1

This question is based on Python HTTPS download fails due to "<urlopen error unknown url type: https>" in which I could resolve the build error <urlopen error unknown url type: https> into <urlopen error [SSL: NO_CIPHERS_AVAILABLE] no ciphers available (_ssl.c:661)>.

I'm trying to build a Python 2.7 from source on a pretty minimal system (Ubuntu 16.04 docker image) which doesn't cause HTTPS downloads to fail due to <urlopen error [SSL: NO_CIPHERS_AVAILABLE] no ciphers available (_ssl.c:661)>. I don't want to use a package manager and a pre-built docker image, but am aware that this would solve the problem easily.

The build script is

apt-get update && apt-get install --yes wget xz-utils make gcc patch && rm -rf /var/lib/apt/lists/*
wget http://www.cpan.org/src/5.0/perl-5.26.1.tar.gz && tar xf perl-5.26.1.tar.gz && cd perl-5.26.1 && ./configure.gnu && make -j16 && make install && cd .. && rm perl-5.26.1.tar.gz
wget https://ftp.gnu.org/pub/gnu/gettext/gettext-0.19.8.1.tar.xz && tar xf gettext-0.19.8.1.tar.xz && cd gettext-0.19.8.1 && ./configure && make -j16 && make install && cd .. && rm gettext-0.19.8.1.tar.xz
wget https://www.zlib.net/zlib-1.2.11.tar.gz && tar xf zlib-1.2.11.tar.gz && cd zlib-1.2.11 && ./configure && make -j16 && make install && cd .. && rm zlib-1.2.11.tar.gz
wget https://www.kernel.org/pub/software/scm/git/git-2.13.3.tar.gz && tar xf git-2.13.3.tar.gz && cd git-2.13.3 && ./configure --with-perl=/usr/local/bin/perl && make -j16 && make install && cd .. && rm git-2.13.3.tar.gz
    # need `--with-perl` passed to `configure` because the `/usr/local/bin/perl` isn't picked up regardless where it's found in PATH, see https://stackoverflow.com/questions/48931247/cant-locate-extutils-makemaker-pm-in-inc-during-git-build for details
wget https://www.openssl.org/source/openssl-1.1.1-pre1.tar.gz && tar xf openssl-1.1.1-pre1.tar.gz && rm openssl-1.1.1-pre1.tar.gz
wget https://www.python.org/ftp/python/2.7.14/Python-2.7.14.tgz && tar xf Python-2.7.14.tgz && rm Python-2.7.14.tgz
git clone git://git.gnome.org/jhbuild
cp -a /openssl-1.1.1-pre1 . && cd openssl-1.1.1-pre1 && ./config --prefix=/usr/local/ --openssldir=/usr/local && make -j16 && make install && cd ..
    # need to install into explicit prefix different from `/usr/local` in order to make OpenSSL get picked up by Python's patched `configure` (specifying `OPENSSL_ROOT=/usr/local` doesn't work)
ldconfig
    # avoids `./python: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory` during build of Python
cp -a /Python-2.7.14 . && cd Python-2.7.14 && wget https://gist.githubusercontent.com/rkitover/2d9e5baff1f1cc4f2618dee53083bd35/raw/7f33fcf5470a9f1013ac6ae7bb168368a98fe5a0/python-2.7.14-custom-static-openssl.patch && patch -p1 <python-2.7.14-custom-static-openssl.patch && patch -u -p0 <../setup.patch && cp Modules/Setup.dist Modules/Setup && env OPENSSL_ROOT=/usr/local ./configure && make -j16 && make install && cd ..
cp -a /jhbuild . && cd jhbuild && ./autogen.sh --prefix=/usr/local && make && make install && cd ..
env JHBUILD_RUN_AS_ROOT= jhbuild bootstrap

I chose jhbuild bootstrap as test command because that's the desired outcome, feel free to suggest a better one. This build script looks odd because I extracted a Docker image krichter/ubuntu-git which is available at https://gitlab.com/krichter/ubuntu-git.

I created a SSCCE at https://gitlab.com/krichter/jhbuild-docker-build which allows to run the build script in GitLab CI and an example run including a full build log can be investigated at https://gitlab.com/krichter/jhbuild-docker-build/-/jobs/53978734.

Kalle Richter
  • 8,008
  • 26
  • 77
  • 177
  • *"no cipher available"* can be caused by various things, for example by a wrong setup of the server. Given that you are using Ubuntu 16.04 which comes with a fairly recent version of OpenSSL I consider it unlikely that the problem is really caused by missing ciphers on the client site and thus the building with a newer version of OpenSSL will solve the problem. I cannot see that you even evaluated the source of this problem before trying to fix it in a way which probably would not help anyway - and running into problems while doing this. – Steffen Ullrich Feb 23 '18 at 04:24
  • why not use `python:2.7` image? saves you a heck of a long time... trust me i know. they go all the way down to 2.7.7 -- you dont want 2.7.6 or earlier anyways.. if you do, let me know, i have a Dockerfile that will be of interest to you.. but i should add: bite the bullet and go with 2.7.7+ – Javier Buzzi Feb 26 '18 at 18:52

1 Answers1

0

To get past this error (and others that followed) on Mac OSX I used Anaconda3 to create a python2.7 environment and install the jhbuild dependencies (python2.7 modules):

conda create -n py2 python=2.7
conda activate py2
conda install openssl xz gettext autoconf automake libtool m4 zip zlib
alias python2=python

If you just want to get past the SSL error your having, you just need to make sure your python --version and python2 --version are both 2.7. And then you need to install the latest openssl within that python, e.g. conda install openssl. I haven't tried pip install --upgrade openssl but perhaps that might work as well.

hobs
  • 18,473
  • 10
  • 83
  • 106