Skip to content

Commit 6eae8ac

Browse files
authored
Binary build script: Enable --with-system-expat (#1319)
Means the `pyexpat` module is now built using the `expat` library from the stack image (rather than CPython's vendored version), so that: - any security fixes are automatically picked up from the stack image, without requiring a Python version update/new app build (the Python vendored version is also very rarely updated) - our Python runtime more closely matches that of the official Python Docker image and other binary distributions - (as a small added bonus) the Python runtime size in the slug is slightly smaller (eg 80% reduction in `pyexpat.*.so`, saving ~1.2MB) See: https://docs.python.org/3/using/configure.html#cmdoption-with-system-expat https://github.com/docker-library/python/blob/1cf43e70e45843c70909a5f914c3c6d0f85fc200/Dockerfile-linux.template#L161 The current Python vendored expat version is `2.4.7` (that's only because it's just been bumped, for the first time in a while, in general it's infrequently updated). The current expat versions in the stack images, are: - Heroku-18: `2.2.5-3ubuntu0.7` - Heroku-20: `2.2.9-1ubuntu0.4` - Heroku-22 (upcoming): `2.4.7-1` GUS-W-8060029.
1 parent b3d834f commit 6eae8ac

File tree

2 files changed

+5
-0
lines changed

2 files changed

+5
-0
lines changed

Diff for: CHANGELOG.md

+2
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@
22

33
## Unreleased
44

5+
- Use the `expat` package from the stack image rather than CPython's vendored version, when building
6+
Python binaries ([#1319](https://github.com/heroku/heroku-buildpack-python/pull/1319)).
57

68
## v210 (2022-04-14)
79

Diff for: builds/runtimes/python

+3
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,9 @@ CONFIGURE_OPTS=(
6060
# Skip running `ensurepip` as part of install, since the buildpack installs a curated
6161
# version of pip itself (which ensures it's consistent across Python patch releases).
6262
"--with-ensurepip=no"
63+
# Build the `pyexpat` module using the `expat` library in the stack image (which will
64+
# automatically receive security updates), rather than CPython's vendored version.
65+
"--with-system-expat"
6366
)
6467

6568
if [[ "${VERSION}" != 3.7.* ]]; then

0 commit comments

Comments
 (0)