Difference between revisions of "Python Altinstall"
(Add openssl-devel to the -devel dependencies table.) |
m (Highlight security implications of installing custom applications) |
||
Line 15: | Line 15: | ||
<nowiki>yum -y install gcc openssl-devel</nowiki> | <nowiki>yum -y install gcc openssl-devel</nowiki> | ||
+ | ===Important Server Security and Administration Implications=== | ||
Installing gcc takes you off of the contribs.org reservation -- you <b>will</b> need to pay more attention to your server security than you would with a less customized configuration. | Installing gcc takes you off of the contribs.org reservation -- you <b>will</b> need to pay more attention to your server security than you would with a less customized configuration. | ||
* Having gcc installed at all is considered a security weakness, in the sense that some attacks on your system are not possible if gcc is not installed, so with it installed there are are more possible ways that you might be attacked (I read about this in the 1990s, and have never heard that it is no longer true). | * Having gcc installed at all is considered a security weakness, in the sense that some attacks on your system are not possible if gcc is not installed, so with it installed there are are more possible ways that you might be attacked (I read about this in the 1990s, and have never heard that it is no longer true). |
Revision as of 13:44, 22 August 2015
Some programs like NodeJS, Seafile, etc require an updated version of python. However, updating python can cause problems with yum and break other critical SME server components.
Python includes an 'altinstall' option to support multiple versions of python on one computer.
The commands below have been tested for altinstalling python 2.7.8 and 3.4.1 on a SME 9.0 server. The same commands should work on SME 8.
Prerequisites
gcc is required in order to compile python from source. openssl-devel is required so that your locally compiled python will support ssl connections.
This command will install gcc and openssl-devel
yum -y install gcc openssl-devel
Important Server Security and Administration Implications
Installing gcc takes you off of the contribs.org reservation -- you will need to pay more attention to your server security than you would with a less customized configuration.
- Having gcc installed at all is considered a security weakness, in the sense that some attacks on your system are not possible if gcc is not installed, so with it installed there are are more possible ways that you might be attacked (I read about this in the 1990s, and have never heard that it is no longer true).
- Having an uncommon server configuration means that bugs or vulnerabilities in your configuration must be detected by you personally - there won't be a community of other users keeping an eye on your server's exact config, as there is with a more standard SME server config.
- You will need to personally monitor the development and security status of any custom packages or webapps that you install
- Finally, if you compile and install a package from source that is included with SME then your server may have problems when you install regular SME updates.
Install
Find the latest version
- The python downloads page will show you the latest version available: https://www.python.org/downloads/
- This command will show list all available versions:
curl -s https://www.python.org/ftp/python/ |awk -F"[>/]" '$3 ~ "^[0-9].*" {print $3}'
- This command will show all available versions of python 2.7:
curl -s https://www.python.org/ftp/python/ |awk -F"[>/]" '$3 ~ "^2\.7.*" {print $3}'
- This command will set the RELEASE env var to the latest 2.7 version available:
RELEASE=$(curl -s https://www.python.org/ftp/python/ |awk -F"[>/]" ' />2.7/ {VER=$3} END {print VER}')
- This command lets you set RELEASE manually:
echo -n "Enter the version to be installed (eg \"2.7.8\"): "; read RELEASE
Download Compile and AltInstall
Once you have set the RELEASE environment variable, the commands below will download, configure, make, and altinstall your selected version.
mkdir -p ~/addons/python cd ~/addons/python if [ -z $RELEASE]; then echo "You must supply a value for RELEASE before running this command"; else \ wget -N http://www.python.org/ftp/python/$RELEASE/Python-$RELEASE.tgz --no-check-certificate; \ tar zxvf Python-$RELEASE.tgz; \ cd Python-$RELEASE; \ ./configure; make; make altinstall; \ fi
Verification
Verify that python 2.7 installed correctly (your input shown in blue):
# python2.7 -V
Python 2.7.8
Verify that ssl is supported (your input is shown in blue):
python2.7 Python 2.7.8 (default, Aug 23 2014, 11:03:41) [GCC 4.4.7 20120313 (Red Hat 4.4.7-4)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import socket >>> socket.ssl <function ssl at 0x7fed5502ca28> >>> quit()
The return of any non-error for socket.ssl indicates that ssl is installed and working correctly.
Python Addon Package Managers
The two major python package managers are easy_install and pip.
easy_install supports some packages not supported by pip, but does not provide a mechanism to list installed packages or update all install packages. pip can be used to list installed packages. Installing both of these allows you to install packages using easy_install, then update all packages at once using pip to create a list of the installed packages that easy_install can then update.
easy_install (Python SetupTools)
Unfortunately the version of wget included with Centos 5 & 6 (and therefore SME 8 and 9) does not support SubjectAltName, so the Python Setup Tools installation instructions won't work.
In order to install Python Setup Tools, you need to add "--no-check-certificate" to the command in easy_setup.py that downloads the setuptools zip file.
This command will download the installer, modify it on the fly to correct the invocation of 'wget' to download the setup tools, then install the tools (modified from https://pypi.python.org/pypi/setuptools#unix-wget):
mkdir -p ~/addons/python/tools & cd ~/addons/python/tools wget --no-check-certificate -N --quiet https://bootstrap.pypa.io/ez_setup.py sed s/\'--output-document\'/\'--no-check-certificate\',\ \'--output-document\'/ ez_setup.py |python2.7
pip (PyPI Python Package Index)
Install pip:
mkdir -p ~/addons/python/tools & cd ~/addons/python/tools wget -N --quiet https://bootstrap.pypa.io/get-pip.py --no-check-certificate python2.7 get-pip.py
Python Packages
Some packages and addons can be installed using one of the python package managers. Other capabilities are included in python, but will not be present in your custom python executable unless you have installed the corresponding "-devel" packages prior to compiling python.
Package | easy_install | pip | 3.x Support | notes |
---|---|---|---|---|
simplejson | easy_install simplejson | pip install simplejson pip3.4 install simplejson |
Yes | requires gcc |
Django (latest) | easy_install django | pip install django pip3.4 install django |
Yes | Installs dependency django-pipeline |
Django (v1.5) | easy_install django==1.5 | pip install django==1.5 pip3.4 install django==1.5 |
Yes | |
djblets | easy_install djblets | -unsupported- | No | Installs dependencies Pillow, pillowfight, feedparser, and pytz |
mercurial | easy_install mercurial | pip install mercurial | No | requires gcc
requires zlib |
gunicorn | easy_install gunicorn | pip install gunicorn pip3.4 install gunicorn |
Yes | |
chardet | easy_install chardet | pip install chardet pip3.4 install chardet |
Yes | |
PIL | easy_install PIL | -unsupported- | No |
Package | yum install command | notes |
---|---|---|
sqlite3 | yum -y install sqlite-devel | |
readline | yum -y install readline-devel | installs dependency ncurses-devel |
bzip2 | yum -y install bzip2-devel | |
tk | yum -y install tk-devel | dependencies:
xorg-x11-proto-devel, fontconfig, libXrender, libXft, 1:tcl, freetype-devel, fontconfig-devel, |
zlib | yum -y install zlib-devel | dependencies:
fontconfig-devel, freetype-devel, libXft-devel, openssl-devel, tk-devel |
openssl | yum -y install openssl-devel | Note:
openssl-devel must be installed from the smeupdates repo. |
IMPORTANT: After installing any of the -devel packages listed above, you need to reconfigure, recompile, and reinstall your binaries using:
RELEASE=$(curl -s https://www.python.org/ftp/python/ |awk -F"[>/]" ' />2.7/ {VER=$3} END {print VER}') cd ~/addons/python/Python-$RELEASE ./configure && make && make altinstall
Updates
Python can be updated within the same major version using the same commands that were used to install it - that is, 2.7.7 can be updated to 2.7.8 using the same commands you used to install 2.7.7 originally. The new 2.7.8 binaries will overwrite the 2.7.7 binaries during 'make altinstall'.
A different major or minor version will 'altinstall' *beside* your existing python version(s) -- that is, if you had python2.6 installed or altinstalled, altinstalling python2.7 does not remove python2.6 -- you will end up with both versions installed.
Some python addons are compiled into the python binary -- updates to those addons requires that you update the addon and recompile python.
These commands will download the latest python sources and update all installed packages:
mkdir -p ~/addons/python cd ~/addons/python RELEASE=$(curl -s https://www.python.org/ftp/python/ |awk -F"[>/]" ' />2.7/ {VER=$3} END {print VER}') wget http://www.python.org/ftp/python/$RELEASE/Python-$RELEASE.tgz --no-check-certificate tar zxvf Python-$RELEASE.tgz cd Python-$RELEASE ./configure && make && make altinstall
All-in-One Install & Update
If you don't want to read through all the details above, these commands will install a usable version of Python 2.7 without disrupting your existing python.
Python 2.7
Install Everything
yum -y install gcc openssl-devel sqlite-devel readline-devel bzip2-devel tk-devel zlib-devel mkdir -p ~/addons/python cd ~/addons/python RELEASE=$(curl -s https://www.python.org/ftp/python/ |awk -F"[>/]" ' />2.7/ {VER=$3} END {print VER}') wget http://www.python.org/ftp/python/$RELEASE/Python-$RELEASE.tgz --no-check-certificate tar zxvf Python-$RELEASE.tgz cd Python-$RELEASE ./configure && make && make altinstall
When python is done compiling, install the package managers
mkdir -p ~/addons/python/tools & cd ~/addons/python/tools wget --no-check-certificate -N --quiet https://bootstrap.pypa.io/ez_setup.py sed s/\'--output-document\'/\'--no-check-certificate\',\ \'--output-document\'/ ez_setup.py |python2.7 wget -N --quiet https://bootstrap.pypa.io/get-pip.py --no-check-certificate python2.7 get-pip.py
Finally, let's install some packages:
easy_install simplejson django djblets mercurial gunicorn chardet PIL
Update Python and All Installed Packages
mkdir -p ~/addons/python cd ~/addons/python RELEASE=$(curl -s https://www.python.org/ftp/python/ |awk -F"[>/]" ' />2.7/ {VER=$3} END {print VER}') wget http://www.python.org/ftp/python/$RELEASE/Python-$RELEASE.tgz --no-check-certificate tar zxvf Python-$RELEASE.tgz cd Python-$RELEASE PACKAGES=$(pip freeze --local | grep -v '^\-e'| cut -d = -f 1) easy_install -U $PACKAGES ./configure && make && make altinstall
Python 3.4
Install Everything
yum -y install gcc openssl-devel sqlite-devel readline-devel bzip2-devel tk-devel zlib-devel mkdir -p ~/addons/python cd ~/addons/python RELEASE=$(curl -s https://www.python.org/ftp/python/ |awk -F"[>/]" ' />3.4/ {VER=$3} END {print VER}') wget http://www.python.org/ftp/python/$RELEASE/Python-$RELEASE.tgz --no-check-certificate tar zxvf Python-$RELEASE.tgz cd Python-$RELEASE ./configure && make && make altinstall
When python is done compiling, install the package managers
mkdir -p ~/addons/python/tools && cd ~/addons/python/tools wget --no-check-certificate -N --quiet https://bootstrap.pypa.io/ez_setup.py sed s/\'--output-document\'/\'--no-check-certificate\',\ \'--output-document\'/ ez_setup.py |python3.4 cd ~/addons/python/tools wget -N --quiet https://bootstrap.pypa.io/get-pip.py --no-check-certificate python3.4 get-pip.py
Finally, let's install some packages:
easy_install simplejson django gunicorn chardet
Update Python and All Installed Packages
mkdir -p ~/addons/python cd ~/addons/python RELEASE=$(curl -s https://www.python.org/ftp/python/ |awk -F"[>/]" ' />3.4/ {VER=$3} END {print VER}') wget http://www.python.org/ftp/python/$RELEASE/Python-$RELEASE.tgz --no-check-certificate tar zxvf Python-$RELEASE.tgz cd Python-$RELEASE PACKAGES=$(pip3.4 freeze --local | grep -v '^\-e'| cut -d = -f 1) easy_install -U $PACKAGES ./configure && make && make altinstall