commit febfe1291b5f2c2eb8288deaaf8dd06f958466a5 Author: Dmitriy Kholkin Date: Wed Apr 12 01:00:27 2023 +0300 initial version diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..d993ad7 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,3 @@ +* +!Dockerfile +!configs \ No newline at end of file diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3d8d75c --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +* +!Dockerfile +!configs +!.envrc +!flake.lock +!flake.nix diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..070de36 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,32 @@ +FROM greyltc/archlinux-aur:yay + +ARG JDK=jdk11-openjdk +ARG UID=1000 +ARG GID=100 +ARG UNAME=divestos +ENV BASE_DIR=/android + +RUN echo -e "[multilib]\nInclude = /etc/pacman.d/mirrorlist" >> /etc/pacman.conf + +RUN groupadd -g $GID -o $UNAME \ + && useradd -m -u $UID -g $GID -o -G wheel -s /bin/bash $UNAME \ + && echo "$UNAME ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \ + && mkdir $BASE_DIR && chown $UID:$GID $BASE_DIR + +RUN sudo -u $UNAME -D~ bash -c \ + "yay -Syu --removemake --needed --noprogressbar --noconfirm \ + clamav clamav-unofficial-sigs nano gnupg bash-completion \ + $JDK jack2 openssh gocryptfs wget git git-lfs \ + ttf-dejavu ttf-fira-sans lineageos-devel" \ + && paccache -rk0 + +RUN set -ex; git config --global color.ui true; \ + echo "source /etc/profile.d/init.sh" >> /etc/bash.bashrc + +COPY configs/default.env configs/init.sh /etc/profile.d/ +COPY configs/divestos /bin +RUN chmod +x /bin/divestos + +USER $UNAME +WORKDIR $BASE_DIR +CMD [ "/bin/bash", "-c", "divestos init; /bin/bash" ] diff --git a/configs/default.env b/configs/default.env new file mode 100644 index 0000000..c701a8b --- /dev/null +++ b/configs/default.env @@ -0,0 +1,64 @@ +#!/bin/bash + +############################ +# CONFIGURABLE OPTIONS +# +DEVICE=vayu +DOS_AVB_BUILD=true + +GIT_USER_NAME= +GIT_USER_EMAIL= + +# Volume where dir is going to be mounted +BASE_DIR=/android + +# enable caching for faster builds +USE_CCACHE=1 +CCACHE_COMPRESS=true +CCACHE_COMPRESSLEVEL=1 +CCACHE_MAX_SIZE=25G + +# cache dir inside the container +CCACHE_DIR="$BASE_DIR/ccache" + +GPG_KEY_FILE="$BASE_DIR/keys.gpg" +GPG_PASSWORD= + +GNUPGHOME="$BASE_DIR/.gnupg" + +# LineageOS repo options +LINEAGEOS_VERSION=19.1 +LINEAGEOS_REPO=https://github.com/LineageOS/android.git +LINEAGEOS_BRANCH=lineage-$LINEAGEOS_VERSION + +PROPRIETARY_BLOBS_DIR=$BASE_DIR/$DEVICE-blobs +PROPRIETARY_BLOBS_REPO=https://code.ataraxiadev.com/AtaraxiaDev/lineageos-devices-proprietary-files.git +PROPRIETARY_BLOBS_BRANCH=$DEVICE-$LINEAGEOS_VERSION +# path to your device folder, relative to LineageOS repo, that contains 'extract-files.sh' file +# for example: device/xiaomi/vayu +LINEAGEOS_DEVICE_DIR="device/xiaomi/vayu" + +# DivestOS init script configurable options +DIVESTOS_REPO=https://code.ataraxiadev.com/AtaraxiaDev/divestos-build.git +DOS_WORKSPACE_ROOT=$BASE_DIR"/divestos/" +DOS_BUILDS=$BASE_DIR"/builds/" +DOS_SIGNING_KEYS=$DOS_WORKSPACE_ROOT"/Signing_Keys/" +DOS_SIGNING_GPG=$GNUPGHOME +DOS_REMOVE_AFTER=true +DOS_REMOVE_AFTER_FULL=false +DOS_GPG_SIGNING=true +DOS_GPG_SIGNING_KEY= +DOS_BRANDING_SERVER_OTA= +DOS_BRANDING_SERVER_OTA_ONION= +DOS_MICROG_INCLUDED=FULL +# if you want to use custom local_manifest +# LOCALMANIFEST_PATH=$BASE_DIR/local_manifest.xml +LOCALMANIFEST_PATH= +# or you can use repo, instead of file +LOCAL_MANIFEST_REPO=https://code.ataraxiadev.com/AtaraxiaDev/divestos-local-manifests.git +LOCAL_MANIFEST_BRANCH=$DEVICE + + +# Use gocryptfs for storing your signing keys. Enabled if password is set +GOCRYPTFS_PASS= +GOCRYPTFS_DIR=$DOS_WORKSPACE_ROOT"/.Signing_Keys" \ No newline at end of file diff --git a/configs/init.sh b/configs/init.sh new file mode 100644 index 0000000..50394bf --- /dev/null +++ b/configs/init.sh @@ -0,0 +1,37 @@ +#!/bin/bash -li + +# source custom env variables +# avoid overwriting env variables set using '-e' or '--env-file' on docker run +# https://docs.docker.com/engine/reference/commandline/run/#set-environment-variables--e-env-env-file + +# backups current environment +# WARN: docker's --env-file parameters doesnt interpret the env file in a bash-like way +# see this issue: https://github.com/moby/moby/issues/26009 +# we decide to unescape first and last double quotes (we leave the remaining as is) +# we also unescape ALL $ signs +declare -px | sed -e 's/"\\"/"/g; s/\\""/"/g; s/\\\$/\$/g' > /tmp/current.env + +# set all sourced variables to be automatically exported +set -o allexport + +# loads default env file +source /etc/profile.d/default.env + +set +o allexport +# any variable that was set before will now go back in place :) +source /tmp/current.env +rm -f /tmp/current.env + +# remounting $BASE_DIR without noexec option +if cat /proc/mounts | grep $BASE_DIR | grep -q 'noexec'; then + sudo mount -o remount,exec $BASE_DIR + # fixes permissions for mounted dir + sudo chown $USER -R $BASE_DIR +fi + +# add colored alias to ls +alias ls='ls --color' +alias l='ls -lah --color --group-directories-first' + +# add a alias so source is done automagically +alias divestos='source /bin/divestos' \ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..0cb7d2d --- /dev/null +++ b/flake.lock @@ -0,0 +1,64 @@ +{ + "nodes": { + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1675295133, + "narHash": "sha256-dU8fuLL98WFXG0VnRgM00bqKX6CEPBLybhiIDIgO45o=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "bf53492df08f3178ce85e0c9df8ed8d03c030c9f", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1675763311, + "narHash": "sha256-bz0Q2H3mxsF1CUfk26Sl9Uzi8/HFjGFD/moZHz1HebU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fab09085df1b60d6a0870c8a89ce26d5a4a708c2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1675183161, + "narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..98e63ad --- /dev/null +++ b/flake.nix @@ -0,0 +1,38 @@ +{ + inputs = { + flake-parts.url = "github:hercules-ci/flake-parts"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + + outputs = inputs@{ flake-parts, ... }: + flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ "x86_64-linux" ]; + perSystem = { config, self', inputs', pkgs, system, ... }: + let + image-tag = "ataraxiadev/docker-divestos:latest"; + secrets-env = "./secrets.env"; + # cmd-line-options = ""; + git-email = "ataraxiadev@ataraxiadev.com"; + git-name = "AtaraxiaDev"; + in rec { + packages = { + image-build = pkgs.writeShellScriptBin "image-build" '' + docker build --force-rm --tag ${image-tag} . + ''; + image-run = pkgs.writeShellScriptBin "image-run" '' + docker run -it --rm --name docker-divestos \ + --ipc=host --device /dev/fuse --cap-add SYS_ADMIN \ + -e GIT_USER_NAME=${git-name} -e GIT_USER_EMAIL=${git-email} \ + -e DOS_REMOVE_AFTER=false -v $(pwd)/android:/android \ + --env-file ${secrets-env} ${image-tag} "$@" + ''; + # --security-opt seccomp=unconfined + default = packages.image-run; + }; + devShells.default = pkgs.mkShell { + name = "divestos-terminal"; + packages = with packages; [ image-build image-run ]; + }; + }; + }; +} \ No newline at end of file