使用 OpenSSL 静态编译 Python 3.6
Compile Python 3.6 statically with OpenSSL
我正在尝试使用 OpenSSL 在 Linux 上静态编译 Python 3.6。
我的构建发生在 dockerfile 中,但本质上是:
$ ./configure --prefix=/task/build --disable-shared LDFLAGS="-static"
$ make altinstall
更新 Modules/Setup.local
使其看起来像:
*static*
# Socket module helper for SSL support; you must comment out the other
# socket line above, and possibly edit the SSL variable:
SSL=/usr/local/ssl
_ssl _ssl.c \
-DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
-L$(SSL)/lib -lssl -lcrypto
但是,在配置步骤中,出现错误:
Step 9/14 : RUN ./configure --prefix=/task/build --disable-shared LDFLAGS="-static"
---> Running in cb79ee47052b
checking for git... found
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking for python3.6... no
checking for python3... no
checking for python... python
checking for --enable-universalsdk... no
checking for --with-universal-archs... no
checking MACHDEP... linux
checking for --without-gcc... no
checking for --with-icc... no
checking for gcc... gcc
checking whether the C compiler works... no
configure: error: in `/task/cpython':
configure: error: C compiler cannot create executables
See `config.log' for more details
The command '/bin/sh -c ./configure --prefix=/task/build --disable-shared LDFLAGS="-static"' returned a non-zero code: 77
如果我将配置命令更改为:
$ ./configure --prefix=/task/build --disable-shared
我得到一个已编译的二进制文件,但它没有静态链接到 OpenSSL。
我做错了什么?
谢谢!
构建 dockerfile:
FROM amazonlinux:2017.03.1.20170812
ARG python_version=3.6.8
WORKDIR /task
COPY Modules-Setup.local /task/Modules-Setup.local
# Install requirements
RUN yum install -y \
gcc \
git \
gzip \
openssl-devel \
tar \
zlib \
zlib-devel
# Get openssl and python source
RUN git clone https://github.com/python/cpython.git
WORKDIR /task/cpython
RUN git checkout tags/v${python_version}
# Configure the build
RUN ./configure --prefix=/task/build --disable-shared LDFLAGS="-static"
# Append modules setup with custom values
RUN cat /task/Modules-Setup.local >> /task/cpython/Modules/Setup.local
RUN cat /task/cpython/Modules/Setup.local
# Build
RUN make altinstall
# Zip the results
WORKDIR /task/build
RUN tar --create --gzip --file=/task/python-${python_version}.tar.gz \
lib/ bin/
I'm trying to compile Python 3.6 on Linux statically with OpenSSL.
...
# Socket module helper for SSL support; you must comment out the other
# socket line above, and possibly edit the SSL variable:
SSL=/usr/local/ssl
_ssl _ssl.c \
-DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
-L$(SSL)/lib -lssl -lcrypto
将-lssl
和-lcrypto
更改为-l:libssl.a
和-l:libcrypto.a
:
SSL=/usr/local/ssl
_ssl _ssl.c \
-DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
-L$(SSL)/lib -l:libssl.a -l:libcrypto.a
您也可以使用存档的完整路径:
SSL=/usr/local/ssl
_ssl _ssl.c \
-DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
$(SSL)/lib/libssl.a $(SSL)/lib/libcrypto.a
存档 (*.a
) 只是 collection 个 object 个文件 (*.o
),因此您可以在任何使用 [=70= 的地方使用存档] 文件。
另请参阅 ld(2)
man page 中的 -l:filename
:
--library=namespec
Add the archive or object file specified by namespec to the list of
files to link. This option may be used any number of times. If
namespec is of the form :filename, ld will search the library path for
a file called filename, otherwise it will search the library path for
a file called libnamespec.a.
如果您正在使用 /usr/local
中的其他组件,那么您可能需要将 -L/usr/local/lib -Wl,-R,/usr/local/lib -Wl,--enable-new-dtags
添加到您的 LDFLAGS
。 new-dtags
在 ELF headers 中嵌入了一个 RUNPATH
(相对于 RPATH
)。 RUNPATH
可以被 LD_LIBRARY_PATH
覆盖。
I get a compiled binary, but it isn't statically linked to OpenSSL.
检查的方法是将 ldd
与您在运行时使用的路径一起使用。例如,这里来自 Fedora 上的本地 OpenSSL 构建:
$ ldd /usr/local/bin/openssl
linux-vdso.so.1 (0x00007fff3cde6000)
libssl.so.1.0.0 => /usr/local/lib64/libssl.so.1.0.0 (0x00007f043dc4e000)
libcrypto.so.1.0.0 => /usr/local/lib64/libcrypto.so.1.0.0 (0x00007f043d9df000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f043d9c0000)
libc.so.6 => /lib64/libc.so.6 (0x00007f043d7fa000)
/lib64/ld-linux-x86-64.so.2 (0x00007f043dcc0000)
这里有几个相关的问题,但看起来它们并没有涵盖 Python 的静态链接。
- Building Python with SSL support in non-standard location
- How do I compile Python 3.4 with custom OpenSSL?
需要说明的是,config.log
有错误,但您没有显示其中的相关部分:
checking whether the C compiler works... no
configure: error: in `/task/cpython':
configure: error: C compiler cannot create executables
See `config.log' for more details
静态 OpenSSL 可能会(也可能不会)解决问题。
我 运行 遇到了同样的问题,并通过安装静态 glibc 库解决了这个问题:
yum install glibc-static
我正在尝试使用 OpenSSL 在 Linux 上静态编译 Python 3.6。
我的构建发生在 dockerfile 中,但本质上是:
$ ./configure --prefix=/task/build --disable-shared LDFLAGS="-static"
$ make altinstall
更新 Modules/Setup.local
使其看起来像:
*static*
# Socket module helper for SSL support; you must comment out the other
# socket line above, and possibly edit the SSL variable:
SSL=/usr/local/ssl
_ssl _ssl.c \
-DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
-L$(SSL)/lib -lssl -lcrypto
但是,在配置步骤中,出现错误:
Step 9/14 : RUN ./configure --prefix=/task/build --disable-shared LDFLAGS="-static"
---> Running in cb79ee47052b
checking for git... found
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking for python3.6... no
checking for python3... no
checking for python... python
checking for --enable-universalsdk... no
checking for --with-universal-archs... no
checking MACHDEP... linux
checking for --without-gcc... no
checking for --with-icc... no
checking for gcc... gcc
checking whether the C compiler works... no
configure: error: in `/task/cpython':
configure: error: C compiler cannot create executables
See `config.log' for more details
The command '/bin/sh -c ./configure --prefix=/task/build --disable-shared LDFLAGS="-static"' returned a non-zero code: 77
如果我将配置命令更改为:
$ ./configure --prefix=/task/build --disable-shared
我得到一个已编译的二进制文件,但它没有静态链接到 OpenSSL。
我做错了什么?
谢谢!
构建 dockerfile:
FROM amazonlinux:2017.03.1.20170812
ARG python_version=3.6.8
WORKDIR /task
COPY Modules-Setup.local /task/Modules-Setup.local
# Install requirements
RUN yum install -y \
gcc \
git \
gzip \
openssl-devel \
tar \
zlib \
zlib-devel
# Get openssl and python source
RUN git clone https://github.com/python/cpython.git
WORKDIR /task/cpython
RUN git checkout tags/v${python_version}
# Configure the build
RUN ./configure --prefix=/task/build --disable-shared LDFLAGS="-static"
# Append modules setup with custom values
RUN cat /task/Modules-Setup.local >> /task/cpython/Modules/Setup.local
RUN cat /task/cpython/Modules/Setup.local
# Build
RUN make altinstall
# Zip the results
WORKDIR /task/build
RUN tar --create --gzip --file=/task/python-${python_version}.tar.gz \
lib/ bin/
I'm trying to compile Python 3.6 on Linux statically with OpenSSL.
...# Socket module helper for SSL support; you must comment out the other # socket line above, and possibly edit the SSL variable: SSL=/usr/local/ssl _ssl _ssl.c \ -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \ -L$(SSL)/lib -lssl -lcrypto
将-lssl
和-lcrypto
更改为-l:libssl.a
和-l:libcrypto.a
:
SSL=/usr/local/ssl
_ssl _ssl.c \
-DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
-L$(SSL)/lib -l:libssl.a -l:libcrypto.a
您也可以使用存档的完整路径:
SSL=/usr/local/ssl
_ssl _ssl.c \
-DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
$(SSL)/lib/libssl.a $(SSL)/lib/libcrypto.a
存档 (*.a
) 只是 collection 个 object 个文件 (*.o
),因此您可以在任何使用 [=70= 的地方使用存档] 文件。
另请参阅 ld(2)
man page 中的 -l:filename
:
--library=namespec
Add the archive or object file specified by namespec to the list of files to link. This option may be used any number of times. If namespec is of the form :filename, ld will search the library path for a file called filename, otherwise it will search the library path for a file called libnamespec.a.
如果您正在使用 /usr/local
中的其他组件,那么您可能需要将 -L/usr/local/lib -Wl,-R,/usr/local/lib -Wl,--enable-new-dtags
添加到您的 LDFLAGS
。 new-dtags
在 ELF headers 中嵌入了一个 RUNPATH
(相对于 RPATH
)。 RUNPATH
可以被 LD_LIBRARY_PATH
覆盖。
I get a compiled binary, but it isn't statically linked to OpenSSL.
检查的方法是将 ldd
与您在运行时使用的路径一起使用。例如,这里来自 Fedora 上的本地 OpenSSL 构建:
$ ldd /usr/local/bin/openssl
linux-vdso.so.1 (0x00007fff3cde6000)
libssl.so.1.0.0 => /usr/local/lib64/libssl.so.1.0.0 (0x00007f043dc4e000)
libcrypto.so.1.0.0 => /usr/local/lib64/libcrypto.so.1.0.0 (0x00007f043d9df000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f043d9c0000)
libc.so.6 => /lib64/libc.so.6 (0x00007f043d7fa000)
/lib64/ld-linux-x86-64.so.2 (0x00007f043dcc0000)
这里有几个相关的问题,但看起来它们并没有涵盖 Python 的静态链接。
- Building Python with SSL support in non-standard location
- How do I compile Python 3.4 with custom OpenSSL?
需要说明的是,config.log
有错误,但您没有显示其中的相关部分:
checking whether the C compiler works... no
configure: error: in `/task/cpython':
configure: error: C compiler cannot create executables
See `config.log' for more details
静态 OpenSSL 可能会(也可能不会)解决问题。
我 运行 遇到了同样的问题,并通过安装静态 glibc 库解决了这个问题:
yum install glibc-static