search

pyca / cryptography

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
https://cryptography.io
Other
6.67k stars 1.53k forks source link

ImportError: /var/task/cryptography/hazmat/bindings/_constant_time.so: invalid ELF header #3051

Closed ShaneC-C-Y closed 8 years ago

ShaneC-C-Y commented 8 years ago

Hi,

I have a problem in cryptography. I followed the steps in this tutorial (https://aws.amazon.com/blogs/compute/scheduling-ssh-jobs-using-aws-lambda/) I have installed pycrypto successfully. The code is like that:

import boto3
import paramiko
def worker_handler(event, context):

    s3_client = boto3.client('s3')
    #Download private key file from secure S3 bucket
    s3_client.download_file('s3-bucket-with-key','keys/devenv-key.pem', '/tmp/devenv-key.pem')

    k = paramiko.RSAKey.from_private_key_file("/tmp/devenv-key.pem")
...

And this is the error message:

/var/task/cryptography/hazmat/bindings/_constant_time.so: invalid ELF header: ImportError Traceback (most recent call last): File "/var/task/worker_function.py", line 9, in worker_handler 
k = paramiko.RSAKey.from_private_key_file("/tmp/devenv-key.pem") 
File "/var/task/paramiko/pkey.py", line 196, in from_private_key_file key = cls(filename=filename, password=password) 
File "/var/task/paramiko/rsakey.py", line 45, in __init__ 
self._from_private_key_file(filename, password) 
File "/var/task/paramiko/rsakey.py", line 164, in _from_private_key_file 
self._decode_key(data) 
File "/var/task/paramiko/rsakey.py", line 173, in _decode_key 
data, password=None, backend=default_backend() 
File "/var/task/cryptography/hazmat/backends/__init__.py", line 35, in default_backend _default_backend = MultiBackend(_available_backends()) 
File "/var/task/cryptography/hazmat/backends/__init__.py", line 22, in _available_backends "cryptography.backends" 
File "/var/task/pkg_resources/__init__.py", line 2235, in resolve module = __import__(self.module_name, fromlist=['__name__'], level=0) 
File "/var/task/cryptography/hazmat/backends/commoncrypto/__init__.py", line 7, in <module> 
from cryptography.hazmat.backends.commoncrypto.backend import backend 
File "/var/task/cryptography/hazmat/backends/commoncrypto/backend.py", line 11, in <module> from cryptography.hazmat.backends.commoncrypto.ciphers import ( File "/var/task/cryptography/hazmat/backends/commoncrypto/ciphers.py", line 11, in <module> 
from cryptography.hazmat.primitives import ciphers, constant_time 
File "/var/task/cryptography/hazmat/primitives/constant_time.py", line 9, in <module> from cryptography.hazmat.bindings._constant_time import lib 
ImportError: /var/task/cryptography/hazmat/bindings/_constant_time.so: invalid ELF header

Thanks in advanced, hope someone can help me.

reaperhulk commented 8 years ago

cryptography contains native code and that code is compiled for the architecture (and OS) of the current machine. The AWS lambda documentation currently appears to claim that zipping up your local directory will work, but that's patently untrue. In this case it appears you're running on a Mac, but Lambda needs things compiled as linux ELF shared objects (but also likely needs everything statically linked, etc). You can probably get help with doing that in some AWS Lambda specific forum/mailing list.

ojitha commented 7 years ago

What is the solution for mac users ?

reaperhulk commented 7 years ago

You'll need to build cryptography on an amazon linux AMI (likely with static linking). This is something none of the cryptography team have needed to do so we can't provide much guidance beyond the obvious here. If you do figure out how to do it we'd be happy to have you add a section to the docs for future users.

vinit-datalicious commented 6 years ago

Anyone is able to solve this issue ? I am also facing same issue and using mac

glynjackson commented 6 years ago

Same issue here. I cannot package using a mac and upload the zip to AWS Lambda. You can package it on a Linux machine and it works, but has anyone come across a way around this using a Mac?

reaperhulk commented 6 years ago

The cryptography manylinux1 wheels will work on Lambda. Additionally, you can build your own using a docker image. Unfortunately I don't have an example I can point to directly, but hopefully someone will write one soon.

refayathaque commented 6 years ago

https://medium.freecodecamp.org/escaping-lambda-function-hell-using-docker-40b187ec1e48

This will get rid of your ELF problem, but will result in /var/task/cryptography/hazmat/bindings/_constant_time.so: undefined symbol: PyInt_FromLong

Rohit-Rajan-Bose commented 6 years ago

@refayathaque did you find a way around that error?

brubraz commented 6 years ago

@Rohit-Rajan-Bose You just need to build using an AWS lambda docker. Github Project - docker-lambda

I'm using Serverless Framework with Serverless Python Requirements - it installs dependencies automatically: Serverless Framework Github Project - Serverless Python Requirements

My serverless.yml

custom:
  pythonRequirements:
    dockerizePip: true
atomboulian commented 5 years ago

https://romandc.com/zappa-django-guide/setup/#approach-2-docker-with-zappa-recommended

This worked for me if you are trying to deploy this as part of your Django dependencies with Zappa.

Solid example.

manjuamas commented 4 years ago

@refayathaque I came across the same problem. You might want to check your python version. If you built the project on a python 2.7 make sure that the target of your lambda is the same (python 2.7). It worked for me when I changed the target version

excite-world commented 4 years ago

Using pip3 instead of pip to install cryptography worked for me.