starred/healthchecks

Fork 0

mirror of https://github.com/healthchecks/healthchecks.git synced 2026-04-25 06:55:53 +03:00

[GH-ISSUE #565] [DOCKER] Docker build failing on arm - cryptography requires Rust #411

New issue

Closed

opened 2026-02-25 23:42:21 +03:00 by kerem · 5 comments

kerem commented

2026-02-25 23:42:21 +03:00

Owner

Originally created by @achilleas-k on GitHub (Sep 30, 2021).
Original GitHub issue: https://github.com/healthchecks/healthchecks/issues/565

With the latest Cryptography update (35.0.0), the CRYPTOGRAPHY_DONT_BUILD_RUST env var is ignored and rust is now required to build cryptography. This breaks Docker on arm again, which was originally fixed in #492.

Originally created by @achilleas-k on GitHub (Sep 30, 2021). Original GitHub issue: https://github.com/healthchecks/healthchecks/issues/565 With the latest [Cryptography update (35.0.0)]( https://github.com/pyca/cryptography/blob/5ca120918fe45d306273b5adfe76e37e6a8b508b/CHANGELOG.rst#3500---2021-09-29), the `CRYPTOGRAPHY_DONT_BUILD_RUST` env var is ignored and rust is now required to build cryptography. This breaks Docker on arm again, which was originally fixed in #492.

kerem closed this issue

2026-02-25 23:42:21 +03:00

kerem commented

2026-02-25 23:42:22 +03:00

Author

Owner

@cuu508 commented on GitHub (Sep 30, 2021):

Thanks for the report!

Pinning cryptography==3.4.8 would work but is of course not ideal.

I tried installing rust first:

apt-get install build-essential libssl-dev libffi-dev python3-dev cargo

And then installing cryptography. This works but takes more than 5 minutes (I'm experimenting on rPi), so also not great.

It would be best if we could get pip to use binary wheels.

@cuu508 commented on GitHub (Sep 30, 2021): Thanks for the report! Pinning cryptography==3.4.8 would work but is of course not ideal. I tried installing rust first: apt-get install build-essential libssl-dev libffi-dev python3-dev cargo And then installing cryptography. This works but takes more than 5 minutes (I'm experimenting on rPi), so also not great. It would be best if we could get pip to use binary wheels.

kerem commented

2026-02-25 23:42:22 +03:00

Author

Owner

@cuu508 commented on GitHub (Sep 30, 2021):

Filed an issue (more like a support request) in the cryptography repo: https://github.com/pyca/cryptography/issues/6342

@cuu508 commented on GitHub (Sep 30, 2021): Filed an issue (more like a support request) in the cryptography repo: https://github.com/pyca/cryptography/issues/6342

kerem commented

2026-02-25 23:42:22 +03:00

Author

Owner

@cuu508 commented on GitHub (Sep 30, 2021):

OK, so cryptography does not provide (and don't plan to provide) 32-bit arm wheels.

Healthchecks needs the fido2 library for WebAuthn support.
fido2 really needs cryptography – it's used throughout the library.
And, starting from version 35, cryptography really needs rust.

There is https://www.piwheels.org/ – a wheel repository for Raspberry Pi. I tested it out:

$ docker run -it python:3.9-slim-buster bash
root@d110ba87afb0:/# echo "[global]
> extra-index-url=https://www.piwheels.org/simple
> " > /etc/pip.conf
root@d110ba87afb0:/# pip install cryptography
Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple
Collecting cryptography
  Downloading https://www.piwheels.org/simple/cryptography/cryptography-35.0.0-cp39-cp39-linux_armv7l.whl (2.6 MB)
     |████████████████████████████████| 2.6 MB 1.4 MB/s 
Collecting cffi>=1.12
  Downloading https://www.piwheels.org/simple/cffi/cffi-1.14.6-cp39-cp39-linux_armv7l.whl (369 kB)
     |████████████████████████████████| 369 kB 545 kB/s 
Collecting pycparser
  Downloading https://www.piwheels.org/simple/pycparser/pycparser-2.20-py2.py3-none-any.whl (112 kB)
     |████████████████████████████████| 112 kB 544 kB/s 
Installing collected packages: pycparser, cffi, cryptography
Successfully installed cffi-1.14.6 cryptography-35.0.0 pycparser-2.20
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
root@d110ba87afb0:/#

But I'm not sure what to do with the Dockerfile. It seems wrong to add the piwheels repository for all architectures.

@cuu508 commented on GitHub (Sep 30, 2021): OK, so cryptography does not provide (and don't plan to provide) 32-bit arm wheels. Healthchecks needs the fido2 library for WebAuthn support. fido2 really needs cryptography – it's used throughout the library. And, starting from version 35, cryptography really needs rust. There is https://www.piwheels.org/ – a wheel repository for Raspberry Pi. I tested it out: ``` $ docker run -it python:3.9-slim-buster bash root@d110ba87afb0:/# echo "[global] > extra-index-url=https://www.piwheels.org/simple > " > /etc/pip.conf root@d110ba87afb0:/# pip install cryptography Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple Collecting cryptography Downloading https://www.piwheels.org/simple/cryptography/cryptography-35.0.0-cp39-cp39-linux_armv7l.whl (2.6 MB) |████████████████████████████████| 2.6 MB 1.4 MB/s Collecting cffi>=1.12 Downloading https://www.piwheels.org/simple/cffi/cffi-1.14.6-cp39-cp39-linux_armv7l.whl (369 kB) |████████████████████████████████| 369 kB 545 kB/s Collecting pycparser Downloading https://www.piwheels.org/simple/pycparser/pycparser-2.20-py2.py3-none-any.whl (112 kB) |████████████████████████████████| 112 kB 544 kB/s Installing collected packages: pycparser, cffi, cryptography Successfully installed cffi-1.14.6 cryptography-35.0.0 pycparser-2.20 WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv root@d110ba87afb0:/# ``` But I'm not sure what to do with the Dockerfile. It seems wrong to add the piwheels repository for all architectures.

kerem commented

2026-02-25 23:42:22 +03:00

Author

Owner

@achilleas-k commented on GitHub (Sep 30, 2021):

But I'm not sure what to do with the Dockerfile. It seems wrong to add the piwheels repository for all architectures.

I know what you mean. Probably makes more sense to build it from source instead and take the 5 min build time.
Could do a multi-step build where the first container builds cryptography to speed up rebuilds and updates without rebuilding cryptography.

@achilleas-k commented on GitHub (Sep 30, 2021): > But I'm not sure what to do with the Dockerfile. It seems wrong to add the piwheels repository for all architectures. I know what you mean. Probably makes more sense to build it from source instead and take the 5 min build time. Could do a multi-step build where the first container builds cryptography to speed up rebuilds and updates without rebuilding cryptography.

kerem commented

2026-02-25 23:42:22 +03:00

Author

Owner

@cuu508 commented on GitHub (Oct 13, 2021):

I updated the Dockerfile to use the prebuilt wheels from piwheels.org but only if the architecture is armhf:

RUN \
    if [ `dpkg --print-architecture` = "armhf" ]; then \
    printf "[global]\nextra-index-url=https://www.piwheels.org/simple\n" > /etc/pip.conf ; \
    fi

The alternative of installing rust and building cryptography from source is problematic on armhf – see #568.

@cuu508 commented on GitHub (Oct 13, 2021): I updated the Dockerfile to use the prebuilt wheels from piwheels.org but only if the architecture is `armhf`: ``` RUN \ if [ `dpkg --print-architecture` = "armhf" ]; then \ printf "[global]\nextra-index-url=https://www.piwheels.org/simple\n" > /etc/pip.conf ; \ fi ``` The alternative of installing rust and building cryptography from source is problematic on `armhf` – see #568.

kerem referenced this issue

2026-02-25 23:44:17 +03:00

[PR #411] [MERGED] Added PHP wrapper to docs #956