-
Notifications
You must be signed in to change notification settings - Fork 201
Home
Welcome to the docker-lineage-cicd wiki!
A fair number of dependencies is needed to build LineageOS, plus a Linux system (and a discrete knowledge of it). With Docker we give you a minimal Linux build system with all the tools and scripts already integrated, easing considerably the creation of your own LineageOS build.
Moreover Docker runs also on Microsoft Windows and Mac OS, which means that LineageOS can be built on such platforms without requiring a dual boot system or a manual set up of a Virtual Machine.
The official Docker guides are well-written:
- Linux ([Ubuntu][docker-ubuntu], [Debian][docker-debian], [CentOS][docker-centos] and [Fedora][docker-fedora] are officially supported)
- [Windows 10/Windows Server 2016 64bit][docker-win]
- [Mac OS El Capitan 10.11 or newer][docker-mac]
Life is considerably easier if you setup Docker to allow execution by non-root users: see 'Run the Docker daemon as a non-root user'
If your Windows or Mac system doesn't satisfy the requirements (or if you have Oracle VirtualBox installed, you can use [Docker Toolbox][docker-toolbox]. Docker Toolbox is not described in this guide, but it should be very similar to the standard Docker installation.
Once you can run the [hello-world image][docker-helloworld] you're ready to
start!
Docker will produce the following files in the zips directory:
- the main ROM zip file e.g.
lineage-20.0-20230702-microG-<device-name>.zip. This file can be flashed from recovery as described in the next section - a custom recovery image (e.g.
lineage-20.0-20230702-microG-<device-name>-recovery.imgorlineage-20.0-20230702-microG-<device-name>-boot.img) and any other images needed or mentioned in the LineageOS installation instructions;- if the
ZIP_UP_IMAGESenvironment variable is settrue, these images will be zipped up into an-images.zipfile e.g.lineage-20.0-20230702-microG-<device-name>-images.zip - else, if the
MAKE_IMG_ZIP_FILEenvironment variable is settruethe images are zipped into a flashable...-img.zipfile (e.g.lineage-20.0-20230702-microG-<device-name>-img.zip) which can be installed usingfastboot flashorfastboot update
- if the
Before you start, make sure you have the latest version of our Docker image:
docker pull lineageos4microg/docker-lineage-cicd
The requirements for building LineageOS for MicroG are roughly the same as for building LineageOS:
-
A relatively recent x86_64 computer:
- Linux, macOS, or Windows - these instructions are only tested using Ubuntu 20.04 LTS, so we recommend going with that.
- A reasonable amount of RAM (16 GB to build up to lineage-17.1, 32 GB or more for lineage-18.1 and up). The less RAM you have, the longer the build will take. Enabling ZRAM can be helpful. If builds fail because of lack of memory, you can sometimes get over the problem by increasing the amount of swap, but this will be at the expense of slower build times.
- A reasonable amount of Storage (~300 GB for lineage-18.1 and up). You might require more free space for enabling ccache, building for multiple devices, or if you choose to mirror the LineageOS sources (see below). Using SSDs results in considerably faster build times than traditional hard drives.
-
A decent internet connection and reliable electricity. :)
-
Some familiarity with basic Android operation and terminology. It may be useful to know some basic command line concepts such as cd, which stands for “change directory”, the concept of directory hierarchies, and that in Linux they are separated by /, etc.
This Docker image contains a great number of settings, to allow you to fully customize your LineageOS build. Here you can find all of them, with the default values between the brackets.
TL;DR - go to the Examples
The two fundamental settings are:
-
BRANCH_NAME (lineage-16.0): LineageOS branch, see the branch list [here][los-branches] (multiple comma-separated branches can be specified) -
DEVICE_LIST: comma-separated list of devices to build
Running a build with only these two set will create a ZIP file almost identical to the LineageOS official builds, just signed with the test keys.
When multiple branches are selected, use DEVICE_LIST_<BRANCH_NAME> to specify
the list of devices for each specific branch (see the examples).
To include microG (or possibly the actual Google Mobile Services) in your build,
LineageOS expects certain Makefiles in vendor/partner_gms and variable
WITH_GMS set to true.
[This][android_vendor_partner_gms] repo contains the common packages included for
official lineageos4microg builds. To include it in your build, create an XML
(the name is irrelevant, as long as it ends with .xml) in the
/home/user/manifests folder with this content:
<?xml version="1.0" encoding="UTF-8"?>
<manifest>
<project path="vendor/partner_gms" name="lineageos4microg/android_vendor_partner_gms" remote="github" revision="master" />
</manifest>If you wish to add other apps to your ROM, you can include a repository with
source code or prebuilt APKs. For prebuilt apks, see the [android_vendor_partner_gms][android_vendor_partner_gms]
repository for examples on how the Android.mk file should look like.
Include the repo with another manifest file like this:
<?xml version="1.0" encoding="UTF-8"?>
<manifest>
<project name="your-github-user/your-repo" path="prebuilts/my-custom-apps" remote="github" revision="master" />
</manifest>And when starting the build, set the CUSTOM_PACKAGES variable to a list of app names
(defined by LOCAL_MODULE in Android.mk) separated by spaces.
For LineageOS versions 18.1, 19.1, 20.0 and 21.0, built-in support for
signature spoofing has been added. This specifically only allows microG to
spoof its signature; no other apps are allowed to do so. If this is fine, the
SIGNATURE_SPOOFING environment variable may be left unset (defaulting to
no).
If not, two custom [signature spoofing patches][signature-spoofing] are provided:
- "Original" [patches][signature-spoofing-patches]
- Restricted patches
With the "original" patch the FAKE_SIGNATURE permission can be granted to any user app: while it may seem handy, this is considered dangerous by a great number of people, as the user could accidentally give this permission to rogue apps.
A more strict option is the restricted patch, where the FAKE_SIGNATURE permission can be obtained only by privileged system apps, embedded in the ROM during the build process.
The custom signature spoofing patch can be optionally included with:
-
SIGNATURE_SPOOFING (no):yesto use the original patch,restrictedfor the restricted one,nofor none of them and to default to built-in signature spoofing.
If in doubt, use restricted: note that packages that requires the
FAKE_SIGNATURE permission must be included in the build as system apps
(e.g. as part of GMS or CUSTOM_PACKAGES)
These patches are currently disabled for LineageOS 21 entirely. If you have an use case which requires the use of custom patches on 21, [please open an issue][issue-tracker].
Some proprietary files are needed to create a LineageOS build, but they're not included in the LineageOS repo for legal reasons. You can obtain these blobs in three ways:
- by [pulling them from a running LineageOS][blobs-pull]
- by [extracting them from a LineageOS ZIP][blobs-extract]
- by downloading them from TheMuppets [GitHub][blobs-themuppets] and [GitLab][blobs-the-muppets] repositories (unofficial)
The third way is the easiest one and is enabled by default; if you're OK with
that just move on, otherwise set INCLUDE_PROPRIETARY (true) to false and
manually provide the blobs (not explained in this guide).
To enable OTA for you builds, you need to run a server that speaks the protocol
understood by the [LineageOS updater app][updater] and provide the URL to this
server as OTA_URL variable for the build.
One implementation is [LineageOTA][lineageota], which is also available as Docker image. Follow these steps to prepare your builds for OTA:
- Run the Docker image
julianxhokaxhiu/lineageota- Port 80 exposed to the internet (might want to add an HTTPS reverse proxy)
- The
/srv/zipsdirectory/volume of the CICD image mounted at/var/www/html/builds/full(can be read-only)
- Set environment variables when building
-
ZIP_SUBDIRtofalse -
OTA_URLto the address of the OTA server, with/apiappended
-
If you don't setup a OTA server you won't be able to update the device from the updater app (but you can still update it manually with the recovery of course).
By default, builds are signed with the Android test keys. If you want to sign your builds with your own keys (highly recommended):
-
SIGN_BUILDS (false): set totrueto sign the builds with the keys contained in/srv/keys; if no keys are present, a new set will be generated
Some of the the steps in the build process (e.g repo sync, mka) can take a long time to complete. When working on a build, it may be desirable to skip some of the steps. The following environment variables (and their default values) control whether or not each step is performed
# variables to control whether or not tasks are implemented
ENV INIT_MIRROR true
ENV SYNC_MIRROR true
ENV RESET_VENDOR_UNDO_PATCHES true
ENV CALL_REPO_INIT true
ENV CALL_REPO_SYNC true
ENV CALL_GIT_LFS_PULL false
ENV APPLY_PATCHES true
ENV PREPARE_BUILD_ENVIRONMENT true
ENV CALL_BREAKFAST true
ENV CALL_MKA true
ENV ZIP_UP_IMAGES false
ENV MAKE_IMG_ZIP_FILE false
To switch an operation, change the default value of the the variable in a -e clause in the docker run command e.g.
-e "CALL_REPO-SYNC=false" \
The ZIP_UP_IMAGES and MAKE_IMG_ZIP_FILE variables control how the .img files created by the buid are handled:
- by default, the
imgfiles are copied - unzipped - to thezipsdirectory - if
ZIP_UP_IMAGESis settrue, the images are zipped and the resulting...images.zipis copied to thezipsdirectory - if
MAKE_IMG_ZIP_FILEis settrue, a flashsable...-img.zipfile is created, which can be installed usingfastboot flashorfastboot update
Other useful settings are:
-
CCACHE_SIZE (50G): change this if you want to give more (or less) space to ccache -
RELEASE_TYPE (UNOFFICIAL): change the release type of your builds -
BUILD_TYPE (userdebug): type of your builds, see Android docs -
BUILD_OVERLAY (false): normally each build is done on the source tree, then the tree is cleaned withmka clean. If you want to be sure that each build is isolated from the others, setBUILD_OVERLAYtotrue(longer build time). Requires--cap-add=SYS_ADMIN. -
LOCAL_MIRROR (false): change this totrueif you want to create a local mirror of the LineageOS source (> 200 GB) -
CRONTAB_TIME (now): instead of building immediately and exit, build at the specified time (uses standard cron format) -
ZIP_SUBDIR (true): Move the resulting zips to $ZIP_DIR/$codename instead of $ZIP_DIR/ -
PARALLEL_JOBS: Limit the number of parallel jobs to run (-jforrepo syncandmka). By default, the build system should match the number of parallel jobs to the number of cpu cores on your machine. Reducing this number can help keeping it responsive for other tasks. -
RETRY_FETCHES: Set the number of retries for the fetch duringrepo sync. By default, this value is unset (defaultrepo syncretry behavior). Positive values greater than 0 are allowed.
The full list of settings, including the less interesting ones not mentioned in this guide, can be found in the [Dockerfile][dockerfile].
You also have to provide Docker some volumes, where it'll store the source, the resulting builds, the cache and so on. The volumes are:
-
/srv/src, for the LineageOS sources -
/srv/zips, for the output builds -
/srv/logs, for the output logs -
/srv/ccache, for the ccache -
/srv/local_manifests, for custom manifests (optional) -
/srv/userscripts, for the user scripts (optional)
When SIGN_BUILDS is true
-
/srv/keys, for the signing keys
When BUILD_OVERLAY is true
-
/srv/tmp, for temporary files
When LOCAL_MIRROR is true:
-
/srv/mirror, for the LineageOS mirror
These examples are very old, and will be updated when time allows - see Issue #729
docker run \
-e "BRANCH_NAME=lineage-18.1" \
-e "DEVICE_LIST=river" \
-v "/home/user/lineage:/srv/src" \
-v "/home/user/zips:/srv/zips" \
-v "/home/user/logs:/srv/logs" \
-v "/home/user/cache:/srv/ccache" \
lineageos4microg/docker-lineage-cicdBuild for bacon (lineage-17.1, officially supported), custom keys, restricted signature spoofing with integrated microG and FDroid
docker run \
-e "BRANCH_NAME=lineage-17.1" \
-e "DEVICE_LIST=bacon" \
-e "SIGN_BUILDS=true" \
-e "SIGNATURE_SPOOFING=restricted" \
-e "WITH_GMS=true" \
-v "/home/user/lineage:/srv/src" \
-v "/home/user/zips:/srv/zips" \
-v "/home/user/logs:/srv/logs" \
-v "/home/user/cache:/srv/ccache" \
-v "/home/user/keys:/srv/keys" \
-v "/home/user/manifests:/srv/local_manifests" \
lineageos4microg/docker-lineage-cicdIf there are already keys in /home/user/keys they will be used, otherwise a
new set will be generated before starting the build (and will be used for every
subsequent build).
The microG and FDroid packages are not present in the LineageOS repositories, and must be provided e.g. through [android_vendor_partner_gms][android_vendor_partner_gms].
Build for four devices on lineage-17.1 and lineage-18.1 (officially supported), custom keys, restricted signature spoofing with integrated microG and FDroid, custom OTA server
docker run \
-e "BRANCH_NAME=lineage-17.1,lineage-18.1" \
-e "DEVICE_LIST_LINEAGE_17_1=bacon,oneplus2" \
-e "DEVICE_LIST_LINEAGE_18_1=river,lake" \
-e "SIGN_BUILDS=true" \
-e "SIGNATURE_SPOOFING=restricted" \
-e "WITH_GMS=true" \
-e "OTA_URL=https://api.myserver.com/" \
-v "/home/user/lineage:/srv/src" \
-v "/home/user/zips:/srv/zips" \
-v "/home/user/logs:/srv/logs" \
-v "/home/user/cache:/srv/ccache" \
-v "/home/user/keys:/srv/keys" \
-v "/home/user/manifests:/srv/local_manifests" \
lineageos4microg/docker-lineage-cicdBuild for a6000 (not officially supported), custom keys, restricted signature spoofing with integrated microG and FDroid
As there is no official support for this device, we first have to include the
sources in the source tree through an XML in the /home/user/manifests folder;
from [this][a6000-xda] thread we get the links of:
- Device tree: https://github.com/dev-harsh1998/android_device_lenovo_a6000
- Common Tree: https://github.com/dev-harsh1998/android_device_lenovo_msm8916-common
- Kernel: https://github.com/dev-harsh1998/kernel_lenovo_msm8916
- Vendor blobs: https://github.com/dev-harsh1998/proprietary-vendor_lenovo
Then, with the help of lineage.dependencies from the
[device tree][a6000-device-tree-deps] and the
[common tree][a6000-common-tree-deps] we create an XML
/home/user/manifests/a6000.xml with this content:
<?xml version="1.0" encoding="UTF-8"?>
<manifest>
<project name="dev-harsh1998/android_device_lenovo_a6000" path="device/lenovo/a6000" remote="github" />
<project name="dev-harsh1998/android_device_lenovo_msm8916-common" path="device/lenovo/msm8916-common" remote="github" />
<project name="dev-harsh1998/kernel_lenovo_msm8916" path="kernel/lenovo/a6000" remote="github" />
<project name="dev-harsh1998/proprietary-vendor_lenovo" path="vendor/lenovo" remote="github" />
<project name="LineageOS/android_device_qcom_common" path="device/qcom/common" remote="github" />
</manifest>We also want to include microG so, like before, create an XML (for
example /home/user/manifests/microg.xml) with this content:
<?xml version="1.0" encoding="UTF-8"?>
<manifest>
<project path="vendor/partner_gms" name="lineageos4microg/android_vendor_partner_gms" remote="github" revision="master" />
</manifest>We also set INCLUDE_PROPRIETARY=false, as the proprietary blobs are already
provided by the repo
https://github.com/dev-harsh1998/prorietary_vendor_lenovo (so we
don't have to include the TheMuppets repo).
Now we can just run the build like it was officially supported:
docker run \
-e "BRANCH_NAME=lineage-15.1" \
-e "DEVICE_LIST=a6000" \
-e "SIGN_BUILDS=true" \
-e "SIGNATURE_SPOOFING=restricted" \
-e "WITH_GMS=true" \
-e "INCLUDE_PROPRIETARY=false" \
-v "/home/user/lineage:/srv/src" \
-v "/home/user/zips:/srv/zips" \
-v "/home/user/logs:/srv/logs" \
-v "/home/user/cache:/srv/ccache" \
-v "/home/user/keys:/srv/keys" \
-v "/home/user/manifests:/srv/local_manifests" \
lineageos4microg/docker-lineage-cicd