diff --git a/.github/workflows/verify-templating.yml b/.github/workflows/verify-templating.yml index 2e1fb7872..e822ba6bb 100644 --- a/.github/workflows/verify-templating.yml +++ b/.github/workflows/verify-templating.yml @@ -3,6 +3,7 @@ name: Verify Templating on: pull_request: push: + workflow_dispatch: defaults: run: @@ -14,9 +15,5 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Apply Templates - run: ./apply-templates.sh - - name: Check Git Status - run: | - status="$(git status --short)" - [ -z "$status" ] + - run: ./apply-templates.sh + - run: git diff --exit-code diff --git a/3.10/alpine3.19/Dockerfile b/3.10/alpine3.21/Dockerfile similarity index 91% rename from 3.10/alpine3.19/Dockerfile rename to 3.10/alpine3.21/Dockerfile index 65a6b2d37..6cc036e23 100644 --- a/3.10/alpine3.19/Dockerfile +++ b/3.10/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # ensure local python is preferred over distribution python ENV PATH /usr/local/bin:$PATH @@ -22,7 +22,8 @@ RUN set -eux; \ ; ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D -ENV PYTHON_VERSION 3.10.15 +ENV PYTHON_VERSION 3.10.18 +ENV PYTHON_SHA256 ae665bc678abd9ab6a6e1573d2481625a53719bc517e9a634ed2b9fefae3817f RUN set -eux; \ \ @@ -34,7 +35,6 @@ RUN set -eux; \ bluez-dev \ bzip2-dev \ dpkg-dev dpkg \ - expat-dev \ findutils \ gcc \ gdbm-dev \ @@ -58,6 +58,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -73,11 +74,9 @@ RUN set -eux; \ ./configure \ --build="$gnuArch" \ --enable-loadable-sqlite-extensions \ - $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--enable-optimizations') \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -88,7 +87,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -96,7 +94,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -127,7 +124,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ 'setuptools==65.5.1' \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ pip3 --version diff --git a/3.10/alpine3.20/Dockerfile b/3.10/alpine3.22/Dockerfile similarity index 91% rename from 3.10/alpine3.20/Dockerfile rename to 3.10/alpine3.22/Dockerfile index 4627b12b5..b91541a49 100644 --- a/3.10/alpine3.20/Dockerfile +++ b/3.10/alpine3.22/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.20 +FROM alpine:3.22 # ensure local python is preferred over distribution python ENV PATH /usr/local/bin:$PATH @@ -22,7 +22,8 @@ RUN set -eux; \ ; ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D -ENV PYTHON_VERSION 3.10.15 +ENV PYTHON_VERSION 3.10.18 +ENV PYTHON_SHA256 ae665bc678abd9ab6a6e1573d2481625a53719bc517e9a634ed2b9fefae3817f RUN set -eux; \ \ @@ -34,7 +35,6 @@ RUN set -eux; \ bluez-dev \ bzip2-dev \ dpkg-dev dpkg \ - expat-dev \ findutils \ gcc \ gdbm-dev \ @@ -58,6 +58,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -73,11 +74,9 @@ RUN set -eux; \ ./configure \ --build="$gnuArch" \ --enable-loadable-sqlite-extensions \ - $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--enable-optimizations') \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -88,7 +87,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -96,7 +94,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -127,7 +124,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ 'setuptools==65.5.1' \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ pip3 --version diff --git a/3.10/bookworm/Dockerfile b/3.10/bookworm/Dockerfile index 9e9e3170a..26a7c1623 100644 --- a/3.10/bookworm/Dockerfile +++ b/3.10/bookworm/Dockerfile @@ -25,11 +25,13 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D -ENV PYTHON_VERSION 3.10.15 +ENV PYTHON_VERSION 3.10.18 +ENV PYTHON_SHA256 ae665bc678abd9ab6a6e1573d2481625a53719bc517e9a634ed2b9fefae3817f RUN set -eux; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -48,8 +50,7 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -58,7 +59,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -66,7 +66,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -97,7 +96,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ 'setuptools==65.5.1' \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ pip3 --version diff --git a/3.10/bullseye/Dockerfile b/3.10/bullseye/Dockerfile index 98440f9a5..965b0995c 100644 --- a/3.10/bullseye/Dockerfile +++ b/3.10/bullseye/Dockerfile @@ -25,11 +25,13 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D -ENV PYTHON_VERSION 3.10.15 +ENV PYTHON_VERSION 3.10.18 +ENV PYTHON_SHA256 ae665bc678abd9ab6a6e1573d2481625a53719bc517e9a634ed2b9fefae3817f RUN set -eux; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -48,8 +50,7 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -58,7 +59,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -66,7 +66,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -97,7 +96,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ 'setuptools==65.5.1' \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ pip3 --version diff --git a/3.10/slim-bookworm/Dockerfile b/3.10/slim-bookworm/Dockerfile index e99add8ed..49411c8e6 100644 --- a/3.10/slim-bookworm/Dockerfile +++ b/3.10/slim-bookworm/Dockerfile @@ -25,7 +25,8 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D -ENV PYTHON_VERSION 3.10.15 +ENV PYTHON_VERSION 3.10.18 +ENV PYTHON_SHA256 ae665bc678abd9ab6a6e1573d2481625a53719bc517e9a634ed2b9fefae3817f RUN set -eux; \ \ @@ -39,7 +40,6 @@ RUN set -eux; \ libbz2-dev \ libc6-dev \ libdb-dev \ - libexpat1-dev \ libffi-dev \ libgdbm-dev \ liblzma-dev \ @@ -56,6 +56,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -74,8 +75,7 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -85,7 +85,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -93,7 +92,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -131,7 +129,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ 'setuptools==65.5.1' \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ pip3 --version diff --git a/3.10/slim-bullseye/Dockerfile b/3.10/slim-bullseye/Dockerfile index 0732224b2..6d6aa7fe9 100644 --- a/3.10/slim-bullseye/Dockerfile +++ b/3.10/slim-bullseye/Dockerfile @@ -25,7 +25,8 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D -ENV PYTHON_VERSION 3.10.15 +ENV PYTHON_VERSION 3.10.18 +ENV PYTHON_SHA256 ae665bc678abd9ab6a6e1573d2481625a53719bc517e9a634ed2b9fefae3817f RUN set -eux; \ \ @@ -39,7 +40,6 @@ RUN set -eux; \ libbz2-dev \ libc6-dev \ libdb-dev \ - libexpat1-dev \ libffi-dev \ libgdbm-dev \ liblzma-dev \ @@ -56,6 +56,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -74,8 +75,7 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -85,7 +85,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -93,7 +92,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -131,7 +129,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ 'setuptools==65.5.1' \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ pip3 --version diff --git a/3.11/alpine3.19/Dockerfile b/3.11/alpine3.21/Dockerfile similarity index 91% rename from 3.11/alpine3.19/Dockerfile rename to 3.11/alpine3.21/Dockerfile index 39491416a..a164244d7 100644 --- a/3.11/alpine3.19/Dockerfile +++ b/3.11/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # ensure local python is preferred over distribution python ENV PATH /usr/local/bin:$PATH @@ -22,7 +22,8 @@ RUN set -eux; \ ; ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D -ENV PYTHON_VERSION 3.11.10 +ENV PYTHON_VERSION 3.11.13 +ENV PYTHON_SHA256 8fb5f9fbc7609fa822cb31549884575db7fd9657cbffb89510b5d7975963a83a RUN set -eux; \ \ @@ -34,7 +35,6 @@ RUN set -eux; \ bluez-dev \ bzip2-dev \ dpkg-dev dpkg \ - expat-dev \ findutils \ gcc \ gdbm-dev \ @@ -58,6 +58,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -73,11 +74,9 @@ RUN set -eux; \ ./configure \ --build="$gnuArch" \ --enable-loadable-sqlite-extensions \ - $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--enable-optimizations') \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -88,7 +87,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -96,7 +94,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -127,7 +124,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ 'setuptools==65.5.1' \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ pip3 --version diff --git a/3.11/alpine3.20/Dockerfile b/3.11/alpine3.22/Dockerfile similarity index 91% rename from 3.11/alpine3.20/Dockerfile rename to 3.11/alpine3.22/Dockerfile index a945539c2..954cf29ea 100644 --- a/3.11/alpine3.20/Dockerfile +++ b/3.11/alpine3.22/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.20 +FROM alpine:3.22 # ensure local python is preferred over distribution python ENV PATH /usr/local/bin:$PATH @@ -22,7 +22,8 @@ RUN set -eux; \ ; ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D -ENV PYTHON_VERSION 3.11.10 +ENV PYTHON_VERSION 3.11.13 +ENV PYTHON_SHA256 8fb5f9fbc7609fa822cb31549884575db7fd9657cbffb89510b5d7975963a83a RUN set -eux; \ \ @@ -34,7 +35,6 @@ RUN set -eux; \ bluez-dev \ bzip2-dev \ dpkg-dev dpkg \ - expat-dev \ findutils \ gcc \ gdbm-dev \ @@ -58,6 +58,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -73,11 +74,9 @@ RUN set -eux; \ ./configure \ --build="$gnuArch" \ --enable-loadable-sqlite-extensions \ - $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--enable-optimizations') \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -88,7 +87,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -96,7 +94,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -127,7 +124,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ 'setuptools==65.5.1' \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ pip3 --version diff --git a/3.11/bookworm/Dockerfile b/3.11/bookworm/Dockerfile index 93be03eb4..68c68dee3 100644 --- a/3.11/bookworm/Dockerfile +++ b/3.11/bookworm/Dockerfile @@ -25,11 +25,13 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D -ENV PYTHON_VERSION 3.11.10 +ENV PYTHON_VERSION 3.11.13 +ENV PYTHON_SHA256 8fb5f9fbc7609fa822cb31549884575db7fd9657cbffb89510b5d7975963a83a RUN set -eux; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -48,8 +50,7 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -58,7 +59,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -66,7 +66,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -97,7 +96,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ 'setuptools==65.5.1' \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ pip3 --version diff --git a/3.11/bullseye/Dockerfile b/3.11/bullseye/Dockerfile index c5a0a7a6d..1e1f136a3 100644 --- a/3.11/bullseye/Dockerfile +++ b/3.11/bullseye/Dockerfile @@ -25,11 +25,13 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D -ENV PYTHON_VERSION 3.11.10 +ENV PYTHON_VERSION 3.11.13 +ENV PYTHON_SHA256 8fb5f9fbc7609fa822cb31549884575db7fd9657cbffb89510b5d7975963a83a RUN set -eux; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -48,8 +50,7 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -58,7 +59,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -66,7 +66,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -97,7 +96,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ 'setuptools==65.5.1' \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ pip3 --version diff --git a/3.11/slim-bookworm/Dockerfile b/3.11/slim-bookworm/Dockerfile index f435e9847..a2538726e 100644 --- a/3.11/slim-bookworm/Dockerfile +++ b/3.11/slim-bookworm/Dockerfile @@ -25,7 +25,8 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D -ENV PYTHON_VERSION 3.11.10 +ENV PYTHON_VERSION 3.11.13 +ENV PYTHON_SHA256 8fb5f9fbc7609fa822cb31549884575db7fd9657cbffb89510b5d7975963a83a RUN set -eux; \ \ @@ -39,7 +40,6 @@ RUN set -eux; \ libbz2-dev \ libc6-dev \ libdb-dev \ - libexpat1-dev \ libffi-dev \ libgdbm-dev \ liblzma-dev \ @@ -56,6 +56,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -74,8 +75,7 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -85,7 +85,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -93,7 +92,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -131,7 +129,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ 'setuptools==65.5.1' \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ pip3 --version diff --git a/3.11/slim-bullseye/Dockerfile b/3.11/slim-bullseye/Dockerfile index 4a5fdd620..5f64e97b3 100644 --- a/3.11/slim-bullseye/Dockerfile +++ b/3.11/slim-bullseye/Dockerfile @@ -25,7 +25,8 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D -ENV PYTHON_VERSION 3.11.10 +ENV PYTHON_VERSION 3.11.13 +ENV PYTHON_SHA256 8fb5f9fbc7609fa822cb31549884575db7fd9657cbffb89510b5d7975963a83a RUN set -eux; \ \ @@ -39,7 +40,6 @@ RUN set -eux; \ libbz2-dev \ libc6-dev \ libdb-dev \ - libexpat1-dev \ libffi-dev \ libgdbm-dev \ liblzma-dev \ @@ -56,6 +56,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -74,8 +75,7 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -85,7 +85,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -93,7 +92,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -131,7 +129,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ 'setuptools==65.5.1' \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ pip3 --version diff --git a/3.12/alpine3.19/Dockerfile b/3.12/alpine3.21/Dockerfile similarity index 77% rename from 3.12/alpine3.19/Dockerfile rename to 3.12/alpine3.21/Dockerfile index 2b4b76262..dc716a395 100644 --- a/3.12/alpine3.19/Dockerfile +++ b/3.12/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # ensure local python is preferred over distribution python ENV PATH /usr/local/bin:$PATH @@ -22,7 +22,8 @@ RUN set -eux; \ ; ENV GPG_KEY 7169605F62C751356D054A26A821E680E5FA6305 -ENV PYTHON_VERSION 3.12.6 +ENV PYTHON_VERSION 3.12.11 +ENV PYTHON_SHA256 c30bb24b7f1e9a19b11b55a546434f74e739bb4c271a3e3a80ff4380d49f7adb RUN set -eux; \ \ @@ -34,7 +35,6 @@ RUN set -eux; \ bluez-dev \ bzip2-dev \ dpkg-dev dpkg \ - expat-dev \ findutils \ gcc \ gdbm-dev \ @@ -58,6 +58,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -73,11 +74,9 @@ RUN set -eux; \ ./configure \ --build="$gnuArch" \ --enable-loadable-sqlite-extensions \ - $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--enable-optimizations') \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -85,10 +84,27 @@ RUN set -eux; \ # https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000"; \ LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \ + arch="$(apk --print-arch)"; \ +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ + x86_64|aarch64) \ + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ + x86) \ + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -96,7 +112,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ diff --git a/3.12/alpine3.20/Dockerfile b/3.12/alpine3.22/Dockerfile similarity index 77% rename from 3.12/alpine3.20/Dockerfile rename to 3.12/alpine3.22/Dockerfile index 89d13a74b..e9346935b 100644 --- a/3.12/alpine3.20/Dockerfile +++ b/3.12/alpine3.22/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.20 +FROM alpine:3.22 # ensure local python is preferred over distribution python ENV PATH /usr/local/bin:$PATH @@ -22,7 +22,8 @@ RUN set -eux; \ ; ENV GPG_KEY 7169605F62C751356D054A26A821E680E5FA6305 -ENV PYTHON_VERSION 3.12.6 +ENV PYTHON_VERSION 3.12.11 +ENV PYTHON_SHA256 c30bb24b7f1e9a19b11b55a546434f74e739bb4c271a3e3a80ff4380d49f7adb RUN set -eux; \ \ @@ -34,7 +35,6 @@ RUN set -eux; \ bluez-dev \ bzip2-dev \ dpkg-dev dpkg \ - expat-dev \ findutils \ gcc \ gdbm-dev \ @@ -58,6 +58,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -73,11 +74,9 @@ RUN set -eux; \ ./configure \ --build="$gnuArch" \ --enable-loadable-sqlite-extensions \ - $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--enable-optimizations') \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -85,10 +84,27 @@ RUN set -eux; \ # https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000"; \ LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \ + arch="$(apk --print-arch)"; \ +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ + x86_64|aarch64) \ + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ + x86) \ + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -96,7 +112,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ diff --git a/3.12/bookworm/Dockerfile b/3.12/bookworm/Dockerfile index 2ff3e16b6..6e1d059e7 100644 --- a/3.12/bookworm/Dockerfile +++ b/3.12/bookworm/Dockerfile @@ -25,11 +25,13 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY 7169605F62C751356D054A26A821E680E5FA6305 -ENV PYTHON_VERSION 3.12.6 +ENV PYTHON_VERSION 3.12.11 +ENV PYTHON_SHA256 c30bb24b7f1e9a19b11b55a546434f74e739bb4c271a3e3a80ff4380d49f7adb RUN set -eux; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -48,17 +50,33 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ EXTRA_CFLAGS="$(dpkg-buildflags --get CFLAGS)"; \ LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; \ + arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ + amd64|arm64) \ + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ + i386) \ + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -66,7 +84,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ diff --git a/3.12/bullseye/Dockerfile b/3.12/bullseye/Dockerfile index 0d32ee6c9..b50a5ca4b 100644 --- a/3.12/bullseye/Dockerfile +++ b/3.12/bullseye/Dockerfile @@ -25,11 +25,13 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY 7169605F62C751356D054A26A821E680E5FA6305 -ENV PYTHON_VERSION 3.12.6 +ENV PYTHON_VERSION 3.12.11 +ENV PYTHON_SHA256 c30bb24b7f1e9a19b11b55a546434f74e739bb4c271a3e3a80ff4380d49f7adb RUN set -eux; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -48,17 +50,33 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ EXTRA_CFLAGS="$(dpkg-buildflags --get CFLAGS)"; \ LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; \ + arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ + amd64|arm64) \ + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ + i386) \ + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -66,7 +84,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ diff --git a/3.12/slim-bookworm/Dockerfile b/3.12/slim-bookworm/Dockerfile index d9a77a260..17d0d4871 100644 --- a/3.12/slim-bookworm/Dockerfile +++ b/3.12/slim-bookworm/Dockerfile @@ -25,7 +25,8 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY 7169605F62C751356D054A26A821E680E5FA6305 -ENV PYTHON_VERSION 3.12.6 +ENV PYTHON_VERSION 3.12.11 +ENV PYTHON_SHA256 c30bb24b7f1e9a19b11b55a546434f74e739bb4c271a3e3a80ff4380d49f7adb RUN set -eux; \ \ @@ -39,7 +40,6 @@ RUN set -eux; \ libbz2-dev \ libc6-dev \ libdb-dev \ - libexpat1-dev \ libffi-dev \ libgdbm-dev \ liblzma-dev \ @@ -56,6 +56,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -74,18 +75,34 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ EXTRA_CFLAGS="$(dpkg-buildflags --get CFLAGS)"; \ LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; \ LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \ + arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ + amd64|arm64) \ + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ + i386) \ + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -93,7 +110,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ diff --git a/3.12/slim-bullseye/Dockerfile b/3.12/slim-bullseye/Dockerfile index ca3d6fd7f..5dd6eb97e 100644 --- a/3.12/slim-bullseye/Dockerfile +++ b/3.12/slim-bullseye/Dockerfile @@ -25,7 +25,8 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY 7169605F62C751356D054A26A821E680E5FA6305 -ENV PYTHON_VERSION 3.12.6 +ENV PYTHON_VERSION 3.12.11 +ENV PYTHON_SHA256 c30bb24b7f1e9a19b11b55a546434f74e739bb4c271a3e3a80ff4380d49f7adb RUN set -eux; \ \ @@ -39,7 +40,6 @@ RUN set -eux; \ libbz2-dev \ libc6-dev \ libdb-dev \ - libexpat1-dev \ libffi-dev \ libgdbm-dev \ liblzma-dev \ @@ -56,6 +56,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -74,18 +75,34 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ EXTRA_CFLAGS="$(dpkg-buildflags --get CFLAGS)"; \ LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; \ LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \ + arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ + amd64|arm64) \ + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ + i386) \ + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -93,7 +110,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ diff --git a/3.13-rc/alpine3.19/Dockerfile b/3.13/alpine3.21/Dockerfile similarity index 75% rename from 3.13-rc/alpine3.19/Dockerfile rename to 3.13/alpine3.21/Dockerfile index 194db7a26..4528dbe5c 100644 --- a/3.13-rc/alpine3.19/Dockerfile +++ b/3.13/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # ensure local python is preferred over distribution python ENV PATH /usr/local/bin:$PATH @@ -17,7 +17,8 @@ RUN set -eux; \ ; ENV GPG_KEY 7169605F62C751356D054A26A821E680E5FA6305 -ENV PYTHON_VERSION 3.13.0rc2 +ENV PYTHON_VERSION 3.13.4 +ENV PYTHON_SHA256 27b15a797562a2971dce3ffe31bb216042ce0b995b39d768cf15f784cc757365 RUN set -eux; \ \ @@ -29,7 +30,6 @@ RUN set -eux; \ bluez-dev \ bzip2-dev \ dpkg-dev dpkg \ - expat-dev \ findutils \ gcc \ gdbm-dev \ @@ -53,6 +53,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -68,11 +69,9 @@ RUN set -eux; \ ./configure \ --build="$gnuArch" \ --enable-loadable-sqlite-extensions \ - $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--enable-optimizations') \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -80,10 +79,27 @@ RUN set -eux; \ # https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000"; \ LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \ + arch="$(apk --print-arch)"; \ +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ + x86_64|aarch64) \ + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ + x86) \ + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -91,7 +107,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ diff --git a/3.13-rc/alpine3.20/Dockerfile b/3.13/alpine3.22/Dockerfile similarity index 75% rename from 3.13-rc/alpine3.20/Dockerfile rename to 3.13/alpine3.22/Dockerfile index 7832c83dd..3af574f17 100644 --- a/3.13-rc/alpine3.20/Dockerfile +++ b/3.13/alpine3.22/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.20 +FROM alpine:3.22 # ensure local python is preferred over distribution python ENV PATH /usr/local/bin:$PATH @@ -17,7 +17,8 @@ RUN set -eux; \ ; ENV GPG_KEY 7169605F62C751356D054A26A821E680E5FA6305 -ENV PYTHON_VERSION 3.13.0rc2 +ENV PYTHON_VERSION 3.13.4 +ENV PYTHON_SHA256 27b15a797562a2971dce3ffe31bb216042ce0b995b39d768cf15f784cc757365 RUN set -eux; \ \ @@ -29,7 +30,6 @@ RUN set -eux; \ bluez-dev \ bzip2-dev \ dpkg-dev dpkg \ - expat-dev \ findutils \ gcc \ gdbm-dev \ @@ -53,6 +53,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -68,11 +69,9 @@ RUN set -eux; \ ./configure \ --build="$gnuArch" \ --enable-loadable-sqlite-extensions \ - $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--enable-optimizations') \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -80,10 +79,27 @@ RUN set -eux; \ # https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000"; \ LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \ + arch="$(apk --print-arch)"; \ +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ + x86_64|aarch64) \ + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ + x86) \ + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -91,7 +107,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ diff --git a/3.13-rc/bookworm/Dockerfile b/3.13/bookworm/Dockerfile similarity index 72% rename from 3.13-rc/bookworm/Dockerfile rename to 3.13/bookworm/Dockerfile index c352394a1..f9ebc9210 100644 --- a/3.13-rc/bookworm/Dockerfile +++ b/3.13/bookworm/Dockerfile @@ -20,11 +20,13 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY 7169605F62C751356D054A26A821E680E5FA6305 -ENV PYTHON_VERSION 3.13.0rc2 +ENV PYTHON_VERSION 3.13.4 +ENV PYTHON_SHA256 27b15a797562a2971dce3ffe31bb216042ce0b995b39d768cf15f784cc757365 RUN set -eux; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -43,17 +45,33 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ EXTRA_CFLAGS="$(dpkg-buildflags --get CFLAGS)"; \ LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; \ + arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ + amd64|arm64) \ + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ + i386) \ + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -61,7 +79,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ diff --git a/3.13-rc/bullseye/Dockerfile b/3.13/bullseye/Dockerfile similarity index 72% rename from 3.13-rc/bullseye/Dockerfile rename to 3.13/bullseye/Dockerfile index dd469dc74..0636fb700 100644 --- a/3.13-rc/bullseye/Dockerfile +++ b/3.13/bullseye/Dockerfile @@ -20,11 +20,13 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY 7169605F62C751356D054A26A821E680E5FA6305 -ENV PYTHON_VERSION 3.13.0rc2 +ENV PYTHON_VERSION 3.13.4 +ENV PYTHON_SHA256 27b15a797562a2971dce3ffe31bb216042ce0b995b39d768cf15f784cc757365 RUN set -eux; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -43,17 +45,33 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ EXTRA_CFLAGS="$(dpkg-buildflags --get CFLAGS)"; \ LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; \ + arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ + amd64|arm64) \ + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ + i386) \ + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -61,7 +79,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ diff --git a/3.13-rc/slim-bookworm/Dockerfile b/3.13/slim-bookworm/Dockerfile similarity index 76% rename from 3.13-rc/slim-bookworm/Dockerfile rename to 3.13/slim-bookworm/Dockerfile index e5e307491..1f6754174 100644 --- a/3.13-rc/slim-bookworm/Dockerfile +++ b/3.13/slim-bookworm/Dockerfile @@ -20,7 +20,8 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY 7169605F62C751356D054A26A821E680E5FA6305 -ENV PYTHON_VERSION 3.13.0rc2 +ENV PYTHON_VERSION 3.13.4 +ENV PYTHON_SHA256 27b15a797562a2971dce3ffe31bb216042ce0b995b39d768cf15f784cc757365 RUN set -eux; \ \ @@ -34,7 +35,6 @@ RUN set -eux; \ libbz2-dev \ libc6-dev \ libdb-dev \ - libexpat1-dev \ libffi-dev \ libgdbm-dev \ liblzma-dev \ @@ -51,6 +51,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -69,18 +70,34 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ EXTRA_CFLAGS="$(dpkg-buildflags --get CFLAGS)"; \ LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; \ LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \ + arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ + amd64|arm64) \ + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ + i386) \ + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -88,7 +105,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ diff --git a/3.13-rc/slim-bullseye/Dockerfile b/3.13/slim-bullseye/Dockerfile similarity index 76% rename from 3.13-rc/slim-bullseye/Dockerfile rename to 3.13/slim-bullseye/Dockerfile index 741cd826b..fc358627f 100644 --- a/3.13-rc/slim-bullseye/Dockerfile +++ b/3.13/slim-bullseye/Dockerfile @@ -20,7 +20,8 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY 7169605F62C751356D054A26A821E680E5FA6305 -ENV PYTHON_VERSION 3.13.0rc2 +ENV PYTHON_VERSION 3.13.4 +ENV PYTHON_SHA256 27b15a797562a2971dce3ffe31bb216042ce0b995b39d768cf15f784cc757365 RUN set -eux; \ \ @@ -34,7 +35,6 @@ RUN set -eux; \ libbz2-dev \ libc6-dev \ libdb-dev \ - libexpat1-dev \ libffi-dev \ libgdbm-dev \ liblzma-dev \ @@ -51,6 +51,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -69,18 +70,34 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-lto \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ EXTRA_CFLAGS="$(dpkg-buildflags --get CFLAGS)"; \ LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; \ LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \ + arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ + amd64|arm64) \ + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ + i386) \ + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -88,7 +105,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ diff --git a/3.13-rc/windows/windowsservercore-ltsc2022/Dockerfile b/3.13/windows/windowsservercore-ltsc2022/Dockerfile similarity index 85% rename from 3.13-rc/windows/windowsservercore-ltsc2022/Dockerfile rename to 3.13/windows/windowsservercore-ltsc2022/Dockerfile index a8e353350..7b4901320 100644 --- a/3.13-rc/windows/windowsservercore-ltsc2022/Dockerfile +++ b/3.13/windows/windowsservercore-ltsc2022/Dockerfile @@ -11,13 +11,20 @@ SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPref # https://github.com/docker-library/python/pull/557 ENV PYTHONIOENCODING UTF-8 -ENV PYTHON_VERSION 3.13.0rc2 +ENV PYTHON_VERSION 3.13.4 +ENV PYTHON_SHA256 94f53bb832539ea02d6ce581d7c1fcc36228e04a611b8dcfe797ad4bbc0a45c1 RUN $url = ('https://www.python.org/ftp/python/{0}/python-{1}-amd64.exe' -f ($env:PYTHON_VERSION -replace '[a-z]+[0-9]*$', ''), $env:PYTHON_VERSION); \ Write-Host ('Downloading {0} ...' -f $url); \ [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ Invoke-WebRequest -Uri $url -OutFile 'python.exe'; \ \ + Write-Host ('Verifying sha256 ({0}) ...' -f $env:PYTHON_SHA256); \ + if ((Get-FileHash python.exe -Algorithm sha256).Hash -ne $env:PYTHON_SHA256) { \ + Write-Host 'FAILED!'; \ + exit 1; \ + }; \ + \ Write-Host 'Installing ...'; \ # https://docs.python.org/3/using/windows.html#installing-without-ui $exitCode = (Start-Process python.exe -Wait -NoNewWindow -PassThru \ diff --git a/3.13-rc/windows/windowsservercore-1809/Dockerfile b/3.13/windows/windowsservercore-ltsc2025/Dockerfile similarity index 83% rename from 3.13-rc/windows/windowsservercore-1809/Dockerfile rename to 3.13/windows/windowsservercore-ltsc2025/Dockerfile index 00ac9a02e..0d68590b1 100644 --- a/3.13-rc/windows/windowsservercore-1809/Dockerfile +++ b/3.13/windows/windowsservercore-ltsc2025/Dockerfile @@ -4,20 +4,27 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM mcr.microsoft.com/windows/servercore:1809 +FROM mcr.microsoft.com/windows/servercore:ltsc2025 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] # https://github.com/docker-library/python/pull/557 ENV PYTHONIOENCODING UTF-8 -ENV PYTHON_VERSION 3.13.0rc2 +ENV PYTHON_VERSION 3.13.4 +ENV PYTHON_SHA256 94f53bb832539ea02d6ce581d7c1fcc36228e04a611b8dcfe797ad4bbc0a45c1 RUN $url = ('https://www.python.org/ftp/python/{0}/python-{1}-amd64.exe' -f ($env:PYTHON_VERSION -replace '[a-z]+[0-9]*$', ''), $env:PYTHON_VERSION); \ Write-Host ('Downloading {0} ...' -f $url); \ [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ Invoke-WebRequest -Uri $url -OutFile 'python.exe'; \ \ + Write-Host ('Verifying sha256 ({0}) ...' -f $env:PYTHON_SHA256); \ + if ((Get-FileHash python.exe -Algorithm sha256).Hash -ne $env:PYTHON_SHA256) { \ + Write-Host 'FAILED!'; \ + exit 1; \ + }; \ + \ Write-Host 'Installing ...'; \ # https://docs.python.org/3/using/windows.html#installing-without-ui $exitCode = (Start-Process python.exe -Wait -NoNewWindow -PassThru \ diff --git a/3.14-rc/alpine3.21/Dockerfile b/3.14-rc/alpine3.21/Dockerfile new file mode 100644 index 000000000..12ae69e73 --- /dev/null +++ b/3.14-rc/alpine3.21/Dockerfile @@ -0,0 +1,138 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.21 + +# ensure local python is preferred over distribution python +ENV PATH /usr/local/bin:$PATH + +# runtime dependencies +RUN set -eux; \ + apk add --no-cache \ + ca-certificates \ + tzdata \ + ; + +ENV PYTHON_VERSION 3.14.0b2 +ENV PYTHON_SHA256 7ac9e84844bbc0a5a8f1f79a37a68b3b8caf2a58b4aa5999c49227cb36e70ea6 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .build-deps \ + gnupg \ + tar \ + xz \ + \ + bluez-dev \ + bzip2-dev \ + dpkg-dev dpkg \ + findutils \ + gcc \ + gdbm-dev \ + libc-dev \ + libffi-dev \ + libnsl-dev \ + libtirpc-dev \ + linux-headers \ + make \ + ncurses-dev \ + openssl-dev \ + pax-utils \ + readline-dev \ + sqlite-dev \ + tcl-dev \ + tk \ + tk-dev \ + util-linux-dev \ + xz-dev \ + zlib-dev \ + ; \ + \ + wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ + mkdir -p /usr/src/python; \ + tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \ + rm python.tar.xz; \ + \ + cd /usr/src/python; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + ./configure \ + --build="$gnuArch" \ + --enable-loadable-sqlite-extensions \ + --enable-option-checking=fatal \ + --enable-shared \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ + --with-ensurepip \ + ; \ + nproc="$(nproc)"; \ +# set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit() +# https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 + EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000"; \ + LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \ + arch="$(apk --print-arch)"; \ +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ + x86_64|aarch64) \ + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ + x86) \ + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ + make -j "$nproc" \ + "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ + "LDFLAGS=${LDFLAGS:-}" \ + ; \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + rm python; \ + make -j "$nproc" \ + "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ + "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ + python \ + ; \ + make install; \ + \ + cd /; \ + rm -rf /usr/src/python; \ + \ + find /usr/local -depth \ + \( \ + \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \ + -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \) \) \ + \) -exec rm -rf '{}' + \ + ; \ + \ + find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | xargs -rt apk add --no-network --virtual .python-rundeps \ + ; \ + apk del --no-network .build-deps; \ + \ + export PYTHONDONTWRITEBYTECODE=1; \ + python3 --version; \ + pip3 --version + +# make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) +RUN set -eux; \ + for src in idle3 pip3 pydoc3 python3 python3-config; do \ + dst="$(echo "$src" | tr -d 3)"; \ + [ -s "/usr/local/bin/$src" ]; \ + [ ! -e "/usr/local/bin/$dst" ]; \ + ln -svT "$src" "/usr/local/bin/$dst"; \ + done + +CMD ["python3"] diff --git a/3.14-rc/alpine3.22/Dockerfile b/3.14-rc/alpine3.22/Dockerfile new file mode 100644 index 000000000..87d223fc3 --- /dev/null +++ b/3.14-rc/alpine3.22/Dockerfile @@ -0,0 +1,138 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.22 + +# ensure local python is preferred over distribution python +ENV PATH /usr/local/bin:$PATH + +# runtime dependencies +RUN set -eux; \ + apk add --no-cache \ + ca-certificates \ + tzdata \ + ; + +ENV PYTHON_VERSION 3.14.0b2 +ENV PYTHON_SHA256 7ac9e84844bbc0a5a8f1f79a37a68b3b8caf2a58b4aa5999c49227cb36e70ea6 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .build-deps \ + gnupg \ + tar \ + xz \ + \ + bluez-dev \ + bzip2-dev \ + dpkg-dev dpkg \ + findutils \ + gcc \ + gdbm-dev \ + libc-dev \ + libffi-dev \ + libnsl-dev \ + libtirpc-dev \ + linux-headers \ + make \ + ncurses-dev \ + openssl-dev \ + pax-utils \ + readline-dev \ + sqlite-dev \ + tcl-dev \ + tk \ + tk-dev \ + util-linux-dev \ + xz-dev \ + zlib-dev \ + ; \ + \ + wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ + mkdir -p /usr/src/python; \ + tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \ + rm python.tar.xz; \ + \ + cd /usr/src/python; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + ./configure \ + --build="$gnuArch" \ + --enable-loadable-sqlite-extensions \ + --enable-option-checking=fatal \ + --enable-shared \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ + --with-ensurepip \ + ; \ + nproc="$(nproc)"; \ +# set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit() +# https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 + EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000"; \ + LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \ + arch="$(apk --print-arch)"; \ +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ + x86_64|aarch64) \ + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ + x86) \ + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ + make -j "$nproc" \ + "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ + "LDFLAGS=${LDFLAGS:-}" \ + ; \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + rm python; \ + make -j "$nproc" \ + "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ + "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ + python \ + ; \ + make install; \ + \ + cd /; \ + rm -rf /usr/src/python; \ + \ + find /usr/local -depth \ + \( \ + \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \ + -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \) \) \ + \) -exec rm -rf '{}' + \ + ; \ + \ + find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | xargs -rt apk add --no-network --virtual .python-rundeps \ + ; \ + apk del --no-network .build-deps; \ + \ + export PYTHONDONTWRITEBYTECODE=1; \ + python3 --version; \ + pip3 --version + +# make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) +RUN set -eux; \ + for src in idle3 pip3 pydoc3 python3 python3-config; do \ + dst="$(echo "$src" | tr -d 3)"; \ + [ -s "/usr/local/bin/$src" ]; \ + [ ! -e "/usr/local/bin/$dst" ]; \ + ln -svT "$src" "/usr/local/bin/$dst"; \ + done + +CMD ["python3"] diff --git a/3.8/bookworm/Dockerfile b/3.14-rc/bookworm/Dockerfile similarity index 69% rename from 3.8/bookworm/Dockerfile rename to 3.14-rc/bookworm/Dockerfile index 3304a4921..effe40bb2 100644 --- a/3.8/bookworm/Dockerfile +++ b/3.14-rc/bookworm/Dockerfile @@ -9,11 +9,6 @@ FROM buildpack-deps:bookworm # ensure local python is preferred over distribution python ENV PATH /usr/local/bin:$PATH -# cannot remove LANG even though https://bugs.python.org/issue19846 is fixed -# last attempted removal of LANG broke many users: -# https://github.com/docker-library/python/pull/570 -ENV LANG C.UTF-8 - # runtime dependencies RUN set -eux; \ apt-get update; \ @@ -24,18 +19,13 @@ RUN set -eux; \ ; \ rm -rf /var/lib/apt/lists/* -ENV GPG_KEY E3FF2839C048B25C084DEBE9B26995E310250568 -ENV PYTHON_VERSION 3.8.20 +ENV PYTHON_VERSION 3.14.0b2 +ENV PYTHON_SHA256 7ac9e84844bbc0a5a8f1f79a37a68b3b8caf2a58b4aa5999c49227cb36e70ea6 RUN set -eux; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ - wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ - gpg --batch --verify python.tar.xz.asc python.tar.xz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" python.tar.xz.asc; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ mkdir -p /usr/src/python; \ tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \ rm python.tar.xz; \ @@ -48,16 +38,33 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ EXTRA_CFLAGS="$(dpkg-buildflags --get CFLAGS)"; \ LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; \ + arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ + amd64|arm64) \ + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ + i386) \ + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -65,7 +72,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -83,7 +89,6 @@ RUN set -eux; \ \( \ \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \ -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \) \) \ - -o \( -type f -a -name 'wininst-*.exe' \) \ \) -exec rm -rf '{}' + \ ; \ \ @@ -91,14 +96,6 @@ RUN set -eux; \ \ export PYTHONDONTWRITEBYTECODE=1; \ python3 --version; \ - \ - pip3 install \ - --disable-pip-version-check \ - --no-cache-dir \ - --no-compile \ - 'setuptools==57.5.0' \ - wheel \ - ; \ pip3 --version # make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) diff --git a/3.8/bullseye/Dockerfile b/3.14-rc/bullseye/Dockerfile similarity index 69% rename from 3.8/bullseye/Dockerfile rename to 3.14-rc/bullseye/Dockerfile index 7ac4f74f1..f6246d76f 100644 --- a/3.8/bullseye/Dockerfile +++ b/3.14-rc/bullseye/Dockerfile @@ -9,11 +9,6 @@ FROM buildpack-deps:bullseye # ensure local python is preferred over distribution python ENV PATH /usr/local/bin:$PATH -# cannot remove LANG even though https://bugs.python.org/issue19846 is fixed -# last attempted removal of LANG broke many users: -# https://github.com/docker-library/python/pull/570 -ENV LANG C.UTF-8 - # runtime dependencies RUN set -eux; \ apt-get update; \ @@ -24,18 +19,13 @@ RUN set -eux; \ ; \ rm -rf /var/lib/apt/lists/* -ENV GPG_KEY E3FF2839C048B25C084DEBE9B26995E310250568 -ENV PYTHON_VERSION 3.8.20 +ENV PYTHON_VERSION 3.14.0b2 +ENV PYTHON_SHA256 7ac9e84844bbc0a5a8f1f79a37a68b3b8caf2a58b4aa5999c49227cb36e70ea6 RUN set -eux; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ - wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ - gpg --batch --verify python.tar.xz.asc python.tar.xz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" python.tar.xz.asc; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ mkdir -p /usr/src/python; \ tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \ rm python.tar.xz; \ @@ -48,16 +38,33 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ EXTRA_CFLAGS="$(dpkg-buildflags --get CFLAGS)"; \ LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; \ + arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ + amd64|arm64) \ + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ + i386) \ + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -65,7 +72,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -83,7 +89,6 @@ RUN set -eux; \ \( \ \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \ -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \) \) \ - -o \( -type f -a -name 'wininst-*.exe' \) \ \) -exec rm -rf '{}' + \ ; \ \ @@ -91,14 +96,6 @@ RUN set -eux; \ \ export PYTHONDONTWRITEBYTECODE=1; \ python3 --version; \ - \ - pip3 install \ - --disable-pip-version-check \ - --no-cache-dir \ - --no-compile \ - 'setuptools==57.5.0' \ - wheel \ - ; \ pip3 --version # make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) diff --git a/3.8/slim-bookworm/Dockerfile b/3.14-rc/slim-bookworm/Dockerfile similarity index 74% rename from 3.8/slim-bookworm/Dockerfile rename to 3.14-rc/slim-bookworm/Dockerfile index a368693f3..22d716de4 100644 --- a/3.8/slim-bookworm/Dockerfile +++ b/3.14-rc/slim-bookworm/Dockerfile @@ -9,11 +9,6 @@ FROM debian:bookworm-slim # ensure local python is preferred over distribution python ENV PATH /usr/local/bin:$PATH -# cannot remove LANG even though https://bugs.python.org/issue19846 is fixed -# last attempted removal of LANG broke many users: -# https://github.com/docker-library/python/pull/570 -ENV LANG C.UTF-8 - # runtime dependencies RUN set -eux; \ apt-get update; \ @@ -24,8 +19,8 @@ RUN set -eux; \ ; \ rm -rf /var/lib/apt/lists/* -ENV GPG_KEY E3FF2839C048B25C084DEBE9B26995E310250568 -ENV PYTHON_VERSION 3.8.20 +ENV PYTHON_VERSION 3.14.0b2 +ENV PYTHON_SHA256 7ac9e84844bbc0a5a8f1f79a37a68b3b8caf2a58b4aa5999c49227cb36e70ea6 RUN set -eux; \ \ @@ -39,7 +34,6 @@ RUN set -eux; \ libbz2-dev \ libc6-dev \ libdb-dev \ - libexpat1-dev \ libffi-dev \ libgdbm-dev \ liblzma-dev \ @@ -56,12 +50,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ - wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ - gpg --batch --verify python.tar.xz.asc python.tar.xz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" python.tar.xz.asc; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ mkdir -p /usr/src/python; \ tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \ rm python.tar.xz; \ @@ -74,17 +63,34 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ EXTRA_CFLAGS="$(dpkg-buildflags --get CFLAGS)"; \ LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; \ LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \ + arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ + amd64|arm64) \ + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ + i386) \ + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -92,7 +98,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -104,7 +109,6 @@ RUN set -eux; \ \( \ \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \ -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \) \) \ - -o \( -type f -a -name 'wininst-*.exe' \) \ \) -exec rm -rf '{}' + \ ; \ \ @@ -125,14 +129,6 @@ RUN set -eux; \ \ export PYTHONDONTWRITEBYTECODE=1; \ python3 --version; \ - \ - pip3 install \ - --disable-pip-version-check \ - --no-cache-dir \ - --no-compile \ - 'setuptools==57.5.0' \ - wheel \ - ; \ pip3 --version # make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) diff --git a/3.8/slim-bullseye/Dockerfile b/3.14-rc/slim-bullseye/Dockerfile similarity index 74% rename from 3.8/slim-bullseye/Dockerfile rename to 3.14-rc/slim-bullseye/Dockerfile index 798393abc..d8cff31e8 100644 --- a/3.8/slim-bullseye/Dockerfile +++ b/3.14-rc/slim-bullseye/Dockerfile @@ -9,11 +9,6 @@ FROM debian:bullseye-slim # ensure local python is preferred over distribution python ENV PATH /usr/local/bin:$PATH -# cannot remove LANG even though https://bugs.python.org/issue19846 is fixed -# last attempted removal of LANG broke many users: -# https://github.com/docker-library/python/pull/570 -ENV LANG C.UTF-8 - # runtime dependencies RUN set -eux; \ apt-get update; \ @@ -24,8 +19,8 @@ RUN set -eux; \ ; \ rm -rf /var/lib/apt/lists/* -ENV GPG_KEY E3FF2839C048B25C084DEBE9B26995E310250568 -ENV PYTHON_VERSION 3.8.20 +ENV PYTHON_VERSION 3.14.0b2 +ENV PYTHON_SHA256 7ac9e84844bbc0a5a8f1f79a37a68b3b8caf2a58b4aa5999c49227cb36e70ea6 RUN set -eux; \ \ @@ -39,7 +34,6 @@ RUN set -eux; \ libbz2-dev \ libc6-dev \ libdb-dev \ - libexpat1-dev \ libffi-dev \ libgdbm-dev \ liblzma-dev \ @@ -56,12 +50,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ - wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ - gpg --batch --verify python.tar.xz.asc python.tar.xz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" python.tar.xz.asc; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ mkdir -p /usr/src/python; \ tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \ rm python.tar.xz; \ @@ -74,17 +63,34 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-system-expat \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ EXTRA_CFLAGS="$(dpkg-buildflags --get CFLAGS)"; \ LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; \ LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \ + arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ + amd64|arm64) \ + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ + i386) \ + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -92,7 +98,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -104,7 +109,6 @@ RUN set -eux; \ \( \ \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \ -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \) \) \ - -o \( -type f -a -name 'wininst-*.exe' \) \ \) -exec rm -rf '{}' + \ ; \ \ @@ -125,14 +129,6 @@ RUN set -eux; \ \ export PYTHONDONTWRITEBYTECODE=1; \ python3 --version; \ - \ - pip3 install \ - --disable-pip-version-check \ - --no-cache-dir \ - --no-compile \ - 'setuptools==57.5.0' \ - wheel \ - ; \ pip3 --version # make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) diff --git a/3.12/windows/windowsservercore-ltsc2022/Dockerfile b/3.14-rc/windows/windowsservercore-ltsc2022/Dockerfile similarity index 85% rename from 3.12/windows/windowsservercore-ltsc2022/Dockerfile rename to 3.14-rc/windows/windowsservercore-ltsc2022/Dockerfile index 09a2a4e0a..edfc85354 100644 --- a/3.12/windows/windowsservercore-ltsc2022/Dockerfile +++ b/3.14-rc/windows/windowsservercore-ltsc2022/Dockerfile @@ -11,13 +11,20 @@ SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPref # https://github.com/docker-library/python/pull/557 ENV PYTHONIOENCODING UTF-8 -ENV PYTHON_VERSION 3.12.6 +ENV PYTHON_VERSION 3.14.0b2 +ENV PYTHON_SHA256 279b1d0e2b1b6cece6f03e49218aacccfd10367e07b785edeb1d4135507434c1 RUN $url = ('https://www.python.org/ftp/python/{0}/python-{1}-amd64.exe' -f ($env:PYTHON_VERSION -replace '[a-z]+[0-9]*$', ''), $env:PYTHON_VERSION); \ Write-Host ('Downloading {0} ...' -f $url); \ [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ Invoke-WebRequest -Uri $url -OutFile 'python.exe'; \ \ + Write-Host ('Verifying sha256 ({0}) ...' -f $env:PYTHON_SHA256); \ + if ((Get-FileHash python.exe -Algorithm sha256).Hash -ne $env:PYTHON_SHA256) { \ + Write-Host 'FAILED!'; \ + exit 1; \ + }; \ + \ Write-Host 'Installing ...'; \ # https://docs.python.org/3/using/windows.html#installing-without-ui $exitCode = (Start-Process python.exe -Wait -NoNewWindow -PassThru \ diff --git a/3.12/windows/windowsservercore-1809/Dockerfile b/3.14-rc/windows/windowsservercore-ltsc2025/Dockerfile similarity index 83% rename from 3.12/windows/windowsservercore-1809/Dockerfile rename to 3.14-rc/windows/windowsservercore-ltsc2025/Dockerfile index d41dfd073..41b646af1 100644 --- a/3.12/windows/windowsservercore-1809/Dockerfile +++ b/3.14-rc/windows/windowsservercore-ltsc2025/Dockerfile @@ -4,20 +4,27 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM mcr.microsoft.com/windows/servercore:1809 +FROM mcr.microsoft.com/windows/servercore:ltsc2025 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] # https://github.com/docker-library/python/pull/557 ENV PYTHONIOENCODING UTF-8 -ENV PYTHON_VERSION 3.12.6 +ENV PYTHON_VERSION 3.14.0b2 +ENV PYTHON_SHA256 279b1d0e2b1b6cece6f03e49218aacccfd10367e07b785edeb1d4135507434c1 RUN $url = ('https://www.python.org/ftp/python/{0}/python-{1}-amd64.exe' -f ($env:PYTHON_VERSION -replace '[a-z]+[0-9]*$', ''), $env:PYTHON_VERSION); \ Write-Host ('Downloading {0} ...' -f $url); \ [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ Invoke-WebRequest -Uri $url -OutFile 'python.exe'; \ \ + Write-Host ('Verifying sha256 ({0}) ...' -f $env:PYTHON_SHA256); \ + if ((Get-FileHash python.exe -Algorithm sha256).Hash -ne $env:PYTHON_SHA256) { \ + Write-Host 'FAILED!'; \ + exit 1; \ + }; \ + \ Write-Host 'Installing ...'; \ # https://docs.python.org/3/using/windows.html#installing-without-ui $exitCode = (Start-Process python.exe -Wait -NoNewWindow -PassThru \ diff --git a/3.8/alpine3.19/Dockerfile b/3.8/alpine3.19/Dockerfile deleted file mode 100644 index b7371cc75..000000000 --- a/3.8/alpine3.19/Dockerfile +++ /dev/null @@ -1,143 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM alpine:3.19 - -# ensure local python is preferred over distribution python -ENV PATH /usr/local/bin:$PATH - -# cannot remove LANG even though https://bugs.python.org/issue19846 is fixed -# last attempted removal of LANG broke many users: -# https://github.com/docker-library/python/pull/570 -ENV LANG C.UTF-8 - -# runtime dependencies -RUN set -eux; \ - apk add --no-cache \ - ca-certificates \ - tzdata \ - ; - -ENV GPG_KEY E3FF2839C048B25C084DEBE9B26995E310250568 -ENV PYTHON_VERSION 3.8.20 - -RUN set -eux; \ - \ - apk add --no-cache --virtual .build-deps \ - gnupg \ - tar \ - xz \ - \ - bluez-dev \ - bzip2-dev \ - dpkg-dev dpkg \ - expat-dev \ - findutils \ - gcc \ - gdbm-dev \ - libc-dev \ - libffi-dev \ - libnsl-dev \ - libtirpc-dev \ - linux-headers \ - make \ - ncurses-dev \ - openssl-dev \ - pax-utils \ - readline-dev \ - sqlite-dev \ - tcl-dev \ - tk \ - tk-dev \ - util-linux-dev \ - xz-dev \ - zlib-dev \ - ; \ - \ - wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ - wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ - gpg --batch --verify python.tar.xz.asc python.tar.xz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" python.tar.xz.asc; \ - mkdir -p /usr/src/python; \ - tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \ - rm python.tar.xz; \ - \ - cd /usr/src/python; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ - ./configure \ - --build="$gnuArch" \ - --enable-loadable-sqlite-extensions \ - --enable-optimizations \ - --enable-option-checking=fatal \ - --enable-shared \ - --with-system-expat \ - --with-ensurepip \ - ; \ - nproc="$(nproc)"; \ -# set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit() -# https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 - EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000"; \ - LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \ - make -j "$nproc" \ - "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ - "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ - ; \ -# https://github.com/docker-library/python/issues/784 -# prevent accidental usage of a system installed libpython of the same version - rm python; \ - make -j "$nproc" \ - "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ - "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ - python \ - ; \ - make install; \ - \ - cd /; \ - rm -rf /usr/src/python; \ - \ - find /usr/local -depth \ - \( \ - \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \ - -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \) \) \ - -o \( -type f -a -name 'wininst-*.exe' \) \ - \) -exec rm -rf '{}' + \ - ; \ - \ - find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - | xargs -rt apk add --no-network --virtual .python-rundeps \ - ; \ - apk del --no-network .build-deps; \ - \ - export PYTHONDONTWRITEBYTECODE=1; \ - python3 --version; \ - \ - pip3 install \ - --disable-pip-version-check \ - --no-cache-dir \ - --no-compile \ - 'setuptools==57.5.0' \ - wheel \ - ; \ - pip3 --version - -# make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) -RUN set -eux; \ - for src in idle3 pip3 pydoc3 python3 python3-config; do \ - dst="$(echo "$src" | tr -d 3)"; \ - [ -s "/usr/local/bin/$src" ]; \ - [ ! -e "/usr/local/bin/$dst" ]; \ - ln -svT "$src" "/usr/local/bin/$dst"; \ - done - -CMD ["python3"] diff --git a/3.8/alpine3.20/Dockerfile b/3.8/alpine3.20/Dockerfile deleted file mode 100644 index 706192624..000000000 --- a/3.8/alpine3.20/Dockerfile +++ /dev/null @@ -1,143 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM alpine:3.20 - -# ensure local python is preferred over distribution python -ENV PATH /usr/local/bin:$PATH - -# cannot remove LANG even though https://bugs.python.org/issue19846 is fixed -# last attempted removal of LANG broke many users: -# https://github.com/docker-library/python/pull/570 -ENV LANG C.UTF-8 - -# runtime dependencies -RUN set -eux; \ - apk add --no-cache \ - ca-certificates \ - tzdata \ - ; - -ENV GPG_KEY E3FF2839C048B25C084DEBE9B26995E310250568 -ENV PYTHON_VERSION 3.8.20 - -RUN set -eux; \ - \ - apk add --no-cache --virtual .build-deps \ - gnupg \ - tar \ - xz \ - \ - bluez-dev \ - bzip2-dev \ - dpkg-dev dpkg \ - expat-dev \ - findutils \ - gcc \ - gdbm-dev \ - libc-dev \ - libffi-dev \ - libnsl-dev \ - libtirpc-dev \ - linux-headers \ - make \ - ncurses-dev \ - openssl-dev \ - pax-utils \ - readline-dev \ - sqlite-dev \ - tcl-dev \ - tk \ - tk-dev \ - util-linux-dev \ - xz-dev \ - zlib-dev \ - ; \ - \ - wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ - wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ - gpg --batch --verify python.tar.xz.asc python.tar.xz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" python.tar.xz.asc; \ - mkdir -p /usr/src/python; \ - tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \ - rm python.tar.xz; \ - \ - cd /usr/src/python; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ - ./configure \ - --build="$gnuArch" \ - --enable-loadable-sqlite-extensions \ - --enable-optimizations \ - --enable-option-checking=fatal \ - --enable-shared \ - --with-system-expat \ - --with-ensurepip \ - ; \ - nproc="$(nproc)"; \ -# set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit() -# https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 - EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000"; \ - LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \ - make -j "$nproc" \ - "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ - "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ - ; \ -# https://github.com/docker-library/python/issues/784 -# prevent accidental usage of a system installed libpython of the same version - rm python; \ - make -j "$nproc" \ - "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ - "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ - python \ - ; \ - make install; \ - \ - cd /; \ - rm -rf /usr/src/python; \ - \ - find /usr/local -depth \ - \( \ - \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \ - -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \) \) \ - -o \( -type f -a -name 'wininst-*.exe' \) \ - \) -exec rm -rf '{}' + \ - ; \ - \ - find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - | xargs -rt apk add --no-network --virtual .python-rundeps \ - ; \ - apk del --no-network .build-deps; \ - \ - export PYTHONDONTWRITEBYTECODE=1; \ - python3 --version; \ - \ - pip3 install \ - --disable-pip-version-check \ - --no-cache-dir \ - --no-compile \ - 'setuptools==57.5.0' \ - wheel \ - ; \ - pip3 --version - -# make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) -RUN set -eux; \ - for src in idle3 pip3 pydoc3 python3 python3-config; do \ - dst="$(echo "$src" | tr -d 3)"; \ - [ -s "/usr/local/bin/$src" ]; \ - [ ! -e "/usr/local/bin/$dst" ]; \ - ln -svT "$src" "/usr/local/bin/$dst"; \ - done - -CMD ["python3"] diff --git a/3.9/alpine3.19/Dockerfile b/3.9/alpine3.21/Dockerfile similarity index 93% rename from 3.9/alpine3.19/Dockerfile rename to 3.9/alpine3.21/Dockerfile index 8632c56f2..ec25bdb83 100644 --- a/3.9/alpine3.19/Dockerfile +++ b/3.9/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # ensure local python is preferred over distribution python ENV PATH /usr/local/bin:$PATH @@ -22,7 +22,8 @@ RUN set -eux; \ ; ENV GPG_KEY E3FF2839C048B25C084DEBE9B26995E310250568 -ENV PYTHON_VERSION 3.9.20 +ENV PYTHON_VERSION 3.9.23 +ENV PYTHON_SHA256 61a42919e13d539f7673cf11d1c404380e28e540510860b9d242196e165709c9 RUN set -eux; \ \ @@ -34,7 +35,6 @@ RUN set -eux; \ bluez-dev \ bzip2-dev \ dpkg-dev dpkg \ - expat-dev \ findutils \ gcc \ gdbm-dev \ @@ -58,6 +58,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -73,10 +74,8 @@ RUN set -eux; \ ./configure \ --build="$gnuArch" \ --enable-loadable-sqlite-extensions \ - --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-system-expat \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -87,7 +86,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -95,7 +93,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -126,7 +123,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ 'setuptools==58.1.0' \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ pip3 --version diff --git a/3.9/alpine3.20/Dockerfile b/3.9/alpine3.22/Dockerfile similarity index 93% rename from 3.9/alpine3.20/Dockerfile rename to 3.9/alpine3.22/Dockerfile index 91044e1a8..242d08b09 100644 --- a/3.9/alpine3.20/Dockerfile +++ b/3.9/alpine3.22/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.20 +FROM alpine:3.22 # ensure local python is preferred over distribution python ENV PATH /usr/local/bin:$PATH @@ -22,7 +22,8 @@ RUN set -eux; \ ; ENV GPG_KEY E3FF2839C048B25C084DEBE9B26995E310250568 -ENV PYTHON_VERSION 3.9.20 +ENV PYTHON_VERSION 3.9.23 +ENV PYTHON_SHA256 61a42919e13d539f7673cf11d1c404380e28e540510860b9d242196e165709c9 RUN set -eux; \ \ @@ -34,7 +35,6 @@ RUN set -eux; \ bluez-dev \ bzip2-dev \ dpkg-dev dpkg \ - expat-dev \ findutils \ gcc \ gdbm-dev \ @@ -58,6 +58,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -73,10 +74,8 @@ RUN set -eux; \ ./configure \ --build="$gnuArch" \ --enable-loadable-sqlite-extensions \ - --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-system-expat \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -87,7 +86,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -95,7 +93,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -126,7 +123,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ 'setuptools==58.1.0' \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ pip3 --version diff --git a/3.9/bookworm/Dockerfile b/3.9/bookworm/Dockerfile index fe0ba4cee..6a6de6111 100644 --- a/3.9/bookworm/Dockerfile +++ b/3.9/bookworm/Dockerfile @@ -25,11 +25,13 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY E3FF2839C048B25C084DEBE9B26995E310250568 -ENV PYTHON_VERSION 3.9.20 +ENV PYTHON_VERSION 3.9.23 +ENV PYTHON_SHA256 61a42919e13d539f7673cf11d1c404380e28e540510860b9d242196e165709c9 RUN set -eux; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -48,7 +50,6 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-system-expat \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -57,7 +58,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -65,7 +65,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -96,7 +95,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ 'setuptools==58.1.0' \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ pip3 --version diff --git a/3.9/bullseye/Dockerfile b/3.9/bullseye/Dockerfile index fbe07aa6e..93ee7089e 100644 --- a/3.9/bullseye/Dockerfile +++ b/3.9/bullseye/Dockerfile @@ -25,11 +25,13 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY E3FF2839C048B25C084DEBE9B26995E310250568 -ENV PYTHON_VERSION 3.9.20 +ENV PYTHON_VERSION 3.9.23 +ENV PYTHON_SHA256 61a42919e13d539f7673cf11d1c404380e28e540510860b9d242196e165709c9 RUN set -eux; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -48,7 +50,6 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-system-expat \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -57,7 +58,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -65,7 +65,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -96,7 +95,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ 'setuptools==58.1.0' \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ pip3 --version diff --git a/3.9/slim-bookworm/Dockerfile b/3.9/slim-bookworm/Dockerfile index b29051af5..c79cc6009 100644 --- a/3.9/slim-bookworm/Dockerfile +++ b/3.9/slim-bookworm/Dockerfile @@ -25,7 +25,8 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY E3FF2839C048B25C084DEBE9B26995E310250568 -ENV PYTHON_VERSION 3.9.20 +ENV PYTHON_VERSION 3.9.23 +ENV PYTHON_SHA256 61a42919e13d539f7673cf11d1c404380e28e540510860b9d242196e165709c9 RUN set -eux; \ \ @@ -39,7 +40,6 @@ RUN set -eux; \ libbz2-dev \ libc6-dev \ libdb-dev \ - libexpat1-dev \ libffi-dev \ libgdbm-dev \ liblzma-dev \ @@ -56,6 +56,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -74,7 +75,6 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-system-expat \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -84,7 +84,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -92,7 +91,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -130,7 +128,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ 'setuptools==58.1.0' \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ pip3 --version diff --git a/3.9/slim-bullseye/Dockerfile b/3.9/slim-bullseye/Dockerfile index 956ede228..27ecb5b30 100644 --- a/3.9/slim-bullseye/Dockerfile +++ b/3.9/slim-bullseye/Dockerfile @@ -25,7 +25,8 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV GPG_KEY E3FF2839C048B25C084DEBE9B26995E310250568 -ENV PYTHON_VERSION 3.9.20 +ENV PYTHON_VERSION 3.9.23 +ENV PYTHON_SHA256 61a42919e13d539f7673cf11d1c404380e28e540510860b9d242196e165709c9 RUN set -eux; \ \ @@ -39,7 +40,6 @@ RUN set -eux; \ libbz2-dev \ libc6-dev \ libdb-dev \ - libexpat1-dev \ libffi-dev \ libgdbm-dev \ liblzma-dev \ @@ -56,6 +56,7 @@ RUN set -eux; \ ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ @@ -74,7 +75,6 @@ RUN set -eux; \ --enable-optimizations \ --enable-option-checking=fatal \ --enable-shared \ - --with-system-expat \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -84,7 +84,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -92,7 +91,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -130,7 +128,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ 'setuptools==58.1.0' \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ pip3 --version diff --git a/Dockerfile-linux.template b/Dockerfile-linux.template index bbfc48193..8b3b8c824 100644 --- a/Dockerfile-linux.template +++ b/Dockerfile-linux.template @@ -19,7 +19,7 @@ FROM buildpack-deps:{{ env.variant }} # ensure local python is preferred over distribution python ENV PATH /usr/local/bin:$PATH -{{ if [ "3.8", "3.9", "3.10", "3.11", "3.12" ] | index(rcVersion) then ( -}} +{{ if rcVersion | IN("3.9", "3.10", "3.11", "3.12") then ( -}} {{ # only set LANG on versions less than 3.13 -}} # cannot remove LANG even though https://bugs.python.org/issue19846 is fixed # last attempted removal of LANG broke many users: @@ -51,34 +51,42 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* {{ ) end -}} +{{ + def should_pgp: + # https://github.com/docker-library/python/issues/977 + # https://peps.python.org/pep-0761/ + # https://discuss.python.org/t/pep-761-deprecating-pgp-signatures-for-cpython-artifacts/67180 + rcVersion | IN("3.9", "3.10", "3.11", "3.12", "3.13") +-}} +{{ if should_pgp then ( -}} ENV GPG_KEY {{ { - # gpg: key B26995E310250568: public key "\xc5\x81ukasz Langa (GPG langa.pl) " imported - "3.8": "E3FF2839C048B25C084DEBE9B26995E310250568", - # https://www.python.org/dev/peps/pep-0569/#release-manager-and-crew - # gpg: key B26995E310250568: public key "\xc5\x81ukasz Langa (GPG langa.pl) " imported "3.9": "E3FF2839C048B25C084DEBE9B26995E310250568", - # https://www.python.org/dev/peps/pep-0596/#release-manager-and-crew + # https://peps.python.org/pep-0596/#release-manager-and-crew # gpg: key 64E628F8D684696D: public key "Pablo Galindo Salgado " imported "3.10": "A035C8C19219BA821ECEA86B64E628F8D684696D", - # https://www.python.org/dev/peps/pep-0619/#release-manager-and-crew + # https://peps.python.org/pep-0619/#release-manager-and-crew # gpg: key 64E628F8D684696D: public key "Pablo Galindo Salgado " imported "3.11": "A035C8C19219BA821ECEA86B64E628F8D684696D", - # https://www.python.org/dev/peps/pep-0664/#release-manager-and-crew + # https://peps.python.org/pep-0664/#release-manager-and-crew # gpg: key A821E680E5FA6305: public key "Thomas Wouters " imported "3.12": "7169605F62C751356D054A26A821E680E5FA6305", - # https://www.python.org/dev/peps/pep-0693/#release-manager-and-crew + # https://peps.python.org/pep-0693/#release-manager-and-crew # gpg: key A821E680E5FA6305: public key "Thomas Wouters " imported "3.13": "7169605F62C751356D054A26A821E680E5FA6305", # https://peps.python.org/pep-0719/#release-manager-and-crew }[rcVersion] }} +{{ ) else "" end -}} ENV PYTHON_VERSION {{ .version }} +{{ if .checksums.source.sha256 then ( -}} +ENV PYTHON_SHA256 {{ .checksums.source.sha256 }} +{{ ) else "" end -}} RUN set -eux; \ \ @@ -91,7 +99,6 @@ RUN set -eux; \ bluez-dev \ bzip2-dev \ dpkg-dev dpkg \ - expat-dev \ findutils \ gcc \ gdbm-dev \ @@ -125,7 +132,6 @@ RUN set -eux; \ libbz2-dev \ libc6-dev \ libdb-dev \ - libexpat1-dev \ libffi-dev \ libgdbm-dev \ liblzma-dev \ @@ -143,12 +149,17 @@ RUN set -eux; \ \ {{ ) else "" end -}} wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ +{{ if .checksums.source.sha256 then ( -}} + echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; \ +{{ ) else "" end -}} +{{ if should_pgp then ( -}} wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ gpg --batch --verify python.tar.xz.asc python.tar.xz; \ gpgconf --kill all; \ rm -rf "$GNUPGHOME" python.tar.xz.asc; \ +{{ ) else "" end -}} mkdir -p /usr/src/python; \ tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \ rm python.tar.xz; \ @@ -159,23 +170,21 @@ RUN set -eux; \ --build="$gnuArch" \ --enable-loadable-sqlite-extensions \ {{ - # skip optimizations on alpine on riscv64 (except python 3.8 and 3.9) - # only 3.8 and 3.9 complete building on riscv64 with optimizations, 3.10-3.13rc all hit the 3 hour limit - if (is_alpine | not) or ( [ "3.8", "3.9" ] | index(rcVersion) ) then ( + # https://github.com/docker-library/python/pull/980 (fixing PGO runs tests that fail, but shouldn't) + # https://github.com/python/cpython/issues/90548 (alpine failures; not likely to be fixed any time soon) + if is_alpine then "" else ( -}} --enable-optimizations \ -{{ ) else ( -}} - $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--enable-optimizations') \ {{ ) end -}} --enable-option-checking=fatal \ --enable-shared \ {{ # <3.10 does not have -fno-semantic-interposition enabled and --with-lto does nothing for performance - if [ "3.8", "3.9" ] | index(rcVersion) then "" else ( + # skip LTO on alpine on riscv64: https://github.com/docker-library/python/pull/935, https://github.com/docker-library/python/pull/1038 + if rcVersion == "3.9" then "" else ( -}} - --with-lto \ + $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--with-lto') \ {{ ) end -}} - --with-system-expat \ --with-ensurepip \ ; \ nproc="$(nproc)"; \ @@ -190,10 +199,44 @@ RUN set -eux; \ {{ if is_slim or is_alpine then ( -}} LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \ {{ ) else "" end -}} +{{ + # Enabling frame-pointers only makes sense for Python 3.12 and newer as those have perf profiler support + if rcVersion | IN("3.9", "3.10", "3.11") then "" else ( +-}} +{{ if is_alpine then ( -}} + arch="$(apk --print-arch)"; \ +{{ ) else ( -}} + arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ +{{ ) end -}} +# https://docs.python.org/3.12/howto/perf_profiling.html +# https://github.com/docker-library/python/pull/1000#issuecomment-2597021615 + case "$arch" in \ +{{ if is_alpine then ( -}} + x86_64|aarch64) \ +{{ ) else ( -}} + amd64|arm64) \ +{{ ) end -}} + # only add "-mno-omit-leaf" on arches that support it + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/x86-Options.html#index-momit-leaf-frame-pointer-2 + # https://gcc.gnu.org/onlinedocs/gcc-14.2.0/gcc/AArch64-Options.html#index-momit-leaf-frame-pointer + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; \ + ;; \ +{{ if is_alpine then ( -}} + x86) \ +{{ ) else ( -}} + i386) \ +{{ ) end -}} + # don't enable frame-pointers on 32bit x86 due to performance drop. + ;; \ + *) \ + # other arches don't support "-mno-omit-leaf" + EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; \ + ;; \ + esac; \ +{{ ) end -}} make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:-}" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ ; \ # https://github.com/docker-library/python/issues/784 # prevent accidental usage of a system installed libpython of the same version @@ -201,7 +244,6 @@ RUN set -eux; \ make -j "$nproc" \ "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \ "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" \ - "PROFILE_TASK=${PROFILE_TASK:-}" \ python \ ; \ make install; \ @@ -221,14 +263,6 @@ RUN set -eux; \ \( \ \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \ -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \) \) \ -{{ if [ "3.8" ] | index(env.version) then ( -}} - -o \( -type f -a -name 'wininst-*.exe' \) \ -{{ - ) else - # "wininst-*.exe" is not installed for Unix platforms on Python 3.9+: https://github.com/python/cpython/pull/14511 - "" - end --}} \) -exec rm -rf '{}' + \ ; \ \ @@ -268,7 +302,8 @@ RUN set -eux; \ --no-cache-dir \ --no-compile \ {{ "setuptools==\( .setuptools.version )" | @sh }} \ - wheel \ + # https://github.com/docker-library/python/issues/1023 + 'wheel<0.46' \ ; \ {{ ) else "" end -}} pip3 --version diff --git a/Dockerfile-windows.template b/Dockerfile-windows.template index 78d5aaa9d..115b08c21 100644 --- a/Dockerfile-windows.template +++ b/Dockerfile-windows.template @@ -6,11 +6,22 @@ SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPref ENV PYTHONIOENCODING UTF-8 ENV PYTHON_VERSION {{ .version }} +{{ if .checksums.windows.sha256 then ( -}} +ENV PYTHON_SHA256 {{ .checksums.windows.sha256 }} +{{ ) else "" end -}} RUN $url = ('https://www.python.org/ftp/python/{0}/python-{1}-amd64.exe' -f ($env:PYTHON_VERSION -replace '[a-z]+[0-9]*$', ''), $env:PYTHON_VERSION); \ Write-Host ('Downloading {0} ...' -f $url); \ [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ Invoke-WebRequest -Uri $url -OutFile 'python.exe'; \ +{{ if .checksums.windows.sha256 then ( -}} + \ + Write-Host ('Verifying sha256 ({0}) ...' -f $env:PYTHON_SHA256); \ + if ((Get-FileHash python.exe -Algorithm sha256).Hash -ne $env:PYTHON_SHA256) { \ + Write-Host 'FAILED!'; \ + exit 1; \ + }; \ +{{ ) else "" end -}} \ Write-Host 'Installing ...'; \ # https://docs.python.org/3/using/windows.html#installing-without-ui @@ -43,18 +54,16 @@ RUN $url = ('https://www.python.org/ftp/python/{0}/python-{1}-amd64.exe' -f ($en Remove-Item $env:TEMP/Python*.log -Force; \ \ $env:PYTHONDONTWRITEBYTECODE = '1'; \ -{{ if .setuptools then ( -}} - \ - Write-Host ('Installing setuptools and wheel ...'); \ - pip install \ - --disable-pip-version-check \ - --no-cache-dir \ - --no-compile \ - 'setuptools=={{ .setuptools.version }}' \ - wheel \ - ; \ -{{ ) else "" end -}} \ +{{ if .version == "3.14.0b1" then ( -}} + Write-Host 'Reinstalling pip to workaround a bug ...'; \ + # https://github.com/python/cpython/issues/133626 + # clean up broken pip install + Remove-Item -Recurse C:\Python\Lib\site-packages\pip*; \ + # install pip as pip.exe + python -m ensurepip --default-pip -vvv; \ + \ +{{ ) else "" end -}} Write-Host 'Verifying pip install ...'; \ pip --version; \ \ diff --git a/README.md b/README.md index 617f64ae7..3d5b277d3 100644 --- a/README.md +++ b/README.md @@ -12,15 +12,4 @@ For more information about the full official images change lifecycle, see [the " For outstanding `python` image PRs, check [PRs with the "library/python" label on the official-images repository](https://github.com/docker-library/official-images/labels/library%2Fpython). For the current "source of truth" for [`python`](https://hub.docker.com/_/python/), see [the `library/python` file in the official-images repository](https://github.com/docker-library/official-images/blob/master/library/python). ---- - -- [![build status badge](https://img.shields.io/github/actions/workflow/status/docker-library/python/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/docker-library/python/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) -- [![build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/update.sh/job/python.svg?label=Automated%20update.sh)](https://doi-janky.infosiftr.net/job/update.sh/job/python/) - -| Build | Status | Badges | (per-arch) | -|:-:|:-:|:-:|:-:| -| [![amd64 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/amd64/job/python.svg?label=amd64)](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/python/) | [![arm32v5 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/python.svg?label=arm32v5)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/python/) | [![arm32v6 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/python.svg?label=arm32v6)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/python/) | [![arm32v7 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/python.svg?label=arm32v7)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/python/) | -| [![arm64v8 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/python.svg?label=arm64v8)](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/python/) | [![i386 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/i386/job/python.svg?label=i386)](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/python/) | [![mips64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/mips64le/job/python.svg?label=mips64le)](https://doi-janky.infosiftr.net/job/multiarch/job/mips64le/job/python/) | [![ppc64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/python.svg?label=ppc64le)](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/python/) | -| [![s390x build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/s390x/job/python.svg?label=s390x)](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/python/) | [![windows-amd64 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/windows-amd64/job/python.svg?label=windows-amd64)](https://doi-janky.infosiftr.net/job/multiarch/job/windows-amd64/job/python/) | [![put-shared build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/put-shared/job/light/job/python.svg?label=put-shared)](https://doi-janky.infosiftr.net/job/put-shared/job/light/job/python/) | - diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 32b6adef4..a1ef13fe7 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -2,7 +2,7 @@ set -Eeuo pipefail declare -A aliases=( - [3.12]='3 latest' + [3.13]='3 latest' ) self="$(basename "$BASH_SOURCE")" @@ -44,17 +44,19 @@ dirCommit() { getArches() { local repo="$1"; shift - local officialImagesUrl='https://github.com/docker-library/official-images/raw/master/library/' + local officialImagesBase="${BASHBREW_LIBRARY:-https://github.com/docker-library/official-images/raw/HEAD/library}/" - eval "declare -g -A parentRepoToArches=( $( - find -name 'Dockerfile' -exec awk ' + local parentRepoToArchesStr + parentRepoToArchesStr="$( + find -name 'Dockerfile' -exec awk -v officialImagesBase="$officialImagesBase" ' toupper($1) == "FROM" && $2 !~ /^('"$repo"'|scratch|.*\/.*)(:|$)/ { - print "'"$officialImagesUrl"'" $2 + printf "%s%s\n", officialImagesBase, $2 } ' '{}' + \ | sort -u \ - | xargs bashbrew cat --format '[{{ .RepoName }}:{{ .TagName }}]="{{ join " " .TagEntry.Architectures }}"' - ) )" + | xargs -r bashbrew cat --format '["{{ .RepoName }}:{{ .TagName }}"]="{{ join " " .TagEntry.Architectures }}"' + )" + eval "declare -g -A parentRepoToArches=( $parentRepoToArchesStr )" } getArches 'python' @@ -134,18 +136,20 @@ for version; do ;; esac + # https://github.com/python/cpython/issues/93619 (Linking error when building 3.11 beta on mips64le) + https://peps.python.org/pep-0011/ (mips is not even tier 3) case "$version" in - 3.8 | 3.9) ;; - *) - if [ "$version" != '3.10' ]; then - # https://github.com/docker-library/python/pull/931 - variantArches="$(sed <<<" $variantArches " -e 's/ riscv64 / /g')" - fi - # https://github.com/python/cpython/issues/93619 + https://peps.python.org/pep-0011/ - variantArches="$(sed <<<" $variantArches " -e 's/ mips64le / /g')" - ;; + 3.9) ;; + *) variantArches="$(sed <<<" $variantArches " -e 's/ mips64le / /g')" ;; esac + # https://github.com/docker-library/python/issues/1014 (ensurepip failing on s390x 3.14.0a6 Alpine images) + if [[ "$variant" == alpine* ]]; then + case "$version" in + 3.9 | 3.10 | 3.11 | 3.12 | 3.13) ;; + *) variantArches="$(sed <<<" $variantArches " -e 's/ s390x / /g')" ;; + esac + fi + sharedTags=() for windowsShared in windowsservercore nanoserver; do if [[ "$variant" == "$windowsShared"* ]]; then diff --git a/versions.json b/versions.json index b24854d2c..ba12214b3 100644 --- a/versions.json +++ b/versions.json @@ -1,5 +1,10 @@ { "3.10": { + "checksums": { + "source": { + "sha256": "ae665bc678abd9ab6a6e1573d2481625a53719bc517e9a634ed2b9fefae3817f" + } + }, "setuptools": { "version": "65.5.1" }, @@ -8,12 +13,17 @@ "slim-bookworm", "bullseye", "slim-bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.22", + "alpine3.21" ], - "version": "3.10.15" + "version": "3.10.18" }, "3.11": { + "checksums": { + "source": { + "sha256": "8fb5f9fbc7609fa822cb31549884575db7fd9657cbffb89510b5d7975963a83a" + } + }, "setuptools": { "version": "65.5.1" }, @@ -22,52 +32,75 @@ "slim-bookworm", "bullseye", "slim-bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.22", + "alpine3.21" ], - "version": "3.11.10" + "version": "3.11.13" }, "3.12": { + "checksums": { + "source": { + "sha256": "c30bb24b7f1e9a19b11b55a546434f74e739bb4c271a3e3a80ff4380d49f7adb" + } + }, "variants": [ "bookworm", "slim-bookworm", "bullseye", "slim-bullseye", - "alpine3.20", - "alpine3.19", - "windows/windowsservercore-ltsc2022", - "windows/windowsservercore-1809" + "alpine3.22", + "alpine3.21" ], - "version": "3.12.6" + "version": "3.12.11" }, - "3.13-rc": { + "3.13": { + "checksums": { + "source": { + "sha256": "27b15a797562a2971dce3ffe31bb216042ce0b995b39d768cf15f784cc757365" + }, + "windows": { + "sha256": "94f53bb832539ea02d6ce581d7c1fcc36228e04a611b8dcfe797ad4bbc0a45c1" + } + }, "variants": [ "bookworm", "slim-bookworm", "bullseye", "slim-bullseye", - "alpine3.20", - "alpine3.19", - "windows/windowsservercore-ltsc2022", - "windows/windowsservercore-1809" + "alpine3.22", + "alpine3.21", + "windows/windowsservercore-ltsc2025", + "windows/windowsservercore-ltsc2022" ], - "version": "3.13.0rc2" + "version": "3.13.4" }, - "3.8": { - "setuptools": { - "version": "57.5.0" + "3.14-rc": { + "checksums": { + "source": { + "sha256": "7ac9e84844bbc0a5a8f1f79a37a68b3b8caf2a58b4aa5999c49227cb36e70ea6" + }, + "windows": { + "sha256": "279b1d0e2b1b6cece6f03e49218aacccfd10367e07b785edeb1d4135507434c1" + } }, "variants": [ "bookworm", "slim-bookworm", "bullseye", "slim-bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.22", + "alpine3.21", + "windows/windowsservercore-ltsc2025", + "windows/windowsservercore-ltsc2022" ], - "version": "3.8.20" + "version": "3.14.0b2" }, "3.9": { + "checksums": { + "source": { + "sha256": "61a42919e13d539f7673cf11d1c404380e28e540510860b9d242196e165709c9" + } + }, "setuptools": { "version": "58.1.0" }, @@ -76,9 +109,9 @@ "slim-bookworm", "bullseye", "slim-bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.22", + "alpine3.21" ], - "version": "3.9.20" + "version": "3.9.23" } } diff --git a/versions.sh b/versions.sh index e99d6679f..d4ac179b8 100755 --- a/versions.sh +++ b/versions.sh @@ -2,10 +2,6 @@ set -Eeuo pipefail shopt -s nullglob -# https://github.com/docker-library/python/issues/365 -minimumSetuptoolsVersion='57.5.0' -# for historical reasons, setuptools gets pinned to either the version bundled with each Python version or this, whichever is higher - cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" versions=( "$@" ) @@ -17,24 +13,64 @@ else fi versions=( "${versions[@]%/}" ) -has_linux_version() { - local dir="$1"; shift +declare -A checksums=() +check_file() { local dirVersion="$1"; shift local fullVersion="$1"; shift + local type="${1:-source}" # "source" or "windows" - if ! wget -q -O /dev/null -o /dev/null --spider "https://www.python.org/ftp/python/$dirVersion/Python-$fullVersion.tar.xz"; then - return 1 + local filename="Python-$fullVersion.tar.xz" + if [ "$type" = 'windows' ]; then + filename="python-$fullVersion-amd64.exe" + fi + local url="https://www.python.org/ftp/python/$dirVersion/$filename" + + local sigstore + if sigstore="$( + wget -qO- -o/dev/null "$url.sigstore" \ + | jq -r ' + .messageSignature.messageDigest + | if .algorithm != "SHA2_256" then + error("sigstore bundle not using SHA2_256") + else .digest end + ' + )" && [ -n "$sigstore" ]; then + sigstore="$(base64 -d <<<"$sigstore" | hexdump -ve '/1 "%02x"')" + checksums["$fullVersion"]="$(jq <<<"${checksums["$fullVersion"]:-null}" --arg type "$type" --arg sha256 "$sigstore" '.[$type].sha256 = $sha256')" + return 0 fi - return 0 -} - -has_windows_version() { - local dir="$1"; shift - local dirVersion="$1"; shift - local fullVersion="$1"; shift + # TODO is this even necessary/useful? the sigstore-based version above is *much* faster, supports all current versions (not just 3.12+ like this), *and* should be more reliable 🤔 + local sbom + if sbom="$( + wget -qO- -o/dev/null "$url.spdx.json" \ + | jq --arg filename "$filename" ' + first( + .packages[] + | select( + .name == "CPython" + and .packageFileName == $filename + ) + ) + | .checksums + | map({ + key: (.algorithm // empty | ascii_downcase), + value: (.checksumValue // empty), + }) + | if length < 1 then + error("no checksums found for \($filename)") + else . end + | from_entries + | if has("sha256") then . else + error("missing sha256 for \($filename); have \(.)") + end + ' + )" && [ -n "sbom" ]; then + checksums["$fullVersion"]="$(jq <<<"${checksums["$fullVersion"]:-null}" --arg type "$type" --argjson sums "$sbom" '.[$type] += $sums')" + return 0 + fi - if ! wget -q -O /dev/null -o /dev/null --spider "https://www.python.org/ftp/python/$dirVersion/python-$fullVersion-amd64.exe"; then + if ! wget -q -O /dev/null -o /dev/null --spider "$url"; then return 1 fi @@ -72,9 +108,9 @@ for version in "${versions[@]}"; do rcPossible="${possible%%[a-z]*}" # varnish is great until it isn't (usually the directory listing we scrape below is updated/uncached significantly later than the release being available) - if has_linux_version "$version" "$rcPossible" "$possible"; then + if check_file "$rcPossible" "$possible"; then fullVersion="$possible" - if has_windows_version "$version" "$rcPossible" "$possible"; then + if check_file "$rcPossible" "$possible" windows; then hasWindows=1 fi break @@ -93,9 +129,9 @@ for version in "${versions[@]}"; do || true ) ) for possibleVersion in "${possibleVersions[@]}"; do - if has_linux_version "$version" "$rcPossible" "$possibleVersion"; then + if check_file "$rcPossible" "$possibleVersion"; then fullVersion="$possibleVersion" - if has_windows_version "$version" "$rcPossible" "$possible"; then + if check_file "$rcPossible" "$possible" windows; then hasWindows=1 fi break @@ -126,7 +162,7 @@ for version in "${versions[@]}"; do # TODO remove setuptools version handling entirely once Python 3.11 is EOL setuptoolsVersion="$(sed -nre 's/^_SETUPTOOLS_VERSION[[:space:]]*=[[:space:]]*"(.*?)".*/\1/p' <<<"$ensurepipVersions")" case "$rcVersion" in - 3.8 | 3.9 | 3.10 | 3.11) + 3.9 | 3.10 | 3.11) if [ -z "$setuptoolsVersion" ]; then echo >&2 "error: $version: missing setuptools version" exit 1 @@ -136,14 +172,6 @@ for version in "${versions[@]}"; do exit 1 fi - # TODO remove this once Python 3.8 is either "new enough setuptools" or EOL - setuptoolsVersion="$( - { - echo "$setuptoolsVersion" - echo "$minimumSetuptoolsVersion" - } | sort -rV | head -1 - )" - # https://github.com/docker-library/python/issues/781 (TODO remove this if 3.10 and 3.11 embed a newer setuptools and this section no longer applies) if [ "$setuptoolsVersion" = '65.5.0' ]; then setuptoolsVersion='65.5.1' @@ -162,8 +190,8 @@ for version in "${versions[@]}"; do echo "$version: $fullVersion" export fullVersion pipVersion setuptoolsVersion hasWindows - json="$(jq <<<"$json" -c ' - .[env.version] = { + doc="$(jq -nc ' + { version: env.fullVersion, variants: [ ( @@ -172,14 +200,14 @@ for version in "${versions[@]}"; do empty | ., "slim-" + .), # https://github.com/docker-library/ruby/pull/142#issuecomment-320012893 ( - "3.20", - "3.19", + "3.22", + "3.21", empty | "alpine" + .), if env.hasWindows != "" then ( + "ltsc2025", "ltsc2022", - "1809", empty | "windows/windowsservercore-" + .) else empty end @@ -190,6 +218,12 @@ for version in "${versions[@]}"; do }, } else {} end ')" + + if [ -n "${checksums["$fullVersion"]:-}" ]; then + doc="$(jq <<<"$doc" -c --argjson checksums "${checksums["$fullVersion"]}" '.checksums = $checksums')" + fi + + json="$(jq <<<"$json" -c --argjson doc "$doc" '.[env.version] = $doc')" done jq <<<"$json" -S . > versions.json