无法“pip install cryptography"在带有 OpenSSL 1.0.2g 和 Python 2.7 的 Docker Alpine Linux 3.3 中 [英] Cannot "pip install cryptography" in Docker Alpine Linux 3.3 with OpenSSL 1.0.2g and Python 2.7

问题描述

已解决哇，这些家伙速度很快……基本上就是这样https://github.com/pyca/cryptography/issues/2750 原来是针对 openssl 发布了一个安全更新(DROWN Attack)，该更新包含一个意外的函数签名更改，导致了不兼容，所以这个对我来说只是运气不好.

Solved Wow, these guys are fast... It's basically this https://github.com/pyca/cryptography/issues/2750 It turned out that a security update for openssl was released (DROWN Attack) and that update contained an unexpected function signature change which caused the incompatibility, so this was just bad luck for me.

我需要在运行 Alpine Linux 的 Docker 容器中使用 pip install cryptography.实际上，它是另一个模块，service_identity，但问题出在 cryptography 模块中，它是一个依赖项.

I need to use pip install cryptography in a Docker container running Alpine Linux. Actually, it's another module, service_identity, but the problem resides in the cryptography module, which is a dependency.

我有以下 Dockerfile

I have the following Dockerfile

FROM alpine:3.3

RUN apk --update add build-base libffi-dev openssl-dev python-dev py-pip
RUN pip install cryptography

失败并出现以下错误

generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'
building '_openssl' extension
creating build/temp.linux-x86_64-2.7/build
creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
gcc -fno-strict-aliasing -Os -fomit-frame-pointer -DNDEBUG -Os -fomit-frame-pointer -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o
build/temp.linux-x86_64-2.7/_openssl.c:726:6: error: conflicting types for 'BIO_new_mem_buf'
 BIO *BIO_new_mem_buf(void *, int);
      ^
In file included from /usr/include/openssl/asn1.h:65:0,
                 from build/temp.linux-x86_64-2.7/_openssl.c:434:
/usr/include/openssl/bio.h:692:6: note: previous declaration of 'BIO_new_mem_buf' was here
 BIO *BIO_new_mem_buf(const void *buf, int len);
      ^
error: command 'gcc' failed with exit status 1

openssl 1.0.2g 于 2016 年 3 月 1 日(昨天)发布，并且 alpine 包已经更新到该版本.会不会跟这个有关?

openssl 1.0.2g was released on 2016-03-01 (yesterday) and the alpine package already got updated to that version. Can it be related to this?

我该如何解决这个问题?也许我可以设置一些环境变量?

How can I resolve this issue? Maybe some environment variables which I can set?

更新我一直在检查 GitHub 存储库中的 openssl，实际上是 openssl/bio 的 BIO *BIO_new_mem_buf(void *buf, int len).h 在 1.0.2f 到 1.0.2g 过渡期间更改为 BIO *BIO_new_mem_buf(const void *buf, int len)(在 https://github.com/openssl/openssl/compare/OpenSSL_1_0_2f...OpenSSL_1_0_2g).我不知道这个 openssl/asn1.h 是从哪里来的，它正在导入一个过时的 openssl/bio.h 版本，因为它看起来不像openssl 仓库中的一个.有什么想法吗?

Update I've been checking the GitHub Repo for openssl, and in fact BIO *BIO_new_mem_buf(void *buf, int len) of openssl/bio.h got changed to BIO *BIO_new_mem_buf(const void *buf, int len) during the 1.0.2f to 1.0.2g transition (search for "BIO_new_mem_buf" in https://github.com/openssl/openssl/compare/OpenSSL_1_0_2f...OpenSSL_1_0_2g). I don't know where this openssl/asn1.h is coming from, which is importing an outdated version of openssl/bio.h, as it does not look like the one in the openssl repo. Any ideas?

好的，我看到有些人已经在做这个了:https://github.com/pyca/cryptography/issues/2750

Ok, I see some are already working on this: https://github.com/pyca/cryptography/issues/2750

推荐答案

对于那些在 Alpine 3.7 中安装 cryptography==2.1.4 仍然遇到问题的人，像这样:

For those who are still experiencing problems installing cryptography==2.1.4 in Alpine 3.7 like this:

writing manifest file 'src/cryptography.egg-info/SOURCES.txt'
running build_ext
generating cffi module 'build/temp.linux-x86_64-2.7/_padding.c'
creating build/temp.linux-x86_64-2.7
generating cffi module 'build/temp.linux-x86_64-2.7/_constant_time.c'
generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'
building '_openssl' extension
creating build/temp.linux-x86_64-2.7/build
creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
gcc -fno-strict-aliasing -Os -fomit-frame-pointer -g -DNDEBUG -Os -fomit-frame-pointer -g -DTHREAD_STACK_SIZE=0x100000 -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o -Wconversion -Wno-error=sign-conversion
build/temp.linux-x86_64-2.7/_openssl.c:493:30: fatal error: openssl/opensslv.h: No such file or directory
 #include <openssl/opensslv.h>
                              ^
compilation terminated.
error: command 'gcc' failed with exit status 1

解决方案

在 Alpine 容器中安装这些依赖项:

Solution

Install these dependencies in the Alpine container:

$ apk add --no-cache libressl-dev musl-dev libffi-dev

使用 Dockerfile 安装这些依赖项:

To install these dependencies using a Dockerfile:

RUN apk add --no-cache 
        libressl-dev 
        musl-dev 
        libffi-dev && 
    pip install --no-cache-dir cryptography==2.1.4 && 
    apk del 
        libressl-dev 
        musl-dev 
        libffi-dev

参考

可以在此处找到 Alpine 上 cryptography 的安装说明:

• https://cryptography.io/en/latest/installation/#building-cryptography-on-linux
• 撰写本文时的版本 可在 github 上找到

以下是相关部分:

[跳过非 Alpine Linux 的部分] ...

$ pip install cryptography

如果你在 Alpine 上或者只是想自己编译它，那么cryptography 需要一个编译器和 Python 头文件(如果你不是使用 pypy)，以及 OpenSSL 和 libffi 库的标头在您的系统上可用.

If you are on Alpine or just want to compile it yourself then cryptography requires a compiler, headers for Python (if you're not using pypy), and headers for the OpenSSL and libffi libraries available on your system.

如果您使用的是 Python 2，请将 python3-dev 替换为 python-dev.

Replace python3-dev with python-dev if you're using Python 2.

$ sudo apk add gcc musl-dev python3-dev libffi-dev openssl-dev

如果使用 openssl-dev 出现错误，您可能必须使用 libressl-dev.

If you get an error with openssl-dev you may have to use libressl-dev.

这篇关于无法“pip install cryptography"在带有 OpenSSL 1.0.2g 和 Python 2.7 的 Docker Alpine Linux 3.3 中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！