On Ubuntu 20.04 I cannot find bsdtar in the apt sources:

Package bsdtar is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
  libarchive-tools:i386 libarchive-tools

E: Package 'bsdtar' has no installation candidate

I installed libarchive-tools which included bsdtar, and everything else worked!

The GrapheneOS instructions do not indicate this for win10. This is something that should be listed in the installation instructions.

The link to access to the most current Google USB driver can be found here:
https://developer.android.com/studio/run/win-usb

(The current linked install version is directly accessed here, but this will change over time)
https://dl.google.com/android/repository/usb_driver_r13-windows.zip

It would be nice for privacy focused donors if there were a Monero/XMR address in addition to the BTC address.
thanks

Hi.

I'd like to propose BTCPay Server for donation purposes instead of static donation address. Address reuse is terrible from privacy perspective.

See: https://en.bitcoin.it/wiki/Address_reuse and https://www.ministryofnodes.com.au/2019/12/14/bitcoin-static-donation-addresses-suck/

BTCPay Server is self-hosted, open-source, self-validating gateway. No private keys are stored on the server. It's highly appreciated project in Bitcoin community, focused on privacy and security of its users.

See: https://btcpayserver.org/

BTCPay Server offers much more, it's Tor v3, Native SegWit (bc1q address type with much lower fees) and Lightning Network enabled.

There is also an option for crowfunding app. For example see The Tor Project Crowfunding

I think BTCPay Server fits GrapheneOS ethos and the project could expect much more support with BTCPay Server enabled donations. GrapheneOS is highly recommended by well-listened Bitcoiners and cypherpunks like Jameson Lopp or the Samourai Wallet project.

The installation page states that the fastboot tool must be at least version 28.0.0, and notes that this can be checked by running fastboot --version. However, on Ubuntu, running fastboot --version prints the following:

fastboot version 1:8.1.0+r23-5~18.04
Installed as /usr/lib/android-sdk/platform-tools/fastboot

It is not immediately obvious how this version number compares with version 28.0.0. As such, the page should be updated to include instructions on how to check the version number.

As GrapheneOS users are generally privacy / security focused it would make sense to have a .onion mirror of the site that can be accessed via Tor.

The system camera does not seem to write GPS information. No GPS coordinates appear in the photo info

When running ./flash-all.bat from https://releases.grapheneos.org/crosshatch-factory-2020.04.14.23.zip
on Windows 10 PS with connected Pixel 3 XL...

The documentation https://grapheneos.org/install
says:

Wait for the flashing process to complete and for the device to boot up using the new operating system.

At the end of the running ./flash-all.bat the phone stays on the fastbootd screen. I can reboot from there. It is just that the current documentation suggests a different expected state.

Note : issue #97 which might be the cause of the different end-state.

Please correct / clarify documentation such users can be more confident they are still on the right track.

There are some applications that do not respond well to Network Permission being denied.

GrapheneOS throws a SecurityException and apps are not catching it and ultimately crash. I've logged issues in two apps I use so far:

• standardnotes/mobile#491
• osmandapp/OsmAnd#12841

I can potentially see this being bounced around as "not our problem" from both the app and GrapheneOS side. The only guidance I see on the grapheneos.org site is https://grapheneos.org/faq#firewall:

GrapheneOS adds a user-facing Network permission toggle providing a robust way to deny both direct and indirect network access to applications. It builds upon the standard non-user-facing INTERNET permission, so it's already fully adopted by the app ecosystem. Revoking the permission denies indirect access via OS components and apps enforcing the INTERNET permission, such as DownloadManager. Direct access is denied by blocking low-level network socket access.

Can the GrapheneOS team supplement this text with some minimal guidance for app developers to give those of us logging issues against them direction in how to resolve?

Under the section "Does GrapheneOS provide a firewall?"

The second sentence reads:
"The GrapheneOS project historically made various improvements to the firewall but over time most of these changes were been integrated upstream or became irrelevant."

I believe it should be changed to either:
"...most of these changes were integrated upstream" or,
"...most of these changes have been integrated upstream"

Add a link to the Camera app issue tracker in this section of the official website:

https://grapheneos.org/contact#reporting-issues

Hi, I just wanted to suggest creating a 'Benefits or features' tab on the grapheneos.org. website. What I mean by this, is that as a new comer to this space and hearing about Graphene OS (thru Bucephalus Dev) is that I understand graphene is a 'privacy focused' OS, but what exactly does that mean? For example when desiring to get a VPN one can find the benefits or features a VPN i.e like the ones mentioned below.
(source https://manofmany.com/lifestyle/advice/benefits-of-using-a-vpn-virtual-private-network)

"1. Protected File Sharing
With a VPN at your disposal, you and others can share files over extended periods of time without having to worry about the data being stolen or exposed.

2. Remote Access
   Because a VPN is an actual network, you can access it remotely. This makes it a great resource for companies, in particular, allowing employees to work from outside the office. No matter where you are, your data and information stay protected as long as you’re using the VPN.

3. Anonymity
   Anonymity is either one of the Internet’s greatest tenets or one of its greatest problems, depending on who you ask. However, the fact remains that when your identity is exposed, someone or something will come along to exploit you and your data. Furthermore, there are certain online activities that we simply don’t want to be traced back to us (we’ll leave the specifics to your imagination)."

Etc.......

Going through the grapheneOS website was informative, however, I am still trying to process the specific benefits of having this OS. Furthermore, I believe having a 'benefits or features' tab would also encourage more user adoption from individuals that are in the odd space between knowing what Github and programming is, used it once or twice, but not an expert on using these tools. In other words, people who know enough to be dangerous but are not full developers.

Best,

Is it suppose to say Even if the community was prepared to take over maintenance of the open source code and to replace the rest, firmware would present a major issue, and the community has never been active or interested enough in in device support to consider attempting this?
Specifically the two consecutive ins. It is at the very least not syntax I'm familiar with.

Some typos (sorry for not creating a pull request directly):

• https://grapheneos.org/releases
  • have a internal signature -> have an internal signature
• https://grapheneos.org/install/web
  • performing verification against between -> performing verification again between
  • The developer option Enable OEM unlocking is actually called OEM unlocking on my Pixel 5 with up-to-date GOS.
• https://grapheneos.org/install/cli
  • performing verification against between -> performing verification again between
  • The developer option Enable OEM unlocking is actually called OEM unlocking on my Pixel 5 with up-to-date GOS.

People seem to get confused about the phrasing "Sandboxed Play Services"

Mi,
the update process deleted FairEmail app from my device and cannot be installed again from F-Froid repository.
Unknown error during installation process.

All this since the latest update.
RP1A.200720.009.2020.09.25.00

There are some lint checks in AOSP such as https://android.googlesource.com/platform/tools/base/+/refs/heads/mirror-goog-studio-master-dev/lint/libs/lint-checks/src/main/java/com/android/tools/lint/checks/UnsafeBroadcastReceiverDetector.java related to security, so might be good to figure out how to use them for development and document it on the site

How to install Google Play Services (sandboxed) with Graphene OS

This document describes how to install the 'very nicely' sandboxed google play services for temermental things like Microsoft apps, etc. that seem to want to work with only 'google play services'. Most of this comes directly from graphene os faq

Step 1: Install com.google.android.gsf

Simply click on this link in your browser, and download the apk file. Choose 'install' from your browser.

Step 2: Install com.google.android.gms

This installs the gms apk. Same as directions above

Step 3: (somewhat longer) Download SAI split bundle installer

Once you have downloaded this, I like to 'clear out' my download directory before continuting using the file manager. This makes it easier for the 'next' step where we download the 5 bundled apk's and install them as our final step of the 'install' piece.

Step 4: Download and install com.android.vending bundle

Save all 5 files but DON't install them. The utility we downloaded in step 3 will do this.

Step 5: Run the SAI split bundle installer

• Choose -install apk's
• Choose 'internal file picker'
• Choose 'downloads' directory where you downloaded the 5 apk files
• Tick the 5 files in the downloaded directory, hit the 'select button'
• Tick all boxes in the next screen and press 'install'

It will take a while for everthing to install. While its not necessary, I found a 'reboot' after everything was done seemed to clear up my issues. Once that is done you can either use the aurora to install problematic apps, or use play services (I signed in, its supposed to be optional). If you use play services, you will have to look at 'limitations' section of the guide mentioned earlier. Play won't properly detect installs. I just stop it and the utility seems to work. Finally don't update play services with aurora or things will get ugly.

Step 6: Enable battery optimization exception (optional)

• Go to "system settings"
• Apps and notifications
• show all apps (look for google play services)
• advanced, then battery, (click on it less than obvious!), click on 'battery optimization', then 'all apps' then 'google play services' and finally "Don't optimize".

https://freenode.logbot.info/grapheneos/20200730#c4574572

Sprint is not supported by GrapheneOS as they require crap installed

https://freenode.logbot.info/grapheneos/20200726#c4521223

Sprint requires some pretty invasive stuff on the phone in order for it to work en.m.wikipedia.org/wiki/OMA_Device_Management

T-Mobile and MVNOs on their network just seem to be the best value all around and they have great coverage for the most part

I understand that the Pixel 4a has support, but what about the 5G variant? Is that supported too, or are there any details about planned support yet?

Hi,
I have GrapehenOS installed on a Pixel 3a XL and works good without a SIM.

• I have 3 new Ukranian SIM cards, all of them work on iPhones with latest iOS and Huwawi Android phone.
• I have 2 other countries SIM cards that work with Graphene on the Pixel 3a XL.

When inserting the Ukranian SIM cards to the Pixel, the Graphene recognizes the carrier, but there is no network Signal. I tried to choose Network manually and i shows all Ukranian Carriers as option, but even if I choose the relevant network, it does not get network signal for calls.

Is there anything I can do resolve it, or somehow provide you information to help resolve it? I would like to use the phone in ANY country that I am in.

Thanks

would be great to have an official list on the GrapheneOS website that lists GrapheneOS vendors who support the project. this would help current or prospective GrapheneOS users navigate the market, given the assumption that users will buy a device to run GrapheneOS and some folks (especially companies) will want to purchase devices with GrapheneOS pre-installed.

i could imagine/guess this might include:

• Nitrophone
• Ncryptcellular
• ?

could be used to highlight what vendors financially support the project (so if you purchase from them, that is also financially supporting the project). doesn't need to be structured similarly but here is example from Qubes OS for potential inspiration.

this would also help such users avoid vendors that doesn't support the project or are malicious in some way.

There's a proper implementation of this in the CSS via flexbox using margin-top: auto, but it cannot currently be enabled because flexbox completely screws up how overflow is handled. The page doesn't properly shrink horizontally and the pre tags, etc. prevent the content from shrinking smaller. Switching pre to using wrapping instead of scrolling partially resolves this, but that isn't desired, and it just makes things slightly less bad with the issue still occurring when shrinking even further.

I'm not familiar with Signify but I tried the following to verify if the .zip factory image signature matched.

signify -V -x sargo-factory-2021.02.07.17.zip.sig -p factory.pub -m sargo-factory-2021.02.07.17.zip

The output I get back is:
signify: signature verification failed

I also tried the short form as .sig is in the same directory as the .zip

signify -V -p factory.pub –m sergo-factory-2021.02.07.17.zip

The output I get back is:
signify: signature verification failed

However following the CLI guide command:

signify -Cqp factory.pub -x sargo-factory-2021.02.07.17.zip.sig && echo verified

works and output
verified

but it looks like from the command that is just checking the signature file against the public key and not the factory image but I could be totally wrong. I have never used signify before only GPG. I consulted the https://man.openbsd.org/signify.1 manual and would assume that the above verifications should work to prove they were signed?

I am unsure of what I am doing wrong.

Right now all we have is on and off. Also the IP ranges are spawning differently every time when timeout on no activity is enabled.
This is a problem is the phone serves as the main gateway and there are servers behind it that need to be addressed.

It would be appreciated if we could control the DHCP Settings and possibly even get a MAC Filter, maximum Device limiter. Simply more advanced router stuff you name it.

Thanks

We are using the WebUSB based installer here https://grapheneos.org/install/web to install GrapheneOS on a Pixel 5. This is being installed from Ubuntu 20.04.3 using Chrome v93.0.4577.63.

Following the instructions on that page work up until the point when we click on the "Download Release" button. Upon clicking the download button an error message appears below it saying "Error: undefined".

Opening up the browser console reveals a javascript error as per the screen shot when attempting to download the release file.

The key error line is;

GET http://releases.grapheneos.org/redfin-factory-2021082501.zip net::ERR_FAILED 200

By beautifying the packed javascript file web-install.js it shows the execution point where error occurs.

The title says it all.

Writing one/two instead of one / two is common practice, and is also more readable if the alternatives one and two consist of only one word.

This issue is to track this upstream problem, which has been reported to them.

Following https://grapheneos.org/faq#install the web-OS link doesn't work properly. The error says:

_Page not found

Page not found on the web server. If you think this is a mistake, please report an issue._

See: https://grapheneos.org/install-web (25.01.2020//11:33)

I want more access to these reports than https://report-uri.com provides.

When running ./flash-all.bat from https://releases.grapheneos.org/crosshatch-factory-2020.04.14.23.zip
on Windows 10 PS with connected Pixel 3 XL I get:

...
Erasing 'userdata'                                 OKAY [  8.092s]
Erase successful, but not automatically formatting.
File system type raw not supported.
Erasing 'metadata'                                 OKAY [  0.009s]
Erase successful, but not automatically formatting.
File system type raw not supported.
Finished. Total time: 95.348s

Based on current documentation https://grapheneos.org/install it is unclear whether this not automatically formatting is expected behavior.

Please clarify for ease of mind of users.

Hi,

There is an interesting discussion going on on reddit about the privacy aspects of the sandboxed play services. It would be nice if you could answer some of the questions, since a lot of people seem to be interested in that topic. I guess that some people relying on play services even consider switching to GrapheneOS from stock or other custom ROMs, so this is a great opportunity to make GrapheneOS more popular.

The documentation of GrapheneOS is pretty good, but I think this part could use some elaboration to make things more clear for users. Especially the case when someone relies on play services for some apps, but does not want to have a separate user profile, since switching between profiles back and forth is cumbersome, media stops playing etc. And how this compares to MicroG and I mean not only from a security perspective, but from a privacy perspective. So what data is being sent to Google, and steps taken to minimize this. Also if there is/could be some kind of firewall, to select which apps are allowed to see and communicate with play services and vice versa, aside from separate user profiles.

Additionally it would be good to know what is known to work and what not, like FIDO2 keys as an example, which arguable are important for security minded people.

Thanks and best regards
PhysicsIsAwesome

Project could self-host a non-custodial bitcoin/lightning wallet without keys held on the server using vault on hardware wallets (i.e. trezor, digitalbitbox and etc.)

https://btcpayserver.org/

Using lightning network to receive donations will reduce donor transaction fees significantly and allow for instantaneous tranfer of bitcoins also.

I like to use GrapheneOS on my Samsung J710F

GrapheneOS will work on Google Pixel4a phone?