Why Podman Instead of Docker?
While Docker is the standard for containerized workflows and has stronger integration with CI/CD platforms (e.g., GitHub Actions, GitLab CI, Jenkins), Podman offers specific advantages for local AOSP builds:
- Rootless by default – safer and easier for individual developers, no daemon or
sudoneeded - Correct file ownership – container-created files retain the correct host user ownership
- Fewer permission issues – avoids volume-mount problems and UID mismatches common in Docker
- Daemonless – containers run as standalone user processes (no
dockerd), easier to debug locally
Podman excels in local developer environments where simplicity, file permission consistency, and isolation matter more than CI platform compatibility. If your focus is on building AOSP efficiently as a developer — Podman is often the better fit.
- Install Podman
sudo apt update
sudo apt install -y podman
- Create a Minimal AOSP Build Container Image
- Create
Dockerfile(e.g. in~/aosp-docker):
FROM ubuntu:24.04
ENV DEBIAN_FRONTEND=noninteractive
ENV LANG=C.UTF-8
RUN apt-get update && apt-get install -y --no-install-recommends \
git-core \
gnupg \
flex \
bison \
build-essential \
zip \
curl \
zlib1g-dev \
libc6-dev-i386 \
x11proto-core-dev \
libx11-dev \
lib32z1-dev \
libgl1-mesa-dev \
libxml2-utils \
xsltproc \
unzip \
fontconfig \
rsync \
openssl \
&& apt-get clean
WORKDIR /workspace
- Build the container image:
cd ~/aosp-docker
podman build -t aosp-builder -f Dockerfile
- Prepare Your AOSP Source (On Host)
Assuming your source is already synced in ~/aosp-src:
cd ~/aosp-src
If not yet synced, fetch Android 15 AOSP (android-15.0.0_r30) with:
repo init -u https://android.googlesource.com/platform/manifest -b android-15.0.0_r30
repo sync -c -j$(nproc)
- Launch the AOSP Build Container
Run Podman from the AOSP source directory:
cd ~/aosp-src
podman run -it --rm -v "$PWD":/workspace aosp-builder bash
This mounts your local AOSP source into /workspace inside the container.
- Build Android 15 AOSP (Inside the Container)
Run the following commands inside the container:
source build/envsetup.sh
lunch aosp_cf_x86_64_phone-trunk_staging-userdebug
m
- Build Completed
You should eventually see output like this:
[100% 200050/200050] touch out/soong/ndk_abi_diff.timestamp
#### build completed successfully (05:55:18 (hh:mm:ss)) ####
- Verifying File Ownership on the Host
After the build completes, return to your host terminal and check the ownership of the out directory (or any build artifacts):
ls -ld out
Example output:
drwxr-xr-x 14 administrator administrator 4096 May 4 14:20 out
This confirms that:
- Files created by the Podman container inside
/workspace/outare correctly owned by your host user (administrator). - You do not need
--userns=keep-id,--userflags, or any permission fixes when using rootless Podman.
This behavior is a key advantage of Podman over Docker for local development environments, where preserving file ownership is critical for working seamlessly with host tools (e.g., editors, Git, rsync, backup systems).
Summary
| Component | Value |
|---|---|
| Host OS | Ubuntu 24.04 |
| AOSP Version | android-15.0.0_r30 |
| Source Directory | ~/aosp-src (host, pre-synced) |
| Container Tool | Podman (rootless, no daemon) |
| Container Image | aosp-builder |
| Build Target | aosp_cf_x86_64_phone-trunk_staging-userdebug |
| Result | Successful build and clean host file ownership |