Compiling python 3.6 for centos 5.11 with openssl

Lately I was about to develop and deploy a python-script to a company-server (internal and firewalled) which is still running Centos 5.11.

My first reaction was "can we upgrade to a newer system" - however at this time this is not an option.

Before doing this on the server, i ran multiple tests in a docker-image as this server does not have a test-instance.

docker run -it centos:centos5 /bin/bash

As centos5 has reached End of Life, some tweaking was needed to get yum in the container to behave as expected as the repositories were moved to "vault".

There are cleaner/better ways to do this - but it works for this demonstration.

mkdir /var/cache/yum/base/ \
&& mkdir /var/cache/yum/extras/ \
&& mkdir /var/cache/yum/updates/ \
&& mkdir /var/cache/yum/libselinux/ \
&& echo "http://vault.centos.org/5.11/os/x86_64/" > /var/cache/yum/base/mirrorlist.txt \
&& echo "http://vault.centos.org/5.11/extras/x86_64/" > /var/cache/yum/extras/mirrorlist.txt \
&& echo "http://vault.centos.org/5.11/updates/x86_64/" > /var/cache/yum/updates/mirrorlist.txt \
&& echo "http://vault.centos.org/5.11/centosplus/x86_64/" > /var/cache/yum/libselinux/mirrorlist.txt

Installing dependencies:

yum install -y gcc gcc44 zlib-devel python-setuptools readline-devel wget make perl

After some trial and error i discovered that openssl is necessary to even get pip to work properly (it requires openssl unless you want to use "--trusted-host").

To get python to compile correctly with openssl, compiling openssl with a specific flag was necessary (please note that openssl 1.0.xx was used as openssl 1.1.xx causes perl-dependencies on this legacy system).

openssl

cd /tmp
# download openssl - please check https://www.openssl.org/source/ for the latest 1.0.21 version.
wget https://www.openssl.org/source/openssl-1.0.2l.tar.gz
tar xzvpf openssl-1.0.2l.tar.gz
cd openssl-1.0.2l
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl
#modify Makefile to include -fPIC in CFLAGS # similar to export CFLAGS=-fPIC
sed -i.orig '/^CFLAG/s/$/ -fPIC/' Makefile
make && make test && make install

python

##python:
cd /tmp
MAJORVERS=3.6
VERSION=${MAJORVERS}.1

# https://superuser.com/questions/646455/how-to-fix-decimal-module-compilation-error-when-installing-python-3-3-2-in-cen
export CC=/usr/bin/gcc44


wget https://www.python.org/ftp/python/${VERSION}/Python-${VERSION}.tgz
tar xzvf Python-${VERSION}.tgz
cd Python-${VERSION}

To enable openssl in Modules/Setup.dist (based on this instruction)

Change the following section from this

#_socket socketmodule.c

# Socket module helper for SSL support; you must comment out the other
# socket line above, and possibly edit the SSL variable:
#SSL=/usr/local/ssl
#_ssl _ssl.c \
# -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
# -L$(SSL)/lib -lssl -lcrypto

to

# Socket module helper for socket(2)
_socket socketmodule.c

# Socket module helper for SSL support; you must comment out the other
# socket line above, and possibly edit the SSL variable:
#SSL=/usr/local/ssl
_ssl _ssl.c \
-DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
-L$(SSL)/lib -lssl -lcrypto
build and install as alternative version
./configure --prefix=/opt/python${MAJORVERS}
 make altinstall

# link the alternative binaries into a location in $PATH
ln -s /opt/python${MAJORVERS}/bin/python${MAJORVERS} /usr/local/bin/python${MAJORVERS}
ln -s /opt/python${MAJORVERS}/bin/pip${MAJORVERS} /usr/local/bin/pip${MAJORVERS}  

run your newly installed python:

/opt/python3.6/bin/python3.6

Try to import the ssl module - if this works then python with openssl is installed.

import ssl

This guide is far from perfect - but so is having to deal with Centos5 in 2017.
It installs python3.6 with openssl in Centos5.

Hope this helps someone passing by here.