summaryrefslogtreecommitdiffstats
path: root/Dockerfile
diff options
context:
space:
mode:
Diffstat (limited to 'Dockerfile')
-rw-r--r--Dockerfile129
1 files changed, 72 insertions, 57 deletions
diff --git a/Dockerfile b/Dockerfile
index 0de2c34..edcbbff 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -26,7 +26,7 @@
# Those Dockerfiles are generated for each new release.
# Below is copy-paste from a generated Dockerfile,
# with GPLv3 dependencies removed.
-FROM alpine:3.16
+FROM alpine:3.17
# ensure local python is preferred over distribution python
ENV PATH /usr/local/bin:$PATH
@@ -38,39 +38,27 @@ ENV LANG C.UTF-8
# runtime dependencies
RUN set -eux; \
apk add --no-cache \
-# install ca-certificates so that HTTPS works consistently
ca-certificates \
-# and tzdata for PEP 615 (https://www.python.org/dev/peps/pep-0615/)
tzdata \
;
-# other runtime dependencies for Python are installed later
ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D
-ENV PYTHON_VERSION 3.10.4
+ENV PYTHON_VERSION 3.11.3
-RUN set -ex \
- && apk add --no-cache --virtual .fetch-deps \
+RUN set -eux; \
+ \
+ apk add --no-cache --virtual .build-deps \
gnupg \
tar \
xz \
- \
- && wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" \
- && wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" \
- && export GNUPGHOME="$(mktemp -d)" \
- && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY" \
- && gpg --batch --verify python.tar.xz.asc python.tar.xz \
- && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \
- && rm -rf "$GNUPGHOME" python.tar.xz.asc \
- && mkdir -p /usr/src/python \
- && tar -xJC /usr/src/python --strip-components=1 -f python.tar.xz \
- && rm python.tar.xz \
- \
- && apk add --no-cache --virtual .build-deps \
+ \
bluez-dev \
bzip2-dev \
dpkg-dev dpkg \
expat-dev \
+ findutils \
gcc \
+ gdbm-dev \
libc-dev \
libffi-dev \
libnsl-dev \
@@ -87,12 +75,22 @@ RUN set -ex \
util-linux-dev \
xz-dev \
zlib-dev \
-# add build deps before removing fetch deps in case there's overlap
- && apk del --no-network .fetch-deps \
+ ; \
\
- && cd /usr/src/python \
- && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
- && ./configure \
+ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \
+ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \
+ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \
+ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \
+ gpg --batch --verify python.tar.xz.asc python.tar.xz; \
+ command -v gpgconf > /dev/null && gpgconf --kill all || :; \
+ rm -rf "$GNUPGHOME" python.tar.xz.asc; \
+ mkdir -p /usr/src/python; \
+ tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \
+ rm python.tar.xz; \
+ \
+ cd /usr/src/python; \
+ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
+ ./configure \
--build="$gnuArch" \
--enable-loadable-sqlite-extensions \
--enable-optimizations \
@@ -100,66 +98,83 @@ RUN set -ex \
--enable-shared \
--with-lto \
--with-system-expat \
- --with-system-ffi \
--without-ensurepip \
- && make -j "$(nproc)" \
+ ; \
+ nproc="$(nproc)"; \
# set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit()
# https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0
- EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000" \
- LDFLAGS="-Wl,--strip-all" \
- && make install \
- && rm -rf /usr/src/python \
+ EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000"; \
+ LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \
+ make -j "$nproc" \
+ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \
+ "LDFLAGS=${LDFLAGS:-}" \
+ "PROFILE_TASK=${PROFILE_TASK:-}" \
+ ; \
+# https://github.com/docker-library/python/issues/784
+# prevent accidental usage of a system installed libpython of the same version
+ rm python; \
+ make -j "$nproc" \
+ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \
+ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \
+ "PROFILE_TASK=${PROFILE_TASK:-}" \
+ python \
+ ; \
+ make install; \
+ \
+ cd /; \
+ rm -rf /usr/src/python; \
\
- && find /usr/local -depth \
+ find /usr/local -depth \
\( \
\( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \
- -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name '*.a' \) \) \
+ -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \) \) \
\) -exec rm -rf '{}' + \
+ ; \
\
- && find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \
+ find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
- | xargs -rt apk add --no-cache --virtual .python-rundeps \
- && apk del --no-network .build-deps \
+ | xargs -rt apk add --no-network --virtual .python-rundeps \
+ ; \
+ apk del --no-network .build-deps; \
\
- && python3 --version
+ python3 --version
-# make some useful symlinks that are expected to exist
-RUN cd /usr/local/bin \
- && ln -s idle3 idle \
- && ln -s pydoc3 pydoc \
- && ln -s python3 python \
- && ln -s python3-config python-config
+# make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends)
+RUN set -eux; \
+ for src in idle3 pydoc3 python3 python3-config; do \
+ dst="$(echo "$src" | tr -d 3)"; \
+ [ -s "/usr/local/bin/$src" ]; \
+ [ ! -e "/usr/local/bin/$dst" ]; \
+ ln -svT "$src" "/usr/local/bin/$dst"; \
+ done
# if this is called "PIP_VERSION", pip explodes with "ValueError: invalid truth value '<VERSION>'"
-ENV PYTHON_PIP_VERSION 22.0.4
+ENV PYTHON_PIP_VERSION 22.3.1
# https://github.com/docker-library/python/issues/365
-ENV PYTHON_SETUPTOOLS_VERSION 58.1.0
+ENV PYTHON_SETUPTOOLS_VERSION 65.5.1
# https://github.com/pypa/get-pip
-ENV PYTHON_GET_PIP_URL https://github.com/pypa/get-pip/raw/6ce3639da143c5d79b44f94b04080abf2531fd6e/public/get-pip.py
-ENV PYTHON_GET_PIP_SHA256 ba3ab8267d91fd41c58dbce08f76db99f747f716d85ce1865813842bb035524d
+ENV PYTHON_GET_PIP_URL https://github.com/pypa/get-pip/raw/d5cb0afaf23b8520f1bbcfed521017b4a95f5c01/public/get-pip.py
+ENV PYTHON_GET_PIP_SHA256 394be00f13fa1b9aaa47e911bdb59a09c3b2986472130f30aa0bfaf7f3980637
-RUN set -ex; \
+RUN set -eux; \
\
wget -O get-pip.py "$PYTHON_GET_PIP_URL"; \
echo "$PYTHON_GET_PIP_SHA256 *get-pip.py" | sha256sum -c -; \
\
+ export PYTHONDONTWRITEBYTECODE=1; \
+ \
python get-pip.py \
--disable-pip-version-check \
--no-cache-dir \
+ --no-compile \
"pip==$PYTHON_PIP_VERSION" \
"setuptools==$PYTHON_SETUPTOOLS_VERSION" \
; \
- pip --version; \
+ rm -f get-pip.py; \
\
- find /usr/local -depth \
- \( \
- \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \
- -o \
- \( -type f -a \( -name '*.pyc' -o -name '*.pyo' \) \) \
- \) -exec rm -rf '{}' +; \
- rm -f get-pip.py
+ pip --version
CMD ["python3"]
@@ -167,7 +182,7 @@ CMD ["python3"]
# https://github.com/docker-library/python
#################################################
# Integration-specific part
-LABEL maintainer="ONAP Integration team, morgan.richomme@orange.com"
+LABEL maintainer="ONAP Integration team"
LABEL Description="Reference ONAP Python 3 image"
ARG user=onap