-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- removes shell - removes support for ctypes - brings python3 out of experimental for debian12 Signed-off-by: Appu Goundan <[email protected]>
- Loading branch information
1 parent
0aaf3a9
commit 51f992d
Showing
6 changed files
with
253 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,125 @@ | ||
| load("@contrib_rules_oci//oci:defs.bzl", "oci_image", "oci_image_index", "oci_tarball", "structure_test") | ||
| load("@rules_pkg//:pkg.bzl", "pkg_tar") | ||
| load("//:checksums.bzl", ARCHITECTURES = "BASE_ARCHITECTURES") | ||
|
|
||
| package(default_visibility = ["//visibility:public"]) | ||
|
|
||
| USERS = [ | ||
| "root", | ||
| "nonroot", | ||
| ] | ||
|
|
||
| DISTROS = { | ||
| "debian12", | ||
| } | ||
|
|
||
| DISTRO_VERSION = { | ||
| "debian12": "3.11", | ||
| } | ||
|
|
||
| [ | ||
| pkg_tar( | ||
| name = "python_aliases_%s" % distro, | ||
| symlinks = { | ||
| "/usr/bin/python": "/usr/bin/python" + DISTRO_VERSION[distro], | ||
| "/usr/bin/python3": "/usr/bin/python" + DISTRO_VERSION[distro], | ||
| }, | ||
| ) | ||
| for distro in DISTROS | ||
| ] | ||
|
|
||
| [ | ||
| oci_image_index( | ||
| name = ("python3" if (not mode) else mode[1:]) + "_" + user + "_" + distro, | ||
| images = [ | ||
| ("python3" if (not mode) else mode[1:]) + "_" + user + "_" + arch + "_" + distro | ||
| for arch in ARCHITECTURES | ||
| ], | ||
| ) | ||
| for mode in [ | ||
| "", | ||
| ":debug", | ||
| ] | ||
| for user in USERS | ||
| for distro in DISTROS | ||
| ] | ||
|
|
||
| [ | ||
| oci_image( | ||
| name = ("python3" if (not mode) else mode[1:]) + "_" + user + "_" + arch + "_" + distro, | ||
| # Based on //cc so that C extensions work properly. | ||
| base = "//cc" + (mode if mode else ":cc") + "_" + user + "_" + arch + "_" + distro, | ||
| entrypoint = [ | ||
| "/usr/bin/python" + DISTRO_VERSION[distro], | ||
| ], | ||
| # Use UTF-8 encoding for file system: match modern Linux | ||
| env = {"LANG": "C.UTF-8"}, | ||
| tars = [ | ||
| deb_pkg(arch, distro, "libbz2-1.0"), | ||
| deb_pkg(arch, distro, "libdb5.3"), | ||
| deb_pkg(arch, distro, "libexpat1"), | ||
| deb_pkg(arch, distro, "liblzma5"), | ||
| deb_pkg(arch, distro, "libsqlite3-0"), | ||
| deb_pkg(arch, distro, "libuuid1"), | ||
| deb_pkg(arch, distro, "libncursesw6"), | ||
| deb_pkg(arch, distro, "libtinfo6"), | ||
| deb_pkg(arch, distro, "python3-distutils"), | ||
| deb_pkg(arch, distro, "zlib1g"), | ||
| deb_pkg(arch, distro, "libcom-err2"), | ||
| deb_pkg(arch, distro, "libcrypt1"), | ||
| deb_pkg(arch, distro, "libgssapi-krb5-2"), | ||
| deb_pkg(arch, distro, "libk5crypto3"), | ||
| deb_pkg(arch, distro, "libkeyutils1"), | ||
| deb_pkg(arch, distro, "libkrb5-3"), | ||
| deb_pkg(arch, distro, "libkrb5support0"), | ||
| deb_pkg(arch, distro, "libnsl2"), | ||
| deb_pkg(arch, distro, "libreadline8"), | ||
| deb_pkg(arch, distro, "libtirpc3"), | ||
| deb_pkg(arch, distro, "libffi8"), | ||
| deb_pkg(arch, distro, "libpython3.11-minimal"), | ||
| deb_pkg(arch, distro, "libpython3.11-stdlib"), | ||
| deb_pkg(arch, distro, "python3.11-minimal"), | ||
| ":python_aliases_%s" % distro, | ||
| ], | ||
| ) | ||
| for mode in [ | ||
| "", | ||
| ":debug", | ||
| ] | ||
| for user in USERS | ||
| for arch in ARCHITECTURES | ||
| for distro in DISTROS | ||
| ] | ||
|
|
||
| [ | ||
| structure_test( | ||
| name = "python3_" + user + "_" + arch + "_" + distro + "_test", | ||
| size = "medium", | ||
| config = ["testdata/python3.yaml"], | ||
| image = ":python3_" + user + "_" + arch + "_" + distro, | ||
| tags = [ | ||
| "manual", | ||
| arch, | ||
| ], | ||
| ) | ||
| for user in USERS | ||
| for arch in ARCHITECTURES | ||
| for distro in DISTROS | ||
| ] | ||
|
|
||
| # tests for version-specific things | ||
| [ | ||
| structure_test( | ||
| name = "version_specific_" + user + "_" + arch + "_" + distro + "_test", | ||
| size = "medium", | ||
| config = ["testdata/" + distro + ".yaml"], | ||
| image = ":python3_" + user + "_" + arch + "_" + distro, | ||
| tags = [ | ||
| "manual", | ||
| arch, | ||
| ], | ||
| ) | ||
| for user in USERS | ||
| for arch in ARCHITECTURES | ||
| for distro in DISTROS | ||
| ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # Documentation for `gcr.io/distroless/python3` | ||
|
|
||
| ## Image Contents | ||
|
|
||
| This image contains a minimal Linux, Python-based runtime. | ||
|
|
||
| Specifically, the image contains everything in the [base image](../../base/README.md), plus: | ||
|
|
||
| * Python 3 and its dependencies. | ||
| * No shell and no support for ctypes | ||
|
|
||
| ## Usage | ||
|
|
||
| The entrypoint of this image is set to "python", so this image expects users to supply a path to a .py file in the CMD. | ||
|
|
||
| See the Python [Hello World](../../examples/python3/) directory for an example. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| schemaVersion: "1.0.0" | ||
| commandTests: | ||
| - name: version | ||
| command: ["/usr/bin/python3", "--version"] | ||
| expectedOutput: ["Python 3.11.2"] | ||
| - name: symlink | ||
| command: ["/usr/bin/python", "--version"] | ||
| expectedOutput: ["Python 3.11.2"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,81 @@ | ||
| schemaVersion: "1.0.0" | ||
| commandTests: | ||
| - name: hello | ||
| command: ["/usr/bin/python3", "-c", "print('Hello World')"] | ||
| expectedOutput: ['Hello World'] | ||
|
|
||
| # ensure there is no shell | ||
| - name: no_shell | ||
| command: ["/usr/bin/python3", "-c", | ||
| "import subprocess, sys; subprocess.check_call(sys.executable + ' -h', shell=True)"] | ||
| exitCode: 1 | ||
|
|
||
| # debian's default python3 includes a partial version of distutils causing virtualenv to fail | ||
| # ensure we have the full version so virtualenvs work with distroless | ||
| - name: distutils_works | ||
| command: ["/usr/bin/python3", "-c", "import distutils.dist"] | ||
| exitCode: 0 | ||
|
|
||
| # file names are UTF-8: default for modern Linux systems | ||
| # The \xe9 backslash must be double-escaped to avoid YAML string parsing weirdness | ||
| - name: filesystem_utf8 | ||
| command: ["/usr/bin/python3", "-c", "open(u'h\\xe9llo', 'w'); import sys; print(sys.getfilesystemencoding())"] | ||
| expectedOutput: ['utf-8'] | ||
|
|
||
| # the print function should output UTF-8 | ||
| - name: print_utf8 | ||
| command: ["/usr/bin/python3", "-c", "print(u'h\\xe9llo.txt')"] | ||
| expectedOutput: ['h\xe9llo'] | ||
|
|
||
| # import every module installed with the Python package | ||
| - name: import_everything | ||
| exitCode: 0 | ||
| expectedOutput: ['FINISHED ENTIRE SCRIPT'] | ||
| command: | ||
| - "/usr/bin/python3" | ||
| - "-c" | ||
| # multi-line YAML string with Python script that imports all modules that are installed. | ||
| # This ensures we have the right native library dependencies. | ||
| - | | ||
| import pkgutil | ||
| skip_modules = frozenset(( | ||
| # Windows-specific modules | ||
| 'asyncio.windows_events', | ||
| 'asyncio.windows_utils', | ||
| 'ctypes.wintypes', | ||
| 'distutils._msvccompiler', | ||
| 'distutils.command.bdist_msi', | ||
| 'distutils.msvc9compiler', | ||
| 'encodings.cp65001', | ||
| 'encodings.mbcs', | ||
| 'encodings.oem', | ||
| 'multiprocessing.popen_spawn_win32', | ||
| 'winreg', | ||
| # Python regression tests "for internal use by Python only" | ||
| 'test', | ||
| # calls sys.exit | ||
| 'unittest.__main__', | ||
| 'venv.__main__', | ||
| # depends on things not installed by default on Debian | ||
| 'dbm.gnu', | ||
| 'lib2to3.pgen2.conv', | ||
| 'turtle', | ||
| )) | ||
| # pass an error handler so the test fails if there are broken standard library packages | ||
| def walk_packages_onerror(failed_module_name): | ||
| raise Exception('failed to import module: {}'.format(repr(failed_module_name))) | ||
| for module_info in pkgutil.walk_packages(onerror=walk_packages_onerror): | ||
| module_name = module_info.name | ||
| if module_name in skip_modules or module_name.startswith('test.'): | ||
| continue | ||
| __import__(module_name) | ||
| print('imported {}'.format(module_name)) | ||
| # ensures some module does not exit early (e.g unittest.__main__) | ||
| print('FINISHED ENTIRE SCRIPT') |