I had problems but got adb
and fastboot
to work, including a successful GrapheneOS install.
adb
and fastboot
are needed for installing custom operating systems and bootloaders on Android phones.
On Linux, you need to have the executables, but also udev rules, which allow you to connect to a phone without root.
NOTE: This increases your attack surface! So I will add a guide on how to disable it at the end.
To use the rules, your user needs to be in the plugdev
group:
# add group when needed
sudo groupadd plugdev
# add user to group
sudo usermod -aG plugdev $USER
Install to system
The easy way, assuming fastboot is not broken (which it was for me), you can get adb
, fastboot
and the needed udev rules like this
# on traditional Fedora
sudo dnf install -y android-tools
# or on Atomic Desktops
rpm-ostree install android-tools
For whatever reason the udev rules are not active, even after installing the package. You need to link them to the correct location:
sudo ln -s /usr/share/doc/android-tools/51-android.rules /etc/udev/rules.d
Without installing to system
If
- A: the fedora packages are broken for you, like it at least was the case with fastboot, or
- B: you want to avoid installing stuff to your system
you can get the binaries from Google and the android udev rules from this external Github repo.
cd ~/.local/bin
# download the Google binary archive, enforce TLSv1.2
curl -O --proto '=https' --tlsv1.2 https://dl.google.com/android/repository/platform-tools_r35.0.0-linux.zip
# verify the checksum
echo '62fc977c1b7622ef8dbd6fe1312987d9b139aa8a0b06e88573c1b60129399d49 platform-tools_r35.0.0-linux.zip' | sha256sum -c
unzip platform-tools_r35.0.0-linux.zip
# move the binaries one dir up and remove the directory
mv platform-tools_r35.0.0-linux/* . && rm platform-tools_r35.0.0-linux
# remove the archive
rm platform-tools_r35.0.0-linux.zip
uBlue has a fork of the “android udev rules” Github project, which I would use for additional trust. But please make sure it is safe anyways.
# install the udev rules to the system
curl -fsSL https://raw.githubusercontent.com/ublue-os/android-udev-rules/main/51-android.rules | sudo tee /etc/udev/rules.d/51-android.rules
# reload the udev rules
sudo udevadm control --reload
Now you should be able to use the binaries from Google directly, make sure ~/.local/bin
is in your $PATH
!
cat ~/.bashrc | grep .local/bin
#or when using fish shell
cat ~/.config/fish/config.fish | grep .local/bin
#or when using zsh shell
cat ~/.zshrc | grep .local/bin
If this is empty, add it to your path
echo "PATH=$PATH:$HOME/.local/bin" >> ~/.bashrc
#or when using fish shell
fish_add_path -m ~/.local/bin
#or when using zsh
echo "PATH=$PATH:$HOME/.local/bin" >> ~/.zshrc
If this is not set, or if you dont want to change the PATH, you can run the binaries directly.
# instead of
adb dosomething
# you use
~/.local/bin/adb dosomething
Disabling the rules again
An easier way of having usev rules ready, but not active, is simply to rename them.
# rename rule to disabled
sudo mv /etc/udev/rules.d/51-android.rules /etc/udev/rules.d/51-android.rules.disabled
sudo udevadm control --reload
To activate them again
sudo mv /etc/udev/rules.d/51-android.rules.disabled /etc/udev/rules.d/51-android.rules
sudo udevadm control --reload
sudo usermod -aG plugdev $USER
harden the adb service
The adb service can be ran as a dedicated user for improved security, thanks @vgaetera
sudo rm -f /etc/udev/rules.d/51-android.rules
sudo sed -r -e '/^(#|$)/d
s/\sTAG\+=\S+,\sENV\S+=\S+$/ GROUP="plugdev"/' \
/usr/share/doc/android-tools/51-android.rules \
| sudo tee /etc/udev/rules.d/51-android.rules > /dev/null
sudo groupadd -r plugdev
sudo useradd -r -g plugdev -d /var/lib/adb -s $(type -P nologin) adb
sudo chown -R adb:plugdev /var/lib/adb
sudo mkdir -p /etc/systemd/system/adb.service.d
sudo tee /etc/systemd/system/adb.service.d/override.conf << EOF > /dev/null
[Service]
User=adb
Environment=
EOF
sudo systemctl daemon-reload
sudo systemctl --now enable adb.service
this belongs to the set of “wheel-less” things that need manual config