Bug 253935

Summary: security/py-openssl: py37-openssl-0.20.1: requires py37-cryptography >= 3.2
Product: Ports & Packages Reporter: Guillaume Bibaut <yom>
Component: Individual Port(s)Assignee: Sofian Brabez <sbz>
Status: Closed FIXED    
Severity: Affects Only Me CC: sbz
Priority: --- Flags: linimon: maintainer-feedback? (sbz)
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
update run dependency with py-cryptography >= 3.2 none

Description Guillaume Bibaut 2021-03-01 14:39:49 UTC
py37-certbot and py37-certbot-dns-rfc2136 requires py37-openssl.

packages are set to latest.
upgraded today, and it installed py37-openssl-0.20.1.
It seems that python package requires py-cryptography >= 3.2, and only 2.9.2 is installed.

Then running certbot exits on a trackback:

```
Traceback (most recent call last):                                                                                                                                                                             File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 583, in _build_master                                                                                                            ws.require(__requires__)                                                                                                                                                                                   File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 900, in require                                                                                                                  needed = self.resolve(parse_requirements(requirements))                                                                                                                                                    File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 791, in resolve                                                                                                                  raise VersionConflict(dist, req).with_context(dependent_req)                                                                                                                                             pkg_resources.ContextualVersionConflict: (cryptography 2.9.2 (/usr/local/lib/python3.7/site-packages), Requirement.parse('cryptography>=3.2'), {'PyOpenSSL'})

During handling of the above exception, another exception occurred:                                                                                                                                                                                                                                                                                                                                                       Traceback (most recent call last):                                                                                                                                                                             File "/usr/local/bin/certbot", line 6, in <module>                                                                                                                                                             from pkg_resources import load_entry_point                                                                                                                                                                 File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 3251, in <module>                                                                                                                @_call_aside                                                                                                                                                                                               File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 3235, in _call_aside                                                                                                             f(*args, **kwargs)                                                                                                                                                                                         File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 3264, in _initialize_master_working_set                                                                                          working_set = WorkingSet._build_master()                                                                                                                                                                   File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 585, in _build_master                                                                                                            return cls._build_from_requirements(__requires__)                                                                                                                                                          File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 598, in _build_from_requirements                                                                                                 dists = ws.resolve(reqs, Environment())                                                                                                                                                                    File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 791, in resolve                                                                                                                  raise VersionConflict(dist, req).with_context(dependent_req)                                                                                                                                             pkg_resources.ContextualVersionConflict: (cryptography 2.9.2 (/usr/local/lib/python3.7/site-packages), Requirement.parse('cryptography>=3.2'), {'PyOpenSSL'})
```

To fix, I had to deinstall py37-openssl-0.20.1 and reinstall py37-openssl-0.19.1 from package cache on my server.
Comment 1 Sofian Brabez freebsd_committer freebsd_triage 2021-03-29 12:52:39 UTC
Hi Guillaume,

Thanks for your bug report, I will looking deeply at it and be back to you.
Comment 2 Sofian Brabez freebsd_committer freebsd_triage 2021-03-29 22:21:53 UTC
Created attachment 223695 [details]
update run dependency with py-cryptography >= 3.2

Could you try to apply the following patch and run certbot again?

You need to rebuild the package locally for that before. You can use the commands below to rebuild your py-openssl new package on the host or your could use a poudriere jail:

# cd /usr/ports/security/py-openssl
# patch -p0 < py-openssl-20.0.1_1.diff
# make package reinstall clean

Then you will end up with the new package reported by pkg info|egrep openssl

Please run again certbot for confirmation it fixes the dependency bug.
Comment 3 Guillaume Bibaut 2021-03-30 08:14:35 UTC
Hello,

Thank you for looking into it, I've been using packages updates since then and managed to upgrade py-cryptography and py-openssl.
I can't try your patch since I'm not using ports on the server I had the problem.
I think this bug can be closed.
Comment 4 Sofian Brabez freebsd_committer freebsd_triage 2021-04-14 20:34:20 UTC
Submitter said it can be closed now.