Makefile: add docker-tailscale-debug target with persistent debug keystore#781
Merged
Makefile: add docker-tailscale-debug target with persistent debug keystore#781
Conversation
…store The existing docker-run-build target is geared at release builds and requires JKS signing env vars. There was no ergonomic path for the common "iterate on a debug APK inside the build container" workflow. Worse, every docker run produces an APK signed with a fresh ephemeral debug keystore, so `adb install -r` refuses to update a prior install. Add a docker-tailscale-debug target that builds the debug APK inside the container, and bind-mount $(CURDIR)/.android-docker (gitignored) at /root/.android in every docker-* target so the Gradle-generated debug.keystore survives across invocations. Signer stays stable across builds in the same checkout. Note: mount target is /root/.android rather than the Dockerfile's HOME=/build because the JVM's user.home resolves from /etc/passwd (i.e. /root for uid 0), not from the HOME env var. Made while working on #695 Updates #13174 Updates #695 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
force-pushed
the
bradfitz/docker
branch
from
ea3df60 to
465d59b
Compare
barnstar
approved these changes
Apr 20, 2026
Member
barnstar
left a comment
barnstar
left a comment
There was a problem hiding this comment.
Thanks. This tripped me up last week too. I just gave it a BS key and password and it at least builds but this is much nicer.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The existing docker-run-build target is geared at release builds and
requires JKS signing env vars. There was no ergonomic path for the
common "iterate on a debug APK inside the build container" workflow.
Worse, every docker run produces an APK signed with a fresh ephemeral
debug keystore, so
adb install -rrefuses to update a prior install.Add a docker-tailscale-debug target that builds the debug APK inside
the container, and bind-mount $(CURDIR)/.android-docker (gitignored)
at /root/.android in every docker-* target so the Gradle-generated
debug.keystore survives across invocations. Signer stays stable across
builds in the same checkout.
Note: mount target is /root/.android rather than the Dockerfile's
HOME=/build because the JVM's user.home resolves from /etc/passwd
(i.e. /root for uid 0), not from the HOME env var.
Made while working on #695
Updates #13174
Updates #695