From 171d62de96259fefa07b151ea7ecaa8e019aadd2 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 29 Nov 2024 12:48:17 -0500 Subject: [PATCH] Containerfile: avoid modifying pycache files A lot of history here, but essentially today the pycache files generated at compose time are invalid because they're of course created before the epoch mtime canonicalization ostree does and pyc files include the mtime in their headers to know if they're out of date. Since `/usr` is not read-only in the layering flow, Python will happily regenerate the cache files as Python code gets executed. This isn't necessarily a big deal and actually would make dnf faster, but it's also awkward and confusing to have only a subset of Python code in the OS cached correctly and sloshing that diff around in container layers when what we really want is having it fixed correctly at base compose time. So let's just avoid it for consistency and to reduce the diff with the legacy variants. We do this by moving the base ones out of the way and then moving them back in place, possibly overwriting regenerated ones. Note that using `ENV PYTHONDONTWRITEBYTECODE=1` is not sufficient here; that doesn't seem to reach RPM scriptlets which use Python. See also: https://github.com/ostreedev/ostree/issues/1469 --- Containerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Containerfile b/Containerfile index 0ec3ac3c..5ccec3d2 100644 --- a/Containerfile +++ b/Containerfile @@ -30,7 +30,11 @@ FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev:c9s-coreos ARG OPENSHIFT_CI=0 +# Avoid shipping modified .pyc files. Due to https://github.com/ostreedev/ostree/issues/1469, +# any Python apps that run (e.g. dnf) will cause pyc creation. RUN --mount=type=bind,target=/run/src \ + find /usr -name '*.pyc' -exec mv {} {}.bak \; && \ if [ "${OPENSHIFT_CI}" != 0 ]; then /run/src/ci/get-ocp-repo.sh --ocp-layer /run/src/packages-openshift.yaml; fi && \ /run/src/scripts/apply-manifest /run/src/packages-openshift.yaml && \ + find /usr -name '*.pyc.bak' -exec sh -c 'mv $1 ${1%.bak}' _ {} \; && \ ostree container commit