🆕 Software Suggestion | DivestOS #2041

New Issue

2020-09-01T14:45:15Z

SkewedZeppelin commented

2020-09-01 14:45:15 +00:00

(Migrated from github.com)

Basic Information

Name: DivestOS
Category: Android Operating Systems
URL: https://divestos.org, https://github.com/divested-mobile, https://forum.f-droid.org/t/divestos-an-aftermarket-system/10105

Description

DivestOS is a soft fork of LineageOS. It aims to support both old and new devices. Standout features are automated kernel CVE patching, proprietary blob removal, delta OTA updates, signed releases, verified boot, and a realtime malware scanner.

Why I am making the suggestion

It brings to the tables features that no other ROM does.
eg. automated kernel CVE patching, automated proprietary blob removal, OTA delta updates with Tor support, etc.

My connection with the software

I am the author.

I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

## Basic Information **Name:** DivestOS **Category:** Android Operating Systems **URL:** https://divestos.org, https://github.com/divested-mobile, https://forum.f-droid.org/t/divestos-an-aftermarket-system/10105 ## Description DivestOS is a soft fork of LineageOS. It aims to support both old and new devices. Standout features are automated kernel CVE patching, proprietary blob removal, delta OTA updates, signed releases, verified boot, and a realtime malware scanner. ## Why I am making the suggestion It brings to the tables features that no other ROM does. eg. automated kernel CVE patching, automated proprietary blob removal, OTA delta updates with Tor support, etc. ## My connection with the software I am the author. - [X] I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

👍 4 😆 1

ph00lt0 commented

2020-09-01 16:50:04 +00:00

(Migrated from github.com)

@SkewedZeppelin is it possible to relock the bootloader in the os after installation? Personally I think this is very important but lacking in most custom ROMS? I am very interested why this is not been implemented by Lineage-OS as from my understanding this improves the security of the device.

👍 1

SkewedZeppelin commented

2020-09-01 16:57:24 +00:00

(Migrated from github.com)

@ph00lt0

is it possible to relock the bootloader in the os after installation?

Yes, DivestOS properly signs builds allowing bootloader relocking on supported devices.
See:
https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L143
and
https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Copy_Keys.sh

@ph00lt0 > is it possible to relock the bootloader in the os after installation? Yes, DivestOS properly signs builds allowing bootloader relocking on supported devices. See: https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L143 and https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Copy_Keys.sh

🎉 1

ghost commented

2020-09-10 11:36:57 +00:00

(Migrated from github.com)

Does it support autobuilds?

SkewedZeppelin commented

2020-09-10 11:39:50 +00:00

(Migrated from github.com)

Autobuilds? Can you elaborate/clarify?

On Thu, 2020-09-10 at 04:37 -0700, ZarusMods wrote:

Does it support autobuilds?

Autobuilds? Can you elaborate/clarify? On Thu, 2020-09-10 at 04:37 -0700, ZarusMods wrote: > Does it support autobuilds? >

ghost commented

2020-09-10 11:45:52 +00:00

(Migrated from github.com)

On original LineageOS with every commits for day, automatically building rom.

SkewedZeppelin commented

2020-09-10 11:48:35 +00:00

(Migrated from github.com)

@ZarusMods
There are no nightlies.
Per the site:

Releases are typically done on a monthly schedule unless there are major or security related changes.

@ZarusMods There are no nightlies. Per the site: > Releases are typically done on a monthly schedule unless there are major or security related changes.

ghost commented

2020-09-10 11:49:01 +00:00

(Migrated from github.com)

Only when major update, user building it self

ghost commented

2020-09-10 11:49:24 +00:00

(Migrated from github.com)

@ZarusMods
There are no nightlies.
Per the site:

Releases are typically done on a monthly schedule unless there are major or security related changes.

Oh thanks for clarifying

> @ZarusMods > There are no nightlies. > Per the site: > > > Releases are typically done on a monthly schedule unless there are major or security related changes. Oh thanks for clarifying

lunkhub commented

2020-09-11 15:22:23 +00:00

(Migrated from github.com)

My connection: User/Tester. My Euro's worth:

If GrapheneOS is listed, then DivestOS should be listed too, at least under "Worth Mentioning" for older devices not supported by GrapheneOS.

Plus:

In contrast to GrapheneOS and some others, there are no signs the DivestOS developer is involved in legal disputes or wastes much time battling on social media or other sites.
DivestOS supports several older devices, including some with removable batteries or sd cards. It works as a daily driver for some devices.
Few default apps are installed. Realtime malware scanner (hypatia) is an add-on app, at least for some devices if not all.
Developer has been working on this or related projects a long time, since ~2013-2015'ish or so.

Neutral:

Developer uses at least a couple aliases. But who doesn't.
Appears to be a part-time effort. Developer is sometimes responsive, sometimes not. But what OS didn't start small.
Based in USA.

Minus:

Several supported devices are not tested by the developer, but this is similar to other OS projects, and device status (Works, Untested, Broken) is shown and updated, with details on functionality also given.
Uses github (negative, but so does PTIO and many more). Also uses gitlab (positive +/-).
Has some out of date or inconsistent info' on the website, but who doesn't. Privacy Policy page refers to Stripe for ROM download payments, but About page asks for donations, for example.
It has bugs, but what OS doesn't.
No independent audits. Uncertainty who is really behind it, or whether they can be trusted. But isn't that almost always the case.

My connection: User/Tester. My Euro's worth: If GrapheneOS is listed, then DivestOS should be listed too, at least under "Worth Mentioning" for older devices not supported by GrapheneOS. Plus: - In contrast to GrapheneOS and some others, there are no signs the DivestOS developer is involved in legal disputes or wastes much time battling on social media or other sites. - DivestOS supports several older devices, including some with removable batteries or sd cards. It works as a daily driver for some devices. - Few default apps are installed. Realtime malware scanner (hypatia) is an add-on app, at least for some devices if not all. - Developer has been working on this or related projects a long time, since ~2013-2015'ish or so. Neutral: - Developer uses at least a couple aliases. But who doesn't. - Appears to be a part-time effort. Developer is sometimes responsive, sometimes not. But what OS didn't start small. - Based in USA. Minus: - Several supported devices are not tested by the developer, but this is similar to other OS projects, and device status (Works, Untested, Broken) is shown and updated, with details on functionality also given. - Uses github (negative, but so does PTIO and many more). Also uses gitlab (positive +/-). - Has some out of date or inconsistent info' on the website, but who doesn't. Privacy Policy page refers to Stripe for ROM download payments, but About page asks for donations, for example. - It has bugs, but what OS doesn't. - No independent audits. Uncertainty who is really behind it, or whether they can be trusted. But isn't that almost always the case.

👍 1 🚀 1

fabianski7 commented

2020-09-17 16:03:47 +00:00

(Migrated from github.com)

some xda roms have the option to disable internet access for apps individually, natively through the android settings, without having to use any application like afwall. Is it possible to do this at DivestOS?

SkewedZeppelin commented

2020-09-17 16:09:40 +00:00

(Migrated from github.com)

@fabianski7 yes, that is a standard LineageOS feature.

Screenshot

@fabianski7 yes, that is a standard LineageOS feature. <details> <summary>Screenshot</summary> ![network_toggles](https://user-images.githubusercontent.com/8296104/93497497-0193c880-f900-11ea-9fb6-a5ee65d4bc47.png) </details>

🚀 1

CactiChameleon9 commented

2020-10-25 18:31:38 +00:00

(Migrated from github.com)

Sorry to interrupt... but I have a question. Does DivestOS ping a google owned address to check internet connectivity like Lineage, or has that been changed with your build? (If so that is another reason to prefer over lineage - at least for me)

SkewedZeppelin commented

2020-10-25 19:34:28 +00:00

(Migrated from github.com)

@CactiChameleon9

Does DivestOS ping a google owned address to check internet connectivity

Yes, DivestOS does not change the default connectivity check URLs.
There is good reason not to.
GrapheneOS has a detailed explanation about this here.
https://grapheneos.org/faq#default-connections

However DivestOS 14.1 and 15.1 do include a patch from @MSe1969 that allows easily disable the check from the Settings app.
And on 11.0, 16.0, and 17.1 you can disable the check via ADB.

See also
https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Misc/Features/CaptivePortalCheck.txt
and
https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Patches/LineageOS-16.0/android_frameworks_base/0005-Connectivity.patch

@CactiChameleon9 > Does DivestOS ping a google owned address to check internet connectivity Yes, DivestOS does not change the default connectivity check URLs. There is good reason not to. GrapheneOS has a detailed explanation about this here. https://grapheneos.org/faq#default-connections However DivestOS 14.1 and 15.1 do include a patch from @MSe1969 that allows easily disable the check from the Settings app. And on 11.0, 16.0, and 17.1 you can disable the check via ADB. See also https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Misc/Features/CaptivePortalCheck.txt and https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Patches/LineageOS-16.0/android_frameworks_base/0005-Connectivity.patch

CactiChameleon9 commented

2020-10-25 19:52:07 +00:00

(Migrated from github.com)

OK, thanks. The reasons given makes sense - anonymity is important. Thanks for the info on your decisions with that choice, and the related files. I really like the idea of using one at random - however I agree may be ethical/permission issues to doing so. Sorry for hijacking this issue a but I was intrigued. I may switch my phone over to your OS due to your clear consideration of privacy issues just shown now (and because of your fun reply on fdroid fourms to another similar project). Sorry and Thanks again.

ph00lt0 commented

2021-06-21 21:35:28 +00:00

(Migrated from github.com)

@CactiChameleon9 late reply, but if you want to alter the ping domain you can fairly easy do so with some adb commands.

adb shell settings put global captive_portal_http_url URL
adb shell settings put global captive_portal_https_url URL
adb shell settings put global captive_portal_fallback_url URL
adb shell settings put global captive_portal_other_fallback_urls URL

or disable it all together:

adb shell settings put global captive_portal_detection_enabled 0
adb shell settings put global captive_portal_mode 0

@CactiChameleon9 late reply, but if you want to alter the ping domain you can fairly easy do so with some adb commands. ``` adb shell settings put global captive_portal_http_url URL adb shell settings put global captive_portal_https_url URL adb shell settings put global captive_portal_fallback_url URL adb shell settings put global captive_portal_other_fallback_urls URL ``` or disable it all together: ``` adb shell settings put global captive_portal_detection_enabled 0 adb shell settings put global captive_portal_mode 0 ```

👍 2

This repo is archived. You cannot comment on issues.