我正在尝试在容器中从源代码构建 Python 和 OpenSSL。 两者似乎都正确构建,但 Python 未成功创建
_ssl我在网上找到了一个 few guides,其中提到要取消来自 Python-
3.X.X/Modules/Setup--openssldir=/usr/local/ssl./configure./configurechecking for X509_VERIFY_PARAM_set1_host in libssl... yes
但是我收到以下错误:
[91m*** WARNING: renaming "_ssl" since importing it failed: /usr/lib/x86_64-linux-gnu/libssl.so.1.1: version `OPENSSL_1_1_1' not found (required by build/lib.linux-x86_64-3.8/_ssl.cpython-38-x86_64-linux-gnu.so)
[0m[91m*** WARNING: renaming "_hashlib" since importing it failed: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: version `OPENSSL_1_1_1' not found (required by build/lib.linux-x86_64-3.8/_hashlib.cpython-38-x86_64-linux-gnu.so)
[0m
Python build finished successfully!
...
Following modules built successfully but were removed because they could not be imported:
_hashlib _ssl
Could not build the ssl module!
Python requires an OpenSSL 1.0.2 or 1.1 compatible libssl with X509_VERIFY_PARAM_set1_host().
LibreSSL 2.6.4 and earlier do not provide the necessary APIs, https://github.com/libressl-portable/portable/issues/381
如果
./configureX509...完整的 Dockerfile,FWIW:
FROM jenkins/jenkins:lts
USER root
RUN apt-get update && apt-get install -y apt-utils gcc make zlib1g-dev \
build-essential libffi-dev checkinstall libsqlite3-dev
RUN wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz && \
tar xzf openssl-1.1.1d.tar.gz && \
cd openssl-1.1.1d && \
./config -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)' --prefix=/usr/local/ssl --openssldir=/usr/local/ssl && \
make && \
make test && \
make install
RUN wget -q https://www.python.org/ftp/python/3.8.2/Python-3.8.2.tgz && \
tar -xzf Python-3.8.2.tgz && \
cd Python-3.8.2 && \
./configure && \
make && \
make install
USER jenkins
以下内容在 Amazon EC2 上为我工作,默认为 CentOS 7 系统。
首先,CentOS 7 上的 openssl 库太旧了(Python 3.9+ 需要 openssl 1.1.1+,可用版本是 1.0.x)。安装较新的:
sudo yum install openssl11-devel
注意:自从写完这个答案后,亚马逊已经终止了 openssl11-devel 软件包并将 openssl-devel 更新到 3.0.8。 3.0.8 对于 Python 来说已经足够了,所以现在你可以做
yum install openssl-devel不幸的是,CentOS 实际上并没有将 SSL 库放在 Python 可以找到的任何地方。经过一些尝试和错误,我发现这让
./configureexport OPENSSL_LIBS=/usr/lib64/libssl.so
./configure \
--with-openssl=/usr \
--with-openssl-rpath=/usr/lib64 \
--enable-optimizations
说明:
--with-opensslinclude/openssl/ssl.h当您运行
./configurechecking for stdlib extension module _ssl... yes
如果您看到
missingyes希望这可以节省其他人的很多时间我花了很多时间来解决这个问题。
Following modules built successfully but were removed because they could not be imported: _hashlib _ssl Could not build the ssl module! Python requires an OpenSSL 1.0.2 or 1.1 compatible libssl with X509_VERIFY_PARAM_set1_host(). LibreSSL 2.6.4 and earlier do not provide the necessary APIs, https://github.com/libressl-portable/portable/issues/381
从源代码构建 openssl 时似乎存在安装问题。对于
_ssl--with-opensslCFLAGSLDFLAGS./configure./configure --with-openssl=/PATH/TO/YOUR/OPENSSL_INSTALL_FOLDER/ \
--enable-optimizations \
--with-ssl-default-suites=openssl \
CFLAGS="-I/PATH/TO/YOUR/OPENSSL_INSTALL_FODLER/include" \
LDFLAGS="-L/PATH/TO/YOUR/OPENSSL_INSTALL_FODLER/"
也可以尝试这个命令
openssl version/usr/lib/x86_64-linux-gnu/libssl.so.1.1: version `OPENSSL_1_1_1' not found
这意味着您的openssl库存在链接问题,我不确定您是否在Linux或其他系统上,但是对于Linux系统,您可以手动修改openssl库的链接来修复问题,如我的描述中在这里回答.
参考
我遇到了同样的问题,经过 3 个多小时的搜索,这才是真正有效的:
Error: "ssl module is not available" when installing package with pip3
———————————————————-
WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(“Can’t connect to HTTPS URL because the SSL module is not available.”)’: /simple/pip/
The fix:
———————————————————-
sudo yum install openssl11 openssl11-devel
mkdir /usr/local/openssl11
cd /usr/local/openssl11
ln -s /usr/lib64/openssl11 lib
ln -s /usr/include/openssl11 include
上面的代码为最新的
openssl11然后继续执行指南中的原始步骤 (https://linuxstans.com/how-to-install-python-centos/)
并在你的Python安装文件夹中像这样配置:
./configure -–enable-optimizations -–with-openssl=/usr/local/openssl11
make altinstall
altinstallpython3.10我在 CentOS 7 和 Python-3.10.8 上对此进行了测试。
我认为 Jenkins Image 附带安装了一些不是 1.1.1 的 openssl 版本,因此你在 libssl 中找到 X509...但无法构建。
关于上述配置选项,您可以使用 bash 作为 CMD 启动容器,将配置从容器内复制到映像所在的计算机,编辑 ist 并将您的配置版本烘焙到映像中。
我也有同样的错误。 我将 OpenSSL 安装在 /usr/local 中。 运行配置为
./configure --with-openssl=/usr/local --with-openssl-rpath=/usr/local/lib64 --enable-optimizations输出为:
checking for include/openssl/ssl.h in /usr/local... yes
checking for --with-openssl-rpath... /usr/local/lib64
checking whether OpenSSL provides required ssl module APIs... yes
checking for --with-ssl-default-suites... python
checking for stdlib extension module _ssl... yes
但是 make 返回错误:
[错误] _ssl 导入失败:/linx/src/Python-3.13.0/build/lib.linux-x86_64-3.13/_ssl.cpython-313-x86_64-linux-gnu.so:未定义符号:SSL_SESSION_get_time_ex 以下模块已成功构建,但因无法导入而被删除:_ssl
/usr/local/lib64 中的那些 lib 文件是:
drwxr-xr-x 3 root root 4096 Jan 1 18:09 cmake
drwxr-xr-x 2 root root 4096 Jan 1 21:46 engines-3
-rw-r--r-- 1 root root 10746638 Jan 1 21:46 libcrypto.a
lrwxrwxrwx 1 root root 14 Jan 1 21:46 libcrypto.so -> libcrypto.so.3
-rwxr-xr-x 1 root root 6278488 Jan 1 21:46 libcrypto.so.3
-rw-r--r-- 1 root root 1999166 Jan 1 21:46 libssl.a
lrwxrwxrwx 1 root root 11 Jan 1 21:46 libssl.so -> libssl.so.3
-rwxr-xr-x 1 root root 1221320 Jan 1 21:46 libssl.so.3
drwxr-xr-x 2 root root 4096 Jan 1 21:46 ossl-modules
drwxr-xr-x 2 root root 4096 Jan 1 18:09 pkgconfig
.bashrc:
export PATH=~/bin:/snap/bin:/usr/local/bin:$PATH
export LD_LIBRARY_PATH=/usr/local/lib64:$LD_LIBRARY_PATH
export OPENSSL_LIBS=/usr/local/lib64/libssl.so
操作系统是 debian 10