Open SebastianHuettersen opened 10 months ago
Hi, did you do any other step beside changing the regex ? I've tried on my venv and I still get the error
@4SH-gaupee You should be able to install the fixed oscrypto
version inside the virtual environment with:
$ pip install "oscrypto @ git+https://github.com/wbond/oscrypto.git@1547f535001ba568b239b8797465536759c742a3"
For this to be permanently fixed we have to wait for a release of: https://pypi.org/project/oscrypto/ (hopefully 1.3.1) also requested it here: https://github.com/wbond/oscrypto/issues/78. The dependency that is using it is spsdk
(yay!) which pins it to <1.4
so lets hope for a 1.3.1 otherwise I don't see how we could solve that
@robin-nitrokey Thank you so much. It works for me whin run the command! (oscrypto)
As a workaround it is possible to run the app or nitropy (which is the cli-basis for the app) on older distros in distrobox. I tried it with Debian 11 All I had to do was to install pip Install pynitrokey via pip Download an move the udev-rules to /lib/udev/rules.d/
sudo apt install pip
pip install pynitrokey
wget https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey.rules
sudo mv 41-nitrokey.rules /lib/udev/rules.d/
And restart the container
Would it be possible to apply a similar workaround to the released binaries as was applied to the pypy package (that can be installed with pipx
)? This is relevant in connection with #495.
AFAIK there is no workaround for the pypi package. You have to manually apply the fix described above. To fix the problem both for the pypi package and the binary we would have to fork and release oscrypto
. I’d rather avoid that, but maybe we have to consider that option if there is no upstream release.
just for the sake of documentation, the issue should be solvable for a pipx
installation like that:
pipx inject --pip-args="--upgrade --force" pynitrokey "oscrypto @ git+https://github.com/wbond/oscrypto.git@1547f535001ba568b239b8797465536759c742a3"
Currently, pynitrokey does not work if the system uses an openssl version where a version part consists of more than one number, such as openssl 3.0.10 used by Debian 13 Trixie.
In this case pynitrokey aborts with the following error:
The error is in the used library oscrypto where the regex to extract the version string has a fuzziness. An issue has already been raised here, but a new release that fixes this problem is still missing at the moment:
Workaround: Modify the regex in the file oscrypto/_openssl/_libcrypto_cffi.py:41 from
to