| 1 | #!/bin/bash -ex |
|---|
| 2 | |
|---|
| 3 | # This runs in the container to actually build the wheels. |
|---|
| 4 | BUILDER="/io/misc/build_helpers/_build-wheels.sh" |
|---|
| 5 | |
|---|
| 6 | # Create a scratch path where a bunch of intermediate build state can be |
|---|
| 7 | # dumped. |
|---|
| 8 | BASE="$(mktemp -d)" |
|---|
| 9 | |
|---|
| 10 | # Put a virtualenv in there |
|---|
| 11 | ENV="${BASE}/env" |
|---|
| 12 | virtualenv "${ENV}" |
|---|
| 13 | |
|---|
| 14 | # Create a directory where we can dump wheels that the build depends on. |
|---|
| 15 | WHEELHOUSE="${BASE}/wheelhouse" |
|---|
| 16 | mkdir -p "${WHEELHOUSE}" |
|---|
| 17 | |
|---|
| 18 | # Helpers to run programs from the virtualenv - instead of "activating" it and |
|---|
| 19 | # changing what "pip" and "python" mean for everything in the script. |
|---|
| 20 | PYTHON="${ENV}/bin/python" |
|---|
| 21 | PIP="${ENV}/bin/pip" |
|---|
| 22 | |
|---|
| 23 | |
|---|
| 24 | # Get a new, good version of pip (who knows what version came with the |
|---|
| 25 | # virtualenv on the system?) |
|---|
| 26 | "${PIP}" install --upgrade pip |
|---|
| 27 | |
|---|
| 28 | # Dump the requirements into a pip-readable format. |
|---|
| 29 | "${PYTHON}" setup.py egg_info |
|---|
| 30 | |
|---|
| 31 | # Get wheels for all of the requirements and dump them into the directory we |
|---|
| 32 | # created for that purpose. |
|---|
| 33 | "${PIP}" wheel \ |
|---|
| 34 | --requirement pycryptopp.egg-info/requires.txt \ |
|---|
| 35 | --wheel-dir "${WHEELHOUSE}" |
|---|
| 36 | |
|---|
| 37 | # This image can build x86_64 (64 bit) manylinux wheels. |
|---|
| 38 | DOCKER_IMAGE="quay.io/pypa/manylinux1_x86_64" |
|---|
| 39 | docker pull "${DOCKER_IMAGE}" |
|---|
| 40 | |
|---|
| 41 | # Build all the x86_64 bit wheels. Give this image access to our working |
|---|
| 42 | # directory (the root of the pycryptopp source tree). Also give it access to |
|---|
| 43 | # the wheelhouse we populated with our requirements above. Also give it no |
|---|
| 44 | # network access at all. The image is (intentionally) full of super old |
|---|
| 45 | # software that's riddled with vulnerabilities. Cutting it off from the |
|---|
| 46 | # network limits the attack surface to something a bit less terrifying. |
|---|
| 47 | docker run \ |
|---|
| 48 | --rm \ |
|---|
| 49 | --network none \ |
|---|
| 50 | --volume "${PWD}:/io" \ |
|---|
| 51 | --volume "${WHEELHOUSE}:/io/wheelhouse" \ |
|---|
| 52 | "${DOCKER_IMAGE}" \ |
|---|
| 53 | "${BUILDER}" |
|---|
| 54 | |
|---|
| 55 | # As above, but for the i686 (32 bit) builds. |
|---|
| 56 | DOCKER_IMAGE="quay.io/pypa/manylinux1_i686" |
|---|
| 57 | docker pull "${DOCKER_IMAGE}" |
|---|
| 58 | docker run \ |
|---|
| 59 | --rm \ |
|---|
| 60 | --network none \ |
|---|
| 61 | --volume "${PWD}:/io" \ |
|---|
| 62 | --volume "${WHEELHOUSE}:/io/wheelhouse" \ |
|---|
| 63 | "${DOCKER_IMAGE}" \ |
|---|
| 64 | linux32 "${BUILDER}" |
|---|
| 65 | |
|---|
| 66 | # Get the pycryptopp wheels from the place they were dumped. |
|---|
| 67 | mkdir -p wheelhouse |
|---|
| 68 | cp -v "${WHEELHOUSE}"/pycryptopp-*.whl wheelhouse/ |
|---|
| 69 | sha256sum wheelhouse/*.whl |
|---|
