{"id":34819914,"url":"https://github.com/hashbang/os","last_synced_at":"2025-12-25T14:27:12.661Z","repository":{"id":37492938,"uuid":"145996320","full_name":"hashbang/os","owner":"hashbang","description":"Open source security/privacy focused AOSP rom","archived":false,"fork":false,"pushed_at":"2022-03-21T23:33:06.000Z","size":3084,"stargazers_count":118,"open_issues_count":16,"forks_count":12,"subscribers_count":16,"default_branch":"master","last_synced_at":"2024-05-01T13:31:39.576Z","etag":null,"topics":["android","aosp","reproducible-builds","rom"],"latest_commit_sha":null,"homepage":"","language":"Makefile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hashbang.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-08-24T13:40:13.000Z","updated_at":"2024-05-01T13:31:39.576Z","dependencies_parsed_at":"2022-09-15T06:40:48.921Z","dependency_job_id":null,"html_url":"https://github.com/hashbang/os","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/hashbang/os","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hashbang%2Fos","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hashbang%2Fos/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hashbang%2Fos/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hashbang%2Fos/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hashbang","download_url":"https://codeload.github.com/hashbang/os/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hashbang%2Fos/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28031131,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-25T02:00:05.988Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","aosp","reproducible-builds","rom"],"created_at":"2025-12-25T14:26:54.290Z","updated_at":"2025-12-25T14:27:12.647Z","avatar_url":"https://github.com/hashbang.png","language":"Makefile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# #!os #\n\n\u003chttp://github.com/hashbang/os\u003e\n\n## About ##\n\nThis is an effort to produce an AOSP based Android ROM with only the minimum\nbinary blobs in order for all hardware to function.\n\nAdditionally, we seek to produce signed deterministic builds allowing for high\naccountability via redundant CI systems all getting the same hash.\n\nHeavily inspired by the former CopperheadOS (RIP) project. We seek to provide a\ntrustable path to free public AOSP builds patched for privacy and security.\n\nAdditionally, this build system is intended to make it easy to build, sign\nand publish your own custom AOSP rom from patches/configs/branding as you see\nfit.\n\nA common build system/strategy for vanilla AOSP and AOSP forks also makes it\neasy to change between them as you see fit while still controlling your own\nkeys making debugging and comparisons easier.\n\n## Status ##\n\nPublic releases are pending sustainable/automated CI/CD work to do reproducible\nbuilds and multisig.\n\nTesting is currently manual. \"True\" implies only all hardware and surface level\nfunctionality appears to work. E2E testing integration is WIP\n\nTesters, builders, and hosting bandwidth needed.\n\n## Support ##\n\nPlease join us on IRC: ircs://irc.hashbang.sh/#!os\n\n## Features ##\n\n### Current\n\n * 100% Open Source and auditable\n   * Except for mandatory vendor blobs hash verified from Google Servers\n * Minimal changes to stock AOSP functionality\n * Automated build system:\n   * Completely run inside Docker for portability\n   * Customize builds from central config file.\n   * Automatically pin hashes from upstreams for reproducibility\n   * Automated patching/inclusion of upstream Android Sources\n * Removed:\n   * Google Play Services\n   * Proprietary system apps\n   * OMA-DM [backdoors][1]\n   * Browser2 - Mostly unmaintained\n   * Webview - Mostly unmaintained\n   * Calendar - Mostly unmaintained\n   * Quicksearch - Requires Google Play Services. Also removed from Launcher.\n * Added:\n   * Custom Android Verified Boot included in factory images\n   * F-Droid - Trusted as system app without need to enable \"Unknown Sources\"\n   * Chromium - With several privacy/security patches\n   * [Backup][2] - Minor OS changes made to allow backing up any app\n   * [Updater][3] - Patched to use os.hashbang.sh update server\n\n[1]: https://gist.github.com/thestinger/171b5ffdc54a50ee44497028aa137ed8\n[2]: https://github.com/stevesoltys/backup\n[3]: https://github.com/AndroidHardening/platform_packages_apps_Updater\n\n### Future\n\n * Reproducible builds\n    * Allow third parties to prove a build came from expected open source code.\n * Verified Builds\n    * Test builds signed with test keys are automated and used for verification.\n    * Third party verifiers will maintain webhook activated build nodes\n      * Will be in different legal jurisdictions\n      * should have a public reputation to lose if they tamper a build\n      * can offer mirrors signed with their own keys\n      * will publish signatures for test builds to be in 'verified' channel\n    * Updater app will verify signatures from m-of-n builders (e.g 2 of 3)\n    * Ability to build/sign/update own releases via Terraform automation\n * Compatibility Test Suite\n    * Every device should have a sponsor with an automated CTS test station\n * Hardening\n    * Test and integrate [GrapheneOS][5] patches in dedicated release channel\n      * Hardened Memory Allocator\n      * Chromium security/privacy patches\n      * Various platform patches for better permissions controls\n    * BadUSB\n      * Setup global settings option to toggle USB OTG support\n      * Disable all USB devices by default\n    * Allow build options to disable hardware as needed for airgap setups.\n * Remote Attestation\n    * Auditor app integration\n * Two Factor Authentication\n    * Replace proprietary Google Play Services U2F with open/auditable one.\n * Accessibility\n    * Global Dark Mode\n    * One Handed Mode\n * Fluff\n    * Wallpaper/boot animation\n    * Support channel link on home screen\n    * Support flashing from windows for confused people we take pity on\n\n[5]: https://github.com/GrapheneOS\n\n## Devices ##\n\n  | Device      | Codename   | Tested | Verifiable | Secure Boot | Download |\n  |-------------|:----------:|:------:|:----------:|:-----------:|:--------:|\n  | Pixel 3a XL | Bonito     | FALSE  | FALSE      | AVB 2.0     | Soon™    |\n  | Pixel 3a    | Sargo      | FALSE  | FALSE      | AVB 2.0     | Soon™    |\n  | Pixel 3 XL  | Crosshatch | TRUE   | FALSE      | AVB 2.0     | Soon™    |\n  | Pixel 3     | Blueline   | TRUE   | FALSE      | AVB 2.0     | Soon™    |\n  | Pixel 2 XL  | Taimen     | TRUE   | FALSE      | AVB 1.0     | Soon™    |\n  | Pixel 2     | Walleye    | FALSE  | FALSE      | AVB 1.0     | Soon™    |\n  | Pixel XL    | Marlin     | FALSE  | FALSE      | dm-verity   | Soon™    |\n  | Pixel       | Sailfish   | FALSE  | FALSE      | dm-verity   | Soon™    |\n\n  Release hosting is sponsored by [JFrog](https://www.jfrog.com/)\n\n## Install ##\n\n### Requirements ###\n\n * [Android Developer Tools][4]\n\n[4]: https://developer.android.com/studio/releases/platform-tools\n\n### Connect\n\n 1. Go to \"Settings \u003e About Phone\"\n 2. Tap \"Build number\" 7 times.\n 3. Go to \"Settings \u003e System \u003e Advanced \u003e Developer options\"\n 4. Enable \"USB Debugging\"\n 5. Connect to device to laptop via short USB C cable\n 6. Hit \"OK\" on \"Allow USB Debugging?\" prompt on device if present.\n 7. Verify ADB connectivity\n   ```\n   adb devices\n   ```\n   Note: Should return something like: \"7CKY1QD3F       device\"\n\n### Flash\n\n 1. Extract\n\n   ```\n   unzip crosshatch-PQ1A.181205.006-factory-1947dcec.zip\n   cd crosshatch-PQ1A.181205.006\n   ```\n\n 2. [Connect](#Connect)\n 3. Go to \"Settings \u003e System \u003e Advanced \u003e Developer options\"\n 4. Enable \"OEM Unlocking\"\n 5. Unlock the bootloader via ADB\n\n   ```\n   adb reboot bootloader\n   fastboot flashing unlock\n   ```\n   Note: You must manually accept prompt on device.\n\n 6. Flash new factory images\n\n   ```\n   ./flash-all.sh\n  ```\n\n### Harden\n\n 1. [Connect](#Connect)\n 2. Lock the bootloader\n   ```\n   adb reboot bootloader\n   fastboot flashing lock\n   ```\n 3. Go to \"Settings \u003e About Phone\"\n 4. Tap \"Build number\" 7 times.\n 5. Go to \"Settings \u003e System \u003e Advanced \u003e Developer options\"\n 6. Disable \"OEM unlocking\"\n 7. Reboot\n 8. Verify boot message: \"Your device is loading a different operating system\"\n 9. Go to \"Settings \u003e System \u003e Advanced \u003e Developer options\"\n 10. Verify \"OEM unlocking\" is still disabled\n\n#### Notes\n\n  * Failure to run these hardening steps means -anyone- can flash your device.\n  * Past this point if signing keys are lost, all devices are bricked. Backup!\n\n### Update ###\n\n 1. Go to \"Settings \u003e System \u003e Developer options\" and enable \"USB Debugging\"\n 2. Reboot to recovery\n   ```\n   adb reboot recovery\n   ```\n 3. Select \"Apply Update from ADB\"\n 4. Apply Update\n   ```\n   adb sideload crosshatch-ota_update-08050423.zip\n   ```\n 5. Go to \"Settings \u003e System \u003e Developer options\" and disable \"USB Debugging\"\n\n## Building ##\n\n### Requirements ###\n\n * Linux host system\n * Docker\n * x86_64 CPU\n * 10GB+ available memory\n * 350GB+ free disk space\n\n### Generate Signing Keys ###\n\nEach device needs its own set of keys:\n```\nmake DEVICE=crosshatch keys\n```\n\n### Build Factory Image ###\n\nBuild flashable images for desired device:\n```\nmake DEVICE=crosshatch clean build release\n```\n\n## Develop ##\n\n\n### clean ###\n\nDo basic cleaning without deleting cached artifacts/sources:\n```\nmake clean\n```\n\nClean everything but keys\n```\nmake mrproper\n```\n\n### Compare ###\n\nBuild a given device twice from scratch and compare with diffoscope:\n```\nmake compare\n```\n\n### Edit ###\n\nCreate a shell inside the docker environment:\n```\nmake shell\n```\n\n### Patch ###\n\nOutput all untracked changes in android sources to a patchfile:\n```\nmake diff \u003e patches/my-feature.patch\n```\n\n### Release ###\n\n1. Update to latest upstream sources.\n\n  ```\n  make config\n  ```\n\n2. Build all targets impacted by given change\n\n  ```\n  make DEVICE=crosshatch release\n  ```\n\n3. Commit changes to a PR\n4. Author or reviewer manually tests and documents in CHANGELOG\n5. Reviewer security audits local/upstream changes and documents in CHANGELOG\n6. Maintainer does signed merge of changes to master\n7. Maintainer makes signed release tag. (E.g: \"9.0.1_r37-hb37\")\n\n### OTAs ###\n\nIf you'd like to manage you own OTAs with your own signing keys, you can make\nthe following changes:\n\n1. Update `patches/platform/add-updater.patch` and change `os.hashbang.sh` to\n   whatever server you'll be placing these images.\n2. `make DEVICE=\u003cdevice-name\u003e OTA_CHANNEL=stable build release`\n  a. `OTA_CHANNEL` will default to `beta`\n3. Upload files from `build/release/*` to your server.\n4. Your server should be configured to have wherever you OTAs are being shipped\n   to as part of the root directory. SSL is highly recommended.\n\n#### Notes\n\n* Release process does not yet include OTA updates or binary hosting.\n* Volunteers needed! Join #!os on irc.hashbang.sh/6697 to help.\n\n\n## Questions ##\n\n### Who is this project for?\n\nIndividuals that desire a device that favors privacy and security over easy\naccess to proprietary software and services.\n\n### Wait can I not run -Insert-App-Here-\n\nYou technically can download/install most apps in the Play store but we of\ncourse can't recommend that. Some apps that have a hard requirement on Google\nPlay Services can be tricked with [MicroG][mg] but this increases attack\nsurface and though it will probably work in many cases, this is not supported\nor recommended.\n\nYalp store is an open source browser for Google Play Store and is available\non F-Droid.\n\nAlso see \"Alternatives\" below to find alternatives for popular apps.\n\n### Why is -Insert-Device-Here- not supported?\n\nMost vendors don't release sources and tooling to reproduce their builds or do\nso with substantial delays. Many vendors even disable critical security\nfeatures they don't understand and allow various Supply Chain Attacks. These\nare a headache to reverse engineer, test, audit, patch, and generally maintain.\n\nUnless a vendor decides to produce source repos with at least the quality of\nAOSP we will only support AOSP supported devices which today means the Pixel\nseries of mobile handsets.\n\nPixel devices start at $100-200 and we will try to maintain support for at\nleast one device at this price point to keep the project accessible.\n\n### Why not use LineageOS, AOKP, or insert-project-here?\n\nAs of the time of this writing most popular ROMs are virtually unusable\nwithout Google Play Services and the proprietary parts of android. They also\ntend to make changes that make taking upstream source code time consuming thus\noften delaying security updates.\n\nSecondly virtually all roms sign using \"test\" keys, leaving all of them\nvulnerable to Evil Maid Attacks and thus worse-off security wise than stock\nAndroid.\n\nThird, builds are almost never easily reproducible if at all meaning that a\nsingle coerced maintainer could slip in a subtle flaw without very little\nchance of detection\n\nLastly, they almost all source binaries from sketchy locations like the\ninfamous \"[TheMuppets][tm]\" repo which an unknown number of people have push\naccess to. This sort of activity acts as a security SPOF for popular roms.\n\n### Why should anyone trust this project?\n\nTrust, but Verify. While we may be upstanding people today, we might be\ncoerced tomorrow by a state actor that wants access to the device in your\npocket. You can run our reproducible build systems yourself and sound the\nalarm if the builds we produce don't line up with the published source code.\n\nThe more people that verify, the less reason a bad actor has to try to attack\nmaintainers. Maintaining a system that requires zero trust on the maintainers\nis a core part of our plan to be resistant to Australia-style strongarm\nbackdoor requests.\n\n[tm]: https://github.com/TheMuppets\n\n## Alternatives ##\n\nGiving up Google Play services and stock proprietary applications is a big ask\nfor a lot of people that have grown to rely on particular apps for their\nlifestyle.\n\nTo address this consider looking at some of the below alternatives for popular\napplications.\n\nSome things won't have alternatives and in those cases you will have to decide\nto sideload a specific proprietary APK via Yalp Store or live without that app.\n\nYou may also find popular travel apps like Kayak, Uber ans Lyft have very\nusable mobile webapps you can pin to your desktop for a similar experience to a\nnative app.\n\n| App      | Alternative(s)   | Notes                                  |\n|:--------:|:----------------:|:---------------------------------------|\n| Chrome   | Chromium, OrFox  | Chromium is built-in to #!os           |\n| Play     | F-Droid, Yalp    | F-Droid is built-in to #!oa            |\n| GMail    | K9Mail           |                                        |\n| Drive    | Nextcloud        |                                        |\n| Music    | D-Sub            | Will need a Subsonic capable server    |\n| Maps     | OsmAnd~          |                                        |\n| Auth.    | Yubico Auth.     |                                        |\n| Hangouts | Weechat, Riot.im |                                        |\n| Voice    | Ring             |                                        |\n| Youtube  | NewPipe, SkyTube |                                        |\n\n## Notes ##\n\nUse at your own risk. You might be eaten by a grue.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhashbang%2Fos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhashbang%2Fos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhashbang%2Fos/lists"}