This page looks best with JavaScript enabled

Python self-contained in a local directory with manually compiled OpenSSL

 ·  🎃 kr0m

In a previous article , we explained how to compile Python in a local directory, which is very useful in outdated systems where it is impossible to install anything. However, if the system is extremely old, it will cause problems even when connecting to external servers via SSL because the encryption of the client and the server will not be compatible. This implies that we will not be able to install anything from Pip.

To solve this, we will externally compile OpenSSL and then Python, including the cryptographic libraries that we have manually compiled. This way, we will have a complete updated Python environment.

If we are on an Ubuntu system, we will install the necessary dependencies to compile Python.

apt install zlib1g-dev libssl-dev libncurses5-dev libsqlite3-dev libreadline-dev libtk8.5 libgdm-dev libdb4o-cil-dev libpcap-dev

NOTE: In case of Gentoo or FreeBSD, everything is already installed.

We clone the OpenSSL repository and compile the sources:

git clone git://git.openssl.org/openssl.git
mv openssl opensslRepo
cd opensslRepo
./config --prefix=$HOME/openssl --openssldir=$HOME/openssl
make -j8
make install

We download the Python version we want and unpack the file:

cd
wget https://www.python.org/ftp/python/3.9.0/Python-3.9.0.tgz
tar -xvf Python-3.9.0.tgz
cd Python-3.9.0

We edit the Setup file where we will edit the SSL parameter and uncomment the rest of the lines shown:

vi Modules/Setup

SSL=/root/openssl  
_ssl _ssl.c \  
        -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \  
        -L$(SSL)/lib -lssl -lcrypto

Depending on the operating system we are using, we will include the OpenSSL libraries in the compilation process in one way or another.

ldconfig -m /root/openssl/lib

export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:$HOME/openssl/lib

Compilamos las fuentes:

./configure --prefix=$HOME/Python-3.9.0/Python --with-openssl=/root/openssl --enable-optimizations
make -j8
make install

Comprobamos la versión de Python:

Python/bin/python3 -V

Python 3.9.0

Comprobamos la versión OpenSSL con la que Python fué compilado:

Python/bin/python3 -c "import ssl; print(ssl.OPENSSL_VERSION)"

OpenSSL 3.0.0-alpha8-dev 

We can install the libraries we want using pip:

Python/bin/python3 -m pip install ovh cymruwhois godaddypy dnspython --user

It is important to note that we must include our OpenSSL libraries in each execution of our Python, otherwise it will not find the libraries with which it was compiled:

/root/Python-3.6.9/Python/bin/python3: error while loading shared libraries: libssl.so.3: cannot open shared object file: No such file or directory

ldconfig -m /root/openssl/lib  
Python/bin/python3 SCRIPT_NAME

export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:$HOME/openssl/lib  
Python/bin/python3 SCRIPT_NAME

If the execution is manual, we can include the libraries as indicated. If we want to run it in an unattended way, for example from a Cron, the best option is to create a Bash script that does the two steps, include the libraries and execute the script in Python.

If you liked the article, you can treat me to a RedBull here