NetBSD Problem Report #58079

From www@netbsd.org  Tue Mar 26 11:21:08 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id E55AA1A9239
	for <gnats-bugs@gnats.NetBSD.org>; Tue, 26 Mar 2024 11:21:07 +0000 (UTC)
Message-Id: <20240326112106.B5F981A923B@mollari.NetBSD.org>
Date: Tue, 26 Mar 2024 11:21:06 +0000 (UTC)
From: ea1abz@gmail.com
Reply-To: ea1abz@gmail.com
To: gnats-bugs@NetBSD.org
Subject: py311-certbot-2.8.0 failure in evbarm
X-Send-Pr-Version: www-1.0

>Number:         58079
>Category:       pkg
>Synopsis:       py311-certbot-2.8.0 failure in evbarm
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Mar 26 11:25:00 +0000 2024
>Closed-Date:    Mon Feb 03 06:15:58 +0000 2025
>Last-Modified:  Mon Feb 03 06:15:58 +0000 2025
>Originator:     Ramiro Aceves
>Release:        NetBSD 10.0_RC6
>Organization:
>Environment:
netbsd-raspa$ uname -a
NetBSD netbsd-raspa 10.0_RC6 NetBSD 10.0_RC6 (RPI) #0: Tue Mar 12 10:19:02 UTC 2024  mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/evbarm/compile/RPI evbarm

>Description:
Hi,
I was trying to use py311-certbot-2.8.0  Client for the Let's Encrypt CA in my Raspberry Pi Zero W. I get the following error for py311-certbot-2.8.0, py312-certbot-2.8.0 and also py38-certbot-2.8.0

netbsd-raspa$ certbot-3.11 certonly
Traceback (most recent call last):
  File "/usr/pkg/bin/certbot-3.11", line 5, in <module>
    from certbot.main import main
  File "/usr/pkg/lib/python3.11/site-packages/certbot/main.py", line 6, in <module>
    from certbot._internal import main as internal_main
  File "/usr/pkg/lib/python3.11/site-packages/certbot/_internal/main.py", line 21, in <module>
    import josepy as jose
  File "/usr/pkg/lib/python3.11/site-packages/josepy/__init__.py", line 40, in <module>
    from josepy.json_util import (
  File "/usr/pkg/lib/python3.11/site-packages/josepy/json_util.py", line 24, in <module>
    from OpenSSL import crypto
  File "/usr/pkg/lib/python3.11/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/usr/pkg/lib/python3.11/site-packages/OpenSSL/crypto.py", line 17, in <module>
    from OpenSSL._util import (
  File "/usr/pkg/lib/python3.11/site-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
  File "/usr/pkg/lib/python3.11/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 14, in <module>
    from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: /usr/pkg/lib/python3.11/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: Undefined PLT symbol "FIPS_mode_set" (symnum = 251)
netbsd-raspa$

certbot seems to work in my amd64 machine.
Thanks.




>How-To-Repeat:
certbot-3.11 certonly
>Fix:

>Release-Note:

>Audit-Trail:
From: Ramiro Aceves <ea1abz@gmail.com>
To: gnats-bugs@netbsd.org, pkg-manager@netbsd.org, gnats-admin@netbsd.org,
 pkgsrc-bugs@netbsd.org
Cc: 
Subject: Re: pkg/58079: py311-certbot-2.8.0 failure in evbarm
Date: Wed, 27 Mar 2024 14:06:51 +0100

 El 26 de marzo de 2024 12:25:00 CET, ea1abz@gmail=2Ecom escribi=C3=B3:
 >>Number:         58079
 >>Category:       pkg
 >>Synopsis:       py311-certbot-2=2E8=2E0 failure in evbarm
 >>Confidential:   no
 >>Severity:       serious
 >>Priority:       medium
 >>Responsible:    pkg-manager
 >>State:          open
 >>Class:          sw-bug
 >>Submitter-Id:   net
 >>Arrival-Date:   Tue Mar 26 11:25:00 +0000 2024
 >>Originator:     Ramiro Aceves
 >>Release:        NetBSD 10=2E0_RC6
 >>Organization:
 >>Environment:
 >netbsd-raspa$ uname -a
 >NetBSD netbsd-raspa 10=2E0_RC6 NetBSD 10=2E0_RC6 (RPI) #0: Tue Mar 12 10:=
 19:02 UTC 2024  mkrepro@mkrepro=2ENetBSD=2Eorg:/usr/src/sys/arch/evbarm/com=
 pile/RPI evbarm
 >
 >>Description:
 >Hi,
 >I was trying to use py311-certbot-2=2E8=2E0  Client for the Let's Encrypt=
  CA in my Raspberry Pi Zero W=2E I get the following error for py311-certbo=
 t-2=2E8=2E0, py312-certbot-2=2E8=2E0 and also py38-certbot-2=2E8=2E0
 >
 >netbsd-raspa$ certbot-3=2E11 certonly
 >Traceback (most recent call last):
 >  File "/usr/pkg/bin/certbot-3=2E11", line 5, in <module>
 >    from certbot=2Emain import main
 >  File "/usr/pkg/lib/python3=2E11/site-packages/certbot/main=2Epy", line =
 6, in <module>
 >    from certbot=2E_internal import main as internal_main
 >  File "/usr/pkg/lib/python3=2E11/site-packages/certbot/_internal/main=2E=
 py", line 21, in <module>
 >    import josepy as jose
 >  File "/usr/pkg/lib/python3=2E11/site-packages/josepy/__init__=2Epy", li=
 ne 40, in <module>
 >    from josepy=2Ejson_util import (
 >  File "/usr/pkg/lib/python3=2E11/site-packages/josepy/json_util=2Epy", l=
 ine 24, in <module>
 >    from OpenSSL import crypto
 >  File "/usr/pkg/lib/python3=2E11/site-packages/OpenSSL/__init__=2Epy", l=
 ine 8, in <module>
 >    from OpenSSL import crypto, SSL
 >  File "/usr/pkg/lib/python3=2E11/site-packages/OpenSSL/crypto=2Epy", lin=
 e 17, in <module>
 >    from OpenSSL=2E_util import (
 >  File "/usr/pkg/lib/python3=2E11/site-packages/OpenSSL/_util=2Epy", line=
  6, in <module>
 >    from cryptography=2Ehazmat=2Ebindings=2Eopenssl=2Ebinding import Bind=
 ing
 >  File "/usr/pkg/lib/python3=2E11/site-packages/cryptography/hazmat/bindi=
 ngs/openssl/binding=2Epy", line 14, in <module>
 >    from cryptography=2Ehazmat=2Ebindings=2E_openssl import ffi, lib
 >ImportError: /usr/pkg/lib/python3=2E11/site-packages/cryptography/hazmat/=
 bindings/_openssl=2Eabi3=2Eso: Undefined PLT symbol "FIPS_mode_set" (symnum=
  =3D 251)
 >netbsd-raspa$
 >
 >certbot seems to work in my amd64 machine=2E
 >Thanks=2E
 >
 >
 >
 >
 >>How-To-Repeat:
 >certbot-3=2E11 certonly
 >>Fix:
 >

 Googling around I found that FIPS_mode_set function was removed in OpenSSL=
  v3 and could be solved compiling it with legacy option=2E

State-Changed-From-To: open->feedback
State-Changed-By: bsiegert@NetBSD.org
State-Changed-When: Fri, 31 Jan 2025 10:02:19 +0000
State-Changed-Why:
py-certbot is now at 3.1.0. Is this still an issue?


From: Ramiro Aceves <ea1abz@gmail.com>
To: gnats-bugs@netbsd.org, pkg-manager@netbsd.org, pkgsrc-bugs@netbsd.org,
 gnats-admin@netbsd.org, bsiegert@NetBSD.org
Cc: 
Subject: Re: pkg/58079 (py311-certbot-2.8.0 failure in evbarm)
Date: Sun, 2 Feb 2025 11:06:52 +0100

 It appears to work know:

 netbsd-raspaZeroW# certbot-3.11 certonly
 Saving debug log to /var/letsencrypt/log/letsencrypt.log

 How would you like to authenticate with the ACME CA?
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
 - - - -
 1: Runs an HTTP server locally which serves the necessary validation 
 files under
 the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP
 server already running. HTTP challenge only (wildcards not supported).
 (standalone)
 2: Saves the necessary validation files to a .well-known/acme-challenge/
 directory within the nominated webroot path. A separate HTTP server must be
 running and serving files from the webroot path. HTTP challenge only 
 (wildcards
 not supported). (webroot)
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
 - - - -
 Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
 Enter email address (used for urgent renewal and security notices)
   (Enter 'c' to cancel): ^CExiting due to user request.
 netbsd-raspaZeroW#


 Have not tested till the end but seems to work.

 Regards.


 El 31/1/25 a las 11:02, bsiegert@NetBSD.org escribió:
 > Synopsis: py311-certbot-2.8.0 failure in evbarm
 > 
 > State-Changed-From-To: open->feedback
 > State-Changed-By: bsiegert@NetBSD.org
 > State-Changed-When: Fri, 31 Jan 2025 10:02:19 +0000
 > State-Changed-Why:
 > py-certbot is now at 3.1.0. Is this still an issue?
 > 
 > 
 > 

State-Changed-From-To: feedback->closed
State-Changed-By: bsiegert@NetBSD.org
State-Changed-When: Mon, 03 Feb 2025 06:15:58 +0000
State-Changed-Why:
Problem appears fixed.
Thanks for verifying!


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2025 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.