security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

update signing instructions

Browse Source
This commit is contained in:
Daniel Micay 2024-07-29 02:31:55 -04:00
parent 01f3a841a3
commit e9c96f49a1
1 changed files with 24 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
static/build.html
View File

@ -644,33 +644,38 @@ cd ../..</pre>
<pre>m otatools-package</pre>
<p>Generate a signed release build with the release.sh script:</p>
<p>Copy build artifacts to releases directory:</p>
<pre>script/release.sh raven</pre>
<pre>script/finalize.sh</pre>
<p>Generate a signed release build with the generate-release.sh script:</p>
<pre>script/generate-release.sh raven <var>BUILD_NUMBER</var></pre>
<p>The factory images and update package will be in
<code>out/release-raven-<var>BUILD_NUMBER</var></code>. The update zip performs a full OS
installation so it can be used to update from any previous version. More efficient
incremental updates are used for official over-the-air GrapheneOS updates and can be
generated by keeping around past signed <code>target_files</code> zips and generating
incremental updates from those to the most recent signed <code>target_files</code>
zip.</p>
<code>releases/<var>BUILD_NUMBER</var>/release-raven-<var>BUILD_NUMBER</var></code>.
The update zip performs a full OS installation so it can be used to update from
any previous version. More efficient incremental updates are used for official
over-the-air GrapheneOS updates and can be generated by keeping around past
signed <code>target_files</code> zips and generating incremental updates from
those to the most recent signed <code>target_files</code> zip.</p>
<p>See the <a href="/install/">install page</a> for information on how to use the
factory images. See the <a href="/usage#updates-sideloading">usage guide section on
sideloading updates</a> for information on how to use the update packages.</p>
<p>Running <code>script/release.sh</code> also generates channel metadata for the
update server. If you configured the Updater client URL and set the build to include
it (see the information on <code>OFFICIAL_BUILD</code> above), you can push signed
over-the-air updates via the update system. Simply upload the update package to the
update server along with the channel metadata for the release channel, and it will be
pushed out to the update client. The <code><var>DEVICE</var>-beta</code> and
<code><var>DEVICE</var>-stable</code> metadata provide the Beta and Stable release channels used
by the update client. The <code><var>DEVICE</var>-testing</code> metadata provides
an internal testing channel for the OS developers, which can be temporarily
enabled using <code>adb shell setprop sys.update.channel testing</code>. The name is
arbitrary and you can also use any other name for internal testing channels.</p>
<p>Running <code>script/generate-release.sh</code> also generates channel
metadata for the update server. If you configured the Updater client URL and set
the build to include it (see the information on <code>OFFICIAL_BUILD</code>
above), you can push signed over-the-air updates via the update system. Simply
upload the update package to the update server along with the channel metadata
for the release channel, and it will be pushed out to the update client. The
<code><var>DEVICE</var>-beta</code> and <code><var>DEVICE</var>-stable</code>
metadata provide the Beta and Stable release channels used by the update client.
The <code><var>DEVICE</var>-testing</code> metadata provides an internal testing
channel for the OS developers, which can be temporarily enabled using <code>adb
shell setprop sys.update.channel testing</code>. The name is arbitrary and you
can also use any other name for internal testing channels.</p>
<p>For GrapheneOS itself, the testing channel is used to push out updates to developer
devices, followed by a sample future release to test that the release which is about