Can't detect the required Python library cryptography (>= 1.2.3)

To Reproduce

Just run ./algo

Full log

Algo running on: Ubuntu 20.04.4 LTS (Virtualized: kvm) Created from git clone. Last commit: 9f241b1 Bump ansible-core from 2.12.1 to 2.12.3 (#14425) Python 3.8.10 Runtime variables: algo_provider "local" algo_dns_adblocking "True" algo_ssh_tunneling "True" wireguard_enabled "True" dns_encryption "True"

TASK [Display the invocation environment] **** changed: [localhost]

TASK [Install the requirements] ** changed: [localhost]

TASK [Include a provisioning role] *** [local : pause] https://trailofbits.github.io/algo/deploy-to-ubuntu.html

Local installation might break your server. Use at your own risk.

Proceed? Press ENTER to continue or CTRL+C and A to abort...: ^M TASK [local : pause] ***** ok: [localhost] => (item=https://trailofbits.github.io/algo/deploy-to-ubuntu.html

Local installation might break your server. Use at your own risk.

Proceed? Press ENTER to continue or CTRL+C and A to abort...) [local : pause] Enter the IP address of your server: (or use localhost for local installation): [localhost] : localhost^M TASK [local : pause] ***** ok: [localhost]

TASK [local : Set the facts] * ok: [localhost] [local : pause] Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate) [localhost] : 23.88.27.29^M TASK [local : pause] ***** ok: [localhost]

TASK [local : Set the facts] ***** ok: [localhost]

TASK [Set subjectAltName as a fact] ** ok: [localhost]

TASK [Add the server to an inventory group] ** changed: [localhost]

TASK [Linux | set OS specific facts] ***** ok: [localhost]

TASK [Set config paths as facts] ***** ok: [localhost]

TASK [Update config paths] *** changed: [localhost]

TASK [debug] ***** ok: [localhost] => { "IP_subject_alt_name": "23.88.27.29" } [WARNING]: Reset is not implemented for this connection

TASK [Wait 600 seconds for target connection to become reachable/usable] ***** ok: [localhost] => (item=localhost)

PLAY [Configure the server and install required software] ****

TASK [common : Check the system] ***** ok: [localhost]

TASK [common : include_tasks] **** included: /root/algo/roles/common/tasks/ubuntu.yml for localhost

TASK [common : Gather facts] ***** ok: [localhost]

TASK [common : Install unattended-upgrades] ** ok: [localhost]

TASK [common : Configure unattended-upgrades] **** ok: [localhost]

TASK [common : Periodic upgrades configured] ***** ok: [localhost]

TASK [common : Disable MOTD on login and SSHD] *** ok: [localhost] => (item={'regexp': '^session.optional.pam_motd.so.', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/login'}) ok: [localhost] => (item={'regexp': '^session.optional.pam_motd.so.', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/sshd'})

TASK [common : Ensure fallback resolvers are set] **** ok: [localhost]

TASK [common : Loopback for services configured] ***** ok: [localhost]

TASK [common : systemd services enabled and started] ***** ok: [localhost] => (item=systemd-networkd) ok: [localhost] => (item=systemd-resolved)

TASK [common : Check apparmor support] *** ok: [localhost]

TASK [common : Set fact if apparmor enabled] ***** ok: [localhost]

TASK [common : Define facts] ***** ok: [localhost]

TASK [common : Set facts] **** ok: [localhost]

TASK [common : Set IPv6 support as a fact] *** ok: [localhost]

TASK [common : Check size of MTU] **** ok: [localhost]

TASK [common : Set OS specific facts] **** ok: [localhost]

TASK [common : Install tools] **** ok: [localhost]

TASK [common : include_tasks] **** included: /root/algo/roles/common/tasks/iptables.yml for localhost

TASK [common : Iptables configured] ** ok: [localhost] => (item={'src': 'rules.v4.j2', 'dest': '/etc/iptables/rules.v4'})

TASK [common : Sysctl tuning] **** ok: [localhost] => (item={'item': 'net.ipv4.ip_forward', 'value': 1}) ok: [localhost] => (item={'item': 'net.ipv4.conf.all.forwarding', 'value': 1})

TASK [dns : Include tasks for Ubuntu] **** included: /root/algo/roles/dns/tasks/ubuntu.yml for localhost

TASK [dns : Install dnscrypt-proxy] ** ok: [localhost]

TASK [dns : Ubuntu | Configure AppArmor policy for dnscrypt-proxy] *** ok: [localhost]

TASK [dns : Ubuntu | Enforce the dnscrypt-proxy AppArmor policy] ***** ok: [localhost]

TASK [dns : Ubuntu | Ensure that the dnscrypt-proxy service directory exist] ***** ok: [localhost]

TASK [dns : Ubuntu | Add custom requirements to successfully start the unit] ***** ok: [localhost]

TASK [dns : dnscrypt-proxy ip-blacklist configured] ** ok: [localhost]

TASK [dns : dnscrypt-proxy configured] *** ok: [localhost]

TASK [dns : Adblock script created] ** ok: [localhost]

TASK [dns : Adblock script added to cron] **** changed: [localhost]

TASK [dns : Update adblock hosts] **** ok: [localhost] [WARNING]: flush_handlers task does not support when conditional

TASK [dns : dnscrypt-proxy enabled and started] ** ok: [localhost]

TASK [wireguard : Ensure the required directories exist] ***** ok: [localhost] => (item=configs/23.88.27.29/wireguard//.pki//preshared) ok: [localhost] => (item=configs/23.88.27.29/wireguard//.pki//private) ok: [localhost] => (item=configs/23.88.27.29/wireguard//.pki//public) ok: [localhost] => (item=configs/23.88.27.29/wireguard//apple/ios) ok: [localhost] => (item=configs/23.88.27.29/wireguard//apple/macos)

TASK [wireguard : Include tasks for Ubuntu] ** included: /root/algo/roles/wireguard/tasks/ubuntu.yml for localhost

TASK [wireguard : WireGuard installed] *** ok: [localhost]

TASK [wireguard : Set OS specific facts] ***** ok: [localhost]

TASK [wireguard : Generate private keys] ***** ok: [localhost] => (item=test) ok: [localhost] => (item=pench) ok: [localhost] => (item=admin) ok: [localhost] => (item=23.88.27.29)

TASK [wireguard : Generate preshared keys] *** ok: [localhost] => (item=test) ok: [localhost] => (item=pench) ok: [localhost] => (item=admin) ok: [localhost] => (item=23.88.27.29)

TASK [wireguard : Generate public keys] ** ok: [localhost] => (item=test) ok: [localhost] => (item=pench) ok: [localhost] => (item=admin) ok: [localhost] => (item=23.88.27.29)

TASK [wireguard : Save public keys] ** ok: [localhost] => (item={'changed': False, 'stdout': 'Z7g6CLN7dDU5wy71SR0ho/0dy2Qnd0e6Rs5ZjYSEBiU=', 'stderr': '', 'rc': 0, 'cmd': 'set -o pipefail\necho "gH5VbW/ZSXLK0T3K2ExeRp0vyMX6KCy12OVI+9ienE8=" |\nwg pubkey\n', 'start': '2022-03-05 00:01:33.248987', 'end': '2022-03-05 00:01:33.253125', 'delta': '0:00:00.004138', 'msg': '', 'invocation': {'module_args': {'executable': 'bash', '_raw_params': 'set -o pipefail\necho "gH5VbW/ZSXLK0T3K2ExeRp0vyMX6KCy12OVI+9ienE8=" |\nwg pubkey\n', '_uses_shell': True, 'warn': False, 'stdin_add_newline': True, 'strip_empty_ends': True, 'argv': None, 'chdir': None, 'creates': None, 'removes': None, 'stdin': None}}, 'stdout_lines': ['Z7g6CLN7dDU5wy71SR0ho/0dy2Qnd0e6Rs5ZjYSEBiU='], 'stderr_lines': [], 'failed': False, 'item': 'test', 'ansible_loop_var': 'item'}) ok: [localhost] => (item={'changed': False, 'stdout': 'J9c5YCpICV3wjrSf47ooV5+sLkayPVyfbP9GLUbLJwY=', 'stderr': '', 'rc': 0, 'cmd': 'set -o pipefail\necho "MGqAx4CFm/GcdWUysJX0vFCjpuQ6KymJo9D3Cxw/l3M=" |\nwg pubkey\n', 'start': '2022-03-05 00:01:33.366560', 'end': '2022-03-05 00:01:33.369911', 'delta': '0:00:00.003351', 'msg': '', 'invocation': {'module_args': {'executable': 'bash', '_raw_params': 'set -o pipefail\necho "MGqAx4CFm/GcdWUysJX0vFCjpuQ6KymJo9D3Cxw/l3M=" |\nwg pubkey\n', '_uses_shell': True, 'warn': False, 'stdin_add_newline': True, 'strip_empty_ends': True, 'argv': None, 'chdir': None, 'creates': None, 'removes': None, 'stdin': None}}, 'stdout_lines': ['J9c5YCpICV3wjrSf47ooV5+sLkayPVyfbP9GLUbLJwY='], 'stderr_lines': [], 'failed': False, 'item': 'pench', 'ansible_loop_var': 'item'}) ok: [localhost] => (item={'changed': False, 'stdout': 'pUZ86rTlkOHnjA6ShXToNvrjHdaBMegHWhMBxqmG2wY=', 'stderr': '', 'rc': 0, 'cmd': 'set -o pipefail\necho "aJuu7ifaMFUryB6IiaF+BMf1rm3lGx1kU4cITXT741A=" |\nwg pubkey\n', 'start': '2022-03-05 00:01:33.475034', 'end': '2022-03-05 00:01:33.478281', 'delta': '0:00:00.003247', 'msg': '', 'invocation': {'module_args': {'executable': 'bash', '_raw_params': 'set -o pipefail\necho "aJuu7ifaMFUryB6IiaF+BMf1rm3lGx1kU4cITXT741A=" |\nwg pubkey\n', '_uses_shell': True, 'warn': False, 'stdin_add_newline': True, 'strip_empty_ends': True, 'argv': None, 'chdir': None, 'creates': None, 'removes': None, 'stdin': None}}, 'stdout_lines': ['pUZ86rTlkOHnjA6ShXToNvrjHdaBMegHWhMBxqmG2wY='], 'stderr_lines': [], 'failed': False, 'item': 'admin', 'ansible_loop_var': 'item'}) ok: [localhost] => (item={'changed': False, 'stdout': 'p+eFbZqPB61PaWXzqPb4xP0qKMcc8bcwR6PZvjteuFI=', 'stderr': '', 'rc': 0, 'cmd': 'set -o pipefail\necho "8IZPg5bzDIgwh4C8opj7kpA48K/XZo3KHMhFLYW/RXo=" |\nwg pubkey\n', 'start': '2022-03-05 00:01:33.612451', 'end': '2022-03-05 00:01:33.616130', 'delta': '0:00:00.003679', 'msg': '', 'invocation': {'module_args': {'executable': 'bash', '_raw_params': 'set -o pipefail\necho "8IZPg5bzDIgwh4C8opj7kpA48K/XZo3KHMhFLYW/RXo=" |\nwg pubkey\n', '_uses_shell': True, 'warn': False, 'stdin_add_newline': True, 'strip_empty_ends': True, 'argv': None, 'chdir': None, 'creates': None, 'removes': None, 'stdin': None}}, 'stdout_lines': ['p+eFbZqPB61PaWXzqPb4xP0qKMcc8bcwR6PZvjteuFI='], 'stderr_lines': [], 'failed': False, 'item': '23.88.27.29', 'ansible_loop_var': 'item'})

TASK [wireguard : WireGuard user list updated] *** ok: [localhost] => (item=test) ok: [localhost] => (item=pench) ok: [localhost] => (item=admin)

TASK [wireguard : set_fact] ** ok: [localhost]

TASK [wireguard : WireGuard users config generated] ** ok: [localhost] => (item=[3, 'test']) ok: [localhost] => (item=[4, 'pench']) ok: [localhost] => (item=[5, 'admin'])

TASK [wireguard : include_tasks] ***** included: /root/algo/roles/wireguard/tasks/mobileconfig.yml for localhost => (item=ios) included: /root/algo/roles/wireguard/tasks/mobileconfig.yml for localhost => (item=macos)

TASK [wireguard : WireGuard apple mobileconfig generated] **** changed: [localhost] => (item=[3, 'test']) changed: [localhost] => (item=[4, 'pench']) changed: [localhost] => (item=[5, 'admin'])

TASK [wireguard : Generate QR codes] ***** ok: [localhost] => (item=[3, 'test']) ok: [localhost] => (item=[4, 'pench']) ok: [localhost] => (item=[5, 'admin'])

TASK [wireguard : WireGuard configured] ** ok: [localhost]

TASK [wireguard : WireGuard enabled and started] ***** ok: [localhost]

TASK [ssh_tunneling : Ensure that the sshd_config file has desired options] ** ok: [localhost]

TASK [ssh_tunneling : Ensure that the algo group exist] ** ok: [localhost]

TASK [ssh_tunneling : Ensure that the jail directory exist] ** ok: [localhost]

TASK [ssh_tunneling : Ensure that the SSH users exist] *** ok: [localhost] => (item=test) ok: [localhost] => (item=pench) ok: [localhost] => (item=admin) [WARNING]: 'append' is set, but no 'groups' are specified. Use 'groups' for appending new groups.This will change to an error in Ansible 2.14.

TASK [ssh_tunneling : Ensure the config directories exist] *** ok: [localhost]

TASK [ssh_tunneling : Check if the private keys exist] *** ok: [localhost] => (item=test) ok: [localhost] => (item=pench) ok: [localhost] => (item=admin)

TASK [ssh_tunneling : Build ssh private keys] **** failed: [localhost] (item={'changed': False, 'stat': {'exists': False}, 'invocation': {'module_args': {'path': 'configs/23.88.27.29/ssh-tunnel//test.pem', 'follow': False, 'get_md5': False, 'get_checksum': True, 'get_mime': True, 'get_attributes': True, 'checksum_algorithm': 'sha1'}}, 'failed': False, 'item': 'test', 'ansible_loop_var': 'item'}) => {"ansible_loop_var": "item", "changed": false, "item": {"ansible_loop_var": "item", "changed": false, "failed": false, "invocation": {"module_args": {"checksum_algorithm": "sha1", "follow": false, "get_attributes": true, "get_checksum": true, "get_md5": false, "get_mime": true, "path": "configs/23.88.27.29/ssh-tunnel//test.pem"}}, "item": "test", "stat": {"exists": false}}, "msg": "Can't detect the required Python library cryptography (>= 1.2.3)"} failed: [localhost] (item={'changed': False, 'stat': {'exists': False}, 'invocation': {'module_args': {'path': 'configs/23.88.27.29/ssh-tunnel//pench.pem', 'follow': False, 'get_md5': False, 'get_checksum': True, 'get_mime': True, 'get_attributes': True, 'checksum_algorithm': 'sha1'}}, 'failed': False, 'item': 'pench', 'ansible_loop_var': 'item'}) => {"ansible_loop_var": "item", "changed": false, "item": {"ansible_loop_var": "item", "changed": false, "failed": false, "invocation": {"module_args": {"checksum_algorithm": "sha1", "follow": false, "get_attributes": true, "get_checksum": true, "get_md5": false, "get_mime": true, "path": "configs/23.88.27.29/ssh-tunnel//pench.pem"}}, "item": "pench", "stat": {"exists": false}}, "msg": "Can't detect the required Python library cryptography (>= 1.2.3)"} failed: [localhost] (item={'changed': False, 'stat': {'exists': False}, 'invocation': {'module_args': {'path': 'configs/23.88.27.29/ssh-tunnel//admin.pem', 'follow': False, 'get_md5': False, 'get_checksum': True, 'get_mime': True, 'get_attributes': True, 'checksum_algorithm': 'sha1'}}, 'failed': False, 'item': 'admin', 'ansible_loop_var': 'item'}) => {"ansible_loop_var": "item", "changed": false, "item": {"ansible_loop_var": "item", "changed": false, "failed": false, "invocation": {"module_args": {"checksum_algorithm": "sha1", "follow": false, "get_attributes": true, "get_checksum": true, "get_md5": false, "get_mime": true, "path": "configs/23.88.27.29/ssh-tunnel//admin.pem"}}, "item": "admin", "stat": {"exists": false}}, "msg": "Can't detect the required Python library cryptography (>= 1.2.3)"}

TASK [include_tasks] ***** included: /root/algo/playbooks/rescue.yml for localhost

TASK [debug] ***** ok: [localhost] => { "fail_hint": [ "Sorry, but something went wrong!", "Please check the troubleshooting guide.", "https://trailofbits.github.io/algo/troubleshooting.html" ] }

TASK [Fail the installation] ***** fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}

PLAY RECAP *** localhost : ok=90 changed=7 unreachable=0 failed=1 skipped=71 rescued=1 ignored=0

trailofbits / algo

Can't detect the required Python library cryptography (>= 1.2.3) #14430