search

1Password / onepassword-sdk-python

MIT License
20 stars 5 forks source link

library failing on Google Cloud Composer looking for openssl 3 #53

Open ManikandanUV opened 1 month ago

ManikandanUV commented 1 month ago

We have a python script that works well on local machine which has openssl3, but fails to run on google cloud composer because it is looking for openssl 3 where as composer only comes with openssl 1.1.

Since it's not straightforward/possible to install/upgrade os level packages on cloud composer, please look into this issue and allow use of openssl 1.1

[2024-06-03, 00:00:22 EDT] {process_utils.py:189} INFO -     from onepassword.client import Client
[2024-06-03, 00:00:22 EDT] {process_utils.py:189} INFO -   File "/opt/python3.8/lib/python3.8/site-packages/onepassword/__init__.py", line 1, in <module>
[2024-06-03, 00:00:22 EDT] {process_utils.py:189} INFO -     from .client import Client
[2024-06-03, 00:00:22 EDT] {process_utils.py:189} INFO -   File "/opt/python3.8/lib/python3.8/site-packages/onepassword/client.py", line 2, in <module>
[2024-06-03, 00:00:22 EDT] {process_utils.py:189} INFO -     from .core import _init_client, _release_client
[2024-06-03, 00:00:22 EDT] {process_utils.py:189} INFO -   File "/opt/python3.8/lib/python3.8/site-packages/onepassword/core.py", line 6, in <module>
[2024-06-03, 00:00:22 EDT] {process_utils.py:189} INFO -     import onepassword.lib.x86_64.op_uniffi_core as core
[2024-06-03, 00:00:22 EDT] {process_utils.py:189} INFO -   File "/opt/python3.8/lib/python3.8/site-packages/onepassword/lib/x86_64/op_uniffi_core.py", line 490, in <module>
[2024-06-03, 00:00:22 EDT] {process_utils.py:189} INFO -     _UniffiLib = _uniffi_load_indirect()
[2024-06-03, 00:00:22 EDT] {process_utils.py:189} INFO -   File "/opt/python3.8/lib/python3.8/site-packages/onepassword/lib/x86_64/op_uniffi_core.py", line 468, in _uniffi_load_indirect
[2024-06-03, 00:00:22 EDT] {process_utils.py:189} INFO -     lib = ctypes.cdll.LoadLibrary(path)
[2024-06-03, 00:00:22 EDT] {process_utils.py:189} INFO -   File "/opt/python3.8/lib/python3.8/ctypes/__init__.py", line 451, in LoadLibrary
[2024-06-03, 00:00:22 EDT] {process_utils.py:189} INFO -     return self._dlltype(name)
[2024-06-03, 00:00:22 EDT] {process_utils.py:189} INFO -   File "/opt/python3.8/lib/python3.8/ctypes/__init__.py", line 373, in __init__
[2024-06-03, 00:00:22 EDT] {process_utils.py:189} INFO -     self._handle = _dlopen(self._name, mode)
[2024-06-03, 00:00:22 EDT] {process_utils.py:189} INFO - OSError: libssl.so.3: cannot open shared object file: No such file or directory
[2024-06-03, 00:00:22 EDT] {taskinstance.py:1826} ERROR - Task failed with exception
ldelberg commented 1 month ago

same issue for an Microsoft DevContainer with pyhton3: mcr.microsoft.com/devcontainers/python:1-3.12-bullseye

openssl version -a OpenSSL 1.1.1w 11 Sep 2023 built on: Wed Sep 13 19:21:33 2023 UTC platform: debian-arm64 options: bn(64,64) rc4(char) des(int) blowfish(ptr) compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -ffile-prefix-map=/build/reproducible-path/openssl-1.1.1w=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2 OPENSSLDIR: "/usr/lib/ssl" ENGINESDIR: "/usr/lib/aarch64-linux-gnu/engines-1.1" Seeding source: os-specific

jedepels commented 1 month ago

Same issue here. And even trying to install openssl3 manually in the container that tries to run this package (bitbucket pipelines) does not resolve the error for me...

AndyTitu commented 1 month ago

Hey folks, thanks for flagging this. Indeed the issue seems to be that openssl has an older version on some systems (usually 1.1.1) while our SDK requires openssl 3. I found this guide on how to install openssl 3, which should be followed until step 5. It is aimed at Ubuntu users, but it works for Debian as well. Most commands worked for me as is, but some needed some slight modifications (for me libssl.so.3 was in /usr/local/ssl/bin)

ManikandanUV commented 1 month ago

Hey folks, thanks for flagging this. Indeed the issue seems to be that openssl has an older version on some systems (usually 1.1.1) while our SDK requires openssl 3. I found this guide on how to install openssl 3, which should be followed until step 5. It is aimed at Ubuntu users, but it works for Debian as well. Most commands worked for me as is, but some needed some slight modifications (for me libssl.so.3 was in /usr/local/ssl/bin)

The problem is that these services mentioned in the above comments are server less services, where you are not meant to have any control over the underlying OS. Even if you somehow manage to make changes, there is no guarantee that it would persist. We have already tried everything to upgrade the open SSL version on the Google Composer's underlying Ubuntu system. Is it not possible to add compatibility with openssl 1.1, especially considering these server less services?