RattlesnakeOS is privacy focused Android OS based on AOSP for Google Pixel phones. It is my migration strategy away from CopperheadOS which is no longer maintained. RattlesnakeOS is stock AOSP with a few additional features: verified boot with your own keys, OTA updates, latest Chromium (webview + browser) with optional patches from Bromite for ad blocking and enhanced privacy, F-Droid (with privileged extension), and no Google apps.
Rather than providing random binaries of RattlesnakeOS to install on your phone, I've gone the route of creating a cross platform tool, rattlesnakeos-stack
, that provisions all of the AWS infrastructure needed to automatically build your own RattlesnakeOS on a regular basis, with your own signing keys, and your own OTA updates. It uses AWS Lambda to provision EC2 Spot Instances that build RattlesnakeOS and upload build artifacts to S3. Resulting OS builds are configured to receive over the air updates from this environment.
- Support for Google Pixel, Pixel XL, Pixel 2, Pixel 2 XL
- Updates and monthly security fixes delivered through OTA updates - no need to manually flash your device
- Maintain verified boot with a locked bootloader just like official Android but with your own personal signing keys
- Latest Chromium browser and webview with optional patches from Bromite for ad blocking and enhanced privacy
- Latest F-Droid client and privileged extension
- No Google apps pre-installed
- Full end to end setup of build environment for RattlesnakeOS in AWS
- Costs a few dollars a month to run (see FAQ for additional cost breakdown)
- An AWS account - you can create an AWS account if you don't have one.
- If this is a new AWS account, make sure you launch at least once paid instance before running through these steps. To do this you can navigate to the EC2 console, click
Launch instance
, select any OS, pick ac4.4xlarge
, and clickReview and launch
. After it launches you can terminate the instance through the console.
- If this is a new AWS account, make sure you launch at least once paid instance before running through these steps. To do this you can navigate to the EC2 console, click
- You'll need AWS credentials with
AdministratorAccess
access. If you're not sure how to do that, you can follow this step by step guide. - Install the AWS CLI for your platform and configure it to use these credentials by default.
- Setup an SSH keypair in the EC2 console and download the key. You'll use this keypair name when deploying your stack and you'll use this key if you want to SSH into the launched EC2 spot instances.
The easiest way is to download a pre-built binary from the Github Releases page. The other option is to compile from source (see Build from Source
section).
The rattlesnakeos-stack
tool will handle deploying all the required AWS infrastructure needed to run ongoing builds of RattlesnakeOS. After initial deployment, your first build will automatically start; by default it is configured to build on a weekly basis after this (see the FAQ for details on how to modify build schedule). When deploying your stack with rattlesnakeos-stack
:
- Pick a unique name to replace
rattlesnakeos-<yourstackname>
in the commands below. Note: this name has to be unique or it will fail to provision. - Provide the SSH keypair name that you created in the prerequisite steps to replace
<yourkeyname>
in commands below.
Deploy stack with default options for your specific device
# Pixel XL (marlin)
./rattlesnakeos-stack --region us-west-2 --name rattlesnakeos-<yourstackname> --device marlin --ssh-key <yourkeyname>
# Pixel (sailfish)
./rattlesnakeos-stack --region us-west-2 --name rattlesnakeos-<yourstackname> --device sailfish --ssh-key <yourkeyname>
# Pixel 2 XL (taimen)
./rattlesnakeos-stack --region us-west-2 --name rattlesnakeos-<yourstackname> --device taimen --ssh-key <yourkeyname>
# Pixel 2 (walleye)
./rattlesnakeos-stack --region us-west-2 --name rattlesnakeos-<yourstackname> --device walleye --ssh-key <yourkeyname>
To see full list of options you can pass rattlensakeos-stack you can use the help flag (-h)
...
Flags:
--ami string ami id to use for build environment. this is optional as correct ubuntu ami for region will be chosen by default.
-d, --device string device you want to build for: 'marlin' (Pixel XL), 'sailfish' (Pixel), 'taimen' (Pixel 2 XL), 'walleye' (Pixel 2)
--force build even if there are no changes in available version of AOSP, Chromium, or F-Droid.
-h, --help help for rattlesnakeos-stack
-n, --name string name for stack. note: this must be a valid/unique S3 bucket name.
--patch-chromium apply Bromite patches to Chromium
--prevent-shutdown for debugging purposes only - will prevent ec2 instance from shutting down after build.
-r, --region string aws region for deployment (e.g. us-west-2)
--remove cleanup/destroy all deployed aws resources.
--schedule string cron expression that defines when to kick off builds. note: if you give invalid expression it will fail to deploy stack. see: https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html#CronExpressions (default "rate(7 days)")
--spot-price string max ec2 spot instance bid. if this value is too low, you may not obtain an instance or it may terminate during a build. (default "1.00")
--ssh-key string aws ssh key to add to ec2 spot instances. this is optional but is useful for debugging build issues on the instance.
--version version for rattlesnakeos-stack
If you decide this isn't for you and you want to remove all the provisioned AWS resources, there's a command for that. Note: if you've already done a build, you'll need to manually remove all of the files from S3 buckets before running this cleanup command.
./rattlesnakeos-stack --remove --region us-west-2 --name rattlesnakeos-<yourstackname> --ssh-key <yourkeyname>
- Setup email notifications for builds:
- Go to the AWS SNS console
- Click on the topic named
rattlesnakeos-<yourstackname>
- Click on
Create subscription
button - In
Create subscription
dialog, inProtocol
dropdown selectEmail
- For
Endpoint
, enter your email address - Click
Create subscription
button - You should get an email link that you need to click in order to subscribe to messages in this topic
- After initial setup with
rattlesnakeos-stack
tool, a build should have automatically kicked off. You can check this by going to the EC2 console and verifying there is an EC2 instance running. If a build hasn't kicked off, check out the FAQ for how to manually start a build. - The initial build will likely take 5+ hours to complete. Looking at the EC2 instance metrics like CPU, etc is NOT a good way to determine if the build is progressing. If you want to see live build progress, go to FAQ section
How can I connect to the EC2 instance and see the build status?
. - After the build finishes, a factory image should be uploaded to the S3 bucket that you can download:
- Go to the S3 console
- Click on
rattlesnakeos-<yourstackname>-release
bucket. - From this bucket, download the file
<device>-factory-latest.tar.xz
- Use this factory image and follow the instructions on flashing your device carefully.
- You followed the instructions until the end and you re-locked your bootloader and disabled OEM unlocking after flashing right? If not, go do that!
- After successfully flashing your device, you will now be running RattlesnakeOS and all future updates will happen through the built in OTA updater.
- Just download the new version of rattlesnakeos-stack and run the same command used previously (e.g.
rattlesnakeos-stack --region us-west-2 --name rattlesnakeos-<yourstackname> --device marlin
) to apply the updates
- Should I use rattlesnakeos-stack? Use at your own risk.
- How much does this cost? The costs are going to be variable by AWS region and by day and time you are running your builds as spot instances have a variable price depending on market demand. Below is an example scenario that should give you a rough estimate of costs:
- The majority of the cost will come from builds on EC2. It currently launches spot instances of type c4.4xlarge which average maybe $.30 an hour in us-west-2 (will vary by region) but can get up over $1 an hour depending on the day and time. The
rattlesnakeos-stack
tool allows you define a maximum bid price (--spot-price
) you are willing to pay and if market price exceeds that then your instance will be terminated. Builds can take anywhere from 2-6 hours depending on if Chromium needs to be built. So let's say you're doing a weekly build at $0.50 an hour and it is taking on average 4 hours - you'd pay ~$8 in EC2 costs per month. You could reduce this to a monthly build (see section how to change build frequency) and then you'd be looking at ~$2 in EC2 costs per month. - The other very minimal cost would be S3. Storage costs are almost non existent as a stack will only store about 3GB worth of files (factory image, ota file, target file) and at $0.023 per GB you're looking at $0.07 per month in S3 storage costs. The other S3 cost would be for data transfer out for OTA updates - let's say you are just downloading an update per week (~500MB file) at $0.09 per GB you're looking at $0.20 per month in S3 network costs.
- The majority of the cost will come from builds on EC2. It currently launches spot instances of type c4.4xlarge which average maybe $.30 an hour in us-west-2 (will vary by region) but can get up over $1 an hour depending on the day and time. The
- How do I change build frequency? The current default is to do builds on a weekly basis. With
rattlesnakeos-stack
tool there is an option to specify how frequently builds are kicked off with option--schedule
. For example you could set--schedule "rate(30 days)"
to only build every 30 days. Also note, the default behavior is to only run a build if there have been version updates in AOSP build, Chromium version, or F-Droid versions. - How do I manually start a build?
- Go to the AWS Lambda console
- Click on the function named 'rattlesnakeos-<yourstackname>-build'
- Click on the 'Test' button
- In 'Configure test event dialog', set event name to 'rattlesnakeos', keep the defaults, and click 'Create' button.
- Click the 'Test' button again to kick off the build
- Where do I find logs for a build? On build failure/success, the instance should terminate and upload its logs to S3 bucket called
<stackname>-logs
and it's in a file called<device>/<timestamp>
. - How can I connect to the EC2 instance and see the build status? There are a few steps required to be able to do this:
- In the default security group, you'll need to open up SSH access.
- You should be able to SSH into the instance (can get IP address from EC2 console):
ssh -i yourkeypairname.pem ubuntu@yourinstancepublicip
- Tail the logfile to view progress
tail -f /var/log/cloud-init-output.log
- How can I prevent the EC2 instance from immediately terminating on error so I can debug? There is a flag you can pass
rattlesnakeos-stack
called--prevent-shutdown
. Note that this will keep the instance online for 12 hours or until you manually terminate it. - Why did my EC2 instance randomly terminate? If there wasn't an error notification, this is likely because the Spot Instance bid was not high enough at this specific time. You can see historical spot instance pricing in the EC2 console. Click
Pricing History
, select c4.4xlarge forInstance Type
and pick a date range. If you want to avoid having your instance terminated, you can pass an additional flag torattlesnakeos-stack
with a higher than default bid:--spot-price 1.50
- How do OTA updates work? If you go to
Settings->System update settings
you'll see the updater app settings. The updater app will check S3 to see if there are updates and if it finds one will download and apply it your device. There is no progress indicator unfortunately - you'll just got a notification when it's done and it will ask you to reboot. If you want to force a check for OTA updates, you can toggle theRequire battery above warning level
setting and it will check for a new build in your S3 bucket. - What network carriers are supported? I only have access to a single device and carrier to test this on, so I can't make any promises about it working with your specific carrier. Confirmed working: T-Mobile, Rogers. Likely not to work: Sprint (has requirements about specific carrier app being on phone to work), Project Fi.
- Huimin Zhang - he is the original author of the underlying build script that was written for CopperheadOS.
- Terraform
- To compile from source you'll need to install Go (https://golang.org/) for your platform
go get github.com/dan-v/rattlesnakeos-stack
cd $GOPATH/src/github.com/dan-v/rattlesnakeos-stack/
make tools
make
- Restrict created IAM roles to minimum required privileges (currently all admin)