Date: Mon, 10 Jul 2023 15:27:34 -0700 From: Mark Millard <marklmi@yahoo.com> To: The Doctor <doctor@doctor.nl2k.ab.ca>, FreeBSD Mailing List <freebsd-ports@freebsd.org>, "sunpoet@freebsd.org" <sunpoet@FreeBSD.org> Cc: Current FreeBSD <freebsd-current@freebsd.org>, Mike Karels <mike@karels.net> Subject: Re: Does kyua based testing need some hazmat/bindings/_openssl.abi3.so related updating?: Undefined symbol "ERR_GET_FUNC" Message-ID: <16A1ADBE-D6DA-4864-A075-8B122C5C5877@yahoo.com> In-Reply-To: <603B7CEE-F3E3-43C4-B031-9C8A1027CA7E@yahoo.com> References: <1E426C5E-B363-4C76-A952-48EF404F6557.ref@yahoo.com> <1E426C5E-B363-4C76-A952-48EF404F6557@yahoo.com> <ZKxRC54P4jAdjiH7@doctor.nl2k.ab.ca> <603B7CEE-F3E3-43C4-B031-9C8A1027CA7E@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 10, 2023, at 15:03, Mark Millard <marklmi@yahoo.com> wrote:
> On Jul 10, 2023, at 11:42, The Doctor <doctor@doctor.nl2k.ab.ca> =
wrote:
>=20
>> On Mon, Jul 10, 2023 at 08:56:22AM -0700, Mark Millard wrote:
>>> The subject line's question was prompted by
>>> . . ./hazmat/bindings/_openssl.abi3.so related notices
>>> in a kyua report:
>>>=20
>>> # kyua report --verbose =
--results-file=3Dusr_obj_DESTDIRs_main-CA7-chroot_usr_tests.20230710-06463=
2-752785 2>&1 | grep "Undefined symbol" | sort -u
>>> +ImportError: =
/usr/obj/DESTDIRs/main-CA7-chroot/usr/local/lib/python3.9/site-packages/cr=
yptography/hazmat/bindings/_openssl.abi3.so: Undefined symbol =
"ERR_GET_FUNC"
>>> ImportError: =
/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_opens=
sl.abi3.so: Undefined symbol "ERR_GET_FUNC"
>>> ImportError: =
/usr/obj/DESTDIRs/main-CA7-chroot/usr/local/lib/python3.9/site-packages/cr=
yptography/hazmat/bindings/_openssl.abi3.so: Undefined symbol =
"ERR_GET_FUNC"
>>>=20
>>> It is possible that this is related to some oddities of my
>>> context for this. But I figured I'd ask the general question
>>> anyway.
>>>=20
>>=20
>> No! The problem is that Python is calling an openssl 1.X function
>> which is dropped in Opensss 3.X
>>=20
>> Python nedds to fix that issue.
>=20
> Well:
>=20
> # strings =
/usr/obj/DESTDIRs/main-CA7-chroot/usr/local/lib/python3.9/site-packages/cr=
yptography/hazmat/bindings/_openssl.abi3.so | grep -i "3\.[0-9]*\.[0-9]"
> OpenSSL 3.0.9 30 May 2023
> 3.4.8
>=20
> =46rom what I read, 3.4.8 is too old and is known to have this issue =
and this
> was fixed in a later version. I see references to "cryptography" =
needing to
> be "at least 35.0.0 for OpenSSL 3.0 support" instead of "3.4.8" as one =
place
> put it.
>=20
> I've no clue of the details for python3.9 vs. python3.10 or python3.11 =
for
> containing a sufficiently modern "cryptography" already in FreeBSD =
ports
> (vs. not). But this may be more of a port-update issue than an =
up-stream
> python issue -- or possibly just a "use python 3.? or later" issue for
> some value for "?".
>=20
35.0.0 of cryptography dates back to 2021-09-29.
Current for cryptography is 41.0.1 (2023-06-01).
It claims: "It supports Python 3.7+ and PyPy3
7.3.10+."
security/py-cryptography is at 3.4.8 (2021-08-24)
for py39-cryptography and is, in-part, a FreeBSD
ports issue as far as I can tell.
Looking, it seems it is at 3.4.8 for all @${PY_FLAVOR}
instances. So trying python310 or python311 might
well do no good for openssl 3.0 compatibility if they
use security/py-cryptography .
(Note: I build my own ports via poudriere-devel .)
=3D=3D=3D
Mark Millard
marklmi at yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16A1ADBE-D6DA-4864-A075-8B122C5C5877>