xref: /aosp_15_r20/external/pytorch/.ci/docker/manywheel/build_scripts/build.sh (revision da0073e96a02ea20f0ac840b70461e3646d07c45) 
1#!/bin/bash
2# Top-level build script called from Dockerfile
3# Script used only in CD pipeline
4
5# Stop at any error, show all commands
6set -ex
7
8# openssl version to build, with expected sha256 hash of .tar.gz
9# archive
10OPENSSL_ROOT=openssl-1.1.1l
11OPENSSL_HASH=0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1
12DEVTOOLS_HASH=a8ebeb4bed624700f727179e6ef771dafe47651131a00a78b342251415646acc
13PATCHELF_HASH=d9afdff4baeacfbc64861454f368b7f2c15c44d245293f7587bbf726bfe722fb
14CURL_ROOT=curl-7.73.0
15CURL_HASH=cf34fe0b07b800f1c01a499a6e8b2af548f6d0e044dca4a29d88a4bee146d131
16AUTOCONF_ROOT=autoconf-2.69
17AUTOCONF_HASH=954bd69b391edc12d6a4a51a2dd1476543da5c6bbf05a95b59dc0dd6fd4c2969
18
19# Get build utilities
20MY_DIR=$(dirname "${BASH_SOURCE[0]}")
21source $MY_DIR/build_utils.sh
22
23if [ "$(uname -m)" != "s390x" ] ; then
24    # Dependencies for compiling Python that we want to remove from
25    # the final image after compiling Python
26    PYTHON_COMPILE_DEPS="zlib-devel bzip2-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel libffi-devel"
27
28    # Libraries that are allowed as part of the manylinux1 profile
29    MANYLINUX1_DEPS="glibc-devel libstdc++-devel glib2-devel libX11-devel libXext-devel libXrender-devel  mesa-libGL-devel libICE-devel libSM-devel ncurses-devel"
30
31    # Development tools and libraries
32    yum -y install bzip2 make git patch unzip bison yasm diffutils \
33        automake which file cmake28 \
34        kernel-devel-`uname -r` \
35        ${PYTHON_COMPILE_DEPS}
36else
37    # Dependencies for compiling Python that we want to remove from
38    # the final image after compiling Python
39    PYTHON_COMPILE_DEPS="zlib1g-dev libbz2-dev libncurses-dev libsqlite3-dev libdb-dev libpcap-dev liblzma-dev libffi-dev"
40
41    # Libraries that are allowed as part of the manylinux1 profile
42    MANYLINUX1_DEPS="libglib2.0-dev libX11-dev libncurses-dev"
43
44    # Development tools and libraries
45    apt install -y bzip2 make git patch unzip diffutils \
46        automake which file cmake \
47        linux-headers-virtual \
48        ${PYTHON_COMPILE_DEPS}
49fi
50
51# Install newest autoconf
52build_autoconf $AUTOCONF_ROOT $AUTOCONF_HASH
53autoconf --version
54
55# Compile the latest Python releases.
56# (In order to have a proper SSL module, Python is compiled
57# against a recent openssl [see env vars above], which is linked
58# statically. We delete openssl afterwards.)
59build_openssl $OPENSSL_ROOT $OPENSSL_HASH
60/build_scripts/install_cpython.sh
61
62PY39_BIN=/opt/python/cp39-cp39/bin
63
64# Our openssl doesn't know how to find the system CA trust store
65#   (https://github.com/pypa/manylinux/issues/53)
66# And it's not clear how up-to-date that is anyway
67# So let's just use the same one pip and everyone uses
68$PY39_BIN/pip install certifi
69ln -s $($PY39_BIN/python -c 'import certifi; print(certifi.where())') \
70      /opt/_internal/certs.pem
71# If you modify this line you also have to modify the versions in the
72# Dockerfiles:
73export SSL_CERT_FILE=/opt/_internal/certs.pem
74
75# Install newest curl
76build_curl $CURL_ROOT $CURL_HASH
77rm -rf /usr/local/include/curl /usr/local/lib/libcurl* /usr/local/lib/pkgconfig/libcurl.pc
78hash -r
79curl --version
80curl-config --features
81
82# Install patchelf (latest with unreleased bug fixes)
83curl -sLOk https://nixos.org/releases/patchelf/patchelf-0.10/patchelf-0.10.tar.gz
84# check_sha256sum patchelf-0.9njs2.tar.gz $PATCHELF_HASH
85tar -xzf patchelf-0.10.tar.gz
86(cd patchelf-0.10 && ./configure && make && make install)
87rm -rf patchelf-0.10.tar.gz patchelf-0.10
88
89# Install latest pypi release of auditwheel
90$PY39_BIN/pip install auditwheel
91ln -s $PY39_BIN/auditwheel /usr/local/bin/auditwheel
92
93# Clean up development headers and other unnecessary stuff for
94# final image
95if [ "$(uname -m)" != "s390x" ] ; then
96    yum -y erase wireless-tools gtk2 libX11 hicolor-icon-theme \
97        avahi freetype bitstream-vera-fonts \
98        ${PYTHON_COMPILE_DEPS} || true > /dev/null 2>&1
99    yum -y install ${MANYLINUX1_DEPS}
100    yum -y clean all > /dev/null 2>&1
101    yum list installed
102else
103    apt purge -y ${PYTHON_COMPILE_DEPS} || true > /dev/null 2>&1
104fi
105# we don't need libpython*.a, and they're many megabytes
106find /opt/_internal -name '*.a' -print0 | xargs -0 rm -f
107# Strip what we can -- and ignore errors, because this just attempts to strip
108# *everything*, including non-ELF files:
109find /opt/_internal -type f -print0 \
110    | xargs -0 -n1 strip --strip-unneeded 2>/dev/null || true
111# We do not need the Python test suites, or indeed the precompiled .pyc and
112# .pyo files. Partially cribbed from:
113#    https://github.com/docker-library/python/blob/master/3.4/slim/Dockerfile
114find /opt/_internal \
115     \( -type d -a -name test -o -name tests \) \
116  -o \( -type f -a -name '*.pyc' -o -name '*.pyo' \) \
117  -print0 | xargs -0 rm -f
118
119for PYTHON in /opt/python/*/bin/python; do
120    # Smoke test to make sure that our Pythons work, and do indeed detect as
121    # being manylinux compatible:
122    $PYTHON $MY_DIR/manylinux1-check.py
123    # Make sure that SSL cert checking works
124    $PYTHON $MY_DIR/ssl-check.py
125done
126
127# Fix libc headers to remain compatible with C99 compilers.
128find /usr/include/ -type f -exec sed -i 's/\bextern _*inline_*\b/extern __inline __attribute__ ((__gnu_inline__))/g' {} +
129
130# Now we can delete our built SSL
131rm -rf /usr/local/ssl
132