I’m trying to build a Docker image based on the python:3.10.13-alpine3.18 image. The reason for why I chose to use Alpine over Debian, is due to the vulnerabilities seen in Debian (observed using Snyk, see here). Alpine seem to show no vulnerabilities, at least no critical.
This is the Docker file that includes the step needed to reproduce the issue:
FROM python:3.10.13-alpine3.18
RUN python3 -m pip install streamlit
This results in numpy failing to build.
Sadly, Alpine does not support installing through wheels, so wheels have to be built from scratch. This should not be an issue for small, standalone packages, but quickly becomes a challenge for complex packages like streamlit, with various of dependencies.
Of course there exists Alpine-precompiled packages for numpy (see here), but I do not see any for streamlit, or any other relevant packages. So might be that I will have to build all these myself from scratch.
So I was wondering if anyone has tried using streamlit with Alpine, and if there existed Alpine-precompiled packages somewhere that I could test?
Note that installing just a simple package like pyarrow that has two main dependencies in pandas and numpy, requires an insane amount of overhead, just to get working with Alpine (see this thread).
Just to demonstrate how annoying Alpine is, I pasted the proposed solution just to install pyarrow in a Alpine Docker image below:
FROM python:3.7-alpine3.8
RUN apk add --no-cache \
git \
build-base \
cmake \
bash \
jemalloc-dev \
boost-dev \
autoconf \
zlib-dev \
flex \
bison
RUN pip install six numpy pandas cython pytest
RUN git clone https://github.com/apache/arrow.git
RUN mkdir /arrow/cpp/build
WORKDIR /arrow/cpp/build
ENV ARROW_BUILD_TYPE=release
ENV ARROW_HOME=/usr/local
ENV PARQUET_HOME=/usr/local
#disable backtrace
RUN sed -i -e '/_EXECINFO_H/,/endif/d' -e '/execinfo/d' ../src/arrow/util/logging.cc
RUN cmake -DCMAKE_BUILD_TYPE=$ARROW_BUILD_TYPE \
-DCMAKE_INSTALL_LIBDIR=lib \
-DCMAKE_INSTALL_PREFIX=$ARROW_HOME \
-DARROW_PARQUET=on \
-DARROW_PYTHON=on \
-DARROW_PLASMA=on \
-DARROW_BUILD_TESTS=OFF \
..
RUN make -j$(nproc)
RUN make install
WORKDIR /arrow/python
RUN python setup.py build_ext --build-type=$ARROW_BUILD_TYPE \
--with-parquet --inplace
#--with-plasma # commented out because plasma tests don't work
RUN py.test pyarrow
So it is likely that this path is not worth venturing for anyone who considers using Streamlit with Alpine. Go with Debian instead and wait for Debian to resolve the vulnerability issues observed (and reported) by Snyk.
As for the security issues in Debian (FROM python:3.12-slim), the only High vulnerability I found was with the cryptography library. You can unload that in your Docker build with RUN apt-get remove -y python3-cryptography
and then manually install the latest one with RUN pip3 install cryptography
Optionally remove a medium vulnerabilitie with RUN pip3 install --upgrade pip
Docker Scout is a great way to drill into security vulnerabilities.
The problem with Alpine, is that 1) there are barely any precompiled binaries which you can install and 2) (even worse) installing these is a huge hassle, as you cannot install wheels, and you can for most other Linux distros.
If you want to learn about all current vulnerabilities with Python for Debian distro, you can check what Snyk has reported:
If I recall correctly, there was a critical vulnerability in a zlib-variant, which is bundled as part of the Ubuntu distro. You should be able to find this from the link above. Note that deleting this “dependency” would be a bad idea, as it would corrupt the distro, hence, why this has not been resolved yet.
I added a snapshot below of what you should see when checking Python on Snyk below:
@JoaoPedroMDP The original question was about installing streamlit on alpine. Sadly pyarrow is only one tiny dependency in the mix of all deps that need to be installed. There is also of interest to install other deps like openai. Even if you manage to install pyarrow I think we are quite far to get streamlit working in Alpine.
As barely any deps are supported on Alpine, I think its going to be nightmare to add support for all. its better to just wait for Ubuntu to add a fix for the vulnerability in the Ubuntu distro, which was the main reason why I at all tried Alpine (as Alpine dont have the same vulnerability built into the distro).
EDIT: I also disagree that py3-pyarrow: The real solution. (...) approach is the proper solution. Sure this is a way to solve the issue with pyarrow, but do you have the same solution for all other deps? Surely not.
Thanks for stopping by! We use cookies to help us understand how you interact with our website.
By clicking “Accept all”, you consent to our use of cookies. For more information, please see our privacy policy.
Cookie settings
Strictly necessary cookies
These cookies are necessary for the website to function and cannot be switched off. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.
Performance cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us understand how visitors move around the site and which pages are most frequently visited.
Functional cookies
These cookies are used to record your choices and settings, maintain your preferences over time and recognize you when you return to our website. These cookies help us to personalize our content for you and remember your preferences.
Targeting cookies
These cookies may be deployed to our site by our advertising partners to build a profile of your interest and provide you with content that is relevant to you, including showing you relevant ads on other websites.
