Entertainment at it's peak. The news is by your side.

Robotnix: Configurable and reproducible Android (AOSP) builds


Robotnix enables a user to bear Android (AOSP) shots the utilize of the Nix package manager.
AOSP initiatives generally hang lengthy and delicate bear directions requiring a diversity of tools for fetching source code and executing the bear.
This is applicable no longer most involving to Android itself, but also to initiatives that are to be incorporated within the Android bear, a lot like the Linux kernel, Chromium webview, MicroG, other exterior/prebuilt privileged apps, etc.
Robotnix orchestrates the replacement bear tools all over these a pair of initiatives the utilize of Nix, inheriting its reliability and reproducibility advantages, and consequently making the bear and signing task rather easy for an stop-user.

Robotnix incorporates a NixOS-vogue module machine which enables users to simply customise assorted features of the their builds.
Some non-well-known modules embrace:

  • Vanilla Android 10 AOSP encourage (for Pixel devices)
  • GrapheneOS encourage
  • Experimental LineageOS encourage
  • Signed builds for verified boot (dm-verity/AVB) and re-locking the bootloader with a user-specified key
  • Apps: F-Droid (including the privileged extention for automatic set up/updating), Auditor, Seedvault Backup
  • Browser / Webview: Chromium, Bromite, Vanadium
  • Seamless OTA updates
  • MicroG
  • Obvious google apps (at the 2d true stuff for Google Fi)
  • With out thunder environment assorted framework configuration settings a lot like these stumbled on here
  • Custom-made built kernels
  • Custom-made /etc/hosts file
  • Extracting vendor blobs from Google’s shots the utilize of android-prepare-vendor

Future targets embrace:

  • Enhance for extra flavors and devices
  • Larger documentation, especially for module solutions
  • Steady integration / testing for assorted devices
  • Automating CTS (Compatibility Take a look at Suite) delight in nixos tests.
  • Computerized verification of bear reproducibility
  • Changing android prebuilt toolchains with nixpkgs equivalents.

This has at the 2d most involving been examined on crosshatch (Pixel 3 XL, my day-to-day driver) and marlin (Pixel XL, which is now deprecated by google and now no longer receiving updates).

Posthaste Originate

Here is a single expose to bear an img which is in a location to be flashed onto a instrument.

$ nix-bear "" 
    --arg configuration '{ instrument="crosshatch"; flavor="vanilla"; }' 
    -A img

The expose above will bear a portray signed with take a look at-keys, so positively develop no longer utilize this for something intended to be stable.
To flash the result to your instrument, run fastboot change -w .


The AOSP mission requires as a minimum 250GB free disk residence as effectively as 16GB RAM.
A fashioned bear requires roughly 40GB free disk residence to take a look at out the android source, 14GB for chromium, plus some extra free residence for intermediate bear merchandise.
Guarantee your /tmp is no longer mounted the utilize of tmpfs, since the intermediate builds merchandise are very quickly-witted and would per chance perchance well simply utilize your total RAM (even as soon as you hang 32GB)!
A user can utilize the --cores possibility for nix-bear to subject the need of cores to
utilize, which is in a location to even be functional to lower parallelism in case reminiscence usage of
clear bear steps is too quickly-witted.

A rotund Android 10 bear with chromium webview takes roughly 10 hours on my quad-core i7-3770 with 16GB of reminiscence.
AOSP takes roughly 4 hours of that, while webview takes roughly 6 hours.
I actually hang just today upgraded to a 3970x Threadripper with 32-cores.
This could occasionally even bear chromium+android in about an hour.

Configuration and Agree with Choices

A configuration file hang to be created for something extra delicate, including growing signed builds.
Gawk my occupy configuration underneath example.nix for inspiration.
After growing a configuration file, generate keys for your instrument:

$ nix-bear ./default.nix --arg configuration ./crosshatch.nix -A generateKeysScript -o generate-keys
$ mkdir keys/crosshatch
$ cd keys/crosshatch
$ ../../generate-keys
$ cd ../..

Next, bear and rate your delivery.
There are two ways to achieve this.
The first possibility includes growing a “delivery script” which does the final bear steps of signing target recordsdata and growing ota/img recordsdata outdoor of nix:

$ nix-bear ./default.nix --arg configuration ./crosshatch.nix -A releaseScript -o delivery
$ ./delivery ./keys/crosshatch

One ideally nice thing about the utilize of a delivery script as above is that the bear can happen on a assorted machine than the signing.
nix-copy-closure shall be passe to transfer this script and its dependencies to but any other computer to bear the initiating.

The different possibility is to bear the final merchandise totally interior nix as adversarial to the utilize of releaseScript

$ nix-bear ./default.nix --arg configuration ./crosshatch.nix -A img --possibility further-sandbox-paths /keys=$(pwd)/keys

This, on the opposite hand, will require a nix sandbox exception so the key keys come in to the bear scripts.
To utilize further-sandbox-paths, the user hang to be a relied on-user in nix.conf.

Checking out / CI / Reproducibility

All devices (Pixel 1-4(a) (XL)) hang very favorite exams to carry out clear the android bear task will as a minimum initiate properly.
Gawk delivery.nix for the subject of configurations with this minimal bear testing.
This take a look at is run the utilize of nix-bear ./delivery.nix -A take a look at.
As each and each bear takes roughly 4 hours–I most involving bear marlin and crosshatch builds for myself.
Sooner or later, I’d fancy to subject up a bear farm and submit bear merchandise on s3 or cachix.
This would enable an stop-user to simply rate releases the utilize of their very occupy keys without constructing your total AOSP themselves.

As of 2020-05-17, target_files, signed_target_files, img, and ota recordsdata hang all been verified to be bit-for-bit reproducible for crosshatch and marlin the utilize of the vanilla flavor.
Automatic periodic testing of here is light desired.

One possibility being investigated is to hang a pair of self sustaining a ways-off builders acquire unsigned target recordsdata for a necessity of instrument and flavor combos.
An stop-user would per chance perchance presumably then examine that the builders produced the identical unsigned target recordsdata, and bear the task by signing the target recordsdata and producing their very occupy img and ota recordsdata.
This eliminates the requirement for an stop-user to utilize hours constructing android.

There are, on the opposite hand, a pair of locations the save user-particular public keys are incorporated within the bear for key pinning.
This unfortunately decreases the doable for sharing bear merchandise between users.
The F-Droid privileged extension and Trichrome (disabled for now) are two formula which hang this concern.
Fixes for this are light underneath investigation.

LineageOS Enhance

LineageOS encourage is also enabled by environment flavor = "lineageos";.
The fashioned LineageOS flashing task includes first producing a boot.img and ota, flashing boot.img with fastboot, after which flashing the ota in restoration mode.
The boot.img and ota targets shall be built the utilize of nix-bear ... -A bootImg or nix-bear ... -A ota, respectively.

LineageOS encourage hang to be conception to be “experimental,” because it does but hang the identical stage of encourage I intend to produce for vanilla and grapheneos flavors.
LineageOS source metadata is also up so a ways irregularly in robotnix, and clear modules (a lot like the updater) are no longer assured to work.
Furthermore, LineageOS does no longer appear to produce the identical stage of security as even the vanilla flavor, with dm-verity/AVB generally disabled, userdebug as the default variant, and vendor recordsdata with unclear starting save.
LineageOS encourage is light treasured to embrace because it extends preliminary encourage to a noteworthy wider diversity of devices, and affords the rotten that many other Android ROMs utilize to customise.
Contributions and fixes from LineageOS users are especially welcome!


To bear and run an emulator with an linked vanilla machine image, utilize (as an illustration):

$ nix-bear ./default.nix --arg configuration '{instrument="x86_64"; flavor="vanilla";}' -A bear.emulator
$ ./result

Fetching android source recordsdata

Robotnix supports two different approaches for fetching source recordsdata:

  • Agree with-time source fetching with pkgs.fetchgit. Here is the default.
    An stop user searching to fetch sources no longer already incorporated in robotnix would
    must assemble a repo json file the utilize of and subject
    source.dirs = lib.importJSON ./example.json;
  • Evaluation-time source fetching with builtins.fetchGit.
    Here is extra convenient for increase when changing branches, because it enables utilize of a shared git cache.
    The stop user will must subject source.manifest.{url,rev,sha256} and enable source.evalTimeFetching.
    Alternatively, with builtins.fetchGit, the drvs themselves depend on the source,
    and nix-copy-closure of even true the .drv recordsdata would require downloading the source as effectively.

Extra recordsdata

No longer well-known CCACHE stuff.
As root:

# mkdir -p -m0770 /var/cache/ccache
# chown root:nixbld /var/cache/ccache
# echo max_size = 100G > /var/cache/ccache/ccache.conf

Put ccache.enable = swish in configuration, and ascertain to trudge /var/cache/ccache as a sandbox exception when constructing.

Famous mentions

Gawk also: NixDroid, RattlesnakeOS, aosp-bear, and CalyxOS

Read More

Leave A Reply

Your email address will not be published.