's'
This commit is contained in:
56
README.md
56
README.md
@@ -29,9 +29,9 @@ It keeps only the parts that were actually used:
|
||||
|
||||
## Offline archive
|
||||
|
||||
The repo tracks the offline bundle metadata under [offline](C:/Users/admin/Desktop/redroid-android13/offline). The large zip/apk/tar payloads are intentionally kept out of Git and should be stored locally under `offline/downloads/` and `offline/images/`.
|
||||
The repo tracks the offline bundle metadata under [offline](offline). The large zip/apk/tar payloads are intentionally kept out of Git and should be stored locally under `offline/downloads/` and `offline/images/`.
|
||||
|
||||
Use [offline/manifest.json](C:/Users/admin/Desktop/redroid-android13/offline/manifest.json) for checksums and source metadata, and [offline/README.md](C:/Users/admin/Desktop/redroid-android13/offline/README.md) for the expected local layout.
|
||||
Use [offline/manifest.json](offline/manifest.json) for checksums and source metadata, and [offline/README.md](offline/README.md) for the expected local layout.
|
||||
|
||||
Expected local files:
|
||||
|
||||
@@ -40,9 +40,22 @@ Expected local files:
|
||||
- `offline/downloads/libhoudini_hack.zip`
|
||||
- `offline/downloads/magisk.apk`
|
||||
- `offline/downloads/magisk.version`
|
||||
- `offline/images/redroid-redroid-13.0.0-latest.tar`
|
||||
- `offline/images/redroid-redroid-13.0.0-latest.tar` (optional if the base image is already in local Docker storage)
|
||||
|
||||
`redroid.py` now tries to pull `redroid/redroid:13.0.0-latest` first. If that fails, it falls back to the local image cache, then to `offline/images/redroid-redroid-13.0.0-latest.tar`.
|
||||
### Build resource order (`redroid.py`)
|
||||
|
||||
- **Base image:** prefers an existing local `redroid/redroid:<ver>-latest`, then `offline/images/redroid-redroid-13.0.0-latest.tar` (`docker load`), then a registry pull (skipped when offline-only).
|
||||
- **Zips / APK:** prefers files under `offline/downloads/` whose **MD5** matches the pinned upstream artifacts; downloads only if missing or mismatch (skipped when offline-only).
|
||||
- **Strict no-network builds:** pass `--offline` or set `REDROID_OFFLINE=1` so missing bundles fail fast instead of downloading.
|
||||
|
||||
### Verify script notes
|
||||
|
||||
```bash
|
||||
python verify_offline_bundle.py
|
||||
```
|
||||
|
||||
- `magisk.version` is checked against exact **size** and **sha256** from `manifest.json`. A short version string without the expected newline/padding will report `size mismatch` even when `magisk.apk` is fine for the image build.
|
||||
- A missing `offline/images/*.tar` is expected to **FAIL** here if you rely on a pre-pulled Docker image instead; that does not block `redroid.py` when the base image already exists locally.
|
||||
|
||||
## Dependencies
|
||||
|
||||
@@ -50,18 +63,20 @@ Expected local files:
|
||||
python -m pip install -r requirements.txt
|
||||
```
|
||||
|
||||
## Verify the offline bundle
|
||||
|
||||
```bash
|
||||
python verify_offline_bundle.py
|
||||
```
|
||||
|
||||
## Build the 5570 image
|
||||
|
||||
```bash
|
||||
python redroid.py -mtg -i -m
|
||||
```
|
||||
|
||||
Air-gapped (requires a complete `offline/` tree):
|
||||
|
||||
```bash
|
||||
REDROID_OFFLINE=1 python redroid.py -mtg -i -m
|
||||
# or
|
||||
python redroid.py -mtg -i -m --offline
|
||||
```
|
||||
|
||||
Expected image tag:
|
||||
|
||||
```bash
|
||||
@@ -70,6 +85,8 @@ redroid/redroid:13.0.0_mindthegapps_houdini_magisk
|
||||
|
||||
## Launch the container
|
||||
|
||||
Headless servers have **no screen** to approve the USB debugging RSA dialog. Always pass **`--adb-insecure`** so boot props disable ADB RSA checks and apply **before** the Pixel user profile (`androidboot.adb.secure=0`, `ro.adb.secure=0`, `ro.secure=0`, `ro.debuggable=1`). **Do not expose the ADB port on a public network.**
|
||||
|
||||
```bash
|
||||
python run_redroid.py \
|
||||
--image redroid/redroid:13.0.0_mindthegapps_houdini_magisk \
|
||||
@@ -77,7 +94,22 @@ python run_redroid.py \
|
||||
--device-profile pixel-7-pro \
|
||||
--data-dir ~/data-redroid13 \
|
||||
--port 5570 \
|
||||
--replace
|
||||
--replace \
|
||||
--adb-insecure
|
||||
```
|
||||
|
||||
Then:
|
||||
|
||||
```bash
|
||||
adb kill-server && adb start-server
|
||||
adb connect 127.0.0.1:5570
|
||||
adb devices
|
||||
```
|
||||
|
||||
If you still see `unauthorized` after an upgrade, stop the container, remove persisted keys on the host, and retry:
|
||||
|
||||
```bash
|
||||
rm -rf ~/data-redroid13/misc/adb
|
||||
```
|
||||
|
||||
## Apply the 5570 hardening
|
||||
@@ -98,7 +130,7 @@ This post-boot step:
|
||||
- allows `com.android.shell` to use mock location
|
||||
- applies the `Pixel 7 Pro / user / release-keys / locked / green` identity
|
||||
|
||||
With `--install-extreme-script`, the validated script [assets/redroid_extreme_post_fs_data.sh](C:/Users/admin/Desktop/redroid-android13/assets/redroid_extreme_post_fs_data.sh) is copied to `/data/adb/post-fs-data.d/20-redroid-extreme.sh` so that:
|
||||
With `--install-extreme-script`, the validated script [assets/redroid_extreme_post_fs_data.sh](assets/redroid_extreme_post_fs_data.sh) is copied to `/data/adb/post-fs-data.d/20-redroid-extreme.sh` so that:
|
||||
|
||||
- `vendor/bin/su` stays visible to app namespaces after reboot
|
||||
- `Pixel 7 Pro` properties are re-applied on every boot
|
||||
|
||||
@@ -95,7 +95,7 @@ def build_layers(args):
|
||||
|
||||
|
||||
def print_recommended_flow(image_name):
|
||||
print("\nRecommended 5570 launch")
|
||||
print("\nRecommended 5570 launch (headless: always pass --adb-insecure)")
|
||||
print(
|
||||
"python run_redroid.py "
|
||||
"--image {} "
|
||||
@@ -103,7 +103,8 @@ def print_recommended_flow(image_name):
|
||||
"--device-profile pixel-7-pro "
|
||||
"--data-dir ~/data-redroid13 "
|
||||
"--port 5570 "
|
||||
"--replace\n".format(image_name)
|
||||
"--replace "
|
||||
"--adb-insecure\n".format(image_name)
|
||||
)
|
||||
print("Recommended post-boot hardening")
|
||||
print(
|
||||
|
||||
@@ -262,8 +262,8 @@ def main():
|
||||
"--adb-insecure",
|
||||
action="store_true",
|
||||
help=(
|
||||
"Disable ADB RSA authorization (ro.adb.secure=0 + androidboot.adb.secure=0). "
|
||||
"Passed early so init applies it before other ro.* props (see redroid-doc #579)."
|
||||
"Headless ADB: early androidboot.adb.secure=0, ro.adb.secure=0, ro.secure=0, ro.debuggable=1 "
|
||||
"(before device profile; see redroid-doc README / #579). Overrides user-build secure props."
|
||||
),
|
||||
)
|
||||
args = parser.parse_args()
|
||||
@@ -298,10 +298,14 @@ def main():
|
||||
# Init applies read-only props in order; later ro.adb.secure=0 is ignored if adb.secure
|
||||
# was already set (redroid-doc #579). Put these immediately after the image name.
|
||||
if args.adb_insecure:
|
||||
# Must precede device_profile_props (ro.secure=1 / ro.debuggable=0): init keeps first ro.* value.
|
||||
# redroid-doc README: ro.secure=0 yields working adb shell without RSA prompt.
|
||||
cmd.extend(
|
||||
[
|
||||
"androidboot.adb.secure=0",
|
||||
"ro.adb.secure=0",
|
||||
"ro.secure=0",
|
||||
"ro.debuggable=1",
|
||||
]
|
||||
)
|
||||
cmd.append("androidboot.redroid_gpu_mode={}".format(args.gpu_mode))
|
||||
@@ -323,6 +327,12 @@ def main():
|
||||
print_color("Selected launch preset: {}".format(preset), bcolors.GREEN)
|
||||
if device_profile != "none":
|
||||
print_color("Selected device profile: {}".format(device_profile), bcolors.GREEN)
|
||||
if args.adb_insecure:
|
||||
print_color(
|
||||
"ADB insecure: injecting boot props immediately after image name "
|
||||
"(check Command: line starts with androidboot.adb.secure=0 …).",
|
||||
bcolors.GREEN,
|
||||
)
|
||||
print("Command:\n{}\n".format(quote_cmd(cmd)))
|
||||
|
||||
if args.dry_run:
|
||||
|
||||
Reference in New Issue
Block a user