已解决 哇,这些家伙真快……基本上就是这个https://github.com/pyca/cryptography/issues/2750事实证明,openssl 的安全更新已发布(DROWN 攻击),该更新包含意外的函数签名更改,导致不兼容,所以这对我来说只是运气不好。
我需要在运行 Alpine Linux 的 Docker 容器中使用 pip install cryptography
。实际上,它是另一个模块,service_identity
,但问题出在 cryptography
模块,这是一个依赖。
我有以下 Dockerfile
FROM alpine:3.3
RUN apk --update add build-base libffi-dev openssl-dev python-dev py-pip
RUN pip install cryptography
失败并出现以下错误
generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'
building '_openssl' extension
creating build/temp.linux-x86_64-2.7/build
creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
gcc -fno-strict-aliasing -Os -fomit-frame-pointer -DNDEBUG -Os -fomit-frame-pointer -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o
build/temp.linux-x86_64-2.7/_openssl.c:726:6: error: conflicting types for 'BIO_new_mem_buf'
BIO *BIO_new_mem_buf(void *, int);
^
In file included from /usr/include/openssl/asn1.h:65:0,
from build/temp.linux-x86_64-2.7/_openssl.c:434:
/usr/include/openssl/bio.h:692:6: note: previous declaration of 'BIO_new_mem_buf' was here
BIO *BIO_new_mem_buf(const void *buf, int len);
^
error: command 'gcc' failed with exit status 1
openssl 1.0.2g 于 2016-03-01(昨天)发布,并且 alpine 包已经更新到该版本。会不会跟这个有关?
我该如何解决这个问题?也许我可以设置一些环境变量?
更新 我一直在检查 GitHub Repo 中的 openssl,实际上是 openssl/bio 的
在 1.0.2f 到 1.0.2g 的过渡期间更改为 BIO *BIO_new_mem_buf(void *buf, int len)
.hBIO *BIO_new_mem_buf(const void *buf, int len)
(在 https://github.com/openssl/openssl/compare/OpenSSL_1_0_2f...OpenSSL_1_0_2g 中搜索“BIO_new_mem_buf”)。我不知道这个 openssl/asn1.h
是从哪里来的,它正在导入一个过时版本的 openssl/bio.h
,因为它看起来不像openssl 仓库中的一个。有什么想法吗?
好的,我看到有些人已经在着手解决这个问题: https://github.com/pyca/cryptography/issues/2750
最佳答案
对于那些在 Alpine 3.7 中安装 cryptography==2.1.4
仍然遇到问题的人,如下所示:
writing manifest file 'src/cryptography.egg-info/SOURCES.txt'
running build_ext
generating cffi module 'build/temp.linux-x86_64-2.7/_padding.c'
creating build/temp.linux-x86_64-2.7
generating cffi module 'build/temp.linux-x86_64-2.7/_constant_time.c'
generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'
building '_openssl' extension
creating build/temp.linux-x86_64-2.7/build
creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
gcc -fno-strict-aliasing -Os -fomit-frame-pointer -g -DNDEBUG -Os -fomit-frame-pointer -g -DTHREAD_STACK_SIZE=0x100000 -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o -Wconversion -Wno-error=sign-conversion
build/temp.linux-x86_64-2.7/_openssl.c:493:30: fatal error: openssl/opensslv.h: No such file or directory
#include <openssl/opensslv.h>
^
compilation terminated.
error: command 'gcc' failed with exit status 1
解决方案
在 Alpine 容器中安装这些依赖项:
$ apk add --no-cache libressl-dev musl-dev libffi-dev
要使用 Dockerfile 安装这些依赖项:
RUN apk add --no-cache \
libressl-dev \
musl-dev \
libffi-dev && \
pip install --no-cache-dir cryptography==2.1.4 && \
apk del \
libressl-dev \
musl-dev \
libffi-dev
引用
Alpine 上cryptography
的安装说明可以在这里找到:
- https://cryptography.io/en/latest/installation/#building-cryptography-on-linux
- 撰写本文时的版本 is available on github
相关部分如下:
Building cryptography on Linux
[skipping over the part for non-Alpine Linux] …
$ pip install cryptography
If you are on Alpine or just want to compile it yourself then
cryptography
requires a compiler, headers for Python (if you're not usingpypy
), and headers for the OpenSSL andlibffi
libraries available on your system.Alpine
Replace
python3-dev
withpython-dev
if you're using Python 2.$ sudo apk add gcc musl-dev python3-dev libffi-dev openssl-dev
If you get an error with
openssl-dev
you may have to uselibressl-dev
.
关于python - 在 Docker Alpine Linux 3.3 中无法使用 OpenSSL 1.0.2g 和 Python 2.7 出现 "pip install cryptography",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35736598/