liath/Dockerfile

## Dockerfile
FROM ghcr.io/pyca/cryptography-musllinux_1_1:x86_64

RUN /opt/pypy3.7/bin/pypy -m venv .venv && \
  .venv/bin/pip install -U pip wheel cffi setuptools-rust && \
  .venv/bin/pip download cryptography==3.4.8 --no-deps --no-binary cryptography && \
  tar zxvf cryptography*.tar.gz && mkdir tmpwheelhouse && \
  cd cryptography* ; \
  LDFLAGS="-L/opt/pyca/cryptography/openssl/lib" \
    CFLAGS="-I/opt/pyca/cryptography/openssl/include -Wl,--exclude-libs,ALL" \
    ../.venv/bin/python setup.py bdist_wheel $PY_LIMITED_API && mv dist/cryptography*.whl ../tmpwheelhouse

# TODO: Once auditwheel>=5 is out we can delete this and merge these layers
# https://github.com/pypa/auditwheel/issues/327
RUN .venv/bin/pip install git+https://github.com/pypa/auditwheel.git

RUN .venv/bin/auditwheel repair --plat "musllinux_1_1_x86_64" tmpwheelhouse/cryptograph*.whl -w wheelhouse/ && \
  unzip wheelhouse/*.whl -d execstack.check

RUN \
  if hash execstack 2>/dev/null; then \
    if [ "$(execstack execstack.check/cryptography/hazmat/bindings/*.so | grep -c '^X')" -ne 0 ]; then \
      exit 1; \
    fi; \
  elif hash scanelf 2>/dev/null; then \
    if [ "$(scanelf -qe execstack.check/cryptography/hazmat/bindings/*.so | wc -l)" -ne 0 ]; then \
      exit 1; \
    fi; \
  else \
    exit 1; \
  fi; \
  .venv/bin/pip install cryptography --no-index -f wheelhouse/; \
  .venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"; \
  mkdir cryptography-wheelhouse; \
  mv wheelhouse/cryptography*.whl cryptography-wheelhouse/
	FROM ghcr.io/pyca/cryptography-musllinux_1_1:x86_64

	RUN /opt/pypy3.7/bin/pypy -m venv .venv && \
	.venv/bin/pip install -U pip wheel cffi setuptools-rust && \
	.venv/bin/pip download cryptography==3.4.8 --no-deps --no-binary cryptography && \
	tar zxvf cryptography*.tar.gz && mkdir tmpwheelhouse && \
	cd cryptography* ; \
	LDFLAGS="-L/opt/pyca/cryptography/openssl/lib" \
	CFLAGS="-I/opt/pyca/cryptography/openssl/include -Wl,--exclude-libs,ALL" \
	../.venv/bin/python setup.py bdist_wheel $PY_LIMITED_API && mv dist/cryptography*.whl ../tmpwheelhouse

	# TODO: Once auditwheel>=5 is out we can delete this and merge these layers
	# https://github.com/pypa/auditwheel/issues/327
	RUN .venv/bin/pip install git+https://github.com/pypa/auditwheel.git

	RUN .venv/bin/auditwheel repair --plat "musllinux_1_1_x86_64" tmpwheelhouse/cryptograph*.whl -w wheelhouse/ && \
	unzip wheelhouse/*.whl -d execstack.check

	RUN \
	if hash execstack 2>/dev/null; then \
	if [ "$(execstack execstack.check/cryptography/hazmat/bindings/*.so \| grep -c '^X')" -ne 0 ]; then \
	exit 1; \
	fi; \
	elif hash scanelf 2>/dev/null; then \
	if [ "$(scanelf -qe execstack.check/cryptography/hazmat/bindings/*.so \| wc -l)" -ne 0 ]; then \
	exit 1; \
	fi; \
	else \
	exit 1; \
	fi; \
	.venv/bin/pip install cryptography --no-index -f wheelhouse/; \
	.venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"; \
	mkdir cryptography-wheelhouse; \
	mv wheelhouse/cryptography*.whl cryptography-wheelhouse/