MozillaSecurity / orion

CI/CD pipeline for building and publishing multiple 🐳 containers as microservices within a mono repository.
Mozilla Public License 2.0
47 stars 14 forks source link

`credstash get` broken in Travis CI build: `Error loading shared library libssl.so.45` #33

Closed jschwartzentruber closed 5 years ago

jschwartzentruber commented 5 years ago

Describe the bug credstash get returns an missing lib error.

To Reproduce Steps to reproduce the behavior:

  1. Run docker run --rm mozillasecurity/credstash:latest get keys
  2. See error
    Traceback (most recent call last):
    File "/usr/lib/python3.6/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
    File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
    File "/usr/lib/python3.6/site-packages/credstash.py", line 935, in <module>
    main()
    File "/usr/lib/python3.6/site-packages/credstash.py", line 922, in main
    getSecretAction(args, region, **session_params)
    File "/usr/lib/python3.6/site-packages/credstash.py", line 246, in func_wrapper
    return func(*args, **kwargs)
    File "/usr/lib/python3.6/site-packages/credstash.py", line 453, in getSecretAction
    **session_params))
    File "/usr/lib/python3.6/site-packages/credstash.py", line 501, in getSecret
    return open_aes_ctr_legacy(key_service, material)
    File "/usr/lib/python3.6/site-packages/credstash.py", line 603, in open_aes_ctr_legacy
    return _open_aes_ctr(key, LEGACY_NONCE, ciphertext, hmac, digest_method).decode("utf-8")
    File "/usr/lib/python3.6/site-packages/credstash.py", line 627, in _open_aes_ctr
    hmac = _get_hmac(hmac_key, ciphertext, digest_method)
    File "/usr/lib/python3.6/site-packages/credstash.py", line 656, in _get_hmac
    backend=default_backend()
    File "/usr/lib/python3.6/site-packages/cryptography/hazmat/backends/__init__.py", line 15, in default_backend
    from cryptography.hazmat.backends.openssl.backend import backend
    File "/usr/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/__init__.py", line 7, in <module>
    from cryptography.hazmat.backends.openssl.backend import backend
    File "/usr/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 71, in <module>
    from cryptography.hazmat.bindings.openssl import binding
    File "/usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 15, in <module>
    from cryptography.hazmat.bindings._openssl import ffi, lib
    ImportError: Error loading shared library libssl.so.45: No such file or directory (needed by /usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so)

Expected behavior credstash get should work. I have rebuilt the image locally (no changes) and it works as expected.

Logs The credstash image digest is: sha256:7a2b225221e60504dd543ba502aaefcd82c35c1e2677eb453adbd0d3cae72523 I don't see anything out of the ordinary in the corresponding travis log.

Desktop (please complete the following information):

Additional context Add any other context about the problem here.

jschwartzentruber commented 5 years ago

Btw, I'm not sure why I originally could build the image locally and it seemed to work (re: my comment in "Expected behavior" above). Today when I tried, my local build had the same problem.