Skip to content
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 73 additions & 0 deletions tools/dockerfile/manylinux/Dockerfile-132
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
# A image for building paddle binaries
Copy link

Copilot AI Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Header comment grammar: "A image" should be "An image".

Suggested change
# A image for building paddle binaries
# An image for building paddle binaries

Copilot uses AI. Check for mistakes.
# Use cuda devel base image for both cpu and gpu environment
# When you modify it, please be aware of cudnn-runtime version
ARG CUDA_VERSION=13.2
ARG BASE_TARGET=cuda${CUDA_VERSION}

FROM nvcr.io/nvidia/cuda:13.2.0-cudnn-devel-ubuntu24.04 as base
MAINTAINER PaddlePaddle Authors <paddle-dev@baidu.com>


# ENV variables
ARG WITH_GPU
ARG WITH_AVX
ARG PYTHON_VERSION=3.12
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这个镜像里是不是直接 3.14?@swgu98

Copy link
Copy Markdown
Member Author

@gouzil gouzil Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

得加 ppa:deadsnakes/ppa 源才能上 3.14


ENV WITH_GPU=${WITH_GPU:-ON}
ENV WITH_AVX=${WITH_AVX:-ON}
ENV DEBIAN_FRONTEND=noninteractive
ENV LD_LIBRARY_PATH=/usr/local/cuda-${CUDA_VERSION}/compat:/usr/local/cuda-${CUDA_VERSION}/targets/x86_64-linux/lib:$LD_LIBRARY_PATH

ENV HOME /root

RUN apt-get update --allow-unauthenticated && \
Copy link

Copilot AI Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

apt-get update --allow-unauthenticated disables APT package signature verification, which weakens supply-chain security for this build image. If not strictly required, drop --allow-unauthenticated and fix any key/cert issues instead (or explicitly add the needed repository keys).

Suggested change
RUN apt-get update --allow-unauthenticated && \
RUN apt-get update && \

Copilot uses AI. Check for mistakes.
apt-get install -y --no-install-recommends \
git \
vim \
curl \
wget \
make \
libgl1 \
libglib2.0-0 \
libssl-dev \
autoconf \
automake \
libtool \
libmlx5-1 \
libibverbs-dev \
python${PYTHON_VERSION} \
python${PYTHON_VERSION}-dev \
python3-pip \
libnccl2=2.29.7-1+cuda13.2 \
libnccl-dev=2.29.7-1+cuda13.2 && \
Comment on lines +41 to +42
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nccl 应该打在镜像里吗?这里出问题,是不是因为 setup.py 里没有加 nvidia-nccl-cu13 依赖?@swgu98 @risemeup1

ln -sf /usr/bin/python3 /usr/bin/python && \
rm -rf /var/lib/apt/lists/*

WORKDIR /home
RUN wget -q https://cmake.org/files/v3.31/cmake-3.31.0-linux-x86_64.tar.gz && \
Comment on lines +46 to +47
Copy link

Copilot AI Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CMake is downloaded and extracted without any integrity verification (checksum/signature). To reduce supply-chain risk and improve reproducibility, pin and verify the tarball (e.g., SHA256) before extracting, or install CMake via a trusted package source.

Suggested change
WORKDIR /home
RUN wget -q https://cmake.org/files/v3.31/cmake-3.31.0-linux-x86_64.tar.gz && \
WORKDIR /home
ARG CMAKE_SHA256=<PINNED_CMAKE_3_31_0_LINUX_X86_64_TAR_GZ_SHA256>
RUN wget -q https://cmake.org/files/v3.31/cmake-3.31.0-linux-x86_64.tar.gz && \
echo "${CMAKE_SHA256} cmake-3.31.0-linux-x86_64.tar.gz" | sha256sum -c - && \

Copilot uses AI. Check for mistakes.
tar -zxf cmake-3.31.0-linux-x86_64.tar.gz && \
rm cmake-3.31.0-linux-x86_64.tar.gz && \
rm -rf /home/cmake-3.31.0-linux-x86_64/doc /home/cmake-3.31.0-linux-x86_64/man

ENV PATH=/home/cmake-3.31.0-linux-x86_64/bin:$PATH


ARG TMP_DIR=patchelf_tmp
RUN rm -rf "$TMP_DIR" && git clone --depth 1 --branch 0.15.0 https://github.com/NixOS/patchelf "$TMP_DIR" && \
cd "$TMP_DIR" && ./bootstrap.sh && \
./configure && make && make install && \
cd .. && rm -rf "$TMP_DIR"

RUN wget -q https://paddle-ci.gz.bcebos.com/ccache-4.8.2.tar.gz && \
tar xf ccache-4.8.2.tar.gz && mkdir /usr/local/ccache-4.8.2 && cd ccache-4.8.2 && \
mkdir build && cd build && \
cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr/local/ccache-4.8.2 .. && \
make -j8 && make install && \
ln -s /usr/local/ccache-4.8.2/bin/ccache /usr/local/bin/ccache && \
cd ../../ && rm -rf ccache-4.8.2.tar.gz && rm -rf ccache-4.8.2

COPY paddle/scripts/compile_requirements.txt /root
COPY python/requirements.txt /root
RUN pip install --break-system-packages -r /root/requirements.txt && \
pip install --break-system-packages -r /root/compile_requirements.txt && \
rm -rf /root/compile_requirements.txt /root/requirements.txt
Loading