DroidFS/BUILD.md

Introduction

DroidFS relies on modified versions of the original encrypted filesystems programs to open volumes. CryFS is written in C++ while gocryptfs is written in Go. Thus, building DroidFS requires the compilation of native code. However, for the sake of simplicity, the application has been designed in a modular way: you can build a version of DroidFS that supports both Gocryptfs and CryFS, or only one of the two.

Moreover, DroidFS aims to be accessible to as many people as possible. If you encounter any problems or need help with the build, feel free to open an issue, a discussion, or contact me by email or on Matrix: @hardcoresushi:matrix.underworld.fr

Setup

Install required packages:

$ sudo apt-get install openjdk-11-jdk-headless build-essential pkg-config git gnupg2 wget apksigner

You also need to manually install the Android SDK and the Android Native Development Kit (NDK) (r23 versions are recommended).

If you want a support for Gocryptfs volumes, you must install Go and libssl:

$ sudo apt-get install golang-go libssl-dev

The code should be authenticated before being built. To verify the signatures, you will need my PGP key:

$ gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys AFE384344A45E13A

Fingerprint: B64E FE86 CEE1 D054 F082 1711 AFE3 8434 4A45 E13A
Email: Hardcore Sushi <hardcore.sushi@disroot.org>

Download sources

Download DroidFS source code:

$ git clone --depth=1 https://github.com/hardcore-sushi/DroidFS.git

Verify sources:

$ cd DroidFS
$ git verify-commit HEAD

Don't continue if the verification fails!

Initialize submodules:

$ git submodule update --depth=1 --init

FFmpeg is needed to record encrypted video:

$ cd app/ffmpeg
$ git clone --depth=1 https://git.ffmpeg.org/ffmpeg.git

If you want Gocryptfs support, you need to download OpenSSL:

$ cd ../libgocryptfs
$ wget https://www.openssl.org/source/openssl-1.1.1p.tar.gz

Verify OpenSSL signature:

$ wget https://www.openssl.org/source/openssl-1.1.1p.tar.gz.asc
$ gpg --verify openssl-1.1.1p.tar.gz.asc openssl-1.1.1p.tar.gz

Continue ONLY if the signature is VALID.

$ tar -xzf openssl-1.1.1p.tar.gz

If you want CryFS support, initialize libcryfs:

$ cd app/libcryfs
$ git submodule update --depth=1 --init

Build

Retrieve your Android NDK installation path, usually something like /home/\<user\>/Android/SDK/ndk/\<NDK version\>. Then, make it available in your shell:

$ export ANDROID_NDK_HOME="<your ndk path>"

Start by compiling FFmpeg:

$ cd app/ffmpeg
$ ./build.sh ffmpeg

libgocryptfs

This step is only required if you want Gocryptfs support.

$ cd app/libgocryptfs
$ OPENSSL_PATH="./openssl-1.1.1p" ./build.sh

Compile APKs

Gradle build libgocryptfs and libcryfs by default.

To build DroidFS without Gocryptfs support, run:

$ ./gradlew assembleRelease -PdisableGocryptfs=true

To build DroidFS without CryFS support, run:

$ ./gradlew assembleRelease -PdisableCryFS=true

If you want to build DroidFS with support for both Gocryptfs and CryFS, just run:

$ ./gradlew assembleRelease

Sign APKs

If the build succeeds, you will find the unsigned APKs in app/build/outputs/apk/release/. These APKs need to be signed in order to be installed on an Android device.

If you don't already have a keystore, you can create a new one by running:

$ keytool -genkey -keystore <output file> -alias <key alias> -keyalg EC -validity 10000

Then, sign the APK with:

$ apksigner sign --out droidfs.apk -v --ks <keystore> app/build/outputs/apk/release/<unsigned apk file>

Now you can install droidfs.apk on your device.