From 5de3a27d7100f6f9d425b487d5bedfe5eb6079c4 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Fri, 20 Jan 2023 13:13:22 -0800 Subject: [PATCH 1/2] Revert "Fix path to libpython shared-library in python binaries" This reverts commit 0db1a5b346aab9304d0cfc4bf33268e1818ecc42. --- 3.10/alpine3.16/Dockerfile | 5 +---- 3.10/alpine3.17/Dockerfile | 5 +---- 3.10/bullseye/Dockerfile | 4 ---- 3.10/buster/Dockerfile | 4 ---- 3.10/slim-bullseye/Dockerfile | 5 +---- 3.10/slim-buster/Dockerfile | 5 +---- 3.11/alpine3.16/Dockerfile | 5 +---- 3.11/alpine3.17/Dockerfile | 5 +---- 3.11/bullseye/Dockerfile | 4 ---- 3.11/buster/Dockerfile | 4 ---- 3.11/slim-bullseye/Dockerfile | 5 +---- 3.11/slim-buster/Dockerfile | 5 +---- 3.12-rc/alpine3.16/Dockerfile | 5 +---- 3.12-rc/alpine3.17/Dockerfile | 5 +---- 3.12-rc/bullseye/Dockerfile | 4 ---- 3.12-rc/buster/Dockerfile | 4 ---- 3.12-rc/slim-bullseye/Dockerfile | 5 +---- 3.12-rc/slim-buster/Dockerfile | 5 +---- 3.7/alpine3.16/Dockerfile | 5 +---- 3.7/alpine3.17/Dockerfile | 5 +---- 3.7/bullseye/Dockerfile | 4 ---- 3.7/buster/Dockerfile | 4 ---- 3.7/slim-bullseye/Dockerfile | 5 +---- 3.7/slim-buster/Dockerfile | 5 +---- 3.8/alpine3.16/Dockerfile | 5 +---- 3.8/alpine3.17/Dockerfile | 5 +---- 3.8/bullseye/Dockerfile | 4 ---- 3.8/buster/Dockerfile | 4 ---- 3.8/slim-bullseye/Dockerfile | 5 +---- 3.8/slim-buster/Dockerfile | 5 +---- 3.9/alpine3.16/Dockerfile | 5 +---- 3.9/alpine3.17/Dockerfile | 5 +---- 3.9/bullseye/Dockerfile | 4 ---- 3.9/buster/Dockerfile | 4 ---- 3.9/slim-bullseye/Dockerfile | 5 +---- 3.9/slim-buster/Dockerfile | 5 +---- Dockerfile-linux.template | 7 +++---- 37 files changed, 27 insertions(+), 148 deletions(-) diff --git a/3.10/alpine3.16/Dockerfile b/3.10/alpine3.16/Dockerfile index affda7969..3dd3b3069 100644 --- a/3.10/alpine3.16/Dockerfile +++ b/3.10/alpine3.16/Dockerfile @@ -84,10 +84,7 @@ RUN set -eux; \ # set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit() # https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.10/alpine3.17/Dockerfile b/3.10/alpine3.17/Dockerfile index 147fc2782..7648996bd 100644 --- a/3.10/alpine3.17/Dockerfile +++ b/3.10/alpine3.17/Dockerfile @@ -84,10 +84,7 @@ RUN set -eux; \ # set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit() # https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.10/bullseye/Dockerfile b/3.10/bullseye/Dockerfile index f5503d094..9eab04e60 100644 --- a/3.10/bullseye/Dockerfile +++ b/3.10/bullseye/Dockerfile @@ -53,10 +53,6 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib'" \ ; \ make install; \ \ diff --git a/3.10/buster/Dockerfile b/3.10/buster/Dockerfile index cd98ac041..52625e796 100644 --- a/3.10/buster/Dockerfile +++ b/3.10/buster/Dockerfile @@ -53,10 +53,6 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib'" \ ; \ make install; \ \ diff --git a/3.10/slim-bullseye/Dockerfile b/3.10/slim-bullseye/Dockerfile index 3532cd43d..c2b21e300 100644 --- a/3.10/slim-bullseye/Dockerfile +++ b/3.10/slim-bullseye/Dockerfile @@ -78,10 +78,7 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.10/slim-buster/Dockerfile b/3.10/slim-buster/Dockerfile index e04983659..878165c64 100644 --- a/3.10/slim-buster/Dockerfile +++ b/3.10/slim-buster/Dockerfile @@ -78,10 +78,7 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.11/alpine3.16/Dockerfile b/3.11/alpine3.16/Dockerfile index 9820e74c2..5182f56ab 100644 --- a/3.11/alpine3.16/Dockerfile +++ b/3.11/alpine3.16/Dockerfile @@ -84,10 +84,7 @@ RUN set -eux; \ # set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit() # https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.11/alpine3.17/Dockerfile b/3.11/alpine3.17/Dockerfile index 94206b463..08d73329f 100644 --- a/3.11/alpine3.17/Dockerfile +++ b/3.11/alpine3.17/Dockerfile @@ -84,10 +84,7 @@ RUN set -eux; \ # set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit() # https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.11/bullseye/Dockerfile b/3.11/bullseye/Dockerfile index 84c6bbaf5..593826546 100644 --- a/3.11/bullseye/Dockerfile +++ b/3.11/bullseye/Dockerfile @@ -53,10 +53,6 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib'" \ ; \ make install; \ \ diff --git a/3.11/buster/Dockerfile b/3.11/buster/Dockerfile index 12a30ca05..b363d722b 100644 --- a/3.11/buster/Dockerfile +++ b/3.11/buster/Dockerfile @@ -53,10 +53,6 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib'" \ ; \ make install; \ \ diff --git a/3.11/slim-bullseye/Dockerfile b/3.11/slim-bullseye/Dockerfile index bbdbcfbb4..fc57a2d3f 100644 --- a/3.11/slim-bullseye/Dockerfile +++ b/3.11/slim-bullseye/Dockerfile @@ -78,10 +78,7 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.11/slim-buster/Dockerfile b/3.11/slim-buster/Dockerfile index f247000b5..eb607d651 100644 --- a/3.11/slim-buster/Dockerfile +++ b/3.11/slim-buster/Dockerfile @@ -78,10 +78,7 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.12-rc/alpine3.16/Dockerfile b/3.12-rc/alpine3.16/Dockerfile index 5ce62ab42..1e499bba4 100644 --- a/3.12-rc/alpine3.16/Dockerfile +++ b/3.12-rc/alpine3.16/Dockerfile @@ -84,10 +84,7 @@ RUN set -eux; \ # set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit() # https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.12-rc/alpine3.17/Dockerfile b/3.12-rc/alpine3.17/Dockerfile index 2e071ba3e..d90ea26c4 100644 --- a/3.12-rc/alpine3.17/Dockerfile +++ b/3.12-rc/alpine3.17/Dockerfile @@ -84,10 +84,7 @@ RUN set -eux; \ # set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit() # https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.12-rc/bullseye/Dockerfile b/3.12-rc/bullseye/Dockerfile index c9d5c782a..35f2794a8 100644 --- a/3.12-rc/bullseye/Dockerfile +++ b/3.12-rc/bullseye/Dockerfile @@ -53,10 +53,6 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib'" \ ; \ make install; \ \ diff --git a/3.12-rc/buster/Dockerfile b/3.12-rc/buster/Dockerfile index f20a5ca13..8c8c8ccba 100644 --- a/3.12-rc/buster/Dockerfile +++ b/3.12-rc/buster/Dockerfile @@ -53,10 +53,6 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib'" \ ; \ make install; \ \ diff --git a/3.12-rc/slim-bullseye/Dockerfile b/3.12-rc/slim-bullseye/Dockerfile index 66801a680..37a56e42e 100644 --- a/3.12-rc/slim-bullseye/Dockerfile +++ b/3.12-rc/slim-bullseye/Dockerfile @@ -78,10 +78,7 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.12-rc/slim-buster/Dockerfile b/3.12-rc/slim-buster/Dockerfile index 5ac1c1424..3180be258 100644 --- a/3.12-rc/slim-buster/Dockerfile +++ b/3.12-rc/slim-buster/Dockerfile @@ -78,10 +78,7 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.7/alpine3.16/Dockerfile b/3.7/alpine3.16/Dockerfile index abd763836..daf26d35e 100644 --- a/3.7/alpine3.16/Dockerfile +++ b/3.7/alpine3.16/Dockerfile @@ -83,10 +83,7 @@ RUN set -eux; \ # set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit() # https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ # setting PROFILE_TASK makes "--enable-optimizations" reasonable: https://bugs.python.org/issue36044 / https://github.com/docker-library/python/issues/160#issuecomment-509426916 PROFILE_TASK='-m test.regrtest --pgo \ test_array \ diff --git a/3.7/alpine3.17/Dockerfile b/3.7/alpine3.17/Dockerfile index 07d34f588..1090f9df0 100644 --- a/3.7/alpine3.17/Dockerfile +++ b/3.7/alpine3.17/Dockerfile @@ -83,10 +83,7 @@ RUN set -eux; \ # set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit() # https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ # setting PROFILE_TASK makes "--enable-optimizations" reasonable: https://bugs.python.org/issue36044 / https://github.com/docker-library/python/issues/160#issuecomment-509426916 PROFILE_TASK='-m test.regrtest --pgo \ test_array \ diff --git a/3.7/bullseye/Dockerfile b/3.7/bullseye/Dockerfile index fc69647cf..6ba7bf238 100644 --- a/3.7/bullseye/Dockerfile +++ b/3.7/bullseye/Dockerfile @@ -52,10 +52,6 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib'" \ # setting PROFILE_TASK makes "--enable-optimizations" reasonable: https://bugs.python.org/issue36044 / https://github.com/docker-library/python/issues/160#issuecomment-509426916 PROFILE_TASK='-m test.regrtest --pgo \ test_array \ diff --git a/3.7/buster/Dockerfile b/3.7/buster/Dockerfile index 54309bfed..8b70d59ca 100644 --- a/3.7/buster/Dockerfile +++ b/3.7/buster/Dockerfile @@ -52,10 +52,6 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib'" \ # setting PROFILE_TASK makes "--enable-optimizations" reasonable: https://bugs.python.org/issue36044 / https://github.com/docker-library/python/issues/160#issuecomment-509426916 PROFILE_TASK='-m test.regrtest --pgo \ test_array \ diff --git a/3.7/slim-bullseye/Dockerfile b/3.7/slim-bullseye/Dockerfile index 02fb0028c..7bf37f5c1 100644 --- a/3.7/slim-bullseye/Dockerfile +++ b/3.7/slim-bullseye/Dockerfile @@ -77,10 +77,7 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ # setting PROFILE_TASK makes "--enable-optimizations" reasonable: https://bugs.python.org/issue36044 / https://github.com/docker-library/python/issues/160#issuecomment-509426916 PROFILE_TASK='-m test.regrtest --pgo \ test_array \ diff --git a/3.7/slim-buster/Dockerfile b/3.7/slim-buster/Dockerfile index 8069ab965..de0bbdba5 100644 --- a/3.7/slim-buster/Dockerfile +++ b/3.7/slim-buster/Dockerfile @@ -77,10 +77,7 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ # setting PROFILE_TASK makes "--enable-optimizations" reasonable: https://bugs.python.org/issue36044 / https://github.com/docker-library/python/issues/160#issuecomment-509426916 PROFILE_TASK='-m test.regrtest --pgo \ test_array \ diff --git a/3.8/alpine3.16/Dockerfile b/3.8/alpine3.16/Dockerfile index 0aecd15b4..cd0dd7eb8 100644 --- a/3.8/alpine3.16/Dockerfile +++ b/3.8/alpine3.16/Dockerfile @@ -83,10 +83,7 @@ RUN set -eux; \ # set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit() # https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.8/alpine3.17/Dockerfile b/3.8/alpine3.17/Dockerfile index a62ad1d06..799ac402a 100644 --- a/3.8/alpine3.17/Dockerfile +++ b/3.8/alpine3.17/Dockerfile @@ -83,10 +83,7 @@ RUN set -eux; \ # set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit() # https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.8/bullseye/Dockerfile b/3.8/bullseye/Dockerfile index 66c323faf..671f56637 100644 --- a/3.8/bullseye/Dockerfile +++ b/3.8/bullseye/Dockerfile @@ -52,10 +52,6 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib'" \ ; \ make install; \ \ diff --git a/3.8/buster/Dockerfile b/3.8/buster/Dockerfile index e60029f80..73e344e18 100644 --- a/3.8/buster/Dockerfile +++ b/3.8/buster/Dockerfile @@ -52,10 +52,6 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib'" \ ; \ make install; \ \ diff --git a/3.8/slim-bullseye/Dockerfile b/3.8/slim-bullseye/Dockerfile index e6d9efc5f..614094fa0 100644 --- a/3.8/slim-bullseye/Dockerfile +++ b/3.8/slim-bullseye/Dockerfile @@ -77,10 +77,7 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.8/slim-buster/Dockerfile b/3.8/slim-buster/Dockerfile index b274c500c..f6583e901 100644 --- a/3.8/slim-buster/Dockerfile +++ b/3.8/slim-buster/Dockerfile @@ -77,10 +77,7 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.9/alpine3.16/Dockerfile b/3.9/alpine3.16/Dockerfile index 13e1ecf44..4a222ac61 100644 --- a/3.9/alpine3.16/Dockerfile +++ b/3.9/alpine3.16/Dockerfile @@ -83,10 +83,7 @@ RUN set -eux; \ # set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit() # https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.9/alpine3.17/Dockerfile b/3.9/alpine3.17/Dockerfile index 56046797f..15d4a3ac4 100644 --- a/3.9/alpine3.17/Dockerfile +++ b/3.9/alpine3.17/Dockerfile @@ -83,10 +83,7 @@ RUN set -eux; \ # set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit() # https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.9/bullseye/Dockerfile b/3.9/bullseye/Dockerfile index dfb6cfa83..56b859a7d 100644 --- a/3.9/bullseye/Dockerfile +++ b/3.9/bullseye/Dockerfile @@ -52,10 +52,6 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib'" \ ; \ make install; \ \ diff --git a/3.9/buster/Dockerfile b/3.9/buster/Dockerfile index 39e2b37cf..553b10084 100644 --- a/3.9/buster/Dockerfile +++ b/3.9/buster/Dockerfile @@ -52,10 +52,6 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib'" \ ; \ make install; \ \ diff --git a/3.9/slim-bullseye/Dockerfile b/3.9/slim-bullseye/Dockerfile index d0625c293..1df0935f8 100644 --- a/3.9/slim-bullseye/Dockerfile +++ b/3.9/slim-bullseye/Dockerfile @@ -77,10 +77,7 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/3.9/slim-buster/Dockerfile b/3.9/slim-buster/Dockerfile index d61c45e28..eebe65b69 100644 --- a/3.9/slim-buster/Dockerfile +++ b/3.9/slim-buster/Dockerfile @@ -77,10 +77,7 @@ RUN set -eux; \ ; \ nproc="$(nproc)"; \ make -j "$nproc" \ -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib',--strip-all" \ + LDFLAGS="-Wl,--strip-all" \ ; \ make install; \ \ diff --git a/Dockerfile-linux.template b/Dockerfile-linux.template index cf32ec445..c76dadf37 100644 --- a/Dockerfile-linux.template +++ b/Dockerfile-linux.template @@ -172,10 +172,9 @@ RUN set -eux; \ # https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0 EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000" \ {{ ) else "" end -}} -# \$ because of the double quotes in the shell to prevent interpolation -# $$ for make to not interpret the $O -# " because it needs the ' around the path, and '"'"' instead is 🤢 - LDFLAGS="-Wl,-rpath='\$\$ORIGIN/../lib'{{ if is_slim or is_alpine then ",--strip-all" else "" end }}" \ +{{ if is_slim or is_alpine then ( -}} + LDFLAGS="-Wl,--strip-all" \ +{{ ) else "" end -}} {{ if env.version == "3.7" then ( -}} # setting PROFILE_TASK makes "--enable-optimizations" reasonable: https://bugs.python.org/issue36044 / https://github.com/docker-library/python/issues/160#issuecomment-509426916 PROFILE_TASK='-m test.regrtest --pgo \ From a1af335ee34324b2f40d7e90345f9468328f6a00 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Fri, 20 Jan 2023 14:22:23 -0800 Subject: [PATCH 2/2] Only change rpath for python3.x binary Not the libraries in /usr/local/lib/python3.x/lib-dynload/ since they use system libraries like libssl (so `$ORIGIN/../lib` doesn't work for them) --- 3.10/alpine3.16/Dockerfile | 6 ++++++ 3.10/alpine3.17/Dockerfile | 6 ++++++ 3.10/bullseye/Dockerfile | 17 ++++++++++++++++- 3.10/buster/Dockerfile | 17 ++++++++++++++++- 3.10/slim-bullseye/Dockerfile | 6 ++++++ 3.10/slim-buster/Dockerfile | 6 ++++++ 3.11/alpine3.16/Dockerfile | 6 ++++++ 3.11/alpine3.17/Dockerfile | 6 ++++++ 3.11/bullseye/Dockerfile | 17 ++++++++++++++++- 3.11/buster/Dockerfile | 17 ++++++++++++++++- 3.11/slim-bullseye/Dockerfile | 6 ++++++ 3.11/slim-buster/Dockerfile | 6 ++++++ 3.12-rc/alpine3.16/Dockerfile | 6 ++++++ 3.12-rc/alpine3.17/Dockerfile | 6 ++++++ 3.12-rc/bullseye/Dockerfile | 17 ++++++++++++++++- 3.12-rc/buster/Dockerfile | 17 ++++++++++++++++- 3.12-rc/slim-bullseye/Dockerfile | 6 ++++++ 3.12-rc/slim-buster/Dockerfile | 6 ++++++ 3.7/alpine3.16/Dockerfile | 6 ++++++ 3.7/alpine3.17/Dockerfile | 6 ++++++ 3.7/bullseye/Dockerfile | 17 ++++++++++++++++- 3.7/buster/Dockerfile | 17 ++++++++++++++++- 3.7/slim-bullseye/Dockerfile | 6 ++++++ 3.7/slim-buster/Dockerfile | 6 ++++++ 3.8/alpine3.16/Dockerfile | 6 ++++++ 3.8/alpine3.17/Dockerfile | 6 ++++++ 3.8/bullseye/Dockerfile | 17 ++++++++++++++++- 3.8/buster/Dockerfile | 17 ++++++++++++++++- 3.8/slim-bullseye/Dockerfile | 6 ++++++ 3.8/slim-buster/Dockerfile | 6 ++++++ 3.9/alpine3.16/Dockerfile | 6 ++++++ 3.9/alpine3.17/Dockerfile | 6 ++++++ 3.9/bullseye/Dockerfile | 17 ++++++++++++++++- 3.9/buster/Dockerfile | 17 ++++++++++++++++- 3.9/slim-bullseye/Dockerfile | 6 ++++++ 3.9/slim-buster/Dockerfile | 6 ++++++ Dockerfile-linux.template | 20 +++++++++++++++----- 37 files changed, 351 insertions(+), 17 deletions(-) diff --git a/3.10/alpine3.16/Dockerfile b/3.10/alpine3.16/Dockerfile index 3dd3b3069..be7f497f1 100644 --- a/3.10/alpine3.16/Dockerfile +++ b/3.10/alpine3.16/Dockerfile @@ -45,6 +45,7 @@ RUN set -eux; \ make \ ncurses-dev \ openssl-dev \ + patchelf \ pax-utils \ readline-dev \ sqlite-dev \ @@ -88,6 +89,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.10/alpine3.17/Dockerfile b/3.10/alpine3.17/Dockerfile index 7648996bd..2f0730120 100644 --- a/3.10/alpine3.17/Dockerfile +++ b/3.10/alpine3.17/Dockerfile @@ -45,6 +45,7 @@ RUN set -eux; \ make \ ncurses-dev \ openssl-dev \ + patchelf \ pax-utils \ readline-dev \ sqlite-dev \ @@ -88,6 +89,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.10/bullseye/Dockerfile b/3.10/bullseye/Dockerfile index 9eab04e60..63e2218a7 100644 --- a/3.10/bullseye/Dockerfile +++ b/3.10/bullseye/Dockerfile @@ -27,6 +27,12 @@ ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D ENV PYTHON_VERSION 3.10.9 RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + patchelf \ + ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ @@ -56,8 +62,12 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ # enable GDB to load debugging data: https://github.com/docker-library/python/pull/701 - bin="$(readlink -ve /usr/local/bin/python3)"; \ dir="$(dirname "$bin")"; \ mkdir -p "/usr/share/gdb/auto-load/$dir"; \ cp -vL Tools/gdb/libpython.py "/usr/share/gdb/auto-load/$bin-gdb.py"; \ @@ -74,6 +84,11 @@ RUN set -eux; \ \ ldconfig; \ \ + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ python3 --version # make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) diff --git a/3.10/buster/Dockerfile b/3.10/buster/Dockerfile index 52625e796..7a7901e01 100644 --- a/3.10/buster/Dockerfile +++ b/3.10/buster/Dockerfile @@ -27,6 +27,12 @@ ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D ENV PYTHON_VERSION 3.10.9 RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + patchelf \ + ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ @@ -56,8 +62,12 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ # enable GDB to load debugging data: https://github.com/docker-library/python/pull/701 - bin="$(readlink -ve /usr/local/bin/python3)"; \ dir="$(dirname "$bin")"; \ mkdir -p "/usr/share/gdb/auto-load/$dir"; \ cp -vL Tools/gdb/libpython.py "/usr/share/gdb/auto-load/$bin-gdb.py"; \ @@ -74,6 +84,11 @@ RUN set -eux; \ \ ldconfig; \ \ + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ python3 --version # make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) diff --git a/3.10/slim-bullseye/Dockerfile b/3.10/slim-bullseye/Dockerfile index c2b21e300..54257cead 100644 --- a/3.10/slim-bullseye/Dockerfile +++ b/3.10/slim-bullseye/Dockerfile @@ -46,6 +46,7 @@ RUN set -eux; \ libsqlite3-dev \ libssl-dev \ make \ + patchelf \ tk-dev \ uuid-dev \ wget \ @@ -82,6 +83,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.10/slim-buster/Dockerfile b/3.10/slim-buster/Dockerfile index 878165c64..99f998a90 100644 --- a/3.10/slim-buster/Dockerfile +++ b/3.10/slim-buster/Dockerfile @@ -46,6 +46,7 @@ RUN set -eux; \ libsqlite3-dev \ libssl-dev \ make \ + patchelf \ tk-dev \ uuid-dev \ wget \ @@ -82,6 +83,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.11/alpine3.16/Dockerfile b/3.11/alpine3.16/Dockerfile index 5182f56ab..7e2e60947 100644 --- a/3.11/alpine3.16/Dockerfile +++ b/3.11/alpine3.16/Dockerfile @@ -45,6 +45,7 @@ RUN set -eux; \ make \ ncurses-dev \ openssl-dev \ + patchelf \ pax-utils \ readline-dev \ sqlite-dev \ @@ -88,6 +89,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.11/alpine3.17/Dockerfile b/3.11/alpine3.17/Dockerfile index 08d73329f..f0dede51c 100644 --- a/3.11/alpine3.17/Dockerfile +++ b/3.11/alpine3.17/Dockerfile @@ -45,6 +45,7 @@ RUN set -eux; \ make \ ncurses-dev \ openssl-dev \ + patchelf \ pax-utils \ readline-dev \ sqlite-dev \ @@ -88,6 +89,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.11/bullseye/Dockerfile b/3.11/bullseye/Dockerfile index 593826546..fb5f58983 100644 --- a/3.11/bullseye/Dockerfile +++ b/3.11/bullseye/Dockerfile @@ -27,6 +27,12 @@ ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D ENV PYTHON_VERSION 3.11.1 RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + patchelf \ + ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ @@ -56,8 +62,12 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ # enable GDB to load debugging data: https://github.com/docker-library/python/pull/701 - bin="$(readlink -ve /usr/local/bin/python3)"; \ dir="$(dirname "$bin")"; \ mkdir -p "/usr/share/gdb/auto-load/$dir"; \ cp -vL Tools/gdb/libpython.py "/usr/share/gdb/auto-load/$bin-gdb.py"; \ @@ -74,6 +84,11 @@ RUN set -eux; \ \ ldconfig; \ \ + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ python3 --version # make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) diff --git a/3.11/buster/Dockerfile b/3.11/buster/Dockerfile index b363d722b..1ff15e8b1 100644 --- a/3.11/buster/Dockerfile +++ b/3.11/buster/Dockerfile @@ -27,6 +27,12 @@ ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D ENV PYTHON_VERSION 3.11.1 RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + patchelf \ + ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ @@ -56,8 +62,12 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ # enable GDB to load debugging data: https://github.com/docker-library/python/pull/701 - bin="$(readlink -ve /usr/local/bin/python3)"; \ dir="$(dirname "$bin")"; \ mkdir -p "/usr/share/gdb/auto-load/$dir"; \ cp -vL Tools/gdb/libpython.py "/usr/share/gdb/auto-load/$bin-gdb.py"; \ @@ -74,6 +84,11 @@ RUN set -eux; \ \ ldconfig; \ \ + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ python3 --version # make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) diff --git a/3.11/slim-bullseye/Dockerfile b/3.11/slim-bullseye/Dockerfile index fc57a2d3f..41ee538f5 100644 --- a/3.11/slim-bullseye/Dockerfile +++ b/3.11/slim-bullseye/Dockerfile @@ -46,6 +46,7 @@ RUN set -eux; \ libsqlite3-dev \ libssl-dev \ make \ + patchelf \ tk-dev \ uuid-dev \ wget \ @@ -82,6 +83,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.11/slim-buster/Dockerfile b/3.11/slim-buster/Dockerfile index eb607d651..1ef82dce9 100644 --- a/3.11/slim-buster/Dockerfile +++ b/3.11/slim-buster/Dockerfile @@ -46,6 +46,7 @@ RUN set -eux; \ libsqlite3-dev \ libssl-dev \ make \ + patchelf \ tk-dev \ uuid-dev \ wget \ @@ -82,6 +83,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.12-rc/alpine3.16/Dockerfile b/3.12-rc/alpine3.16/Dockerfile index 1e499bba4..b5660f54e 100644 --- a/3.12-rc/alpine3.16/Dockerfile +++ b/3.12-rc/alpine3.16/Dockerfile @@ -45,6 +45,7 @@ RUN set -eux; \ make \ ncurses-dev \ openssl-dev \ + patchelf \ pax-utils \ readline-dev \ sqlite-dev \ @@ -88,6 +89,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.12-rc/alpine3.17/Dockerfile b/3.12-rc/alpine3.17/Dockerfile index d90ea26c4..4b118add0 100644 --- a/3.12-rc/alpine3.17/Dockerfile +++ b/3.12-rc/alpine3.17/Dockerfile @@ -45,6 +45,7 @@ RUN set -eux; \ make \ ncurses-dev \ openssl-dev \ + patchelf \ pax-utils \ readline-dev \ sqlite-dev \ @@ -88,6 +89,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.12-rc/bullseye/Dockerfile b/3.12-rc/bullseye/Dockerfile index 35f2794a8..272e5876e 100644 --- a/3.12-rc/bullseye/Dockerfile +++ b/3.12-rc/bullseye/Dockerfile @@ -27,6 +27,12 @@ ENV GPG_KEY 7169605F62C751356D054A26A821E680E5FA6305 ENV PYTHON_VERSION 3.12.0a4 RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + patchelf \ + ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ @@ -56,8 +62,12 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ # enable GDB to load debugging data: https://github.com/docker-library/python/pull/701 - bin="$(readlink -ve /usr/local/bin/python3)"; \ dir="$(dirname "$bin")"; \ mkdir -p "/usr/share/gdb/auto-load/$dir"; \ cp -vL Tools/gdb/libpython.py "/usr/share/gdb/auto-load/$bin-gdb.py"; \ @@ -74,6 +84,11 @@ RUN set -eux; \ \ ldconfig; \ \ + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ python3 --version # make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) diff --git a/3.12-rc/buster/Dockerfile b/3.12-rc/buster/Dockerfile index 8c8c8ccba..784d7eb42 100644 --- a/3.12-rc/buster/Dockerfile +++ b/3.12-rc/buster/Dockerfile @@ -27,6 +27,12 @@ ENV GPG_KEY 7169605F62C751356D054A26A821E680E5FA6305 ENV PYTHON_VERSION 3.12.0a4 RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + patchelf \ + ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ @@ -56,8 +62,12 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ # enable GDB to load debugging data: https://github.com/docker-library/python/pull/701 - bin="$(readlink -ve /usr/local/bin/python3)"; \ dir="$(dirname "$bin")"; \ mkdir -p "/usr/share/gdb/auto-load/$dir"; \ cp -vL Tools/gdb/libpython.py "/usr/share/gdb/auto-load/$bin-gdb.py"; \ @@ -74,6 +84,11 @@ RUN set -eux; \ \ ldconfig; \ \ + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ python3 --version # make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) diff --git a/3.12-rc/slim-bullseye/Dockerfile b/3.12-rc/slim-bullseye/Dockerfile index 37a56e42e..c5a44c65b 100644 --- a/3.12-rc/slim-bullseye/Dockerfile +++ b/3.12-rc/slim-bullseye/Dockerfile @@ -46,6 +46,7 @@ RUN set -eux; \ libsqlite3-dev \ libssl-dev \ make \ + patchelf \ tk-dev \ uuid-dev \ wget \ @@ -82,6 +83,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.12-rc/slim-buster/Dockerfile b/3.12-rc/slim-buster/Dockerfile index 3180be258..8af4000eb 100644 --- a/3.12-rc/slim-buster/Dockerfile +++ b/3.12-rc/slim-buster/Dockerfile @@ -46,6 +46,7 @@ RUN set -eux; \ libsqlite3-dev \ libssl-dev \ make \ + patchelf \ tk-dev \ uuid-dev \ wget \ @@ -82,6 +83,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.7/alpine3.16/Dockerfile b/3.7/alpine3.16/Dockerfile index daf26d35e..21b4fcb5f 100644 --- a/3.7/alpine3.16/Dockerfile +++ b/3.7/alpine3.16/Dockerfile @@ -45,6 +45,7 @@ RUN set -eux; \ make \ ncurses-dev \ openssl-dev \ + patchelf \ pax-utils \ readline-dev \ sqlite-dev \ @@ -123,6 +124,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.7/alpine3.17/Dockerfile b/3.7/alpine3.17/Dockerfile index 1090f9df0..7eef7870f 100644 --- a/3.7/alpine3.17/Dockerfile +++ b/3.7/alpine3.17/Dockerfile @@ -45,6 +45,7 @@ RUN set -eux; \ make \ ncurses-dev \ openssl-dev \ + patchelf \ pax-utils \ readline-dev \ sqlite-dev \ @@ -123,6 +124,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.7/bullseye/Dockerfile b/3.7/bullseye/Dockerfile index 6ba7bf238..a711e508c 100644 --- a/3.7/bullseye/Dockerfile +++ b/3.7/bullseye/Dockerfile @@ -27,6 +27,12 @@ ENV GPG_KEY 0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D ENV PYTHON_VERSION 3.7.16 RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + patchelf \ + ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ @@ -91,8 +97,12 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ # enable GDB to load debugging data: https://github.com/docker-library/python/pull/701 - bin="$(readlink -ve /usr/local/bin/python3)"; \ dir="$(dirname "$bin")"; \ mkdir -p "/usr/share/gdb/auto-load/$dir"; \ cp -vL Tools/gdb/libpython.py "/usr/share/gdb/auto-load/$bin-gdb.py"; \ @@ -110,6 +120,11 @@ RUN set -eux; \ \ ldconfig; \ \ + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ python3 --version # make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) diff --git a/3.7/buster/Dockerfile b/3.7/buster/Dockerfile index 8b70d59ca..ed5d625a9 100644 --- a/3.7/buster/Dockerfile +++ b/3.7/buster/Dockerfile @@ -27,6 +27,12 @@ ENV GPG_KEY 0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D ENV PYTHON_VERSION 3.7.16 RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + patchelf \ + ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ @@ -91,8 +97,12 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ # enable GDB to load debugging data: https://github.com/docker-library/python/pull/701 - bin="$(readlink -ve /usr/local/bin/python3)"; \ dir="$(dirname "$bin")"; \ mkdir -p "/usr/share/gdb/auto-load/$dir"; \ cp -vL Tools/gdb/libpython.py "/usr/share/gdb/auto-load/$bin-gdb.py"; \ @@ -110,6 +120,11 @@ RUN set -eux; \ \ ldconfig; \ \ + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ python3 --version # make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) diff --git a/3.7/slim-bullseye/Dockerfile b/3.7/slim-bullseye/Dockerfile index 7bf37f5c1..fc027f1c9 100644 --- a/3.7/slim-bullseye/Dockerfile +++ b/3.7/slim-bullseye/Dockerfile @@ -46,6 +46,7 @@ RUN set -eux; \ libsqlite3-dev \ libssl-dev \ make \ + patchelf \ tk-dev \ uuid-dev \ wget \ @@ -117,6 +118,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.7/slim-buster/Dockerfile b/3.7/slim-buster/Dockerfile index de0bbdba5..50af4aa64 100644 --- a/3.7/slim-buster/Dockerfile +++ b/3.7/slim-buster/Dockerfile @@ -46,6 +46,7 @@ RUN set -eux; \ libsqlite3-dev \ libssl-dev \ make \ + patchelf \ tk-dev \ uuid-dev \ wget \ @@ -117,6 +118,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.8/alpine3.16/Dockerfile b/3.8/alpine3.16/Dockerfile index cd0dd7eb8..7651a5005 100644 --- a/3.8/alpine3.16/Dockerfile +++ b/3.8/alpine3.16/Dockerfile @@ -45,6 +45,7 @@ RUN set -eux; \ make \ ncurses-dev \ openssl-dev \ + patchelf \ pax-utils \ readline-dev \ sqlite-dev \ @@ -87,6 +88,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.8/alpine3.17/Dockerfile b/3.8/alpine3.17/Dockerfile index 799ac402a..d083ec87d 100644 --- a/3.8/alpine3.17/Dockerfile +++ b/3.8/alpine3.17/Dockerfile @@ -45,6 +45,7 @@ RUN set -eux; \ make \ ncurses-dev \ openssl-dev \ + patchelf \ pax-utils \ readline-dev \ sqlite-dev \ @@ -87,6 +88,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.8/bullseye/Dockerfile b/3.8/bullseye/Dockerfile index 671f56637..bf40a6801 100644 --- a/3.8/bullseye/Dockerfile +++ b/3.8/bullseye/Dockerfile @@ -27,6 +27,12 @@ ENV GPG_KEY E3FF2839C048B25C084DEBE9B26995E310250568 ENV PYTHON_VERSION 3.8.16 RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + patchelf \ + ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ @@ -55,8 +61,12 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ # enable GDB to load debugging data: https://github.com/docker-library/python/pull/701 - bin="$(readlink -ve /usr/local/bin/python3)"; \ dir="$(dirname "$bin")"; \ mkdir -p "/usr/share/gdb/auto-load/$dir"; \ cp -vL Tools/gdb/libpython.py "/usr/share/gdb/auto-load/$bin-gdb.py"; \ @@ -74,6 +84,11 @@ RUN set -eux; \ \ ldconfig; \ \ + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ python3 --version # make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) diff --git a/3.8/buster/Dockerfile b/3.8/buster/Dockerfile index 73e344e18..5f0306b6f 100644 --- a/3.8/buster/Dockerfile +++ b/3.8/buster/Dockerfile @@ -27,6 +27,12 @@ ENV GPG_KEY E3FF2839C048B25C084DEBE9B26995E310250568 ENV PYTHON_VERSION 3.8.16 RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + patchelf \ + ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ @@ -55,8 +61,12 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ # enable GDB to load debugging data: https://github.com/docker-library/python/pull/701 - bin="$(readlink -ve /usr/local/bin/python3)"; \ dir="$(dirname "$bin")"; \ mkdir -p "/usr/share/gdb/auto-load/$dir"; \ cp -vL Tools/gdb/libpython.py "/usr/share/gdb/auto-load/$bin-gdb.py"; \ @@ -74,6 +84,11 @@ RUN set -eux; \ \ ldconfig; \ \ + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ python3 --version # make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) diff --git a/3.8/slim-bullseye/Dockerfile b/3.8/slim-bullseye/Dockerfile index 614094fa0..39daf590f 100644 --- a/3.8/slim-bullseye/Dockerfile +++ b/3.8/slim-bullseye/Dockerfile @@ -46,6 +46,7 @@ RUN set -eux; \ libsqlite3-dev \ libssl-dev \ make \ + patchelf \ tk-dev \ uuid-dev \ wget \ @@ -81,6 +82,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.8/slim-buster/Dockerfile b/3.8/slim-buster/Dockerfile index f6583e901..6078ad846 100644 --- a/3.8/slim-buster/Dockerfile +++ b/3.8/slim-buster/Dockerfile @@ -46,6 +46,7 @@ RUN set -eux; \ libsqlite3-dev \ libssl-dev \ make \ + patchelf \ tk-dev \ uuid-dev \ wget \ @@ -81,6 +82,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.9/alpine3.16/Dockerfile b/3.9/alpine3.16/Dockerfile index 4a222ac61..ca3f157d3 100644 --- a/3.9/alpine3.16/Dockerfile +++ b/3.9/alpine3.16/Dockerfile @@ -45,6 +45,7 @@ RUN set -eux; \ make \ ncurses-dev \ openssl-dev \ + patchelf \ pax-utils \ readline-dev \ sqlite-dev \ @@ -87,6 +88,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.9/alpine3.17/Dockerfile b/3.9/alpine3.17/Dockerfile index 15d4a3ac4..acf19e632 100644 --- a/3.9/alpine3.17/Dockerfile +++ b/3.9/alpine3.17/Dockerfile @@ -45,6 +45,7 @@ RUN set -eux; \ make \ ncurses-dev \ openssl-dev \ + patchelf \ pax-utils \ readline-dev \ sqlite-dev \ @@ -87,6 +88,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.9/bullseye/Dockerfile b/3.9/bullseye/Dockerfile index 56b859a7d..187c70055 100644 --- a/3.9/bullseye/Dockerfile +++ b/3.9/bullseye/Dockerfile @@ -27,6 +27,12 @@ ENV GPG_KEY E3FF2839C048B25C084DEBE9B26995E310250568 ENV PYTHON_VERSION 3.9.16 RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + patchelf \ + ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ @@ -55,8 +61,12 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ # enable GDB to load debugging data: https://github.com/docker-library/python/pull/701 - bin="$(readlink -ve /usr/local/bin/python3)"; \ dir="$(dirname "$bin")"; \ mkdir -p "/usr/share/gdb/auto-load/$dir"; \ cp -vL Tools/gdb/libpython.py "/usr/share/gdb/auto-load/$bin-gdb.py"; \ @@ -73,6 +83,11 @@ RUN set -eux; \ \ ldconfig; \ \ + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ python3 --version # make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) diff --git a/3.9/buster/Dockerfile b/3.9/buster/Dockerfile index 553b10084..3e10a2b00 100644 --- a/3.9/buster/Dockerfile +++ b/3.9/buster/Dockerfile @@ -27,6 +27,12 @@ ENV GPG_KEY E3FF2839C048B25C084DEBE9B26995E310250568 ENV PYTHON_VERSION 3.9.16 RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + patchelf \ + ; \ \ wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ @@ -55,8 +61,12 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ # enable GDB to load debugging data: https://github.com/docker-library/python/pull/701 - bin="$(readlink -ve /usr/local/bin/python3)"; \ dir="$(dirname "$bin")"; \ mkdir -p "/usr/share/gdb/auto-load/$dir"; \ cp -vL Tools/gdb/libpython.py "/usr/share/gdb/auto-load/$bin-gdb.py"; \ @@ -73,6 +83,11 @@ RUN set -eux; \ \ ldconfig; \ \ + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ python3 --version # make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) diff --git a/3.9/slim-bullseye/Dockerfile b/3.9/slim-bullseye/Dockerfile index 1df0935f8..f10075a8e 100644 --- a/3.9/slim-bullseye/Dockerfile +++ b/3.9/slim-bullseye/Dockerfile @@ -46,6 +46,7 @@ RUN set -eux; \ libsqlite3-dev \ libssl-dev \ make \ + patchelf \ tk-dev \ uuid-dev \ wget \ @@ -81,6 +82,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/3.9/slim-buster/Dockerfile b/3.9/slim-buster/Dockerfile index eebe65b69..f11ba0b06 100644 --- a/3.9/slim-buster/Dockerfile +++ b/3.9/slim-buster/Dockerfile @@ -46,6 +46,7 @@ RUN set -eux; \ libsqlite3-dev \ libssl-dev \ make \ + patchelf \ tk-dev \ uuid-dev \ wget \ @@ -81,6 +82,11 @@ RUN set -eux; \ ; \ make install; \ \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ + \ cd /; \ rm -rf /usr/src/python; \ \ diff --git a/Dockerfile-linux.template b/Dockerfile-linux.template index c76dadf37..6f29c5c9d 100644 --- a/Dockerfile-linux.template +++ b/Dockerfile-linux.template @@ -99,6 +99,7 @@ RUN set -eux; \ make \ ncurses-dev \ openssl-dev \ + patchelf \ pax-utils \ readline-dev \ sqlite-dev \ @@ -110,10 +111,11 @@ RUN set -eux; \ zlib-dev \ ; \ \ -{{ ) elif is_slim then ( -}} +{{ ) else ( -}} savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends \ +{{ if is_slim then ( -}} dpkg-dev \ gcc \ gnupg dirmngr \ @@ -129,14 +131,18 @@ RUN set -eux; \ libsqlite3-dev \ libssl-dev \ make \ + patchelf \ tk-dev \ uuid-dev \ wget \ xz-utils \ zlib1g-dev \ +{{ ) else ( -}} + patchelf \ +{{ ) end -}} ; \ \ -{{ ) else "" end -}} +{{ ) end -}} wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ @@ -223,10 +229,14 @@ RUN set -eux; \ -}} ; \ make install; \ + \ +# https://github.com/docker-library/python/issues/784 +# prevent accidental usage of a system installed libpython of the same version + bin="$(readlink -vf /usr/local/bin/python3)"; \ + patchelf --set-rpath '$ORIGIN/../lib' "$bin"; \ {{ if is_alpine or is_slim then "" else ( -}} \ # enable GDB to load debugging data: https://github.com/docker-library/python/pull/701 - bin="$(readlink -ve /usr/local/bin/python3)"; \ dir="$(dirname "$bin")"; \ mkdir -p "/usr/share/gdb/auto-load/$dir"; \ cp -vL Tools/gdb/libpython.py "/usr/share/gdb/auto-load/$bin-gdb.py"; \ @@ -260,10 +270,10 @@ RUN set -eux; \ apk del --no-network .build-deps; \ {{ ) else ( -}} ldconfig; \ -{{ if is_slim then ( -}} \ apt-mark auto '.*' > /dev/null; \ apt-mark manual $savedAptMark; \ +{{ if is_slim then ( -}} find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' \ | awk '/=>/ { print $(NF-1) }' \ | sort -u \ @@ -272,9 +282,9 @@ RUN set -eux; \ | sort -u \ | xargs -r apt-mark manual \ ; \ +{{ ) else "" end -}} apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ -{{ ) else "" end -}} {{ ) end -}} \ python3 --version