How to build cryptography for linux/arm/v7

[tillsteinbach]

I had a working setup to build a docker container with ENV CRYPTOGRAPHY_DONT_BUILD_RUST=1 which allowed me to come around the problem that I could not build my container for linux/armv7. Is there a workaround to get this working again?

Dockerfile looks like this:

# Here is the build image
FROM ubuntu:20.04 as builder

ENV DEBIAN_FRONTEND="noninteractive"
ENV TZ="Etc/UTC"

RUN apt-get update && apt-get install --no-install-recommends -y python3.9 python3.9-dev python3.9-venv python3-pip python3-wheel build-essential && \
    apt-get install --no-install-recommends -y libpq-dev libffi-dev libssl-dev cargo libjpeg-dev zlib1g-dev && \
    apt-get clean && rm -rf /var/lib/apt/lists/*

ENV CRYPTOGRAPHY_DONT_BUILD_RUST=1

RUN python3.9 -m venv /opt/venv
# Make sure we use the virtualenv:
ENV PATH="/opt/venv/bin:$PATH"
RUN pip3 install --no-cache-dir wheel
RUN pip3 install --no-cache-dir mycode


FROM ubuntu:20.04 AS runner-image

RUN apt-get update && apt-get install --no-install-recommends -y python3.9 python3-venv wget && \
    apt-get install --no-install-recommends -y libpq5 libjpeg8 zlib1g && \
    apt-get clean && rm -rf /var/lib/apt/lists/*

COPY --from=builder /opt/venv /opt/venv
ENV VIRTUAL_ENV=/opt/venv
ENV PATH="/opt/venv/bin:$PATH"
RUN mkdir -p /config

# make sure all messages always reach console
ENV PYTHONUNBUFFERED=1

EXPOSE 4000

CMD mycode

[reaperhulk]

You'll need to install the rust compiler. There are several paths available for this, although rustup.rs is probably the simplest (and supports a variety of armv7 ABIs). https://cryptography.io/en/latest/installation/#rust has more information. Note that Ubuntu 20.04 ships Rust 1.41, which is sufficient, but we still recommend using a path like rustup.rs because we may raise our minimum supported rust version in the future.

[tillsteinbach]

I first tried the easy way with an apt-get install rustc now I ended up with:

running build_rust
1712
#14 729.0       Updating crates.io index
1713
#14 729.0   warning: spurious network error (2 tries remaining): could not read directory '/root/.cargo/registry/index/github.com-1285ae84e5963aae/.git//refs': Value too large for defined data type; class=Os (2)
1714
#14 729.0   warning: spurious network error (1 tries remaining): could not read directory '/root/.cargo/registry/index/github.com-1285ae84e5963aae/.git//refs': Value too large for defined data type; class=Os (2)
1715
#14 729.0   error: failed to get `asn1` as a dependency of package `cryptography-rust v0.1.0 (/tmp/pip-install-ngefbmq1/cryptography/src/rust)`
1716
#14 729.0   
1717
#14 729.0   Caused by:
1718
#14 729.0     failed to fetch `https://github.com/rust-lang/crates.io-index`
1719
#14 729.0   
1720
#14 729.0   Caused by:
1721
#14 729.0     could not read directory '/root/.cargo/registry/index/github.com-1285ae84e5963aae/.git//refs': Value too large for defined data type; class=Os (2)
1722
#14 729.0   
1723
#14 729.0       =============================DEBUG ASSISTANCE=============================
1724
#14 729.0       If you are seeing a compilation error please try the following steps to
1725
#14 729.0       successfully install cryptography:
1726
#14 729.0       1) Upgrade to the latest pip and try again. This will fix errors for most
1727
#14 729.0          users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip
1728
#14 729.0       2) Read https://cryptography.io/en/latest/installation/ for specific
1729
#14 729.0          instructions for your platform.
1730
#14 729.0       3) Check our frequently asked questions for more information:
1731
#14 729.0          https://cryptography.io/en/latest/faq/
1732
#14 729.0       4) Ensure you have a recent Rust toolchain installed:
1733
#14 729.0          https://cryptography.io/en/latest/installation/#rust
1734
#14 729.0   
1735
#14 729.0       Python: 3.9.5
1736
#14 729.0       platform: Linux-5.8.0-1042-azure-armv7l-with-glibc2.31
1737
#14 729.0       pip: n/a
1738
#14 729.0       setuptools: 58.1.0
1739
#14 729.0       setuptools_rust: 0.12.1
1740
#14 729.0       =============================DEBUG ASSISTANCE=============================
1741
#14 729.0   
1742
#14 729.0   Traceback (most recent call last):
1743
#14 729.0     File "/tmp/tmpnh__4e3y_in_process.py", line 280, in <module>
1744
#14 729.0       main()
1745
#14 729.0     File "/tmp/tmpnh__4e3y_in_process.py", line 263, in main
1746
#14 729.0       json_out['return_val'] = hook(**hook_input['kwargs'])
1747
#14 729.0     File "/tmp/tmpnh__4e3y_in_process.py", line 204, in build_wheel
1748
#14 729.0       return _build_backend().build_wheel(wheel_directory, config_settings,
1749
#14 729.0     File "/tmp/pip-build-env-tv24bj3q/overlay/lib/python3.9/site-packages/setuptools/build_meta.py", line 221, in build_wheel
1750
#14 729.0       return self._build_with_temp_dir(['bdist_wheel'], '.whl',
1751
#14 729.0     File "/tmp/pip-build-env-tv24bj3q/overlay/lib/python3.9/site-packages/setuptools/build_meta.py", line 207, in _build_with_temp_dir
1752
#14 729.0       self.run_setup()
1753
#14 729.0     File "/tmp/pip-build-env-tv24bj3q/overlay/lib/python3.9/site-packages/setuptools/build_meta.py", line 150, in run_setup
1754
#14 729.0       exec(compile(code, __file__, 'exec'), locals())
1755
#14 729.0     File "setup.py", line 39, in <module>
1756
#14 729.0       setup(
1757
#14 729.0     File "/tmp/pip-build-env-tv24bj3q/overlay/lib/python3.9/site-packages/setuptools/__init__.py", line 153, in setup
1758
#14 729.0       return distutils.core.setup(**attrs)
1759
#14 729.0     File "/usr/lib/python3.9/distutils/core.py", line 148, in setup
1760
#14 729.0       dist.run_commands()
1761
#14 729.0     File "/usr/lib/python3.9/distutils/dist.py", line 966, in run_commands
1762
#14 729.0       self.run_command(cmd)
1763
#14 729.0     File "/usr/lib/python3.9/distutils/dist.py", line 985, in run_command
1764
#14 729.0       cmd_obj.run()
1765
#14 729.0     File "/tmp/pip-build-env-tv24bj3q/overlay/lib/python3.9/site-packages/wheel/bdist_wheel.py", line 299, in run
1766
#14 729.0       self.run_command('build')
1767
#14 729.0     File "/usr/lib/python3.9/distutils/cmd.py", line 313, in run_command
1768
#14 729.0       self.distribution.run_command(command)
1769
#14 729.0     File "/usr/lib/python3.9/distutils/dist.py", line 985, in run_command
1770
#14 729.0       cmd_obj.run()
1771
#14 729.0     File "/usr/lib/python3.9/distutils/command/build.py", line 135, in run
1772
#14 729.0       self.run_command(cmd_name)
1773
#14 729.0     File "/usr/lib/python3.9/distutils/cmd.py", line 313, in run_command
1774
#14 729.0       self.distribution.run_command(command)
1775
#14 729.0     File "/usr/lib/python3.9/distutils/dist.py", line 985, in run_command
1776
#14 729.0       cmd_obj.run()
1777
#14 729.0     File "/tmp/pip-build-env-tv24bj3q/overlay/lib/python3.9/site-packages/cffi/setuptools_ext.py", line 144, in run
1778
#14 729.0       base_class.run(self)
1779
#14 729.0     File "/tmp/pip-build-env-tv24bj3q/overlay/lib/python3.9/site-packages/setuptools_rust/setuptools_ext.py", line 103, in run
1780
#14 729.0       build_rust.run()
1781
#14 729.0     File "/tmp/pip-build-env-tv24bj3q/overlay/lib/python3.9/site-packages/setuptools_rust/command.py", line 52, in run
1782
#14 729.0       self.run_for_extension(ext)
1783
#14 729.0     File "/tmp/pip-build-env-tv24bj3q/overlay/lib/python3.9/site-packages/setuptools_rust/build.py", line 92, in run_for_extension
1784
#14 729.0       dylib_paths = self.build_extension(ext)
1785
#14 729.0     File "/tmp/pip-build-env-tv24bj3q/overlay/lib/python3.9/site-packages/setuptools_rust/build.py", line 131, in build_extension
1786
#14 729.0       metadata = json.loads(check_output(metadata_command))
1787
#14 729.0     File "/usr/lib/python3.9/subprocess.py", line 424, in check_output
1788
#14 729.0       return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
1789
#14 729.0     File "/usr/lib/python3.9/subprocess.py", line 528, in run
1790
#14 729.0       raise CalledProcessError(retcode, process.args,
1791
#14 729.0   subprocess.CalledProcessError: Command '['cargo', 'metadata', '--manifest-path', 'src/rust/Cargo.toml', '--format-version', '1']' returned non-zero exit status 101.

Will look tomorrow into rustup.rs

[tillsteinbach]

Here is als an issue regarding the problem with buildx: docker/buildx#395

[reaperhulk]

Looks like rust-lang/cargo#8719 is relevant, which is unfortunate since it appears to be a bug with qemu and 32-bit/64-bit filesystem data from the kernel.

[tillsteinbach]

hmmm, yes I think you are right. Do you have an idea how to come around that?

[tillsteinbach]

for who is interested. This is my workaround:

RUN --security=insecure mkdir -p /root/.cargo && chmod 777 /root/.cargo && mount -t tmpfs none /root/.cargo && pip3 install --no-cache-dir cryptography

This puts the .cargo home into a tmpfs and resolves the problem with the filesystem.

Quite ugly, but it works

[reaperhulk]

Glad it worked for you. I’m going to close this since this is ultimately a qemu issue but hopefully it will get resolved upstream eventually so this workaround becomes unnecessary. Thanks for finding a solution, I’m sure others will appreciate it!