解决了哇,这些人很快......基本上就是这个https://github.com/pyca/cryptography/issues/2750结果发现openssl的安全更新已经发布(DROWN Attack),而且这个更新包含了一个意想不到的功能导致不兼容的签名变更,所以这对我来说只是运气不好。
我需要在运行Alpine Linux的Docker容器中使用pip install cryptography。实际上,它是另一个模块service_identity,但问题在于cryptography模块,它是一个依赖项。
我有以下Dockerfile
FROM alpine:3.3
RUN apk --update add build-base libffi-dev openssl-dev python-dev py-pip
RUN pip install cryptography
失败并出现以下错误
generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'
building '_openssl' extension
creating build/temp.linux-x86_64-2.7/build
creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
gcc -fno-strict-aliasing -Os -fomit-frame-pointer -DNDEBUG -Os -fomit-frame-pointer -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o
build/temp.linux-x86_64-2.7/_openssl.c:726:6: error: conflicting types for 'BIO_new_mem_buf'
BIO *BIO_new_mem_buf(void *, int);
^
In file included from /usr/include/openssl/asn1.h:65:0,
from build/temp.linux-x86_64-2.7/_openssl.c:434:
/usr/include/openssl/bio.h:692:6: note: previous declaration of 'BIO_new_mem_buf' was here
BIO *BIO_new_mem_buf(const void *buf, int len);
^
error: command 'gcc' failed with exit status 1
openssl 1.0.2g于2016-03-01(昨天)发布,alpine软件包已经更新到该版本。它可以与此相关吗?
如何解决此问题?也许我可以设置一些环境变量?
更新我一直在检查GitHub Repo for openssl,事实上BIO *BIO_new_mem_buf(void *buf, int len)的{{1}}在1.0.2f期间被更改为openssl/bio.h 1.0.2g转换(在https://github.com/openssl/openssl/compare/OpenSSL_1_0_2f...OpenSSL_1_0_2g中搜索“BIO_new_mem_buf”)。我不知道这个BIO *BIO_new_mem_buf(const void *buf, int len)来自何处,导入过时的openssl/asn1.h版本,因为它看起来不像openssl repo中的版本。有什么想法吗?
好的,我看到有些人已经在研究: https://github.com/pyca/cryptography/issues/2750
答案 0 :(得分:7)
如果它因为 Rust 版本而失败,那么在密码学的文档中推荐以下内容:
The Rust available by default in Alpine < 3.12 is older than the
minimum supported version. See the Rust installation instructions
for information about installing a newer Rust.
$ sudo apk add gcc musl-dev python3-dev libffi-dev openssl-dev cargo
就我而言,python3.8-alpine,添加 cargo 已解决。
答案 1 :(得分:5)
在高山3.7中,密码学仍然仍然存在== 2.1.4的问题
writing manifest file 'src/cryptography.egg-info/SOURCES.txt'
running build_ext
generating cffi module 'build/temp.linux-x86_64-2.7/_padding.c'
creating build/temp.linux-x86_64-2.7
generating cffi module 'build/temp.linux-x86_64-2.7/_constant_time.c'
generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'
building '_openssl' extension
creating build/temp.linux-x86_64-2.7/build
creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
gcc -fno-strict-aliasing -Os -fomit-frame-pointer -g -DNDEBUG -Os -fomit-frame-pointer -g -DTHREAD_STACK_SIZE=0x100000 -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o -Wconversion -Wno-error=sign-conversion
build/temp.linux-x86_64-2.7/_openssl.c:493:30: fatal error: openssl/opensslv.h: No such file or directory
#include <openssl/opensslv.h>
^
compilation terminated.
error: command 'gcc' failed with exit status 1
解决方案:
apk add --no-cache libressl-dev musl-dev libffi-dev
示例:
RUN apk add --no-cache \
libressl-dev \
musl-dev \
libffi-dev \
pip install --no-cache-dir cryptography==2.1.4 && \
apk del libressl-dev \
musl-dev \
libffi-dev
应该解决。
参考:
https://github.com/pyca/cryptography/blob/master/docs/installation.rst
如果链接过期:
$ pip install cryptography
如果您使用的是Alpine或只是想自己进行编译,则加密需要编译器,Python的标头(如果您未使用pypy)以及系统上可用的OpenSSL和libffi库的标头。
高山
如果您使用的是Python 2,请用python-dev替换python3-dev。
$ sudo apk add gcc musl-dev python3-dev libffi-dev openssl-dev
如果您遇到openssl-dev错误,则可能必须使用libressl-dev。
答案 2 :(得分:0)
安装前添加:
RUN apk -U upgrade
RUN apk add --no-cache libffi-dev openssl-dev
答案 3 :(得分:0)
或者使用 build-base:
RUN apk add --no-cache --upgrade --virtual .build-deps build-base
此处的详细信息:https://git.alpinelinux.org/aports/tree/main/build-base/APKBUILD?h=3.3-stable