build the cryptography manylinux1 docker images #98
Conversation
reaperhulk
force-pushed
the
manylinux1-work
branch
from
7655f0b to
9dacfd0
Compare
|
Big issue right now is that I have to pass a directory to the build context, but I need that Update: fixed. |
reaperhulk
force-pushed
the
manylinux1-work
branch
2 times, most recently
from
f51e122 to
20ece69
Compare
config.json
Outdated
| @@ -2,66 +2,91 @@ | |||
| { | |||
| "tag": "pyca/crypto-jenkins", | |||
| "path": "jenkins", | |||
| "dockerfile": "jenkins/Dockerfile", | |||
There was a problem hiding this comment.
We should not need dockerfile and path keys. as far as I can tell they are duplicative.
There was a problem hiding this comment.
if you supply a -f to docker build then you must supply the Dockerfile name. path then becomes the docker build context. If you don't supply -f it is assumed to be Dockerfile inside the build context, but that won't work when you want multiple dockerfiles to share the build context.
That said, ARG in FROM hypothetically resolves this and makes it unnecessary. Unfortunately while that's merged it's not available in a stable docker CE release yet?
There was a problem hiding this comment.
I'm pretty sure it is in a release: https://github.com/moby/moby/releases/tag/v17.05.0-ce
There was a problem hiding this comment.
(As noted in IRC, 17.05 isn't available as stable, only edge)
There was a problem hiding this comment.
Sigh. Do we know when edge next goes stable? cc: @cyli
There was a problem hiding this comment.
Their docs say quarterly. Latest stable is .03 so presumably we should expect to see a 17.07 in stable in about a month?
There was a problem hiding this comment.
Currently in RC5 - should be soon - RC5 was unexpected.
There was a problem hiding this comment.
Pretty sure we can wait then 😄 Thanks @cyli!
| @@ -0,0 +1,10 @@ | |||
| FROM quay.io/pypa/manylinux1_i686 | |||
There was a problem hiding this comment.
Now that the latest docker supports ARG in from, I believe these can be consolidated.
|
Err, quarterly means every 3 months, so wouldn't that mean 17.06? Am I bad
at calendar?
…On Tue, Jun 20, 2017 at 4:54 PM, Paul Kehrer ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In config.json
<#98 (comment)>:
> @@ -2,66 +2,91 @@
{
"tag": "pyca/crypto-jenkins",
"path": "jenkins",
+ "dockerfile": "jenkins/Dockerfile",
Their docs say quarterly. Latest stable is .03 so presumably we should
expect to see a 17.07 in stable in about a month?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#98 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAADBOvJ37GoNQ7fWJD-LqppVqfTMbTDks5sGDGIgaJpZM4N1wzJ>
.
--
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: D1B3 ADC0 E023 8CA6
|
|
What's 1 month among friends? Yes, 17.06 https://blog.docker.com/2017/03/docker-enterprise-edition/ So I guess at some point soon there should be a stable update? |
|
How do you feel about just waiting for that, since it lets us simplify considerably? |
reaperhulk
force-pushed
the
manylinux1-work
branch
2 times, most recently
from
68f3a39 to
6908870
Compare
This utilizes ARG in FROM and requires docker 17.06-ce or better to build
reaperhulk
force-pushed
the
manylinux1-work
branch
from
6908870 to
8897974
Compare
cryptography-manylinux1/Dockerfile
Outdated
| @@ -0,0 +1,11 @@ | |||
| ARG ARCH=x86_64 | |||
cryptography-manylinux1/Dockerfile
Outdated
| ARG ARCH=x86_64 | ||
| FROM quay.io/pypa/manylinux1_${ARCH} | ||
| MAINTAINER Python Cryptographic Authority | ||
| ADD install_openssl.sh /root/install_openssl.sh |
There was a problem hiding this comment.
Nit, move the ADD to right before we use it.
| function check_sha256sum { | ||
| local fname=$1 | ||
| local sha256=$2 | ||
| echo "${sha256} ${fname}" > ${fname}.sha256 |
| local fname=$1 | ||
| local sha256=$2 | ||
| echo "${sha256} ${fname}" > ${fname}.sha256 | ||
| sha256sum -c ${fname}.sha256 |
There was a problem hiding this comment.
Does this function do the right thing on failure?
There was a problem hiding this comment.
Yeah on failure it prints to stderr and since we're set -xe and it returns non-zero error code the script halts.
| local sha256=$2 | ||
| echo "${sha256} ${fname}" > ${fname}.sha256 | ||
| sha256sum -c ${fname}.sha256 | ||
| rm ${fname}.sha256 |
|
By approve I mean "please fix all these things" |
| echo "Configuring for i686" | ||
| ./Configure linux-generic32 no-comp shared --prefix=/opt/pyca/cryptography/openssl --openssldir=/opt/pyca/cryptography/openssl | ||
| fi | ||
| make depend |
There was a problem hiding this comment.
Should there be a -j$(nproc) or something on this?
No description provided.