diff --git a/Container/Dockerfile b/Container/Dockerfile
index d1e7f136..04e0b0bb 100644
--- a/Container/Dockerfile
+++ b/Container/Dockerfile
@@ -28,6 +28,8 @@ RUN mkdir -p /home/$username/android \
  && mkdir -p /home/$username/.ccache \
  && chown $userid:$groupid /home/$username/.gitconfig /home/$username/android /home/$username/.ccache
 
+COPY phase-*.sh /home/$username/
+
 ENV HOME=/home/$username
 ENV USER=$username
 ENV USE_CCACHE=1
diff --git a/Container/README.md b/Container/README.md
new file mode 100644
index 00000000..07e5c64f
--- /dev/null
+++ b/Container/README.md
@@ -0,0 +1,61 @@
+1. Build image
+
+```sh
+./build-image-{podman,docker}.sh
+```
+
+2. Run container
+
+required arguments:
+- $1 - path where android build will end up
+
+```sh
+mkdir android
+./run-image-{podman,docker}.sh "$(pwd)/Builds"
+```
+
+3. Proceed with build
+
+Either proceed manually (https://divestos.org/pages/build#init) or use the scripts:
+
+  a. Setup divestos-build
+
+    ```sh
+    # $1: version
+    ./phase-1.sh "20.0" |& tee phase-1.log
+    ```
+
+  b. Choose your options (optional)
+
+    ```sh
+    nano DivestOS/Scripts/init.sh
+    ```
+
+  c. Update description (optional)
+
+    ```sh
+    nano DivestOS/Scripts/Generate_Signing_Keys.sh
+    ```
+
+  d. Add vendor blobs
+
+    ```sh
+    githuborg=""  # <-- put the correct github organization here
+    sed -i "/github/s/\[COLOUR IN THE LINES\]/$githuborg/g" DivestOS/Build/LineageOS-20.0/.repo/local_manifests/local_manifest.xml
+    gitlaborg=""  # <-- put the correct gitlab organization here
+    sed -i "/gitlab/s/\[COLOUR IN THE LINES\]/$gitlaborg/g" DivestOS/Build/LineageOS-20.0/.repo/local_manifests/local_manifest.xml
+    ```
+
+  e. Download and Build
+
+    ```sh
+    # $1: version
+    # $2: device
+    ./phase-2.sh "20.0" "sailfish" |& tee phase-2.log
+    ```
+
+    Note: To read logs with rendered color codes, you can use `less -r phase-2.log`.
+
+4. Proceed with Installation
+
+The flashable builds are now located in the build directory path you assigned above and you're ready for [installation](https://divestos.org/pages/bootloader).
diff --git a/Container/phase-1.sh b/Container/phase-1.sh
new file mode 100755
index 00000000..ec93880e
--- /dev/null
+++ b/Container/phase-1.sh
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+version="$1"  # (e.g. "20.0")
+
+if [ "$1" = "" ]; then
+  echo "Missing arguments"
+  exit 1
+fi
+
+# Correctness
+set -exo pipefail
+umask 0022
+
+# Clone
+git clone https://codeberg.org/divested-mobile/divestos-build.git DivestOS
+cd DivestOS
+
+# Submodules
+sed -i 's|git@gitlab.com:|https://gitlab.com/|' .git/config .gitmodules
+git submodule update --init --recursive
+
+# Basic directories
+mkdir -p "Build/LineageOS-$version/.repo/local_manifests" Builds Signing_Keys .Signing_Keys
+
+# Encrypted key storage
+# TODO There is probably an alternative to gocryptfs which doesn't require a security
+# trade-off between giving the container more privileges and encrypting the keys.
+if modprobe fuse; then
+  gocryptfs -init .Signing_Keys
+  gocryptfs .Signing_Keys/ Signing_Keys/
+else
+  echo "WARNING: gocryptfs failed. Signing keys will not be encrypted!"
+fi
+
+# Update paths
+# https://backreference.org/2009/12/09/using-shell-variables-in-sed/index.html
+safe_pattern=$(printf '%s\n' "$(pwd)" | sed 's/[[\.*^$/]/\\&/g')
+sed -i "s/\(^export DOS_WORKSPACE_ROOT=\).*/\1\"$safe_pattern\"/" Scripts/init.sh
+safe_pattern=$(printf '%s\n' "$(pwd)/Builds" | sed 's/[[\.*^$/]/\\&/g')
+sed -i "s/\(^export DOS_BUILDS=\).*/\1\"$safe_pattern\"/" Scripts/init.sh
+
+# Add the initial manifest
+cd "Build/LineageOS-$version/"
+cat "../../Manifests/Manifest_LAOS-$version.xml" > .repo/local_manifests/local_manifest.xml
diff --git a/Container/phase-2.sh b/Container/phase-2.sh
new file mode 100755
index 00000000..42fb2606
--- /dev/null
+++ b/Container/phase-2.sh
@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+
+set -exo pipefail
+
+version="$1"  # (e.g. "20.0")
+device="$2"  # (e.g. "sailfish")
+
+if [ "$2" = "" ]; then
+  echo "Missing arguments"
+  exit 1
+fi
+
+cd "DivestOS/Build/LineageOS-$version"
+
+# Download
+repo init -u https://github.com/LineageOS/android.git -b "lineage-$version" --git-lfs
+repo forall --ignore-missing -vc "git reset --hard"
+repo sync --fail-fast
+
+# Prepare workspace
+if [ "$(echo "$version < 20.0" | bc -l)" = 1 ]; then
+  virtualenv venv --python=python2
+fi
+source ../../Scripts/init.sh
+
+# Patch Workspace so keys can be generated.
+resetWorkspace
+rm -rf packages/apps/Fennec_DOS-Shim/ vendor/divested/ vendor/fdroid_prebuilt/ packages/apps/SupportDivestOS/
+rm -rf out
+patchWorkspace
+
+# Generate signing keys
+if [ "$(echo "$version > 20.0" | bc -l)" = 1 ]; then
+  awk -i inplace '!/enforce-product-packages-exist-internal/' vendor/lineage/config/common.mk
+fi
+source build/envsetup.sh
+breakfast "lineage_$device-user"
+make -j20 generate_verity_key
+sh "$DOS_WORKSPACE_ROOT/Scripts/Generate_Signing_Keys.sh" "$device"
+mv -nv "$DOS_SIGNING_KEYS/NEW/"* "$DOS_SIGNING_KEYS/"
+
+# Patch Workspace
+resetWorkspace
+rm -rf packages/apps/Fennec_DOS-Shim/ vendor/divested/ vendor/fdroid_prebuilt/ packages/apps/SupportDivestOS/
+rm -rf out
+successpattern="\[SCRIPT COMPLETE\]"
+successes=$(patchWorkspace |& tee /dev/stderr | grep -c "$successpattern")
+
+# Verify the changes applied
+expected=$(grep -c "$successpattern" "$DOS_WORKSPACE_ROOT/Logs/patchWorkspace-LineageOS-$version.log")
+if [ "$successes" != "$expected" ]; then
+  echo "Expected $expected '[SCRIPT COMPLETE]' lines but only found $successes."
+  exit 1
+fi
+
+# Build
+buildDevice "$device"