Missing symbol under tox in openssl stuff

Willem Jan Withagen wjw at digiware.nl
Fri Feb 28 08:52:50 UTC 2020


On 28-2-2020 03:47, Kubilay Kocak wrote:
> On 27/02/2020 10:53 pm, Willem Jan Withagen wrote:
>> Hi,
>>
>> I'm the first to acknowledge that I do not know enough of python.
>> But still I can get by most of the times.
>>
>> However during the tests of my Ceph port one of the tests complains:
>> ==============
>>
>> orchestrator/_interface.py:701: ImportError
>> ------------------------------ Captured log call 
>> -------------------------------
>> ERROR    orchestrator._interface:_interface.py:391 _Promise failed
>> Traceback (most recent call last):
>>    File 
>> "/home/jenkins/workspace/ceph-master/src/pybind/mgr/cephadm/module.py", 
>> line 334, in do_work
>>      res = self._on_complete_(*args, **kwargs)
>>    File 
>> "/home/jenkins/workspace/ceph-master/src/pybind/mgr/cephadm/module.py", 
>> line 398, in call_self
>>      return f(self, *inner_args)
>>    File 
>> "/home/jenkins/workspace/ceph-master/src/pybind/mgr/cephadm/module.py", 
>> line 2352, in _create_grafana
>>      return self._create_daemon('grafana', daemon_id, host)
>>    File 
>> "/home/jenkins/workspace/ceph-master/src/pybind/mgr/cephadm/module.py", 
>> line 1874, in _create_daemon
>>      j = self._generate_grafana_config()
>>    File 
>> "/home/jenkins/workspace/ceph-master/src/pybind/mgr/cephadm/module.py", 
>> line 2288, in _generate_grafana_config
>>      cert, pkey = create_self_signed_cert('Ceph', 'cephadm')
>>    File 
>> "/home/jenkins/workspace/ceph-master/src/pybind/mgr/mgr_util.py", 
>> line 134, in create_self_signed_cert
>>      from OpenSSL import crypto
>>    File 
>> "/home/jenkins/workspace/ceph-master/src/pybind/mgr/.tox/py3/lib/python3.7/site-packages/OpenSSL/__init__.py", 
>> line 8, in <module>
>>      from OpenSSL import crypto, SSL
>>    File 
>> "/home/jenkins/workspace/ceph-master/src/pybind/mgr/.tox/py3/lib/python3.7/site-packages/OpenSSL/crypto.py", 
>> line 15, in <module>
>>      from OpenSSL._util import (
>>    File 
>> "/home/jenkins/workspace/ceph-master/src/pybind/mgr/.tox/py3/lib/python3.7/site-packages/OpenSSL/_util.py", 
>> line 6, in <module>
>>      from cryptography.hazmat.bindings.openssl.binding import Binding
>>    File 
>> "/home/jenkins/workspace/ceph-master/src/pybind/mgr/.tox/py3/lib/python3.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", 
>> line 15, in <module>
>>      from cryptography.hazmat.bindings._openssl import ffi, lib
>> ImportError: 
>> /home/jenkins/workspace/ceph-master/src/pybind/mgr/.tox/py3/lib/python3.7/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: 
>> Undefined symbol "SSLv3_client_method"
>>
>> ==============
>>
>> And I have no idea how and why this complaint is here.
>> If I check with openssl it seems that this version should be 
>> available in version 1.1.1,d that is installed.
>> And all packages are up to date.
>>
>> Who is the casue of the error here?
>> And how do I debug this....
>>
>> --WjW
>
> Looks like cryptography is compiled/linked inconsistently, probably 
> against base *and* ports OpenSSl versions, or some OPTIONS in your 
> openssl port have changed, but cryptography was not rebuilt
>
> Rebuild cryptography (via ports), and try to reproduce
>

Clang is consitantly complaining about a mismatch in openldap between 
openssl-1.1.1 from ports and openssl-1.1 from base.
Sort of learned to live with it, since in essence thay are the same on 
that platform, but it is worrying that 1 program could depend on 2 
different openssl libs.

> Alternatively, because tox installs dependencies itself in its own 
> environments, its probably trying to install crytography manually (not 
> via the port), which produces a broken cryptography Python package.
>
> This is why we dont use tox for tests (as it bypasses ports). Use the 
> test runner that tox itself invokes (pytest, nose, unittest, whatever)
>
I don't really have a chance here because it is part of the CI that 
comes with Ceph, and changing the infrastucture there just for the sake 
of this is not really going to happen.
Currently openSSL doesn't build the SSLv3 stuff any longer by default.
S things got fixed after I build a new openSSL from ports with the SSLv3 
stuff in it, then all trouble went away.
But it is not a receipe that will work in a port, and on ports@ I have 
not heard a good way to tackle this.

--WjW

>
>
> _______________________________________________
> freebsd-python at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-python
> To unsubscribe, send any mail to "freebsd-python-unsubscribe at freebsd.org"



More information about the freebsd-python mailing list