initial version

.dockerignore

@@ -0,0 +1,3 @@
+*
+!Dockerfile
+!configs

.envrc

@@ -0,0 +1 @@
+use flake

.gitignore

@@ -0,0 +1,6 @@
+*
+!Dockerfile
+!configs
+!.envrc
+!flake.lock
+!flake.nix

Dockerfile

@@ -0,0 +1,32 @@
+FROM greyltc/archlinux-aur:yay
+
+ARG JDK=jdk11-openjdk
+ARG UID=1000
+ARG GID=100
+ARG UNAME=divestos
+ENV BASE_DIR=/android
+
+RUN echo -e "[multilib]\nInclude = /etc/pacman.d/mirrorlist" >> /etc/pacman.conf
+
+RUN groupadd -g $GID -o $UNAME \
+    && useradd -m -u $UID -g $GID -o -G wheel -s /bin/bash $UNAME \
+    && echo "$UNAME ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
+    && mkdir $BASE_DIR && chown $UID:$GID $BASE_DIR
+
+RUN sudo -u $UNAME -D~ bash -c \
+    "yay -Syu --removemake --needed --noprogressbar --noconfirm \
+    clamav clamav-unofficial-sigs nano gnupg bash-completion \
+    $JDK jack2 openssh gocryptfs wget git git-lfs  \
+    ttf-dejavu ttf-fira-sans lineageos-devel" \
+    && paccache -rk0
+
+RUN set -ex; git config --global color.ui true; \
+    echo "source /etc/profile.d/init.sh" >> /etc/bash.bashrc
+
+COPY configs/default.env configs/init.sh /etc/profile.d/
+COPY configs/divestos /bin
+RUN chmod +x /bin/divestos
+
+USER $UNAME
+WORKDIR $BASE_DIR
+CMD [ "/bin/bash", "-c", "divestos init; /bin/bash" ]

configs/default.env

@@ -0,0 +1,64 @@
+#!/bin/bash
+
+############################
+# CONFIGURABLE OPTIONS
+#
+DEVICE=vayu
+DOS_AVB_BUILD=true
+
+GIT_USER_NAME=
+GIT_USER_EMAIL=
+
+# Volume where dir is going to be mounted
+BASE_DIR=/android
+
+# enable caching for faster builds
+USE_CCACHE=1
+CCACHE_COMPRESS=true
+CCACHE_COMPRESSLEVEL=1
+CCACHE_MAX_SIZE=25G
+
+# cache dir inside the container
+CCACHE_DIR="$BASE_DIR/ccache"
+
+GPG_KEY_FILE="$BASE_DIR/keys.gpg"
+GPG_PASSWORD=
+
+GNUPGHOME="$BASE_DIR/.gnupg"
+
+# LineageOS repo options
+LINEAGEOS_VERSION=19.1
+LINEAGEOS_REPO=https://github.com/LineageOS/android.git
+LINEAGEOS_BRANCH=lineage-$LINEAGEOS_VERSION
+
+PROPRIETARY_BLOBS_DIR=$BASE_DIR/$DEVICE-blobs
+PROPRIETARY_BLOBS_REPO=https://code.ataraxiadev.com/AtaraxiaDev/lineageos-devices-proprietary-files.git
+PROPRIETARY_BLOBS_BRANCH=$DEVICE-$LINEAGEOS_VERSION
+# path to your device folder, relative to LineageOS repo, that contains 'extract-files.sh' file
+# for example: device/xiaomi/vayu
+LINEAGEOS_DEVICE_DIR="device/xiaomi/vayu"
+
+# DivestOS init script configurable options
+DIVESTOS_REPO=https://code.ataraxiadev.com/AtaraxiaDev/divestos-build.git
+DOS_WORKSPACE_ROOT=$BASE_DIR"/divestos/"
+DOS_BUILDS=$BASE_DIR"/builds/"
+DOS_SIGNING_KEYS=$DOS_WORKSPACE_ROOT"/Signing_Keys/"
+DOS_SIGNING_GPG=$GNUPGHOME
+DOS_REMOVE_AFTER=true
+DOS_REMOVE_AFTER_FULL=false
+DOS_GPG_SIGNING=true
+DOS_GPG_SIGNING_KEY=
+DOS_BRANDING_SERVER_OTA=
+DOS_BRANDING_SERVER_OTA_ONION=
+DOS_MICROG_INCLUDED=FULL
+# if you want to use custom local_manifest
+# LOCALMANIFEST_PATH=$BASE_DIR/local_manifest.xml
+LOCALMANIFEST_PATH=
+# or you can use repo, instead of file
+LOCAL_MANIFEST_REPO=https://code.ataraxiadev.com/AtaraxiaDev/divestos-local-manifests.git
+LOCAL_MANIFEST_BRANCH=$DEVICE
+
+
+# Use gocryptfs for storing your signing keys. Enabled if password is set
+GOCRYPTFS_PASS=
+GOCRYPTFS_DIR=$DOS_WORKSPACE_ROOT"/.Signing_Keys"

configs/init.sh

@@ -0,0 +1,37 @@
+#!/bin/bash -li
+
+# source custom env variables
+# avoid overwriting env variables set using '-e' or '--env-file' on docker run
+# https://docs.docker.com/engine/reference/commandline/run/#set-environment-variables--e-env-env-file
+
+# backups current environment
+# WARN: docker's --env-file parameters doesnt interpret the env file in a bash-like way
+# see this issue: https://github.com/moby/moby/issues/26009
+# we decide to unescape first and last double quotes (we leave the remaining as is)
+# we also unescape ALL $ signs
+declare -px | sed -e 's/"\\"/"/g; s/\\""/"/g; s/\\\$/\$/g' > /tmp/current.env
+
+# set all sourced variables to be automatically exported
+set -o allexport
+
+# loads default env file
+source /etc/profile.d/default.env
+
+set +o allexport
+# any variable that was set before will now go back in place :)
+source /tmp/current.env
+rm -f /tmp/current.env
+
+# remounting $BASE_DIR without noexec option
+if cat /proc/mounts | grep $BASE_DIR | grep -q 'noexec'; then
+	sudo mount -o remount,exec $BASE_DIR
+	# fixes permissions for mounted dir
+	sudo chown $USER -R $BASE_DIR
+fi
+
+# add colored alias to ls
+alias ls='ls --color'
+alias l='ls -lah --color --group-directories-first'
+
+# add a alias so source is done automagically
+alias divestos='source /bin/divestos'

flake.lock

@@ -0,0 +1,64 @@
+{
+  "nodes": {
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1675295133,
+        "narHash": "sha256-dU8fuLL98WFXG0VnRgM00bqKX6CEPBLybhiIDIgO45o=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "bf53492df08f3178ce85e0c9df8ed8d03c030c9f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1675763311,
+        "narHash": "sha256-bz0Q2H3mxsF1CUfk26Sl9Uzi8/HFjGFD/moZHz1HebU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "fab09085df1b60d6a0870c8a89ce26d5a4a708c2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-lib": {
+      "locked": {
+        "dir": "lib",
+        "lastModified": 1675183161,
+        "narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e",
+        "type": "github"
+      },
+      "original": {
+        "dir": "lib",
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-parts": "flake-parts",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,38 @@
+{
+  inputs = {
+    flake-parts.url = "github:hercules-ci/flake-parts";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  };
+
+  outputs = inputs@{ flake-parts, ... }:
+    flake-parts.lib.mkFlake { inherit inputs; } {
+      systems = [ "x86_64-linux" ];
+      perSystem = { config, self', inputs', pkgs, system, ... }:
+      let
+        image-tag = "ataraxiadev/docker-divestos:latest";
+        secrets-env = "./secrets.env";
+        # cmd-line-options = "";
+        git-email = "ataraxiadev@ataraxiadev.com";
+        git-name = "AtaraxiaDev";
+      in rec {
+        packages = {
+          image-build = pkgs.writeShellScriptBin "image-build" ''
+            docker build --force-rm --tag ${image-tag} .
+          '';
+          image-run = pkgs.writeShellScriptBin "image-run" ''
+            docker run -it --rm --name docker-divestos \
+              --ipc=host  --device /dev/fuse --cap-add SYS_ADMIN \
+              -e GIT_USER_NAME=${git-name} -e GIT_USER_EMAIL=${git-email} \
+              -e DOS_REMOVE_AFTER=false -v $(pwd)/android:/android \
+              --env-file ${secrets-env} ${image-tag} "$@"
+          '';
+          # --security-opt seccomp=unconfined
+          default = packages.image-run;
+        };
+        devShells.default = pkgs.mkShell {
+          name = "divestos-terminal";
+          packages = with packages; [ image-build image-run ];
+        };
+      };
+    };
+}