Skip to content

[rules score] make sphinx build fully hermetic#293

Merged
hoe-jo merged 3 commits into
mainfrom
joho_create_rootfs_docs
Jul 2, 2026
Merged

[rules score] make sphinx build fully hermetic#293
hoe-jo merged 3 commits into
mainfrom
joho_create_rootfs_docs

Conversation

@hoe-jo

@hoe-jo hoe-jo commented Jun 24, 2026

Copy link
Copy Markdown
Contributor
  • include graphviz
  • rework plantuml integration
  • include graphbiz system deps as rootfs

@github-actions

Copy link
Copy Markdown

Coverage Report

Coverage report was generated.

Full report can be downloaded from the CI artifacts (expand Artifacts at the bottom of the run).

Overall coverage rate:

lines......: 84.1%
functions......: 49.9%

@hoe-jo hoe-jo force-pushed the joho_create_rootfs_docs branch from 2652b05 to 43e99d7 Compare June 24, 2026 15:28
@github-actions

Copy link
Copy Markdown

Coverage Report

Coverage report was generated.

Full report can be downloaded from the CI artifacts (expand Artifacts at the bottom of the run).

Overall coverage rate:

lines......: 84.1%
functions......: 49.9%

@hoe-jo hoe-jo force-pushed the joho_create_rootfs_docs branch 5 times, most recently from fefdf1c to e72fe7c Compare June 29, 2026 13:15
@github-actions

Copy link
Copy Markdown

Coverage Report

Coverage report was generated.

Full report can be downloaded from the CI artifacts (expand Artifacts at the bottom of the run).

Overall coverage rate:

lines......: 84.1%
functions......: 49.8%

@github-actions

Copy link
Copy Markdown

Coverage Report

Coverage report was generated.

Full report can be downloaded from the CI artifacts (expand Artifacts at the bottom of the run).

Overall coverage rate:

lines......: 84.1%
functions......: 49.8%

# Build exclude paths string - colon-separated list
exclude_paths = ":".join(ctx.attr.exclude_paths) if ctx.attr.exclude_paths else ""

wrapper_script = """#!/usr/bin/env bash

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be fair to make this script also "sh" compliant. That way, we drop dependency on bash.

Comment on lines +23 to +29
bazel_dep(name = "download_utils", version = "1.2.2")
git_override(
module_name = "download_utils",
commit = "3b96912fb6622dda83f25efd1f8ae596fc4a63a6",
remote = "https://gitlab.arm.com/bazel/download_utils.git",
)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you still need this?

Comment thread third_party/docs_runtime/BUILD Outdated
Comment on lines +42 to +49
# fakechroot + the x86_64 sysroot binaries only run on a linux/x86_64 host.
exec_compatible_with = [
"@platforms//cpu:x86_64",
"@platforms//os:linux",
],
# Prune plugins whose X11/pango/GD dependencies are absent from this minimal
# sysroot (they cannot be dlopened, causing dot -c to crash). Use find (not
# a hardcoded arch path) so the rule works on both amd64 and aarch64.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we restrict the rule to x86_64 then this comment makes no sense.

Comment thread third_party/docs_runtime/dot.sh Outdated
# exec_in_sysroot.sh) so glibc-level filesystem calls inside dot (e.g.
# opening the graphviz plugin directory, reading config6) are transparently
# redirected into the sysroot.
exec "${SYSROOT_INTERP}" --library-path "${SYSROOT_LIBPATH}" "${SYSROOT_DIR}/usr/bin/dot" "$@"

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is overly complex.
Ideally this should be:

Suggested change
exec "${SYSROOT_INTERP}" --library-path "${SYSROOT_LIBPATH}" "${SYSROOT_DIR}/usr/bin/dot" "$@"
/usr/bin/dot "$@"

The rest either must go into exec_in_sysroot or be dropped.

Comment thread third_party/docs_runtime/README.md Outdated
Comment on lines +47 to +51
2. **Host shell tools.** The sysroot-rework and extraction actions run under a
POSIX `sh` and use standard coreutils (`find`, `mktemp`, `chmod`, `rm`),
assumed present in the build environment. The generated `dot` launcher itself
requires `bash`, because it sources Bazel's `runfiles.bash` library (there is
no POSIX-`sh` runfiles equivalent in `@bazel_tools`).

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There should be an equivalent. Potentially rules_shell?

hoe-jo and others added 2 commits July 1, 2026 16:02
- include graphviz
- rework plantuml integration
- include graphviz system deps via fakechroot

Co-authored-by: Ulrich Huber <ulrich@huberulrich.de>
- exec_in_sysroot.sh: compute SYSROOT_INTERP and SYSROOT_LIBPATH,
  export them, and add SYSROOT_INTERP to FAKECHROOT_EXCLUDE_PATH so
  fakechroot does not intercept the interpreter's own exec
- exec_in_sysroot.bzl: rewrite _setup_block() to invoke each
  sysroot_setup_commands entry via sysroot's ld-linux.so
- dot.sh: replace /usr/bin/dot exec with sysroot-interpreter-based
  invocation using SYSROOT_INTERP / SYSROOT_LIBPATH / SYSROOT_DIR
- BUILD: add exclude_paths = ["/tmp"] to the dot exec_in_sysroot
  target so PlantUML's temp .dot/.svg files in /tmp are not chrooted
- Adapt conf.py to use the predefined variables
@hoe-jo hoe-jo force-pushed the joho_create_rootfs_docs branch from e72fe7c to 9861f3e Compare July 1, 2026 15:49
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

Coverage Report

Coverage report was generated.

Full report can be downloaded from the CI artifacts (expand Artifacts at the bottom of the run).

Overall coverage rate:

lines......: 84.1%
functions......: 50.3%

@hoe-jo hoe-jo force-pushed the joho_create_rootfs_docs branch from 9861f3e to 10d92ea Compare July 2, 2026 07:39
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

Coverage Report

Coverage report was generated.

Full report can be downloaded from the CI artifacts (expand Artifacts at the bottom of the run).

Overall coverage rate:

lines......: 84.1%
functions......: 50.3%

Comment thread bazel/rules/exec_in_sysroot/exec_in_sysroot.bzl
validation, runs optional host/sysroot setup commands while the tree is
writable, and repackages the result into a single `<name>.tar` archive.

Requires a Debian/Ubuntu multiarch sysroot (x86_64 or aarch64).

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Requires a Debian/Ubuntu multiarch sysroot (x86_64 or aarch64).

The sysroot archive is expected to be prepared by a prepare_sysroot rule,
which performs plugin pruning / post-install setup once and caches the result.

Requires a Debian/Ubuntu multiarch sysroot (x86_64 or aarch64).

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Requires a Debian/Ubuntu multiarch sysroot (x86_64 or aarch64).

- Remove duplicate implementation of sysroot-execution
- Extract Shell script into template
- Update Docs
@hoe-jo hoe-jo force-pushed the joho_create_rootfs_docs branch from 10d92ea to 3e6f292 Compare July 2, 2026 15:09
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

Coverage Report

Coverage report was generated.

Full report can be downloaded from the CI artifacts (expand Artifacts at the bottom of the run).

Overall coverage rate:

lines......: 84.1%
functions......: 50.3%

@hoe-jo hoe-jo merged commit 70b7a53 into main Jul 2, 2026
12 checks passed
@hoe-jo hoe-jo deleted the joho_create_rootfs_docs branch July 2, 2026 15:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Development

Successfully merging this pull request may close these issues.

2 participants