From b5ccfd6b07b0b14dc738030c7f33ee242f1724b7 Mon Sep 17 00:00:00 2001 From: Michal Jagiello Date: Fri, 7 Apr 2023 12:15:15 +0000 Subject: Python 3.11.3 base image New base image for ONAP Issue-ID: INT-2214 Signed-off-by: Michal Jagiello Change-Id: I795b2ec33ba7b88e0a7e2e737595236c6f9e4666 --- Dockerfile | 129 ++++++++++++++++++++++++++++++----------------------- README.md | 4 ++ version.properties | 4 +- 3 files changed, 78 insertions(+), 59 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0de2c34..edcbbff 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,7 +26,7 @@ # Those Dockerfiles are generated for each new release. # Below is copy-paste from a generated Dockerfile, # with GPLv3 dependencies removed. -FROM alpine:3.16 +FROM alpine:3.17 # ensure local python is preferred over distribution python ENV PATH /usr/local/bin:$PATH @@ -38,39 +38,27 @@ ENV LANG C.UTF-8 # runtime dependencies RUN set -eux; \ apk add --no-cache \ -# install ca-certificates so that HTTPS works consistently ca-certificates \ -# and tzdata for PEP 615 (https://www.python.org/dev/peps/pep-0615/) tzdata \ ; -# other runtime dependencies for Python are installed later ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D -ENV PYTHON_VERSION 3.10.4 +ENV PYTHON_VERSION 3.11.3 -RUN set -ex \ - && apk add --no-cache --virtual .fetch-deps \ +RUN set -eux; \ + \ + apk add --no-cache --virtual .build-deps \ gnupg \ tar \ xz \ - \ - && wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" \ - && wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY" \ - && gpg --batch --verify python.tar.xz.asc python.tar.xz \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" python.tar.xz.asc \ - && mkdir -p /usr/src/python \ - && tar -xJC /usr/src/python --strip-components=1 -f python.tar.xz \ - && rm python.tar.xz \ - \ - && apk add --no-cache --virtual .build-deps \ + \ bluez-dev \ bzip2-dev \ dpkg-dev dpkg \ expat-dev \ + findutils \ gcc \ + gdbm-dev \ libc-dev \ libffi-dev \ libnsl-dev \ @@ -87,12 +75,22 @@ RUN set -ex \ util-linux-dev \ xz-dev \ zlib-dev \ -# add build deps before removing fetch deps in case there's overlap - && apk del --no-network .fetch-deps \ + ; \ \ - && cd /usr/src/python \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ - && ./configure \ + wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ + gpg --batch --verify python.tar.xz.asc python.tar.xz; \ + command -v gpgconf > /dev/null && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME" python.tar.xz.asc; \ + mkdir -p /usr/src/python; \ + tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \ + rm python.tar.xz; \ + \ + cd /usr/src/python; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + ./configure \ --build="$gnuArch" \ --enable-loadable-sqlite-extensions \ --enable-optimizations \ @@ -100,66 +98,83 @@ RUN set -ex \ --enable-shared \ --with-lto \ --with-system-expat \ - --with-system-ffi \ --without-ensurepip \ - && make -j "$(nproc)" \ + ; \ + nproc="$(nproc)"; \ # set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit() # https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 - EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000" \ - LDFLAGS="-Wl,--strip-all" \ - && make install \ - && rm -rf /usr/src/python \ + EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000"; \ + LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \ + make -j "$nproc" \ + "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ + "LDFLAGS=${LDFLAGS:-}" \ + "PROFILE_TASK=${PROFILE_TASK:-}" \ + ; \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + rm python; \ + make -j "$nproc" \ + "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ + "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ + "PROFILE_TASK=${PROFILE_TASK:-}" \ + python \ + ; \ + make install; \ + \ + cd /; \ + rm -rf /usr/src/python; \ \ - && find /usr/local -depth \ + find /usr/local -depth \ \( \ \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \ - -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name '*.a' \) \) \ + -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \) \) \ \) -exec rm -rf '{}' + \ + ; \ \ - && find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \ + find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - | xargs -rt apk add --no-cache --virtual .python-rundeps \ - && apk del --no-network .build-deps \ + | xargs -rt apk add --no-network --virtual .python-rundeps \ + ; \ + apk del --no-network .build-deps; \ \ - && python3 --version + python3 --version -# make some useful symlinks that are expected to exist -RUN cd /usr/local/bin \ - && ln -s idle3 idle \ - && ln -s pydoc3 pydoc \ - && ln -s python3 python \ - && ln -s python3-config python-config +# make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) +RUN set -eux; \ + for src in idle3 pydoc3 python3 python3-config; do \ + dst="$(echo "$src" | tr -d 3)"; \ + [ -s "/usr/local/bin/$src" ]; \ + [ ! -e "/usr/local/bin/$dst" ]; \ + ln -svT "$src" "/usr/local/bin/$dst"; \ + done # if this is called "PIP_VERSION", pip explodes with "ValueError: invalid truth value ''" -ENV PYTHON_PIP_VERSION 22.0.4 +ENV PYTHON_PIP_VERSION 22.3.1 # https://github.com/docker-library/python/issues/365 -ENV PYTHON_SETUPTOOLS_VERSION 58.1.0 +ENV PYTHON_SETUPTOOLS_VERSION 65.5.1 # https://github.com/pypa/get-pip -ENV PYTHON_GET_PIP_URL https://github.com/pypa/get-pip/raw/6ce3639da143c5d79b44f94b04080abf2531fd6e/public/get-pip.py -ENV PYTHON_GET_PIP_SHA256 ba3ab8267d91fd41c58dbce08f76db99f747f716d85ce1865813842bb035524d +ENV PYTHON_GET_PIP_URL https://github.com/pypa/get-pip/raw/d5cb0afaf23b8520f1bbcfed521017b4a95f5c01/public/get-pip.py +ENV PYTHON_GET_PIP_SHA256 394be00f13fa1b9aaa47e911bdb59a09c3b2986472130f30aa0bfaf7f3980637 -RUN set -ex; \ +RUN set -eux; \ \ wget -O get-pip.py "$PYTHON_GET_PIP_URL"; \ echo "$PYTHON_GET_PIP_SHA256 *get-pip.py" | sha256sum -c -; \ \ + export PYTHONDONTWRITEBYTECODE=1; \ + \ python get-pip.py \ --disable-pip-version-check \ --no-cache-dir \ + --no-compile \ "pip==$PYTHON_PIP_VERSION" \ "setuptools==$PYTHON_SETUPTOOLS_VERSION" \ ; \ - pip --version; \ + rm -f get-pip.py; \ \ - find /usr/local -depth \ - \( \ - \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \ - -o \ - \( -type f -a \( -name '*.pyc' -o -name '*.pyo' \) \) \ - \) -exec rm -rf '{}' +; \ - rm -f get-pip.py + pip --version CMD ["python3"] @@ -167,7 +182,7 @@ CMD ["python3"] # https://github.com/docker-library/python ################################################# # Integration-specific part -LABEL maintainer="ONAP Integration team, morgan.richomme@orange.com" +LABEL maintainer="ONAP Integration team" LABEL Description="Reference ONAP Python 3 image" ARG user=onap diff --git a/README.md b/README.md index 0857bb2..fea4856 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,10 @@ It includes: ## History +### 12.0.0 + +Use Python 3.11.3 and alpine 3.17 + ### 9.1.0 Build the docker from scratch to remove python GPLv3 library. diff --git a/version.properties b/version.properties index ee41b9b..be7a4a9 100644 --- a/version.properties +++ b/version.properties @@ -3,8 +3,8 @@ # Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... ) # because they are used in Jenkins, whose plug-in doesn't support -major_version=10 -minor_version=1 +major_version=12 +minor_version=0 patch_version=0 base_version=${major_version}.${minor_version}.${patch_version} -- cgit 1.2.3-korg