search

nabla-c0d3 / nassl

Experimental OpenSSL wrapper for Python 3.8+ and SSLyze.
GNU Affero General Public License v3.0
39 stars 35 forks source link

Source distribution on PyPI? #33

Closed jsf9k closed 6 years ago

jsf9k commented 6 years ago

Is it possible to include a source distribution on PyPI? I run sslyze in an Alpine Linux Docker container and, since Alpine uses musl instead of glibc, the wheels in PyPI don't work for me.

I suspect a lot of folks will run into the same issue, since Alpine is a pretty popular Linux distribution for use in Docker containers due to its small footprint.

nabla-c0d3 commented 6 years ago

Before I do that, can you clone this repo and try building the native extension on alpine linux (without using build_from_scratch.py) ?

python setup.py build_ext -i
python run_tests.py

If this does not work, a source distribution won't. Thanks!

jsf9k commented 6 years ago

I see what you mean. I'm trying to build nassl in a Docker container (Dockerfile here). The prebuilt openssl is causing problems though:

Step 9/10 : RUN python setup.py build_ext -i
 ---> Running in 16b2d4d45b9d
running build_ext
building 'nassl._nassl_legacy' extension
creating build
creating build/temp.linux-x86_64-3.6
creating build/temp.linux-x86_64-3.6/nassl
creating build/temp.linux-x86_64-3.6/nassl/_nassl
gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -DTHREAD_STACK_SIZE=0x100000 -fPIC -DLEGACY_OPENSSL=1 -Ibin/openssl-legacy/include -Inassl/_nassl -I/usr/local/include/python3.6m -c nassl/_nassl/nassl.c -o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl.o -Wall
gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -DTHREAD_STACK_SIZE=0x100000 -fPIC -DLEGACY_OPENSSL=1 -Ibin/openssl-legacy/include -Inassl/_nassl -I/usr/local/include/python3.6m -c nassl/_nassl/nassl_SSL_CTX.c -o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl_SSL_CTX.o -Wall
gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -DTHREAD_STACK_SIZE=0x100000 -fPIC -DLEGACY_OPENSSL=1 -Ibin/openssl-legacy/include -Inassl/_nassl -I/usr/local/include/python3.6m -c nassl/_nassl/nassl_SSL.c -o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl_SSL.o -Wall
gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -DTHREAD_STACK_SIZE=0x100000 -fPIC -DLEGACY_OPENSSL=1 -Ibin/openssl-legacy/include -Inassl/_nassl -I/usr/local/include/python3.6m -c nassl/_nassl/nassl_X509.c -o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl_X509.o -Wall
gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -DTHREAD_STACK_SIZE=0x100000 -fPIC -DLEGACY_OPENSSL=1 -Ibin/openssl-legacy/include -Inassl/_nassl -I/usr/local/include/python3.6m -c nassl/_nassl/nassl_errors.c -o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl_errors.o -Wall
gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -DTHREAD_STACK_SIZE=0x100000 -fPIC -DLEGACY_OPENSSL=1 -Ibin/openssl-legacy/include -Inassl/_nassl -I/usr/local/include/python3.6m -c nassl/_nassl/nassl_BIO.c -o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl_BIO.o -Wall
gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -DTHREAD_STACK_SIZE=0x100000 -fPIC -DLEGACY_OPENSSL=1 -Ibin/openssl-legacy/include -Inassl/_nassl -I/usr/local/include/python3.6m -c nassl/_nassl/nassl_X509_EXTENSION.c -o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl_X509_EXTENSION.o -Wall
gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -DTHREAD_STACK_SIZE=0x100000 -fPIC -DLEGACY_OPENSSL=1 -Ibin/openssl-legacy/include -Inassl/_nassl -I/usr/local/include/python3.6m -c nassl/_nassl/nassl_X509_NAME_ENTRY.c -o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl_X509_NAME_ENTRY.o -Wall
gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -DTHREAD_STACK_SIZE=0x100000 -fPIC -DLEGACY_OPENSSL=1 -Ibin/openssl-legacy/include -Inassl/_nassl -I/usr/local/include/python3.6m -c nassl/_nassl/nassl_SSL_SESSION.c -o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl_SSL_SESSION.o -Wall
gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -DTHREAD_STACK_SIZE=0x100000 -fPIC -DLEGACY_OPENSSL=1 -Ibin/openssl-legacy/include -Inassl/_nassl -I/usr/local/include/python3.6m -c nassl/_nassl/openssl_utils.c -o build/temp.linux-x86_64-3.6/nassl/_nassl/openssl_utils.o -Wall
gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -DTHREAD_STACK_SIZE=0x100000 -fPIC -DLEGACY_OPENSSL=1 -Ibin/openssl-legacy/include -Inassl/_nassl -I/usr/local/include/python3.6m -c nassl/_nassl/nassl_OCSP_RESPONSE.c -o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl_OCSP_RESPONSE.o -Wall
gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -DTHREAD_STACK_SIZE=0x100000 -fPIC -DLEGACY_OPENSSL=1 -Ibin/openssl-legacy/include -Inassl/_nassl -I/usr/local/include/python3.6m -c nassl/_nassl/python_utils.c -o build/temp.linux-x86_64-3.6/nassl/_nassl/python_utils.o -Wall
creating build/lib.linux-x86_64-3.6
creating build/lib.linux-x86_64-3.6/nassl
gcc -shared build/temp.linux-x86_64-3.6/nassl/_nassl/nassl.o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl_SSL_CTX.o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl_SSL.o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl_X509.o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl_errors.o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl_BIO.o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl_X509_EXTENSION.o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl_X509_NAME_ENTRY.o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl_SSL_SESSION.o build/temp.linux-x86_64-3.6/nassl/_nassl/openssl_utils.o build/temp.linux-x86_64-3.6/nassl/_nassl/nassl_OCSP_RESPONSE.o build/temp.linux-x86_64-3.6/nassl/_nassl/python_utils.o bin/openssl-legacy/linux64/libssl.a bin/openssl-legacy/linux64/libcrypto.a bin/zlib/linux64/libz.a -L/usr/local/lib -lpython3.6m -o build/lib.linux-x86_64-3.6/nassl/_nassl_legacy.cpython-36m-x86_64-linux-gnu.so -Wl,-z,noexecstack
/usr/lib/gcc/x86_64-alpine-linux-musl/6.4.0/../../../../x86_64-alpine-linux-musl/bin/ld:bin/openssl-legacy/linux64/libssl.a: file format not recognized; treating as linker script
/usr/lib/gcc/x86_64-alpine-linux-musl/6.4.0/../../../../x86_64-alpine-linux-musl/bin/ld:bin/openssl-legacy/linux64/libssl.a:1: syntax error
collect2: error: ld returned 1 exit status
error: command 'gcc' failed with exit status 1
The command '/bin/sh -c python setup.py build_ext -i' returned a non-zero code: 1

I'll give build_from_scratch.py a try instead.

jsf9k commented 6 years ago

Is this line from the README.md accurate?

git clone -b tls1.3-draft-18 https://github.com/openssl/openssl.git ./openssl-tls1.3-draft-18

I'm asking because:

  1. The build_from_scratch.py script is looking for a directory called ./openssl-master. Right now I'm checking out the tls1.3-draft-18 branch into ./openssl-master, but I'm not certain that's what is intended.
  2. I noticed that there is a tls1.3-draft-19 branch now as well.
jsf9k commented 6 years ago

I have the compiling working, but part of the build steps involve running tests that fail like this:

Failure: ImportError (Error relocating /nassl/nassl/_nassl.cpython-36m-x86_64-linux-gnu.so: SSL_SESSION_set_max_early_data: symbol not found) ... ERROR

I think it's definitely possible to get this working on Alpine, but in my case time is limited so I'll just switch to a different base image. :neutral_face:

Thank you for your help, @nabla-c0d3!