Closed fabianwenk closed 3 years ago
I just tried to play around with adding a different version into requirements.txt. Without defining it, the used version of cryptography was 2.6.1. I did try with up to cryptography==3.2.1 which could be built, starting at 3.3 and above the build failed. During build with 3.2.1 (and lower as well) I got this errors:
ERROR: pip's legacy dependency resolver does not consider dependency conflicts when selecting packages. This behaviour is the source of the following dependency conflicts.
tokenserver 1.5.11 requires cornice==3.5.1, but you'll have cornice 0.16.2 which is incompatible.
tokenserver 1.5.11 requires cryptography==2.6.1, but you'll have cryptography 3.2.1 which is incompatible.
tokenserver 1.5.11 requires greenlet==0.4.13, but you'll have greenlet 0.4.14 which is incompatible.
But after restarting apache, I still have the same errors as mention above.
Through many steps I figured it out. Python2.7 was built with OpenSSL 1.1.1 (out of FreeBSD Ports, /usr/local/) and cryptography was built with OpenSSL 1.0.2 (out of FreeBSD Base, /usr/), but aead needs OpenSSL 1.1.1.
In the end the following steps solved it for me:
find ~/.cache/pip/ -name \*cryptography\* -delete
source /path/to/syncserver/local/bin/activate
pip uninstall cryptography
CFLAGS=-I/usr/local/include/ LDFLAGS=-L/usr/local/lib pip install cryptography==2.6.1
deactivate
apachectl graceful
This solved the problem described here, but then I had some other errors related to the database. I may have missed some update steps, but I had to add the following two columns to the users table:
ALTER Table users ADD keys_changed_at bigint(20) DEFAULT NULL AFTER replaced_at;
ALTER Table users ADD node varchar(255) DEFAULT NULL AFTER keys_changed_at;
I did just a fresh install, as I was still running 1.6.0, and it started to fail with the upgrade to FF88. I also did manually apply #279, but now I get the below error. System is running in a virtualenv on FreeBSD 11.4 with wsgi and Apache 2.4. The installation of OpenSSL 1.1.1 does not have the SSLv3 protocol or RC4 cipher available any more,
Any idea what I could try to tweak?