JustAnotherArchivist
/
python-openssl-docker
1
0
Derivar 0
Código Questões 0 Pedidos de integração 0 Lançamentos 0 Wiki Trabalho
A Docker image for building combinations of CPython and OpenSSL versions
Não pode escolher mais do que 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
1 Cometer
1 Ramo
30 KiB
Ramo: master
Ramos Etiquetas
${ item.name }
Criar ramo ${ searchTerm }
de 'master'
${ noResults }
python-openssl-docker/README.md

README.md 2.2 KiB
Em bruto Ligação permanente Vista normal Histórico

Initial commit
há 1 ano
 12345678910111213141516171819202122232425262728293031323334353637 
  1. A Docker image for building combinations of CPython and OpenSSL versions

  2. 

  3. # Building

  4. The full build command is as follows:

  5. 

  6.     docker build \

  7.       --build-arg PYTHON_VERSION=3.11.1 \

  8.       --build-arg PYTHON_SHA256=85879192f2cffd56cb16c092905949ebf3e5e394b7f764723529637901dfb58f \

  9.       --build-arg OPENSSL_VERSION=3.0.7 \

  10.       --build-arg OPENSSL_SHA256=83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e \

  11.       -t python-openssl:py3.11.1-ssl3.0.7 \

  12.       .

  13. 

  14. The `PYTHON_SHA256` is the SHA-256 hash of that version's `.tar.xz` file. The `OPENSSL_SHA256` is the SHA-256 hash of that version's `.tar.gz` file.

  15. 

  16. The `Dockerfile` includes the SHA-256 hashes for the most recent versions as of January 2023: OpenSSL 1.0.2u, 1.1.0l, 1.1.1q, 3.0.7 and Python 3.7.16, 3.8.16, 3.9.16, 3.10.9, 3.11.1. For these versions, the corresponding `X_SHA256` argument can be omitted.

  17. 

  18. # Compatibility

  19. 

  20. * Python 3.7 added support for OpenSSL 1.1.1.

  21. * Python 3.10 dropped support for OpenSSL 1.0.2 and 1.1.0 and added support for OpenSSL 3.0.

  22. 

  23. # Tested combinations

  24. 

  25. * Python 3.8.16 with OpenSSL 1.0.2u, 1.1.0l, and 1.1.1q

  26. * Python 3.9.16 with OpenSSL 1.0.2u, 1.1.0l, and 1.1.1q

  27. * Python 3.10.9 with OpenSSL 1.1.1q and 3.0.7

  28. * Python 3.11.1 with OpenSSL 1.1.1q and 3.0.7

  29. 

  30. # OpenSSL 1.1.0 bugs

  31. The OpenSSL test suite contains some certificates with relatively short expiration date. Trying to build 1.1.0l will fail on testing due to this. See <https://github.com/openssl/openssl/issues/15179> and <https://github.com/openssl/openssl/issues/18456>.

  32. This is fixed by the `openssl1.1.0-test-certs.patch` patch. It is taken from <https://github.com/openssl/openssl/pull/18446> but with changes in `test/ct_test.c` ported for compatibility.

  33. 

  34. There is further a test which uses a now-removed part of the Perl module `File::Glob`. This was patched by <https://github.com/openssl/openssl/pull/4040>, and an equivalent patch is provided in `openssl1.1.0-test-fuzz.patch`.

  35. 

  36. # Using non-Python in the container

  37. OpenSSL in the container is installed under `/usr/local`, which is also declared in the `LD_LIBRARY_PATH` environment variable. When installing an old OpenSSL version, this may break other tools (such as `curl`), which require a newer version. Unset `LD_LIBRARY_PATH` if you need to run those.