Describe the bugcredstash get returns an missing lib error.
To Reproduce
Steps to reproduce the behavior:
Run docker run --rm mozillasecurity/credstash:latest get keys
See error
Traceback (most recent call last):
File "/usr/lib/python3.6/runpy.py", line 193, in _run_module_as_main
"__main__", mod_spec)
File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
exec(code, run_globals)
File "/usr/lib/python3.6/site-packages/credstash.py", line 935, in <module>
main()
File "/usr/lib/python3.6/site-packages/credstash.py", line 922, in main
getSecretAction(args, region, **session_params)
File "/usr/lib/python3.6/site-packages/credstash.py", line 246, in func_wrapper
return func(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/credstash.py", line 453, in getSecretAction
**session_params))
File "/usr/lib/python3.6/site-packages/credstash.py", line 501, in getSecret
return open_aes_ctr_legacy(key_service, material)
File "/usr/lib/python3.6/site-packages/credstash.py", line 603, in open_aes_ctr_legacy
return _open_aes_ctr(key, LEGACY_NONCE, ciphertext, hmac, digest_method).decode("utf-8")
File "/usr/lib/python3.6/site-packages/credstash.py", line 627, in _open_aes_ctr
hmac = _get_hmac(hmac_key, ciphertext, digest_method)
File "/usr/lib/python3.6/site-packages/credstash.py", line 656, in _get_hmac
backend=default_backend()
File "/usr/lib/python3.6/site-packages/cryptography/hazmat/backends/__init__.py", line 15, in default_backend
from cryptography.hazmat.backends.openssl.backend import backend
File "/usr/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/__init__.py", line 7, in <module>
from cryptography.hazmat.backends.openssl.backend import backend
File "/usr/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 71, in <module>
from cryptography.hazmat.bindings.openssl import binding
File "/usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 15, in <module>
from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: Error loading shared library libssl.so.45: No such file or directory (needed by /usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so)
Expected behavior
credstash get should work. I have rebuilt the image locally (no changes) and it works as expected.
Logs
The credstash image digest is: sha256:7a2b225221e60504dd543ba502aaefcd82c35c1e2677eb453adbd0d3cae72523
I don't see anything out of the ordinary in the corresponding travis log.
Desktop (please complete the following information):
reproduced both in AWS CoreOS using IAM role auth, and locally Ubuntu 16.04 using .aws credentials folder mounted. Same behavior.
Additional context
Add any other context about the problem here.
Btw, I'm not sure why I originally could build the image locally and it seemed to work (re: my comment in "Expected behavior" above). Today when I tried, my local build had the same problem.
Describe the bug
credstash get
returns an missing lib error.To Reproduce Steps to reproduce the behavior:
docker run --rm mozillasecurity/credstash:latest get keys
Expected behavior credstash get should work. I have rebuilt the image locally (no changes) and it works as expected.
Logs The credstash image digest is: sha256:7a2b225221e60504dd543ba502aaefcd82c35c1e2677eb453adbd0d3cae72523 I don't see anything out of the ordinary in the corresponding travis log.
Desktop (please complete the following information):
.aws
credentials folder mounted. Same behavior.Additional context Add any other context about the problem here.