Bug 1953446
| Summary: | python-cryptography: Port to OpenSSL 3.0 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Christian Heimes <cheimes> |
| Component: | python-cryptography | Assignee: | Christian Heimes <cheimes> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Kaleem <ksiddiqu> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 9.0 | CC: | fweimer, ksiddiqu, mpolovka, myusuf, pvoborni, sahana, sumenon |
| Target Milestone: | beta | Keywords: | Triaged |
| Target Release: | 9.0 Beta | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | python-cryptography-3.4.7-4.el9 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-12-07 21:52:33 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1980994 | ||
| Bug Blocks: | 1903209, 1958021 | ||
|
Description
Christian Heimes
2021-04-26 06:41:31 UTC
As the required package build is not available for RHEL9, moving this BZ back to MODIFIED state. OpenSSL 3.0 removed the ERR_GET_FUNC macro. This leads to compiler warnings:
build/temp.linux-x86_64-3.9/_openssl.c: In function ‘_cffi_d_ERR_GET_FUNC’:
build/temp.linux-x86_64-3.9/_openssl.c:18781:10: warning: implicit declaration of function ‘ERR_GET_FUNC’; did you mean ‘ERR_GET_LIB’? [-Wimplicit-function-declaration]
18781 | return ERR_GET_FUNC(x0);
| ^~~~~~~~~~~~
| ERR_GET_LIB
And very much later to a dynamic linker error (at run time):
ImportError while loading conftest '/builddir/build/BUILD/cryptography-3.4.7/tests/conftest.py'.
tests/conftest.py:8: in <module>
from cryptography.hazmat.backends.openssl import backend as openssl_backend
../../BUILDROOT/python-cryptography-3.4.7-3.el9.x86_64/usr/lib64/python3.9/site-packages/cryptography/hazmat/backends/openssl/__init__.py:6: in <module>
from cryptography.hazmat.backends.openssl.backend import backend
../../BUILDROOT/python-cryptography-3.4.7-3.el9.x86_64/usr/lib64/python3.9/site-packages/cryptography/hazmat/backends/openssl/backend.py:114: in <module>
from cryptography.hazmat.bindings.openssl import binding
../../BUILDROOT/python-cryptography-3.4.7-3.el9.x86_64/usr/lib64/python3.9/site-packages/cryptography/hazmat/bindings/openssl/binding.py:14: in <module>
from cryptography.hazmat.bindings._openssl import ffi, lib
E ImportError: /builddir/build/BUILDROOT/python-cryptography-3.4.7-3.el9.x86_64/usr/lib64/python3.9/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: undefined symbol: ERR_GET_FUNC
ERR_GET_FUNC probably needs to be removed from src/_cffi_src/openssl/err.py.
I have backported two fixes from PyCA cryptography's main branch and created a new build. https://github.com/pyca/cryptography/pull/6148 https://github.com/pyca/cryptography/pull/6150 python3-cryptography-3.4.7-5.el9.x86_64.rpm is part og nightly compose : http://download.hosts.prod.upshift.rdu2.redhat.com/rhel-9/nightly/RHEL-9/latest-RHEL-9.0/compose/AppStream/x86_64/os/Packages/ Hence marking the bug as verified. |