python: Use more generic march for rosetta compatibiity

[pnasrat]

See: #38076

Related: chainguard-dev/customer-issues#2094
Signed-off-by: Pris Nasrat pris.nasrat@chainguard.dev

[octo-sts]

⚠️ EXPERIMENTAL

Please use 👍 or 👎 on this comment to indicate if you agree or disagree with the recommendation.

To provide more detailed feedback please comment on the recommendation prefixed with /ai-verify:

e.g. /ai-verify partially helpful but I also added bash to the build environment

Gen AI suggestions to solve the build error:

• Detected Error: "checking whether wchar_t is usable... no"

• Error Category: Build Configuration

• Failure Point: Configure step during Python build

• Root Cause Analysis: The build is failing because the system is unable to properly use wchar_t, which is critical for Python's Unicode support. This typically indicates a mismatch between compiler settings and system libraries.

• Suggested Fix:

1. Add the following flags to the configure step:

  - name: Configure
    runs: |
      # Add these environment variables before ./configure
      export CFLAGS="${CFLAGS} -fwrapv -D_GNU_SOURCE"
      export CPPFLAGS="${CPPFLAGS} -D_GNU_SOURCE"

• Explanation:

• The -fwrapv flag ensures proper handling of integer overflow
• _GNU_SOURCE macro enables GNU extensions including proper wchar_t support
• These flags are commonly needed when building Python with glibc
• This combination ensures proper wide character support in the build environment

• Additional Notes:

• This is a known issue when building Python on certain Linux configurations
• The error occurs during the configure phase before actual compilation
• The fix ensures proper Unicode/wide character support in the built Python
• Without proper wchar_t support, Python's string handling would be compromised

• References:

• Python Issue Tracker: https://bugs.python.org/issue19555
• CPython Build Docs: https://devguide.python.org/getting-started/setup-building/
• Similar issue in Python build: Add CmdLineTest to standard library python/cpython#74674

[techalchemy]

lgtm, thanks!

[pnasrat]

Test errors on 3.12 and 3.13 will investigate

[pnasrat]

hmm locally as non-root I get

2025/03/06 06:24:22 WARN unable to set CAP_SETFCAP effective capability: Operation not permitted subpackage=python-3.12-privileged-netbindservice
2025/03/06 06:24:22 INFO deleting guest dir /tmp/melange-guest-2705264654

[dannf]

Is there any additional testing we should do to make sure this isn't going to break anything (abi-checker maybe?)

Will this noticeably regress performance for any customers?

We may very well want to do this anyway of course - it would just be good to understand the trade-offs and do what we can to avoid other customer escalations.