Skip to content

Instantly share code, notes, and snippets.

@liath
Created August 29, 2021 05:46
Show Gist options
  • Save liath/83636c9001f65d6b8c03a2da3f4f5fa8 to your computer and use it in GitHub Desktop.
Save liath/83636c9001f65d6b8c03a2da3f4f5fa8 to your computer and use it in GitHub Desktop.
pyca/cryptography musllinux Dockerfile
FROM ghcr.io/pyca/cryptography-musllinux_1_1:x86_64
RUN /opt/pypy3.7/bin/pypy -m venv .venv && \
.venv/bin/pip install -U pip wheel cffi setuptools-rust && \
.venv/bin/pip download cryptography==3.4.8 --no-deps --no-binary cryptography && \
tar zxvf cryptography*.tar.gz && mkdir tmpwheelhouse && \
cd cryptography* ; \
LDFLAGS="-L/opt/pyca/cryptography/openssl/lib" \
CFLAGS="-I/opt/pyca/cryptography/openssl/include -Wl,--exclude-libs,ALL" \
../.venv/bin/python setup.py bdist_wheel $PY_LIMITED_API && mv dist/cryptography*.whl ../tmpwheelhouse
# TODO: Once auditwheel>=5 is out we can delete this and merge these layers
# https://github.com/pypa/auditwheel/issues/327
RUN .venv/bin/pip install git+https://github.com/pypa/auditwheel.git
RUN .venv/bin/auditwheel repair --plat "musllinux_1_1_x86_64" tmpwheelhouse/cryptograph*.whl -w wheelhouse/ && \
unzip wheelhouse/*.whl -d execstack.check
RUN \
if hash execstack 2>/dev/null; then \
if [ "$(execstack execstack.check/cryptography/hazmat/bindings/*.so | grep -c '^X')" -ne 0 ]; then \
exit 1; \
fi; \
elif hash scanelf 2>/dev/null; then \
if [ "$(scanelf -qe execstack.check/cryptography/hazmat/bindings/*.so | wc -l)" -ne 0 ]; then \
exit 1; \
fi; \
else \
exit 1; \
fi; \
.venv/bin/pip install cryptography --no-index -f wheelhouse/; \
.venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"; \
mkdir cryptography-wheelhouse; \
mv wheelhouse/cryptography*.whl cryptography-wheelhouse/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment