Bug 253935 - security/py-openssl: py37-openssl-0.20.1: requires py37-cryptography >= 3.2
Summary: security/py-openssl: py37-openssl-0.20.1: requires py37-cryptography >= 3.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Sofian Brabez
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-03-01 14:39 UTC by Guillaume Bibaut
Modified: 2021-04-14 20:34 UTC (History)
1 user (show)

See Also:
linimon: maintainer-feedback? (sbz)


Attachments
update run dependency with py-cryptography >= 3.2 (1.19 KB, patch)
2021-03-29 22:21 UTC, Sofian Brabez
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Guillaume Bibaut 2021-03-01 14:39:49 UTC
py37-certbot and py37-certbot-dns-rfc2136 requires py37-openssl.

packages are set to latest.
upgraded today, and it installed py37-openssl-0.20.1.
It seems that python package requires py-cryptography >= 3.2, and only 2.9.2 is installed.

Then running certbot exits on a trackback:

```
Traceback (most recent call last):                                                                                                                                                                             File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 583, in _build_master                                                                                                            ws.require(__requires__)                                                                                                                                                                                   File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 900, in require                                                                                                                  needed = self.resolve(parse_requirements(requirements))                                                                                                                                                    File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 791, in resolve                                                                                                                  raise VersionConflict(dist, req).with_context(dependent_req)                                                                                                                                             pkg_resources.ContextualVersionConflict: (cryptography 2.9.2 (/usr/local/lib/python3.7/site-packages), Requirement.parse('cryptography>=3.2'), {'PyOpenSSL'})

During handling of the above exception, another exception occurred:                                                                                                                                                                                                                                                                                                                                                       Traceback (most recent call last):                                                                                                                                                                             File "/usr/local/bin/certbot", line 6, in <module>                                                                                                                                                             from pkg_resources import load_entry_point                                                                                                                                                                 File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 3251, in <module>                                                                                                                @_call_aside                                                                                                                                                                                               File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 3235, in _call_aside                                                                                                             f(*args, **kwargs)                                                                                                                                                                                         File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 3264, in _initialize_master_working_set                                                                                          working_set = WorkingSet._build_master()                                                                                                                                                                   File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 585, in _build_master                                                                                                            return cls._build_from_requirements(__requires__)                                                                                                                                                          File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 598, in _build_from_requirements                                                                                                 dists = ws.resolve(reqs, Environment())                                                                                                                                                                    File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 791, in resolve                                                                                                                  raise VersionConflict(dist, req).with_context(dependent_req)                                                                                                                                             pkg_resources.ContextualVersionConflict: (cryptography 2.9.2 (/usr/local/lib/python3.7/site-packages), Requirement.parse('cryptography>=3.2'), {'PyOpenSSL'})
```

To fix, I had to deinstall py37-openssl-0.20.1 and reinstall py37-openssl-0.19.1 from package cache on my server.
Comment 1 Sofian Brabez freebsd_committer 2021-03-29 12:52:39 UTC
Hi Guillaume,

Thanks for your bug report, I will looking deeply at it and be back to you.
Comment 2 Sofian Brabez freebsd_committer 2021-03-29 22:21:53 UTC
Created attachment 223695 [details]
update run dependency with py-cryptography >= 3.2

Could you try to apply the following patch and run certbot again?

You need to rebuild the package locally for that before. You can use the commands below to rebuild your py-openssl new package on the host or your could use a poudriere jail:

# cd /usr/ports/security/py-openssl
# patch -p0 < py-openssl-20.0.1_1.diff
# make package reinstall clean

Then you will end up with the new package reported by pkg info|egrep openssl

Please run again certbot for confirmation it fixes the dependency bug.
Comment 3 Guillaume Bibaut 2021-03-30 08:14:35 UTC
Hello,

Thank you for looking into it, I've been using packages updates since then and managed to upgrade py-cryptography and py-openssl.
I can't try your patch since I'm not using ports on the server I had the problem.
I think this bug can be closed.
Comment 4 Sofian Brabez freebsd_committer 2021-04-14 20:34:20 UTC
Submitter said it can be closed now.