From 06bea4142586f029cd75d97dfbe4e37cf331604c Mon Sep 17 00:00:00 2001 From: Matt Godbolt Date: Tue, 26 Nov 2024 13:05:00 -0600 Subject: [PATCH] Support python with ssl (#96) --- Dockerfile.python | 2 +- python/build.sh | 31 +++++++++++++++++++++++++++---- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/Dockerfile.python b/Dockerfile.python index 55103ca..60bfba2 100644 --- a/Dockerfile.python +++ b/Dockerfile.python @@ -11,8 +11,8 @@ RUN apt update -y -q && apt upgrade -y -q && apt update -y -q && \ apt -q install -y \ curl \ git \ - libssl-dev \ unzip \ + patchelf \ xz-utils RUN mkdir -p /root diff --git a/python/build.sh b/python/build.sh index a967d83..b5b1073 100755 --- a/python/build.sh +++ b/python/build.sh @@ -18,24 +18,47 @@ fi REVISION="python-${VERSION}" initialise "${REVISION}" "${OUTPUT}" "${LAST_REVISION}" -DEST=/root/built +SSL_PREFIX=/root/ssl +SSL_VERSION=3.3.2 +curl -sL https://github.com/openssl/openssl/releases/download/openssl-${SSL_VERSION}/openssl-${SSL_VERSION}.tar.gz | tar zxf - +pushd openssl-${SSL_VERSION} +./Configure --prefix=${SSL_PREFIX} +make -j$(nproc) +make install_sw +popd + +# Python seems to hardcode ssldir/lib and not ssldir/lib64 +ln -s lib64 ${SSL_PREFIX}/lib + +# The rpath below seems to not quite "take" +export LD_LIBRARY_PATH=${SSL_PREFIX}/lib64 + +DEST=/root/python curl -sL https://www.python.org/ftp/python/${VERSION}/Python-${VERSION}.tgz | tar zxf - pushd Python-${VERSION} ./configure \ --prefix=${DEST} \ - --enable-optimizations \ - --without-pymalloc + --with-openssl=${SSL_PREFIX} \ + --with-openssl-rpath=${SSL_PREFIX}/lib64 \ + --without-pymalloc \ + --enable-optimizations make -j$(nproc) make install popd +# copy SSL SOs to the same directory as the native python modules +cp ${SSL_PREFIX}/lib64/*.so* /root/python/lib/python*/lib-dynload/ + +# then patch the ssl to look at $ORIGIN to find the crypto libs +patchelf --set-rpath \$ORIGIN /root/python/lib/python*/lib-dynload/_ssl*.so + # strip executables find ${DEST} -type f -perm /u+x -exec strip -d {} \; # delete tests and static libraries to save disk space find ${DEST} -type d -name test -exec rm -rf {} + -find ${DEST} -type f -name *.a -delete +find ${DEST} -type f -name '*.a' -delete complete "${DEST}" "${FULLNAME}" "${OUTPUT}"