From 7dc3e97c708a32accb59c0481d5174cae6993847 Mon Sep 17 00:00:00 2001 From: Alexander Mazuruk Date: Wed, 23 Jun 2021 17:17:34 +0200 Subject: Remove GPLv3 libraries & modules from Docker I'm not happy how it is submitted: copy-pasted generated stuff from upstream & edited to fit our needs... We've asked docker guys if they would potentially support a GPLv3-free image, but they do not have such plans. Following GPLv3 libraries have been removed from build-deps: - readline-dev - coreutils - findutils - gdbm-dev Which results in: The necessary bits to build these optional modules were not found: _dbm _gdbm readline Issue-ID: INT-1933 Signed-off-by: Alexander Mazuruk Change-Id: I7f4d25ee9e282b5e2c89e8ccf083a789921cd369 --- Dockerfile | 165 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 164 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 007b7ee..d94f671 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,168 @@ -FROM python:3.9.5-alpine3.13 +#Copyright (c) 2014 Docker, Inc. +#Copyright (c) 2021 Samsung Electronics, Co Ltd. +# +#Permission is hereby granted, free of charge, to any person obtaining +#a copy of this software and associated documentation files (the +#"Software"), to deal in the Software without restriction, including +#without limitation the rights to use, copy, modify, merge, publish, +#distribute, sublicense, and/or sell copies of the Software, and to +#permit persons to whom the Software is furnished to do so, subject to +#the following conditions: +# +#The above copyright notice and this permission notice shall be included +#in all copies or substantial portions of the Software. +# +#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +#EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +#IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +#CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +#TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +#SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +# Below is edited Dockerfile from: +# https://github.com/docker-library/python +# Those Dockerfiles are generated for each new release. +# Below is copy-paste from a generated Dockerfile, +# with GPLv3 dependencies removed. +FROM alpine:3.13 + +# ensure local python is preferred over distribution python +ENV PATH /usr/local/bin:$PATH + +# http://bugs.python.org/issue19846 +# > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK. +ENV LANG C.UTF-8 + +# runtime dependencies +RUN set -eux; \ + apk add --no-cache \ +# install ca-certificates so that HTTPS works consistently + ca-certificates \ +# and tzdata for PEP 615 (https://www.python.org/dev/peps/pep-0615/) + tzdata \ + ; +# other runtime dependencies for Python are installed later + +ENV GPG_KEY E3FF2839C048B25C084DEBE9B26995E310250568 +ENV PYTHON_VERSION 3.9.5 + +RUN set -ex \ + && apk add --no-cache --virtual .fetch-deps \ + gnupg \ + tar \ + xz \ + \ + && wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" \ + && wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY" \ + && gpg --batch --verify python.tar.xz.asc python.tar.xz \ + && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ + && rm -rf "$GNUPGHOME" python.tar.xz.asc \ + && mkdir -p /usr/src/python \ + && tar -xJC /usr/src/python --strip-components=1 -f python.tar.xz \ + && rm python.tar.xz \ + \ + && apk add --no-cache --virtual .build-deps \ + bluez-dev \ + bzip2-dev \ + dpkg-dev dpkg \ + expat-dev \ + gcc \ + libc-dev \ + libffi-dev \ + libnsl-dev \ + libtirpc-dev \ + linux-headers \ + make \ + ncurses-dev \ + openssl-dev \ + pax-utils \ + sqlite-dev \ + tcl-dev \ + tk \ + tk-dev \ + util-linux-dev \ + xz-dev \ + zlib-dev \ +# add build deps before removing fetch deps in case there's overlap + && apk del --no-network .fetch-deps \ + \ + && cd /usr/src/python \ + && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + && ./configure \ + --build="$gnuArch" \ + --enable-loadable-sqlite-extensions \ + --enable-optimizations \ + --enable-option-checking=fatal \ + --enable-shared \ + --with-system-expat \ + --with-system-ffi \ + --without-ensurepip \ + && make -j "$(nproc)" \ +# set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit() +# https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 + EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000" \ + LDFLAGS="-Wl,--strip-all" \ + && make install \ + && rm -rf /usr/src/python \ + \ + && find /usr/local -depth \ + \( \ + \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \ + -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name '*.a' \) \) \ + \) -exec rm -rf '{}' + \ + \ + && find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | xargs -rt apk add --no-cache --virtual .python-rundeps \ + && apk del --no-network .build-deps \ + \ + && python3 --version + +# make some useful symlinks that are expected to exist +RUN cd /usr/local/bin \ + && ln -s idle3 idle \ + && ln -s pydoc3 pydoc \ + && ln -s python3 python \ + && ln -s python3-config python-config + +# if this is called "PIP_VERSION", pip explodes with "ValueError: invalid truth value ''" +ENV PYTHON_PIP_VERSION 21.1.2 +# https://github.com/pypa/get-pip +ENV PYTHON_GET_PIP_URL https://github.com/pypa/get-pip/raw/936e08ce004d0b2fae8952c50f7ccce1bc578ce5/public/get-pip.py +ENV PYTHON_GET_PIP_SHA256 8890955d56a8262348470a76dc432825f61a84a54e2985a86cd520f656a6e220 + +RUN set -ex; \ + \ + wget -O get-pip.py "$PYTHON_GET_PIP_URL"; \ + echo "$PYTHON_GET_PIP_SHA256 *get-pip.py" | sha256sum -c -; \ + \ + python get-pip.py \ + --disable-pip-version-check \ + --no-cache-dir \ + "pip==$PYTHON_PIP_VERSION" \ + ; \ + pip --version; \ + \ + find /usr/local -depth \ + \( \ + \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \ + -o \ + \( -type f -a \( -name '*.pyc' -o -name '*.pyo' \) \) \ + \) -exec rm -rf '{}' +; \ + rm -f get-pip.py + +CMD ["python3"] + +# End of copy-paste from: +# https://github.com/docker-library/python +################################################# +# Integration-specific part LABEL maintainer="ONAP Integration team, morgan.richomme@orange.com" LABEL Description="Reference ONAP Python 3 image" -- cgit 1.2.3-korg