3.7 KiB
Introduction
DroidFS relies on modified versions of the original encrypted filesystems programs to open volumes. CryFS is written in C++ while gocryptfs is written in Go. Thus, building DroidFS requires the compilation of native code. However, for the sake of simplicity, the application has been designed in a modular way: you can build a version of DroidFS that supports both Gocryptfs and CryFS, or only one of the two.
Setup
Install required packages:
$ sudo apt-get install openjdk-11-jdk-headless build-essential pkg-config git gnupg2 wget apksigner
You also need to manually install the Android SDK and the Android Native Development Kit (NDK) (r23 versions are recommended).
If you want a support for Gocryptfs volumes, you must install Go and libssl:
$ sudo apt-get install golang-go libssl-dev
For CryFS support, you need Python:
$ sudo apt-get install python3
The code should be authenticated before being built. To verify the signatures, you will need my PGP key:
$ gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys AFE384344A45E13A
Fingerprint: B64E FE86 CEE1 D054 F082 1711 AFE3 8434 4A45 E13A
Email: Hardcore Sushi <hardcore.sushi@disroot.org>
Download sources
Download DroidFS source code:
$ git clone --depth=1 https://github.com/hardcore-sushi/DroidFS.git
Verify sources:
$ cd DroidFS
$ git verify-commit HEAD
Don't continue if the verification fails!
Initialize submodules:
$ git submodule update --depth=1 --init
FFmpeg is needed to record encrypted video:
$ cd app/ffmpeg
$ git clone --depth=1 https://git.ffmpeg.org/ffmpeg.git
If you want Gocryptfs support, you need to download OpenSSL:
$ cd ../libgocryptfs
$ wget https://www.openssl.org/source/openssl-1.1.1p.tar.gz
Verify OpenSSL signature:
$ wget https://www.openssl.org/source/openssl-1.1.1p.tar.gz.asc
$ gpg --verify openssl-1.1.1p.tar.gz.asc openssl-1.1.1p.tar.gz
Continue ONLY if the signature is VALID.
$ tar -xzf openssl-1.1.1p.tar.gz
If you want CryFS support, initialize libcryfs:
$ cd app/libcryfs
$ git submodule update --depth=1 --init
Build
Retrieve your Android NDK installation path, usually something like /home/\<user\>/Android/SDK/ndk/\<NDK version\>. Then, make it available in your shell:
$ export ANDROID_NDK_HOME="<your ndk path>"
Start by compiling FFmpeg:
$ cd app/ffmpeg
$ ./build.sh ffmpeg
libgocryptfs
This step is only required if you want Gocryptfs support.
$ cd app/libgocryptfs
$ OPENSSL_PATH="./openssl-1.1.1p" ./build.sh
Compile APKs
Gradle build libgocryptfs and libcryfs by default.
To build DroidFS without Gocryptfs support, run:
$ ./gradlew assembleRelease -PdisableGocryptfs=true
To build DroidFS without CryFS support, run:
$ ./gradlew assembleRelease -PdisableCryFS=true
If you want to build DroidFS with support for both Gocryptfs and CryFS, just run:
$ ./gradlew assembleRelease
Sign APKs
If the build succeeds, you will find the unsigned APKs in app/build/outputs/apk/release/. These APKs need to be signed in order to be installed on an Android device.
If you don't already have a keystore, you can create a new one by running:
$ keytool -genkey -keystore <output file> -alias <key alias> -keyalg EC -validity 10000
Then, sign the APK with:
$ apksigner sign --out droidfs.apk -v --ks <keystore> app/build/outputs/apk/release/<unsigned apk file>
Now you can install droidfs.apk on your device.