obelisk
obelisk copied to clipboard
Installation fails on Nix due to pyOpenSSL
I've installed Nix on my Ubuntu 20.04 and launched
nix-env -f https://github.com/obsidiansystems/obelisk/archive/master.tar.gz -iA command
it fails with this
/build/pyOpenSSL-19.0.0
Finished executing pipInstallPhase
post-installation fixup
shrinking RPATHs of ELF executables and libraries in /nix/store/gh7kyj7wmgn1sq06aprmmc2xfhjm0n6p-python2.7-pyOpenSSL-19.0.0
strip is /nix/store/q354712mnkw3ky8b5crj7ir7dyv29ylj-binutils-2.31.1/bin/strip
stripping (with command strip and flags -S) in /nix/store/gh7kyj7wmgn1sq06aprmmc2xfhjm0n6p-python2.7-pyOpenSSL-19.0.0/lib
patching script interpreter paths in /nix/store/gh7kyj7wmgn1sq06aprmmc2xfhjm0n6p-python2.7-pyOpenSSL-19.0.0
checking for references to /build/ in /nix/store/gh7kyj7wmgn1sq06aprmmc2xfhjm0n6p-python2.7-pyOpenSSL-19.0.0...
strip is /nix/store/q354712mnkw3ky8b5crj7ir7dyv29ylj-binutils-2.31.1/bin/strip
running install tests
============================= test session starts ==============================
platform linux2 -- Python 2.7.17, pytest-4.6.5, py-1.8.0, pluggy-0.12.0
OpenSSL: OpenSSL 1.1.1d 10 Sep 2019
cryptography: 2.7
rootdir: /build/pyOpenSSL-19.0.0, inifile: setup.cfg, testpaths: tests
plugins: flaky-3.6.1
collected 499 items / 8 deselected / 491 selected
tests/test_crypto.py ................................................... [ 10%]
........................................................................ [ 25%]
........................................................................ [ 39%]
........................................................... [ 51%]
tests/test_debug.py . [ 51%]
tests/test_rand.py .... [ 52%]
tests/test_ssl.py ...................................................... [ 63%]
.............FFF........................................................ [ 78%]
........................................................................ [ 93%]
................................ [ 99%]
tests/test_tsafe.py . [ 99%]
tests/test_util.py . [100%]
=================================== FAILURES ===================================
____________________ TestContext.test_add_extra_chain_cert _____________________
self = <tests.test_ssl.TestContext object at 0x7fffee876190>
tmpdir = local('/build/pytest-of-nixbld/pytest-0/test_add_extra_chain_cert0')
def test_add_extra_chain_cert(self, tmpdir):
"""
`Context.add_extra_chain_cert` accepts an `X509`
instance to add to the certificate chain.
See `_create_certificate_chain` for the details of the
certificate chain tested.
The chain is tested by starting a server with scert and connecting
to it with a client which trusts cacert and requires verification to
succeed.
"""
chain = _create_certificate_chain()
[(cakey, cacert), (ikey, icert), (skey, scert)] = chain
# Dump the CA certificate to a file because that's the only way to load
# it as a trusted CA in the client context.
for cert, name in [(cacert, 'ca.pem'),
(icert, 'i.pem'),
(scert, 's.pem')]:
with tmpdir.join(name).open('w') as f:
f.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))
for key, name in [(cakey, 'ca.key'),
(ikey, 'i.key'),
(skey, 's.key')]:
with tmpdir.join(name).open('w') as f:
f.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))
# Create the server context
serverContext = Context(TLSv1_METHOD)
serverContext.use_privatekey(skey)
serverContext.use_certificate(scert)
# The client already has cacert, we only need to give them icert.
serverContext.add_extra_chain_cert(icert)
# Create the client
clientContext = Context(TLSv1_METHOD)
clientContext.set_verify(
VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)
clientContext.load_verify_locations(str(tmpdir.join("ca.pem")))
# Try it out.
> self._handshake_test(serverContext, clientContext)
tests/test_ssl.py:1370:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
tests/test_ssl.py:1248: in _handshake_test
s.do_handshake()
/nix/store/gh7kyj7wmgn1sq06aprmmc2xfhjm0n6p-python2.7-pyOpenSSL-19.0.0/lib/python2.7/site-packages/OpenSSL/SSL.py:1915: in do_handshake
self._raise_ssl_error(self._ssl, result)
/nix/store/gh7kyj7wmgn1sq06aprmmc2xfhjm0n6p-python2.7-pyOpenSSL-19.0.0/lib/python2.7/site-packages/OpenSSL/SSL.py:1647: in _raise_ssl_error
_raise_current_error()
Hi. I apologize for the delayed response to this ticket. We believe that this issue is caused by the age of the nixpkgs that obelisk
vendors. We will be cutting a release from our develop
branch soon that uses a newer nixpkgs.