search

piwheels / packages

Issue tracker for piwheels package issues
https://github.com/piwheels/packages/issues
20 stars 5 forks source link

Problem with package: cryptography 43.0.0 cp39 / depends on openssl 3 #462

Closed AttilaGombosER closed 3 months ago

AttilaGombosER commented 3 months ago

Package name

cryptography

Package version

43.0.0

PyPI URL

https://pypi.org/project/cryptography/

piwheels URL

https://www.piwheels.org/project/cryptography/

Python version

I am aware this is the issue tracker for a Python package index specifically for Raspberry Pi

I have checked for duplicate issues

I am the maintainer

More information

Original issue opened at https://github.com/pyca/cryptography/issues/11370:

43.0.0 breaks cryptography on Debian 11 Bullseye (ImportError: libssl.so.3)

Description

In version 43.0.0 cryptography is dependent on openssl 3.x instead of openssl 1.x on a Debian 11 system. As Debian 11 does not support openssl 3.x, relying on libssl.so.3 instead of libssl.so.1.1 results in an import error:

ImportError: libssl.so.3: cannot open shared object file: No such file or directory

Reproduction

$ python3
Python 3.9.2 (default, Mar 12 2021, 04:06:34)
[GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurve
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/admin/.local/lib/python3.9/site-packages/cryptography/hazmat/primitives/asymmetric/ec.py", line 11, in <module>
    from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
  File "/home/admin/.local/lib/python3.9/site-packages/cryptography/exceptions.py", line 9, in <module>
    from cryptography.hazmat.bindings._rust import exceptions as rust_exceptions
ImportError: libssl.so.3: cannot open shared object file: No such file or directory

Workaround

Pinning down cryptography to a pre-43.0.0 version solves the issue.

$ pip3 install --force-reinstall -v cryptography==42.0.8
...
  Attempting uninstall: cryptography
    Found existing installation: cryptography 43.0.0
    Uninstalling cryptography-43.0.0:
      Created temporary directory: /home/admin/.local/lib/python3.9/site-packages/~ryptography-43.0.0.dist-info
      Removing file or directory /home/admin/.local/lib/python3.9/site-packages/cryptography-43.0.0.dist-info/
      Created temporary directory: /home/admin/.local/lib/python3.9/site-packages/~ryptography
      Removing file or directory /home/admin/.local/lib/python3.9/site-packages/cryptography/
      Successfully uninstalled cryptography-43.0.0

Successfully installed cffi-1.16.0 cryptography-42.0.8 pycparser-2.22
Removed build tracker: '/tmp/pip-req-tracker-aegkwlv6'
$ python3
Python 3.9.2 (default, Mar 12 2021, 04:06:34)
[GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurve
>>>

System details

$ uname -a
Linux ******** 6.1.21-v7+ #1642 SMP Mon Apr  3 17:20:52 BST 2023 armv7l GNU/Linux

$ lsb_release -a
Distributor ID: Raspbian
Description:    Raspbian GNU/Linux 11 (bullseye)
Release:        11
Codename:       bullseye

Installation

$ pip3 install cryptography
Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple
Collecting cryptography
  Downloading https://www.piwheels.org/simple/cryptography/cryptography-43.0.0-cp37-abi3-linux_armv7l.whl (1.5 MB)
     |████████████████████████████████| 1.5 MB 290 kB/s
Collecting cffi>=1.12
  Downloading https://www.piwheels.org/simple/cffi/cffi-1.16.0-cp39-cp39-linux_armv7l.whl (367 kB)
     |████████████████████████████████| 367 kB 1.0 MB/s
Collecting pycparser
  Downloading https://www.piwheels.org/simple/pycparser/pycparser-2.22-py3-none-any.whl (117 kB)
     |████████████████████████████████| 117 kB 2.3 MB/s
Installing collected packages: pycparser, cffi, cryptography
Successfully installed cffi-1.16.0 cryptography-43.0.0 pycparser-2.22

Package versions

$ python3 --version
Python 3.9.2

$ pip3 --version
pip 20.3.4 from /usr/lib/python3/dist-packages/pip (python 3.9)

$ pip3 show setuptools
Name: setuptools
Version: 52.0.0

$ pip3 show cryptography
Name: cryptography
Version: 43.0.0

$ pip3 show cffi
Name: cffi
Version: 1.16.0
bennuttall commented 3 months ago

I've built and imported a statically linked version. Can you verify that fixes it?

AttilaGombosER commented 3 months ago

Verified with a fresh install, the issue is gone now:

$ pip3 show cryptography
Name: cryptography
Version: 43.0.0
Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Home-page: None
Author: The cryptography developers <cryptography-dev@python.org>
Author-email: The Python Cryptographic Authority and individual contributors <cryptography-dev@python.org>
License: Apache-2.0 OR BSD-3-Clause
Location: /home/admin/.local/lib/python3.9/site-packages
Requires: cffi
Required-by:
$ python3
Python 3.9.2 (default, Mar 12 2021, 04:06:34)
[GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurve
>>>

Thanks!

arthur-proglove commented 3 months ago

This does not work anymore for me on Python 3.11 bookworm with OpenSSL 3.0 :-D The piwheels JSON reports that the abi is 311 but the filename is somehow 37

      "files": {
        "cryptography-43.0.0-cp37-abi3-linux_armv6l.whl": {
          "filehash": "753936c34638683658391e76bb2e61428cbaf0868667144eed942b826f6663cf",
          "filesize": 1535029,
          "builder_abi": "cp311",
          "file_abi_tag": "abi3",
          "platform": "linux_armv6l",
          "requires_python": ">=3.7",
          "apt_dependencies": []
        },
        "cryptography-43.0.0-cp37-abi3-linux_armv7l.whl": {
          "filehash": "753936c34638683658391e76bb2e61428cbaf0868667144eed942b826f6663cf",
          "filesize": 1535029,
          "builder_abi": "cp311",
          "file_abi_tag": "abi3",
          "platform": "linux_armv7l",
          "requires_python": ">=3.7",
          "apt_dependencies": []
        }
      }
from cryptography.exceptions import InvalidSignature
 File "cryptography/exceptions.py", line 9, in <module>
 from cryptography.hazmat.bindings._rust import exceptions as rust_exceptions
ImportError: libssl.so.1.1: cannot open shared object file: No such file or directory
bennuttall commented 3 months ago

Sorry I've had to remove the wheel as it didn't in fact build with openssl statically linked.

bennuttall commented 3 months ago

I've temporarily moved the wheel to https://www.piwheels.org/cp39/cryptography-43.0.0-cp37-abi3-linux_armv7l.whl so you can download and install directly from there