在TrueNAS上使用Docker安装1Panel 背景家里TrueNAS性能剩余，想着部署个web服务。想要装个面板减少点工作量，又考虑到虚拟机性能折损和zfs cache对内存的要求比较大以及NAS本身性能也不好，便打算使用docker部署。再加上1Panel本身也是以docker为介质，二者共同控制TrueNAS宿主机的docker daemon，约等于直接将网站部署到TrueNAS本地并且也便于管理。分析{alert type="warning"}本文默认TrueNAS可以访问dockerhub并且已经配置好了docker daemon{/alert}环境信息Storage Pool存在两个存储池:/mnt/data: 1 x MIRROR | 2 wide | 2.73 TiB | HDD/mnt/systemdata: 1 x DISK | 1 wide | 223.57 GiB | SSD其中docker数据存储在2号存储池中。Datasets存在三个数据集:Storage: 位于data存储池，存放冷数据DockerData: 位于systemdata存储池，存放容器的持久化存储文件KaguraiYoRoy: 位于systemdata，用户home文件夹安装1Panel使用了moelin/1panel:latest镜像部署，此步骤很多部分都可以参考镜像作者写的README。项目地址：{cloud title="okxlin/docker-1panel" type="github" url="https://github.com/okxlin/docker-1panel" password=""/}在DockerData数据集创建了一个文件夹专门用于存储1panel数据，即用作容器内/opt/1panel，位于/mnt/systemdata/DockerData/1panel。持久卷因为要允许1Panel管理宿主机docker，因此需要映射/var/run/docker.sock和宿主的docker文件夹映射上文为其创建的数据文件夹TrueNAS的docker文件夹和一般的Linux位置不一样，一般的Linux位于/var/lib/docker而TrueNAS的位于/mnt/.ix-apps/docker。环境变量和端口映射环境变量和镜像作者的设置相同，传入TZ=Asia/Shanghai；端口映射根据需要自行设置即可，容器内端口为10086。Docker Compose有了上述信息，编写docker compose就容易许多了。 完整Docker Compose文件如下：services: 1panel: dns: - 223.5.5.5 environment: - TZ=Asia/Shanghai image: moelin/1panel:latest labels: createdBy: Apps ports: - '8085:10086' restart: always volumes: - /var/run/docker.sock:/var/run/docker.sock - /mnt/.ix-apps/docker:/var/lib/docker - /mnt/systemdata/DockerData/1panel/opt:/opt/1panel - /mnt/systemdata/DockerData/1panel/root:/root - /etc/docker:/etc/docker这里映射/root是因为我需要在容器内运行Git，而Git config存储在/root下； 设置dns是因为1Panel制作环境镜像的时候需要连网下载数据，不指定dns会报错。 安装完成后访问你设置的端口即可。 1Panel基础信息:默认账户：1panel默认密码：1panel_password默认入口：entrance故障处理Docker镜像源实际测试的时候发现如果不设置镜像源，即使配置了Proxy，在安装PHP环境的时候也会报错，并且配置了镜像源同时配置了Proxy也会安装失败，不清楚为什么 打开TrueNAS的/etc/docker/daemon.json并添加registry-mirrors：{ "data-root": "/mnt/.ix-apps/docker", "default-address-pools": [ { "base": "172.17.0.0/12", "size": 24 } ], "exec-opts": [ "native.cgroupdriver=cgroupfs" ], "iptables": true, "registry-mirrors": [ "https://docker.1panel.live" ], "storage-driver": "overlay2" }保存，重启主机docker，再去1Panel里安装环境。 {alert type="warning"}这一步的配置重启后会丢失，尽量一次性安装好环境和需要的app{/alert}1Panel创建的容器无法启动这个是因为在1Panel中，默认存储数据的文件夹是我们所映射出来的/opt/1panel，但是实际上创建的容器运行在TrueNAS里，访问的是TrueNAS里不存在的/opt/1panel，并且其/opt默认是只读的，因此在启动容器的时候会报错Read-only filesystem。 我自己的解决方案也很简单粗暴，在TrueNAS主机中先挂载/opt为可读写，再创建一个软链接指向1Panel的数据文件夹。cd /opt mount -o remount,rw /opt ln -s /mnt/systemdata/DockerData/1panel/opt 1panel然后就可以正常使用啦 有一个需要注意的点，在1Panel中安装OpenResty时记得避开使用80和443端口，这俩是TrueNAS的webui默认端口

小米845系列机器类原生调用红外摄像头进行人脸识别 背景小米845系列的小米8、小米8屏幕指纹版有一颗前置红外摄像头用于面部识别，这样即使在无光的环境下仍可以使用面部解锁。然而如果使用LineageOS的设备树不加修改编译出来的类原生无法使用红外摄像头，只能使用普通的摄像头，而PixelExperience的设备树是可以的，故探究其原因。原因CameraID首先是需要指定人脸识别模块使用红外摄像头。翻阅PixelExperience的相关设备树源码可以发现：在overlay中设置了调用CameraID为5的摄像头用作人脸识别。https://github.com/PixelExperience-Devices/device_xiaomi_dipper/blob/fourteen/overlay/packages/apps/FaceUnlockService/app/src/main/res/values/config.xml<?xml version="1.0" encoding="utf-8"?> <resources> <integer name="override_front_cam_id">5</integer> <bool name="use_alternative_vendor_impl">true</bool> </resources>PixelExperience使用的是motorola的人脸解锁方案，而现在很多类原生使用的是AOSPA的ParanoidSense，因此上述设置的overlay并不适用。 查阅ParanoidSense源码可以看到：使用了Properties属性ro.face.sense_service.camera_id标识使用的摄像头。https://github.com/AOSPA/android_packages_apps_ParanoidSense/blob/uvite/src/co/aospa/sense/camera/CameraUtil.kt#L32 val cameraIdProp = SystemProperties.get("ro.face.sense_service.camera_id")因此理论上只要设置ro.face.sense_service.camera_id属性为5即可使其调用红外人脸摄像头。vendor.camera.aux.packagelist属性如果仅仅设置上述CameraID相关属性，那么人脸模块调用时会直接报错。翻阅Frameworks部分的代码可以得知：系统默认隐藏了除主前摄和主后摄之外的其他辅助摄像头（即AUXCamera），而红外摄像头也属于AUXCamera之一。取LineageOS的Framework代码作为例子：https://github.com/LineageOS/android_frameworks_base/blob/lineage-21.0/core/java/android/hardware/Camera.java#L295-L301 /** * Returns the number of physical cameras available on this device. * The return value of this method might change dynamically if the device * supports external cameras and an external camera is connected or * disconnected. * * If there is a * {@link android.hardware.camera2.CameraCharacteristics#REQUEST_AVAILABLE_CAPABILITIES_LOGICAL_MULTI_CAMERA * logical multi-camera} in the system, to maintain app backward compatibility, this method will * only expose one camera per facing for all logical camera and physical camera groups. * Use camera2 API to see all cameras. * * @return total number of accessible camera devices, or 0 if there are no * cameras or an error was encountered enumerating them. */ public static int getNumberOfCameras() { int numberOfCameras = _getNumberOfCameras(); if (!shouldExposeAuxCamera() && numberOfCameras > 2) { numberOfCameras = 2; } return numberOfCameras; }不难看出，即使设备有大于2颗摄像头，若函数shouldExposeAuxCamera()返回为False则会强制指定摄像头数量为2，阻止程序访问CameraID>2的摄像头；再来看看这个判断函数的定义：https://github.com/LineageOS/android_frameworks_base/blob/lineage-21.0/core/java/android/hardware/Camera.java#L264-L278 /** * @hide */ public static boolean shouldExposeAuxCamera() { /** * Force to expose only two cameras * if the package name does not falls in this bucket */ String packageName = ActivityThread.currentOpPackageName(); if (packageName == null) return true; List<String> packageList = Arrays.asList( SystemProperties.get("vendor.camera.aux.packagelist", packageName).split(",")); List<String> packageExcludelist = Arrays.asList( SystemProperties.get("vendor.camera.aux.packageexcludelist", "").split(",")); return packageList.contains(packageName) && !packageExcludelist.contains(packageName); }可以看出，假如包名在属性vendor.camera.aux.packagelist中并且不在vendor.camera.aux.packageexcludelist中就会返回为True，否则False。 那么解决方案就很明了了：将ParanoidSense的包名加到vendor.camera.aux.packagelist属性中即可让其能够调用到红外摄像头。解决将ParanoidSense的包名co.aospa.sense加到vendor.camera.aux.packagelist中：https://github.com/YoriInstitute/crDroidAndroid_device_xiaomi_sdm845-common/commit/28fe5bc41d49b31b4acb840bf167b70d70a40c61设置ro.face.sense_service.camera_id属性以指定摄像头：https://github.com/YoriInstitute/crDroidAndroid_device_xiaomi_equuleus/commit/67518f130650e4592b5f4c7210248072058d48cchttps://github.com/YoriInstitute/AOSPA_device_xiaomi_equuleus/blob/topaz/device.mk#L397-L399在crDroid魔改的ParanoidSense中，因指定了其位于system_ext（https://gitlab.com/crdroidandroid/android_packages_apps_FaceUnlock/-/commit/545688260eb32ba19f348e84e3cae89ba29f20d1），故将这个属性加到system_ext的prop文件中。

简述对AOSP设备树中的一些文件和概念的理解 设备树所共有的内容大致分为以下几类： Android.bp 各种Makefile，后缀.mk prop文件，后缀.prop overlay，放在overlay文件夹中 sepolicy，即SELinux规则，放在sepolicy文件夹中 manifest.xml extract-files.py、setup-makefiles.py和proprietary-files.txt .dependencies结尾的依赖文件 其他各种配置

为黑群晖迁移RR引导盘 写这篇文章是因为原来的磁盘是一个16g的u盘，目标磁盘是一条16g的傲腾，虽然都是16G但是原先那个稍微大一点（我也不知道为什么（逃 直接dd肯定是行不通了，原盘比目标盘大，故记录下折腾过程{alert type="warning"}数据无价，折腾需谨慎{/alert}分析RR引导盘一共有三个分区：FAT32,50.00MBExt2,50.00MBExt4,剩余所有空间其中，第一个分区是引导分区，是可引导的（fdisk -l中Boot被打了星号）；第二个没研究是什么，估计是grub，第三个存放了群晖的内核和RR的配置文件思路因为前两个分区大小很小，所以直接用dd将两个分区完整拷贝到目标磁盘；第三个分区手动创建并格式化后将UUID、Label同步过来 {alert type="warning"}折腾过程使用Linux操作{/alert}开整将两块磁盘接入系统，分别为原盘/dev/sda，目标盘/dev/sdb 查看原盘信息：sudo fdisk -l /dev/sda输出：Disk /dev/sda: 14.55 GiB, 15627976704 bytes, 30523392 sectors Disk model: Storage Media Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x66d0fe82 Device Boot Start End Sectors Size Id Type /dev/sda1 * 2048 104447 102400 50M 83 Linux /dev/sda2 104448 206847 102400 50M 83 Linux /dev/sda3 206848 30523391 30316544 14.5G 83 Linux将前两个分区和磁盘分区表信息拷贝到目标盘sudo dd if=/dev/sda of=dev/sdb count=206848 # 此处count的数值为上面第三个分区的起始请根据你的磁盘修改输出：206848+0 records in 206848+0 records out 105906176 bytes (106 MB, 101 MiB) copied, 11.3812 s, 9.3 MB/s创建第三个分区使用fdisk打开磁盘：sudo fdisk /dev/sdb先删除原有的第三个分区的分区数据：输入d，输出Partition number (1-3, default 3):时输入3或直接回车； 提示Partition 3 has been deleted.后输入n创建分区，Partition type选择主分区，即p，剩下一路默认回车即可。完成后输入w保存退出。 不会用fdisk的建议自行搜索格式化新创建的分区并写入UUID等信息sudo mkfs.ext4 /dev/sdb3使用file指令查看原盘第三个分区的信息：sudo file -s /dev/sda3输出：/dev/sda3: Linux rev 1.0 ext4 filesystem data, UUID=617a3aca-4b56-42d7-8558-54411b344a7d, volume name "RR3" (extents) (64bit) (large files) (huge files)记录下UUID和volume name（即"RR3"），并使用如下指令将UUID和volume name写入新盘：sudo tune2fs /dev/sdb3 -U df39b1f3-b846-49dc-a317-ce329ec87ca2 # 写入UUID sudo tune2fs /dev/sdb3 -L RR3 # 写入volume name拷贝数据挂载两个盘的第三分区，假设原盘为~/a，目标盘为~/b，接着拷贝a中的所有数据到b（这步直接cp指令就行，不多赘述了）最终，umount所有挂载点，拔下磁盘接入黑群晖，迁移成功。

给Android 4.9内核添加KernelSU支持 前言KernelSU出来也有一段时间了，官方只支持GKI内核但是给出了非GKI内核的集成方案。咱使用的小米8屏幕指纹版是基于Android4.9内核的，实测直接使用KernelSU的脚本集成会出问题，故记录下折腾过程 特别感谢：Tomsec大佬提供的4.9修复方案准备材料Android Kernel源码，此处使用的是LineageOS/android_kernel_xiaomi_sdm845能访问GitHub的网络环境AnyKernel3源码，可参考如下仓库：https://github.com/YoriInstitute/AnyKernel3-equuleus交叉编译器，可参考如下仓库：https://github.com/YoriInstitute/AnyKernel3-equuleus/blob/13/.github/workflows/build.yml#L21-L23编译服务器开整编译环境配置这里就不叙述了，可以放在ROM编译里制作包的时候直接集成在boot.img里也可以单独编译成AnyKernel3可刷入包，这里使用的是AnyKernel3的方案。下载内核源码、交叉编译器git clone https://github.com/KaguraiYoRoy/android_kernel_xiaomi_sdm845 -b lineage-20 sdm845 #内核源码 git clone https://android.googlesource.com/platform/prebuilts/clang/host/linux-x86 --depth=1 -b android-13.0.0_r43 clang #Clang git clone https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9 -b android-10.0.0_r32 --depth=1 #aarch64的GCC git clone https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/arm/arm-linux-androideabi-4.9 -b android-10.0.0_r32 --depth=1 #arm的GCC不同内核需要的交叉编译器可能不同，请根据你的实际情况修改 {alert type="info"}此处下载内核时没加参数--depth=1是为了后期便于cherry-pick，若你选择手动修改内核源码而不是pick则可以加上此参数，可以显著减少下载时的时间 {/alert}修改内核源码参考如下两个commit：https://github.com/OnlyTomInSecond/android_kernel_xiaomi_sdm845/commit/7862fd2c14b69a1a346b7c699f8370e2de423eefcommit b5853fb7cefdc8a2e160cb73512dc6b51569fa66 Author: OnlyTomInSecond <q2781273965@gmail.com> Date: Wed Apr 5 11:05:12 2023 +0800 kernelsu: allow init exec ksud under nosuid Change-Id: I8aa6e6d3cbee1addd5da9bb48b4c08ce91f9db81 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4abba0e1674d..693f2ac03352 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2320,7 +2320,10 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm, { int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS); int nosuid = !mnt_may_suid(bprm->file->f_path.mnt); - int rc; + int rc, error; + static u32 ksu_sid; + char *secdata; + u32 seclen; if (!nnp && !nosuid) return 0; /* neither NNP nor nosuid */ @@ -2328,6 +2331,18 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm, if (new_tsec->sid == old_tsec->sid) return 0; /* No change in credentials */ + if(!ksu_sid){ + security_secctx_to_secid("u:r:su:s0", strlen("u:r:su:s0"), &ksu_sid); + } + error = security_secid_to_secctx(old_tsec->sid, &secdata, &seclen); + if (!error) { + rc = strcmp("u:r:init:s0",secdata); + security_release_secctx(secdata, seclen); + if(rc == 0 && new_tsec->sid == ksu_sid){ + return 0; + } + } + /* * The only transitions we permit under NNP or nosuid * are transitions to bounded SIDs, i.e. SIDs that arehttps://github.com/OnlyTomInSecond/android_kernel_xiaomi_sdm845/commit/81d7168f2f01e6aba0932a4787119fbc541eba58commit 8bfe4d4de25650505798cba0a5a20db4b2ab7dd6 Author: OnlyTomInSecond <q2781273965@gmail.com> Date: Thu Oct 19 17:55:23 2023 +0800 Kernelsu: add path_umount implementation. Change-Id: I3b0273e9857c51cc3215afab0d2cebe0dff38cfb diff --git a/fs/namespace.c b/fs/namespace.c index 21fd423b19cf..219a501337b0 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1711,6 +1711,38 @@ static inline bool may_mandlock(void) } #endif +static int can_umount(const struct path *path, int flags) +{ + struct mount *mnt = real_mount(path->mnt); + + if (!may_mount()) + return -EPERM; + if (path->dentry != path->mnt->mnt_root) + return -EINVAL; + if (!check_mnt(mnt)) + return -EINVAL; + if (mnt->mnt.mnt_flags & MNT_LOCKED) /* Check optimistically */ + return -EINVAL; + if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN)) + return -EPERM; + return 0; +} + +// caller is responsible for flags being sane +int path_umount(struct path *path, int flags) +{ + struct mount *mnt = real_mount(path->mnt); + int ret; + + ret = can_umount(path, flags); + if (!ret) + ret = do_umount(mnt, flags); + + /* we mustn't call path_put() as that would clear mnt_expiry_mark */ + dput(path->dentry); + mntput_no_expire(mnt); + return ret; +} /* * Now umount can handle mount points as well as block devices. * This is important for filesystems which use unnamed block devices.方案来源：Tomsec启用kprobe支持打开你的内核的defconfig文件，添加如下三行：CONFIG_KPROBES=y CONFIG_HAVE_KPROBES=y CONFIG_KPROBE_EVENTS=y集成KernelSU此步骤和ksu官网教程一样，在内核根目录执行如下指令：curl -LSs "https://raw.githubusercontent.com/tiann/KernelSU/main/kernel/setup.sh" | bash -s v0.9.5{alert type="warning"}注：最高支持非GKI内核的KernelSU版本是v0.9.5，请勿使用更高版本的tag否则会编译不通过{/alert}编写AnyKernel3脚本下载下来AnyKernel3，并且按照README修改anykernel.sh，可参考咱的仓库修改：仓库地址：https://github.com/iYoRoy-AOSP-Institute/AnyKernel3-equuleus/blob/14/anykernel.sh{collapse}{collapse-item label="展开代码"}commit 3b46e03e0ffdd52bbb3f51b45b0ff649a407d1a5 Author: KaguraiYoRoy <3363384229@qq.com> Date: Sat Sep 9 02:41:54 2023 +0000 anykernel.sh: modify for equuleus diff --git a/anykernel.sh b/anykernel.sh old mode 100755 new mode 100644 index 367d29f..c950ce7 --- a/anykernel.sh +++ b/anykernel.sh @@ -4,23 +4,17 @@ ### AnyKernel setup # global properties properties() { ' -kernel.string=ExampleKernel by osm0sis @ xda-developers +kernel.string=Xiaomi 8 Pro Kernel by Kagura iYoRoy @ iYoRoy Studio do.devicecheck=1 do.modules=0 -do.systemless=1 +do.systemless=0 do.cleanup=1 do.cleanuponabort=0 -device.name1=maguro -device.name2=toro -device.name3=toroplus -device.name4=tuna -device.name5= -supported.versions= +device.name1=equuleus +supported.versions=13 supported.patchlevels= -supported.vendorpatchlevels= '; } # end properties - ### AnyKernel install ## boot files attributes boot_attributes() { @@ -29,7 +23,7 @@ set_perm_recursive 0 0 750 750 $ramdisk/init* $ramdisk/sbin; } # end attributes # boot shell variables -block=/dev/block/platform/omap/omap_hsmmc.0/by-name/boot; +block=/dev/block/bootdevice/by-name/boot; is_slot_device=0; ramdisk_compression=auto; patch_vbmeta_flag=auto; @@ -41,32 +35,26 @@ patch_vbmeta_flag=auto; dump_boot; # use split_boot to skip ramdisk unpack, e.g. for devices with init_boot ramdisk # init.rc -backup_file init.rc; -replace_string init.rc "cpuctl cpu,timer_slack" "mount cgroup none /dev/cpuctl cpu" "mount cgroup none /dev/cpuctl cpu,timer_slack"; +#backup_file init.rc; +#replace_string init.rc "cpuctl cpu,timer_slack" "mount cgroup none /dev/cpuctl cpu" "mount cgroup none /dev/cpuctl cpu,timer_slack"; # init.tuna.rc -backup_file init.tuna.rc; -insert_line init.tuna.rc "nodiratime barrier=0" after "mount_all /fstab.tuna" "\tmount ext4 /dev/block/platform/omap/omap_hsmmc.0/by-name/userdata /data remount nosuid nodev noatime nodiratime barrier=0"; -append_file init.tuna.rc "bootscript" init.tuna; +#backup_file init.tuna.rc; +#insert_line init.tuna.rc "nodiratime barrier=0" after "mount_all /fstab.tuna" "\tmount ext4 /dev/block/platform/omap/omap_hsmmc.0/by-name/userdata /data remount nosuid nodev noatime nodiratime barrier=0"; +#append_file init.tuna.rc "bootscript" init.tuna; # fstab.tuna -backup_file fstab.tuna; -patch_fstab fstab.tuna /system ext4 options "noatime,barrier=1" "noatime,nodiratime,barrier=0"; -patch_fstab fstab.tuna /cache ext4 options "barrier=1" "barrier=0,nomblk_io_submit"; -patch_fstab fstab.tuna /data ext4 options "data=ordered" "nomblk_io_submit,data=writeback"; -append_file fstab.tuna "usbdisk" fstab; +#backup_file fstab.tuna; +#patch_fstab fstab.tuna /system ext4 options "noatime,barrier=1" "noatime,nodiratime,barrier=0"; +#patch_fstab fstab.tuna /cache ext4 options "barrier=1" "barrier=0,nomblk_io_submit"; +#patch_fstab fstab.tuna /data ext4 options "data=ordered" "nomblk_io_submit,data=writeback"; +#append_file fstab.tuna "usbdisk" fstab; write_boot; # use flash_boot to skip ramdisk repack, e.g. for devices with init_boot ramdisk ## end boot install -## init_boot files attributes -#init_boot_attributes() { -#set_perm_recursive 0 0 755 644 $ramdisk/*; -#set_perm_recursive 0 0 750 750 $ramdisk/init* $ramdisk/sbin; -#} # end attributes - -# init_boot shell variables +## init_boot shell variables #block=init_boot; #is_slot_device=1; #ramdisk_compression=auto; @@ -98,13 +86,7 @@ write_boot; # use flash_boot to skip ramdisk repack, e.g. for devices with init_ ## end vendor_kernel_boot install -## vendor_boot files attributes -#vendor_boot_attributes() { -#set_perm_recursive 0 0 755 644 $ramdisk/*; -#set_perm_recursive 0 0 750 750 $ramdisk/init* $ramdisk/sbin; -#} # end attributes - -# vendor_boot shell variables +## vendor_boot shell variables #block=vendor_boot; #is_slot_device=1; #ramdisk_compression=auto; @@ -118,4 +100,3 @@ write_boot; # use flash_boot to skip ramdisk repack, e.g. for devices with init_ #write_boot; # use flash_boot to skip ramdisk repack, e.g. for dtb on devices with hdr v4 but no vendor_kernel_boot ## end vendor_boot install -{/collapse-item}{/collapse}编译内核此处建议参考网上教程，不同内核编译参数设置会有所不同 咱将编译过程打包成了shell脚本，可供参考：{alert type="info"}请将下方$WORKSPACE替换为你自己的工作目录{/alert}#!/bin/bash ARCH="arm64" CLANG_DIR="$WORKSPACE/clang/clang-r450784d" #Clang文件夹 CC="$CLANG_DIR/bin/clang" export PATH="$CLANG_DIR/bin:$PATH" OUT_DIR="./out" CLANG_TRIPLE="aarch64-linux-gnu-" CROSS_COMPILE="$WORKSPACE/aarch64-linux-android-4.9/bin/aarch64-linux-androidkernel-" #aarch64GCC CROSS_COMPILE_ARM32="$WORKSPACE/arm-linux-androideabi-4.9/bin/arm-linux-androidkernel-" #armGCC CC_ADDITION_FLAGS="AR=llvm-ar NM=llvm-nm OBJCOPY=llvm-objcopy OBJDUMP=llvm-objdump STRIP=llvm-strip LLVM_IAS=1 LLVM=1 LD=ld.lld" ANYKERNEL_DIR="$WORKSPACE/AnyKernel3" #编写好的AnyKernel3文件夹所在位置 THREAD=$(nproc --all) args="-j$THREAD O=$OUT_DIR ARCH=$ARCH CROSS_COMPILE=$CROSS_COMPILE CROSS_COMPILE_ARM32=$CROSS_COMPILE_ARM32 CC=$CC CLANG_TRIPLE=$CLANG_TRIPLE $CC_ADDITION_FLAGS" ### 编译内核 ### echo "[+]Args: $args" echo "[+}Generate .config" make equuleus_user_defconfig $args #此处equuleus_user_defconfig为equuleus的内核defconfig文件，请替换成你的内核配置文件名 echo "[+]Begin Build" make $args ### 编译完成 ### ### 制作AnyKernel3 ### cd $WORKSPACE/sdm845/KernelSU KSU_VERSION='v0.9.5' TARGET_KERNEL="Mi8Pro-LineageKernel-KernelSU$KSU_VERSION" #内核文件名 echo "[+]KernelSU Version: $KSU_VERSION" echo "[+]Target file: $TARGET_KERNEL" cd $WORKSPACE/AnyKernel3 cp $WORKSPACE/sdm845/out/arch/arm64/boot/Image . cp $WORKSPACE/sdm845/out/arch/arm64/boot/Image.gz . cp $WORKSPACE/sdm845/out/arch/arm64/boot/Image.gz-dtb . OUTPUT_FILE=${TARGET_KERNEL}-$(date +"%y.%m.%d").zip echo "[+]Output: $OUTPUT_FILE" zip -r $OUTPUT_FILE * mv $OUTPUT_FILE $WORKSPACE刷入使用twrp之类的recovery即可使用GitHub Actions自动编译内核yml编写请参考：https://github.com/iYoRoy-AOSP-Institute/AnyKernel3-equuleus/blob/13/.github/workflows/build.yml {collapse}{collapse-item label="展开代码"}name: Build AnyKernel on: push: schedule: - cron: '0 0 * * 0' jobs: build: runs-on: ubuntu-latest steps: - name: Download run: | echo "Free space:" df -h cd $GITHUB_WORKSPACE echo "[+]Install packages:" sudo apt update sudo apt install zip bc bison build-essential ccache curl flex g++-multilib gcc-multilib git gnupg gperf imagemagick lib32ncurses5-dev lib32readline-dev lib32z1-dev liblz4-tool libncurses5-dev libncurses5 libsdl1.2-dev libssl-dev libwxgtk3.0-gtk3-dev libxml2 libxml2-utils lzop pngcrush rsync schedtool squashfs-tools xsltproc zip zlib1g-dev make unzip python-is-python3 echo "[+]Clone dependencies:" git clone https://github.com/KaguraiYoRoy/android_kernel_xiaomi_sdm845 -b lineage-20 sdm845 git clone https://android.googlesource.com/platform/prebuilts/clang/host/linux-x86 --depth=1 -b android-13.0.0_r43 clang git clone https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9 -b android-10.0.0_r32 --depth=1 git clone https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/arm/arm-linux-androideabi-4.9 -b android-10.0.0_r32 --depth=1 git clone https://github.com/KaguraiYoRoy/AnyKernel3-equuleus AnyKernel3 --depth=1 - name: Setup KernelSU run: | cd $GITHUB_WORKSPACE/sdm845 curl -LSs "https://raw.githubusercontent.com/tiann/KernelSU/main/kernel/setup.sh" | bash -s main - name: Build Kernel run: | cd $GITHUB_WORKSPACE/sdm845 ARCH="arm64" CLANG_DIR="$GITHUB_WORKSPACE/clang/clang-r450784d" CC="$CLANG_DIR/bin/clang" export PATH="$CLANG_DIR/bin:$PATH" OUT_DIR="./out" CLANG_TRIPLE="aarch64-linux-gnu-" CROSS_COMPILE="$GITHUB_WORKSPACE/aarch64-linux-android-4.9/bin/aarch64-linux-androidkernel-" CROSS_COMPILE_ARM32="$GITHUB_WORKSPACE/arm-linux-androideabi-4.9/bin/arm-linux-androidkernel-" CC_ADDITION_FLAGS="AR=llvm-ar NM=llvm-nm OBJCOPY=llvm-objcopy OBJDUMP=llvm-objdump STRIP=llvm-strip LLVM_IAS=1 LLVM=1 LD=ld.lld" THREAD=$(nproc --all) ANYKERNEL_DIR="$GITHUB_WORKSPACE/AnyKernel3" args="-j$THREAD O=$OUT_DIR ARCH=$ARCH CROSS_COMPILE=$CROSS_COMPILE CROSS_COMPILE_ARM32=$CROSS_COMPILE_ARM32 CC=$CC CLANG_TRIPLE=$CLANG_TRIPLE $CC_ADDITION_FLAGS" echo "[+]Args: $args" echo "[+}Generate .config" make equuleus_user_defconfig $args echo "[+]Begin Build" make $args - name: Compress run: | cd $GITHUB_WORKSPACE/sdm845/KernelSU KSU_VERSION=`expr 10000 + \`git rev-list --count HEAD\` + 200` TARGET_KERNEL="Mi8Pro-LineageKernel-KernelSU$KSU_VERSION" echo "[+]KernelSU Version: $KSU_VERSION" echo "[+]Target file: $TARGET_KERNEL" cd $GITHUB_WORKSPACE/AnyKernel3 cp $GITHUB_WORKSPACE/sdm845/out/arch/arm64/boot/Image . cp $GITHUB_WORKSPACE/sdm845/out/arch/arm64/boot/Image.gz . cp $GITHUB_WORKSPACE/sdm845/out/arch/arm64/boot/Image.gz-dtb . OUTPUT_FILE=${TARGET_KERNEL}-$(date +"%y.%m.%d").zip echo "[+]Output: $OUTPUT_FILE" zip -r $OUTPUT_FILE * mv $OUTPUT_FILE $GITHUB_WORKSPACE - name: Release uses: softprops/action-gh-release@v1 with: tag_name: Android13 files: | Mi8Pro*.zip咱才不会告诉你上面的脚本其实也是这里面摘出来的（逃{/collapse-item}{/collapse}头图下载