diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template new file mode 100644 index 0000000..22a7bae --- /dev/null +++ b/Dockerfile-alpine.template @@ -0,0 +1,98 @@ +FROM alpine:3.4 + +# ensure local python is preferred over distribution python +ENV PATH /usr/local/bin:$PATH + +# http://bugs.python.org/issue19846 +# > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK. +ENV LANG C.UTF-8 + +# install ca-certificates so that HTTPS works consistently +# the other runtime dependencies for Python are installed later +RUN apk add --no-cache ca-certificates + +ENV GPG_KEY %%PLACEHOLDER%% +ENV PYTHON_VERSION %%PLACEHOLDER%% + +# if this is called "PIP_VERSION", pip explodes with "ValueError: invalid truth value ''" +ENV PYTHON_PIP_VERSION %%PLACEHOLDER%% + +RUN set -ex \ + && apk add --no-cache --virtual .fetch-deps \ + gnupg \ + openssl \ + tar \ + xz \ + \ + && wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" \ + && wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + && gpg --batch --verify python.tar.xz.asc python.tar.xz \ + && rm -r "$GNUPGHOME" python.tar.xz.asc \ + && mkdir -p /usr/src/python \ + && tar -xJC /usr/src/python --strip-components=1 -f python.tar.xz \ + && rm python.tar.xz \ + \ + && apk add --no-cache --virtual .build-deps \ + bzip2-dev \ + gcc \ + libc-dev \ + linux-headers \ + make \ + ncurses-dev \ + openssl \ + openssl-dev \ + pax-utils \ + readline-dev \ + sqlite-dev \ + tcl-dev \ + tk \ + tk-dev \ + xz-dev \ + zlib-dev \ +# add build deps before removing fetch deps in case there's overlap + && apk del .fetch-deps \ + \ + && cd /usr/src/python \ + && ./configure \ + --enable-loadable-sqlite-extensions \ + --enable-shared \ + && make -j$(getconf _NPROCESSORS_ONLN) \ + && make install \ + \ +# explicit path to "pip3" to ensure distribution-provided "pip3" cannot interfere + && if [ ! -e /usr/local/bin/pip3 ]; then : \ + && wget -O /tmp/get-pip.py 'https://bootstrap.pypa.io/get-pip.py' \ + && python3 /tmp/get-pip.py "pip==$PYTHON_PIP_VERSION" \ + && rm /tmp/get-pip.py \ + ; fi \ + && pip3 install --no-cache-dir --upgrade "pip==$PYTHON_PIP_VERSION" \ + && [ "$(pip list |tac|tac| awk -F '[ ()]+' '$1 == "pip" { print $2; exit }')" = "$PYTHON_PIP_VERSION" ] \ + \ + && find /usr/local -depth \ + \( \ + \( -type d -a -name test -o -name tests \) \ + -o \ + \( -type f -a -name '*.pyc' -o -name '*.pyo' \) \ + \) -exec rm -rf '{}' + \ + && runDeps="$( \ + scanelf --needed --nobanner --recursive /usr/local \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --virtual .python-rundeps $runDeps \ + && apk del .build-deps \ + && rm -rf /usr/src/python ~/.cache + +# make some useful symlinks that are expected to exist +RUN cd /usr/local/bin \ + && { [ -e easy_install ] || ln -s easy_install-* easy_install; } \ + && ln -s idle3 idle \ + && ln -s pydoc3 pydoc \ + && ln -s python3 python \ + && ln -s python3-config python-config + +CMD ["python3"] diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template new file mode 100644 index 0000000..f9df74b --- /dev/null +++ b/Dockerfile-debian.template @@ -0,0 +1,73 @@ +FROM buildpack-deps:jessie + +# ensure local python is preferred over distribution python +ENV PATH /usr/local/bin:$PATH + +# http://bugs.python.org/issue19846 +# > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK. +ENV LANG C.UTF-8 + +# runtime dependencies +RUN apt-get update && apt-get install -y --no-install-recommends \ + tcl \ + tk \ + && rm -rf /var/lib/apt/lists/* + +ENV GPG_KEY %%PLACEHOLDER%% +ENV PYTHON_VERSION %%PLACEHOLDER%% + +# if this is called "PIP_VERSION", pip explodes with "ValueError: invalid truth value ''" +ENV PYTHON_PIP_VERSION %%PLACEHOLDER%% + +RUN set -ex \ + && buildDeps=' \ + tcl-dev \ + tk-dev \ + ' \ + && apt-get update && apt-get install -y $buildDeps --no-install-recommends && rm -rf /var/lib/apt/lists/* \ + \ + && wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" \ + && wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + && gpg --batch --verify python.tar.xz.asc python.tar.xz \ + && rm -r "$GNUPGHOME" python.tar.xz.asc \ + && mkdir -p /usr/src/python \ + && tar -xJC /usr/src/python --strip-components=1 -f python.tar.xz \ + && rm python.tar.xz \ + \ + && cd /usr/src/python \ + && ./configure \ + --enable-loadable-sqlite-extensions \ + --enable-shared \ + && make -j$(nproc) \ + && make install \ + && ldconfig \ + \ +# explicit path to "pip3" to ensure distribution-provided "pip3" cannot interfere + && if [ ! -e /usr/local/bin/pip3 ]; then : \ + && wget -O /tmp/get-pip.py 'https://bootstrap.pypa.io/get-pip.py' \ + && python3 /tmp/get-pip.py "pip==$PYTHON_PIP_VERSION" \ + && rm /tmp/get-pip.py \ + ; fi \ + && pip3 install --no-cache-dir --upgrade "pip==$PYTHON_PIP_VERSION" \ + && [ "$(pip list |tac|tac| awk -F '[ ()]+' '$1 == "pip" { print $2; exit }')" = "$PYTHON_PIP_VERSION" ] \ + \ + && find /usr/local -depth \ + \( \ + \( -type d -a -name test -o -name tests \) \ + -o \ + \( -type f -a -name '*.pyc' -o -name '*.pyo' \) \ + \) -exec rm -rf '{}' + \ + && apt-get purge -y --auto-remove $buildDeps \ + && rm -rf /usr/src/python ~/.cache + +# make some useful symlinks that are expected to exist +RUN cd /usr/local/bin \ + && { [ -e easy_install ] || ln -s easy_install-* easy_install; } \ + && ln -s idle3 idle \ + && ln -s pydoc3 pydoc \ + && ln -s python3 python \ + && ln -s python3-config python-config + +CMD ["python3"] diff --git a/Dockerfile-onbuild.template b/Dockerfile-onbuild.template new file mode 100644 index 0000000..2950ec1 --- /dev/null +++ b/Dockerfile-onbuild.template @@ -0,0 +1,9 @@ +FROM python:%%PLACEHOLDER%% + +RUN mkdir -p /usr/src/app +WORKDIR /usr/src/app + +ONBUILD COPY requirements.txt /usr/src/app/ +ONBUILD RUN pip install --no-cache-dir -r requirements.txt + +ONBUILD COPY . /usr/src/app diff --git a/Dockerfile-slim.template b/Dockerfile-slim.template new file mode 100644 index 0000000..c0ac725 --- /dev/null +++ b/Dockerfile-slim.template @@ -0,0 +1,86 @@ +FROM debian:jessie + +# ensure local python is preferred over distribution python +ENV PATH /usr/local/bin:$PATH + +# http://bugs.python.org/issue19846 +# > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK. +ENV LANG C.UTF-8 + +# runtime dependencies +RUN apt-get update && apt-get install -y --no-install-recommends \ + ca-certificates \ + libsqlite3-0 \ + libssl1.0.0 \ + && rm -rf /var/lib/apt/lists/* + +ENV GPG_KEY %%PLACEHOLDER%% +ENV PYTHON_VERSION %%PLACEHOLDER%% + +# if this is called "PIP_VERSION", pip explodes with "ValueError: invalid truth value ''" +ENV PYTHON_PIP_VERSION %%PLACEHOLDER%% + +RUN set -ex \ + && buildDeps=' \ + gcc \ + libbz2-dev \ + libc6-dev \ + liblzma-dev \ + libncurses-dev \ + libreadline-dev \ + libsqlite3-dev \ + libssl-dev \ + make \ + tcl-dev \ + tk-dev \ + wget \ + xz-utils \ + zlib1g-dev \ + ' \ + && apt-get update && apt-get install -y $buildDeps --no-install-recommends && rm -rf /var/lib/apt/lists/* \ + \ + && wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" \ + && wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + && gpg --batch --verify python.tar.xz.asc python.tar.xz \ + && rm -r "$GNUPGHOME" python.tar.xz.asc \ + && mkdir -p /usr/src/python \ + && tar -xJC /usr/src/python --strip-components=1 -f python.tar.xz \ + && rm python.tar.xz \ + \ + && cd /usr/src/python \ + && ./configure \ + --enable-loadable-sqlite-extensions \ + --enable-shared \ + && make -j$(nproc) \ + && make install \ + && ldconfig \ + \ +# explicit path to "pip3" to ensure distribution-provided "pip3" cannot interfere + && if [ ! -e /usr/local/bin/pip3 ]; then : \ + && wget -O /tmp/get-pip.py 'https://bootstrap.pypa.io/get-pip.py' \ + && python3 /tmp/get-pip.py "pip==$PYTHON_PIP_VERSION" \ + && rm /tmp/get-pip.py \ + ; fi \ + && pip3 install --no-cache-dir --upgrade "pip==$PYTHON_PIP_VERSION" \ + && [ "$(pip list |tac|tac| awk -F '[ ()]+' '$1 == "pip" { print $2; exit }')" = "$PYTHON_PIP_VERSION" ] \ + \ + && find /usr/local -depth \ + \( \ + \( -type d -a -name test -o -name tests \) \ + -o \ + \( -type f -a -name '*.pyc' -o -name '*.pyo' \) \ + \) -exec rm -rf '{}' + \ + && apt-get purge -y --auto-remove $buildDeps \ + && rm -rf /usr/src/python ~/.cache + +# make some useful symlinks that are expected to exist +RUN cd /usr/local/bin \ + && { [ -e easy_install ] || ln -s easy_install-* easy_install; } \ + && ln -s idle3 idle \ + && ln -s pydoc3 pydoc \ + && ln -s python3 python \ + && ln -s python3-config python-config + +CMD ["python3"] diff --git a/update.sh b/update.sh index 937bf37..3a363a6 100755 --- a/update.sh +++ b/update.sh @@ -1,6 +1,28 @@ #!/bin/bash set -e +declare -A gpgKeys=( + # gpg: key 18ADD4FF: public key "Benjamin Peterson " imported + [2.7]='C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF' + # https://www.python.org/dev/peps/pep-0373/#release-manager-and-crew + + # gpg: key 36580288: public key "Georg Brandl (Python release signing key) " imported + [3.3]='26DEA9D4613391EF3E25C9FF0A5B101836580288' + # https://www.python.org/dev/peps/pep-0398/#release-manager-and-crew + + # gpg: key F73C700D: public key "Larry Hastings " imported + [3.4]='97FC712E4C024BBEA48A61ED3A5CA953F73C700D' + # https://www.python.org/dev/peps/pep-0429/#release-manager-and-crew + + # gpg: key F73C700D: public key "Larry Hastings " imported + [3.5]='97FC712E4C024BBEA48A61ED3A5CA953F73C700D' + # https://www.python.org/dev/peps/pep-0478/#release-manager-and-crew + + # gpg: key AA65421D: public key "Ned Deily (Python release signing key) " imported + [3.6]='0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D' + # https://www.python.org/dev/peps/pep-0494/#release-manager-and-crew +) + cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" versions=( "$@" ) @@ -11,6 +33,17 @@ versions=( "${versions[@]%/}" ) pipVersion="$(curl -fsSL 'https://pypi.python.org/pypi/pip/json' | awk -F '"' '$2 == "version" { print $4 }')" +generated_warning() { + cat <<-EOH + # + # NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" + # + # PLEASE DO NOT EDIT IT DIRECTLY. + # + + EOH +} + travisEnv= for version in "${versions[@]}"; do # Python 2.7.8 @@ -26,13 +59,34 @@ for version in "${versions[@]}"; do echo } >&2 else + if [[ "$version" != 2.* ]]; then + for variant in \ + debian \ + alpine \ + slim \ + onbuild \ + ; do + if [ "$variant" = 'debian' ]; then + dir="$version" + else + dir="$version/$variant" + fi + template="Dockerfile-$variant.template" + { generated_warning; cat "$template"; } > "$dir/Dockerfile" + done + if [ -d "$version/wheezy" ]; then + cp "$version/Dockerfile" "$version/wheezy/Dockerfile" + sed -ri 's/:jessie/:wheezy/g' "$version/wheezy/Dockerfile" + fi + fi ( set -x - sed -ri ' - s/^(ENV PYTHON_VERSION) .*/\1 '"$fullVersion"'/; - s/^(ENV PYTHON_PIP_VERSION) .*/\1 '"$pipVersion"'/; - ' "$version"/{,*/}Dockerfile - sed -ri 's/^(FROM python):.*/\1:'"$version"'/' "$version/onbuild/Dockerfile" + sed -ri \ + -e 's/^(ENV GPG_KEY) .*/\1 '"${gpgKeys[$version]}"'/' \ + -e 's/^(ENV PYTHON_VERSION) .*/\1 '"$fullVersion"'/' \ + -e 's/^(ENV PYTHON_PIP_VERSION) .*/\1 '"$pipVersion"'/' \ + -e 's/^(FROM python):.*/\1:'"$version"'/' \ + "$version"/{,*/}Dockerfile ) fi for variant in wheezy alpine slim; do