[RFC] dev-lang/python-oem: use python from python-build-standalone project #1815
Conversation
| DESCRIPTION="This project produces self-contained, highly-portable Python distributions." | ||
| HOMEPAGE="https://github.com/indygreg/python-build-standalone/" | ||
| SRC_URI=" | ||
| amd64? ( https://github.com/indygreg/python-build-standalone/releases/download/20220318/cpython-3.9.11+20220318-x86_64_v2-unknown-linux-gnu-install_only.tar.gz ) |
There was a problem hiding this comment.
These are the binary releases, or? I think it's ok to use binary releases if we have some criteria but at the moment we normally compile from source (also possible for this project).
So that's more a general question worth discussing: under which circumstances are we fine consuming third-party binaries, and if it's an option, should we plan to do more of it to lower the maintenance burden and build times? E.g, there are binary releases for the Rust compiler or Go, why not use them, too?
There was a problem hiding this comment.
Yes these are binary releases. Normally I prefer the build from source approach, but it wouldn't be possible to do that from the ebuild here:
The execution environment must have access to a Docker daemon (all build operations are performed in Docker containers for isolation from the host system).
Though we could rebuild from source and host the binaries for ourselves, and then consume them.
E.g, there are binary releases for the Rust compiler or Go, why not use them, too?
I would be for switching to dev-lang/rust-bin, the build times for it are ridiculous, and the rust compiler (including self bootstrap) is a major part of our SDK build time. For go we wouldn't have much benefit from using a pre-built toolchain.
There was a problem hiding this comment.
Also given that we can revisit the choice of where the python binaries come from when migrating to sysext, I'm fine consuming the published binaries in this case here.
About Rust, yeah, specially the LLVM compilation takes ages…
There was a problem hiding this comment.
Rust cross-compilation support is something we handle in dev-lang/rust and would need to be ported. I haven't looked deeper.
There was a problem hiding this comment.
Yeah, or use rustup to install the regular toolchain into the SDK
| src_install() { | ||
| dodir /usr/share/oem | ||
| cp -a ${S}/python ${ED}/usr/share/oem | ||
| find ${ED} -name 'lib*.a' -delete |
There was a problem hiding this comment.
| find ${ED} -name 'lib*.a' -delete | |
| find ${ED}/usr/share/oem/python/ -name 'lib*.a' -delete |
|
I'm not sure I like the fact that we are pulling binaries from some random place. How does this play with the secure supply chain initiative? |
|
That's why I wanted to have this discussion, this is not something I want to merge as is. At very least we should rebuild the binaries ourself. Do you have ideas for alternative approaches that I could explore? |
Maybe we can prioritize the OEM sysext transition over Docker sysext and start with Azure? |
Our python-oem is minimal and doesn't support pip or most of the standard library. This is an attempt to see whether using a prebuilt python distribution works to support Azure extensions. It was necessary to add a symlink to 'python' executable and lib64 dir to avoid having to change distro-oem and waagent ebuilds.
pothos
force-pushed
the
jepio/prebuilt-python-oem
branch
from
106a87c
to
bcb9e69
Compare
dev-lang/python-oem: use python from python-build-standalone project
Our python-oem is minimal and doesn't support pip or most of the standard
library. This is an attempt to see whether using a prebuilt python
distribution works to support Azure extensions.
It was necessary to add a symlink to 'python' executable and lib64 dir to avoid
having to change distro-oem and waagent ebuilds.
How to use
Test on Azure, deploy VMBackup/VMSnapshot extension from Azure portal.
Testing done
[Describe the testing you have done before submitting this PR. Please include both the commands you issued as well as the output you got.]
changelog/directory (user-facing change, bug fix, security fix, update)