Magisk Canary 26.4 (26404) (65207f96) breaks move AdGuard certificate to system

[innit86]

After updating Magisk Canary from 26.4 (26403) (d7750b72) to 26.4 (26404) (65207f96) AdGuard certificate disappeared from the system store. Reinstalling the certificate and reflashing the latest magisk module didn't help.

• MODDIR=/data/adb/modules/adguardcert
• AG_CERT_HASH=0f4ed297
• • readIFS=. -r
    left right
• read -r left right
• sort -nr
• ls /data/misc/user/0/cacerts-added/0f4ed297.0
• echo 0 /data/misc/user/0/cacerts-added/0f4ed297.0
• read -r left right
• echo /data/misc/user/0/cacerts-added/0f4ed297.0
• AG_CERT_FILE=/data/misc/user/0/cacerts-added/0f4ed297.0
• '[' -e /data/misc/user/0/cacerts-added/0f4ed297.0 ]
• rm -f '/data/misc/user//cacerts-removed/0f4ed297.'
• cp -f /data/misc/user/0/cacerts-added/0f4ed297.0 /data/adb/modules/adguardcert/system/etc/security/cacerts/0f4ed297.0
• chown -R 0:0 /data/adb/modules/adguardcert/system/etc/security/cacerts
• set_context /system/etc/security/cacerts /data/adb/modules/adguardcert/system/etc/security/cacerts
• getenforce
• '[' Enforcing '=' Enforcing ]
• default_selinux_context=u:object_r:system_file:s0
• ls -Zd /system/etc/security/cacerts
• awk '{print $1}'
• selinux_context=u:object_r:system_security_cacerts_file:s0
• '[' -n u:object_r:system_security_cacerts_file:s0 ]
• '[' u:object_r:system_security_cacerts_file:s0 '!=' '?' ]
• chcon -R u:object_r:system_security_cacerts_file:s0 /data/adb/modules/adguardcert/system/etc/security/cacerts
• '[' -d /apex/com.android.conscrypt/cacerts ]
• rm -f /data/local/tmp/adg-ca-copy
• mkdir -p /data/local/tmp/adg-ca-copy
• mount -t tmpfs tmpfs /data/local/tmp/adg-ca-copy
• cp -f /apex/com.android.conscrypt/cacerts/01419da9.0 /apex/com.android.conscrypt/cacerts/04f60c28.0 /apex/com.android.conscrypt/cacerts/0d69c7e1.0 /apex/com.android.conscrypt/cacerts/10531352.0 /apex/com.android.conscrypt/cacerts/1ae85e5e.0 /apex/com.android.conscrypt/cacerts/1b0f7e5c.0 /apex/com.android.conscrypt/cacerts/1df5a75f.0 /apex/com.android.conscrypt/cacerts/1e1eab7c.0 /apex/com.android.conscrypt/cacerts/1e8e7201.0 /apex/com.android.conscrypt/cacerts/1ec40989.0 /apex/com.android.conscrypt/cacerts/1f58a078.0 /apex/com.android.conscrypt/cacerts/219d9499.0 /apex/com.android.conscrypt/cacerts/23f4c490.0 /apex/com.android.conscrypt/cacerts/252252d2.0 /apex/com.android.conscrypt/cacerts/2add47b6.0 /apex/com.android.conscrypt/cacerts/2d9dafe4.0 /apex/com.android.conscrypt/cacerts/302904dd.0 /apex/com.android.conscrypt/cacerts/304d27c3.0 /apex/com.android.conscrypt/cacerts/31188b5e.0 /apex/com.android.conscrypt/cacerts/33ee480d.0 /apex/com.android.conscrypt/cacerts/35105088.0 /apex/com.android.conscrypt/cacerts/399e7759.0 /apex/com.android.conscrypt/cacerts/3ad48a91.0 /apex/com.android.conscrypt/cacerts/3c860d51.0 /apex/com.android.conscrypt/cacerts/3c899c73.0 /apex/com.android.conscrypt/cacerts/3c9a4d3b.0 /apex/com.android.conscrypt/cacerts/3e7271e8.0 /apex/com.android.conscrypt/cacerts/41a3f684.0 /apex/com.android.conscrypt/cacerts/455f1b52.0 /apex/com.android.conscrypt/cacerts/48a195d8.0 /apex/com.android.conscrypt/cacerts/4be590e0.0 /apex/com.android.conscrypt/cacerts/4c3982f2.0 /apex/com.android.conscrypt/cacerts/5046c355.0 /apex/com.android.conscrypt/cacerts/52b525c7.0 /apex/com.android.conscrypt/cacerts/53a1b57a.0 /apex/com.android.conscrypt/cacerts/583d0756.0 /apex/com.android.conscrypt/cacerts/5a3f0ff8.0 /apex/com.android.conscrypt/cacerts/5acf816d.0 /apex/com.android.conscrypt/cacerts/5f47b495.0 /apex/com.android.conscrypt/cacerts/5f9a69fa.0 /apex/com.android.conscrypt/cacerts/5fdd185d.0 /apex/com.android.conscrypt/cacerts/60afe812.0 /apex/com.android.conscrypt/cacerts/6187b673.0 /apex/com.android.conscrypt/cacerts/63a2c897.0 /apex/com.android.conscrypt/cacerts/69105f4f.0 /apex/com.android.conscrypt/cacerts/6b03dec0.0 /apex/com.android.conscrypt/cacerts/6f7454b3.0 /apex/com.android.conscrypt/cacerts/75680d2e.0 /apex/com.android.conscrypt/cacerts/76579174.0 /apex/com.android.conscrypt/cacerts/7892ad52.0 /apex/com.android.conscrypt/cacerts/7a7c655d.0 /apex/com.android.conscrypt/cacerts/7a819ef2.0 /apex/com.android.conscrypt/cacerts/81b9768f.0 /apex/com.android.conscrypt/cacerts/82223c44.0 /apex/com.android.conscrypt/cacerts/83e9984f.0 /apex/com.android.conscrypt/cacerts/85cde254.0 /apex/com.android.conscrypt/cacerts/86212b19.0 /apex/com.android.conscrypt/cacerts/869fbf79.0 /apex/com.android.conscrypt/cacerts/8794b4e3.0 /apex/com.android.conscrypt/cacerts/882de061.0 /apex/com.android.conscrypt/cacerts/88950faa.0 /apex/com.android.conscrypt/cacerts/89c02a45.0 /apex/com.android.conscrypt/cacerts/8d6437c3.0 /apex/com.android.conscrypt/cacerts/9282e51c.0 /apex/com.android.conscrypt/cacerts/9339512a.0 /apex/com.android.conscrypt/cacerts/93851c9e.0 /apex/com.android.conscrypt/cacerts/9479c8c3.0 /apex/com.android.conscrypt/cacerts/9576d26b.0 /apex/com.android.conscrypt/cacerts/9591a472.0 /apex/com.android.conscrypt/cacerts/95aff9e3.0 /apex/com.android.conscrypt/cacerts/9685a493.0 /apex/com.android.conscrypt/cacerts/985c1f52.0 /apex/com.android.conscrypt/cacerts/99e1b953.0 /apex/com.android.conscrypt/cacerts/9aef356c.0 /apex/com.android.conscrypt/cacerts/9d6523ce.0 /apex/com.android.conscrypt/cacerts/a2c66da8.0 /apex/com.android.conscrypt/cacerts/a3896b44.0 /apex/com.android.conscrypt/cacerts/a716d4ed.0 /apex/com.android.conscrypt/cacerts/a81e292b.0 /apex/com.android.conscrypt/cacerts/a9d40e02.0 /apex/com.android.conscrypt/cacerts/ab5346f4.0 /apex/com.android.conscrypt/cacerts/ab59055e.0 /apex/com.android.conscrypt/cacerts/b0ed035a.0 /apex/com.android.conscrypt/cacerts/b0f3e76e.0 /apex/com.android.conscrypt/cacerts/b30d5fda.0 /apex/com.android.conscrypt/cacerts/b3fb433b.0 /apex/com.android.conscrypt/cacerts/b74d2bd5.0 /apex/com.android.conscrypt/cacerts/b7db1890.0 /apex/com.android.conscrypt/cacerts/b872f2b4.0 /apex/com.android.conscrypt/cacerts/b92fd57f.0 /apex/com.android.conscrypt/cacerts/b936d1c6.0 /apex/com.android.conscrypt/cacerts/bc3f2570.0 /apex/com.android.conscrypt/cacerts/bd43e1dd.0 /apex/com.android.conscrypt/cacerts/bdacca6f.0 /apex/com.android.conscrypt/cacerts/bf64f35b.0 /apex/com.android.conscrypt/cacerts/c44cc0c0.0 /apex/com.android.conscrypt/cacerts/c491639e.0 /apex/com.android.conscrypt/cacerts/c559d742.0 /apex/com.android.conscrypt/cacerts/c7f1359b.0 /apex/com.android.conscrypt/cacerts/c90bc37d.0 /apex/com.android.conscrypt/cacerts/cb1c3204.0 /apex/com.android.conscrypt/cacerts/ccc52f49.0 /apex/com.android.conscrypt/cacerts/cf701eeb.0 /apex/com.android.conscrypt/cacerts/d06393bb.0 /apex/com.android.conscrypt/cacerts/d16a5865.0 /apex/com.android.conscrypt/cacerts/d16a5865.1 /apex/com.android.conscrypt/cacerts/d18e9066.0 /apex/com.android.conscrypt/cacerts/d39b0a2c.0 /apex/com.android.conscrypt/cacerts/d41b5e2a.0 /apex/com.android.conscrypt/cacerts/d4c339cb.0 /apex/com.android.conscrypt/cacerts/d59297b8.0 /apex/com.android.conscrypt/cacerts/d7746a63.0 /apex/com.android.conscrypt/cacerts/d96b65e2.0 /apex/com.android.conscrypt/cacerts/da7377f6.0 /apex/com.android.conscrypt/cacerts/dbc54cab.0 /apex/com.android.conscrypt/cacerts/dbff3a01.0 /apex/com.android.conscrypt/cacerts/dc99f41e.0 /apex/com.android.conscrypt/cacerts/dfc0fe80.0 /apex/com.android.conscrypt/cacerts/e13665f9.0 /apex/com.android.conscrypt/cacerts/e442e424.0 /apex/com.android.conscrypt/cacerts/e48193cf.0 /apex/com.android.conscrypt/cacerts/e7c037b4.0 /apex/com.android.conscrypt/cacerts/e8651083.0 /apex/com.android.conscrypt/cacerts/ed39abd0.0 /apex/com.android.conscrypt/cacerts/edcbddb5.0 /apex/com.android.conscrypt/cacerts/ee532fd5.0 /apex/com.android.conscrypt/cacerts/f013ecaf.0 /apex/com.android.conscrypt/cacerts/f058632f.0 /apex/com.android.conscrypt/cacerts/f0cd152c.0 /apex/com.android.conscrypt/cacerts/f459871d.0 /apex/com.android.conscrypt/cacerts/f8fc53da.0 /apex/com.android.conscrypt/cacerts/fb5fa911.0 /apex/com.android.conscrypt/cacerts/fd08c599.0 /apex/com.android.conscrypt/cacerts/fde84897.0 /data/local/tmp/adg-ca-copy/
• cp -f /data/misc/user/0/cacerts-added/0f4ed297.0 /data/local/tmp/adg-ca-copy
• chown -R 0:0 /data/local/tmp/adg-ca-copy
• set_context /apex/com.android.conscrypt/cacerts /data/local/tmp/adg-ca-copy
• getenforce
• '[' Enforcing '=' Enforcing ]
• default_selinux_context=u:object_r:system_file:s0
• ls -Zd /apex/com.android.conscrypt/cacerts
• awk '{print $1}'
• selinux_context=u:object_r:system_security_cacerts_file:s0
• '[' -n u:object_r:system_security_cacerts_file:s0 ]
• '[' u:object_r:system_security_cacerts_file:s0 '!=' '?' ]
• chcon -R u:object_r:system_security_cacerts_file:s0 /data/local/tmp/adg-ca-copy
• ls -1 /data/local/tmp/adg-ca-copy
• wc -l
• CERTS_NUM=135
• '[' 135 -gt 10 ]
• mount --bind /data/local/tmp/adg-ca-copy /apex/com.android.conscrypt/cacerts
• umount /data/local/tmp/adg-ca-copy
• rmdir /data/local/tmp/adg-ca-copy

adguardcert.txt
magisk_install_log_2023-12-28T13.53.50.log

AdGuard 4.4.1 (NIGHTLY)
Pixel 7 Pro, Android 14
Magisk Canary 26.4 (26404) (65207f96)

Magisk (65207f96) (26404) changes:

[SEPolicy] Update libsepol to properly set some policy config bits
[MagiskBoot] Support compressing  init  so Magisk is installable on devices with small boot partitions
[ResetProp] Add new wait for property feature  resetprop -w 

Diffs to v26.4

[Zygisk] Introduce new code injection mechanism
[Zygisk] Support new signature introduced in U QPR2
[SEPolicy] Update libsepol to properly set some policy config bits
[MagiskBoot] Support compressing  init  so Magisk is installable on devices with small boot partitions

[privacyguy123]

I saw this on Alpha a good few versions ago and got no help. Github is almost completely inactive.

As far as I can see the module is moving the certs to the right folder but the app is unable to detect this.

[innit86]

I saw this on Alpha a good few versions ago and got no help. Github is almost completely inactive.

As far as I can see the module is moving the certs to the right folder but the app is unable to detect this.

I don't expect any help from them beyond the usual "no issue here" or "can't reproduce" but still thought it'd be wise to let others know that there's a problem.

Btw. if the certificate was moved correctly then it should be present in system store, right? But it's not there.

[privacyguy123]

I think it's symlinked or something because I can get it to "work" on Delta but the certs aren't on that list either.

[WindSpiritSR]

@innit86 Android 14 blocks modification of system certificates, even as root
but you can try this module
https://github.com/WindSpiritSR/CustomCACert

[sfionov]

@innit86 @privacyguy123 Can you try new beta?

https://github.com/AdguardTeam/adguardcert/releases/tag/v2.1-beta1

[innit86]

@innit86 @privacyguy123 Can you try new beta?

https://github.com/AdguardTeam/adguardcert/releases/tag/v2.1-beta1

It works.

[Keinta15]

Works over here too,

[sfionov]

New module version v2.1 is out with this fix