无法“点安装加密"带有OpenSSL 1.0.2g和Python 2.7的Docker Alpine Linux 3.3中 [英] Cannot "pip install cryptography" in Docker Alpine Linux 3.3 with OpenSSL 1.0.2g and Python 2.7

问题描述

已解决哇，这些家伙很快……基本上就是这个 https://github.com/pyca/cryptography/issues/2750 事实证明，openssl的安全更新已发布(DROWN攻击)，并且该更新包含意外的功能签名更改，导致功能不兼容，因此对我来说真是不幸.

Solved Wow, these guys are fast... It's basically this https://github.com/pyca/cryptography/issues/2750 It turned out that a security update for openssl was released (DROWN Attack) and that update contained an unexpected function signature change which caused the incompatibility, so this was just bad luck for me.

我需要在运行Alpine Linux的Docker容器中使用pip install cryptography.实际上，它是另一个模块service_identity，但是问题出在cryptography模块上，这是一个依赖项.

I need to use pip install cryptography in a Docker container running Alpine Linux. Actually, it's another module, service_identity, but the problem resides in the cryptography module, which is a dependency.

我有以下Dockerfile

I have the following Dockerfile

FROM alpine:3.3

RUN apk --update add build-base libffi-dev openssl-dev python-dev py-pip
RUN pip install cryptography

由于以下错误而失败

generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'
building '_openssl' extension
creating build/temp.linux-x86_64-2.7/build
creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
gcc -fno-strict-aliasing -Os -fomit-frame-pointer -DNDEBUG -Os -fomit-frame-pointer -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o
build/temp.linux-x86_64-2.7/_openssl.c:726:6: error: conflicting types for 'BIO_new_mem_buf'
 BIO *BIO_new_mem_buf(void *, int);
      ^
In file included from /usr/include/openssl/asn1.h:65:0,
                 from build/temp.linux-x86_64-2.7/_openssl.c:434:
/usr/include/openssl/bio.h:692:6: note: previous declaration of 'BIO_new_mem_buf' was here
 BIO *BIO_new_mem_buf(const void *buf, int len);
      ^
error: command 'gcc' failed with exit status 1

openssl 1.0.2g已于2016-03-01(昨天)发布，并且alpine软件包已更新至该版本.可以与此相关吗?

openssl 1.0.2g was released on 2016-03-01 (yesterday) and the alpine package already got updated to that version. Can it be related to this?

如何解决此问题?也许我可以设置一些环境变量?

How can I resolve this issue? Maybe some environment variables which I can set?

更新我一直在检查GitHub Repo中的openssl，实际上，在1.0.2f到1.0.2g的过渡期间，openssl/bio.h的BIO *BIO_new_mem_buf(void *buf, int len)更改为BIO *BIO_new_mem_buf(const void *buf, int len).用于 https://github.com/openssl/openssl/compare/中的"BIO_new_mem_buf" OpenSSL_1_0_2f ... OpenSSL_1_0_2g ).我不知道此openssl/asn1.h的来源，它正在导入openssl/bio.h的过时版本，因为它看起来不像openssl存储库中的那个.有什么想法吗?

Update I've been checking the GitHub Repo for openssl, and in fact BIO *BIO_new_mem_buf(void *buf, int len) of openssl/bio.h got changed to BIO *BIO_new_mem_buf(const void *buf, int len) during the 1.0.2f to 1.0.2g transition (search for "BIO_new_mem_buf" in https://github.com/openssl/openssl/compare/OpenSSL_1_0_2f...OpenSSL_1_0_2g). I don't know where this openssl/asn1.h is coming from, which is importing an outdated version of openssl/bio.h, as it does not look like the one in the openssl repo. Any ideas?

好吧，我看到一些已经在做这件事了: https://github.com/pyca/cryptography/issues/2750

Ok, I see some are already working on this: https://github.com/pyca/cryptography/issues/2750

推荐答案

对于在 Alpine 3.7 中安装cryptography==2.1.4仍遇到问题的用户，如下所示:

For those who are still experiencing problems installing cryptography==2.1.4 in Alpine 3.7 like this:

writing manifest file 'src/cryptography.egg-info/SOURCES.txt'
running build_ext
generating cffi module 'build/temp.linux-x86_64-2.7/_padding.c'
creating build/temp.linux-x86_64-2.7
generating cffi module 'build/temp.linux-x86_64-2.7/_constant_time.c'
generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'
building '_openssl' extension
creating build/temp.linux-x86_64-2.7/build
creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
gcc -fno-strict-aliasing -Os -fomit-frame-pointer -g -DNDEBUG -Os -fomit-frame-pointer -g -DTHREAD_STACK_SIZE=0x100000 -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o -Wconversion -Wno-error=sign-conversion
build/temp.linux-x86_64-2.7/_openssl.c:493:30: fatal error: openssl/opensslv.h: No such file or directory
 #include <openssl/opensslv.h>
                              ^
compilation terminated.
error: command 'gcc' failed with exit status 1

解决方案

在Alpine容器中安装以下依赖项:

Solution

Install these dependencies in the Alpine container:

$ apk add --no-cache libressl-dev musl-dev libffi-dev

要使用 Dockerfile 安装这些依赖项:

To install these dependencies using a Dockerfile:

RUN apk add --no-cache \
        libressl-dev \
        musl-dev \
        libffi-dev && \
    pip install --no-cache-dir cryptography==2.1.4 && \
    apk del \
        libressl-dev \
        musl-dev \
        libffi-dev

参考

cryptography在Alpine上的安装说明可以在这里找到:

Reference

Installation instructions for cryptography on Alpine can be found here:

• https://cryptography.io/en/latest/installation /#building-cryptography-on-linux
• 编写在github上可用

• https://cryptography.io/en/latest/installation/#building-cryptography-on-linux
• A version from the time of writing is available on github

这是相关部分:

在Linux上构建密码学

[跳过非Alpine Linux的部分] …

$ pip install cryptography

如果您在Alpine上，或者只是想自己编译，则 cryptography需要一个编译器，Python的标头(如果您不是 使用pypy)以及OpenSSL和libffi库的标头 在系统上可用.

If you are on Alpine or just want to compile it yourself then cryptography requires a compiler, headers for Python (if you're not using pypy), and headers for the OpenSSL and libffi libraries available on your system.

如果使用的是Python 2，请用python-dev替换python3-dev.

Replace python3-dev with python-dev if you're using Python 2.

$ sudo apk add gcc musl-dev python3-dev libffi-dev openssl-dev

如果您遇到openssl-dev错误，则可能必须使用libressl-dev.

If you get an error with openssl-dev you may have to use libressl-dev.

这篇关于无法“点安装加密"带有OpenSSL 1.0.2g和Python 2.7的Docker Alpine Linux 3.3中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！