无法“pip install cryptography"在带有 OpenSSL 1.0.2g 和 Python 2.7 的 Docker Alpine Linux 3.3 中 [英] Cannot "pip install cryptography" in Docker Alpine Linux 3.3 with OpenSSL 1.0.2g and Python 2.7
问题描述
已解决哇,这些家伙速度很快……基本上就是这样https://github.com/pyca/cryptography/issues/2750 原来是针对 openssl 发布了一个安全更新(DROWN Attack),该更新包含一个意外的函数签名更改,导致了不兼容,所以这个对我来说只是运气不好.
Solved Wow, these guys are fast... It's basically this https://github.com/pyca/cryptography/issues/2750 It turned out that a security update for openssl was released (DROWN Attack) and that update contained an unexpected function signature change which caused the incompatibility, so this was just bad luck for me.
我需要在运行 Alpine Linux 的 Docker 容器中使用 pip install cryptography
.实际上,它是另一个模块,service_identity
,但问题出在 cryptography
模块中,它是一个依赖项.
I need to use pip install cryptography
in a Docker container running Alpine Linux. Actually, it's another module, service_identity
, but the problem resides in the cryptography
module, which is a dependency.
我有以下 Dockerfile
I have the following Dockerfile
FROM alpine:3.3
RUN apk --update add build-base libffi-dev openssl-dev python-dev py-pip
RUN pip install cryptography
失败并出现以下错误
generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'
building '_openssl' extension
creating build/temp.linux-x86_64-2.7/build
creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
gcc -fno-strict-aliasing -Os -fomit-frame-pointer -DNDEBUG -Os -fomit-frame-pointer -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o
build/temp.linux-x86_64-2.7/_openssl.c:726:6: error: conflicting types for 'BIO_new_mem_buf'
BIO *BIO_new_mem_buf(void *, int);
^
In file included from /usr/include/openssl/asn1.h:65:0,
from build/temp.linux-x86_64-2.7/_openssl.c:434:
/usr/include/openssl/bio.h:692:6: note: previous declaration of 'BIO_new_mem_buf' was here
BIO *BIO_new_mem_buf(const void *buf, int len);
^
error: command 'gcc' failed with exit status 1
openssl 1.0.2g 于 2016 年 3 月 1 日(昨天)发布,并且 alpine 包已经更新到该版本.会不会跟这个有关?
openssl 1.0.2g was released on 2016-03-01 (yesterday) and the alpine package already got updated to that version. Can it be related to this?
我该如何解决这个问题?也许我可以设置一些环境变量?
How can I resolve this issue? Maybe some environment variables which I can set?
更新我一直在检查 GitHub 存储库中的 openssl,实际上是 openssl/bio 的
在 1.0.2f 到 1.0.2g 过渡期间更改为 BIO *BIO_new_mem_buf(void *buf, int len)
.hBIO *BIO_new_mem_buf(const void *buf, int len)
(在 https://github.com/openssl/openssl/compare/OpenSSL_1_0_2f...OpenSSL_1_0_2g).我不知道这个 openssl/asn1.h
是从哪里来的,它正在导入一个过时的 openssl/bio.h
版本,因为它看起来不像openssl 仓库中的一个.有什么想法吗?
Update I've been checking the GitHub Repo for openssl, and in fact BIO *BIO_new_mem_buf(void *buf, int len)
of openssl/bio.h
got changed to BIO *BIO_new_mem_buf(const void *buf, int len)
during the 1.0.2f to 1.0.2g transition (search for "BIO_new_mem_buf" in https://github.com/openssl/openssl/compare/OpenSSL_1_0_2f...OpenSSL_1_0_2g). I don't know where this openssl/asn1.h
is coming from, which is importing an outdated version of openssl/bio.h
, as it does not look like the one in the openssl repo. Any ideas?
好的,我看到有些人已经在做这个了:https://github.com/pyca/cryptography/issues/2750
Ok, I see some are already working on this: https://github.com/pyca/cryptography/issues/2750
推荐答案
对于那些在 Alpine 3.7 中安装 cryptography==2.1.4
仍然遇到问题的人,像这样:
For those who are still experiencing problems installing cryptography==2.1.4
in Alpine 3.7 like this:
writing manifest file 'src/cryptography.egg-info/SOURCES.txt'
running build_ext
generating cffi module 'build/temp.linux-x86_64-2.7/_padding.c'
creating build/temp.linux-x86_64-2.7
generating cffi module 'build/temp.linux-x86_64-2.7/_constant_time.c'
generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'
building '_openssl' extension
creating build/temp.linux-x86_64-2.7/build
creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
gcc -fno-strict-aliasing -Os -fomit-frame-pointer -g -DNDEBUG -Os -fomit-frame-pointer -g -DTHREAD_STACK_SIZE=0x100000 -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o -Wconversion -Wno-error=sign-conversion
build/temp.linux-x86_64-2.7/_openssl.c:493:30: fatal error: openssl/opensslv.h: No such file or directory
#include <openssl/opensslv.h>
^
compilation terminated.
error: command 'gcc' failed with exit status 1
解决方案
在 Alpine 容器中安装这些依赖项:
Solution
Install these dependencies in the Alpine container:
$ apk add --no-cache libressl-dev musl-dev libffi-dev
使用 Dockerfile 安装这些依赖项:
To install these dependencies using a Dockerfile:
RUN apk add --no-cache
libressl-dev
musl-dev
libffi-dev &&
pip install --no-cache-dir cryptography==2.1.4 &&
apk del
libressl-dev
musl-dev
libffi-dev
参考
可以在此处找到 Alpine 上 cryptography
的安装说明:
- https://cryptography.io/en/latest/installation/#building-cryptography-on-linux
- 撰写本文时的版本 可在 github 上找到
以下是相关部分:
[跳过非 Alpine Linux 的部分] ...
$ pip install cryptography
如果你在 Alpine 上或者只是想自己编译它,那么cryptography
需要一个编译器和 Python 头文件(如果你不是使用 pypy
),以及 OpenSSL 和 libffi
库的标头在您的系统上可用.
If you are on Alpine or just want to compile it yourself then
cryptography
requires a compiler, headers for Python (if you're not
using pypy
), and headers for the OpenSSL and libffi
libraries
available on your system.
如果您使用的是 Python 2,请将 python3-dev
替换为 python-dev
.
Replace python3-dev
with python-dev
if you're using Python 2.
$ sudo apk add gcc musl-dev python3-dev libffi-dev openssl-dev
如果使用 openssl-dev
出现错误,您可能必须使用 libressl-dev
.
If you get an error with openssl-dev
you may have to use libressl-dev
.
这篇关于无法“pip install cryptography"在带有 OpenSSL 1.0.2g 和 Python 2.7 的 Docker Alpine Linux 3.3 中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!