JustAnotherArchivist
/
python-openssl-docker
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
A Docker image for building combinations of CPython and OpenSSL versions
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
30 KiB
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
python-openssl-docker/Dockerfile

78 lines
3.9 KiB
Raw Permalink Blame History 

  1. FROM debian:bullseye-slim AS builder

  2. 

  3. ENV LD_LIBRARY_PATH=/usr/local/lib64:/usr/local/lib

  4. ENV SSL_CERT_DIR=/etc/ssl/certs/

  5. 

  6. COPY openssl1.1.0-*.patch /tmp/

  7. 

  8. RUN apt-get update \

  9.  && apt-get install -y build-essential zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev curl llvm libncursesw5-dev xz-utils libxml2-dev libffi-dev liblzma-dev \

  10.  && rm -rf /var/lib/apt/lists/*

  11. 

  12. ARG OPENSSL_VERSION=3.0.7

  13. ARG OPENSSL_SHA256=missing

  14. 

  15. # OpenSSL 1.0.2 must be compiled with -fPIC and does not support parallel builds (make -j)

  16. RUN mkdir -p /tmp/src \

  17.  && cd /tmp/src \

  18.  && curl -sSL https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz -o openssl.tar.gz \

  19.  && if [ "${OPENSSL_SHA256}" = "missing" ]; then \

  20. 	if [ "${OPENSSL_VERSION}" = "1.0.2u" ]; then OPENSSL_SHA256=ecd0c6ffb493dd06707d38b14bb4d8c2288bb7033735606569d8f90f89669d16; \

  21. 	elif [ "${OPENSSL_VERSION}" = "1.1.0l" ]; then OPENSSL_SHA256=74a2f756c64fd7386a29184dc0344f4831192d61dc2481a93a4c5dd727f41148; \

  22. 	elif [ "${OPENSSL_VERSION}" = "1.1.1q" ]; then OPENSSL_SHA256=d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca; \

  23. 	elif [ "${OPENSSL_VERSION}" = "3.0.7" ]; then OPENSSL_SHA256=83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e; \

  24. 	else echo "Error: OPENSSL_SHA256 missing and OPENSSL_VERSION is not one of the built-in versions" && exit 1; \

  25. 	fi \

  26.     fi \

  27.  && echo "${OPENSSL_SHA256}  openssl.tar.gz" | sha256sum -c \

  28.  && tar -xvf openssl.tar.gz \

  29.  && rm openssl.tar.gz \

  30.  && cd openssl-${OPENSSL_VERSION} \

  31.  && case "${OPENSSL_VERSION}" in 1.1.0*) patch -p1 </tmp/openssl1.1.0-test-certs.patch; patch -p1 </tmp/openssl1.1.0-test-fuzz.patch ;; 1.0.2*) extrasslconfig=-fPIC ;; esac \

  32.  && ./config ${extrasslconfig} --prefix=/usr/local --openssldir=/usr/local \

  33.  && case "${OPENSSL_VERSION}" in 1.0.2*) ;; *) extrasslmake=-j ;; esac \

  34.  && make ${extrasslmake} \

  35.  && make test \

  36.  && make install \

  37.  && rm -rf /tmp/src \

  38.  && rm -rf /usr/local/share/doc /usr/local/share/man

  39. 

  40. ARG PYTHON_VERSION=3.11.1

  41. ARG PYTHON_SHA256=missing

  42. 

  43. RUN mkdir -p /tmp/src \

  44.  && cd /tmp/src \

  45.  && LD_LIBRARY_PATH= curl -sSL https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tar.xz -o Python.tar.xz \

  46.  && if [ "${PYTHON_SHA256}" = "missing" ]; then \

  47. 	if [ "${PYTHON_VERSION}" = "3.7.16" ]; then PYTHON_SHA256=8338f0c2222d847e904c955369155dc1beeeed806e8d5ef04b00ef4787238bfd; \

  48. 	elif [ "${PYTHON_VERSION}" = "3.8.16" ]; then PYTHON_SHA256=d85dbb3774132473d8081dcb158f34a10ccad7a90b96c7e50ea4bb61f5ce4562; \

  49. 	elif [ "${PYTHON_VERSION}" = "3.9.16" ]; then PYTHON_SHA256=22dddc099246dd2760665561e8adb7394ea0cc43a72684c6480f9380f7786439; \

  50. 	elif [ "${PYTHON_VERSION}" = "3.10.9" ]; then PYTHON_SHA256=5ae03e308260164baba39921fdb4dbf8e6d03d8235a939d4582b33f0b5e46a83; \

  51. 	elif [ "${PYTHON_VERSION}" = "3.11.1" ]; then PYTHON_SHA256=85879192f2cffd56cb16c092905949ebf3e5e394b7f764723529637901dfb58f; \

  52. 	else echo "Error: PYTHON_SHA256 missing and PYTHON_VERSION is not one of the built-in versions" && exit 1; \

  53. 	fi \

  54.     fi \

  55.  && echo "${PYTHON_SHA256}  Python.tar.xz" | sha256sum -c \

  56.  && tar -xvf Python.tar.xz \

  57.  && rm Python.tar.xz \

  58.  && cd Python-${PYTHON_VERSION} \

  59.  && case "${PYTHON_VERSION}" in 3.1[01].*) extrapyconfig=--disable-test-modules ;; esac \

  60.  && ./configure ${extrapyconfig} --prefix=/usr/local --with-openssl=/usr/local CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local" \

  61.  && make -j \

  62.  && make install \

  63.  && rm -rf /tmp/src \

  64.  && rm -rf /usr/local/share/doc /usr/local/share/man \

  65.  && case "${PYTHON_VERSION}" in 3.[789].*) find /usr/local/lib/ -depth -type d -a \( -name test -o -name tests -o -name idle_test \) -exec rm -rf '{}' + ;; esac

  66. 

  67. FROM debian:bullseye-slim

  68. 

  69. RUN apt-get update \

  70.  && apt-get install -y zlib1g libbz2-1.0 libreadline8 libsqlite3-0 libncurses6 libncursesw6 libtinfo6 libxml2 libffi7 liblzma5 ca-certificates \

  71.  && rm -rf /var/lib/apt/lists/*

  72. COPY --from=builder /usr/local/ /usr/local/

  73. 

  74. ENV LD_LIBRARY_PATH=/usr/local/lib64:/usr/local/lib

  75. ENV SSL_CERT_DIR=/etc/ssl/certs/

  76. 

  77. CMD ["python3"]