I've only built and ran their emulator. But, The first build will take a lot of time but subsequent builds are fast.

Keep in mind Google is not releasing source code regularly like they used to. And GrapheneOS has a OEM partner from them they get latest source code but not allowed to release for some time so build will not have latest updates

Building an Android ROM is decently resource-intensive. Back when DivestOS was first discontinued, I wanted to see if there was anything I could do about rolling my own updates for my device. Decided against it once I saw how much RAM (or tradeoff being time) it would need.

Also I'm lazy and I'd probably miss security updates if I had to go through the build process as frequently as GrapheneOS updates.

I haven't but I did built relatively large projects before (e.g. browsers) and basically it depends mostly on 2 things :

• are you in rush? If not just let it run over night, if you are then delegate it (if you can afford it and matches your threat model) to a cloud provider (rent a couple of instances for however long you need, that's where the hourly pricing matters)
• is the build system properly setup for reproducibility, e.g runs in a single container on AMD64? if so just start it and move on, otherwise be prepared for an indefinite amount of tinkering

I think it's interesting to do but honestly as someone else mentioned, builds are signed. In fact at the end of grapheneos.org/install/web#ver… you get the verified boot hash. The goal is precisely to check that you actually get what you are supposed to have running. Basically the big picture of reproducible builds is that you do NOT have to do it and can STILL verify that you have exactly, up to a single bit, what should have.

GrapheneOS web installer

Web-based installer for GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.

^GrapheneOS