Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix SSL "CERTIFICATE_VERIFY_FAILED" error #1474

Merged
merged 3 commits into from Jun 9, 2015
Merged

Fix SSL "CERTIFICATE_VERIFY_FAILED" error #1474

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c571bb4
Report Python and OpenSSL versions in --version output
aanand May 28, 2015
8ad11c0
Make sure we use Python 2.7.9 and OpenSSL 1.0.1 when building OSX binary
aanand May 28, 2015
2594282
Build Python 2.7.9 in Docker image
aanand Jun 1, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
39 changes: 36 additions & 3 deletions Dockerfile
View file
Open in desktop
Expand Up @@ -3,9 +3,11 @@ FROM debian:wheezy
RUN set -ex; \
apt-get update -qq; \
apt-get install -y \
python \
python-pip \
python-dev \
gcc \
make \
zlib1g \
zlib1g-dev \
libssl-dev \
git \
apt-transport-https \
ca-certificates \
Expand All @@ -15,6 +17,37 @@ RUN set -ex; \
; \
rm -rf /var/lib/apt/lists/*

# Build Python 2.7.9 from source
RUN set -ex; \
curl -LO https://www.python.org/ftp/python/2.7.9/Python-2.7.9.tgz; \
tar -xzf Python-2.7.9.tgz; \
cd Python-2.7.9; \
./configure --enable-shared; \
make; \
make install; \
cd ..; \
rm -rf /Python-2.7.9; \
rm Python-2.7.9.tgz
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, this added 4min to the jenkins build, which is unfortunate.

Could we use ubuntu vivid, which seems to have 2.7.9 (http://packages.ubuntu.com/vivid/python) ?

That way we could install from a package without having to build everything. I believe there was another PR for python3 support where @funkyfuture found that using ubuntu made things easier, but I forget the details of that now.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is unfortunate, but hopefully it's temporary - if pyOpenSSL can fix its import-related oddities, hopefully it'll work with PyInstaller and we can go back to using the package.

The problem with using a newer distro is that it upgrades glibc, which is bad for compatibility with older distros.


# Make libpython findable
ENV LD_LIBRARY_PATH /usr/local/lib

# Install setuptools
RUN set -ex; \
curl -LO https://bootstrap.pypa.io/ez_setup.py; \
python ez_setup.py; \
rm ez_setup.py

# Install pip
RUN set -ex; \
curl -LO https://pypi.python.org/packages/source/p/pip/pip-7.0.1.tar.gz; \
tar -xzf pip-7.0.1.tar.gz; \
cd pip-7.0.1; \
python setup.py install; \
cd ..; \
rm -rf pip-7.0.1; \
rm pip-7.0.1.tar.gz

ENV ALL_DOCKER_VERSIONS 1.6.0

RUN set -ex; \
Expand Down
4 changes: 3 additions & 1 deletion compose/cli/utils.py
View file
Open in desktop
Expand Up @@ -8,6 +8,7 @@
import os
import platform
import subprocess
import ssl


def yesno(prompt, default=None):
Expand Down Expand Up @@ -132,6 +133,7 @@ def get_version_info(scope):
elif scope == 'full':
return versioninfo + '\n' \
+ "docker-py version: %s\n" % docker_py_version \
+ "%s version: %s" % (platform.python_implementation(), platform.python_version())
+ "%s version: %s\n" % (platform.python_implementation(), platform.python_version()) \
+ "OpenSSL version: %s" % ssl.OPENSSL_VERSION
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This broke python 2.6 compatiblity

AttributeError: 'module' object has no attribute 'OPENSSL_VERSION'

which I guess is ok, we just need to remove it from tox.ini

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good - I don't think we need to support Python 2.6.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👏 👏 👏

else:
raise RuntimeError('passed unallowed value to `cli.utils.get_version_info`')
2 changes: 1 addition & 1 deletion script/build-linux-inner
View file
Open in desktop
Expand Up @@ -7,4 +7,4 @@ chmod 777 `pwd`/dist

pyinstaller -F bin/docker-compose
mv dist/docker-compose dist/docker-compose-Linux-x86_64
dist/docker-compose-Linux-x86_64 --version
dist/docker-compose-Linux-x86_64 version
5 changes: 4 additions & 1 deletion script/build-osx
View file
Open in desktop
@@ -1,10 +1,13 @@
#!/bin/bash
set -ex

PATH="/usr/local/bin:$PATH"

rm -rf venv
virtualenv -p /usr/local/bin/python venv
venv/bin/pip install -r requirements.txt
venv/bin/pip install -r requirements-dev.txt
venv/bin/pip install .
venv/bin/pyinstaller -F bin/docker-compose
mv dist/docker-compose dist/docker-compose-Darwin-x86_64
dist/docker-compose-Darwin-x86_64 --version
dist/docker-compose-Darwin-x86_64 version
39 changes: 35 additions & 4 deletions script/prepare-osx
View file
Open in desktop
Expand Up @@ -2,20 +2,51 @@

set -ex

python_version() {
python -V 2>&1
}

openssl_version() {
python -c "import ssl; print ssl.OPENSSL_VERSION"
}

desired_python_version="2.7.9"
desired_python_brew_version="2.7.9"
python_formula="https://raw.githubusercontent.com/Homebrew/homebrew/1681e193e4d91c9620c4901efd4458d9b6fcda8e/Library/Formula/python.rb"

desired_openssl_version="1.0.1j"
desired_openssl_brew_version="1.0.1j_1"
openssl_formula="https://raw.githubusercontent.com/Homebrew/homebrew/62fc2a1a65e83ba9dbb30b2e0a2b7355831c714b/Library/Formula/openssl.rb"

PATH="/usr/local/bin:$PATH"

if !(which brew); then
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
fi

brew update

if [ ! -f /usr/local/bin/python ]; then
brew install python
if !(python_version | grep "$desired_python_version"); then
if brew list | grep python; then
brew unlink python
fi

brew install "$python_formula"
brew switch python "$desired_python_brew_version"
fi

if [ -n "$(brew outdated | grep python)" ]; then
brew upgrade python
if !(openssl_version | grep "$desired_openssl_version"); then
if brew list | grep openssl; then
brew unlink openssl
fi

brew install "$openssl_formula"
brew switch openssl "$desired_openssl_brew_version"
fi

echo "*** Using $(python_version)"
echo "*** Using $(openssl_version)"

if !(which virtualenv); then
pip install virtualenv
fi
Expand Down