Container: Scripted builds

I had a hard time following the [Build
Guide](https://divestos.org/pages/build) and IMO a script does a much
better job of removing the ambiguity and is more likely to be updated
if it fails. Per
https://github.com/Divested-Mobile/DivestOS-Website/issues/40 I think
this script, as documentation, makes it much more clear what it means to
"color in the lines" and suggests an efficient way of doing so. I'd like
to update the Build Guide too, but I wanted to get your feedback on some
of this first.

The main thing I'm not thrilled with is that the workspace needs to be
patched and reset twice (if I understand correctly). I got this notion
from your guidance on a Reddit post a couple months back which I can't
find now that Reddit seems to have taken down your content.
Unfortunately I don't recall the details but the basic issue is that
generating the signing keys was giving an error and the solution was to
patch the workspace. But one of the workspace patching "phases" is to
copy the keys to the kernel and this fails if the keys don't exist yet.
So it's not clear how to get around doing this step twice.

A couple notes on future work:
- How to do incremental updates? There's no story on this yet and I
  haven't looked into it.
- I found a wealth of information on building android in docker in this
  repository: https://github.com/lineageos4microg/docker-lineage-cicd.
  It might be worth considering trying to integrate DivestOS into that
  project or building on top of their image.
This commit is contained in:
ryneeverett 2024-07-26 17:30:33 -04:00 committed by SkewedZeppelin
parent 8216403729
commit 3999fe1e1f
4 changed files with 164 additions and 0 deletions

View File

@ -28,6 +28,8 @@ RUN mkdir -p /home/$username/android \
&& mkdir -p /home/$username/.ccache \
&& chown $userid:$groupid /home/$username/.gitconfig /home/$username/android /home/$username/.ccache
COPY phase-*.sh /home/$username/
ENV HOME=/home/$username
ENV USER=$username
ENV USE_CCACHE=1

61
Container/README.md Normal file
View File

@ -0,0 +1,61 @@
1. Build image
```sh
./build-image-{podman,docker}.sh
```
2. Run container
required arguments:
- $1 - path where android build will end up
```sh
mkdir android
./run-image-{podman,docker}.sh "$(pwd)/Builds"
```
3. Proceed with build
Either proceed manually (https://divestos.org/pages/build#init) or use the scripts:
a. Setup divestos-build
```sh
# $1: version
./phase-1.sh "20.0" |& tee phase-1.log
```
b. Choose your options (optional)
```sh
nano DivestOS/Scripts/init.sh
```
c. Update description (optional)
```sh
nano DivestOS/Scripts/Generate_Signing_Keys.sh
```
d. Add vendor blobs
```sh
githuborg="" # <-- put the correct github organization here
sed -i "/github/s/\[COLOUR IN THE LINES\]/$githuborg/g" DivestOS/Build/LineageOS-20.0/.repo/local_manifests/local_manifest.xml
gitlaborg="" # <-- put the correct gitlab organization here
sed -i "/gitlab/s/\[COLOUR IN THE LINES\]/$gitlaborg/g" DivestOS/Build/LineageOS-20.0/.repo/local_manifests/local_manifest.xml
```
e. Download and Build
```sh
# $1: version
# $2: device
./phase-2.sh "20.0" "sailfish" |& tee phase-2.log
```
Note: To read logs with rendered color codes, you can use `less -r phase-2.log`.
4. Proceed with Installation
The flashable builds are now located in the build directory path you assigned above and you're ready for [installation](https://divestos.org/pages/bootloader).

44
Container/phase-1.sh Executable file
View File

@ -0,0 +1,44 @@
#!/usr/bin/env bash
version="$1" # (e.g. "20.0")
if [ "$1" = "" ]; then
echo "Missing arguments"
exit 1
fi
# Correctness
set -exo pipefail
umask 0022
# Clone
git clone https://codeberg.org/divested-mobile/divestos-build.git DivestOS
cd DivestOS
# Submodules
sed -i 's|git@gitlab.com:|https://gitlab.com/|' .git/config .gitmodules
git submodule update --init --recursive
# Basic directories
mkdir -p "Build/LineageOS-$version/.repo/local_manifests" Builds Signing_Keys .Signing_Keys
# Encrypted key storage
# TODO There is probably an alternative to gocryptfs which doesn't require a security
# trade-off between giving the container more privileges and encrypting the keys.
if modprobe fuse; then
gocryptfs -init .Signing_Keys
gocryptfs .Signing_Keys/ Signing_Keys/
else
echo "WARNING: gocryptfs failed. Signing keys will not be encrypted!"
fi
# Update paths
# https://backreference.org/2009/12/09/using-shell-variables-in-sed/index.html
safe_pattern=$(printf '%s\n' "$(pwd)" | sed 's/[[\.*^$/]/\\&/g')
sed -i "s/\(^export DOS_WORKSPACE_ROOT=\).*/\1\"$safe_pattern\"/" Scripts/init.sh
safe_pattern=$(printf '%s\n' "$(pwd)/Builds" | sed 's/[[\.*^$/]/\\&/g')
sed -i "s/\(^export DOS_BUILDS=\).*/\1\"$safe_pattern\"/" Scripts/init.sh
# Add the initial manifest
cd "Build/LineageOS-$version/"
cat "../../Manifests/Manifest_LAOS-$version.xml" > .repo/local_manifests/local_manifest.xml

57
Container/phase-2.sh Executable file
View File

@ -0,0 +1,57 @@
#!/usr/bin/env bash
set -exo pipefail
version="$1" # (e.g. "20.0")
device="$2" # (e.g. "sailfish")
if [ "$2" = "" ]; then
echo "Missing arguments"
exit 1
fi
cd "DivestOS/Build/LineageOS-$version"
# Download
repo init -u https://github.com/LineageOS/android.git -b "lineage-$version" --git-lfs
repo forall --ignore-missing -vc "git reset --hard"
repo sync --fail-fast
# Prepare workspace
if [ "$(echo "$version < 20.0" | bc -l)" = 1 ]; then
virtualenv venv --python=python2
fi
source ../../Scripts/init.sh
# Patch Workspace so keys can be generated.
resetWorkspace
rm -rf packages/apps/Fennec_DOS-Shim/ vendor/divested/ vendor/fdroid_prebuilt/ packages/apps/SupportDivestOS/
rm -rf out
patchWorkspace
# Generate signing keys
if [ "$(echo "$version > 20.0" | bc -l)" = 1 ]; then
awk -i inplace '!/enforce-product-packages-exist-internal/' vendor/lineage/config/common.mk
fi
source build/envsetup.sh
breakfast "lineage_$device-user"
make -j20 generate_verity_key
sh "$DOS_WORKSPACE_ROOT/Scripts/Generate_Signing_Keys.sh" "$device"
mv -nv "$DOS_SIGNING_KEYS/NEW/"* "$DOS_SIGNING_KEYS/"
# Patch Workspace
resetWorkspace
rm -rf packages/apps/Fennec_DOS-Shim/ vendor/divested/ vendor/fdroid_prebuilt/ packages/apps/SupportDivestOS/
rm -rf out
successpattern="\[SCRIPT COMPLETE\]"
successes=$(patchWorkspace |& tee /dev/stderr | grep -c "$successpattern")
# Verify the changes applied
expected=$(grep -c "$successpattern" "$DOS_WORKSPACE_ROOT/Logs/patchWorkspace-LineageOS-$version.log")
if [ "$successes" != "$expected" ]; then
echo "Expected $expected '[SCRIPT COMPLETE]' lines but only found $successes."
exit 1
fi
# Build
buildDevice "$device"