repo init again to continue down the same branch since
GrapheneOS only provides a stable history via tags.
- Before building GrapheneOS, you need to build Vanadium for the WebView and
- optionally the standalone browser app. Vanadium is a hardened fork of
- Chromium developed and used by GrapheneOS. It needs to be rebuilt when Chromium is
- updated or the GrapheneOS Vanadium patches are changed.
Chromium and the WebView are independent applications built from the Chromium - source tree. The GrapheneOS Chromium build is located at external/vanadium and - includes the WebView.
- -See - Chromium's Android build instructions for details on obtaining the - prerequisites.
- -You can obtain the proper configuration from the
-
- GrapheneOS Vanadium repository in args.gn including the correct
- version.
git clone https://github.com/GrapheneOS/Vanadium.git -cd Vanadium -git checkout $CORRECT_BRANCH_OR_TAG- -
Fetch the Chromium sources:
- -fetch --nohooks android- -
Sync to the latest stable release for Android (replace $VERSION with the correct - value):
- -gclient sync -D --with_branch_heads -r $VERSION --jobs 32- -
Apply the GrapheneOS patches on top of the tagged release:
- -cd src -git am --whitespace=nowarn ../*.patch- -
Generate a signing key for Vanadium if this is the initial build (the sample
- password configured in args.gn is vanadiumpass):
keytool -genkey -v -keystore vanadium.keystore -alias vanadiumkey -keyalg RSA -keysize 4096 -sigalg SHA512withRSA -validity 10000 -dname "cn=GrapheneOS"- -
You should back this up with your other keys.
- -Then, configure the build in the src directory:
gn args out/Default- -
Copy the GrapheneOS configuration from ../args.gn and save/exit the
- editor. Modify target_cpu as needed if the target is not arm64. For
- x86_64, the correct value for target_cpu is x64, but note
- that the Android source tree refers to it as x86_64.
To build ChromeModernPublic, which provides the browser app:
- -ninja -C out/Default/ chrome_modern_public_apk- -
The apk needs to be copied from out/Default/apks/ChromeModernPublic.apk
- into the Android source tree at
- external/vanadium/prebuilt/arm64/ChromeModernPublic.apk with arm64
- substituted with the correct value for other architectures (arm, x86, x86_64).
To build SystemWebView, which provides the WebView:
- -ninja -C out/Default/ system_webview_apk- -
The apk needs to be copied from out/Default/apks/SystemWebView.apk
- into the Android source tree at
- external/chromium-webview/prebuilt/arm64/webview.apk with arm64
- substituted with the correct value for other architectures (arm, x86, x86_64).
Chromium cannot yet provide the WebView for Android 10. The changes for - this have not yet landed upstream for the current stable release. It either needs to - be addressed upstream or downstream in order for this to work again.
- -WebView provider apps need to be whitelisted in
- frameworks/base/core/res/res/xml/config_webview_packages.
Before building GrapheneOS, you need to build Vanadium for the WebView and
+ optionally the standalone browser app. Vanadium is a hardened fork of
+ Chromium developed and used by GrapheneOS. It needs to be rebuilt when Chromium is
+ updated or the GrapheneOS Vanadium patches are changed.
Chromium and the WebView are independent applications built from the Chromium + source tree. The GrapheneOS Chromium build is located at external/vanadium and + includes the WebView.
+ +See + Chromium's Android build instructions for details on obtaining the + prerequisites.
+ +You can obtain the proper configuration from the
+
+ GrapheneOS Vanadium repository in args.gn including the correct
+ version.
git clone https://github.com/GrapheneOS/Vanadium.git +cd Vanadium +git checkout $CORRECT_BRANCH_OR_TAG+ +
Fetch the Chromium sources:
+ +fetch --nohooks android+ +
Sync to the latest stable release for Android (replace $VERSION with the correct + value):
+ +gclient sync -D --with_branch_heads -r $VERSION --jobs 32+ +
Apply the GrapheneOS patches on top of the tagged release:
+ +cd src +git am --whitespace=nowarn ../*.patch+ +
Generate a signing key for Vanadium if this is the initial build (the sample
+ password configured in args.gn is vanadiumpass):
keytool -genkey -v -keystore vanadium.keystore -alias vanadiumkey -keyalg RSA -keysize 4096 -sigalg SHA512withRSA -validity 10000 -dname "cn=GrapheneOS"+ +
You should back this up with your other keys.
+ +Then, configure the build in the src directory:
gn args out/Default+ +
Copy the GrapheneOS configuration from ../args.gn and save/exit the
+ editor. Modify target_cpu as needed if the target is not arm64. For
+ x86_64, the correct value for target_cpu is x64, but note
+ that the Android source tree refers to it as x86_64.
To build ChromeModernPublic, which provides the browser app:
+ +ninja -C out/Default/ chrome_modern_public_apk+ +
The apk needs to be copied from out/Default/apks/ChromeModernPublic.apk
+ into the Android source tree at
+ external/vanadium/prebuilt/arm64/ChromeModernPublic.apk with arm64
+ substituted with the correct value for other architectures (arm, x86, x86_64).
To build SystemWebView, which provides the WebView:
+ +ninja -C out/Default/ system_webview_apk+ +
The apk needs to be copied from out/Default/apks/SystemWebView.apk
+ into the Android source tree at
+ external/chromium-webview/prebuilt/arm64/webview.apk with arm64
+ substituted with the correct value for other architectures (arm, x86, x86_64).
Chromium cannot yet provide the WebView for Android 10. The changes for + this have not yet landed upstream for the current stable release. It either needs to + be addressed upstream or downstream in order for this to work again.
+ +WebView provider apps need to be whitelisted in
+ frameworks/base/core/res/res/xml/config_webview_packages.