Android Cuttlefish Container for Local Development

Android Cuttlefish has made a lot of progress since last time I have messed with them (about 5, 6 years ago!) For example, arm64 host is now supported. WebRTC is finally working. However, certain things are still pretty hideous. Docs are scattered around. Info are hard to find. Simply running a CVD instance locally for dev purpose is very troublesome.

So I took some time and cooked a docker container that satisfy my heart. It basically wrap around cvd host tools and create a single CVD instance inside a container. All the plumbing is in place to make it easy and quick to run. I call it cuttlefish-host-container.

Below is a straight copy of the README.md file from the github project page.

cuttlefish-host-container

Docker container that runs Android cuttlefish emulators for x86_64, arm64, riscv64 guests

Background

I simply wanted to run RISC-V AOSP via cuttlefish on my laptop, and the journey wasn’t smooth.

The info is scarce, broken and conflicting
https://github.com/google/android-riscv64
Host machine becomes cluttered by packages, virtual devices and run-time artifacts
The existing container-based solution by Google is overkill and not very user friendly
https://source.android.com/docs/devices/cuttlefish/on-premises

Goal

Simple container that runs one cuttlefish instance on an x86_64 Linux host. It can run the following guests:

x86 guest via crosvm
x86 guest via qemu
arm64 guest via qemu
riscv64 guest via qemu

Usage

Three steps to use the container:

Build the docker image via "docker build ..." (once)
Create or update the cvd instance via "cf-init.sh ..." (infrequently)

populate/update instance with aosp img zip and/or cvd host package

Run the cvd instance via "cf-run.sh" (frequently)

Below is a sample execution sequence:


docker build . -t cf-host

./cf-init.sh -P aosp_cf_x86_64_only_phone-img-14421689.zip -H cvd-host_package.tar.gz

# run with qemu
./cf-run.sh
gvncviewer localhost

# or run with crosvm, much faster
./cf-run.sh -- -e CF_VM_MANAGER=crosvm -e CF_START_WEBRTC=true
firefox https://localhost:8443

You can find the product img zip file and cvd host package at here:

Or build them from your own aosp tree:


source build/envsetup.sh
lunch aosp_cf_x86_64_only_phone-aosp_current-userdebug
m dist
# packages are in $(ANDROID_ROOT)/out/dist/

Additional notes:

run cf-init.sh -h and cf-run.sh -h for more info
create multiple containers/instances by creating multiple directories. Example: mkdir riscv; cd riscv; ../cf-init.sh ...; ../cf-run.sh
- However, only one instance can run at a time due to port conflicts.
ADB & VNC ports are visible to the LAN. You can run on a headless server.

TODO

GPU acceleration does not work yet

December 13, 2025

Nuances about docker.io on Ubuntu 24.04

I just realized today that the default docker.io package from Ubuntu is seriously limited, compared with the one provided by Docker Inc with their docker-ce (community edition).

For example, with the following Dockerfile, the Ubuntu’s version of docker would build all intermediate stages, including test-stage, while with Docker Engine packages from docker-ce the test-stage will be skipped (which is more desirable).

# syntax=docker/dockerfile:1
FROM alpine:latest AS build-stage
RUN echo "Installing build tools..."
RUN mkdir /app
RUN touch /app/artifact.txt

FROM alpine:latest AS test-stage
RUN echo "Running tests..."
# This stage is only run if explicitly targeted

FROM alpine:latest AS production
COPY --from=build-stage /app/artifact.txt /app/artifact.txt
CMD ["cat", "/app/artifact.txt"]

To properly installed the docker.io and its companion packages, just follow this page. The output for running the above Dockerfile will look like below with docker-ce packages.

jsun@dev:~/temp$ docker build . -t mytest
[+] Building 1.5s (11/11) FINISHED                                                                                                                                                                                                             docker:default
 => [internal] load build definition from Dockerfile                                                                                                                                                                                                     0.0s
 => => transferring dockerfile: 419B                                                                                                                                                                                                                     0.0s
 => resolve image config for docker-image://docker.io/docker/dockerfile:1                                                                                                                                                                                0.7s
 => CACHED docker-image://docker.io/docker/dockerfile:1@sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6                                                                                                                          0.0s
 => => resolve docker.io/docker/dockerfile:1@sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6                                                                                                                                     0.0s
 => [internal] load metadata for docker.io/library/alpine:latest                                                                                                                                                                                         0.3s
 => [internal] load .dockerignore                                                                                                                                                                                                                        0.0s
 => => transferring context: 2B                                                                                                                                                                                                                          0.0s
 => [build-stage 1/4] FROM docker.io/library/alpine:latest@sha256:51183f2cfa6320055da30872f211093f9ff1d3cf06f39a0bdb212314c5dc7375                                                                                                                       0.0s
 => => resolve docker.io/library/alpine:latest@sha256:51183f2cfa6320055da30872f211093f9ff1d3cf06f39a0bdb212314c5dc7375                                                                                                                                   0.0s
 => CACHED [build-stage 2/4] RUN echo "Installing build tools..."                                                                                                                                                                                        0.0s
 => CACHED [build-stage 3/4] RUN mkdir /app                                                                                                                                                                                                              0.0s
 => CACHED [build-stage 4/4] RUN touch /app/artifact.txt                                                                                                                                                                                                 0.0s
 => CACHED [production 2/2] COPY --from=build-stage /app/artifact.txt /app/artifact.txt                                                                                                                                                                  0.0s
 => exporting to image                                                                                                                                                                                                                                   0.1s
 => => exporting layers                                                                                                                                                                                                                                  0.0s
 => => exporting manifest sha256:cfce1f88ad86e2d55be2ea639e9ccbee74e6feae06ff46d6a6f6efbe7b4e4f30                                                                                                                                                        0.0s
 => => exporting config sha256:f6db73b62eabd225c8916c02941c7389b510781cba6e8308c80036cde6a9d4f9                                                                                                                                                          0.0s
 => => exporting attestation manifest sha256:1b3ada3c9b1c771e50fbbb44962ee1baaaf659b635a66302d0c25b5fe484c86e                                                                                                                                            0.1s
 => => exporting manifest list sha256:44066fc8f168c1d0508e4ceca10171a3a1623deb7cbc813f97aeec5df4faa3c9                                                                                                                                                   0.0s
 => => naming to docker.io/library/mytest:latest                                                                                                                                                                                                         0.0s
 => => unpacking to docker.io/library/mytest:latest

August 7, 2025August 7, 2025

Geekbench 6 Scores for Intel i9-13900H

The system is Minisforum MS-01 mini PC. I have installed 96GB Crucial DDR5 5600 RAM and Samsung 4TB 990 Pro SSD. OS is Ubuntu 24.04.

I9-13900H has 6 performance cores with up to 5.4GHz freqency and 8 efficient cores with up to 4.1GHz frequency. Additionally the performance cores can be configured in BIOS to enable hyperthreading (SMT), which essentially doubles the CPU core count for P-cores. When SMT is enabled, the total number of CPU cores is 20 from OS perspective.

Ubuntu supports 3 power mode: performance, balanced and power saver.

power mode	performance	balanced	power saver
observed cpu freq.	P-core: 5400MHz E-core: 4100MHz	3800MHz	2500MHz
SMT enabled	single: 2713 multi: 13571	single: 1968 multi: 11484	single: 1147 multi: 3436
SMT disabled	single: 2657 multi: 13393	single: 1970 multi: 10647	single: 1141 multi: 3131

A few observations:

SMT does not change single core performance (expected) and add a little (2%-10%) to multi-core performance.
Multi-processor scaling is not very efficient, because multi-core score is usually about 3x-5x of single core score, while there are 6 performance core and 8 efficient cores in the system.
Ubuntu achieve various power modes by capping maximum CPU frequencies.

February 5, 2025

Install GCC-14 on ARM64 Debian 11 Bullseye

I need to install the latest gcc on an old ARM64 board, which runs Debian 11 Bullseye. Straightforward of running “sudo apt install g++-14” won’t find the package. And Internet search does not lead to a simple answer either. There deserves a post.

sudo update-alternatives --remove-all gcc 
sudo update-alternatives --remove-all g++
sudo update-alternatives --remove-all cpp

sudo add-apt-repository "deb http://deb.debian.org/debian sid main"
sudo apt update
sudo apt install g++-14

vers=14; sudo update-alternatives  \
    --install /usr/bin/gcc gcc /usr/bin/gcc-"${vers}" "${vers}"0  \
    --slave /usr/bin/aarch64-linux-gnu-gcc aarch64-linux-gnu-gcc /usr/bin/aarch64-linux-gnu-gcc-"${vers}"  \
    --slave /usr/bin/g++ g++ /usr/bin/g++-"${vers}"  \
    --slave /usr/bin/aarch64-linux-gnu-g++ aarch64-linux-gnu-g++ /usr/bin/aarch64-linux-gnu-g++-"${vers}"  \
    --slave /usr/bin/cpp cpp /usr/bin/cpp-"${vers}"  \
    --slave /usr/bin/aarch64-linux-gnu-cpp aarch64-linux-gnu-cpp /usr/bin/aarch64-linux-gnu-cpp-"${vers}"  \
    --slave /usr/bin/gcc-ar gcc-ar /usr/bin/gcc-ar-"${vers}"  \
    --slave /usr/bin/aarch64-linux-gnu-gcc-ar aarch64-linux-gnu-gcc-ar /usr/bin/aarch64-linux-gnu-gcc-ar-"${vers}"  \
    --slave /usr/bin/gcc-nm gcc-nm /usr/bin/gcc-nm-"${vers}"  \
    --slave /usr/bin/aarch64-linux-gnu-gcc-nm aarch64-linux-gnu-gcc-nm /usr/bin/aarch64-linux-gnu-gcc-nm-"${vers}"  \
    --slave /usr/bin/gcc-ranlib gcc-ranlib /usr/bin/gcc-ranlib-"${vers}"  \
    --slave /usr/bin/aarch64-linux-gnu-gcc-ranlib aarch64-linux-gnu-gcc-ranlib /usr/bin/aarch64-linux-gnu-gcc-ranlib-"${vers}"  \
    --slave /usr/bin/gcov gcov /usr/bin/gcov-"${vers}"  \
    --slave /usr/bin/aarch64-linux-gnu-gcov aarch64-linux-gnu-gcov /usr/bin/aarch64-linux-gnu-gcov-"${vers}"  \
    --slave /usr/bin/gcov-dump gcov-dump /usr/bin/gcov-dump-"${vers}"  \
    --slave /usr/bin/aarch64-linux-gnu-gcov-dump aarch64-linux-gnu-gcov-dump /usr/bin/aarch64-linux-gnu-gcov-dump-"${vers}"  \
    --slave /usr/bin/gcov-tool gcov-tool /usr/bin/gcov-tool-"${vers}"  \
    --slave /usr/bin/aarch64-linux-gnu-gcov-tool aarch64-linux-gnu-gcov-tool /usr/bin/aarch64-linux-gnu-gcov-tool-"${vers}"  \
    --slave /usr/bin/lto-dump lto-dump /usr/bin/lto-dump-"${vers}"  \
    --slave /usr/bin/aarch64-linux-gnu-lto-dump aarch64-linux-gnu-lto-dump /usr/bin/aarch64-linux-gnu-lto-dump-"${vers}"

August 1, 2024

Build leveldb v1.22 for latest Alpine Linux (3.20)

Alpine Linux is a popular choice for building docker. Since v3.17, leveldb version is bumped from v1.22 to v1.23, where the new version disabled rtti, which caused many packages to break, including popular python module, plyvel. I encountered this problem when building electrumX docker image. Googling around I realize this is a popular problem and there are no easy and obvious solutions.

I decided to simply build apk files for leveldb v1.22 against the latest alpine linux, which is 3.20 today.

Steps:

Mostly follow an excellent tutorial at fudex.org on setting up the docker build environment.
Check out aports at alpine version v3.16, (host) git clone –depth=1 https://gitlab.alpinelinux.org/alpine/aports -b 3.16-stable aports-3.16
Copy over leveldb APKBUILD file over to the latest 3.20 aports, (host) cp -a aports-3.16/main/leveldb aports/main/
go back to alpine-dev container and build the package files
1. (alpine-dev) cd ~/aports/main/leveldb
2. (alpine-dev) abuild -r

The file APK files are located under ~/packages/main/x86_64. For convenience, I have include those two files below. Of course, you should strip the “.bin” suffix before using them. I had to add the suffix to work around wordpress restrictions. Please refer to this docker file to see how these files are used in a real case.

leveldb-1.22-r2.apk_Download

leveldb-dev-1.22-r2.apk_Download

June 6, 2024June 6, 2024

Migrate/Re-use UmbrelOS SSD from Raspberry Pi to X86

I was running UmbrelOS on Raspberry Pi, with an external 2TB SSD disk. The machine is obviously under powered and started to show weakness. So I decided to migrate to a Lenovo mini-PC, M710q.

I need to re-use the same the SSD disk because M710q doesn’t have enough storage by itself (500GB). Ideally I can keep all the blockchain data and setup, so that I don’t have re-sync everything and re-setup everything.

While this may sound like a common question, I did not find many answers on the internet. The closest one is this one. However, UmbrelOS is currently at v1.x. A lot of don’t apply anymore.

Below is how I did it.

Prepare SSD disk
- Upgrade Raspberry Pi to the latest UmbrelOS v1.1.
- Shut it down via Umbrel Settings and unplug SSD disk.
Prepare PC
- follow the instruction to install UmbrelOS on PC
- Don’t install any apps
Migrate SSD disk over
- Plug SSD disk into PC. Permanently mount it at /mnt/umbrel-ssd
  - /etc/fstab: UUID=e9ae3217-6a06-4721-b725-78e6524b4272 /mnt/umbrel-ssd ext4 defaults 0 0
- sudo systemctl stop umbrel
- cd /home/umbrel; mv umbrel umbrel.bak; ln -s /mnt/umbrel-ssd/umbrel umbrel
- sudo systemctl start umbrel

It will take a long to re-start umbrel since it will fetch various containers etc. But it will use the same blockchain and other app-specific settings you had before on SSD disk. After a couple of coffee time, you will be all set!

April 22, 2024April 22, 2024

How I Rooted OnePlus 12 with Magisk

There are many conflicting sources on the Internet. Specifically I tried this one and did not work. Below is a short recap what has worked for me.

Short Recap

Follow Magisk official installation guide
- OnePlus 12 has ramdisk and uses init_boot.img
- get oneplus 12 image zip file from this site
- use payload dumper to extract init_boot.img from here
- patch init_boot.img and flash the patched version according to the guide
By now, Magisk should be installed and you should have root access
Install Magisk Module Manager to install modules
- for unknown reasons, I could install modules with Magisk app itself, nor through the manual method
(Bonus) I like to create your own Magisk module. I used the template
- Specifically if you like to modify a file under /system_ext, please use the path /system/system_ext.
- For example, if you like to add a file /system_ext/foo, use /system/system_ext/foo instead.

That is it!

December 14, 2023January 21, 2024

Protected: Strategy to Bypass GFW

December 14, 2023

Setup NaiveProxy Server

NaiveProxy is an unique tool that can potentially escape the most strict censorship firewall. I thought I would give it a try.

Setup the server

This is actually the simple part.

Follows this page to create a Caddyfile (See “Server setup”)
Go to this page to download the binaries you need
Follows this page to set up a systemctl service.

Set up client on Ubuntu

Client side is a little bit tricky and cumbersome to use.

Go to this download page to download the right naive client
- For x64 based PC, it should be something like naiveproxy-v120.0.6099.43-1-linux-x64.tar.xz
- Extract “naive” binary
Follow the readme page and create config.json file in the same directory
Open Ubuntu Settings/Network/Network Proxy
Choose “Manual”, and fill in “127.0.0.1:1080” for “Socks Host”, while leaving others empty (IMPORTANT!) See picture below.
After that, download and start to use “start-naive” and “stop-naive” scripts to switch between using and not using proxy.
- Note only browsers work with this scheme
- And it seems only Chrome is working while Firefox is not working (bug?)

December 14, 2023February 6, 2025

Setup TailScale VPN Server on Synology RT6600ax/RT2600AC Router

[Updated on 2/2, 2025, after setting TailScale on RT2600AC and seeing this post]

TailScale is great VPN. It is even greater if it runs all the time on a router! Currently it is available as 3rd party package for Synology NAS (X64-based) machines, but not for Routers (usually ARM64-based). *sigh* This blog talks about a way to set it up.

Grab the binaries

Go to the TailScale web page for synology prebuit packages
Find the one for DSM7 and for ARMv8 (arm64)
- Today this package is tailscale-armv8-1.56.0-7000056000-dsm7.spk, ARMv8 (arm64)
- Note for RT2600AC we need to choose the armv7 version (32bit arm)
Untar or unzip the package a couple of times and extract two binary files, tailscale and tailscaled. See pictures below.

Copy (scp) over these two files to Synology router, say under your home directory’s subdirectory, “tailscale”.

Testing

Download the script below that starts/stops the tailscale daemon
- This script is derived from TailScale’s original script and is adapted to SRM environment
- MODIFY SCRIPT with your own path for PKGVAR variable
Now type “./start-stop-status start” and “./start-stop-status status”
For the first time running, type “./tailscale --socket tailscaled.sock up --advertise-exit-node --advertise-routes 172.30.1.0/24″ and perform web-based login/setup, which will
- connect to your tailscale account and join your VPN network;
- advertise itself as exit node (router to internet) (if needed);
- route traffic to nodes on its own subet.
- Refer to my previous post.

start-stop-status Download

Start up TailScale automatically

This only works on RT2600AC!!

Create /etc/rc.local

#!/bin/sh

/var/services/home/jsun/tailscale/start-stop-status start

Following method should work on RT6600AX, but it does’nt. Please help!!

Copy the start-stop-status script to /usr/local/etc/rc.d/ directory

sudo cp start-stop-status /usr/local/etc/rc.d/tailscale