build: Minimize sysroot creator script

2026-05-28 18:06:32 +03:00 · 2025-06-25 19:39:49 +08:00
parent f4d5932383
commit 7036640cd5
3 changed files with 39 additions and 95 deletions
--- a/src/build/linux/sysroot_scripts/generate_keyring.sh
+++ b/src/build/linux/sysroot_scripts/generate_keyring.sh
@@ -9,8 +9,18 @@ set -o errexit
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

 KEYS=(
+    # Debian Ports Archive Automatic Signing Key (2023)
+    "B523E5F3FC4E5F2C"
+    # Debian Ports Archive Automatic Signing Key (2024)
+    "8D69674688B6CB36"
+    # Debian Ports Archive Automatic Signing Key (2025)
+    "3AF65F93D6FBC5B9"
+    # Debian Ports Archive Automatic Signing Key (2021)
+    "5A88D659DCB811BB"
    # Debian Archive Automatic Signing Key (12/bookworm)
-    "6ED0E7B82643E131"
+    "B7C5D7D6350947F8"
+    # Debian Security Archive Automatic Signing Key (12/bookworm)
+    "254CF3B5AEC0A8F0"
    # Debian Stable Release Key (12/bookworm)
    "F8D2585B8783D481"
    # Debian Archive Automatic Signing Key (11/bullseye)
--- a/src/build/linux/sysroot_scripts/reversion_glibc.py
+++ b/src/build/linux/sysroot_scripts/reversion_glibc.py
@@ -13,18 +13,15 @@ import subprocess
 MAX_ALLOWED_GLIBC_VERSION = [2, 26]
 MAX_ALLOWED_GLIBC_VERSION_ARCH = {
    "riscv64": [2, 33],
+    "loong64": [2, 99],
 }

-VERSION_PATTERN = re.compile("GLIBC_([0-9\.]+)")
+VERSION_PATTERN = re.compile(r"GLIBC_([0-9\.]+)")
 SECTION_PATTERN = re.compile(r"^ *\[ *[0-9]+\] +(\S+) +\S+ + ([0-9a-f]+) .*$")

 # Some otherwise disallowed symbols are referenced in the linux-chromeos build.
 # To continue supporting it, allow these symbols to remain enabled.
 SYMBOL_ALLOWLIST = {
-    "fts64_close",
-    "fts64_open",
-    "fts64_read",
-    "memfd_create",
 }


@@ -43,7 +40,7 @@ def reversion_glibc(bin_file: str, arch: str) -> None:
    stdout = subprocess.check_output(
        ["readelf", "--dyn-syms", "--wide", bin_file])
    for line in stdout.decode("utf-8").split("\n"):
-        cols = re.split("\s+", line)
+        cols = re.split(r"\s+", line)
        # Remove localentry and next element which appears only in ppc64le
        # readelf output. Keeping them causes incorrect symbol parsing
        # leading to improper GLIBC version restrictions.
--- a/src/build/linux/sysroot_scripts/sysroot_creator.py
+++ b/src/build/linux/sysroot_scripts/sysroot_creator.py
@@ -30,11 +30,13 @@ RELEASES = {
    "mips64el": "bullseye",
    "ppc64el": "bullseye",
    "riscv64": "trixie",
+    "loong64": "sid",
 }

 GCC_VERSIONS = {
    "bullseye": 10,
    "trixie": 12,
+    "sid": 13,
 }


@@ -54,10 +56,6 @@ ARCHIVE_TIMESTAMP = "20250129T203412Z"

 ARCHIVE_URL = f"https://snapshot.debian.org/archive/debian/{ARCHIVE_TIMESTAMP}/"
 APT_SOURCES_LIST = [
-    # Debian 12 (Bookworm) is needed for GTK4.  It should be kept before
-    # bullseye so that bullseye takes precedence.
-    ("bookworm", ["main"]),
-    ("bookworm-updates", ["main"]),
    # This mimics a sources.list from bullseye.
    ("bullseye", ["main", "contrib", "non-free"]),
    ("bullseye-updates", ["main", "contrib", "non-free"]),
@@ -73,6 +71,7 @@ APT_SOURCES_LISTS = {
    "mips64el": APT_SOURCES_LIST,
    "ppc64el": APT_SOURCES_LIST,
    "riscv64": APT_SOURCES_LIST_RISCV,
+    "loong64": [("sid", ["main"])],
 }

 TRIPLES = {
@@ -84,6 +83,7 @@ TRIPLES = {
    "mips64el": "mips64el-linux-gnuabi64",
    "ppc64el": "powerpc64le-linux-gnu",
    "riscv64": "riscv64-linux-gnu",
+    "loong64": "loongarch64-linux-gnu",
 }

 LIB_DIRS = {
@@ -107,68 +107,7 @@ RELEASE_FILE_GPG = "Release.gpg"

 # List of development packages. Dependencies are automatically included.
 DEBIAN_PACKAGES = [
-    "libasound2-dev",
-    "libavformat-dev",
-    "libbluetooth-dev",
    "libc6-dev",
-    "libcap-dev",
-    "libcolord-dev",
-    "libcups2-dev",
-    "libcupsimage2-dev",
-    "libcurl4-gnutls-dev",
-    "libdbusmenu-glib-dev",
-    "libdeflate-dev",
-    "libelf-dev",
-    "libflac-dev",
-    "libgbm-dev",
-    "libgcrypt20-dev",
-    "libgnutls28-dev",
-    "libgtk-3-dev",
-    "libgtk-4-dev",
-    "libinput-dev",
-    "libjbig-dev",
-    "libjpeg-dev",
-    "libjsoncpp-dev",
-    "libkrb5-dev",
-    "liblcms2-dev",
-    "liblzma-dev",
-    "libminizip-dev",
-    "libmtdev-dev",
-    "libncurses-dev",
-    "libnss3-dev",
-    "libopus-dev",
-    "libpam0g-dev",
-    "libpci-dev",
-    "libpipewire-0.3-dev",
-    "libpulse-dev",
-    "libre2-dev",
-    "libsnappy-dev",
-    "libspeechd-dev",
-    "libssl-dev",
-    "libsystemd-dev",
-    "libtiff-dev",
-    "libutempter-dev",
-    "libva-dev",
-    "libvpx-dev",
-    "libwayland-egl-backend-dev",
-    "libwebp-dev",
-    "libx11-xcb-dev",
-    "libxcb-dri2-0-dev",
-    "libxcb-dri3-dev",
-    "libxcb-glx0-dev",
-    "libxcb-image0-dev",
-    "libxcb-present-dev",
-    "libxcb-render-util0-dev",
-    "libxcb-util-dev",
-    "libxshmfence-dev",
-    "libxslt1-dev",
-    "libxss-dev",
-    "libxt-dev",
-    "libxxf86vm-dev",
-    "mesa-common-dev",
-    "qt6-base-dev",
-    "qtbase5-dev",
-    "valgrind-if-available",
 ]


@@ -319,11 +258,13 @@ def generate_package_list_dist_repo(arch: str, dist: str, repo_name: str,
    download_or_copy_non_unique_filename(package_list_arch, package_list)
    verify_package_listing(package_file_arch, package_list, dist, build_dir)

+    # `not line.endswith(":")` is added here to handle the case of
+    # "X-Cargo-Built-Using:\n rust-adler (= 1.0.2-2), ..."
    with lzma.open(package_list, "rt") as src:
        return [
            dict(
                line.split(": ", 1) for line in package_meta.splitlines()
-                if not line.startswith(" "))
+                if not line.startswith(" ") and not line.endswith(":"))
            for package_meta in src.read().split("\n\n") if package_meta
        ]

@@ -399,13 +340,6 @@ def hacks_and_patches(install_root: str, script_dir: str, arch: str) -> None:
    if os.path.exists(qtchooser_conf):
        os.remove(qtchooser_conf)

-    # libxcomposite1 is missing a symbols file.
-    atomic_copyfile(
-        os.path.join(script_dir, "libxcomposite1-symbols"),
-        os.path.join(install_root, "debian", "libxcomposite1", "DEBIAN",
-                     "symbols"),
-    )
-
    # __GLIBC_MINOR__ is used as a feature test macro. Replace it with the
    # earliest supported version of glibc (2.26).
    features_h = os.path.join(install_root, "usr", "include", "features.h")
@@ -489,22 +423,18 @@ def hacks_and_patches(install_root: str, script_dir: str, arch: str) -> None:
            shutil.move(os.path.join(triple_pkgconfig_dir, file),
                        pkgconfig_dir)

+    if not os.path.exists(os.path.join(install_root, "lib")):
+        os.symlink(os.path.join("usr", "lib"), os.path.join(install_root, "lib"))
+
+    if (os.path.exists(os.path.join(install_root, "usr", "lib64")) and
+        not os.path.exists(os.path.join(install_root, "lib64"))):
+        os.symlink(os.path.join("usr", "lib64"), os.path.join(install_root, "lib64"))
+
    # Avoid requiring unsupported glibc versions.
    for lib in ["libc.so.6", "libm.so.6", "libcrypt.so.1"]:
        lib_path = os.path.join(install_root, "lib", TRIPLES[arch], lib)
        reversion_glibc.reversion_glibc(lib_path, arch)

-    # GTK4 is provided by bookworm (12), but pango is provided by bullseye
-    # (11).  Fix the GTK4 pkgconfig file to relax the pango version
-    # requirement.
-    gtk4_pc = os.path.join(pkgconfig_dir, "gtk4.pc")
-    replace_in_file(gtk4_pc, r"pango [>=0-9. ]*", "pango")
-    replace_in_file(gtk4_pc, r"pangocairo [>=0-9. ]*", "pangocairo")
-
-    # Remove a cyclic symlink: /usr/bin/X11 -> /usr/bin
-    os.remove(os.path.join(install_root, "usr/bin/X11"))
-
-
 def create_extra_symlinks(install_root: str, arch: str):
    if RELEASES[arch] != "bullseye":
        # Recent debian releases no longer symlink lib{dl,pthread,rt}.so
@@ -642,10 +572,13 @@ def removing_unnecessary_files(install_root, arch):
    gcc_triple = "i686-linux-gnu" if arch == "i386" else TRIPLES[arch]
    gcc_version = GCC_VERSIONS[RELEASES[arch]]
    ALLOWLIST = {
-        "usr/bin/cups-config",
        f"usr/lib/gcc/{gcc_triple}/{gcc_version}/libgcc.a",
        f"usr/lib/{TRIPLES[arch]}/libc_nonshared.a",
-        f"usr/lib/{TRIPLES[arch]}/libffi_pic.a",
+
+        # https://developers.redhat.com/articles/2021/12/17/why-glibc-234-removed-libpthread
+        f"usr/lib/{TRIPLES[arch]}/libdl.a",
+        f"usr/lib/{TRIPLES[arch]}/libpthread.a",
+        f"usr/lib/{TRIPLES[arch]}/librt.a",
    }

    for file in ALLOWLIST:
@@ -789,9 +722,9 @@ def build_sysroot(arch: str) -> None:
    create_extra_symlinks(install_root, arch)
    cleanup_jail_symlinks(install_root)
    removing_unnecessary_files(install_root, arch)
-    strip_sections(install_root, arch)
+    # Skips stripping so the sysroot can be used for testing
+    # strip_sections(install_root, arch)
    restore_metadata(install_root, old_metadata)
-    create_tarball(install_root, arch, build_dir)


 def upload_sysroot(arch: str) -> str:
@@ -858,6 +791,10 @@ def main():
    args = parser.parse_args()
    sanity_check(get_build_dir(args.architecture))

+    global ARCHIVE_URL
+    if args.architecture == "loong64":
+        ARCHIVE_URL = "https://snapshot.debian.org/archive/debian-ports/20250625T074124Z/"
+
    if args.command == "build":
        build_sysroot(args.architecture)
    elif args.command == "upload":