• Edited

GrapheneOS
I was here:

[(https://grapheneos.org/install/cli)]

And read this ...

The current public key is signed with the previous signify key. If you already have the previous signify public key (factory.pub) and want to verify the new key with it:

curl -O https://releases.grapheneos.org/allowed_signers.sig
signify -V -m allowed_signers -x allowed_signers.sig -p factory.pub

When the current signing key is replaced, the new key will be signed with it.

    kd4e As @boldsuck mentioned, they're essentially the same chat rooms whether you use Discord, Matrix, Telegram or IRC due to the bridge. We support multiple chat platforms officially since if we don't people are still going to make communities on each of them, which would end up filled with misinformation and malicious people trying to harm GrapheneOS. By making rooms on each major platform ourselves, we avoid that situation. There's also an unofficial group on SimpleX created by some of our moderators created which cannot be official due to technical limitations which may end up being resolved in the next couple years. It was created to replace a previous unofficial group with absolutely no moderation at all which was filled with trolls and misinformation, which is how we get pushed into supporting more chat platforms.

    kd4e This information is only for people who previously used the older instructions with signify and therefore already have the previous signify key which they can use to verify the newer OpenSSH key. The switch to OpenSSH signing was done in February and at some point we can remove the instructions on verifying the key rotation. If you're starting fresh, you have no use for this.

    When I power on the phone while holding the volume Down - on the phone display where it shows Fastboot Mode it also shows ...

    Device State: locked

    In Developer options OEM unlocking is ON.

    I tried turning on USB debugging and USB file transfer ... no Unlock Bootloader Screen in Web Installer.

    Oh, wait, for some reason this doesn't work with Firefox - just remembered that.

    Sigh, OK, I'll have to move to a different computer.

    OK, got to the "Download release" step ...

    Error: undefined

    ???

    I have a good Internet connection.

    • de0u replied to this.

      kd4e OK, got to the "Download release" step ...

      Error: undefined

      That could mean many things. Probably the single most likely thing is an unsupported or out-of-date browser.

      • kd4e replied to this.

        de0u

        Chromium Version 125.0.6422.141 Official Build Built on Debian 12.5 Running on Debian 12.5 (64 bit)

        Latest version of MX Linux 23.3 and I just ran an update to be sure of everything.

        • de0u replied to this.

          kd4e Latest version of MX Linux 23.3 and I just ran an update to be sure of everything.

          It is possible that MX Linux is not on the GrapheneOS list of supported install platforms because something goes wrong with the web installer.

          • kd4e replied to this.
            • Edited

            de0u

            Chromium is OS sensitive?

            I thought Chromium was essentially self-contained.

            Why would it be able to do 'Unlock bootloader' (communicate with the phone) but not 'Download release' (communicate with the Internet)?

            'Download release' would seem a generic browser activity.

            I just tried and no problem downloading a .wav file from the Internet.

            Could I manually download the 'release' then 'flash' it?

            Oh, wait, that would loop me back to the OpenSSH signing problem ... sigh.

            • de0u replied to this.

              kd4e Chromium is OS sensitive?

              I thought Chromium was essentially self-contained.

              Unfortunately, many things have the ability to break other things. After a problem has been solved it may seem obvious in retrospect that what went wrong could have gone wrong.

              kd4e Why would it be able to do 'Unlock bootloader' (communicate with the phone) but not 'Download release' (communicate with the Internet)?

              'Download release' would seem a generic browser activity.

              I just tried and no problem downloading a .wav file from the Internet.

              What the installer does is not the same thing as when the browser downloads a file to store in the file system for you to use later. It is fetching the contents across the Internet, storing it in a special temporary file, and then sending the contents of the file over WebUSB.

              kd4e I just tried and no problem downloading a .wav file from the Internet.

              Maybe the problem is insufficient temporary space, which is something various Linux distributions configure differently.

                de0u

                OK, reconfigured things and now have a new error ...

                "Error: Failed to execute 'open' on 'USBDevice': Access denied."

                  kd4e

                  Note: It did correctly identify the phone as a Pixel 7a and the matching the Lynx version of the image.

                  OK, after reconfiguring the laptop setup some more it all finally worked.

                  Just need to swap the sim card and will be all working fine.

                  Thanks for the help!

                  2 months later
                  • Edited

                  Scott I always get the error Could not verify signature on macOS.

                  Here is my recent experience on Sonoma (14.5). I created a new empty directory and did this:

                  % curl -O https://releases.grapheneos.org/allowed_signers
                  [...]
                  
                  % curl -O https://releases.grapheneos.org/bluejay-factory-2024071600.zip.sig
                  [...]
                  
                  % curl -O https://releases.grapheneos.org/bluejay-factory-2024071600.zip
                  [...]
                  
                  % ssh-keygen -Y verify -f allowed_signers -I contact@grapheneos.org -n "factory images" -s *.zip.sig < *.zip
                  Good "factory images" signature for contact@grapheneos.org with ED25519 key SHA256:AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM

                  If you are still getting signature failures from ssh-keygen, can you indicate exactly which commands you are issuing?

                    de0u If you are still getting signature failures from ssh-keygen, can you indicate exactly which commands you are issuing?

                    When I copy+paste your commands it works. Thanks