Skip to content

Instantly share code, notes, and snippets.

@matangover

matangover/Compiling Python with custom OpenSSL on Heroku.md

Last active June 14, 2020 19:24
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save matangover/82b2c005740f0a2db8a91e910ddd2f0a to your computer and use it in GitHub Desktop.
Save matangover/82b2c005740f0a2db8a91e910ddd2f0a to your computer and use it in GitHub Desktop.
Download ZIP
Instructions for compiling Python with custom OpenSSL on Heroku
Raw
Compiling Python with custom OpenSSL on Heroku.md

Prepare a dyno for compilation with the latest OpenSSL

  1. Create a one-off Heroku app (or use an existing one) for the compilation.

  2. Set the app to use the Python buildpack with OpenSSL 1.0.2g

    heroku buildpacks:set https://github.com/yuvadm/heroku-buildpack-python-openssl-1.0.2.git -a myapp

  3. Run a one-off dyno to do the compilation:

    heroku run bash -a myapp

Compile a Python interpreter

In the Heroku shell that opened, run the following commands --

  1. Download Python source:

    mkdir build
cd build
wget https://www.python.org/ftp/python/2.7.11/Python-2.7.11.tar.xz --no-check-certificate
tar -xf Python-2.7.11.tar.xz

  2. Apply patch to compile with custom OpenSSL version:

    cd Python-2.7.11
wget https://gist.githubusercontent.com/matangover/25c84c75046d2122842699594c82a107/raw/7c9b3dc9e6f8f6ca0d3b259b5fec5ba9b791fed0/heroku_python_custom_openssl.patch --no-check-certificate
git apply heroku_python_custom_openssl.patch

  3. Build python (saving the default Python on the side):

    mv /app/.heroku/python /app/.heroku/python_original
./configure --prefix=/app/.heroku/python
make
make install
mv /app/.heroku/python /app/.heroku/compiled_python
mv /app/.heroku/python_original /app/.heroku/python

  4. Create a tar archive with the built output:

    cd /app/.heroku/compiled_python
tar -czf python-2.7.11-with-openssl-1.0.2g.tar.gz *

  5. Export the tar archive somehow from the dyno, e.g. upload it to S3 (or using SSH or any other method):

    pip install awscli
aws s3 cp python-2.7.11-with-openssl-1.0.2g.tar.gz s3://my-bucket

Use the custom compiled interpreter in your app

To use the newly compiled interpreter in your buildpack, fork the Python buildpack with OpenSSL 1.0.2g. In your fork, modify the ‘python’ step to download your own interpreter tar archive from somewhere on the public Internet, e.g. from S3. Change the download URL in the buildpack's code here.

Now tell the app to use your forked buildpack:

heroku buildpacks:set https://github.com/me/my-forked-buildpack.git -a myapp

It might also be necessary to purge the slug cache to remove any cached Python versions:

heroku plugins:install https://github.com/heroku/heroku-repo.git
heroku repo:purge_cache -a myapp

Last step is of course to push your code and have the buildpack run:

git push heroku master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment