Initial commit

Author: pascallj

.github/workflows/build-packages.yml

@@ -0,0 +1,91 @@
+name: Build all packages
+on: 
+  workflow_dispatch:
+    inputs:
+      changelog_message:
+        description: 'Changelog message to add (in addition to "Rebuild for...")'
+        type: string
+
+jobs:
+  native:
+    runs-on: ubuntu-latest
+    name: Build native packages
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=4194304
+
+      - name: Generate Bake override file
+        run: |
+          cat <<EOF > docker-bake.override.hcl
+          target "github_output" {
+            contexts = {
+              native = "target:native"
+            }
+            dockerfile-inline = <<-EOT
+            FROM debian:bookworm-slim AS github_output
+            COPY --from=native /github_outpu[t] /github_output
+            EOT
+            inherits = ["native"]
+            output = ["type=docker"]
+            tags = ["github_output"]
+            target = "github_output"
+          }
+          EOF
+
+      - name: Build the Docker image
+        uses: docker/bake-action@v4
+        env:
+          NAME: "${{ secrets.changelog_name }}"
+          EMAIL: "${{ secrets.changelog_email }}"
+          CHANGE: "${{ inputs.changelog_message }}"
+        with:
+          targets: native, github_output
+          set: |
+            *.cache-from=type=gha
+            *.cache-to=type=gha,mode=max
+
+      - name: Output GA specific messages
+        run: docker run --rm github_output bash -c "touch /github_output && cat /github_output"
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: native-debs
+          path: artifacts
+
+  crossbuild:
+    runs-on: ubuntu-latest
+    name: Crossbuild packages
+    needs: native
+    strategy:
+      matrix:
+        arch: [armhf, arm64]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=4194304
+
+      - name: Build the Docker image
+        uses: docker/bake-action@v4
+        env:
+          NAME: "${{ secrets.changelog_name }}"
+          EMAIL: "${{ secrets.changelog_email }}"
+          CHANGE: "${{ inputs.changelog_message }}"
+        with:
+          targets: crossbuild-${{ matrix.arch }}
+          set: |
+            *.cache-from=type=gha
+            *.cache-to=type=gha,mode=max
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: crossbuild-${{ matrix.arch }}-debs
+          path: artifacts

.gitignore

@@ -0,0 +1 @@
+artifacts

Dockerfile

@@ -0,0 +1,120 @@
+# syntax=docker/dockerfile:1
+ARG PYTHON_NAME="python3.12"
+ARG PYTHON_VERSION="3.12.2-1"
+ARG DIST_NAME="trixie"
+
+# -------------------- Preparation --------------------
+FROM debian:bookworm-slim AS pre-build
+ARG DIST_NAME
+RUN echo "\
+Types: deb-src\n\
+URIs: http://deb.debian.org/debian\n\
+Suites: ${DIST_NAME}\n\
+Components: main\n\
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg" \
+> /etc/apt/sources.list.d/${DIST_NAME}-src.sources
+RUN	apt-get update && \
+	apt-get upgrade -y && \
+	apt-get install -y --no-install-recommends devscripts equivs
+	
+# -------------------- Source preperation --------------------
+FROM pre-build AS source
+ARG PYTHON_NAME
+ARG PYTHON_VERSION
+WORKDIR /usr/local/src
+RUN	apt-get source --download-only ${PYTHON_NAME}=${PYTHON_VERSION} && \
+	dpkg-source -x --skip-patches ${PYTHON_NAME}*.dsc && \
+	mv ${PYTHON_NAME}*/ python-source
+WORKDIR python-source
+ADD ensurepip-enabled.diff debian/patches
+RUN	sed -i '/^ensurepip-disabled.diff$/s/^/#/' debian/patches/series && \
+	echo 'ensurepip-enabled.diff' >> debian/patches/series
+
+ADD changelog_previous .
+RUN if [ -s changelog_previous ]; then echo "$(cat changelog_previous)\n\
+\n\
+$(cat debian/changelog)" > debian/changelog; fi
+ARG NAME
+ARG EMAIL
+ARG CHANGE
+RUN dch --bpo "$CHANGE"
+
+# -------------------- Build preperation --------------------
+FROM pre-build AS build-system
+# These packages would be installed by mk-build-deps for all architectures
+# so make sure they are only downloaded once
+# This command is allowed to fail however if something changes in the future
+RUN 	apt-get install -y --no-install-recommends \
+	diffstat docutils-common ed fontconfig-config fonts-dejavu-core libbrotli1 \
+	libbsd0 libc-l10n libdrm-amdgpu1 libdrm-common libdrm-intel1 libdrm-nouveau2 \
+	libdrm-radeon1 libdrm2 libedit2 libfontconfig1 libfontenc1 libfreetype6 libgl1 \
+	libgl1-mesa-dri libglapi-mesa libglvnd0 libglx-mesa0 libglx0 libice6 \
+	libjs-jquery libjs-sphinxdoc libjs-underscore libjson-perl libllvm15 \
+	libpciaccess0 libpixman-1-0 libpkgconf3 libpng16-16 libsensors-config \
+	libsensors5 libsm6 libtcl8.6 libtext-unidecode-perl libtk8.6 libunwind8 \
+	libx11-6 libx11-data libx11-xcb1 libxau6 libxaw7 libxcb-dri2-0 libxcb-dri3-0 \
+	libxcb-glx0 libxcb-present0 libxcb-randr0 libxcb-shm0 libxcb-sync1 \
+	libxcb-xfixes0 libxcb1 libxdmcp6 libxext6 libxfixes3 libxfont2 libxft2 \
+	libxkbfile1 libxml-libxml-perl libxml-namespacesupport-perl \
+	libxml-sax-base-perl libxml-sax-perl libxmu6 libxmuu1 libxpm4 libxrandr2 \
+	libxrender1 libxshmfence1 libxss1 libxt6 libxxf86vm1 libz3-4 locales-all \
+	lsb-release net-tools pkgconf-bin python-babel-localedata python3-alabaster \
+	python3-babel python3-certifi python3-chardet python3-charset-normalizer \
+	python3-distutils python3-docs-theme python3-docutils python3-idna \
+	python3-imagesize python3-jinja2 python3-lib2to3 python3-markupsafe \
+	python3-packaging python3-pkg-resources python3-pygments python3-requests \
+	python3-roman python3-six python3-snowballstemmer python3-sphinx python3-tz \
+	python3-urllib3 quilt sgml-base sharutils sphinx-common tcl tcl8.6 tex-common \
+	texinfo time tk tk8.6 ucf x11-common x11-xkb-utils x11proto-core-dev \
+	x11proto-dev xauth xkb-data xml-core xorg-sgml-doctools xserver-common \
+	xtrans-dev xvfb || \
+	echo "::warning::Loading packages failed!" | tee -a /github_output
+COPY --from=source /usr/local/src/python-source /usr/local/src/python-source
+WORKDIR /usr/local/src/python-source
+
+# -------------------- Build native architecture --------------------
+FROM build-system AS native
+RUN mk-build-deps --install --tool 'apt-get -y --no-install-recommends'
+
+RUN debuild -b -uc -us
+RUN mkdir debs && mv ../*.deb debs
+
+# -------------------- Export native build artifacts --------------------
+FROM scratch AS native-binaries
+ARG PYTHON_NAME
+COPY --from=native /usr/local/src/python-source/debs/. /usr/local/src/${PYTHON_NAME}*.build /usr/local/src/${PYTHON_NAME}*.buildinfo /
+
+# -------------------- Crossbuild foreign architectures --------------------
+FROM build-system AS crossbuild
+ARG ARCH
+RUN [ ! -z "${ARCH}" ]
+RUN dpkg --add-architecture ${ARCH}
+RUN apt-get update
+	
+ADD crossbuild-dep.diff .
+RUN patch -p1 < crossbuild-dep.diff
+
+COPY --from=native /usr/local/src/python-source/debs native-debs
+ARG PYTHON_NAME
+RUN cd native-debs && apt-get install -y ./lib${PYTHON_NAME}-minimal*.deb \
+	./lib${PYTHON_NAME}-stdlib*.deb \
+	./lib${PYTHON_NAME}_*.deb \
+	./${PYTHON_NAME}-minimal*.deb \
+	./${PYTHON_NAME}_*.deb
+
+RUN mk-build-deps --arch ${ARCH} --host-arch ${ARCH}
+# We don't need build-essential for cross-compiling, but mk-build-deps insists of adding it
+# Hacky way to remove that:
+RUN	mkdir rebuild-cross-deps && \
+	dpkg-deb -R ${PYTHON_NAME}-cross-build-deps*.deb rebuild-cross-deps && \
+	sed -i 's/build-essential:[^ ]* //' rebuild-cross-deps/DEBIAN/control && \
+	dpkg-deb -b rebuild-cross-deps
+RUN apt-get install -y --no-install-recommends ./rebuild-cross-deps.deb
+
+RUN DEB_BUILD_OPTIONS='nocheck nobench' debuild -b -uc -us -a${ARCH} --ignore-builtin-builddeps
+RUN mkdir debs && mv ../*.deb debs
+
+# -------------------- Export crossbuild artifacts --------------------
+FROM scratch AS crossbuild-binaries
+ARG PYTHON_NAME
+COPY --from=crossbuild /usr/local/src/python-source/debs/. /usr/local/src/${PYTHON_NAME}*.build /usr/local/src/${PYTHON_NAME}*.buildinfo /

README.md

@@ -0,0 +1,51 @@
+# Python 3.12 backport for Debian 12 bookworm
+The aim of this project is to provide a Python 3.12 backport to Debian bookworm. Packages are of course much better manageable than compiling the source from scratch. In my opinion it is also more manageable than using `pyenv`. By using my packages you will also be sure to get the latest patches (on a best effort basis).
+
+Motivation for this project was the [removal of Python 3.11 support in Home Assistant 2024.4](https://github.com/home-assistant/core/pull/108160). Debian bookworm doesn't have Python 3.12 however.
+
+## Scope
+The scope of this project is limited to backporting just Python 3.12 itself. So no defaults (which provide virtual packages so `python3` get's automatically linked to `python3.12`) and no precompiled pip-packages or wheels besides pip itself. Therefore it can coexist with your regular Python (3.11) installation without any interference and still being simple to maintain. It's main use is for in virtual environments where you can use pip to compile and install any packages you desire. It does provide all the packages and dependencies needed to create a Python 3.12 virtual environment.
+
+Because the version of pip present in Debian 12 bookworm isn't compatible with Python 3.12, I've included pip inside the Python package. Normally pip on Debian is inside the `python3-pip` package, but backporting that would clash with an existing pip installation. This is the easiest solution for now.
+
+## Repository
+Packages can be downloaded from my repository at `deb.pascalroeleven.nl`. First you should also add my PGP (which you can get from my website via https) to APT's sources keyring:
+```sh
+wget -qO- https://pascalroeleven.nl/deb-pascalroeleven.gpg | sudo tee /etc/apt/trusted.gpg.d/deb-pascalroeleven.gpg
+```
+
+Now you can add my repository by adding a file with my repository to the `sources.list.d` directory:
+```sh
+cat <<EOF
+Types: deb
+URIs: http://deb.pascalroeleven.nl/python3.12
+Suites: bookworm-backports
+Components: main
+Signed-By: /etc/apt/trusted.gpg.d/deb-pascalroeleven.gpg
+EOF
+| sudo tee /etc/apt/sources.list.d/pascalroeleven.sources
+```
+
+After running `apt update` you should now be able to install Python 3.12 related packages.
+
+Packages are built using Github Actions along with a file containing the checksums of all packages. Therefore, you can compare the checksums of the packages in the repository with the checksums in Github Actions and trace the entire process (up to 90 days after the build after which the artifacts and logs get removed). This way, if you trust the Github Actions build system, you can be sure that the packages I provide are actually built using the instructions in this repo.
+
+## Support
+Currently there is support for **`amd64`**, **`arm64`** and **`armhf`** architectures. The `amd64` packages are build natively while the `arm64` and `armhf` packages are crossbuilt. Testing is not possible while crossbuilding, so these packages did not undergo the same amount of testing as usual Debian packages do.
+
+## Building the packages yourself
+If you want to build the packages yourself, you can use the Dockerfile and the patches in this repository. Patches will be applied by the Dockerfile. Buildkit is required.
+
+Packages are built using the `buildx bake` command. The following targets are supported: `native`, `crossbuild`, `crossbuild-armhf` and `crossbuild-arm64`. Supplying no target or `default` will build all packages. Build artifacts are extracted to the `artifacts` folder (will be created automatically).
+
+```sh
+docker buildx bake default
+```
+
+You can supply the following environment variables to modify the changelog: `NAME`, `EMAIL` and `CHANGE` (for an additional message in the changelog besides "Rebuild for bookworm-backports").
+
+```sh
+NAME="James Smith" EMAIL="[email protected]" CHANGE="Fixed some bug somewhere" docker buildx bake default
+```
+
+Building natively takes about 2 hours on a modern decent PC because of the extensive testing. Cross building takes about 30 minutes (but uses native binaries so requires the extra 2 hours the first time).

changelog_previous

@@ -0,0 +1,25 @@
+diff -u a/debian/control b/debian/control
+--- a/debian/control
++++ b/debian/control
+@@ -19,7 +19,7 @@
+   net-tools, xvfb <!nocheck>, xauth <!nocheck>, tzdata <!nocheck>,
+   systemtap-sdt-dev [!hurd-amd64 !hurd-i386],
+   valgrind-if-available,
+-Build-Depends-Indep: python3-sphinx, python3-docs-theme, texinfo
++Build-Depends-Indep: python3-sphinx:all, python3-docs-theme:all, texinfo
+ Standards-Version: 4.6.2
+ Vcs-Browser: https://salsa.debian.org/cpython-team/python3
+ Vcs-Git: https://salsa.debian.org/cpython-team/python3.git
+ 
+diff -u a/debian/rules b/debian/rules
+--- a/debian/rules
++++ b/debian/rules
+@@ -1456,7 +1456,7 @@
+ 	done
+ 
+ 	: # devhelp docs
+-	cd $(buildd_static) && ./python ../debian/pyhtml2devhelp.py \
++	cd $(buildd_static) && python3.12 ../debian/pyhtml2devhelp.py \
+ 		../$(d_doc)/usr/share/doc/$(p_base)/html index.html $(VER) \
+ 		> ../$(d_doc)/usr/share/doc/$(p_base)/html/$(PVER).devhelp
+ 	gzip -9nv $(d_doc)/usr/share/doc/$(p_base)/html/$(PVER).devhelp

crossbuild-dep.diff

@@ -0,0 +1,41 @@
+group "default" {
+  targets = ["native","crossbuild"]
+}
+
+variable "NAME" {
+  default = "$NAME"
+}
+
+variable "EMAIL" {
+  default = "$EMAIL"
+}
+
+variable "CHANGE" {
+  default = "$CHANGE"
+}
+
+target "base" {
+  args = {
+    NAME = NAME
+    EMAIL = EMAIL
+    CHANGE = CHANGE
+  }
+  output = ["type=local,dest=artifacts"]
+}
+
+target "native" {
+  inherits = ["base"]
+  target = "native-binaries"
+}
+
+target "crossbuild" {
+  args = {
+    ARCH = arch
+  }
+  inherits = ["base"]
+  matrix = {
+    arch = ["armhf", "arm64"]
+  }
+  name = "crossbuild-${arch}"
+  target = "crossbuild-binaries"
+}