Solved Wow, these guys are fast... It's basically this https://github.com/pyca/cryptography/issues/2750 It turned out that a security update for openssl was released (DROWN Attack) and that update contained an unexpected function signature change which caused the incompatibility, so this was just bad luck for me.
I need to use pip install cryptography
in a Docker container running Alpine Linux. Actually, it's another module, service_identity
, but the problem resides in the cryptography
module, which is a dependency.
I have the following Dockerfile
FROM alpine:3.3
RUN apk --update add build-base libffi-dev openssl-dev python-dev py-pip
RUN pip install cryptography
which fails with the following error
generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'
building '_openssl' extension
creating build/temp.linux-x86_64-2.7/build
creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
gcc -fno-strict-aliasing -Os -fomit-frame-pointer -DNDEBUG -Os -fomit-frame-pointer -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o
build/temp.linux-x86_64-2.7/_openssl.c:726:6: error: conflicting types for 'BIO_new_mem_buf'
BIO *BIO_new_mem_buf(void *, int);
^
In file included from /usr/include/openssl/asn1.h:65:0,
from build/temp.linux-x86_64-2.7/_openssl.c:434:
/usr/include/openssl/bio.h:692:6: note: previous declaration of 'BIO_new_mem_buf' was here
BIO *BIO_new_mem_buf(const void *buf, int len);
^
error: command 'gcc' failed with exit status 1
openssl 1.0.2g was released on 2016-03-01 (yesterday) and the alpine package already got updated to that version. Can it be related to this?
How can I resolve this issue? Maybe some environment variables which I can set?
Update I've been checking the GitHub Repo for openssl, and in fact BIO *BIO_new_mem_buf(void *buf, int len)
of openssl/bio.h
got changed to BIO *BIO_new_mem_buf(const void *buf, int len)
during the 1.0.2f to 1.0.2g transition (search for "BIO_new_mem_buf" in https://github.com/openssl/openssl/compare/OpenSSL_1_0_2f...OpenSSL_1_0_2g ). I don't know where this openssl/asn1.h
is coming from, which is importing an outdated version of openssl/bio.h
, as it does not look like the one in the openssl repo. Any ideas?
Ok, I see some are already working on this: https://github.com/pyca/cryptography/issues/2750
For those who are still experiencing problems installing cryptography==2.1.4
in Alpine 3.7 like this:
writing manifest file 'src/cryptography.egg-info/SOURCES.txt'
running build_ext
generating cffi module 'build/temp.linux-x86_64-2.7/_padding.c'
creating build/temp.linux-x86_64-2.7
generating cffi module 'build/temp.linux-x86_64-2.7/_constant_time.c'
generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'
building '_openssl' extension
creating build/temp.linux-x86_64-2.7/build
creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
gcc -fno-strict-aliasing -Os -fomit-frame-pointer -g -DNDEBUG -Os -fomit-frame-pointer -g -DTHREAD_STACK_SIZE=0x100000 -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o -Wconversion -Wno-error=sign-conversion
build/temp.linux-x86_64-2.7/_openssl.c:493:30: fatal error: openssl/opensslv.h: No such file or directory
#include <openssl/opensslv.h>
^
compilation terminated.
error: command 'gcc' failed with exit status 1
Install these dependencies in the Alpine container:
$ apk add --no-cache libressl-dev musl-dev libffi-dev
To install these dependencies using a Dockerfile :
RUN apk add --no-cache \
libressl-dev \
musl-dev \
libffi-dev && \
pip install --no-cache-dir cryptography==2.1.4 && \
apk del \
libressl-dev \
musl-dev \
libffi-dev
Installation instructions for cryptography
on Alpine can be found here:
Here is the relevant portion:
Building cryptography on Linux
[skipping over the part for non-Alpine Linux] …
$ pip install cryptography
If you are on Alpine or just want to compile it yourself then
cryptography
requires a compiler, headers for Python (if you're not usingpypy
), and headers for the OpenSSL andlibffi
libraries available on your system.Alpine
Replace
python3-dev
withpython-dev
if you're using Python 2.$ sudo apk add gcc musl-dev python3-dev libffi-dev openssl-dev
If you get an error with
openssl-dev
you may have to uselibressl-dev
.
If it fails because of Rust version, then following is recommended in cryptography's docs:
The Rust available by default in Alpine < 3.12 is older than the
minimum supported version. See the Rust installation instructions
for information about installing a newer Rust.
$ sudo apk add gcc musl-dev python3-dev libffi-dev openssl-dev cargo
in my case, python3.8-alpine, adding cargo
resolved.
安装前添加:
RUN apk -U upgrade
RUN apk add --no-cache libffi-dev openssl-dev
Alternatively use build-base:
RUN apk add --no-cache --upgrade --virtual .build-deps build-base
Details here: https://git.alpinelinux.org/aports/tree/main/build-base/APKBUILD?h=3.3-stable
Check if you are building for the right architecture !!
x86-64 or amd64 architecture runs similar softwares and the other category is aarch64 or arm architecture chips like Apple Silicon M1 or your mobile phone cpu
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.