Binary build script: Enable --with-system-expat
#1319
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Means the `pyexpat` module is now built using the `expat` library from the stack image (rather than CPython's vendored version), so that: - any security fixes are automatically picked up from the stack image, without requiring a Python version update/new app build (the Python vendored version is also very rarely updated) - our Python runtime more closely matches that of the official Python Docker image and other binary distributions - (as a small added bonus) the Python runtime size in the slug is slightly smaller (eg 80% reduction in `pyexpat.*.so`, saving ~1.2MB) See: https://docs.python.org/3/using/configure.html#cmdoption-with-system-expat https://github.com/docker-library/python/blob/1cf43e70e45843c70909a5f914c3c6d0f85fc200/Dockerfile-linux.template#L161 The current Python vendored expat version is `2.4.7` (that's only because it's just been bumped, for the first time in a while, in general it's infrequently updated). The current expat versions in the stack images, are: - Heroku-18: `2.2.5-3ubuntu0.7` - Heroku-20: `2.2.9-1ubuntu0.4` - Heroku-22 (upcoming): `2.4.7-1` GUS-W-8060029.
doriskwan
approved these changes
May 3, 2022
edmorley
added a commit
that referenced
this pull request
Apr 18, 2024
As part of the CNB multi-architecture support work, we need to change the Python runtime archive S3 URLs to include the architecture name. In addition, for the CNB transition from "stacks" to "targets", it would be helpful to switch from stack ID references (such as `heroku-22`) in the URL scheme, to the distro name+version (eg `ubuntu` and `22.04`) available to CNBs via the CNB targets feature. See: https://github.com/buildpacks/spec/blob/buildpack/0.10/buildpack.md#targets-1 Rather than duplicate the Python archives on S3 under different filenames/locations, it makes sense to migrate this buildpack to the new archive names too, so the same S3 archives can be used by both this buildpack and the CNB. Moving to new archive names/URLs also means we can safely regenerate all existing Python versions to pick up the changes in #1566 (and changes made in the past, such as #1319, #1320, #1321 and #1322), since we won't have to worry about overwriting the old archives (which is something we've typically avoided, since it isn't compatible with the model of being able to roll back to an older buildpack version to return to prior behaviour). Since we're changing the S3 URLs anyway, now is also a good time to make another change that would otherwise cause churn in the S3 URLs again (which affects people that pin buildpack version): Switching archive compression format from gzip to Zstandard (something that we've been wanting to do for a while). Zstandard (aka zstd) is a much superior compression format over gzip (smaller archives and much faster decompression), and is seeing widespread adoption across multiple ecosystems (eg APT packages, Docker images, web browsers etc). See: https://github.com/facebook/zstd https://github.com/facebook/zstd/blob/dev/programs/README.md#usage-of-command-line-interface Our base images already have `zstd` installed (and for Rust for the CNB, there is the [zstd](https://crates.io/crates/zstd) crate available), so it's an easy switch. Various compression levels were tested using zstd's benchmarking feature and in the end the highest level of compression picked, since: 1. Unlike some other compression algorithms, zstd's decompression speed is generally not affected by the compression level. 2. We only have to perform the compression once (when compiling Python). 3. Even at the highest compression ratio, it only takes 20 seconds to compress the Python archives compared to the 10 minutes it takes to compile Python itself (when using PGO+LTO). For the Ubuntu 22.04 Python 3.12.3 archive, switching from gzip to zstd (level 22, with long window mode enabled) results in a 26% reduction in compressed archive size. GUS-W-15158299. GUS-W-15505556.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Means the
pyexpatmodule is now built using theexpatlibrary from the stack image (rather than CPython's vendored version), so that:pyexpat.*.so, saving ~1.2MB)See:
https://docs.python.org/3/using/configure.html#cmdoption-with-system-expat
https://github.com/docker-library/python/blob/1cf43e70e45843c70909a5f914c3c6d0f85fc200/Dockerfile-linux.template#L161
The current Python vendored expat version is
2.4.7(that's only because it's just been bumped for the first time in a while, in general it's infrequently updated - eg commit history).The current expat versions in the stack images, are (but note these will have security backports, so the base version number doesn't quite tell the full story):
2.2.5-3ubuntu0.72.2.9-1ubuntu0.42.4.7-1Note: This change will only take effect for future Python version releases (or future Heroku stacks) - existing Python binaries are not being recompiled.
GUS-W-8060029.