security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

update script names

Browse Source
This commit is contained in:
Daniel Micay 2024-09-01 06:57:34 -04:00
parent 73616e9b45
commit 020d9aed88
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
static/build.html
View File

@ -546,7 +546,7 @@ m aapt2</pre>
<p>You should set a passphrase for the signing keys to keep them at rest until you <p>You should set a passphrase for the signing keys to keep them at rest until you
need to sign a release with them. The GrapheneOS scripts (<code>make_key</code> and need to sign a release with them. The GrapheneOS scripts (<code>make_key</code> and
<code>encrypt_keys.sh</code>) encrypt the signing keys using scrypt for key derivation <code>encrypt-keys.sh</code>) encrypt the signing keys using scrypt for key derivation
and AES256 as the cipher. If you use swap, make sure it's encrypted, ideally with an and AES256 as the cipher. If you use swap, make sure it's encrypted, ideally with an
ephemeral key rather a persistent key to support hibernation. Even with an ephemeral ephemeral key rather a persistent key to support hibernation. Even with an ephemeral
key, swap will reduce the security gained from encrypting the keys since it breaks the key, swap will reduce the security gained from encrypting the keys since it breaks the
@ -586,12 +586,12 @@ cd ../..</pre>
<section id="encrypting-keys"> <section id="encrypting-keys">
<h4><a href="#encrypting-keys">Encrypting keys</a></h4> <h4><a href="#encrypting-keys">Encrypting keys</a></h4>
<p>You can (re-)encrypt your signing keys using the <code>encrypt_keys</code> script, <p>You can (re-)encrypt your signing keys using the <code>encrypt-keys</code> script,
which will prompt for the old passphrase (if any) and new passphrase:</p> which will prompt for the old passphrase (if any) and new passphrase:</p>
<pre>script/encrypt_keys.sh keys/raven</pre> <pre>script/encrypt-keys.sh keys/raven</pre>
<p>The <code>script/decrypt_keys.sh</code> script can be used to remove encryption, <p>The <code>script/decrypt-keys.sh</code> script can be used to remove encryption,
which is not recommended. The script exists primarily for internal usage to decrypt which is not recommended. The script exists primarily for internal usage to decrypt
the keys in tmpfs to perform signing.</p> the keys in tmpfs to perform signing.</p>
</section> </section>
@ -668,11 +668,11 @@ cd ../..</pre>
update if one exists for going directly from the currently installed version to the update if one exists for going directly from the currently installed version to the
latest release. In order to generate a delta update, the original signed target files latest release. In order to generate a delta update, the original signed target files
package for both the source version and target version are needed. The package for both the source version and target version are needed. The
<code>script/generate_delta.sh</code> script provides a wrapper script for generating <code>script/generate-delta.sh</code> script provides a wrapper script for generating
delta updates by passing the device, source version build number and target version delta updates by passing the device, source version build number and target version
build number. For example:</p> build number. For example:</p>
<pre>script/generate_delta.sh raven 2021102503 2021102613</pre> <pre>script/generate-delta.sh raven 2021102503 2021102613</pre>
<p>The script assumes that the releases are organized in the following directory <p>The script assumes that the releases are organized in the following directory
structure:</p> structure:</p>