build dependency requirements itself. The Android Open Source Project build system is designed to provide reliable and reproducible builds. The self-updating variant avoids dealing with out-of-date distribution packages and depends on GPG to verify updates. You can either obtain repo as a distribution package or the self-updating standalone version from the Android Open Source Project. 100GiB+ of additional free storage space for a typical build of the entire OS for a multiarch device.Linking Vanadium (Chromium) and the Linux kernel with LTO + CFI are the most memory demanding tasks. Link-Time Optimization (LTO) creates huge peaks during linking and is mandatory for Control Flow Integrity (CFI). ![]() 136GiB+ storage for a standard sync with history, 90GiB+ storage for a lightweight sync.Build dependenciesĪrch Linux, Debian bullseye, Ubuntu 22.10 and Ubuntu 22.04 LTS are the officially supported operating systems for building GrapheneOS.ĭependencies for fetching and verifying the sources: For example, various security features in the kernel including type-based Control Flow Integrity (CFI) and the shadow call stack are currently specific to the kernels for these devices. Pixel targets have a lot of device-specific hardening in the AOSP base along with some in GrapheneOS which needs to be ported over too. Shipping all of this is necessary for full security updates and is tied to enabling verified boot / attestation. Other than some special cases like the emulator, the generic targets rely on the device support code present on the device. Providing proper support for a device or generic device family requires providing an up-to-date kernel and device support code including driver libraries, firmware and device SELinux policy extensions. These targets don't receive full monthly security updates, don't offer all of the baseline security features and are intended for development usage. These generic targets can be used with the emulator along with many smartphones, tablets and other devices. We recommend using the sdk_phone_x86_64 target in either the userdebug or eng variant for most development work. These targets don't receive full monthly security updates, don't provide all of the baseline security features and are intended for development usage. These are extended versions of the generic targets with extra components for the SDK. The best development devices are the Pixel 6 and 7 series. It's not possible to work on everything via past generation devices. Newer generation devices have stronger hardware / firmware security and hardware-based OS security features and are better development devices for that reason. ![]() A fully signed user build for these devices is a proper GrapheneOS release. These are all fully supported production-ready targets supporting all the baseline security features and receiving full monthly security updates covering all firmware, kernel drivers, driver libraries / services and other device-specific code.
0 Comments
Leave a Reply. |