简体   繁体   English

从源代码构建 Python 和 OpenSSL,但 ssl 模块失败

[英]Building Python and OpenSSL from source, but ssl module fails

I'm trying to build Python and OpenSSL from source in a container.我正在尝试从容器中的源代码构建 Python 和 OpenSSL。 Both seem to build correctly, but Python does not successfully create the _ssl module.两者似乎都正确构建,但 Python 没有成功创建_ssl模块。

I've found a few guides online that say to un-comment and lines from Python- 3.XX/Modules/Setup and add the --openssldir=/usr/local/ssl flag to the ./configure step for OpenSSL.我在网上找到了一些指南,说要取消注释和 Python- 3.XX/Modules/Setup ,并将--openssldir=/usr/local/ssl标志添加到 OpenSSL 的./configure步骤。 I do these in my dockerfile.我在我的 dockerfile 中做这些。 This has had the effect that, during the ./configure output for Python, I see the following line.这导致在 Python 的./configure输出期间,我看到以下行。

checking for X509_VERIFY_PARAM_set1_host in libssl... yes

Yet I receive the following errors:但是我收到以下错误:

[91m*** WARNING: renaming "_ssl" since importing it failed: /usr/lib/x86_64-linux-gnu/libssl.so.1.1: version `OPENSSL_1_1_1' not found (required by build/lib.linux-x86_64-3.8/_ssl.cpython-38-x86_64-linux-gnu.so)
[0m[91m*** WARNING: renaming "_hashlib" since importing it failed: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: version `OPENSSL_1_1_1' not found (required by build/lib.linux-x86_64-3.8/_hashlib.cpython-38-x86_64-linux-gnu.so)
[0m
Python build finished successfully!

... ...

Following modules built successfully but were removed because they could not be imported:
_hashlib              _ssl                                     


Could not build the ssl module!
Python requires an OpenSSL 1.0.2 or 1.1 compatible libssl with X509_VERIFY_PARAM_set1_host().
LibreSSL 2.6.4 and earlier do not provide the necessary APIs, https://github.com/libressl-portable/portable/issues/381

If ./configure finds X509... , why am I still getting the hashlib and ssl errors?如果./configure找到X509... ,为什么我仍然收到 hashlib 和 ssl 错误?

The full Dockerfile, FWIW:完整的 Dockerfile,FWIW:

FROM jenkins/jenkins:lts
USER root
RUN apt-get update && apt-get install -y apt-utils gcc make zlib1g-dev \
    build-essential libffi-dev checkinstall libsqlite3-dev 
RUN wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz && \
    tar xzf openssl-1.1.1d.tar.gz && \
    cd openssl-1.1.1d && \
    ./config -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)' --prefix=/usr/local/ssl --openssldir=/usr/local/ssl && \
    make && \
    make test && \
    make install
RUN wget -q https://www.python.org/ftp/python/3.8.2/Python-3.8.2.tgz && \
    tar -xzf Python-3.8.2.tgz && \
    cd Python-3.8.2 && \
    ./configure && \
    make && \
    make install
USER jenkins

I reckon that Jenkins Image comes with some openssl version installed that is not 1.1.1, hence you find X509... in libssl but cant build.我认为 Jenkins Image 安装了一些不是 1.1.1 的 openssl 版本,因此你在 libssl 中找到了 X509... 但无法构建。

Regarding said config option, you can spin up the container with bash as CMD, copy the config from within the container to the machine where the Image lies, edit ist and bake your version of the config into the Image.关于上述配置选项,您可以使用 bash 作为 CMD 启动容器,将容器内的配置复制到镜像所在的机器上,编辑 ist 并将您的配置版本烘焙到镜像中。

Following modules built successfully but were removed because they could not be imported: _hashlib _ssl Could not build the ssl module! Python requires an OpenSSL 1.0.2 or 1.1 compatible libssl with X509_VERIFY_PARAM_set1_host(). LibreSSL 2.6.4 and earlier do not provide the necessary APIs, https://github.com/libressl-portable/portable/issues/381

It seems like installation issue when building openssl from source.从源代码构建 openssl 时,这似乎是安装问题。 For build failure on _ssl module, try extra options like --with-openssl , CFLAGS and LDFLAGS when configuring Python using the script ./configure , eg对于_ssl模块上的构建失败,在使用脚本./configure配置 Python 时尝试额外的选项,如--with-opensslCFLAGSLDFLAGS ,例如

./configure  --with-openssl=/PATH/TO/YOUR/OPENSSL_INSTALL_FOLDER/ \
    --enable-optimizations \
    --with-ssl-default-suites=openssl \
    CFLAGS="-I/PATH/TO/YOUR/OPENSSL_INSTALL_FODLER/include" \
    LDFLAGS="-L/PATH/TO/YOUR/OPENSSL_INSTALL_FODLER/"

Also try this command openssl version , if it reports error like this :也试试这个命令openssl version ,如果它报告这样的错误:

/usr/lib/x86_64-linux-gnu/libssl.so.1.1: version `OPENSSL_1_1_1' not found

that means there is linking problem on your openssl library, I'm not sure if you're on Linux or other system, but for Linux system, you can manually modify the links to openssl library to fix the problem as described in my answer at here .这意味着您的 openssl 库存在链接问题,我不确定您使用的是 Linux 还是其他系统,但对于 Linux 系统,您可以手动修改 openssl 库的链接以解决问题,如我的回答中所述在这里

Reference参考

Building Python 3.7.1 - SSL module failed 构建 Python 3.7.1 - SSL 模块失败

Python 3.7.0 wont compile with SSL Support 1.1.0 Python 3.7.0 无法使用 SSL Support 1.1.0 进行编译

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM