Re: git: ad1bc60d6ae8 - main - security/py-openssl: update to 22.0.0

From: Sofian Brabez <sbz_at_FreeBSD.org>
Date: Thu, 24 Mar 2022 11:30:47 UTC 
On 23 Mar 18:42 2022, Yasuhiro Kimura wrote:
> From: Sofian Brabez <sbz@FreeBSD.org>
> Subject: git: ad1bc60d6ae8 - main - security/py-openssl: update to 22.0.0
> Date: Tue, 22 Mar 2022 16:07:13 GMT
> 
> > The branch main has been updated by sbz:
> > 
> > URL: https://cgit.FreeBSD.org/ports/commit/?id=ad1bc60d6ae85090900d90475835894218872b12
> > 
> > commit ad1bc60d6ae85090900d90475835894218872b12
> > Author:     Sofian Brabez <sbz@FreeBSD.org>
> > AuthorDate: 2022-03-22 15:26:35 +0000
> > Commit:     Sofian Brabez <sbz@FreeBSD.org>
> > CommitDate: 2022-03-22 16:06:19 +0000
> > 
> >     security/py-openssl: update to 22.0.0
> 
> According to the Release information of 22.0.0, minimum version of
> py-cryptography has changed to 35.0.
> 
> https://pypi.org/project/pyOpenSSL/#id1
> 
> Actually after this commit runtime error of certbot happens as following.
> 
> root@rolling-vm-freebsd2[861]# certbot certonly --dns-rfc2136 --dns-rfc2136-credentials /usr/local/etc/letsencrypt/dns-rfc2136.ini -d '*.test.example.org'
> Traceback (most recent call last):
>   File "/usr/local/lib/python3.10/site-packages/pkg_resources/__init__.py", line 568, in _build_master
>     ws.require(__requires__)
>   File "/usr/local/lib/python3.10/site-packages/pkg_resources/__init__.py", line 886, in require
>     needed = self.resolve(parse_requirements(requirements))
>   File "/usr/local/lib/python3.10/site-packages/pkg_resources/__init__.py", line 777, in resolve
>     raise VersionConflict(dist, req).with_context(dependent_req)
> pkg_resources.ContextualVersionConflict: (cryptography 3.3.2 (/usr/local/lib/python3.10/site-packages), Requirement.parse('cryptography>=35.0'), {'PyOpenSSL'})
> 
> During handling of the above exception, another exception occurred:
> 
> Traceback (most recent call last):
>   File "/usr/local/bin/certbot", line 33, in <module>
>     sys.exit(load_entry_point('certbot==1.25.0', 'console_scripts', 'certbot')())
>   File "/usr/local/bin/certbot", line 25, in importlib_load_entry_point
>     return next(matches).load()
>   File "/usr/local/lib/python3.10/importlib/metadata/__init__.py", line 171, in load
>     module = import_module(match.group('module'))
>   File "/usr/local/lib/python3.10/importlib/__init__.py", line 126, in import_module
>     return _bootstrap._gcd_import(name[level:], package, level)
>   File "<frozen importlib._bootstrap>", line 1050, in _gcd_import
>   File "<frozen importlib._bootstrap>", line 1027, in _find_and_load
>   File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked
>   File "<frozen importlib._bootstrap>", line 688, in _load_unlocked
>   File "<frozen importlib._bootstrap_external>", line 883, in exec_module
>   File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
>   File "/usr/local/lib/python3.10/site-packages/certbot/main.py", line 6, in <module>
>     from certbot._internal import main as internal_main
>   File "/usr/local/lib/python3.10/site-packages/certbot/_internal/main.py", line 25, in <module>
>     from certbot import configuration
>   File "/usr/local/lib/python3.10/site-packages/certbot/configuration.py", line 10, in <module>
>     from certbot import util
>   File "/usr/local/lib/python3.10/site-packages/certbot/util.py", line 27, in <module>
>     from certbot._internal import constants
>   File "/usr/local/lib/python3.10/site-packages/certbot/_internal/constants.py", line 6, in <module>
>     import pkg_resources
>   File "/usr/local/lib/python3.10/site-packages/pkg_resources/__init__.py", line 3243, in <module>
>     def _initialize_master_working_set():
>   File "/usr/local/lib/python3.10/site-packages/pkg_resources/__init__.py", line 3226, in _call_aside
>     f(*args, **kwargs)
>   File "/usr/local/lib/python3.10/site-packages/pkg_resources/__init__.py", line 3255, in _initialize_master_working_set
>     working_set = WorkingSet._build_master()
>   File "/usr/local/lib/python3.10/site-packages/pkg_resources/__init__.py", line 570, in _build_master
>     return cls._build_from_requirements(__requires__)
>   File "/usr/local/lib/python3.10/site-packages/pkg_resources/__init__.py", line 583, in _build_from_requirements
>     dists = ws.resolve(reqs, Environment())
>   File "/usr/local/lib/python3.10/site-packages/pkg_resources/__init__.py", line 777, in resolve
>     raise VersionConflict(dist, req).with_context(dependent_req)
> pkg_resources.ContextualVersionConflict: (cryptography 3.3.2 (/usr/local/lib/python3.10/site-packages), Requirement.parse('cryptography>=35.0'), {'PyOpenSSL'})
> root@rolling-vm-freebsd2[862]#
> 
> ---
> Yasuhiro Kimura

Hi Yasuhiro,

I don't use certbot so I take a look at that problem and even with the correct
minimum version with this diff applied, it fails on another error related to
rust bindings:

With the following version installed

sbz@freebsd13:~/git/ports $ pkg info |egrep 'py.*(crypto|openssl|certbot)'
py38-certbot-1.22.0,1          Let's Encrypt client
py38-cryptography-36.0.2       Cryptographic recipes and primitives for Python developers
py38-cryptography-vectors-36.0.2 Test vectors for the cryptography package
py38-openssl-22.0.0            Python interface to the OpenSSL library

Then I run your given command

sbz@freebsd13:~/git/ports $ certbot certonly --dns-rfc2136 --dns-rfc2136-credentials /usr/local/etc/letsencrypt/dns-rfc2136.ini -d '*.test.example.org'
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==1.22.0', 'console_scripts', 'certbot')())
  File "/usr/local/bin/certbot", line 25, in importlib_load_entry_point
    return next(matches).load()
  File "/usr/local/lib/python3.8/importlib/metadata.py", line 77, in load
    module = import_module(match.group('module'))
  File "/usr/local/lib/python3.8/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 843, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "/usr/local/lib/python3.8/site-packages/certbot/main.py", line 6, in <module>
    from certbot._internal import main as internal_main
  File "/usr/local/lib/python3.8/site-packages/certbot/_internal/main.py", line 18, in <module>
    import josepy as jose
  File "/usr/local/lib/python3.8/site-packages/josepy/__init__.py", line 43, in <module>
    from josepy.json_util import (
  File "/usr/local/lib/python3.8/site-packages/josepy/json_util.py", line 14, in <module>
    from OpenSSL import crypto
  File "/usr/local/lib/python3.8/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/usr/local/lib/python3.8/site-packages/OpenSSL/crypto.py", line 8, in <module>
    from cryptography import utils, x509
  File "/usr/local/lib/python3.8/site-packages/cryptography/x509/__init__.py", line 6, in <module>
    from cryptography.x509 import certificate_transparency
  File "/usr/local/lib/python3.8/site-packages/cryptography/x509/certificate_transparency.py", line 10, in <module>
    from cryptography.hazmat.bindings._rust import x509 as rust_x509
ImportError: cannot import name 'x509' from 'cryptography.hazmat.bindings._rust' (unknown location)

At the moment, it seems we are not ready to update security/py-openssl to the
latest version yet, so I have restored the previous version in
0e63dc8634485b1b16e1b11e56580b482cc5c3bd.

I will wait sunpoet@ update security/py-cryptography* ports to do it.  Recent
versions after 35.0.0 need rust extensions to be built and I am not familiar
with it.

Thanks for the report.

Regards

-- 
Sofian Brabez