Project

General

Profile

Actions

Issue #2153

open

Enable users to get root directly on the device

Added by Denis 'GNUtoo' Carikli almost 2 years ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
11/03/2020
Due date:
% Done:

0%

Estimated time:
Resolution:
Device:
Unknown
Grant:
Type of work:
Unknown
Actions #1

Updated by Denis 'GNUtoo' Carikli almost 2 years ago

This could probably be done in a way that takes advantages of user / userdebug / eng build types:
  • Support for user and eng could be added if they are not yet in the launch target
  • It would only be enabled for userdebug (and eng?)
  • The default will be userdebug

As there is some interest in not having root for security reasons, it would also support such use case (provided that users wanting that recompile Replicant).

Actions #2

Updated by Denis 'GNUtoo' Carikli over 1 year ago

LineageOS itself doesn't have root for applications since some time:
  • AddonSU was provided by LineageOS as an add-on to enable applications to get root
  • This doesn't work anymore with LineageOS 17.1, so users are now advised to use Magisk (https://github.com/topjohnwu/Magisk) instead.

I now added the ability to integrate applications from the F-Droid repository in a more robust way. The code isn't perfect as enabling it should probably be done in vendor/replicant but beside that it's robust enough.

Since Magisk isn't in F-droid we however cannot use it like that. Installing some applications as system apps also don't automatically enable them to get root.

The su binary is also not shipped with userdebug.

We have https://f-droid.org/en/packages/me.phh.superuser/ but it probably requires us to ship some su binary to work. It's source code README has more infos.

Note that there are specifications for adding root support to Android: https://su.chainfire.eu/

Actions #3

Updated by Kurtis Hanna over 1 year ago

It sounds like Magisk does not build on F-Droid's build system because of a Python issue that is directly related to the fact that F-Droid's build system is still on Debian Stretch rather than Debian Stable. There is a build recipe on the issue thread though, so it is likely to get merged once they upgrade to Debian Stable. https://gitlab.com/fdroid/fdroiddata/-/merge_requests/4401

Actions #4

Updated by Kurtis Hanna over 1 year ago

Should we ship Replicant 11 with Magisk pre-installed?

Actions #5

Updated by _I3^ RELATIVISM over 1 year ago

  • Type of work Unknown added
Actions #6

Updated by Denis 'GNUtoo' Carikli over 1 year ago

It seems that there is a political issue with Magisk: According to several posts on Reddit1[2], it seems that Magisk main author (topjohnwu) got hired by Google and as a consequence of that, topjohnwu has been forbidden (by Google) to continue working on Magik.

References:

1 https://old.reddit.com/r/Magisk/comments/nf8pkp/news_creater_of_magisk_got_hired_by_google/gykt89k/
fn2. https://old.reddit.com/r/Magisk/comments/nf8pkp/news_creater_of_magisk_got_hired_by_google/gyksds2/

Since topjohnwu has only between 64 and 65% of all the commits in Magisk, we can hope that somehow some people step up (individually or collectively) to (co-)maintain Magisk:

$ expr $(expr 100 \* $(git log  | grep "Author: topjohnwu" | wc -l)) / $(git log  | grep Author | wc -l)
64

If we integrate it in Replicant we'll probably need to patch it to enable it to work without initramfs and/or only activate the features that are really needed (root).

Actions #7

Updated by Denis 'GNUtoo' Carikli over 1 year ago

Should we ship Replicant 11 with Magisk pre-installed?

Probably, but we also need to look if it meets our requirement and/or fixes issues along the way and we might have to modify it too.

So far I've found the following issues:
  • Magisk requires an initramfs and adding back an initramfs is far from ideal since the kernel size probably increased a lot since Replicant 6.0. Asking users to repartitions their devices would also be very complicated: we could probably manage to develop something usable for more advanced users, but enabling less technical users to still install Replicant would probably require a huge amount of work. So the easiest solution in the long run is probably to add support for devices without initramfs in Magisk.
  • Magisk seem to have a lot of features, and we might not need nor want all of them. For instance it seems to be able to run modules. The Vanced seems to either ship a modified version of the official Youtube application or seems to be able to modify it. The official Youtube application is most probably nonfree.
Actions

Also available in: Atom PDF