问题描述
编译python成功后,发现无法支持ssl安全模块
原因分析:
编译python时,指定的openssl找不到库,编译ssl模块过程中出错但不会导致整个编译失败,比如对于python3.10.2来说,执行如下命令
configure --prefix=/usr --with-openssl=/usr --with-openssl-rpath=/lib/x86_64-linux-gnu
make -j8
make install
-------------------------------------
分析 @Python-3.10.2/config.log
-------------------------------------
24063 configure:17629: result: yes
24064 configure:17778: checking for openssl/ssl.h in /usr
24065 configure:17785: result: yes
24066 configure:17801: checking whether compiling and linking against OpenSSL works
24067 Trying link with OPENSSL_LDFLAGS=-L/usr/lib; OPENSSL_LIBS=-lssl -lcrypto; OPENSSL_INCLUDES=-I/usr/include
由此可见,--with-openssl=/usr 将转化为 OPENSSL_LDFLAGS=-L/usr/lib; OPENSSL_LIBS=-lssl -lcrypto; OPENSSL_INCLUDES=-I/usr/include其中 OPENSSL_LIBS在/usr/lib/目录下寻找 libssl.so libcrypto.so这两个库时,如果找不到将导致编译不出ssl模块
出错信息
解决方案参考:
(1)configure不带 --with-openssl等进行默认确认,但这种方法的前提是系统中有openssl并且存在/usr/lib/pkgconfig/有相关pc配置;不推荐
(2)在configure指定 --with-openssl=<path-to-openssl-dir>,这个路径下包括如下,但也是有前提,openssl安装的位置如下所示部署才可以,本问题就是采用此方案,可惜不满足如下部署,最终ssl模块未编译成功。
<path-to-openssl-dir>/lib/libssl.so,
<path-to-openssl-dir>/lib/libcrypto.so,
<path-to-openssl-dir>/include/openssl/ssl.h
解决方案
针对参考方案(2)的问题,尝试将openssl编译安装部署到/usr/local/<mycode>/目录下,同时指定--with-openssl=/usr/local/<mycode>
总结
1.需求与准备
python3.10.2支持ssl模块,需要使用openssl1.1.1及以上版本
2.编译部署openssl1.1.1n
./config --prefix=/usr/local/vicode \
--libdir=/lib/x86_64-linux-gnu
--openssldir=/etc/ssl \
-Wl,-rpath,/lib/x86_64-linux-gnu
make -j1 depend
make -j8
make install_sw
# Production Deployment For Ubuntu-16.04 Develop
-- /usr/local/vicode/
|-- bin/
| |-- openssl.1.1.1n
| |-- c_rehash.1.1.1n
|-- include/
| \-- openssl/
\-- lib/
|-- libcrypto.a
|-- libcrypto.so -> libcrypto.so.1.1
|-- libcrypto.so.1.1
|-- libssl.a
|-- libssl.so -> libssl.so.1.1
\-- libssl.so.1.1
# Runtime Deployment For Ubuntu-16.04 Release
-- /usr/
|-- bin/
| |-- openssl.1.1.1n
| |-- c_rehash.1.1.1n
|-- include/
| |-- openssl/*
-- /lib/
\-- x86_64-linux-gnu/
|-- libssl.so.1.1
|-- libcrypto.so.1.1
|-- libssl.a
|-- libcrypto.a
|-- libssl.so
|-- libcrypto.so
\-- *
3.编译部署python3.10.2
#注意点:自定义的openssl地址一定要放在/urs/local下,放在其他路径,也是无法找到,估计是python3的bug
#注意点2:经验证 configure时加入选项参数 --libdir=/usr/lib/x86_64-linux-gnu 会导致Could not find platform dependent libraries <exec_prefix>的问题;包括ssl模块也是无法支持的
#
./configure --prefix=/usr \
--with-openssl-rpath=/lib/x86_64-linux-gnu \
--with-openssl=/usr/local/vicode \
--enable-shared
make -j8 2>&1 | tee make.log
make install
# Release Delopyment For Ubuntu-16.04 Release
-- /usr/
|-- bin/
| |-- 2to3
| |-- idle3
| |-- pip3
| |-- pydoc3
| |-- python3
| |-- python3.10
| |-- 2to3-3.10
| |-- idle3.10
| |-- pip3.10
| |-- pydoc3.10
| |-- python3-config
| |-- python3.10-config
|-- include/
| \-- python3.10/
\-- lib/
|-- libpython3.10.so
|-- libpython3.10.so.1.0
|-- libpython3.so
\-- python3.10/
|-- *.py
|-- */*
\-- config-3.10-x86_64-linux-gnu/*
# Production Deployment For Ubuntu-16.04 develop
/usr/local/vicode/
|-- [4.0K] bin
| |-- [ 9] 2to3 -> 2to3-3.10
| |-- [ 96] 2to3-3.10
| |-- [6.1K] c_rehash
| |-- [ 8] idle3 -> idle3.10
| |-- [ 94] idle3.10
| |-- [736K] openssl
| |-- [ 224] pip3
| |-- [ 224] pip3.10
| |-- [ 9] pydoc3 -> pydoc3.10
| |-- [ 79] pydoc3.10
| |-- [ 10] python3 -> python3.10
| |-- [ 17] python3-config -> python3.10-config
| |-- [ 16K] python3.10
| `-- [3.0K] python3.10-config
|-- [4.0K] include
| |-- [4.0K] openssl
| `-- [4.0K] python3.10
|-- [1.1K] install-openssl
|-- [3.0K] install-python
|-- [4.0K] lib
| |-- [5.4M] libcrypto.a
| |-- [ 16] libcrypto.so -> libcrypto.so.1.1
| |-- [3.2M] libcrypto.so.1.1
| |-- [ 20] libpython3.10.so -> libpython3.10.so.1.0
| |-- [ 18M] libpython3.10.so.1.0
| |-- [7.5K] libpython3.so
| |-- [1007K] libssl.a
| |-- [ 13] libssl.so -> libssl.so.1.1
| |-- [674K] libssl.so.1.1
| |-- [4.0K] python3.10
| `-- [4.0K] x86_64-linux-gnu
`-- [4.0K] share
`-- [4.0K] man
4.验证是否支持ssl模块
#
# Failure : not support for ssl module
#
root@P328:.#
root@P328:.# python3.10 -c 'import ssl'
Could not find platform dependent libraries <exec_prefix>
Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>]
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/local/vicode/lib/python3.10/ssl.py", line 98, in <module>
import _ssl # if we can't import it, let the error propagate
ModuleNotFoundError: No module named '_ssl'
root@P328:.#
#
# Success: not support for ssl module
#
root@P328:.#
root@P328:.# python3.10 -c 'import ssl'
root@P328:.#