diff --git a/src/build/linux/sysroot_scripts/generate_keyring.sh b/src/build/linux/sysroot_scripts/generate_keyring.sh
index 87cecab5df..26a4ec1013 100755
--- a/src/build/linux/sysroot_scripts/generate_keyring.sh
+++ b/src/build/linux/sysroot_scripts/generate_keyring.sh
@@ -9,8 +9,16 @@ set -o errexit
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 KEYS=(
+    # Debian Ports Archive Automatic Signing Key (2023)
+    "B523E5F3FC4E5F2C"
+    # Debian Ports Archive Automatic Signing Key (2024)
+    "8D69674688B6CB36"
+    # Debian Ports Archive Automatic Signing Key (2021)
+    "5A88D659DCB811BB"
     # Debian Archive Automatic Signing Key (12/bookworm)
-    "6ED0E7B82643E131"
+    "B7C5D7D6350947F8"
+    # Debian Security Archive Automatic Signing Key (12/bookworm)
+    "254CF3B5AEC0A8F0"
     # Debian Stable Release Key (12/bookworm)
     "F8D2585B8783D481"
     # Debian Archive Automatic Signing Key (11/bullseye)
diff --git a/src/build/linux/sysroot_scripts/install-sysroot.py b/src/build/linux/sysroot_scripts/install-sysroot.py
index b1f6b17afd..6e5dd2c4c0 100755
--- a/src/build/linux/sysroot_scripts/install-sysroot.py
+++ b/src/build/linux/sysroot_scripts/install-sysroot.py
@@ -37,7 +37,7 @@ SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
 SRC_DIR = os.path.dirname(os.path.dirname(os.path.dirname(SCRIPT_DIR)))
 
 VALID_ARCHS = ("amd64", "i386", "armhf", "arm64", "mipsel", "mips64el",
-               "ppc64el")
+               "ppc64el", "riscv64")
 
 ARCH_TRANSLATIONS = {
     "x64": "amd64",
diff --git a/src/build/linux/sysroot_scripts/reversion_glibc.py b/src/build/linux/sysroot_scripts/reversion_glibc.py
index 33b046575c..9b44c18d23 100644
--- a/src/build/linux/sysroot_scripts/reversion_glibc.py
+++ b/src/build/linux/sysroot_scripts/reversion_glibc.py
@@ -12,16 +12,12 @@ import subprocess
 # //chrome/installer/linux/rpm/dist_package_provides.json
 MAX_ALLOWED_GLIBC_VERSION = [2, 26]
 
-VERSION_PATTERN = re.compile("GLIBC_([0-9\.]+)")
+VERSION_PATTERN = re.compile(r"GLIBC_([0-9\.]+)")
 SECTION_PATTERN = re.compile(r"^ *\[ *[0-9]+\] +(\S+) +\S+ + ([0-9a-f]+) .*$")
 
 # Some otherwise disallowed symbols are referenced in the linux-chromeos build.
 # To continue supporting it, allow these symbols to remain enabled.
 SYMBOL_ALLOWLIST = {
-    "fts64_close",
-    "fts64_open",
-    "fts64_read",
-    "memfd_create",
 }
 
 
@@ -38,7 +34,7 @@ def reversion_glibc(bin_file: str) -> None:
     stdout = subprocess.check_output(
         ["readelf", "--dyn-syms", "--wide", bin_file])
     for line in stdout.decode("utf-8").split("\n"):
-        cols = re.split("\s+", line)
+        cols = re.split(r"\s+", line)
         # Skip the preamble.
         if len(cols) < 9:
             continue
diff --git a/src/build/linux/sysroot_scripts/sysroot_creator.py b/src/build/linux/sysroot_scripts/sysroot_creator.py
index d3fb58da0f..ceefdd09ba 100755
--- a/src/build/linux/sysroot_scripts/sysroot_creator.py
+++ b/src/build/linux/sysroot_scripts/sysroot_creator.py
@@ -40,10 +40,6 @@ ARCHIVE_TIMESTAMP = "20250129T203412Z"
 
 ARCHIVE_URL = f"https://snapshot.debian.org/archive/debian/{ARCHIVE_TIMESTAMP}/"
 APT_SOURCES_LIST = [
-    # Debian 12 (Bookworm) is needed for GTK4.  It should be kept before
-    # bullseye so that bullseye takes precedence.
-    ("bookworm", ["main"]),
-    ("bookworm-updates", ["main"]),
     # This mimics a sources.list from bullseye.
     ("bullseye", ["main", "contrib", "non-free"]),
     ("bullseye-updates", ["main", "contrib", "non-free"]),
@@ -58,6 +54,7 @@ TRIPLES = {
     "mipsel": "mipsel-linux-gnu",
     "mips64el": "mips64el-linux-gnuabi64",
     "ppc64el": "powerpc64le-linux-gnu",
+    "riscv64": "riscv64-linux-gnu",
 }
 
 REQUIRED_TOOLS = [
@@ -76,71 +73,12 @@ RELEASE_FILE_GPG = "Release.gpg"
 
 # List of development packages. Dependencies are automatically included.
 DEBIAN_PACKAGES = [
-    "libasound2-dev",
-    "libavformat-dev",
-    "libbluetooth-dev",
     "libc6-dev",
-    "libcap-dev",
-    "libcolord-dev",
-    "libcups2-dev",
-    "libcupsimage2-dev",
-    "libcurl4-gnutls-dev",
-    "libdbusmenu-glib-dev",
-    "libdeflate-dev",
-    "libelf-dev",
-    "libflac-dev",
-    "libgbm-dev",
-    "libgcrypt20-dev",
-    "libgnutls28-dev",
-    "libgtk-3-dev",
-    "libgtk-4-dev",
-    "libinput-dev",
-    "libjbig-dev",
-    "libjpeg-dev",
-    "libjsoncpp-dev",
-    "libkrb5-dev",
-    "liblcms2-dev",
-    "liblzma-dev",
-    "libminizip-dev",
-    "libmtdev-dev",
-    "libncurses-dev",
-    "libnss3-dev",
-    "libopus-dev",
-    "libpam0g-dev",
-    "libpci-dev",
-    "libpipewire-0.3-dev",
-    "libpulse-dev",
-    "libre2-dev",
-    "libsnappy-dev",
-    "libspeechd-dev",
-    "libssl-dev",
-    "libsystemd-dev",
-    "libtiff-dev",
-    "libutempter-dev",
-    "libva-dev",
-    "libvpx-dev",
-    "libwayland-egl-backend-dev",
-    "libwebp-dev",
-    "libx11-xcb-dev",
-    "libxcb-dri2-0-dev",
-    "libxcb-dri3-dev",
-    "libxcb-glx0-dev",
-    "libxcb-image0-dev",
-    "libxcb-present-dev",
-    "libxcb-render-util0-dev",
-    "libxcb-util-dev",
-    "libxshmfence-dev",
-    "libxslt1-dev",
-    "libxss-dev",
-    "libxt-dev",
-    "libxxf86vm-dev",
-    "mesa-common-dev",
-    "qt6-base-dev",
-    "qtbase5-dev",
-    "valgrind",
+    "libgcc-10-dev",
+    "libstdc++-10-dev",
+    "linux-libc-dev",
 ]
 
-
 def banner(message: str) -> None:
     print("#" * 70)
     print(message)
@@ -284,11 +222,13 @@ def generate_package_list_dist_repo(arch: str, dist: str,
     download_or_copy_non_unique_filename(package_list_arch, package_list)
     verify_package_listing(package_file_arch, package_list, dist)
 
+    # `not line.endswith(":")` is added here to handle the case of
+    # "X-Cargo-Built-Using:\n rust-adler (= 1.0.2-2), ..."
     with lzma.open(package_list, "rt") as src:
         return [
             dict(
                 line.split(": ", 1) for line in package_meta.splitlines()
-                if not line.startswith(" "))
+                if not line.startswith(" ") and not line.endswith(":"))
             for package_meta in src.read().split("\n\n") if package_meta
         ]
 
@@ -358,13 +298,6 @@ def hacks_and_patches(install_root: str, script_dir: str, arch: str) -> None:
     if os.path.exists(qtchooser_conf):
         os.remove(qtchooser_conf)
 
-    # libxcomposite1 is missing a symbols file.
-    atomic_copyfile(
-        os.path.join(script_dir, "libxcomposite1-symbols"),
-        os.path.join(install_root, "debian", "libxcomposite1", "DEBIAN",
-                     "symbols"),
-    )
-
     # __GLIBC_MINOR__ is used as a feature test macro. Replace it with the
     # earliest supported version of glibc (2.26).
     features_h = os.path.join(install_root, "usr", "include", "features.h")
@@ -410,19 +343,13 @@ def hacks_and_patches(install_root: str, script_dir: str, arch: str) -> None:
 
     # Avoid requiring unsupported glibc versions.
     for lib in ["libc.so.6", "libm.so.6", "libcrypt.so.1"]:
+        # RISCV64 is new and has no backward compatibility.
+        # Reversioning would remove necessary symbols and cause linking failures.
+        if arch == "riscv64":
+            continue
         lib_path = os.path.join(install_root, "lib", TRIPLES[arch], lib)
         reversion_glibc.reversion_glibc(lib_path)
 
-    # GTK4 is provided by bookworm (12), but pango is provided by bullseye
-    # (11).  Fix the GTK4 pkgconfig file to relax the pango version
-    # requirement.
-    gtk4_pc = os.path.join(pkgconfig_dir, "gtk4.pc")
-    replace_in_file(gtk4_pc, r"pango [>=0-9. ]*", "pango")
-    replace_in_file(gtk4_pc, r"pangocairo [>=0-9. ]*", "pangocairo")
-
-    # Remove a cyclic symlink: /usr/bin/X11 -> /usr/bin
-    os.remove(os.path.join(install_root, "usr/bin/X11"))
-
 
 def replace_in_file(file_path: str, search_pattern: str,
                     replace_pattern: str) -> None:
@@ -550,10 +477,8 @@ def removing_unnecessary_files(install_root, arch):
     # Preserve these files.
     gcc_triple = "i686-linux-gnu" if arch == "i386" else TRIPLES[arch]
     ALLOWLIST = {
-        "usr/bin/cups-config",
         f"usr/lib/gcc/{gcc_triple}/10/libgcc.a",
         f"usr/lib/{TRIPLES[arch]}/libc_nonshared.a",
-        f"usr/lib/{TRIPLES[arch]}/libffi_pic.a",
     }
 
     for file in ALLOWLIST:
@@ -695,9 +620,7 @@ def build_sysroot(arch: str) -> None:
     hacks_and_patches(install_root, SCRIPT_DIR, arch)
     cleanup_jail_symlinks(install_root)
     removing_unnecessary_files(install_root, arch)
-    strip_sections(install_root, arch)
     restore_metadata(install_root, old_metadata)
-    create_tarball(install_root, arch)
 
 
 def upload_sysroot(arch: str) -> str:
@@ -764,6 +687,13 @@ def main():
 
     sanity_check()
 
+    # RISCV64 only has support in debian-ports, no support in bookworm.
+    if args.architecture == "riscv64":
+        global ARCHIVE_URL, APT_SOURCES_LIST
+        # This is the last snapshot that uses glibc 2.31, similar to bullseye
+        ARCHIVE_URL = "https://snapshot.debian.org/archive/debian-ports/20210906T080750Z/"
+        APT_SOURCES_LIST = [("sid", ["main"])]
+
     if args.command == "build":
         build_sysroot(args.architecture)
     elif args.command == "upload":
diff --git a/src/build/linux/sysroot_scripts/sysroots.json b/src/build/linux/sysroot_scripts/sysroots.json
index 2aade5a608..95fd75121d 100644
--- a/src/build/linux/sysroot_scripts/sysroots.json
+++ b/src/build/linux/sysroot_scripts/sysroots.json
@@ -40,5 +40,11 @@
         "SysrootDir": "debian_bullseye_ppc64el-sysroot",
         "Tarball": "debian_bullseye_ppc64el_sysroot.tar.xz",
         "URL": "https://commondatastorage.googleapis.com/chrome-linux-sysroot"
+    },
+    "bullseye_riscv64": {
+        "Key": "",
+        "Sha1Sum": "",
+        "SysrootDir": "debian_bullseye_riscv64-sysroot",
+        "Tarball": "debian_bullseye_riscv64_sysroot.tar.xz"
     }
 }