[英]Cryptography Python Docker multistage build
I have a Python project that runs in a docker container and I am trying to convert to a multistage docker build process.我有一个在 docker 容器中运行的 Python 项目,我正在尝试转换为多阶段 docker 构建过程。 My project depends on the cryptography package.我的项目依赖于cryptography包。 My Dockerfile consists of:我的 Dockerfile 包括:
# Base
FROM python:3.6 AS base
RUN pip install cryptography
# Production
FROM python:3.6-alpine
COPY --from=base /root/.cache /root/.cache
RUN pip install cryptography \
&& rm -rf /root/.cache
CMD python
Which I try to build with eg:我尝试用例如构建:
docker build -t my-python-app .
This process works for a number of other Python requirements I have tested, such as pycrypto
and psutil
, but throws the following error for cryptography
:此过程适用于我测试过的许多其他 Python 要求,例如pycrypto
和psutil
,但会抛出以下cryptography
错误:
Step 5/6 : RUN pip install cryptography && rm -rf /root/.cache
---> Running in ebc15bd61d43
Collecting cryptography
Downloading cryptography-2.1.4.tar.gz (441kB)
Collecting idna>=2.1 (from cryptography)
Using cached idna-2.6-py2.py3-none-any.whl
Collecting asn1crypto>=0.21.0 (from cryptography)
Using cached asn1crypto-0.24.0-py2.py3-none-any.whl
Collecting six>=1.4.1 (from cryptography)
Using cached six-1.11.0-py2.py3-none-any.whl
Collecting cffi>=1.7 (from cryptography)
Downloading cffi-1.11.5.tar.gz (438kB)
Complete output from command python setup.py egg_info:
No working compiler found, or bogus compiler options passed to
the compiler from Python's standard "distutils" module. See
the error messages above. Likely, the problem is not related
to CFFI but generic to the setup.py of any Python package that
tries to compile C code. (Hints: on OS/X 10.8, for errors about
-mno-fused-madd see http://stackoverflow.com/questions/22313407/
Otherwise, see https://wiki.python.org/moin/CompLangPython or
the IRC channel #python on irc.freenode.net.)
----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-uyh9_v63/cffi/
Obviously I was hoping not to have to install any compiler on my production image.显然,我希望不必在我的生产映像上安装任何编译器。 Do I need to copy across another directory other than /root/.cache
?我是否需要复制/root/.cache
以外的另一个目录?
There is no manylinux wheel for Alpine, so you need to compile it yourself. Alpine没有manylinux wheel,需要自己编译。 Below is pasted from documentation on installation.下面是从安装文档中粘贴的。 Install and remove build dependencies in the same command to only save the package to the docker image layer.在同一命令中安装和删除构建依赖项,以仅将包保存到 docker 镜像层。
If you are on Alpine or just want to compile it yourself then cryptography requires a compiler, headers for Python (if you're not using pypy), and headers for the OpenSSL and libffi libraries available on your system.如果您使用的是 Alpine 或者只是想自己编译它,那么密码学需要一个编译器、Python 的头文件(如果您不使用 pypy)以及系统上可用的 OpenSSL 和 libffi 库的头文件。
Alpine Replace python3-dev with python-dev if you're using Python 2. Alpine 如果您使用的是 Python 2,请将 python3-dev 替换为 python-dev。
$ sudo apk add gcc musl-dev python3-dev libffi-dev openssl-dev
If you get an error with openssl-dev you may have to use libressl-dev.如果您在使用 openssl-dev 时遇到错误,您可能必须使用 libressl-dev。
I hope, my answer will be useful.我希望,我的回答会有用。
--user
option for cryptography installing via pip in base stage.您应该在基础阶段通过 pip 使用--user
选项进行加密安装。 Example: RUN pip install --user cryptography
.示例: RUN pip install --user cryptography
。 This option means, that all files will be installed in the .local
directory of the current user's home directory.此选项意味着,所有文件都将安装在当前用户主目录的.local
目录中。COPY --from=base /root/.local /root/.local
, because cryptography installed in /root/.local. COPY --from=base /root/.local /root/.local
,因为加密安装在 /root/.local 中。Thats all.就这样。 Full example docker multistage完整示例 docker multistage
# Base
FROM python:3.6 AS base
RUN pip install --user cryptography
# Production
FROM python:3.6-alpine
COPY --from=base /root/.local /root/.local
RUN pip install cryptography \
&& rm -rf /root/.cache
CMD python
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.