Send in your ideas. Deadline June 1, 2024
Theme fund: NGI0 PET
Start: 2020-10
End: 2022-10


Reproducible Builds of Android with NIX

Robotnix enables a user to easily build Android (AOSP) images using the Nix package manager. AOSP projects often contain long and complicated build instructions requiring a variety of tools for fetching source code and executing the build. This applies not only to Android itself, but also to projects which are to be included in the Android build, such as the Linux kernel, Chromium webview, and others. Robotnix orchestrates the diverse build tools across these multiple projects using Nix, inheriting its reliability and reproducibility benefits, and consequently making the build and signing process very simple for an end-user.

Why does this actually matter to end users?

Consumers that go shopping for a new cell phone or tablet these days, at the surface have quite a choice. But the choice is far more limited when it comes to the software that runs on those phones. Pretty much every phone manufacturer (with one notable exception brand of luxury phones) puts Google's Android on it, and while nominally the source code of Android is published under an open source license - in practical terms vendors are very much restricted by contracts with Google and the soft lock-in of the app ecosystem that seeks compatibility with Google's version only to make any significant changes.

The open source community is not tied to the same rules as phone vendors. They have not signed any contracts, and can just pursue what they feel is right - and what users need. As a result a number of 'Altdroids' exist, such as Lineage, Replicant, CalyxOS and CopperheadOS. These are paving the way for more consumer choice, more privacy, more control and configurability and more innovation - with the user's best interest at heart. To set up the infrastructure to build such operating systems is far from trivial though, and requires a variety of tools for fetching source code and executing builds.

This is significant barrier to entry and an inefficient use of the time of the contributors to these alternative platforms. If we raise the bar from a security point of view, we also want to do more than just build the software. We want to be fully transparent about each adjustment we make, and make it so that we can reuse the work by others - and have others easily reuse our work too. And we want 'reproducible' builds - so that we can verify by building the software independently on different systems that the software we run is actually the software we intended to build. Not many people are aware that build infrastructure from major actors is often heavily attacked by both state actors and criminals, because it is a relatively cheap way to compromise and get access to many end user devices.

This is where Robotnix fits in: it makes it easier for the community to automatically build reliable and reproducible Android and Altdroids. Every package can be followed from the source code, and every patch is visible and reusable. Robotnix is built on the declarative Nix package manager, a powerful tool that can create reliable and reproducible software regardless of the system you are using. Its unique capabilities will make the whole build process much easier and transparent, where instead of switching between a bunch of tools and tricks, you only add a few lines of text to indicate your tweaks. The rest happens automatically: Nix takes your instructions and builds precisely what you want. And if all is well, bit by bit identical, every time over and over.

The operating system is of critical importance, as it forms the basis of everything running on top. The benefits from Robotnix however stretch beyond the operating systems it can build. There are orders of magnitude more people working on apps that run on top of the operating system layer, and these can also use Robotnix - once the OS is there, with the same convenience and assurances it can build any apps that one needs to have built along. Robotnix therefore also fits into a so called continuous integration pipeline, something that makes sure that new features do not break older parts of applications. With the same convenience, developers can support different versions of the OS and different version of their application to support older versions of Android or their app too. So people with an older phone model will benefit from longer and better support too, thanks to Robotnix.

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.