From 189d39ea09d3a5bd30cfddc9dd0cbb4dbfe6bb5c Mon Sep 17 00:00:00 2001 From: GrapheneOS Date: Tue, 9 Jul 2024 22:05:28 -0400 Subject: [PATCH 01/41] Positon location service --- generate-sitemap | 1 + static/articles/positon-location-service.html | 89 +++++++++++++++++++ 2 files changed, 90 insertions(+) create mode 100644 static/articles/positon-location-service.html diff --git a/generate-sitemap b/generate-sitemap index 449f3c5f0..d1b2fab2a 100755 --- a/generate-sitemap +++ b/generate-sitemap @@ -13,6 +13,7 @@ pages = [ ["/articles/", 0.5], ["/articles/attestation-compatibility-guide", 0.5], ["/articles/grapheneos-servers", 0.1], + ["/articles/positon-location-service", 0.5], ["/articles/server-traffic-shaping", 0.5], ["/articles/sitewide-advertising-industry-opt-out", 0.5], ["/build", 0.5], diff --git a/static/articles/positon-location-service.html b/static/articles/positon-location-service.html new file mode 100644 index 000000000..bb1902644 --- /dev/null +++ b/static/articles/positon-location-service.html @@ -0,0 +1,89 @@ + + + + + Positon location service | Articles | GrapheneOS + + + + + + + + + + + + + + + + + + + + + + [[css|/main.css]] + + + + + + {% include "header.html" %} +
+

Positon location service

+ +

The Positon location service is a proprietary and highly privacy invasive service + created by developers tied to /e/OS with their funding. There's a deliberate effort to + hide that it's tied to them in order to convince other projects to adopt it, as opposed + to using the similar service they host for /e/OS itself. Using the service requires + uploading sensitive location data to obtain location estimates, similar to the Apple and + Google location services. As with the Apple and Google services, it's a centralized + proprietary service with fully proprietary data. Unlike those services, the people + behind it have a history of publishing notoriously insecure software such as the /e/OS + operating system itself which massively rolls back standard security, lags years behind + on security updates and covers all of that up. They blatantly scam their users with + false privacy/security claims for /e/OS, and nothing different should be expected from a + location service from the same group of people. Multiple people involved in it are also + actively participating in harassment targeting privacy/security researchers and + engineers including but not limited to GrapheneOS team members.

+ +

The people behind the Positon location service have repeatedly talked about the + importance they see in centralizing the whole open source community around using their + service while locking out alternatives to it through proprietary data. They have spread + fear, uncertainty and doubt about making services using open mapping data through + claiming that it's a privacy hazard for people to have access to maps of Wi-Fi networks + publicly broadcasting their SSID despite that data already being available through many + commercial providers including publicly queryable databases such as Wigle. Anyone can + drive around building these maps and many companies have already built them, with the + data available for sale, as Positon shows with them obtaining access to it. The real + privacy hazard is sending your location in real time to a service, particularly a poorly + secured one from people known to cover up and downplay vulnerabilities. Positon has been + built to grab as much market share as possible early on before actual open options can + emerge and gather the necessary data such as beacondb.

+ +

The people involved in Positon have only ever cared about their careers, power and + influence. They've consistently been on a side against real privacy and security, but + rather focused on monetizing people's demand for it and grabbing as much market share as + they can as quickly as they can with endless false marketing and attacks on projects + like GrapheneOS. They see GrapheneOS as a huge threat to them due to us striving to + bring people real privacy and security at no cost, which is far easier to obtain and + use. This invalidates the business model of their companies like Murena. They + consistently use their non-profits mainly as a way to earn money and promote their + for-profit initiatives.

+ +

The service claims to be free of charge, but a core goal is turning it into a way to + get data from users to build their own database that's largely not going to be available + for use by others. Using it is helping them build a future business at the expense of + user privacy, little different from the Apple and Google services. This is not what the + open source community needs from a location service. The claims of no strings attached + and the implication that it's open are nonsense. Storing as little data as possible + would mean using local database for the region, not a network-based service. They're + opposed to doing a local service well rather than it being their long term goal. They + explicitly aim to lock out other alternatives and deter local location detection via + Wi-Fi.

+
+ {% include "footer.html" %} + + From 57298f055925ad699a350eeb1aaf6c395f53b13f Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Tue, 9 Jul 2024 23:45:17 -0400 Subject: [PATCH 02/41] use proper case for BeaconDB --- static/articles/positon-location-service.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/static/articles/positon-location-service.html b/static/articles/positon-location-service.html index bb1902644..e43c735dc 100644 --- a/static/articles/positon-location-service.html +++ b/static/articles/positon-location-service.html @@ -61,7 +61,7 @@

Positon location service

privacy hazard is sending your location in real time to a service, particularly a poorly secured one from people known to cover up and downplay vulnerabilities. Positon has been built to grab as much market share as possible early on before actual open options can - emerge and gather the necessary data such as beacondb.

+ emerge and gather the necessary data such as BeaconDB.

The people involved in Positon have only ever cared about their careers, power and influence. They've consistently been on a side against real privacy and security, but From 6d77b1fe8c39ad77dcdfb200cd791165b9f0fe1e Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Tue, 9 Jul 2024 23:15:06 -0400 Subject: [PATCH 03/41] publish new release notes --- static/releases.html | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/static/releases.html b/static/releases.html index debb9e691..2794374a7 100644 --- a/static/releases.html +++ b/static/releases.html @@ -91,7 +91,7 @@

Table of contents

  • Changelog - -->

    2024070201

    From 639fb04304e815c97503a2974bef6db28af2d4de Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Wed, 10 Jul 2024 00:14:05 -0400 Subject: [PATCH 04/41] remove all but 1st note about ESR 14 QPR3 port --- static/releases.html | 42 ------------------------------------------ 1 file changed, 42 deletions(-) diff --git a/static/releases.html b/static/releases.html index 2794374a7..4516eb6cf 100644 --- a/static/releases.html +++ b/static/releases.html @@ -819,13 +819,6 @@

    2024070900

    2024070201

    -

    Since Android 14 QPR3 is a major release, the end-of-life Pixel 4a (5G) and - Pixel 5 receiving extended support releases from GrapheneOS will need to be - ported to it with additional work in a future release, which is done as a low - priority. Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used - anymore due to lack of security patches for firmware and drivers. We provide - extended support for harm reduction.

    -

    Tags:

    • 2024070201 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)
      • @@ -857,13 +850,6 @@

      2024070200

      stock Pixel OS will be available later today and we'll quickly release an update based on it following this one.

      -

      Since Android 14 QPR3 is a major release, the end-of-life Pixel 4a (5G) and - Pixel 5 receiving extended support releases from GrapheneOS will need to be - ported to it with additional work in a future release, which is done as a low - priority. Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used - anymore due to lack of security patches for firmware and drivers. We provide - extended support for harm reduction.

      -

      Tags:

      • 2024070200 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)
        • @@ -883,13 +869,6 @@

        2024070200

        2024062700

        -

        Since Android 14 QPR3 is a major release, the end-of-life Pixel 4a (5G) and - Pixel 5 receiving extended support releases from GrapheneOS will need to be - ported to it with additional work in a future release, which is done as a low - priority. Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used - anymore due to lack of security patches for firmware and drivers. We provide - extended support for harm reduction.

        -

        Tags:

        • 2024062700 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)
          • @@ -914,13 +893,6 @@

          2024062700

          2024062000

          -

          Since Android 14 QPR3 is a major release, the end-of-life Pixel 4a (5G) and - Pixel 5 receiving extended support releases from GrapheneOS will need to be - ported to it with additional work in a future release, which is done as a low - priority. Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used - anymore due to lack of security patches for firmware and drivers. We provide - extended support for harm reduction.

          -

          Tags:

          • 2024062000 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)
            • @@ -955,13 +927,6 @@

            2024062000

            2024061400

            -

            Since Android 14 QPR3 is a major release, the end-of-life Pixel 4a (5G) and - Pixel 5 receiving extended support releases from GrapheneOS will need to be - ported to it with additional work in a future release, which is done as a low - priority. Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used - anymore due to lack of security patches for firmware and drivers. We provide - extended support for harm reduction.

            -

            Tags:

            • 2024061400 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)
              • @@ -984,13 +949,6 @@

              2024061300

              quick follow-up release fixing the Bluetooth regression and other issues discovered during public Alpha and Beta testing.

              -

              Since Android 14 QPR3 is a major release, the end-of-life Pixel 4a (5G) and - Pixel 5 receiving extended support releases from GrapheneOS will need to be - ported to it with additional work in a future release, which is done as a low - priority. Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used - anymore due to lack of security patches for firmware and drivers. We provide - extended support for harm reduction.

              -

              Tags:

              • 2024061300 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)
                • From cfa91b2ba9d3150496051bb2a27e37fd91e33700 Mon Sep 17 00:00:00 2001 From: phmlumin <145246161+phmlumin@users.noreply.github.com> Date: Wed, 10 Jul 2024 23:50:17 +0800 Subject: [PATCH 05/41] update documentation with the new OS update check interval It was increased from 4 hours to 6 hours. --- static/faq.html | 2 +- static/usage.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/static/faq.html b/static/faq.html index 76ba43733..204c9e303 100644 --- a/static/faq.html +++ b/static/faq.html @@ -842,7 +842,7 @@

                What kind of connections do the OS and bundle

                • The GrapheneOS System Updater app fetches update metadata from - https://releases.grapheneos.org/DEVICE-CHANNEL approximately once every four hours + https://releases.grapheneos.org/DEVICE-CHANNEL approximately once every six hours when connected to a permitted network for updates.

                  Once an update is available, it tries to download https://releases.grapheneos.org/DEVICE-incremental-OLD_VERSION-NEW_VERSION.zip diff --git a/static/usage.html b/static/usage.html index 51a06739c..60b0be93f 100644 --- a/static/usage.html +++ b/static/usage.html @@ -396,7 +396,7 @@

                  Auditor

                  Updates

                  The update system implements automatic background updates. It checks for updates - approximately once every four hours when there's network connectivity and then + approximately once every six hours when there's network connectivity and then downloads and installs updates in the background. It will pick up where it left off if downloads are interrupted, so you don't need to worry about interrupting it. Similarly, interrupting the installation isn't a risk because updates are installed to From 7e59a1a88114df28caf67b10b721ad1aadcdf532 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Jul 2024 19:35:57 +0000 Subject: [PATCH 06/41] Bump terser from 5.31.1 to 5.31.2 Bumps [terser](https://github.com/terser/terser) from 5.31.1 to 5.31.2. - [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md) - [Commits](https://github.com/terser/terser/compare/v5.31.1...v5.31.2) --- updated-dependencies: - dependency-name: terser dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index edbd26609..d22ec05f3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "html-minifier-terser": "^7.2.0", "stylelint": "^16.6.1", "stylelint-config-standard": "^36.0.1", - "terser": "^5.31.1", + "terser": "^5.31.2", "vnu-jar": "^23.4.11" } }, @@ -2374,9 +2374,9 @@ "license": "MIT" }, "node_modules/terser": { - "version": "5.31.1", - "resolved": "https://registry.npmjs.org/terser/-/terser-5.31.1.tgz", - "integrity": "sha512-37upzU1+viGvuFtBo9NPufCb9dwM0+l9hMxYyWfBA+fbwrPqNJAhbZ6W47bBFnZHKHTUBnMvi87434qq+qnxOg==", + "version": "5.31.2", + "resolved": "https://registry.npmjs.org/terser/-/terser-5.31.2.tgz", + "integrity": "sha512-LGyRZVFm/QElZHy/CPr/O4eNZOZIzsrQ92y4v9UJe/pFJjypje2yI3C2FmPtvUEnhadlSbmG2nXtdcjHOjCfxw==", "dependencies": { "@jridgewell/source-map": "^0.3.3", "acorn": "^8.8.2", diff --git a/package.json b/package.json index 16f0e06a2..270566c76 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "html-minifier-terser": "^7.2.0", "stylelint": "^16.6.1", "stylelint-config-standard": "^36.0.1", - "terser": "^5.31.1", + "terser": "^5.31.2", "vnu-jar": "^23.4.11" }, "type": "module" From 0bfedaf4dddf37a8d12755a2da3625aa0853d812 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Wed, 10 Jul 2024 16:22:01 -0400 Subject: [PATCH 07/41] TalkBack updates --- static/releases.html | 3 +++ 1 file changed, 3 insertions(+) diff --git a/static/releases.html b/static/releases.html index 4516eb6cf..3220acd78 100644 --- a/static/releases.html +++ b/static/releases.html @@ -785,6 +785,9 @@

                  2024070900

                  Changes since the 2024070900 release:

                    +
                  • TalkBack (screen reader): update dependencies
                    • +
                  • TalkBack (screen reader): remove more unused resources
                    • +
                  • TalkBack (screen reader): drop 32-bit OS support

            --> From ebabd40434658db91c8948a1f8d3483280504d2b Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Thu, 11 Jul 2024 17:39:09 -0400 Subject: [PATCH 08/41] 6.6 GKI LTS update --- static/releases.html | 1 + 1 file changed, 1 insertion(+) diff --git a/static/releases.html b/static/releases.html index 3220acd78..9bd7b2fbe 100644 --- a/static/releases.html +++ b/static/releases.html @@ -788,6 +788,7 @@

            2024070900

          • TalkBack (screen reader): update dependencies
          • TalkBack (screen reader): remove more unused resources
          • TalkBack (screen reader): drop 32-bit OS support
            • +
          • kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.38
          --> From 94afeb4bad3746eedbe4fd2924b05efb57f507fb Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Thu, 11 Jul 2024 17:40:12 -0400 Subject: [PATCH 09/41] 5.15 GKI LTS update --- static/releases.html | 1 + 1 file changed, 1 insertion(+) diff --git a/static/releases.html b/static/releases.html index 9bd7b2fbe..b33e9c1b7 100644 --- a/static/releases.html +++ b/static/releases.html @@ -788,6 +788,7 @@

          2024070900

        • TalkBack (screen reader): update dependencies
        • TalkBack (screen reader): remove more unused resources
        • TalkBack (screen reader): drop 32-bit OS support
          • +
        • kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.160
        • kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.38
        From 311c1011c372a717bf54c5c13e4f2db79868cc84 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Thu, 11 Jul 2024 20:00:18 -0400 Subject: [PATCH 10/41] revert 32-bit kernel ABI removal for now --- static/build.html | 8 ++++---- static/releases.html | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/static/build.html b/static/build.html index 528790ee2..5fb58a8ae 100644 --- a/static/build.html +++ b/static/build.html @@ -765,7 +765,7 @@

        7th generation Pixels

        To build the pantah kernel for the Pixel 7 and Pixel 7 Pro:

        - 
        BUILD_AOSP_KERNEL=1 DISABLE_32BIT=1 LTO=full ./build_cloudripper.sh
        + 
        BUILD_AOSP_KERNEL=1 LTO=full ./build_cloudripper.sh

        Replace the files in the OS source tree at device/google/pantah-kernel/ with your build in @@ -780,7 +780,7 @@

        7th generation Pixels

        To build the lynx kernel for the Pixel 7a:

        - 
        BUILD_AOSP_KERNEL=1 DISABLE_32BIT=1 LTO=full ./build_lynx.sh
        + 
        BUILD_AOSP_KERNEL=1 LTO=full ./build_lynx.sh

        Replace the files in the OS source tree at device/google/lynx-kernel/ with your build in @@ -795,7 +795,7 @@

        7th generation Pixels

        To build the tangorpro kernel for the Pixel Tablet:

        - 
        BUILD_AOSP_KERNEL=1 DISABLE_32BIT=1 LTO=full ./build_tangorpro.sh
        + 
        BUILD_AOSP_KERNEL=1 LTO=full ./build_tangorpro.sh

        Replace the files in the OS source tree at device/google/tangorpro-kernel/ with your build in @@ -810,7 +810,7 @@

        7th generation Pixels

        To build the felix kernel for the Pixel Fold:

        - 
        BUILD_AOSP_KERNEL=1 DISABLE_32BIT=1 LTO=full ./build_felix.sh
        + 
        BUILD_AOSP_KERNEL=1 LTO=full ./build_felix.sh

        Replace the files in the OS source tree at device/google/felix-kernel/ with your build in diff --git a/static/releases.html b/static/releases.html index b33e9c1b7..83d8d2d20 100644 --- a/static/releases.html +++ b/static/releases.html @@ -788,6 +788,7 @@

        2024070900

      • TalkBack (screen reader): update dependencies
      • TalkBack (screen reader): remove more unused resources
      • TalkBack (screen reader): drop 32-bit OS support
        • +
      • kernel (Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a): temporarily revert disabling 32-bit ABI support due to some banking apps using a buggy anti-tampering library incorrectly calling 32-bit versions of system calls from 64-bit code even on devices with no 32-bit support in hardware
      • kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.160
      • kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.38
      From 8bc1f0cc2591b9b1187d6c06d39e2e5dfe706387 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Thu, 11 Jul 2024 22:17:52 -0400 Subject: [PATCH 11/41] new build number 2024071200 --- static/releases.html | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/static/releases.html b/static/releases.html index 83d8d2d20..d559483e6 100644 --- a/static/releases.html +++ b/static/releases.html @@ -91,6 +91,7 @@

      Table of contents

    • Changelog
    - -->

    2024070900

    From b212b6a8c52c0102ede473a80ed150eb63ccf2c0 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Thu, 11 Jul 2024 23:09:51 -0400 Subject: [PATCH 14/41] reorder release notes --- static/releases.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/static/releases.html b/static/releases.html index 58b8fd170..473380479 100644 --- a/static/releases.html +++ b/static/releases.html @@ -806,12 +806,12 @@

    2024071200

    Changes since the 2024070900 release:

      -
    • TalkBack (screen reader): update dependencies
      • -
    • TalkBack (screen reader): remove more unused resources
      • -
    • TalkBack (screen reader): drop 32-bit OS support
    • kernel (Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a): temporarily revert disabling 32-bit ABI support due to rare cases of apps using a buggy anti-tampering library incorrectly calling 32-bit versions of system calls from 64-bit code even on devices with no 32-bit support in hardware
    • kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.160
    • kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.38
      • +
    • TalkBack (screen reader): update dependencies
      • +
    • TalkBack (screen reader): remove more unused resources
      • +
    • TalkBack (screen reader): drop 32-bit OS support
    From 993cba286506ad91a129d842f32f4f42ddc122b6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 Jul 2024 19:02:38 +0000 Subject: [PATCH 15/41] Bump stylelint from 16.6.1 to 16.7.0 Bumps [stylelint](https://github.com/stylelint/stylelint) from 16.6.1 to 16.7.0. - [Release notes](https://github.com/stylelint/stylelint/releases) - [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md) - [Commits](https://github.com/stylelint/stylelint/compare/16.6.1...16.7.0) --- updated-dependencies: - dependency-name: stylelint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package-lock.json | 64 +++++++++++++++++++++-------------------------- package.json | 2 +- 2 files changed, 30 insertions(+), 36 deletions(-) diff --git a/package-lock.json b/package-lock.json index d22ec05f3..b1cf351d7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,7 +8,7 @@ "csso-cli": "^4.0.2", "eslint": "^9.6.0", "html-minifier-terser": "^7.2.0", - "stylelint": "^16.6.1", + "stylelint": "^16.7.0", "stylelint-config-standard": "^36.0.1", "terser": "^5.31.2", "vnu-jar": "^23.4.11" @@ -123,9 +123,9 @@ } }, "node_modules/@csstools/css-parser-algorithms": { - "version": "2.6.3", - "resolved": "https://registry.npmjs.org/@csstools/css-parser-algorithms/-/css-parser-algorithms-2.6.3.tgz", - "integrity": "sha512-xI/tL2zxzEbESvnSxwFgwvy5HS00oCXxL4MLs6HUiDcYfwowsoQaABKxUElp1ARITrINzBnsECOc1q0eg2GOrA==", + "version": "2.7.1", + "resolved": "https://registry.npmjs.org/@csstools/css-parser-algorithms/-/css-parser-algorithms-2.7.1.tgz", + "integrity": "sha512-2SJS42gxmACHgikc1WGesXLIT8d/q2l0UFM7TaEeIzdFCE/FPMtTiizcPGGJtlPo2xuQzY09OhrLTzRxqJqwGw==", "funding": [ { "type": "github", @@ -136,18 +136,17 @@ "url": "https://opencollective.com/csstools" } ], - "license": "MIT", "engines": { "node": "^14 || ^16 || >=18" }, "peerDependencies": { - "@csstools/css-tokenizer": "^2.3.1" + "@csstools/css-tokenizer": "^2.4.1" } }, "node_modules/@csstools/css-tokenizer": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/@csstools/css-tokenizer/-/css-tokenizer-2.3.1.tgz", - "integrity": "sha512-iMNHTyxLbBlWIfGtabT157LH9DUx9X8+Y3oymFEuMj8HNc+rpE3dPFGFgHjpKfjeFDjLjYIAIhXPGvS2lKxL9g==", + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/@csstools/css-tokenizer/-/css-tokenizer-2.4.1.tgz", + "integrity": "sha512-eQ9DIktFJBhGjioABJRtUucoWR2mwllurfnM8LuNGAqX3ViZXaUchqk+1s7jjtkFiT9ySdACsFEA3etErkALUg==", "funding": [ { "type": "github", @@ -158,15 +157,14 @@ "url": "https://opencollective.com/csstools" } ], - "license": "MIT", "engines": { "node": "^14 || ^16 || >=18" } }, "node_modules/@csstools/media-query-list-parser": { - "version": "2.1.11", - "resolved": "https://registry.npmjs.org/@csstools/media-query-list-parser/-/media-query-list-parser-2.1.11.tgz", - "integrity": "sha512-uox5MVhvNHqitPP+SynrB1o8oPxPMt2JLgp5ghJOWf54WGQ5OKu47efne49r1SWqs3wRP8xSWjnO9MBKxhB1dA==", + "version": "2.1.13", + "resolved": "https://registry.npmjs.org/@csstools/media-query-list-parser/-/media-query-list-parser-2.1.13.tgz", + "integrity": "sha512-XaHr+16KRU9Gf8XLi3q8kDlI18d5vzKSKCY510Vrtc9iNR0NJzbY9hhTmwhzYZj/ZwGL4VmB3TA9hJW0Um2qFA==", "funding": [ { "type": "github", @@ -177,13 +175,12 @@ "url": "https://opencollective.com/csstools" } ], - "license": "MIT", "engines": { "node": "^14 || ^16 || >=18" }, "peerDependencies": { - "@csstools/css-parser-algorithms": "^2.6.3", - "@csstools/css-tokenizer": "^2.3.1" + "@csstools/css-parser-algorithms": "^2.7.1", + "@csstools/css-tokenizer": "^2.4.1" } }, "node_modules/@csstools/selector-specificity": { @@ -1484,10 +1481,9 @@ } }, "node_modules/known-css-properties": { - "version": "0.31.0", - "resolved": "https://registry.npmjs.org/known-css-properties/-/known-css-properties-0.31.0.tgz", - "integrity": "sha512-sBPIUGTNF0czz0mwGGUoKKJC8Q7On1GPbCSFPfyEsfHb2DyBG0Y4QtV+EVWpINSaiGKZblDNuF5AezxSgOhesQ==", - "license": "MIT" + "version": "0.34.0", + "resolved": "https://registry.npmjs.org/known-css-properties/-/known-css-properties-0.34.0.tgz", + "integrity": "sha512-tBECoUqNFbyAY4RrbqsBQqDFpGXAEbdD5QKr8kACx3+rnArmuuR22nKQWKazvp07N9yjTyDZaw/20UIH8tL9DQ==" }, "node_modules/levn": { "version": "0.4.1", @@ -1798,9 +1794,9 @@ } }, "node_modules/postcss": { - "version": "8.4.38", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz", - "integrity": "sha512-Wglpdk03BSfXkHoQa3b/oulrotAkwrlLDRSOb9D0bN86FdRyE9lppSp33aHNPgBa0JKCoB+drFLZkQoRRYae5A==", + "version": "8.4.39", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.39.tgz", + "integrity": "sha512-0vzE+lAiG7hZl1/9I8yzKLx3aR9Xbof3fBHKunvMfOCYAtMhrsnccJY2iTURb9EZd5+pLuiNV9/c/GZJOHsgIw==", "funding": [ { "type": "opencollective", @@ -1815,10 +1811,9 @@ "url": "https://github.com/sponsors/ai" } ], - "license": "MIT", "dependencies": { "nanoid": "^3.3.7", - "picocolors": "^1.0.0", + "picocolors": "^1.0.1", "source-map-js": "^1.2.0" }, "engines": { @@ -2112,9 +2107,9 @@ } }, "node_modules/stylelint": { - "version": "16.6.1", - "resolved": "https://registry.npmjs.org/stylelint/-/stylelint-16.6.1.tgz", - "integrity": "sha512-yNgz2PqWLkhH2hw6X9AweV9YvoafbAD5ZsFdKN9BvSDVwGvPh+AUIrn7lYwy1S7IHmtFin75LLfX1m0D2tHu8Q==", + "version": "16.7.0", + "resolved": "https://registry.npmjs.org/stylelint/-/stylelint-16.7.0.tgz", + "integrity": "sha512-Q1ATiXlz+wYr37a7TGsfvqYn2nSR3T/isw3IWlZQzFzCNoACHuGBb6xBplZXz56/uDRJHIygxjh7jbV/8isewA==", "funding": [ { "type": "opencollective", @@ -2125,11 +2120,10 @@ "url": "https://github.com/sponsors/stylelint" } ], - "license": "MIT", "dependencies": { - "@csstools/css-parser-algorithms": "^2.6.3", - "@csstools/css-tokenizer": "^2.3.1", - "@csstools/media-query-list-parser": "^2.1.11", + "@csstools/css-parser-algorithms": "^2.7.1", + "@csstools/css-tokenizer": "^2.4.1", + "@csstools/media-query-list-parser": "^2.1.13", "@csstools/selector-specificity": "^3.1.1", "@dual-bundle/import-meta-resolve": "^4.1.0", "balanced-match": "^2.0.0", @@ -2137,7 +2131,7 @@ "cosmiconfig": "^9.0.0", "css-functions-list": "^3.2.2", "css-tree": "^2.3.1", - "debug": "^4.3.4", + "debug": "^4.3.5", "fast-glob": "^3.3.2", "fastest-levenshtein": "^1.0.16", "file-entry-cache": "^9.0.0", @@ -2148,13 +2142,13 @@ "ignore": "^5.3.1", "imurmurhash": "^0.1.4", "is-plain-object": "^5.0.0", - "known-css-properties": "^0.31.0", + "known-css-properties": "^0.34.0", "mathml-tag-names": "^2.1.3", "meow": "^13.2.0", "micromatch": "^4.0.7", "normalize-path": "^3.0.0", "picocolors": "^1.0.1", - "postcss": "^8.4.38", + "postcss": "^8.4.39", "postcss-resolve-nested-selector": "^0.1.1", "postcss-safe-parser": "^7.0.0", "postcss-selector-parser": "^6.1.0", diff --git a/package.json b/package.json index 270566c76..cce4f3f94 100644 --- a/package.json +++ b/package.json @@ -3,7 +3,7 @@ "csso-cli": "^4.0.2", "eslint": "^9.6.0", "html-minifier-terser": "^7.2.0", - "stylelint": "^16.6.1", + "stylelint": "^16.7.0", "stylelint-config-standard": "^36.0.1", "terser": "^5.31.2", "vnu-jar": "^23.4.11" From f6d32808f8486a944691d463356f46cd1c2c0940 Mon Sep 17 00:00:00 2001 From: sandbank52641 <153552626+sandbank52641@users.noreply.github.com> Date: Sun, 14 Jul 2024 17:05:03 +0200 Subject: [PATCH 16/41] use Protobuf library for Python from PyPI Even with fairly up-to-date packages, many Linux distributions have not recent enough Python Protobuf packages. It's better to use the PyPI package, which is published by Google, rather than the distribution packages. Ideally, adevtool could handle this (with pinned package version and hash, and hash-checking), but due to many users encountering this issue, this change should be reasonable for now. --- static/build.html | 34 ++++++++++++++++++++++++++++++++++ static/main.css | 27 +++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) diff --git a/static/build.html b/static/build.html index 5fb58a8ae..ff62d0ec2 100644 --- a/static/build.html +++ b/static/build.html @@ -250,6 +250,7 @@

    Build dependencies

    Additional dependencies for extracting vendor files with adevtool:

      +
    • Optional: venv module for Python 3
    • protobuf library for Python 3
    • Node.js 18 LTS
    • yarn
      • @@ -382,11 +383,44 @@

      Extracting vendor files lunch sdk_phone64_x86_64-ap2a-user m aapt2 +
      +

      Optional

      + +

      Run the following additional commands once to create a working + environment if your Linux distribution (such as Debian bookworm) doesn't + have the Protobuf library for Python 3 package version (5.)27.2 or later. + This installs the latest library version in a Python 3 virtual + environment.

      + + 
      python3 -m venv venv
+source venv/bin/activate
+pip install protobuf
+deactivate
      +
      + +
      +

      Optional

      + +

      If you have installed the Protobuf library in the Python 3 virtual + environment, activate the environment:

      + + 
      source venv/bin/activate
      +
      +

      Download, extract and prepare the vendor files:

      adevtool generate-all -d PIXEL_CODENAME

      Replace PIXEL_CODENAME with Pixel device codename, which is the same as build target name.

      + +
      +

      Optional

      + +

      If you have installed the Protobuf library in the Python 3 virtual + environment, deactivate the environment:

      + + 
      deactivate
      +
      diff --git a/static/main.css b/static/main.css index 80ce0f2e0..28e73dc1a 100644 --- a/static/main.css +++ b/static/main.css @@ -329,6 +329,27 @@ main.normalize { margin: 0; } +.notice { + border-radius: 12px; + border: 1px solid #74777f /* outline */; + background-color: #dae2f9 /* secondary container */; + color: #121c2b /* on secondary container */; + padding: 1em; + margin-block: 1em; +} + +.notice-heading { + margin-block-start: 0; +} + +.notice-heading::before { + content: "ⓘ "; +} + +.notice pre { + margin-block-end: 0; +} + /* latin */ @font-face { font-family: Roboto; @@ -467,4 +488,10 @@ main.normalize { var { color: #ffb4ab; } + + .notice { + border-color: #8e9099 /* outline */; + background-color: #3e4758 /* secondary container */; + color: #dae2f9 /* on secondary container */; + } } From b9e4c4cbd4088a6f591e06696d1c6a9e087641b2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2024 19:03:58 +0000 Subject: [PATCH 17/41] Bump eslint from 9.6.0 to 9.7.0 Bumps [eslint](https://github.com/eslint/eslint) from 9.6.0 to 9.7.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/compare/v9.6.0...v9.7.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package-lock.json | 35 ++++++++++++++++------------------- package.json | 2 +- 2 files changed, 17 insertions(+), 20 deletions(-) diff --git a/package-lock.json b/package-lock.json index b1cf351d7..e1bbe48a6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6,7 +6,7 @@ "": { "dependencies": { "csso-cli": "^4.0.2", - "eslint": "^9.6.0", + "eslint": "^9.7.0", "html-minifier-terser": "^7.2.0", "stylelint": "^16.7.0", "stylelint-config-standard": "^36.0.1", @@ -243,10 +243,9 @@ } }, "node_modules/@eslint-community/regexpp": { - "version": "4.10.0", - "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.10.0.tgz", - "integrity": "sha512-Cu96Sd2By9mCNTx2iyKOmq10v22jUVQv0lQnlGNy16oE9589yE+QADPbrMGCkA51cKZSg3Pu/aTJVTGfL/qjUA==", - "license": "MIT", + "version": "4.11.0", + "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.11.0.tgz", + "integrity": "sha512-G/M/tIiMrTAxEWRfLfQJMmGNX28IxBg4PBz8XqQhqUHLFI6TL2htpIB1iQCj144V5ee/JaKyT9/WZ0MGZWfA7A==", "engines": { "node": "^12.0.0 || ^14.0.0 || >=16.0.0" } @@ -288,9 +287,9 @@ } }, "node_modules/@eslint/js": { - "version": "9.6.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.6.0.tgz", - "integrity": "sha512-D9B0/3vNg44ZeWbYMpBoXqNP4j6eQD5vNwIlGAuFRRzK/WtT/jvDQW3Bi9kkf3PMDMlM7Yi+73VLUsn5bJcl8A==", + "version": "9.7.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.7.0.tgz", + "integrity": "sha512-ChuWDQenef8OSFnvuxv0TCVxEwmu3+hPNKvM9B34qpM0rDRbjL8t5QkQeHHeAfsKQjuH9wS82WeCi1J/owatng==", "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" } @@ -897,15 +896,15 @@ } }, "node_modules/eslint": { - "version": "9.6.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.6.0.tgz", - "integrity": "sha512-ElQkdLMEEqQNM9Njff+2Y4q2afHk7JpkPvrd7Xh7xefwgQynqPxwf55J7di9+MEibWUGdNjFF9ITG9Pck5M84w==", + "version": "9.7.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.7.0.tgz", + "integrity": "sha512-FzJ9D/0nGiCGBf8UXO/IGLTgLVzIxze1zpfA8Ton2mjLovXdAPlYDv+MQDcqj3TmrhAGYfOpz9RfR+ent0AgAw==", "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", - "@eslint-community/regexpp": "^4.6.1", + "@eslint-community/regexpp": "^4.11.0", "@eslint/config-array": "^0.17.0", "@eslint/eslintrc": "^3.1.0", - "@eslint/js": "9.6.0", + "@eslint/js": "9.7.0", "@humanwhocodes/module-importer": "^1.0.1", "@humanwhocodes/retry": "^0.3.0", "@nodelib/fs.walk": "^1.2.8", @@ -914,7 +913,7 @@ "cross-spawn": "^7.0.2", "debug": "^4.3.2", "escape-string-regexp": "^4.0.0", - "eslint-scope": "^8.0.1", + "eslint-scope": "^8.0.2", "eslint-visitor-keys": "^4.0.0", "espree": "^10.1.0", "esquery": "^1.5.0", @@ -947,10 +946,9 @@ } }, "node_modules/eslint-scope": { - "version": "8.0.1", - "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-8.0.1.tgz", - "integrity": "sha512-pL8XjgP4ZOmmwfFE8mEhSxA7ZY4C+LWyqjQ3o4yWkkmD0qcMT9kkW3zWHOczhWcjTSgqycYAgwSlXvZltv65og==", - "license": "BSD-2-Clause", + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-8.0.2.tgz", + "integrity": "sha512-6E4xmrTw5wtxnLA5wYL3WDfhZ/1bUBGOXV0zQvVRDOtrR8D0p6W7fs3JweNYhwRYeGvd/1CKX2se0/2s7Q/nJA==", "dependencies": { "esrecurse": "^4.3.0", "estraverse": "^5.2.0" @@ -1018,7 +1016,6 @@ "version": "4.3.0", "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==", - "license": "BSD-2-Clause", "dependencies": { "estraverse": "^5.2.0" }, diff --git a/package.json b/package.json index cce4f3f94..0c9d16064 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "dependencies": { "csso-cli": "^4.0.2", - "eslint": "^9.6.0", + "eslint": "^9.7.0", "html-minifier-terser": "^7.2.0", "stylelint": "^16.7.0", "stylelint-config-standard": "^36.0.1", From f4ab39c9f65b4b715d2b9bb42a7e5dab78b60654 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Mon, 15 Jul 2024 15:18:39 -0400 Subject: [PATCH 18/41] revert upstream USB change that's causing compatibility issues --- static/releases.html | 1 + 1 file changed, 1 insertion(+) diff --git a/static/releases.html b/static/releases.html index 473380479..a3d675f28 100644 --- a/static/releases.html +++ b/static/releases.html @@ -786,6 +786,7 @@

      2024071200

      Changes since the 2024071200 release:

        +
      • kernel (5.10, 5.15): revert a USB change backported to kernel.org LTS that's causing DisplayPort alternate mode compatibility issues

    --> From acc0a0c77fff611d154137cc7c32a662a05447be Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Mon, 15 Jul 2024 15:26:10 -0400 Subject: [PATCH 19/41] GmsCompatConfig version 123 --- static/releases.html | 1 + 1 file changed, 1 insertion(+) diff --git a/static/releases.html b/static/releases.html index a3d675f28..892686abf 100644 --- a/static/releases.html +++ b/static/releases.html @@ -787,6 +787,7 @@

    2024071200

    • kernel (5.10, 5.15): revert a USB change backported to kernel.org LTS that's causing DisplayPort alternate mode compatibility issues
      • +
    • GmsCompatConfig: update to version 123
    --> From 0c6c5b73be6f3872b44c5685593512468eeb09d2 Mon Sep 17 00:00:00 2001 From: sandbank52641 <153552626+sandbank52641@users.noreply.github.com> Date: Mon, 15 Jul 2024 13:55:31 +0200 Subject: [PATCH 20/41] update Android Studio package --- static/build.html | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/static/build.html b/static/build.html index ff62d0ec2..7a465aba8 100644 --- a/static/build.html +++ b/static/build.html @@ -1149,10 +1149,10 @@

    Android Studio

    copy of it. For example:

    cd ~/android
-curl -O https://dl.google.com/dl/android/studio/ide-zips/2024.1.1.11/android-studio-2024.1.1.11-linux.tar.gz
-echo 'd8fa8ecfe415b44513350901501e2a0f429ca033cf1805054b1c816c4a704565  android-studio-2024.1.1.11-linux.tar.gz' | sha256sum -c
-tar xvf android-studio-2024.1.1.11-linux.tar.gz
-rm android-studio-2024.1.1.11-linux.tar.gz
+curl -O https://dl.google.com/dl/android/studio/ide-zips/2024.1.1.12/android-studio-2024.1.1.12-linux.tar.gz
+echo '42f8bf31ce0d124ddd11195f662a30064d8f9aab206e5e66839e876a6bc6eda2  android-studio-2024.1.1.12-linux.tar.gz' | sha256sum -c
+tar xvf android-studio-2024.1.1.12-linux.tar.gz
+rm android-studio-2024.1.1.12-linux.tar.gz
 mv android-studio studio

    Add the Android Studio executables to your PATH:

    From b6d22068ec11bc652e7b98ed9c4f8afb95b47146 Mon Sep 17 00:00:00 2001 From: sandbank52641 <153552626+sandbank52641@users.noreply.github.com> Date: Sun, 14 Jul 2024 19:36:15 +0200 Subject: [PATCH 21/41] add setup details for Debian bookworm --- static/build.html | 18 ++++++++++++++++++ static/main.css | 27 ++++++++++++++++++++++++++- 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/static/build.html b/static/build.html index 7a465aba8..954bb7089 100644 --- a/static/build.html +++ b/static/build.html @@ -193,6 +193,24 @@

    Build dependencies

    Arch Linux, Debian bookworm, Ubuntu 23.04 and Ubuntu 22.04 LTS are the officially supported operating systems for building GrapheneOS.

    +
    + Set up Debian GNU/Linux 12 (bookworm) + +

    To build GrapheneOS, install the required packages:

    + + 
    apt install repo yarnpkg python3-venv zip rsync
    + +

    Your PATH may not contain directories like + /sbin, and many system administration commands will fail. The + adevtool from GrapheneOS requires the debugfs + binary in /sbin. The simplest workaround is to add these + directories to your PATH environment variable (and apply the + change to your current shell):

    + + 
    echo 'export PATH=$PATH:/sbin:/usr/sbin:/usr/local/sbin' >> ~/.bashrc
+source ~/.bashrc
    +
    +

    Dependencies for fetching and verifying the sources:

      diff --git a/static/main.css b/static/main.css index 28e73dc1a..899a70532 100644 --- a/static/main.css +++ b/static/main.css @@ -350,6 +350,31 @@ main.normalize { margin-block-end: 0; } +details { + border: 1px solid #74777f /* outline */; + border-radius: 12px; + padding: 0.5em 0.5em 0; +} + +summary { + font-weight: bold; + margin: -0.5em -0.5em 0; + padding: 0.5em; +} + +summary:hover { + cursor: pointer; +} + +details[open] { + padding: 0.5em; +} + +details[open] summary { + border-bottom: 1px solid #74777f /* outline */; + margin-bottom: 0.5em; +} + /* latin */ @font-face { font-family: Roboto; @@ -452,7 +477,7 @@ main.normalize { color: #c4c6cf; /* on-surface-variant */ } - pre { + pre, details, details[open] summary { border-color: #8e9099; /* outline */ } From 88a5ad431cd38223df37ba9978b81d6f0c3317ee Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Tue, 16 Jul 2024 11:02:41 -0400 Subject: [PATCH 22/41] avoid race for setting USB port mode --- static/releases.html | 1 + 1 file changed, 1 insertion(+) diff --git a/static/releases.html b/static/releases.html index 892686abf..ecd5b630a 100644 --- a/static/releases.html +++ b/static/releases.html @@ -786,6 +786,7 @@

      2024071200

      Changes since the 2024071200 release:

        +
      • avoid race for setting USB port mode when the lock method is set to none (lockscreen disabled)
      • kernel (5.10, 5.15): revert a USB change backported to kernel.org LTS that's causing DisplayPort alternate mode compatibility issues
      • GmsCompatConfig: update to version 123
      From 706507944d083d73ef596e0fb6f8f571e7e3be90 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Tue, 16 Jul 2024 11:07:48 -0400 Subject: [PATCH 23/41] fix touch to unlock setting with power button fingerprint scanner --- static/releases.html | 1 + 1 file changed, 1 insertion(+) diff --git a/static/releases.html b/static/releases.html index ecd5b630a..0fddcc982 100644 --- a/static/releases.html +++ b/static/releases.html @@ -786,6 +786,7 @@

      2024071200

      Changes since the 2024071200 release:

        +
      • fix touch-to-unlock setting on devices with a power button fingerprint scanner (Pixel Fold, Pixel Tablet) which is normally always active with AOSP
      • avoid race for setting USB port mode when the lock method is set to none (lockscreen disabled)
      • kernel (5.10, 5.15): revert a USB change backported to kernel.org LTS that's causing DisplayPort alternate mode compatibility issues
      • GmsCompatConfig: update to version 123
        • From 014274f14f9e4e5d4f244b1104ac8ca93056ddd8 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Tue, 16 Jul 2024 11:07:59 -0400 Subject: [PATCH 24/41] fix Pixel 8a GNSS configuration --- static/releases.html | 1 + 1 file changed, 1 insertion(+) diff --git a/static/releases.html b/static/releases.html index 0fddcc982..447b0b53d 100644 --- a/static/releases.html +++ b/static/releases.html @@ -789,6 +789,7 @@

        2024071200

      • fix touch-to-unlock setting on devices with a power button fingerprint scanner (Pixel Fold, Pixel Tablet) which is normally always active with AOSP
      • avoid race for setting USB port mode when the lock method is set to none (lockscreen disabled)
      • kernel (5.10, 5.15): revert a USB change backported to kernel.org LTS that's causing DisplayPort alternate mode compatibility issues
        • +
      • Pixel 8a: fix GNSS configuration to avoid crash
      • GmsCompatConfig: update to version 123
      From ddd0f3292bac6cd32208761ed7d85ca72eaa89fe Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Tue, 16 Jul 2024 11:10:57 -0400 Subject: [PATCH 25/41] 6.1 GKI LTS update --- static/releases.html | 1 + 1 file changed, 1 insertion(+) diff --git a/static/releases.html b/static/releases.html index 447b0b53d..88102f912 100644 --- a/static/releases.html +++ b/static/releases.html @@ -790,6 +790,7 @@

      2024071200

    • avoid race for setting USB port mode when the lock method is set to none (lockscreen disabled)
    • kernel (5.10, 5.15): revert a USB change backported to kernel.org LTS that's causing DisplayPort alternate mode compatibility issues
    • Pixel 8a: fix GNSS configuration to avoid crash
      • +
    • kernel (6.1): update to latest GKI LTS branch revision
    • GmsCompatConfig: update to version 123
    From 9c03661da02a4313c60bcb14192623ffa6682d35 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Tue, 16 Jul 2024 11:12:19 -0400 Subject: [PATCH 26/41] 5.15 GKI LTS update --- static/releases.html | 1 + 1 file changed, 1 insertion(+) diff --git a/static/releases.html b/static/releases.html index 88102f912..4f77b059f 100644 --- a/static/releases.html +++ b/static/releases.html @@ -790,6 +790,7 @@

    2024071200

  • avoid race for setting USB port mode when the lock method is set to none (lockscreen disabled)
  • kernel (5.10, 5.15): revert a USB change backported to kernel.org LTS that's causing DisplayPort alternate mode compatibility issues
  • Pixel 8a: fix GNSS configuration to avoid crash
    • +
  • kernel (5.15): update to latest GKI LTS branch revision
  • kernel (6.1): update to latest GKI LTS branch revision
  • GmsCompatConfig: update to version 123
    • From f0b47ba8032fc57cdf98824199b97ca8f8a6840a Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Tue, 16 Jul 2024 11:12:59 -0400 Subject: [PATCH 27/41] 5.10 GKI LTS update --- static/releases.html | 1 + 1 file changed, 1 insertion(+) diff --git a/static/releases.html b/static/releases.html index 4f77b059f..c20e19a01 100644 --- a/static/releases.html +++ b/static/releases.html @@ -790,6 +790,7 @@

    2024071200

  • avoid race for setting USB port mode when the lock method is set to none (lockscreen disabled)
  • kernel (5.10, 5.15): revert a USB change backported to kernel.org LTS that's causing DisplayPort alternate mode compatibility issues
  • Pixel 8a: fix GNSS configuration to avoid crash
    • +
  • kernel (5.10): update to latest GKI LTS branch revision including update to 5.10.219
  • kernel (5.15): update to latest GKI LTS branch revision
  • kernel (6.1): update to latest GKI LTS branch revision
  • GmsCompatConfig: update to version 123
    • From a47ee5f5ac2bac72333e4952110866cc7e4c68f4 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Tue, 16 Jul 2024 11:20:11 -0400 Subject: [PATCH 28/41] Android Mainline backports --- static/releases.html | 1 + 1 file changed, 1 insertion(+) diff --git a/static/releases.html b/static/releases.html index c20e19a01..a76dc4779 100644 --- a/static/releases.html +++ b/static/releases.html @@ -790,6 +790,7 @@

    2024071200

  • avoid race for setting USB port mode when the lock method is set to none (lockscreen disabled)
  • kernel (5.10, 5.15): revert a USB change backported to kernel.org LTS that's causing DisplayPort alternate mode compatibility issues
  • Pixel 8a: fix GNSS configuration to avoid crash
    • +
  • backport mainline APEX module patches for Media Provider, Network Stack, Remote Key Provisioning and Wi-Fi
  • kernel (5.10): update to latest GKI LTS branch revision including update to 5.10.219
  • kernel (5.15): update to latest GKI LTS branch revision
  • kernel (6.1): update to latest GKI LTS branch revision
    • From 8c25376ed3df16994e89c56229282b312f0cc2da Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Tue, 16 Jul 2024 12:55:26 -0400 Subject: [PATCH 29/41] add Pixel Tablet touchscreen frequency hopping toggle --- static/releases.html | 1 + 1 file changed, 1 insertion(+) diff --git a/static/releases.html b/static/releases.html index a76dc4779..820f3ca87 100644 --- a/static/releases.html +++ b/static/releases.html @@ -788,6 +788,7 @@

    2024071200

    • fix touch-to-unlock setting on devices with a power button fingerprint scanner (Pixel Fold, Pixel Tablet) which is normally always active with AOSP
    • avoid race for setting USB port mode when the lock method is set to none (lockscreen disabled)
      • +
    • Pixel Tablet: add non-standard toggle for enabling touchscreen frequency hopping to reduce ghost touches for users with problematic touchscreen hardware
    • kernel (5.10, 5.15): revert a USB change backported to kernel.org LTS that's causing DisplayPort alternate mode compatibility issues
    • Pixel 8a: fix GNSS configuration to avoid crash
    • backport mainline APEX module patches for Media Provider, Network Stack, Remote Key Provisioning and Wi-Fi
      • From 85122493d925f7c15f788af744ce2c93d09274aa Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Tue, 16 Jul 2024 13:57:57 -0400 Subject: [PATCH 30/41] new build number 2024071600 --- static/releases.html | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/static/releases.html b/static/releases.html index 820f3ca87..5f3a8c2b3 100644 --- a/static/releases.html +++ b/static/releases.html @@ -770,8 +770,8 @@

      Changelog

      release notes from before the rebranding of the project in 2018 and 2019.

      +
    - -->

    2024071200

    From 89580664f6775cde1e81b6445c710a458e285b47 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Tue, 16 Jul 2024 21:36:23 -0400 Subject: [PATCH 33/41] clarify akita GNSS fix --- static/releases.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/static/releases.html b/static/releases.html index 42f92670b..d7855e17e 100644 --- a/static/releases.html +++ b/static/releases.html @@ -811,7 +811,7 @@

    2024071600

  • avoid race for setting USB port mode when the lock method is set to none (lockscreen disabled)
  • Pixel Tablet: add non-standard toggle for enabling touchscreen frequency hopping to reduce ghost touches for users with problematic touchscreen hardware
  • kernel (5.10, 5.15): revert a USB change backported to kernel.org LTS that's causing DisplayPort alternate mode compatibility issues
    • -
  • Pixel 8a: fix GNSS configuration to avoid crash
    • +
  • Pixel 8a: fix GNSS configuration to avoid occasional crashes of the service (Pixel 8a is currently the only Samsung GNSS device)
  • backport mainline APEX module patches for Media Provider, Network Stack, Remote Key Provisioning and Wi-Fi
  • kernel (5.10): update to latest GKI LTS branch revision including update to 5.10.219
  • kernel (5.15): update to latest GKI LTS branch revision
    • From 9e3b89ac26425a67a317d6fe71fcfa2c2d8e0424 Mon Sep 17 00:00:00 2001 From: sandbank52641 <153552626+sandbank52641@users.noreply.github.com> Date: Wed, 17 Jul 2024 12:14:58 +0200 Subject: [PATCH 34/41] add note about yarn on Debian --- static/build.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/static/build.html b/static/build.html index 954bb7089..1389db027 100644 --- a/static/build.html +++ b/static/build.html @@ -394,7 +394,9 @@

    Extracting vendor files that the official builds match the sources, since it has signature verification (which is an important part of the verified boot and attestation security model).

    -

    The below commands need to only be run once to initially create a working environment.

    +

    The below commands need to only be run once to initially create a working + environment. (Note: On Debian, yarn is reserved for a binary in + cmdtest; use yarnpkg instead.)

    yarn install --cwd vendor/adevtool/
 source build/envsetup.sh

From 12dcd3664d08f282a7e2cae68cbcc480ba57e932 Mon Sep 17 00:00:00 2001
From: Chris Novakovic 
Date: Thu, 18 Jul 2024 21:42:53 +0100
Subject: [PATCH 35/41] FAQ: fix typo in time security list item

"unauthentication SNTP" -> "unauthenticated SNTP".
---
 static/faq.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/static/faq.html b/static/faq.html
index 204c9e303..fa7413840 100644
--- a/static/faq.html
+++ b/static/faq.html
@@ -888,7 +888,7 @@ 
    What kind of connections do the OS and bundle
                             second precision.
    
 
                             
    This is a full replacement for Android's standard network time
-                            update implementation, which uses unauthentication SNTP (Simple
+                            update implementation, which uses unauthenticated SNTP (Simple
                             Network Time Protocol) with fallback to the cellular network when it's
                             not available (GNSS can also be used as a time source but is disabled
                             by default, and OEMs can choose the priority order). Network time

From 37051a9de9ce740a0ed8d35f9577af94af6a0593 Mon Sep 17 00:00:00 2001
From: GrapheneOS 
Date: Thu, 18 Jul 2024 19:14:30 -0400
Subject: [PATCH 36/41] Apps version 24

---
 static/releases.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/static/releases.html b/static/releases.html
index d7855e17e..b9cfb1ba8 100644
--- a/static/releases.html
+++ b/static/releases.html
@@ -787,6 +787,7 @@ 
    2024071600
    
                     
    Changes since the 2024071600 release:

    --> From 7c05933db538ee66f3efe58da00f2a6c72e64645 Mon Sep 17 00:00:00 2001 From: Dmitry Muhomor Date: Fri, 19 Jul 2024 13:27:46 +0300 Subject: [PATCH 37/41] update aapt2 build instruction --- static/build.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/static/build.html b/static/build.html index 1389db027..afcdd326d 100644 --- a/static/build.html +++ b/static/build.html @@ -400,7 +400,7 @@

    Extracting vendor files 
    yarn install --cwd vendor/adevtool/
 source build/envsetup.sh
-lunch sdk_phone64_x86_64-ap2a-user
+lunch sdk_phone64_x86_64-cur-user
 m aapt2
    From c2bae5b12732a3a4c0cb5c8f14ce2902b22e0cae Mon Sep 17 00:00:00 2001 From: Dmitry Muhomor Date: Fri, 19 Jul 2024 13:48:18 +0300 Subject: [PATCH 38/41] handle Apps -> App Store rename --- static/articles/grapheneos-servers.html | 2 +- static/build.html | 2 +- static/contact.html | 2 +- static/faq.html | 2 +- static/source.html | 4 ++-- static/usage.html | 11 +++++------ 6 files changed, 11 insertions(+), 12 deletions(-) diff --git a/static/articles/grapheneos-servers.html b/static/articles/grapheneos-servers.html index 968d8e49a..a469170d9 100644 --- a/static/articles/grapheneos-servers.html +++ b/static/articles/grapheneos-servers.html @@ -180,7 +180,7 @@

    GrapheneOS release servers

    These are the static file servers for GrapheneOS releases and our app repository. These are used by the releases page and web installer along with the - System Updater and Apps (app repository client) within the OS.

    + System Updater and App Store (app repository client) within the OS.

    • Repository
      • diff --git a/static/build.html b/static/build.html index afcdd326d..014aea4a2 100644 --- a/static/build.html +++ b/static/build.html @@ -1029,7 +1029,7 @@

      Browser and WebView

      Prebuilt apps

      -

      The official releases of our Apps, Auditor, Camera and PdfViewer apps are +

      The official releases of our App Store, Auditor, Camera and PdfViewer apps are bundled as apks into external/ repositories. The no-code AppCompatConfig and GmsCompatConfig apps are done the same way. These are built and signed with the standard gradle Android plugin build system.

      diff --git a/static/contact.html b/static/contact.html index 85e6259d8..0bb7937a7 100644 --- a/static/contact.html +++ b/static/contact.html @@ -216,7 +216,7 @@

      Reporting issues

      Standalone apps

      From ec8f0c918f727273b9cdc5a4b7441ffc308b2752 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Sat, 20 Jul 2024 00:46:40 -0400 Subject: [PATCH 40/41] 5.15 GKI LTS update --- static/releases.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/static/releases.html b/static/releases.html index 70616ac57..1be19ffb9 100644 --- a/static/releases.html +++ b/static/releases.html @@ -815,7 +815,7 @@

      2024071600

    • Pixel 8a: fix GNSS configuration to avoid occasional crashes of the service (Pixel 8a is currently the only Samsung GNSS device)
    • backport mainline APEX module patches for Media Provider, Network Stack, Remote Key Provisioning and Wi-Fi
    • kernel (5.10): update to latest GKI LTS branch revision including update to 5.10.219
      • -
    • kernel (5.15): update to latest GKI LTS branch revision
      • +
    • kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.161
    • kernel (6.1): update to latest GKI LTS branch revision
    • kernel (6.6): update to latest GKI LTS branch revision
    • GmsCompatConfig: update to version 123
      • From 1cbef4f2a128732847f1ebd36a31048533d276ab Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Sat, 20 Jul 2024 00:47:09 -0400 Subject: [PATCH 41/41] 5.10 GKI LTS update --- static/releases.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/static/releases.html b/static/releases.html index 1be19ffb9..e80c98d33 100644 --- a/static/releases.html +++ b/static/releases.html @@ -814,7 +814,7 @@

      2024071600

    • kernel (5.10, 5.15): revert a USB change backported to kernel.org LTS that's causing DisplayPort alternate mode compatibility issues
    • Pixel 8a: fix GNSS configuration to avoid occasional crashes of the service (Pixel 8a is currently the only Samsung GNSS device)
    • backport mainline APEX module patches for Media Provider, Network Stack, Remote Key Provisioning and Wi-Fi
      • -
    • kernel (5.10): update to latest GKI LTS branch revision including update to 5.10.219
      • +
    • kernel (5.10): update to latest GKI LTS branch revision including update to 5.10.221
    • kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.161
    • kernel (6.1): update to latest GKI LTS branch revision
    • kernel (6.6): update to latest GKI LTS branch revision