Created
July 27, 2022 10:04
-
-
Save ryantam626/eadd075788c77769f6546e95eb45b1e0 to your computer and use it in GitHub Desktop.
Dockerised Python with LTO enabled and `-fno-semantic-interposition` compiler flag
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Python base image with tweaks - Mostly derivied from https://github.com/docker-library/python/blob/218e80410245922ec8e78ca8ca6630c5f47ca445/3.8/bullseye/Dockerfile | |
# Modification are highlighted by comments prefixed by "HACK: " | |
# {{ | |
FROM buildpack-deps:bullseye | |
# ensure local python is preferred over distribution python | |
ENV PATH /usr/local/bin:$PATH | |
# http://bugs.python.org/issue19846 | |
# > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK. | |
ENV LANG C.UTF-8 | |
# runtime dependencies | |
RUN set -eux; \ | |
apt-get update; \ | |
apt-get install -y --no-install-recommends \ | |
libbluetooth-dev \ | |
tk-dev \ | |
uuid-dev \ | |
; \ | |
rm -rf /var/lib/apt/lists/* | |
ENV GPG_KEY E3FF2839C048B25C084DEBE9B26995E310250568 | |
ENV PYTHON_VERSION 3.8.13 | |
RUN set -eux; \ | |
\ | |
wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ | |
wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ | |
GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ | |
# HACK: Put 443 port explicitly so I can build it. | |
gpg --batch --keyserver hkps://keys.openpgp.org:443 --recv-keys "$GPG_KEY"; \ | |
gpg --batch --verify python.tar.xz.asc python.tar.xz; \ | |
command -v gpgconf > /dev/null && gpgconf --kill all || :; \ | |
rm -rf "$GNUPGHOME" python.tar.xz.asc; \ | |
mkdir -p /usr/src/python; \ | |
tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \ | |
rm python.tar.xz; \ | |
\ | |
cd /usr/src/python; \ | |
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ | |
./configure \ | |
--build="$gnuArch" \ | |
--enable-loadable-sqlite-extensions \ | |
--enable-optimizations \ | |
--enable-option-checking=fatal \ | |
--enable-shared \ | |
--with-system-expat \ | |
--without-ensurepip \ | |
# HACK: Enabled LTO as suggested by Python docs. | |
--with-lto \ | |
; \ | |
nproc="$(nproc)"; \ | |
# HACK: Enable no-semantic-interposition flag with next three lines, this is not present in --enable-optimizations before 3.10 | |
CFLAGS="-fno-semantic-interposition" \ | |
CFLAGS_NODIST="-fno-semantic-interposition" \ | |
LDFLAGS_NODIST="-fno-semantic-interposition" \ | |
make -j "$nproc" \ | |
; \ | |
make install; \ | |
\ | |
# enable GDB to load debugging data: https://github.com/docker-library/python/pull/701 | |
bin="$(readlink -ve /usr/local/bin/python3)"; \ | |
dir="$(dirname "$bin")"; \ | |
mkdir -p "/usr/share/gdb/auto-load/$dir"; \ | |
cp -vL Tools/gdb/libpython.py "/usr/share/gdb/auto-load/$bin-gdb.py"; \ | |
\ | |
cd /; \ | |
rm -rf /usr/src/python; \ | |
\ | |
find /usr/local -depth \ | |
\( \ | |
\( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \ | |
-o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \) \) \ | |
-o \( -type f -a -name 'wininst-*.exe' \) \ | |
\) -exec rm -rf '{}' + \ | |
; \ | |
\ | |
ldconfig; \ | |
\ | |
python3 --version | |
# make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) | |
RUN set -eux; \ | |
for src in idle3 pydoc3 python3 python3-config; do \ | |
dst="$(echo "$src" | tr -d 3)"; \ | |
[ -s "/usr/local/bin/$src" ]; \ | |
[ ! -e "/usr/local/bin/$dst" ]; \ | |
ln -svT "$src" "/usr/local/bin/$dst"; \ | |
done | |
# if this is called "PIP_VERSION", pip explodes with "ValueError: invalid truth value '<VERSION>'" | |
ENV PYTHON_PIP_VERSION 22.0.4 | |
# https://github.com/docker-library/python/issues/365 | |
ENV PYTHON_SETUPTOOLS_VERSION 57.5.0 | |
# https://github.com/pypa/get-pip | |
ENV PYTHON_GET_PIP_URL https://github.com/pypa/get-pip/raw/6ce3639da143c5d79b44f94b04080abf2531fd6e/public/get-pip.py | |
ENV PYTHON_GET_PIP_SHA256 ba3ab8267d91fd41c58dbce08f76db99f747f716d85ce1865813842bb035524d | |
RUN set -eux; \ | |
\ | |
wget -O get-pip.py "$PYTHON_GET_PIP_URL"; \ | |
echo "$PYTHON_GET_PIP_SHA256 *get-pip.py" | sha256sum -c -; \ | |
\ | |
export PYTHONDONTWRITEBYTECODE=1; \ | |
\ | |
python get-pip.py \ | |
--disable-pip-version-check \ | |
--no-cache-dir \ | |
--no-compile \ | |
"pip==$PYTHON_PIP_VERSION" \ | |
"setuptools==$PYTHON_SETUPTOOLS_VERSION" \ | |
; \ | |
rm -f get-pip.py; \ | |
\ | |
pip --version | |
# }} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment