From nobody Wed Oct 25 07:22:11 2023 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SFgNh4r38z4y8Ly for ; Wed, 25 Oct 2023 07:22:12 +0000 (UTC) (envelope-from dutchdaemon@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SFgNh4P5Tz4cq6 for ; Wed, 25 Oct 2023 07:22:12 +0000 (UTC) (envelope-from dutchdaemon@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698218532; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=K3ImbdLy5RQ2djo8YYR2VIKoow4cBiUa+6s/3MXWMSg=; b=NE0XOsOWirayOdI8wMlIjJUJzPIXpbqsKDcUuEP3tZ4p67PQrWvRwdxIsGDZ/y25FaBoSJ bKxhhu4MISKiPXEaLGpmoRJDHyKJOXPXPSv5GrRUZY0ZOm+fi4ii5DRwKvBGYWLkHKK1kg YPWnzBOKO2I09r7tZOvV5lKGyk37gLoD7LUeK/XtCkvFxxmMo89Onw4hZj3zzTygdwgK29 ts52OjqyLvHBIrMGqX2GvmDYxsa37ZgEjpLCdTA2jtfjH1vv3fJU7Cl4FBXnN20oQfPMqc orlryKzGeHDqu2AQr0CVqnk7Uuk+YBWnIvcmlOVpsX1UFeOQ74ssRw4QBinrlw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1698218532; a=rsa-sha256; cv=none; b=A2OWSGlHaE25TQptPGZQ/b/OrOMyl6bTw6u79N3Jdi34VNjgiwWOpeDduf3ZcmGQ9bIdFJ FUXlxm0UVdy78SPzAA/DDFVCgcSVP8+k7SH509GbgfWILf5UHPE31XkeBJRJ/Ud40/xbxb 52MZdRY0Hw9j6aejb8sd7yH7sq3j5MrlYMornu8nQQQgyEyYiRMGphZ8ddzC+bK1R+tnCK XLaMgh6djnz+4fkSuy6MVNl3JmTiNNn0F2fd5yIRZzW/0/w5v8Oh5GuEyTBZrxGzeexyT2 gJ5FpW/Qkkx9ZiwhWybHtCneCsCXLAifXDWCVUqIYy8qg7RsF3WhwPE40KajaQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698218532; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=K3ImbdLy5RQ2djo8YYR2VIKoow4cBiUa+6s/3MXWMSg=; b=fWG0l196wxZXLpblyVU1B9bhqyFoiui45krKaj1eqKLtvDJ4IOlXz/ANvSrRU5z5UubRUq IXnRaIK2uXizFPVSmEHT4E1INhjbYlPdM3N92wcGinAs5/QWEucYzwrDbwczH5GXYIFkSr CJPM+a9EQ66z7lnC+4wCfUrtjHsy5CZvrCdyDcjfT9hi3xeHoS/UvuG4WJcIDWkY5jQgJx xaEPqqo2TFj3LznmADV0EOQpl4e2cyu42RvWK8xxQKH7O6xepYK75f3t4FE62yNfks5MCH kP2+D/dN5SViBbeoywxAeHWwnwrPbdQXsRt7itXNRtm5PvxgpPpSAjyLfKj6MA== Received: from [192.168.178.234] (unknown [85.148.89.7]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: dutchdaemon/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4SFgNh1HdkzkyP for ; Wed, 25 Oct 2023 07:22:12 +0000 (UTC) (envelope-from dutchdaemon@freebsd.org) From: "Dutch Daemon - FreeBSD Forums Administrator" To: Date: Wed, 25 Oct 2023 09:22:11 +0200 Message-ID: <18b65b654d0.2818.b36d34a15fda208b80f54b6ad54d9e04@freebsd.org> In-Reply-To: <76713a44-1fa4-41ee-a4f9-177907e9a57f@FreeBSD.org> References: <76713a44-1fa4-41ee-a4f9-177907e9a57f@FreeBSD.org> User-Agent: AquaMail/1.47.0 (build: 104700356) Subject: Re: FreeBSD 13 + CertBot + OpenSSL 3 - status? List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="18b65b658cf56722818a240cc2" This is a multi-part message in MIME format. --18b65b658cf56722818a240cc2 Content-Type: text/plain; format=flowed; charset="us-ascii" Content-Transfer-Encoding: 8bit On October 24, 2023 14:54:40 DutchDaemon - FreeBSD Forums Administrator wrote: > Does anyone in 'port land' know what the current developments are wrt > CertBot (or py-crypto under its hood)? > CertBot is happily compiling against OpenSSL 3 from ports, but when running > 'certbot', the crypto side of it talks to the base system OpenSSL 1.1.1, > hence failing because the OpenSSL 1.1.1 library does not understand the > OpenSSL 3 calls made to it. > From what I understood, this was due to an error/regression in pkgconf(?) > which causes some type of 'path reversal' that causes py-crypto to ignore > the OpenSSL it was compiled against, favoring the base system library. > I either have to revert a whole lot of servers back to OpenSSL 1.1.1w from > ports in order to renew certificates, or wait for "any movement" in getting > the path reversal addressed/fixed. > So: does anyone know where we're at with this? Memory jog: Traceback (most recent call last): File "/usr/local/bin/certbot", line 33, in sys.exit(load_entry_point('certbot==2.6.0', 'console_scripts', 'certbot')()) File "/usr/local/bin/certbot", line 25, in importlib_load_entry_point return next(matches).load() File "/usr/local/lib/python3.9/importlib/metadata.py", line 86, in load module = import_module(match.group('module')) File "/usr/local/lib/python3.9/importlib/__init__.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1030, in _gcd_import File "", line 1007, in _find_and_load File "", line 986, in _find_and_load_unlocked File "", line 680, in _load_unlocked File "", line 850, in exec_module File "", line 228, in _call_with_frames_removed File "/usr/local/lib/python3.9/site-packages/certbot/main.py", line 6, in from certbot._internal import main as internal_main File "/usr/local/lib/python3.9/site-packages/certbot/_internal/main.py", line 21, in import josepy as jose File "/usr/local/lib/python3.9/site-packages/josepy/__init__.py", line 40, in from josepy.json_util import ( File "/usr/local/lib/python3.9/site-packages/josepy/json_util.py", line 14, in from OpenSSL import crypto File "/usr/local/lib/python3.9/site-packages/OpenSSL/__init__.py", line 8, in from OpenSSL import SSL, crypto File "/usr/local/lib/python3.9/site-packages/OpenSSL/SSL.py", line 9, in from OpenSSL._util import ( File "/usr/local/lib/python3.9/site-packages/OpenSSL/_util.py", line 6, in from cryptography.hazmat.bindings.openssl.binding import Binding File "/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 15, in from cryptography.exceptions import InternalError File "/usr/local/lib/python3.9/site-packages/cryptography/exceptions.py", line 9, in from cryptography.hazmat.bindings._rust import exceptions as rust_exceptions ImportError: /usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_rust.abi3.so: Undefined symbol "EVP_default_properties_is_fips_enabled" --18b65b658cf56722818a240cc2 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

On October 24, 2023 14:54:40 DutchDaemon - FreeBSD Forums Administ= rator <DutchDaemon@FreeBSD.org> wrote:

Does anyone in 'port land' know what the current developments are wrt CertBot (or py-crypto under its hood)? 

CertBot is happily compiling against OpenSSL 3 from ports, but when running 'certbot', the crypto side of it talks to the base system OpenSSL 1.1.1, hence failing because the OpenSSL 1.1.1 library does not understand the OpenSSL 3 calls made to it.

From what I understood, this was due to an error/regression in pkgconf(?) which causes some type of 'path reversal' that causes py-crypto to ignore the OpenSSL it was compiled against, favoring the base system library.

I either have to revert a whole lot of servers back to OpenSSL 1.1.1w from ports in order to renew certificates, or wait for "any movement" in getting the path reversal addressed/fixed.

So: does anyone know where we're at with this?

=20
Memory jog:


Traceback (most recent call las= t):
 File "/usr/local/bin/certbot", = line 33, in <module>
   s= ys.exit(load_entry_point('certbot=3D=3D2.6.0', 'console_scripts', 'certbot'= )())
 File "/usr/local/bin/certbot",= line 25, in importlib_load_entry_point
&= nbsp;  return next(matches).load()
&= nbsp;File "/usr/local/lib/python3.9/importlib/metadata.py", line 86, in loa= d
   module =3D import_module(m= atch.group('module'))
 File "/usr/lo= cal/lib/python3.9/importlib/__init__.py", line 127, in import_module=
   return _bootstrap._gcd_import(name= [level:], package, level)
 File "<= ;frozen importlib._bootstrap>", line 1030, in _gcd_import
 File "<frozen importlib._bootstrap>", line = 1007, in _find_and_load
 File "<f= rozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
 File "<frozen importlib._bootstrap>= ;", line 680, in _load_unlocked
 F= ile "<frozen importlib._bootstrap_external>", line 850, in exec_modul= e
 File "<frozen importlib._boots= trap>", line 228, in _call_with_frames_removed
 File "/usr/local/lib/python3.9/site-packages/certbot/main.py= ", line 6, in <module>
   = ;from certbot._internal import main as internal_main
 File "/usr/local/lib/python3.9/site-packages/certbot/_i= nternal/main.py", line 21, in <module>
=    import josepy as jose
&n= bsp;File "/usr/local/lib/python3.9/site-packages/josepy/__init__.py", line = 40, in <module>
   from j= osepy.json_util import (
 File "/usr= /local/lib/python3.9/site-packages/josepy/json_util.py", line 14, in <mo= dule>
   from OpenSSL import= crypto
 File "/usr/local/lib/python= 3.9/site-packages/OpenSSL/__init__.py", line 8, in <module>
   from OpenSSL import SSL, crypto
 File "/usr/local/lib/python3.9/site-pack= ages/OpenSSL/SSL.py", line 9, in <module>
   from OpenSSL._util import (
 File "/usr/local/lib/python3.9/site-packages/OpenSSL/_util.py"= , line 6, in <module>
   = from cryptography.hazmat.bindings.openssl.binding import Binding
 File "/usr/local/lib/python3.9/site-packages/= cryptography/hazmat/bindings/openssl/binding.py", line 15, in <module>= ;
   from cryptography.exceptio= ns import InternalError
 File "/usr/= local/lib/python3.9/site-packages/cryptography/exceptions.py", line 9, in &= lt;module>
   from cryptogra= phy.hazmat.bindings._rust import exceptions as rust_exceptions
=
ImportError: /usr/= local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_rust.abi3.s= o: Undefined symbol "EVP_default_properties_is_fips_enabled"
--18b65b658cf56722818a240cc2--