Solved Wow, these guys are fast... It's basically this https://github.com/pyca/cryptography/issues/2750 It turned out that a security update for openssl was released (DROWN Attack) and that update contained an unexpected function signature change which caused the incompatibility, so this was just bad luck for me.
I need to use pip install cryptography
in a Docker container running Alpine Linux. Actually, it's another module, service_identity
, but the problem resides in the cryptography
module, which is a dependency.
I have the following Dockerfile
FROM alpine:3.3
RUN apk --update add build-base libffi-dev openssl-dev python-dev py-pip
RUN pip install cryptography
which fails with the following error
generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'
building '_openssl' extension
creating build/temp.linux-x86_64-2.7/build
creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
gcc -fno-strict-aliasing -Os -fomit-frame-pointer -DNDEBUG -Os -fomit-frame-pointer -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o
build/temp.linux-x86_64-2.7/_openssl.c:726:6: error: conflicting types for 'BIO_new_mem_buf'
BIO *BIO_new_mem_buf(void *, int);
^
In file included from /usr/include/openssl/asn1.h:65:0,
from build/temp.linux-x86_64-2.7/_openssl.c:434:
/usr/include/openssl/bio.h:692:6: note: previous declaration of 'BIO_new_mem_buf' was here
BIO *BIO_new_mem_buf(const void *buf, int len);
^
error: command 'gcc' failed with exit status 1
openssl 1.0.2g was released on 2016-03-01 (yesterday) and the alpine package already got updated to that version. Can it be related to this?
How can I resolve this issue? Maybe some environment variables which I can set?
Update I've been checking the GitHub Repo for openssl, and in fact BIO *BIO_new_mem_buf(void *buf, int len)
of openssl/bio.h
got changed to BIO *BIO_new_mem_buf(const void *buf, int len)
during the 1.0.2f to 1.0.2g transition (search for "BIO_new_mem_buf" in https://github.com/openssl/openssl/compare/OpenSSL_1_0_2f...OpenSSL_1_0_2g). I don't know where this openssl/asn1.h
is coming from, which is importing an outdated version of openssl/bio.h
, as it does not look like the one in the openssl repo. Any ideas?
Ok, I see some are already working on this: https://github.com/pyca/cryptography/issues/2750
For those who are still experiencing problems installing cryptography==2.1.4
in Alpine 3.7 like this:
writing manifest file 'src/cryptography.egg-info/SOURCES.txt'
running build_ext
generating cffi module 'build/temp.linux-x86_64-2.7/_padding.c'
creating build/temp.linux-x86_64-2.7
generating cffi module 'build/temp.linux-x86_64-2.7/_constant_time.c'
generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'
building '_openssl' extension
creating build/temp.linux-x86_64-2.7/build
creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
gcc -fno-strict-aliasing -Os -fomit-frame-pointer -g -DNDEBUG -Os -fomit-frame-pointer -g -DTHREAD_STACK_SIZE=0x100000 -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o -Wconversion -Wno-error=sign-conversion
build/temp.linux-x86_64-2.7/_openssl.c:493:30: fatal error: openssl/opensslv.h: No such file or directory
#include <openssl/opensslv.h>
^
compilation terminated.
error: command 'gcc' failed with exit status 1
Install these dependencies in the Alpine container:
$ apk add --no-cache libressl-dev musl-dev libffi-dev
To install these dependencies using a Dockerfile:
RUN apk add --no-cache \
libressl-dev \
musl-dev \
libffi-dev && \
pip install --no-cache-dir cryptography==2.1.4 && \
apk del \
libressl-dev \
musl-dev \
libffi-dev
Installation instructions for cryptography
on Alpine can be found here:
Here is the relevant portion:
Building cryptography on Linux
[skipping over the part for non-Alpine Linux] …
$ pip install cryptography
If you are on Alpine or just want to compile it yourself then
cryptography
requires a compiler, headers for Python (if you're not usingpypy
), and headers for the OpenSSL andlibffi
libraries available on your system.Alpine
Replace
python3-dev
withpython-dev
if you're using Python 2.$ sudo apk add gcc musl-dev python3-dev libffi-dev openssl-dev
If you get an error with
openssl-dev
you may have to uselibressl-dev
.