ImportError: cannot import name aead

[fabianwenk]

I did just a fresh install, as I was still running 1.6.0, and it started to fail with the upgrade to FF88. I also did manually apply #279, but now I get the below error. System is running in a virtualenv on FreeBSD 11.4 with wsgi and Apache 2.4. The installation of OpenSSL 1.1.1 does not have the SSLv3 protocol or RC4 cipher available any more,

Any idea what I could try to tweak?

mod_wsgi (pid=84020): Failed to exec Python script file '/opt/mozilla/syncserver/ffsync-example-com.wsgi'.
mod_wsgi (pid=84020): Exception occurred processing WSGI script '/opt/mozilla/syncserver/ffsync-example-com.wsgi'.
Traceback (most recent call last):
  File "/opt/mozilla/syncserver/ffsync-example-com.wsgi", line 43, in <module>
    application = loadapp('config:%s'% ini_file)
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 253, in loadapp
    return loadobj(APP, uri, name=name, **kw)
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 278, in loadobj
    return context.create()
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 715, in create
    return self.object_type.invoke(self)
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 152, in invoke
    return fix_call(context.object, context.global_conf, **context.local_conf)
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/paste/deploy/util.py", line 55, in fix_call
    val = callable(*args, **kw)
  File "/opt/mozilla/syncserver/syncserver/__init__.py", line 281, in main
    config = get_configurator(global_config, **settings)
  File "/opt/mozilla/syncserver/syncserver/__init__.py", line 273, in get_configurator
    config.include(includeme)
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/pyramid/config/__init__.py", line 676, in include
    c(configurator)
  File "/opt/mozilla/syncserver/syncserver/__init__.py", line 159, in includeme
    config.include("tokenserver", route_prefix="/token")
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/pyramid/config/__init__.py", line 676, in include
    c(configurator)
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/tokenserver/__init__.py", line 31, in includeme
    config.scan("tokenserver.views")
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/pyramid/config/__init__.py", line 871, in scan
    package = self.maybe_dotted(package)
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/pyramid/config/__init__.py", line 749, in maybe_dotted
    return self.name_resolver.maybe_resolve(dotted)
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/pyramid/path.py", line 335, in maybe_resolve
    return self._resolve(dotted, package)
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/pyramid/path.py", line 342, in _resolve
    return self._zope_dottedname_style(dotted, package)
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/pyramid/path.py", line 397, in _zope_dottedname_style
    __import__(used)
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/tokenserver/views.py", line 16, in <module>
    from tokenserver.verifiers import (
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/tokenserver/verifiers.py", line 18, in <module>
    import fxa.oauth
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/fxa/oauth.py", line 16, in <module>
    from fxa._utils import APIClient, scope_matches, get_hmac
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/fxa/_utils.py", line 35, in <module>
    import fxa.crypto
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/fxa/crypto.py", line 10, in <module>
    from cryptography.hazmat.backends.openssl import backend
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/__init__.py", line 7, in <module>
    from cryptography.hazmat.backends.openssl.backend import backend
  File "/opt/mozilla/syncserver/local/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 25, in <module>
    from cryptography.hazmat.backends.openssl import aead
ImportError: cannot import name aead

[fabianwenk]

I just tried to play around with adding a different version into requirements.txt. Without defining it, the used version of cryptography was 2.6.1. I did try with up to cryptography==3.2.1 which could be built, starting at 3.3 and above the build failed. During build with 3.2.1 (and lower as well) I got this errors:

ERROR: pip's legacy dependency resolver does not consider dependency conflicts when selecting packages. This behaviour is the source of the following dependency conflicts.
tokenserver 1.5.11 requires cornice==3.5.1, but you'll have cornice 0.16.2 which is incompatible.
tokenserver 1.5.11 requires cryptography==2.6.1, but you'll have cryptography 3.2.1 which is incompatible.
tokenserver 1.5.11 requires greenlet==0.4.13, but you'll have greenlet 0.4.14 which is incompatible.

But after restarting apache, I still have the same errors as mention above.

[fabianwenk]

Through many steps I figured it out. Python2.7 was built with OpenSSL 1.1.1 (out of FreeBSD Ports, /usr/local/) and cryptography was built with OpenSSL 1.0.2 (out of FreeBSD Base, /usr/), but aead needs OpenSSL 1.1.1.

In the end the following steps solved it for me: find ~/.cache/pip/ -name \*cryptography\* -delete source /path/to/syncserver/local/bin/activate pip uninstall cryptography CFLAGS=-I/usr/local/include/ LDFLAGS=-L/usr/local/lib pip install cryptography==2.6.1 deactivate apachectl graceful

This solved the problem described here, but then I had some other errors related to the database. I may have missed some update steps, but I had to add the following two columns to the users table: ALTER Table users ADD keys_changed_at bigint(20) DEFAULT NULL AFTER replaced_at; ALTER Table users ADD node varchar(255) DEFAULT NULL AFTER keys_changed_at;