11

我有这个小 Dockerfile

FROM alpine:3.3
RUN apk --update add python
CMD ["python", "-c", "import urllib2; response = urllib2.urlopen('https://www.python.org')"]

构建它docker build -t alpine-py/01 .然后运行它docker run -it --rm alpine-py/01会创建以下输出

Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib/python2.7/urllib2.py", line 431, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 449, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 409, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 1240, in https_open
    context=self._context)
  File "/usr/lib/python2.7/urllib2.py", line 1197, in do_open
    raise URLError(err)
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>

昨天我被最近的 OpenSSL 1.0.2g 版本咬住了,导致py-cryptograpy无法编译。幸运的是,py-cryptography几个小时后,他们在 PyPI 上发布了一个新版本。问题是 OpenSSL 中的一个函数得到了一个新的签名。

这可能是相关的还是我错过了什么?

4

2 回答 2

11

您需要安装 ca-certificates 才能验证公共 CA 的签名证书:

FROM alpine:3.3
RUN apk --no-cache add python ca-certificates
CMD ["python", "-c", "import urllib2; response = urllib2.urlopen('https://www.python.org')"]
于 2016-03-03T04:20:25.297 回答
1

您需要升级 Alpine,因为需要使用补丁升级 libssl

FROM alpine:3.3
RUN apk -U upgrade && \
    apk -U add python ca-certificates && \
    update-ca-certificates
CMD ["python", "-c", "import urllib2; response = urllib2.urlopen('https://www.python.org')"]

apk -U upgrade 将升级这些:

  • libcrypto1.0 (1.0.2e-r0 -> 1.0.2g-r0)
  • libssl1.0 (1.0.2e-r0 -> 1.0.2g-r0)
于 2016-03-24T16:59:29.693 回答