无法“点安装加密"带有OpenSSL 1.0.2g和Python 2.7的Docker Alpine Linux 3.3中 [英] Cannot "pip install cryptography" in Docker Alpine Linux 3.3 with OpenSSL 1.0.2g and Python 2.7
问题描述
已解决哇,这些家伙很快……基本上就是这个 https://github.com/pyca/cryptography/issues/2750 事实证明,openssl的安全更新已发布(DROWN攻击),并且该更新包含意外的功能签名更改,导致功能不兼容,因此对我来说真是不幸.
Solved Wow, these guys are fast... It's basically this https://github.com/pyca/cryptography/issues/2750 It turned out that a security update for openssl was released (DROWN Attack) and that update contained an unexpected function signature change which caused the incompatibility, so this was just bad luck for me.
我需要在运行Alpine Linux的Docker容器中使用pip install cryptography
.实际上,它是另一个模块service_identity
,但是问题出在cryptography
模块上,这是一个依赖项.
I need to use pip install cryptography
in a Docker container running Alpine Linux. Actually, it's another module, service_identity
, but the problem resides in the cryptography
module, which is a dependency.
我有以下Dockerfile
I have the following Dockerfile
FROM alpine:3.3
RUN apk --update add build-base libffi-dev openssl-dev python-dev py-pip
RUN pip install cryptography
由于以下错误而失败
generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'
building '_openssl' extension
creating build/temp.linux-x86_64-2.7/build
creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
gcc -fno-strict-aliasing -Os -fomit-frame-pointer -DNDEBUG -Os -fomit-frame-pointer -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o
build/temp.linux-x86_64-2.7/_openssl.c:726:6: error: conflicting types for 'BIO_new_mem_buf'
BIO *BIO_new_mem_buf(void *, int);
^
In file included from /usr/include/openssl/asn1.h:65:0,
from build/temp.linux-x86_64-2.7/_openssl.c:434:
/usr/include/openssl/bio.h:692:6: note: previous declaration of 'BIO_new_mem_buf' was here
BIO *BIO_new_mem_buf(const void *buf, int len);
^
error: command 'gcc' failed with exit status 1
openssl 1.0.2g已于2016-03-01(昨天)发布,并且alpine软件包已更新至该版本.可以与此相关吗?
openssl 1.0.2g was released on 2016-03-01 (yesterday) and the alpine package already got updated to that version. Can it be related to this?
如何解决此问题?也许我可以设置一些环境变量?
How can I resolve this issue? Maybe some environment variables which I can set?
更新我一直在检查GitHub Repo中的openssl,实际上,在1.0.2f到1.0.2g的过渡期间,openssl/bio.h
的BIO *BIO_new_mem_buf(void *buf, int len)
更改为BIO *BIO_new_mem_buf(const void *buf, int len)
.用于 https://github.com/openssl/openssl/compare/中的"BIO_new_mem_buf" OpenSSL_1_0_2f ... OpenSSL_1_0_2g ).我不知道此openssl/asn1.h
的来源,它正在导入openssl/bio.h
的过时版本,因为它看起来不像openssl存储库中的那个.有什么想法吗?
Update I've been checking the GitHub Repo for openssl, and in fact BIO *BIO_new_mem_buf(void *buf, int len)
of openssl/bio.h
got changed to BIO *BIO_new_mem_buf(const void *buf, int len)
during the 1.0.2f to 1.0.2g transition (search for "BIO_new_mem_buf" in https://github.com/openssl/openssl/compare/OpenSSL_1_0_2f...OpenSSL_1_0_2g). I don't know where this openssl/asn1.h
is coming from, which is importing an outdated version of openssl/bio.h
, as it does not look like the one in the openssl repo. Any ideas?
好吧,我看到一些已经在做这件事了: https://github.com/pyca/cryptography/issues/2750
Ok, I see some are already working on this: https://github.com/pyca/cryptography/issues/2750
推荐答案
对于在 Alpine 3.7 中安装cryptography==2.1.4
仍遇到问题的用户,如下所示:
For those who are still experiencing problems installing cryptography==2.1.4
in Alpine 3.7 like this:
writing manifest file 'src/cryptography.egg-info/SOURCES.txt'
running build_ext
generating cffi module 'build/temp.linux-x86_64-2.7/_padding.c'
creating build/temp.linux-x86_64-2.7
generating cffi module 'build/temp.linux-x86_64-2.7/_constant_time.c'
generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'
building '_openssl' extension
creating build/temp.linux-x86_64-2.7/build
creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
gcc -fno-strict-aliasing -Os -fomit-frame-pointer -g -DNDEBUG -Os -fomit-frame-pointer -g -DTHREAD_STACK_SIZE=0x100000 -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o -Wconversion -Wno-error=sign-conversion
build/temp.linux-x86_64-2.7/_openssl.c:493:30: fatal error: openssl/opensslv.h: No such file or directory
#include <openssl/opensslv.h>
^
compilation terminated.
error: command 'gcc' failed with exit status 1
解决方案
在Alpine容器中安装以下依赖项:
Solution
Install these dependencies in the Alpine container:
$ apk add --no-cache libressl-dev musl-dev libffi-dev
要使用 Dockerfile 安装这些依赖项:
To install these dependencies using a Dockerfile:
RUN apk add --no-cache \
libressl-dev \
musl-dev \
libffi-dev && \
pip install --no-cache-dir cryptography==2.1.4 && \
apk del \
libressl-dev \
musl-dev \
libffi-dev
参考
cryptography
在Alpine上的安装说明可以在这里找到:
Reference
Installation instructions for cryptography
on Alpine can be found here:
- https://cryptography.io/en/latest/installation/#building-cryptography-on-linux
- A version from the time of writing is available on github
这是相关部分:
在Linux上构建密码学
[跳过非Alpine Linux的部分] …
$ pip install cryptography
如果您在Alpine上,或者只是想自己编译,则
cryptography
需要一个编译器,Python的标头(如果您不是
使用pypy
)以及OpenSSL和libffi
库的标头
在系统上可用.
If you are on Alpine or just want to compile it yourself then
cryptography
requires a compiler, headers for Python (if you're not
using pypy
), and headers for the OpenSSL and libffi
libraries
available on your system.
如果使用的是Python 2,请用python-dev
替换python3-dev
.
Replace python3-dev
with python-dev
if you're using Python 2.
$ sudo apk add gcc musl-dev python3-dev libffi-dev openssl-dev
如果您遇到openssl-dev
错误,则可能必须使用libressl-dev
.
If you get an error with openssl-dev
you may have to use libressl-dev
.
这篇关于无法“点安装加密"带有OpenSSL 1.0.2g和Python 2.7的Docker Alpine Linux 3.3中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!