From a8fb5960f284eb58c6e421b0ac1ac6b57c9a6e7a Mon Sep 17 00:00:00 2001 From: Hardcore Sushi Date: Sat, 25 Jun 2022 19:25:15 +0200 Subject: [PATCH] Build documentation --- BUILD.md | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- README.md | 75 ++++--------------------------------- 2 files changed, 114 insertions(+), 71 deletions(-) diff --git a/BUILD.md b/BUILD.md index 3c7d3ad..4890387 100644 --- a/BUILD.md +++ b/BUILD.md @@ -1,8 +1,110 @@ +# Introduction +DroidFS relies on modified versions of the original encrypted filesystems programs to open volumes. [CryFS](https://github.com/cryfs/cryfs) is written in C++ while [gocryptfs](https://github.com/rfjakob/gocryptfs) is written in Go. Thus, building DroidFS requires the compilation of native code. However, for the sake of simplicity, the application has been designed in a modular way: you can build a version of DroidFS that supports both Gocryptfs and CryFS, or only one of the two. + +# Setup +Install required packages: ``` -git submodule update --depth=1 --init +$ sudo apt-get install openjdk-11-jdk-headless build-essential pkg-config git gnupg2 wget apksigner ``` +You also need to manually install the [Android SDK](https://developer.android.com/studio/index.html#command-tools) and the [Android Native Development Kit (NDK)](https://developer.android.com/ndk/downloads) (r23 versions are recommended). + +If you want a support for Gocryptfs volumes, you must install [Go](https://golang.org/doc/install) and libssl: ``` -for i in concepts meta std range; do - ln -s /usr/include/$i $ANDROID_NDK_ROOT/toolchains/llvm/prebuilt/linux-x86_64/sysroot/usr/include; -done +$ sudo apt-get install golang-go libssl-dev ``` +For CryFS support, you need [Python](https://www.python.org): +``` +$ sudo apt-get install python3 +``` +The code should be authenticated before being built. To verify the signatures, you will need my PGP key: +``` +$ gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys AFE384344A45E13A +``` +Fingerprint: `B64E FE86 CEE1 D054 F082 1711 AFE3 8434 4A45 E13A` \ +Email: `Hardcore Sushi ` + +# Download sources +Download DroidFS source code: +``` +$ git clone --depth=1 https://github.com/hardcore-sushi/DroidFS.git +``` +Verify sources: +``` +$ cd DroidFS +$ git verify-commit HEAD +``` +__Don't continue if the verification fails!__ + +Initialize submodules: +``` +$ git submodule update --depth=1 --init +``` +[FFmpeg](https://ffmpeg.org) is needed to record encrypted video: +``` +$ cd app/ffmpeg +$ git clone --depth=1 https://git.ffmpeg.org/ffmpeg.git +``` +If you want Gocryptfs support, you need to download OpenSSL: +``` +$ cd ../libgocryptfs +$ wget https://www.openssl.org/source/openssl-1.1.1p.tar.gz +``` +Verify OpenSSL signature: +``` +$ wget https://www.openssl.org/source/openssl-1.1.1p.tar.gz.asc +$ gpg --verify openssl-1.1.1p.tar.gz.asc openssl-1.1.1p.tar.gz +``` +Continue **ONLY** if the signature is **VALID**. +``` +$ tar -xzf openssl-1.1.1p.tar.gz +``` +If you want CryFS support, initialize libcryfs: +``` +$ cd app/libcryfs +$ git submodule update --depth=1 --init +``` + +# Build +Retrieve your Android NDK installation path, usually something like `/home/\/Android/SDK/ndk/\`. Then, make it available in your shell: +``` +$ export ANDROID_NDK_HOME="" +``` +Start by compiling FFmpeg: +``` +$ cd app/ffmpeg +$ ./build.sh ffmpeg +``` +## libgocryptfs +This step is only required if you want Gocryptfs support. +``` +$ cd app/libgocryptfs +$ OPENSSL_PATH="./openssl-1.1.1p" ./build.sh + ``` +## Compile APKs +Gradle build libgocryptfs and libcryfs by default. + +To build DroidFS without Gocryptfs support, run: +``` +$ ./gradlew assembleRelease -PdisableGocryptfs=true +``` +To build DroidFS without CryFS support, run: +``` +$ ./gradlew assembleRelease -PdisableCryFS=true +``` +If you want to build DroidFS with support for both Gocryptfs and CryFS, just run: +``` +$ ./gradlew assembleRelease +``` + +# Sign APKs +If the build succeeds, you will find the unsigned APKs in `app/build/outputs/apk/release/`. These APKs need to be signed in order to be installed on an Android device. + +If you don't already have a keystore, you can create a new one by running: +``` +$ keytool -genkey -keystore -alias -keyalg EC -validity 10000 +``` +Then, sign the APK with: +``` +$ apksigner sign --out droidfs.apk -v --ks app/build/outputs/apk/release/ +``` +Now you can install `droidfs.apk` on your device. diff --git a/README.md b/README.md index 8d7554e..b0aa823 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # DroidFS DroidFS is an alternative way to use encrypted overlay filesystems on Android that uses its own internal file explorer instead of mounting virtual volumes. -It currently only works with [gocryptfs](https://github.com/rfjakob/gocryptfs) but support for [CryFS](https://github.com/cryfs/cryfs) could be added in the future. +It currently supports [gocryptfs](https://github.com/rfjakob/gocryptfs) and [CryFS](https://github.com/cryfs/cryfs) (alpha).

@@ -83,79 +83,20 @@ DroidFS need some permissions to work properly. Here is why: # Limitations -DroidFS use some parts of the original gocryptfs code, which is designed to run on Linux x86 systems: it accesses the underlying file system with file paths and syscalls. However in Android, you can't access other apps files with file paths. Instead, you must use the [ContentProvider](https://developer.android.com/guide/topics/providers/content-providers) API. And obviously, the original gocryptfs code doesn't work with this API. This is why DroidFS can't open volumes provided by other applications, such as cloud storage clients. You can only use DroidFS with volumes located on shared storage or in the app's internal storage (hidden volumes). External storage such as SD cards are only supported in read-only access for now. +DroidFS works as a wrapper around modified versions of the original encrypted container implementations ([libgocryptfs](https://forge.chapril.org/hardcoresushi/libgocryptfs) and [libcryfs](https://forge.chapril.org/hardcoresushi/libcryfs)). These programs were designed to run on standard x86 Linux systems: they access the underlying file system with file paths and syscalls. However, on Android, you can't access files from other applications using file paths. Instead, one has to use the [ContentProvider](https://developer.android.com/guide/topics/providers/content-providers) API. Obviously, neither Gocryptfs nor CryFS support this API. As a result, DroidFS cannot open volumes provided by other applications (such as cloud storage clients), nor can it allow other applications to access encrypted volumes once opened. -# Build -Most of the original gocryptfs code was used as is (written in Go) and compiled to native code. That's why you need [Go](https://golang.org) and the [Android Native Development Kit (NDK)](https://developer.android.com/ndk/) to build DroidFS from source. +Due to Android's storage restrictions, encrypted volumes located on SD cards must be placed under `/Android/data/sushi.hardcore.droidfs/` if you want DroidFS to be able to modify them. -#### Install dependencies -On debian: -``` -$ sudo apt-get install build-essential pkg-config libssl-dev -``` -Install [Go](https://golang.org/doc/install): -``` -$ sudo apt-get install golang-go -``` -You also need to install the Android SDK build tools and the [Android NDK](https://developer.android.com/studio/projects/install-ndk). - -#### Download Sources -``` -$ git clone --recurse-submodules https://github.com/hardcore-sushi/DroidFS.git -$ cd DroidFS -``` -[libgocryptfs](https://forge.chapril.org/hardcoresushi/libgocryptfs) needs OpenSSL: -``` -$ cd app/libgocryptfs -$ wget https://www.openssl.org/source/openssl-1.1.1n.tar.gz -``` -Verify OpenSSL signature: -``` -$ wget https://www.openssl.org/source/openssl-1.1.1n.tar.gz.asc -$ gpg --verify openssl-1.1.1n.tar.gz.asc openssl-1.1.1n.tar.gz -``` -Continue **ONLY** if the signature is **VALID**. -``` -$ tar -xvzf openssl-1.1.1n.tar.gz -``` -DroidFS also need [FFmpeg](https://ffmpeg.org) to record encrypted video: -``` -$ cd app/ffmpeg -$ git clone --depth=1 https://git.ffmpeg.org/ffmpeg.git -``` - -#### Generate a keystore -APKs must be signed to be installed on an Android device. If you don't already have a keystore, you can generate one by running: -``` -$ keytool -genkey -keystore -alias -keyalg EC -validity 10000 -``` - -#### Build -Retrieve your Android NDK installation path, usually something like "/home/\/Android/SDK/ndk/\". Now you can build libgocryptfs: -``` -$ cd DroidFS/app/libgocryptfs -$ env ANDROID_NDK_HOME="" OPENSSL_PATH="./openssl-1.1.1n" ./build.sh - ``` -Then FFmpeg: -``` -$ cd app/ffmpeg -$ env ANDROID_NDK_HOME="" ./build.sh ffmpeg -``` -Finally, compile the app: -``` -$ ./gradlew assembleRelease -``` -If the build succeeds, you will find the unsigned APKs in `app/build/outputs/apk/release/`. You need to sign them in order to install the app: -``` -$ apksigner sign --out droidfs.apk -v --ks app/build/outputs/apk/release/ -``` -Now you can install `droidfs.apk` on your device. +# Building from source +You can follow the instructions in [BUILD.md](BUILD.md) to build DroidFS from source. # Third party code Thanks to these open source projects that DroidFS uses: ### Modified code: -- [libgocryptfs](https://forge.chapril.org/hardcoresushi/libgocryptfs) (forked from [gocryptfs](https://github.com/rfjakob/gocryptfs)) to encrypt your data +- Encrypted filesystems (to protect your data): + - [libgocryptfs](https://forge.chapril.org/hardcoresushi/libgocryptfs) (forked from [gocryptfs](https://github.com/rfjakob/gocryptfs)) + - [libcryfs](https://forge.chapril.org/hardcoresushi/libcryfs) (forked from [cryfs](https://github.com/cryfs/cryfs)) - [libpdfviewer](https://forge.chapril.org/hardcoresushi/libpdfviewer) (forked from [PdfViewer](https://github.com/GrapheneOS/PdfViewer)) to open PDF files - [DoubleTapPlayerView](https://github.com/vkay94/DoubleTapPlayerView) to add double-click controls to the video player ### Borrowed code: