AWS lambda deployment Errors while importing cryptography.

[coolgreenhat]

• Versions of Python, cryptography, cffi, pip, and setuptools you're using

cryptography == 42.0.8 cffi == 1.16.0 pip version 24.1.2 setuptools == 71.1.0

• How you installed cryptography We have tried installing cryptography in few different ways.

  1. From dependency file using pip install -r requirement.txt
  2. Building Cryptography as suggested in documentation
  3. Creating a lambda layer
  4. Using different wheel as suggested in AWS documentation as follows:

     python3.11 -m pip install \
     --platform manylinux2014_x86_64 \
     --implementation cp \
     --only-binary=:all: --upgrade \
     --target /var/task \
     cryptography==42.0.8 --no-cache

• Clear steps for reproducing your bug

  1. Build a Docker Image using Amazon Linux 2023 using following Dockerfile

     
     FROM amazonlinux:2023.4.20240611.0

RUN dnf -y update && dnf -y upgrade RUN dnf -y install python311 python3.11-devel aws-cli jq libffi-devel openssl-devel RUN curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py RUN python3.11 get-pip.py RUN curl -sL https://rpm.nodesource.com/setup_18.x | bash - RUN dnf -y install nodejs RUN npm install -g serverless@3.38.0 COPY requirements.txt . RUN pip3.11 install -r requirements.txt

_requirement.txt_ initially didn't had any pinned version of cryptography as it was directly being resolved. but later we tried with pinning exact version.

2. Deploy Lambda Service with .gitlab-ci.yml using above created docker image.

Above steps resulted in following error:

> Runtime.ImportModuleError: Unable to import module 'handler': /lib64/libc.so.6: version `GLIBC_2.28' not found (required by /var/task/cryptography/hazmat/bindings/_rust.abi3.so)

After trying different versions (>41.0.0) of cryptography and using different methods of installation as mentioned above the error still persisted. But then one of the comments in another issue suggested using version 37.0.4 which resulted in resolving this error. But it resulted in next Error as follows:

> /var/lang/bin/python3.11: Relink `/var/task/cryptography/hazmat/bindings/_rust.abi3.so' with `/lib64/librt.so.1' for IFUNC symbol `clock_gettime'

Keeping version 37.0.4 then we tried different installation methods mentioned above but same error persisted. 

Changing `RUN pip3.11 install -r requirements.txt` to `RUN pip3.11 install -r requirements.txt --target /var/task` so dependencies are installed in correct place also didn't helped Neither using different wheel as suggested in AWS documentation.

Due to these issues our deployments are affected. Any help in resolving these is deeply appreciated. Thank You.

[reaperhulk]

The manylinux2014 wheel contains only glibc symbols for 2.17. The error likely means that you are somehow installing the manylinux_2_28 wheel and loading that instead of the one you want. We can't help with deployment issues like this, but generally we'd suggest trying to minimize the issue. For instance, can you create a lambda invocation using cryptography where all it does it load successfully without any custom installation paths, etc?

[github-actions[bot]]

This issue has been waiting for a reporter response for 3 days. It will be auto-closed if no activity occurs in the next 5 days.

[github-actions[bot]]

This issue has not received a reporter response and has been auto-closed. If the issue is still relevant please leave a comment and we can reopen it.