Skip to content

Commit

Permalink
Add image for musllinux_1_1 policy
Browse files Browse the repository at this point in the history
The image is based on Alpine Linux 3.12.
  • Loading branch information
lkollar authored and mayeut committed Sep 18, 2021
1 parent c1afc21 commit 2987e8d
Show file tree
Hide file tree
Showing 15 changed files with 117 additions and 36 deletions.
4 changes: 4 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,10 @@ jobs:
platform: "i686"
- policy: "manylinux_2_24"
platform: "x86_64"
- policy: "musllinux_1_1"
platform: "x86_64"
- policy: "musllinux_1_1"
platform: "i686"

env:
POLICY: ${{ matrix.policy }}
Expand Down
8 changes: 8 additions & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,14 @@ jobs:
env: POLICY="manylinux_2_24" PLATFORM="s390x"
- arch: ppc64le
env: POLICY="manylinux_2_24" PLATFORM="ppc64le" MANYLINUX_BUILD_FRONTEND="buildkit"
- arch: arm64-graviton2
virt: vm
group: edge
env: POLICY="musllinux_1_1" PLATFORM="aarch64"
- arch: s390x
env: POLICY="musllinux_1_1" PLATFORM="s390x"
- arch: ppc64le
env: POLICY="musllinux_1_1" PLATFORM="ppc64le" MANYLINUX_BUILD_FRONTEND="buildkit"

before_install:
- if [ -d "${HOME}/buildx-cache/.buildx-cache-${POLICY}_${PLATFORM}" ]; then cp -rlf ${HOME}/buildx-cache/.buildx-cache-${POLICY}_${PLATFORM} ./; fi
Expand Down
5 changes: 5 additions & 0 deletions build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,11 @@ elif [ "${POLICY}" == "manylinux_2_24" ]; then
DEVTOOLSET_ROOTPATH=
PREPEND_PATH=
LD_LIBRARY_PATH_ARG=
elif [ "${POLICY}" == "musllinux_1_1" ]; then
BASEIMAGE="${MULTIARCH_PREFIX}alpine:3.12"
DEVTOOLSET_ROOTPATH=
PREPEND_PATH=
LD_LIBRARY_PATH_ARG=
else
echo "Unsupported policy: '${POLICY}'"
exit 1
Expand Down
14 changes: 10 additions & 4 deletions docker/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,19 @@ ENV PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
COPY build_scripts/fixup-mirrors.sh /usr/local/sbin/fixup-mirrors

# setup entrypoint, this will wrap commands with `linux32` with i686 images
COPY build_scripts/install-entrypoint.sh build_scripts/update-system-packages.sh /build_scripts/
RUN bash /build_scripts/install-entrypoint.sh && rm -rf /build_scripts
COPY build_scripts/install-entrypoint.sh \
build_scripts/update-system-packages.sh \
build_scripts/build_utils.sh \
/build_scripts/

RUN /build_scripts/install-entrypoint.sh && rm -rf /build_scripts
COPY manylinux-entrypoint /usr/local/bin/manylinux-entrypoint
ENTRYPOINT ["manylinux-entrypoint"]

COPY build_scripts/install-runtime-packages.sh build_scripts/update-system-packages.sh /build_scripts/
COPY build_scripts/install-runtime-packages.sh \
build_scripts/update-system-packages.sh \
build_scripts/build_utils.sh \
/build_scripts/
RUN manylinux-entrypoint /build_scripts/install-runtime-packages.sh && rm -rf /build_scripts/

COPY build_scripts/build_utils.sh /build_scripts/
Expand Down Expand Up @@ -68,7 +75,6 @@ RUN export LIBXCRYPT_VERSION=4.4.26 && \
export PERL_DOWNLOAD_URL=https://www.cpan.org/src/5.0 && \
manylinux-entrypoint /build_scripts/install-libxcrypt.sh


FROM runtime_base AS build_base
COPY build_scripts/install-build-packages.sh /build_scripts/
RUN manylinux-entrypoint /build_scripts/install-build-packages.sh
Expand Down
4 changes: 4 additions & 0 deletions docker/build_scripts/build-git.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ set -exuo pipefail
# Get script directory
MY_DIR=$(dirname "${BASH_SOURCE[0]}")

if [ "${POLICY}" == "musllinux_1_1" ]; then
export NO_REGEX=NeedsStartEnd
fi

# Get build utilities
source $MY_DIR/build_utils.sh

Expand Down
2 changes: 2 additions & 0 deletions docker/build_scripts/build-openssl.sh
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ fi

if which yum; then
yum erase -y openssl-devel
elif which apk; then
apk del openssl-dev
else
apt-get remove -y libssl-dev
fi
Expand Down
2 changes: 1 addition & 1 deletion docker/build_scripts/build-sqlite3.sh
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ strip_ /manylinux-rootfs

# Install
cp -rlf /manylinux-rootfs/* /
ldconfig
ldconfig /

# Clean-up for runtime
rm -rf /manylinux-rootfs/usr/local/share
4 changes: 4 additions & 0 deletions docker/build_scripts/build_utils.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,10 @@ MANYLINUX_CFLAGS="-g -O2 -Wall -fdebug-prefix-map=/=. -fstack-protector-strong -
MANYLINUX_CXXFLAGS="-g -O2 -Wall -fdebug-prefix-map=/=. -fstack-protector-strong -Wformat -Werror=format-security"
MANYLINUX_LDFLAGS="-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now"

export BASE_POLICY=manylinux
if [ "${POLICY:0:9}" == "musllinux" ]; then
export BASE_POLICY=musllinux
fi

function check_var {
if [ -z "$1" ]; then
Expand Down
5 changes: 5 additions & 0 deletions docker/build_scripts/install-build-packages.sh
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@ if [ "${AUDITWHEEL_POLICY}" == "manylinux2010" ] || [ "${AUDITWHEEL_POLICY}" ==
elif [ "${AUDITWHEEL_POLICY}" == "manylinux_2_24" ]; then
PACKAGE_MANAGER=apt
COMPILE_DEPS="libz-dev libbz2-dev libexpat1-dev libncurses5-dev libreadline-dev tk-dev libgdbm-dev libdb-dev libpcap-dev liblzma-dev openssl libssl-dev libkeyutils-dev libkrb5-dev comerr-dev libidn2-0-dev libcurl4-openssl-dev uuid-dev libffi-dev linux-kernel-headers"
elif [ "${AUDITWHEEL_POLICY}" == "musllinux_1_1" ]; then
PACKAGE_MANAGER=apk
COMPILE_DEPS="zlib-dev bzip2-dev expat-dev ncurses-dev readline-dev tk-dev gdbm-dev libpcap-dev xz-dev openssl openssl-dev keyutils-dev krb5-dev libcom_err libidn-dev curl-dev util-linux-dev libffi-dev linux-headers"
else
echo "Unsupported policy: '${AUDITWHEEL_POLICY}'"
exit 1
Expand All @@ -35,6 +38,8 @@ elif [ "${PACKAGE_MANAGER}" == "apt" ]; then
apt-get install -qq -y --no-install-recommends ${COMPILE_DEPS}
apt-get clean -qq
rm -rf /var/lib/apt/lists/*
elif [ "${PACKAGE_MANAGER}" == "apk" ]; then
apk add --no-cache ${COMPILE_DEPS}
else
echo "Not implemented"
exit 1
Expand Down
17 changes: 11 additions & 6 deletions docker/build_scripts/install-entrypoint.sh
Original file line number Diff line number Diff line change
@@ -1,15 +1,16 @@
#!/bin/bash
#!/bin/sh
# Install entrypoint:
# make sure yum is configured correctly and linux32 is available on i686
# - make sure yum is configured correctly and linux32 is available on i686
# - install bash on Alpine as most scripts require it

# Stop at any error, show all commands
set -exuo pipefail
set -exu

# Set build environment variables
MY_DIR=$(dirname "${BASH_SOURCE[0]}")
MY_DIR=$(dirname "$0")


if [ "${AUDITWHEEL_PLAT}" == "manylinux2010_i686" ] || [ "${AUDITWHEEL_PLAT}" == "manylinux2014_i686" ]; then
if [ "${AUDITWHEEL_PLAT}" = "manylinux2010_i686" ] || [ "${AUDITWHEEL_PLAT}" = "manylinux2014_i686" ]; then
echo "i386" > /etc/yum/vars/basearch
fixup-mirrors
yum -y update
Expand All @@ -19,5 +20,9 @@ if [ "${AUDITWHEEL_PLAT}" == "manylinux2010_i686" ] || [ "${AUDITWHEEL_PLAT}" ==
# the following script takes care of cleaning-up some things
# and since it's also needed in the finalize step, everything's
# centralized in this script to avoid code duplication
LC_ALL=C ${MY_DIR}/update-system-packages.sh
LC_ALL=C "${MY_DIR}/update-system-packages.sh"
fi

if [ "${AUDITWHEEL_POLICY}" = "musllinux_1_1" ]; then
apk add --no-cache bash
fi
35 changes: 21 additions & 14 deletions docker/build_scripts/install-libxcrypt.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,11 @@ MY_DIR=$(dirname "${BASH_SOURCE[0]}")
# Get build utilities
source $MY_DIR/build_utils.sh

if [ "$BASE_POLICY" == "musllinux" ]; then
echo "Skip libxcrypt installation on musllinux"
exit
fi

# We need perl 5.14+
if ! perl -e 'use 5.14.0' &> /dev/null; then
check_var ${PERL_ROOT}
Expand Down Expand Up @@ -38,21 +43,22 @@ check_sha256sum "v${LIBXCRYPT_VERSION}.tar.gz" "${LIBXCRYPT_HASH}"
tar xfz "v${LIBXCRYPT_VERSION}.tar.gz"
pushd "libxcrypt-${LIBXCRYPT_VERSION}"
./autogen.sh > /dev/null

DESTDIR=/manylinux-rootfs do_standard_install \
--disable-obsolete-api \
--enable-hashes=all \
--disable-werror
# we also need libcrypt.so.1 with glibc compatibility for system libraries
# c.f https://github.com/pypa/manylinux/issues/305#issuecomment-625902928
make clean > /dev/null
sed -r -i 's/XCRYPT_([0-9.])+/-/g;s/(%chain OW_CRYPT_1.0).*/\1/g' lib/libcrypt.map.in
DESTDIR=/manylinux-rootfs/so.1 do_standard_install \
--disable-xcrypt-compat-files \
--enable-obsolete-api=glibc \
--enable-hashes=all \
--disable-werror
cp -P /manylinux-rootfs/so.1/usr/local/lib/libcrypt.so.1* /manylinux-rootfs/usr/local/lib/
rm -rf /manylinux-rootfs/so.1
--disable-obsolete-api \
--enable-hashes=all \
--disable-werror
# we also need libcrypt.so.1 with glibc compatibility for system libraries
# c.f https://github.com/pypa/manylinux/issues/305#issuecomment-625902928
make clean > /dev/null
sed -r -i 's/XCRYPT_([0-9.])+/-/g;s/(%chain OW_CRYPT_1.0).*/\1/g' lib/libcrypt.map.in
DESTDIR=/manylinux-rootfs/so.1 do_standard_install \
--disable-xcrypt-compat-files \
--enable-obsolete-api=glibc \
--enable-hashes=all \
--disable-werror
cp -P /manylinux-rootfs/so.1/usr/local/lib/libcrypt.so.1* /manylinux-rootfs/usr/local/lib/
rm -rf /manylinux-rootfs/so.1
popd
rm -rf "v${LIBXCRYPT_VERSION}.tar.gz" "libxcrypt-${LIBXCRYPT_VERSION}"

Expand All @@ -74,3 +80,4 @@ ldconfig
if [ -d /tmp/perl-libxcrypt ]; then
rm -rf /tmp/perl-libxcrypt
fi

4 changes: 4 additions & 0 deletions docker/build_scripts/install-pypy.sh
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ MY_DIR=$(dirname "${BASH_SOURCE[0]}")
# Get build utilities
source $MY_DIR/build_utils.sh

if [ "${BASE_POLICY}" == "musllinux" ]; then
echo "Skip PyPy build on musllinux"
exit
fi

PYTHON_VERSION=$1
PYPY_VERSION=$2
Expand Down
36 changes: 26 additions & 10 deletions docker/build_scripts/install-runtime-packages.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ set -exuo pipefail
# Set build environment variables
MY_DIR=$(dirname "${BASH_SOURCE[0]}")

# Get build utilities
source $MY_DIR/build_utils.sh

# Libraries that are allowed as part of the manylinux2014 profile
# Extract from PEP: https://www.python.org/dev/peps/pep-0599/#the-manylinux2014-policy
# On RPM-based systems, they are provided by these packages:
Expand All @@ -28,6 +31,8 @@ if [ "${AUDITWHEEL_POLICY}" == "manylinux2010" ] || [ "${AUDITWHEEL_POLICY}" ==
MANYLINUX_DEPS="glibc-devel libstdc++-devel glib2-devel libX11-devel libXext-devel libXrender-devel mesa-libGL-devel libICE-devel libSM-devel"
elif [ "${AUDITWHEEL_POLICY}" == "manylinux_2_24" ]; then
MANYLINUX_DEPS="libc6-dev libstdc++-6-dev libglib2.0-dev libx11-dev libxext-dev libxrender-dev libgl1-mesa-dev libice-dev libsm-dev"
elif [ "${AUDITWHEEL_POLICY}" == "musllinux_1_1" ]; then
MANYLINUX_DEPS="musl-dev libstdc++ glib-dev libx11-dev libxext-dev libxrender-dev mesa-dev libice-dev libsm-dev"
else
echo "Unsupported policy: '${AUDITWHEEL_POLICY}'"
exit 1
Expand All @@ -43,15 +48,17 @@ if [ "${AUDITWHEEL_POLICY}" == "manylinux2010" ] || [ "${AUDITWHEEL_POLICY}" ==
fi
elif [ "${AUDITWHEEL_POLICY}" == "manylinux_2_24" ]; then
RUNTIME_DEPS="zlib1g libbz2-1.0 libexpat1 libncurses5 libreadline7 tk libgdbm3 libdb5.3 libpcap0.8 liblzma5 libssl1.1 libkeyutils1 libkrb5-3 libcomerr2 libidn2-0 libcurl3 uuid libffi6"
elif [ "${AUDITWHEEL_POLICY}" == "musllinux_1_1" ]; then
RUNTIME_DEPS="zlib bzip2 expat ncurses5-libs readline tk gdbm db xz openssl keyutils-libs krb5-libs libcom_err libidn2 libcurl libuuid libffi"
else
echo "Unsupported policy: '${AUDITWHEEL_POLICY}'"
exit 1
fi

BASETOOLS="autoconf automake bison bzip2 diffutils file hardlink make patch unzip"
BASETOOLS="autoconf automake bison bzip2 diffutils file make patch unzip"
if [ "${AUDITWHEEL_POLICY}" == "manylinux2010" ]; then
PACKAGE_MANAGER=yum
BASETOOLS="${BASETOOLS} which"
BASETOOLS="${BASETOOLS} hardlink which"
# See https://unix.stackexchange.com/questions/41784/can-yum-express-a-preference-for-x86-64-over-i386-packages
echo "multilib_policy=best" >> /etc/yum.conf
fixup-mirrors
Expand All @@ -72,7 +79,7 @@ if [ "${AUDITWHEEL_POLICY}" == "manylinux2010" ]; then
fi
elif [ "${AUDITWHEEL_POLICY}" == "manylinux2014" ]; then
PACKAGE_MANAGER=yum
BASETOOLS="${BASETOOLS} hostname which"
BASETOOLS="${BASETOOLS} hardlink hostname which"
# See https://unix.stackexchange.com/questions/41784/can-yum-express-a-preference-for-x86-64-over-i386-packages
echo "multilib_policy=best" >> /etc/yum.conf
# Error out if requested packages do not exist
Expand Down Expand Up @@ -101,13 +108,18 @@ elif [ "${AUDITWHEEL_POLICY}" == "manylinux2014" ]; then
fi
elif [ "${AUDITWHEEL_POLICY}" == "manylinux_2_24" ]; then
PACKAGE_MANAGER=apt
BASETOOLS="${BASETOOLS} hostname"
BASETOOLS="${BASETOOLS} hardlink hostname"
export DEBIAN_FRONTEND=noninteractive
sed -i 's/none/en_US/g' /etc/apt/apt.conf.d/docker-no-languages
apt-get update -qq
apt-get upgrade -qq -y
apt-get install -qq -y --no-install-recommends ca-certificates gpg curl locales
TOOLCHAIN_DEPS="binutils gcc g++ gfortran"
elif [ "${AUDITWHEEL_POLICY}" == "musllinux_1_1" ]; then
TOOLCHAIN_DEPS="binutils gcc g++ gfortran"
BASETOOLS="${BASETOOLS} curl util-linux"
PACKAGE_MANAGER=apk
apk add --no-cache ca-certificates gnupg
else
echo "Unsupported policy: '${AUDITWHEEL_POLICY}'"
exit 1
Expand All @@ -117,6 +129,8 @@ if [ "${PACKAGE_MANAGER}" == "yum" ]; then
yum -y install ${BASETOOLS} ${TOOLCHAIN_DEPS} ${MANYLINUX_DEPS} ${RUNTIME_DEPS}
elif [ "${PACKAGE_MANAGER}" == "apt" ]; then
apt-get install -qq -y --no-install-recommends ${BASETOOLS} ${TOOLCHAIN_DEPS} ${MANYLINUX_DEPS} ${RUNTIME_DEPS}
elif [ "${PACKAGE_MANAGER}" == "apk" ]; then
apk add --no-cache ${BASETOOLS} ${TOOLCHAIN_DEPS} ${MANYLINUX_DEPS} ${RUNTIME_DEPS}
else
echo "Not implemented"
exit 1
Expand All @@ -128,9 +142,11 @@ fi
# centralized in this script to avoid code duplication
LC_ALL=C ${MY_DIR}/update-system-packages.sh

# we'll be removing libcrypt.so.1 later on
# this is needed to ensure the new one will be found
# as LD_LIBRARY_PATH does not seem enough.
# c.f. https://github.com/pypa/manylinux/issues/1022
echo "/usr/local/lib" > /etc/ld.so.conf.d/00-manylinux.conf
ldconfig
if [ "${BASE_POLICY}" == "manylinux" ]; then
# we'll be removing libcrypt.so.1 later on
# this is needed to ensure the new one will be found
# as LD_LIBRARY_PATH does not seem enough.
# c.f. https://github.com/pypa/manylinux/issues/1022
echo "/usr/local/lib" > /etc/ld.so.conf.d/00-manylinux.conf
ldconfig
fi
9 changes: 8 additions & 1 deletion docker/build_scripts/update-system-packages.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@
# Stop at any error, show all commands
set -exuo pipefail

# Get script directory
MY_DIR=$(dirname "${BASH_SOURCE[0]}")

# Get build utilities
source $MY_DIR/build_utils.sh

fixup-mirrors
if [ "${AUDITWHEEL_POLICY}" == "manylinux2010" ] || [ "${AUDITWHEEL_POLICY}" == "manylinux2014" ]; then
Expand All @@ -21,6 +26,8 @@ elif [ "${AUDITWHEEL_POLICY}" == "manylinux_2_24" ]; then
apt-get upgrade -qq -y
apt-get clean -qq
rm -rf /var/lib/apt/lists/*
elif [ "${AUDITWHEEL_POLICY}" == "musllinux_1_1" ]; then
apk upgrade --no-cache
else
echo "Unsupported policy: '${AUDITWHEEL_POLICY}'"
exit 1
Expand All @@ -30,7 +37,7 @@ fixup-mirrors
# do we want to update locales ?
LOCALE_ARCHIVE=/usr/lib/locale/locale-archive
TIMESTAMP_FILE=${LOCALE_ARCHIVE}.ml.timestamp
if [ ! -f ${TIMESTAMP_FILE} ] || [ ${LOCALE_ARCHIVE} -nt ${TIMESTAMP_FILE} ]; then
if [ ! -f ${TIMESTAMP_FILE} ] || [ ${LOCALE_ARCHIVE} -nt ${TIMESTAMP_FILE} ] && [ "${BASE_POLICY}" != "musllinux" ]; then
# upgrading glibc-common can end with removal on en_US.UTF-8 locale
localedef -i en_US -f UTF-8 en_US.UTF-8

Expand Down
4 changes: 4 additions & 0 deletions tests/run_tests.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ elif [ "${AUDITWHEEL_POLICY}" == "manylinux_2_24" ]; then
export DEBIAN_FRONTEND=noninteractive
PACKAGE_MANAGER=apt
apt-get update -qq
elif [ "${AUDITWHEEL_POLICY}" == "musllinux_1_1" ]; then
PACKAGE_MANAGER=apk
else
echo "Unsupported policy: '${AUDITWHEEL_POLICY}'"
exit 1
Expand Down Expand Up @@ -61,6 +63,8 @@ if [ "${PACKAGE_MANAGER}" == "yum" ]; then
yum -y install openssh-clients
elif [ "${PACKAGE_MANAGER}" == "apt" ]; then
apt-get install -qq -y --no-install-recommends openssh-client
elif [ "${PACKAGE_MANAGER}" == "apk" ]; then
apk add --no-cache openssh-client
else
echo "Unsupported package manager: '${PACKAGE_MANAGER}'"
exit 1
Expand Down

0 comments on commit 2987e8d

Please sign in to comment.