Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

On CentOS, how do I build Python 3.9 from source while incorporating my openssl module?

Tags:

python

openssl

centos7

python-3.9

I'm trying to build Python 3.9.1 with SSL support on CentOS 7.

[myuser@server Python-3.9.1]$ which openssl
/usr/local/bin/openssl
[myuser@server Python-3.9.1]$ openssl version
OpenSSL 1.1.1g  21 Apr 2020

Running this command

sudo ./configure CPPFLAGS="-I/usr/local/openssl/include" LDFLAGS="-L/usr/local/openssl/lib" --with-ssl

followed by "make" worked for Python 3.7, but when i run the above on 3.9 and then run make I get this output

...
Python build finished successfully!
The necessary bits to build these optional modules were not found:
_lzma                 _tkinter              _uuid              
To find the necessary bits, look in setup.py in detect_modules() for the module's name.


The following modules found by detect_modules() in setup.py, have been
built by the Makefile instead, as configured by the Setup files:
_abc                  atexit                pwd                
time                                                           


Following modules built successfully but were removed because they could not be imported:
_hashlib              _ssl                                     


Could not build the ssl module!
Python requires an OpenSSL 1.0.2 or 1.1 compatible libssl with X509_VERIFY_PARAM_set1_host().
LibreSSL 2.6.4 and earlier do not provide the necessary APIs, https://github.com/libressl-portable/portable/issues/381

running build_scripts
creating build/scripts-3.9
copying and adjusting /usr/src/Python-3.9.1/Tools/scripts/pydoc3 -> build/scripts-3.9
copying and adjusting /usr/src/Python-3.9.1/Tools/scripts/idle3 -> build/scripts-3.9
copying and adjusting /usr/src/Python-3.9.1/Tools/scripts/2to3 -> build/scripts-3.9
changing mode of build/scripts-3.9/pydoc3 from 644 to 755
changing mode of build/scripts-3.9/idle3 from 644 to 755
changing mode of build/scripts-3.9/2to3 from 644 to 755
renaming build/scripts-3.9/pydoc3 to build/scripts-3.9/pydoc3.9
renaming build/scripts-3.9/idle3 to build/scripts-3.9/idle3.9
renaming build/scripts-3.9/2to3 to build/scripts-3.9/2to3-3.9
/bin/install -c -m 644 ./Tools/gdb/libpython.py python-gdb.py
gcc -pthread -c -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall    -std=c99 -Wextra -Wno-unused-result -Wno-unused-parameter -Wno-missing-field-initializers -Werror=implicit-function-declaration -fvisibility=hidden  -I./Include/internal  -I. -I./Include -I/usr/local/openssl/include   -DPy_BUILD_CORE -o Programs/_testembed.o ./Programs/_testembed.c
gcc -pthread -L/usr/local/openssl/lib    -Xlinker -export-dynamic -o Programs/_testembed Programs/_testembed.o libpython3.9.a -lcrypt -lpthread -ldl  -lutil -lm   -lm 
sed -e "s,@EXENAME@,/usr/local/bin/python3.9," < ./Misc/python-config.in >python-config.py
LC_ALL=C sed -e 's,\$(\([A-Za-z0-9_]*\)),\$\{\1\},g' < Misc/python-config.sh >python-config

So evidently Python 3.9 has NOT been built with SSL. What else do I need to do to build Python 3.9 with the openssl module I have installed?

like image 485
Dave Avatar asked Apr 20 '26 14:04

Dave

1 Answers

Python3.10 source build on CentOS 7.6

The above posts were very helpful to guide me to my solution. I want to share in case someone else could use this:

First the development libs

  1. sudo yum groupinstall "Development Tools" -y
  2. sudo yum install openssl11-devel libffi-devel bzip2-devel xz-devel -y
    • for static linking use openssl11-static

Then configure

So for some reason CentOS ships openssl1.1.1 but it is installed in a way that doesn't jive with Python's configure script.

# note that we #include <openssl/foo.h>, so the OpenSSL headers have to be in
    # an 'openssl' subdirectory

    if ! $found; then
        OPENSSL_INCLUDES=
        for ssldir in $ssldirs; do
            { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ssl.h in $ssldir" >&5
$as_echo_n "checking for openssl/ssl.h in $ssldir... " >&6; }
            if test -f "$ssldir/include/openssl/ssl.h"; then
                OPENSSL_INCLUDES="-I$ssldir/include"
                OPENSSL_LDFLAGS="-L$ssldir/lib"
                OPENSSL_LIBS="-lssl -lcrypto"

Since Python is including headers a subfolder is desired: $ssldir/include/openssl/ssl.h

I just created a new folder with the correct layout:

/opt/openssl111/
├── include
│   └── openssl
│       └── *.h
└── lib
    ├── libcrypto.so
    └── libssl.so

Once in place, the trifecta:

  1. ./configure --enable-optimizations --with-lto --with-openssl=/opt/openssl111/
    • lto is link time optimization
  2. make -j8
  3. make altinstall (installs in /usr/local/ not to overwrite system python)
like image 121
squjd Avatar answered Apr 23 '26 04:04

squjd

Sign in to Comment

Related questions

json dump() into specific folder
Why my Django admin is not loading with css?
How to remove the background from a picture in OpenCV python
Python class self value error, Expected type 'str' got Tuple[str] instead, azure ClientSecretCredential
How to handle custom exceptions with gRPC in Python?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!