Fix cryptography by statically linking OpenSSL

2026-04-25 15:57:57 -05:00 · 2024-06-27 12:59:22 -04:00 · 2024-06-27 12:59:22 -04:00 · b7b6e19879
commit b7b6e19879
parent bf23e9e3ea
1 changed files with 3 additions and 3 deletions
--- a/6
+++ b/6
@ -12,7 +12,7 @@ ARG openssl_version="1.1.1w" openssl_dir="/opt/openssl" \

 # We use the mitmproxy image for the build stage to ensure that all dependencies
 # are at the right versions, even though mitmproxy itself is not used here.
-FROM mitmproxy/mitmproxy:10.2.3 AS openssl-build
+FROM mitmproxy/mitmproxy:10.3.1 AS openssl-build
 ARG openssl_version openssl_dir openssl_config_dir cryptography_dir

 # Install build dependencies
@ -34,11 +34,11 @@ ENV PATH="/root/.cargo/bin:${PATH}"
 ENV OPENSSL_DIR=${openssl_dir}
 RUN python3 -m venv venv
 RUN . ${cryptography_dir}/venv/bin/activate && \
-    python3 -m pip install "cryptography>=41.0.0,<42.0.0" --no-binary cryptography -v
+    OPENSSL_STATIC=1 OPENSSL_DIR="${OPENSSL_DIR}" python3 -m pip install cryptography --no-binary cryptography -v

 # This is the main mitmproxy container that will be run. We use a new image so
 # the build tools are not left over in the final image.
-FROM mitmproxy/mitmproxy:10.2.3 AS mitmproxy
+FROM mitmproxy/mitmproxy:10.3.1 AS mitmproxy
 ARG openssl_dir cryptography_dir
 COPY --from=openssl-build ${openssl_dir} ${openssl_dir}
 COPY --from=openssl-build ${cryptography_dir}/venv/lib /usr/local/lib