Migrate branch of my fork to its own repo

This repository is a fork of the [update python version](https://github.com/lisa/static-binaries/tree/update-python-version) branch in [my fork](https://github.com/lisa/static-binaries) of [andrew-d/static-binaries](https://github.com/andrew-d/static-binaries). The goal of this repository is to separate out the Python parts from the upstream collection of packages.

Author: lisa

.dockerignore

@@ -0,0 +1 @@
+Dockerfile

BPO-7938_pr4338-fix-makesetup-script.patch

@@ -0,0 +1,15 @@
+--- Modules/makesetup.dist	2018-05-23 01:58:50.034767531 +0000
++++ Modules/makesetup	2018-05-23 01:59:36.207811984 +0000
+@@ -128,7 +128,11 @@
+ 
+ 		# Output DEFS in reverse order so first definition overrides
+ 		case $line in
+-		*=*)	DEFS="$line$NL$DEFS"; continue;;
++		*=*)    if [ $(sed -e 's$::=\|:=\|+=\|?=$=$' -e 's$\s*=.*$$' <<< $line | wc -w) == 1 ]
++              		then
++                      		DEFS="$line$NL$DEFS"; continue;
++              		fi
++              		;;
+ 		'include '*)	DEFS="$line$NL$DEFS"; continue;;
+ 		'*noobjects*')
+ 			case $noobjects in

Dockerfile

@@ -0,0 +1,28 @@
+FROM thedoh/musl-cross:1.1.19
+MAINTAINER Lisa Seelye <lisa@thedoh.com>
+# Upstream maintainer: Andrew Dunham <andrew@du.nham.ca>
+
+RUN apt-get update && apt-get install -y zip
+
+# Add our build script
+ADD . /build/
+
+# This builds the program and copies it to /output
+RUN /build/build.sh
+
+###
+FROM scratch
+MAINTAINER Lisa Seelye <lisa@thedoh.com>
+WORKDIR /
+COPY --from=0 /output/python* /
+
+# just in case things need them to exist, like flask
+COPY passwd /etc/passwd
+COPY group /etc/group
+
+ENV \
+  PYTHONHOME=/python2.7.zip \
+  PYTHONPATH=/python2.7.zip
+
+# Users of this base image should be sure to COPY their entrypoint.py to /entrypoint.py
+CMD [ "/python", "-s", "-S", "/entrypoint.py" ]

LICENSE

@@ -0,0 +1 @@
+This repository follows the same license as https://github.com/andrew-d/static-binaries since this is a fork of it to isolate the Python parts.

README.md

@@ -0,0 +1,105 @@
+# docker-static-python
+
+This repository is a fork of the [update python version](https://github.com/lisa/static-binaries/tree/update-python-version) branch in [my fork](https://github.com/lisa/static-binaries) of [andrew-d/static-binaries](https://github.com/andrew-d/static-binaries). The goal of this repository is to separate out the Python parts from the upstream collection of packages.
+
+# Version
+
+This Docker image provides Python-2.7.15rc1 with the following modules and software statically compiled in to the python binary:
+
+* [psutil-5.4.5](https://pypi.org/project/psutil/)
+* [OpenSSL-1.0.2k](https://www.openssl.org)
+* [zlib-1.2.11](https://zlib.net/)
+* [termcap-1.3.1](https://www.gnu.org/software/termutils/manual/termcap-1.3/termcap.html)
+* [readline-6.3](https://tiswww.case.edu/php/chet/readline/rltop.html)
+
+# Usage
+
+By default the image will run `python -sS /entrypoint.py` but if you would prefer a Python shell invoke:
+
+    $ docker run -ti thedoh/static-python:2.7.15rc1-r1
+    Python 2.7.15rc1 (default, May 17 2018, 15:15:27)
+    [GCC 5.3.0] on linux2
+    >>> 
+
+
+
+# psutil Notes
+
+The package is included to illustrate the possibility of compiling third party modules into the Python static image. The `psuutil` package is patched with two patches (below) to force the `psutil` Python library code to _not_ look in its directory (`from . import`) and rather to anywhere the requirement can be met (such as from within the `python` binary).
+* [psutil_import__init__.patch](psutil_import__init__.patch)
+* [psutil_import_pslinux.patch](psutil_import_pslinux.patch)
+
+A common use case will be to `pip install` some set of requirements for use. Since some of those requirements may have C code to compile it is thus a requirement to statically compile that code into the `python` binary because there are no shared Python objects to link against. The inclusion of `psutil` demonstrates this process.
+
+
+## psutil License
+
+> psutil is distributed under BSD license reproduced below.
+> 
+> Copyright (c) 2009, Jay Loden, Dave Daeschler, Giampaolo Rodola'
+> All rights reserved.
+> 
+> Redistribution and use in source and binary forms, with or without modification,
+> are permitted provided that the following conditions are met:
+> 
+>  * Redistributions of source code must retain the above copyright notice, this
+>    list of conditions and the following disclaimer.
+>  * Redistributions in binary form must reproduce the above copyright notice,
+>    this list of conditions and the following disclaimer in the documentation
+>    and/or other materials provided with the distribution.
+>  * Neither the name of the psutil authors nor the names of its contributors
+>    may be used to endorse or promote products derived from this software without
+>    specific prior written permission.
+> 
+> THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+> ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+> WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+> DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+> ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+> (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+> LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+> ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+> (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+> SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+## Entrypoint.py
+
+A sample `entrypoint.py` to call an app using Factory pattern might be:
+
+    import sys
+    import os
+
+    sys.path.append("/usr/src/app")
+
+    os.chdir("/usr/src/app")
+
+    from your.app import make_app
+
+    app = make_app()
+
+    app.run()
+
+If you prefer to `execv` instead:
+
+    import sys
+    import os
+
+
+    os.chdir("/")
+
+    os.execv("/python", ["-s","-S","/myapp.py"])
+    # No code runs after here
+
+
+Or `subprocess`:
+
+    import sys
+    import os
+
+
+    os.chdir("/")
+
+    import subprocess
+
+    subprocess.call(["/python", "-s","-S","/myapp.py"])
+    # Code execution continues

build.sh

@@ -0,0 +1,205 @@
+#!/bin/bash
+
+set -e
+set -o pipefail
+set -x
+
+
+ZLIB_VERSION=1.2.11
+TERMCAP_VERSION=1.3.1
+READLINE_VERSION=6.3
+OPENSSL_VERSION=1.0.2k
+PYTHON_BASE_VERSION=2.7.15
+PSUTIL_VERSION=5.4.5
+PYTHON_RC=rc1
+
+CPU_COUNT=$(nproc --all 2>/dev/null)
+MAKE_J="-j${CPU_COUNT:-1}"
+
+function fetch_psutil() {
+  cd /build
+  curl -L -o /build/psutil-${PSUTIL_VERSION}.zip https://github.com/giampaolo/psutil/archive/release-${PSUTIL_VERSION}.zip
+  unzip /build/psutil-${PSUTIL_VERSION}.zip
+  mv psutil-release-${PSUTIL_VERSION} psutil-${PSUTIL_VERSION}
+  # Prune out the Python files from the C files and then monkeypatch the
+  # Python files
+  mkdir -p psutil/{c_files,python_files}
+  cp -r /build/psutil-${PSUTIL_VERSION}/psutil psutil/c_files/
+	rm -rf psutil/c_files/psutil/*.py* psutil/c_files/psutil/DEVNOTES psutil/c_files/psutil/tests
+  # Python files
+  cp -r /build/psutil-${PSUTIL_VERSION}/psutil psutil/python_files/
+  rm -rf psutil/python_files/psutil/*.c psutil/python_files/psutil/*.h psutil/python_files/psutil/arch psutil/python_files/psutil/tests
+  # Patch now
+  cd psutil
+  patch --ignore-whitespace -p0 < /build/psutil_import__init__.patch
+  patch --ignore-whitespace -p0 < /build/psutil_import_pslinux.patch
+  cd ..
+  # Ready to be copied for Lib
+}
+
+
+function build_zlib() {
+    cd /build
+
+    # Download
+    curl -LO http://zlib.net/zlib-${ZLIB_VERSION}.tar.gz
+    tar zxvf zlib-${ZLIB_VERSION}.tar.gz
+    cd zlib-${ZLIB_VERSION}
+
+    # Build
+    CC='/opt/cross/x86_64-linux-musl/bin/x86_64-linux-musl-gcc -static -fPIC' \
+        ./configure \
+        --static
+    make ${MAKE_J}
+}
+
+function build_termcap() {
+    cd /build
+
+    # Download
+    curl -LO http://ftp.gnu.org/gnu/termcap/termcap-${TERMCAP_VERSION}.tar.gz
+    tar zxvf termcap-${TERMCAP_VERSION}.tar.gz
+    cd termcap-${TERMCAP_VERSION}
+
+    # Build
+    CC='/opt/cross/x86_64-linux-musl/bin/x86_64-linux-musl-gcc -static -fPIC' \
+        ./configure \
+        --disable-shared \
+        --enable-static
+    make ${MAKE_J}
+}
+
+function build_readline() {
+    cd /build
+
+    # Download
+    curl -LO ftp://ftp.cwru.edu/pub/bash/readline-${READLINE_VERSION}.tar.gz
+    tar xzvf readline-${READLINE_VERSION}.tar.gz
+    cd readline-${READLINE_VERSION}
+
+    # Build
+    CC='/opt/cross/x86_64-linux-musl/bin/x86_64-linux-musl-gcc -static -fPIC' \
+        ./configure \
+        --disable-shared \
+        --enable-static
+    make ${MAKE_J}
+
+    # Note that things look for readline in <readline/readline.h>, so we need
+    # that directory to exist.
+    ln -s /build/readline-${READLINE_VERSION} /build/readline-${READLINE_VERSION}/readline
+}
+
+function build_openssl() {
+    cd /build
+
+    # Download
+    curl -LO https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz
+    tar zxvf openssl-${OPENSSL_VERSION}.tar.gz
+    cd openssl-${OPENSSL_VERSION}
+
+    # Configure
+    CC='/opt/cross/x86_64-linux-musl/bin/x86_64-linux-musl-gcc -static' ./Configure no-shared linux-x86_64
+
+    # Build
+    make
+    echo "** Finished building OpenSSL"
+}
+
+function build_python() {
+    cd /build
+
+    # Download
+    curl -LO https://www.python.org/ftp/python/${PYTHON_BASE_VERSION}/Python-${PYTHON_BASE_VERSION}${PYTHON_RC}.tar.xz
+    unxz Python-${PYTHON_BASE_VERSION}${PYTHON_RC}.tar.xz
+    tar -xvf Python-${PYTHON_BASE_VERSION}${PYTHON_RC}.tar
+    cd Python-${PYTHON_BASE_VERSION}${PYTHON_RC}
+
+    # Copy psutil source code into place
+    mkdir Modules/psutil
+    cp -r /build/psutil/c_files/psutil/* Modules/psutil/
+    # Convert the version to what psutil expects. This should be stable until
+    # their setup.py changes.
+    psversion=$(echo $PSUTIL_VERSION | sed 's,\.,,g')
+
+    # Set up modules
+    cp Modules/Setup.dist Modules/Setup
+    MODULES="_bisect _collections _csv _datetime _elementtree _functools _heapq _io _md5 _posixsubprocese _random _sha _sha256 _sha512 _socket _struct _weakref array binascii cmath cStringIO cPickle datetime fcntl future_builtins grp itertools math mmap operator parser readline resource select spwd strop syslog termios time unicodedata zlib"
+    for mod in $MODULES;
+    do
+        sed -i -e "s/^#${mod}/${mod}/" Modules/Setup
+    done
+
+    echo '_json _json.c' >> Modules/Setup
+    echo '_multiprocessing _multiprocessing/multiprocessing.c _multiprocessing/semaphore.c _multiprocessing/socket_connection.c' >> Modules/Setup
+
+    # Enable static linking
+    sed -i '1i\
+*static*' Modules/Setup
+
+    # Set dependency paths for zlib, readline, etc.
+    sed -i \
+        -e "s|^zlib zlibmodule.c|zlib zlibmodule.c -I/build/zlib-${ZLIB_VERSION} -L/build/zlib-${ZLIB_VERSION} -lz|" \
+        -e "s|^readline readline.c|readline readline.c -I/build/readline-${READLINE_VERSION} -L/build/readline-${READLINE_VERSION} -L/build/termcap-${TERMCAP_VERSION} -lreadline -ltermcap|" \
+        Modules/Setup
+    # static compile these modules. Any others that `setup.py` might want to
+    # build "shared" should follow this pattern to make them included
+    echo "" >> Modules/Setup
+    cat << 'EOF' >>Modules/Setup
+_lsprof rotatingtree.c _lsprof.c
+pyexpat expat/xmlparse.c expat/xmlrole.c expat/xmltok.c pyexpat.c -I$(srcdir)/Modules/expat -DHAVE_EXPAT_CONFIG_H -DUSE_PYEXPAT_CAPI -DHAVE_SYSCALL_GETRANDOM
+_psutil_linux psutil/_psutil_common.c psutil/_psutil_posix.c psutil/_psutil_linux.c -DPSUTIL_POSIX=1 -DPSUTIL_VERSION=__PSVER__ -DPSUTIL_LINUX=1
+_psutil_posix psutil/_psutil_common.c psutil/_psutil_posix.c                        -DPSUTIL_POSIX=1 -DPSUTIL_VERSION=__PSVER__ -DPSUTIL_LINUX=1
+EOF
+
+    # Enable OpenSSL support
+    patch --ignore-whitespace -p1 < /build/cpython-enable-openssl.patch
+
+    # Fix https://bugs.python.org/issue7938
+    echo "Patching for https://bugs.python.org/issue7938"
+    patch --ignore-whitespace -p0 < /build/BPO-7938_pr4338-fix-makesetup-script.patch
+
+    sed -i \
+        -e "s|^SSL=/build/openssl-TKTK|SSL=/build/openssl-${OPENSSL_VERSION}|" \
+        -e "s|__PSVER__|${psversion}|g"                                        \
+        Modules/Setup
+
+    # Configure
+    CC='/opt/cross/x86_64-linux-musl/bin/x86_64-linux-musl-gcc -static -fPIC' \
+    CXX='/opt/cross/x86_64-linux-musl/bin/x86_64-linux-musl-g++ -static -static-libstdc++ -fPIC' \
+    LD=/opt/cross/x86_64-linux-musl/bin/x86_64-linux-musl-ld \
+    ./configure \
+      --disable-shared
+
+    # Build
+    make --trace ${MAKE_J} LDFLAGS="-static" LINKFORSHARED=" " || true
+
+
+    /opt/cross/x86_64-linux-musl/bin/x86_64-linux-musl-strip python 
+    # There may be a better way to ensure _sysconfigdata.py is included in the
+    # .zip file, but I am not sure how best to do it, so this is a bit of a
+    # hack, banking on the contents of this container staying around for it
+    # to matter.
+    cp $(find . -name _sysconfigdata.py -print) Lib
+    # Copy the patched psutil Python files into place
+    cp -r /build/psutil/python_files/psutil Lib
+    cd Lib && zip -r ../python2.7.zip .
+
+}
+
+function doit() {
+    fetch_psutil
+    build_zlib
+    build_termcap
+    build_readline
+    build_openssl
+    build_python
+
+		mkdir -p /output
+		cp /build/Python-${PYTHON_BASE_VERSION}${PYTHON_RC}/{python,python2.7.zip} /output
+}
+
+doit
+
+echo "Output:"
+ls -l /output
+echo "Done."

cpython-enable-openssl.patch

@@ -0,0 +1,17 @@
+--- a/Modules/Setup  2015-03-15 07:33:09.093498063 +0000
++++ b/Modules/Setup  2015-03-15 07:33:43.436659171 +0000
+@@ -204,10 +204,10 @@
+ 
+ # Socket module helper for SSL support; you must comment out the other
+ # socket line above, and possibly edit the SSL variable:
+-#SSL=/usr/local/ssl
+-#_ssl _ssl.c \
+-#      -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
+-#      -L$(SSL)/lib -lssl -lcrypto
++SSL=/build/openssl-TKTK
++_ssl _ssl.c \
++       -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
++       -L$(SSL) -lssl -lcrypto
+ 
+ # The crypt module is now disabled by default because it breaks builds
+ # on many systems (where -lcrypt is needed), e.g. Linux (I believe).

group

@@ -0,0 +1 @@
+root:x:0:root

passwd

@@ -0,0 +1 @@
+root:x:0:0:root:/root:/bin/bash