From 41767e2653c0295fa3491af50557fa1806390bb8 Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Fri, 14 Aug 2020 08:46:06 +1000 Subject: [PATCH] Build a manylinux2014 arm64 image This is based on the upstream manylinux container images at https://github.com/pyca/infra and builds a manylinux2014_aarch64 image with openssl installed in such a way we can use the image to build cryptography manylinux wheels, hopefully. Change-Id: I0aea20081b7025c1f9cc4c75e49646737861ba8e --- docker/manylinux2014_aarch64/Dockerfile | 10 +++++++ .../manylinux2014_aarch64/install_libffi.sh | 28 +++++++++++++++++++ .../manylinux2014_aarch64/install_openssl.sh | 27 ++++++++++++++++++ .../install_virtualenv.sh | 6 ++++ .../manylinux2014_aarch64/openssl-version.sh | 6 ++++ zuul.d/jobs.yaml | 13 +++++++++ zuul.d/projects.yaml | 9 ++++++ 7 files changed, 99 insertions(+) create mode 100644 docker/manylinux2014_aarch64/Dockerfile create mode 100755 docker/manylinux2014_aarch64/install_libffi.sh create mode 100755 docker/manylinux2014_aarch64/install_openssl.sh create mode 100644 docker/manylinux2014_aarch64/install_virtualenv.sh create mode 100644 docker/manylinux2014_aarch64/openssl-version.sh create mode 100644 zuul.d/jobs.yaml create mode 100644 zuul.d/projects.yaml diff --git a/docker/manylinux2014_aarch64/Dockerfile b/docker/manylinux2014_aarch64/Dockerfile new file mode 100644 index 0000000..c85b395 --- /dev/null +++ b/docker/manylinux2014_aarch64/Dockerfile @@ -0,0 +1,10 @@ +FROM quay.io/pypa/manylinux2014_aarch64 +MAINTAINER Infra Root +WORKDIR /root +ADD install_libffi.sh /root/install_libffi.sh +RUN sh install_libffi.sh manylinux2014_aarch64 +ADD install_openssl.sh /root/install_openssl.sh +ADD openssl-version.sh /root/openssl-version.sh +RUN sh install_openssl.sh manylinux2014_aarch64 +ADD install_virtualenv.sh /root/install_virtualenv.sh +RUN sh install_virtualenv.sh manylinux2014_aarch64 diff --git a/docker/manylinux2014_aarch64/install_libffi.sh b/docker/manylinux2014_aarch64/install_libffi.sh new file mode 100755 index 0000000..407a5f0 --- /dev/null +++ b/docker/manylinux2014_aarch64/install_libffi.sh @@ -0,0 +1,28 @@ +#!/bin/bash +set -xe + +LIBFFI_SHA256="d06ebb8e1d9a22d19e38d63fdb83954253f39bedc5d46232a05645685722ca37" +LIBFFI_VERSION="3.2.1" + +function check_sha256sum { + local fname=$1 + local sha256=$2 + echo "${sha256} ${fname}" > "${fname}.sha256" + sha256sum -c "${fname}.sha256" + rm "${fname}.sha256" +} + +curl -#O "https://mirrors.ocf.berkeley.edu/debian/pool/main/libf/libffi/libffi_${LIBFFI_VERSION}.orig.tar.gz" +check_sha256sum "libffi_${LIBFFI_VERSION}.orig.tar.gz" ${LIBFFI_SHA256} +tar zxf libffi*.orig.tar.gz +PATH=/opt/perl/bin:$PATH +pushd libffi* +if [ "$1" == "manylinux1" ]; then + STACK_PROTECTOR_FLAGS="-fstack-protector --param=ssp-buffer-size=4" +else + STACK_PROTECTOR_FLAGS="-fstack-protector-strong" +fi +./configure CFLAGS="-g -O2 $STACK_PROTECTOR_FLAGS -Wformat -Werror=format-security" +make -j8 install +popd +rm -rf libffi* diff --git a/docker/manylinux2014_aarch64/install_openssl.sh b/docker/manylinux2014_aarch64/install_openssl.sh new file mode 100755 index 0000000..d552c4b --- /dev/null +++ b/docker/manylinux2014_aarch64/install_openssl.sh @@ -0,0 +1,27 @@ +#!/bin/bash +set -xe + +OPENSSL_URL="https://www.openssl.org/source/" +source /root/openssl-version.sh + +function check_sha256sum { + local fname=$1 + local sha256=$2 + echo "${sha256} ${fname}" > "${fname}.sha256" + sha256sum -c "${fname}.sha256" + rm "${fname}.sha256" +} + +curl -#O "${OPENSSL_URL}/${OPENSSL_VERSION}.tar.gz" +check_sha256sum ${OPENSSL_VERSION}.tar.gz ${OPENSSL_SHA256} +tar zxf ${OPENSSL_VERSION}.tar.gz +PATH=/opt/perl/bin:$PATH +pushd ${OPENSSL_VERSION} +./config $OPENSSL_BUILD_FLAGS --prefix=/opt/pyca/cryptography/openssl --openssldir=/opt/pyca/cryptography/openssl +make depend +make -j8 +# avoid installing the docs +# https://github.com/openssl/openssl/issues/6685#issuecomment-403838728 +make install_sw install_ssldirs +popd +rm -rf openssl* diff --git a/docker/manylinux2014_aarch64/install_virtualenv.sh b/docker/manylinux2014_aarch64/install_virtualenv.sh new file mode 100644 index 0000000..f2374f4 --- /dev/null +++ b/docker/manylinux2014_aarch64/install_virtualenv.sh @@ -0,0 +1,6 @@ +#!/bin/bash +set -xe + +for python in /opt/python/*; do + "$python/bin/pip" install virtualenv +done diff --git a/docker/manylinux2014_aarch64/openssl-version.sh b/docker/manylinux2014_aarch64/openssl-version.sh new file mode 100644 index 0000000..1111706 --- /dev/null +++ b/docker/manylinux2014_aarch64/openssl-version.sh @@ -0,0 +1,6 @@ +export OPENSSL_VERSION="openssl-1.1.1g" +export OPENSSL_SHA256="ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46" +# We need a base set of flags because on Windows using MSVC +# enable-ec_nistp_64_gcc_128 doesn't work since there's no 128-bit type +export OPENSSL_BUILD_FLAGS_WINDOWS="no-ssl3 no-ssl3-method no-zlib no-shared no-comp no-dynamic-engine" +export OPENSSL_BUILD_FLAGS="${OPENSSL_BUILD_FLAGS_WINDOWS} enable-ec_nistp_64_gcc_128" diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml new file mode 100644 index 0000000..3f13d81 --- /dev/null +++ b/zuul.d/jobs.yaml @@ -0,0 +1,13 @@ +- job: + name: pyca-cryptography-build-image-manylinux2014 + description: Build a manylinux image + provides: pyca-crytopgraphy-manylinux2014-container-image + parent: opendev-build-docker-image + dependencies: opendev-buildset-registry + timeout: 10800 + vars: + docker_images: + - context: docker/manylinux2014_aarch64 + repository: opendevorg/pyca-manylinux2014_aarch64 + arch: + - linux/arm64 diff --git a/zuul.d/projects.yaml b/zuul.d/projects.yaml new file mode 100644 index 0000000..4c209f2 --- /dev/null +++ b/zuul.d/projects.yaml @@ -0,0 +1,9 @@ +- project: + name: pyca/infra + check: + jobs: + - opendev-buildset-registry + - pyca-cryptography-build-image-manylinux2014 + gate: + jobs: + - noop