在Lambda上使用M2Crypto的问题(在EC2上有效) [英] Issue using M2Crypto on lambda (works on EC2)
问题描述
我正在尝试在AWS Lambda中使用M2Crypto安装python函数.
I am trying to install a python function using M2Crypto in AWS Lambda.
我使用 Lambda启动了EC2实例AMI映像,将M2Crypto安装到virtualenv中,并能够使我的功能在EC2上正常工作.
I spun up an EC2 instance with the Lambda AMI image, installed M2Crypto into a virtualenv, and was able to get my function working on EC2.
然后,我压缩了站点包并上传到Lambda.我收到此错误
Then I zipped up the site-package and uploaded to Lambda. I got this error
无法导入模块'epd_M2Crypto': /var/task/M2Crypto/_m2crypto.cpython-36m-x86_64-linux-gnu.so:符号 sk_deep_copy,文件中未定义的版本libcrypto.so.10 具有链接时间参考的libcrypto.so.10
Unable to import module 'epd_M2Crypto': /var/task/M2Crypto/_m2crypto.cpython-36m-x86_64-linux-gnu.so: symbol sk_deep_copy, version libcrypto.so.10 not defined in file libcrypto.so.10 with link time reference
有类似的问题和提示此处和此处.我尝试在zip文件中上传有问题的lib(libcrypto.so.10),但仍然遇到相同的错误.我假设该错误意味着libcrypto.so.10的EC2版本(用于安装M2Crypto)与Lambda上的版本(我试图与其运行)不同,因此M2Crypto抱怨.
There are similar questions and hints here and here. I tried uploading the offending lib (libcrypto.so.10) in the zip file, but still get the same error. I am assuming the error means that the EC2 version of libcrypto.so.10 (used to install M2Crypto) is different than the version on Lambda (that I trying to run with), so M2Crypto complains.
如果我查看openssl的版本,它们是不同的:
If I look at the versions of openssl they are different:
- OpenSSL 1.0.0-fips 2010年3月29日(lambda版本)
- OpenSSL 1.0.2k-fips 2017年1月26日(ec2版本)
我不认为答案是在ec2上降级openssl,因为1.0.0版本已过时(AWS应用了安全补丁,但该版本仍显示为1.0.0). (而且yum还没有这个旧版本)
I don't think the answer is to downgrade openssl on ec2 as the 1.0.0 version is obsolete (AWS applies security patches but the version still shows as 1.0.0). (Also the yum doesn't have versions this old)
这是我在EC2实例上使用的使它在EC2上运行的步骤:
Here's the steps i used on the EC2 instance to get it working on EC2:
$ sudo yum -y update
$ sudo yum -y install python36
$ sudo yum -y install python-virtualenv
$ sudo yum -y groupinstall "Development Tools"
$ sudo yum -y install python36-devel.x86_64
$ sudo yum -y install openssl-devel.x86_64
$ mkdir ~/forlambda
$ cd ~/forlambda
$ virtualenv -p python3 venv
$ source venv/bin/activate
$ cd ~
$ pip install M2Crypto -t ~/forlambda/venv/lib/python3.6/site-packages/
$ cd ~/forlambda/venv/lib/python3.6/site-packages/
$ (create python function that uses M2Crypto)
$ zip -r9 ~/forlambda/archive.zip .
然后将其添加到zip文件中
Then added to the zip file
- /usr/bin/openssl
- /usr/lib64/libcrypto.so.10
- /usr/lib64/libssl.so.10
并上传到Lambda,这就是我现在遇到的问题.
And uploaded to Lambda, which is where I am now stuck.
我需要做一些事情来使Lambda使用上载的zip中包含的libcrypto.so.10版本吗?
Do I need to do something to get Lambda to use the version of libcrypto.so.10 that I have included in the uploaded zip?
我的功能:
"""
Wrapper for M2Crypto
https://github.com/mcepl/M2Crypto
https://pypi.org/project/M2Crypto/
"""
from __future__ import print_function
from M2Crypto import RSA
import base64
import json
def decrypt_string(string_b64):
rsa = RSA.load_key('private_key.pem')
string_encrypted = base64.b64decode(string_b64)
bytes = rsa.private_decrypt(string_encrypted, 1)
string_plaintext = bytes.decode("utf-8")
response = {
's': string_plaintext,
'status': "OK",
'statuscode': 200
};
return response
def lambda_handler(event, context):
response = ""
action = event['action']
if action == "decrypt":
string_b64 = event['s']
response = decrypt_string(string_b64)
return response
推荐答案
AWS支持提供了一个解决方案,升级为使用可解决问题的Python 3.7:
AWS support provided a resolution, upgrading to use Python 3.7 where the issue is resolved:
我们的内部团队已确认问题出在Lambda的Python 运行.在极少数情况下,当Lambda函数被 初始化后,Lambda无法链接到正确的OpenSSL 库-而是链接到Lambda自己的内置OpenSSL 二进制文件.
Our internal team has confirmed that the issue is with Lambda's Python runtime. In a few rare cases, when the Lambda function is being initialised, Lambda is unable to link against the correct OpenSSL libraries - instead linking against Lambda's own in-built OpenSSL binaries.
团队建议在Python3.7环境中尝试此操作,其中 此行为已得到修复.此外,python3.7是使用 较新的openssl 1.0.2,您不必在其中包含二进制文件 Lambda程序包. ...仍然必须在其中包含OpenSSL二进制文件 包,无法使用默认库.
The team suggests trying this out in the Python3.7 environment where this behaviour has been fixed. Also, python3.7 is compiled with the newer openssl 1.0.2 and you should not have to include the binaries in the Lambda package. ... still had to include the OpenSSL binaries in the package and could not get it working with the default libraries.
这篇关于在Lambda上使用M2Crypto的问题(在EC2上有效)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
