Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#63968 closed defect (fixed)

certbot @1.21.0_0+python39 failure on execution after Big Sur to Monterey migration on Intel

Reported by: lterrill Owned by: Chris Jones <jonesc@…>
Priority: Normal Milestone:
Component: ports Version: 2.7.1
Keywords: maintainer Cc: Schamschula (Marius Schamschula), cjones051073 (Chris Jones)
Port: certbot

Description

Certbot execution results in the follow error after reinstallation on Monterey/Intel. Complete trace attached

ImportError: dlopen(/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so, 0x0002): symbol not found in flat namespace '_ERR_put_error'

Attachments (1)

certbot stack trace.textClipping (19.8 KB) - added by lterrill 3 years ago.
full stack trace

Download all attachments as: .zip

Change History (12)

Changed 3 years ago by lterrill

full stack trace

comment:1 Changed 3 years ago by Schamschula (Marius Schamschula)

Did you follow the migration instructions for upgrading your macOS version?

See: wiki:Migration

Last edited 3 years ago by ryandesign (Ryan Carsten Schmidt) (previous) (diff)

comment:2 Changed 3 years ago by lterrill

Yes, followed the Migration page. I also manually uninstalled, cleaned, and reinstalled certbot port after the execution failure. Installation was clean, but it didn't correct the execution issue.

comment:3 Changed 3 years ago by cjones051073 (Chris Jones)

Probably nothing to do with the OS migration, but just certbot is not compatible with openssl3.

Last edited 3 years ago by cjones051073 (Chris Jones) (previous) (diff)

comment:4 Changed 3 years ago by cjones051073 (Chris Jones)

Cc: cjones051073 added

comment:5 Changed 3 years ago by cjones051073 (Chris Jones)

Actually, I believe this has already been fixed. See https://github.com/macports/macports-ports/commit/2fcca2001454305d0ed8b12c8d3a62ce42f00193#diff-74c09255613609b0fd38f62fc67e9e2c9e26dc1da7a0324b368ab2db12177a80

please make sure your ports are up to date and try again

sudo port sync
sudo port upgrade outdated
Version 0, edited 3 years ago by cjones051073 (Chris Jones) (next)

comment:6 Changed 3 years ago by lterrill

Tried the suggested upgrade command, received "Nothing to upgrade." in response. No change in error during certbot execution. Note the certbot port builds cleanly for me as I've tried several times to uninstall and reinstall the port. The error is received at execution of certbot.

comment:7 Changed 3 years ago by cjones051073 (Chris Jones)

I cannot read the attachment you have added here, for me its just scrambled. can you please repost as a plain text file please ?

Last edited 3 years ago by cjones051073 (Chris Jones) (previous) (diff)

comment:8 Changed 3 years ago by lterrill

Sorry, sure. Here is the full stack trace

root@mini ~ # certbot renew
Traceback (most recent call last):
  File "/opt/local/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
  File "/opt/local/bin/certbot", line 25, in importlib_load_entry_point
    return next(matches).load()
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/importlib/metadata.py", line 77, in load
    module = import_module(match.group('module'))
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1030, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
  File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 680, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 850, in exec_module
  File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/certbot/main.py", line 2, in <module>
    from certbot._internal import main as internal_main
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/certbot/_internal/main.py", line 17, in <module>
    import josepy as jose
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/josepy/__init__.py", line 43, in <module>
    from josepy.json_util import (
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/josepy/json_util.py", line 14, in <module>
    from OpenSSL import crypto
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/OpenSSL/crypto.py", line 15, in <module>
    from OpenSSL._util import (
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 14, in <module>
    from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: dlopen(/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so, 0x0002): symbol not found in flat namespace '_ERR_put_error'

comment:9 Changed 3 years ago by cjones051073 (Chris Jones)

OK, was able to reproduce in the end.

It appears the issue is py-cryptography must use the same openssl version as the pythonX port, and python 3.9 and 3.10 where recently moved to use openssl3, whereas py-cryptography is still using openssl 1.1. It needs to be moved to use the same for these python versions.

comment:10 Changed 3 years ago by Chris Jones <jonesc@…>

Owner: set to Chris Jones <jonesc@…>
Resolution: fixed
Status: newclosed

In 9f6062fb46ed4016e7928f6e83142350117734c3/macports-ports (master):

py-cryptography: Build against same openssl version as underlying python
Closes: #63968

comment:11 Changed 3 years ago by cjones051073 (Chris Jones)

with the above I get

Oberon ~/Projects/MacPorts/ports > python3                               
Python 3.10.0 (default, Nov 15 2021, 11:42:39) [Clang 13.0.0 (clang-1300.0.29.3)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from cryptography.hazmat.bindings.openssl.binding import Binding
>>> 
Note: See TracTickets for help on using tickets.