Python3 OpenSSL Issue
Summary
We use the Debian:12.5 image as the base image in our containers. Yesterday our container build started failing when executing a Python3 script to pull an artifact. It looks like this may be due to a recent change to the Iron Bank Debian:12.5 container.
Steps to reproduce
- Create a Dockerfile using the Iron Bank Debian:12.5 container as a base image. Install python3 through apt
- Create a Python3 Script which utilizes the
requests
module to pull a file, similar to the below code block - Run the script either in a new RUN phase in the Dockerfile or exec into the running container and execute
import requests
response = requests.get("HTTPS URL")
What is the current bug behavior?
Errors when installing certain packages that depend on openssl / libssl3. Python3 requests module fails due to missing
SSL module.
What is the expected correct behavior?
No errors
Relevant logs and/or screenshots
We are seeing the following errors during package installs:
[INFO] Setting up python3.11 (3.11.2-6) ...
[INFO] dpkg-query: warning: parsing file '/var/lib/dpkg/status' near line 4655 package 'libssl3:amd64':
[INFO] missing 'Description' field
[INFO] dpkg-query: warning: parsing file '/var/lib/dpkg/status' near line 5460 package 'openssl:amd64':
[INFO] missing 'Description' field
[INFO] Setting up python3 (3.11.2-1+b1) ...
[INFO] dpkg: warning: files list file for package 'libssl3:amd64' missing; assuming package has no files currently installed
[INFO] dpkg: warning: files list file for package 'openssl:amd64' missing; assuming package has no files currently installed
We are seeing the following error in the Python3 script:
[INFO] requests.exceptions.SSLError: HTTPSConnectionPool(host='REDACTED', port=443): Max retries exceeded with url: REDACTED (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available."))
Possible fixes
I saw there was a recent change to upgrade OpenSSL in the container here (https://repo1.dso.mil/dsop/opensource/debian/debian12.x/debian-12.x/-/blob/development/scripts/dpkg-status.sh?ref_type=heads)
The dpkg status for OpenSSL and libssl3 appear to be missing the Description
and Homepage
fields. The error above just mentions the Description
field, but it may fail without the Homepage
field as well.
I'm hoping adding those back in may resolve the issue.
Tasks
-
Bug has been identified and corrected within the container
Please read the Iron Bank Documentation for more info