obelisk icon indicating copy to clipboard operation
obelisk copied to clipboard

Published 20 hours ago verified publisher icon obsidiansystems

Installation fails on Nix due to pyOpenSSL

Open Sorokin-Anton opened this issue 3 years ago • 1 comments

I've installed Nix on my Ubuntu 20.04 and launched nix-env -f https://github.com/obsidiansystems/obelisk/archive/master.tar.gz -iA command

it fails with this

/build/pyOpenSSL-19.0.0
Finished executing pipInstallPhase
post-installation fixup
shrinking RPATHs of ELF executables and libraries in /nix/store/gh7kyj7wmgn1sq06aprmmc2xfhjm0n6p-python2.7-pyOpenSSL-19.0.0
strip is /nix/store/q354712mnkw3ky8b5crj7ir7dyv29ylj-binutils-2.31.1/bin/strip
stripping (with command strip and flags -S) in /nix/store/gh7kyj7wmgn1sq06aprmmc2xfhjm0n6p-python2.7-pyOpenSSL-19.0.0/lib 
patching script interpreter paths in /nix/store/gh7kyj7wmgn1sq06aprmmc2xfhjm0n6p-python2.7-pyOpenSSL-19.0.0
checking for references to /build/ in /nix/store/gh7kyj7wmgn1sq06aprmmc2xfhjm0n6p-python2.7-pyOpenSSL-19.0.0...
strip is /nix/store/q354712mnkw3ky8b5crj7ir7dyv29ylj-binutils-2.31.1/bin/strip
running install tests
============================= test session starts ==============================
platform linux2 -- Python 2.7.17, pytest-4.6.5, py-1.8.0, pluggy-0.12.0
OpenSSL: OpenSSL 1.1.1d  10 Sep 2019
cryptography: 2.7
rootdir: /build/pyOpenSSL-19.0.0, inifile: setup.cfg, testpaths: tests
plugins: flaky-3.6.1
collected 499 items / 8 deselected / 491 selected                              

tests/test_crypto.py ................................................... [ 10%]
........................................................................ [ 25%]
........................................................................ [ 39%]
...........................................................              [ 51%]
tests/test_debug.py .                                                    [ 51%]
tests/test_rand.py ....                                                  [ 52%]
tests/test_ssl.py ...................................................... [ 63%]
.............FFF........................................................ [ 78%]
........................................................................ [ 93%]
................................                                         [ 99%]
tests/test_tsafe.py .                                                    [ 99%]
tests/test_util.py .                                                     [100%]

=================================== FAILURES ===================================
____________________ TestContext.test_add_extra_chain_cert _____________________

self = <tests.test_ssl.TestContext object at 0x7fffee876190>
tmpdir = local('/build/pytest-of-nixbld/pytest-0/test_add_extra_chain_cert0')

    def test_add_extra_chain_cert(self, tmpdir):
        """
        `Context.add_extra_chain_cert` accepts an `X509`
        instance to add to the certificate chain.
    
        See `_create_certificate_chain` for the details of the
        certificate chain tested.
    
        The chain is tested by starting a server with scert and connecting
        to it with a client which trusts cacert and requires verification to
        succeed.
        """
        chain = _create_certificate_chain()
        [(cakey, cacert), (ikey, icert), (skey, scert)] = chain
    
        # Dump the CA certificate to a file because that's the only way to load
        # it as a trusted CA in the client context.
        for cert, name in [(cacert, 'ca.pem'),
                           (icert, 'i.pem'),
                           (scert, 's.pem')]:
            with tmpdir.join(name).open('w') as f:
                f.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))
    
        for key, name in [(cakey, 'ca.key'),
                          (ikey, 'i.key'),
                          (skey, 's.key')]:
            with tmpdir.join(name).open('w') as f:
                f.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))
    
        # Create the server context
        serverContext = Context(TLSv1_METHOD)
        serverContext.use_privatekey(skey)
        serverContext.use_certificate(scert)
        # The client already has cacert, we only need to give them icert.
        serverContext.add_extra_chain_cert(icert)
    
        # Create the client
        clientContext = Context(TLSv1_METHOD)
        clientContext.set_verify(
            VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)
        clientContext.load_verify_locations(str(tmpdir.join("ca.pem")))
    
        # Try it out.
>       self._handshake_test(serverContext, clientContext)

tests/test_ssl.py:1370: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
tests/test_ssl.py:1248: in _handshake_test
    s.do_handshake()
/nix/store/gh7kyj7wmgn1sq06aprmmc2xfhjm0n6p-python2.7-pyOpenSSL-19.0.0/lib/python2.7/site-packages/OpenSSL/SSL.py:1915: in do_handshake
    self._raise_ssl_error(self._ssl, result)
/nix/store/gh7kyj7wmgn1sq06aprmmc2xfhjm0n6p-python2.7-pyOpenSSL-19.0.0/lib/python2.7/site-packages/OpenSSL/SSL.py:1647: in _raise_ssl_error
    _raise_current_error()

Sorokin-Anton avatar May 24 '21 16:05 Sorokin-Anton

Hi. I apologize for the delayed response to this ticket. We believe that this issue is caused by the age of the nixpkgs that obelisk vendors. We will be cutting a release from our develop branch soon that uses a newer nixpkgs.

madeline-os avatar May 12 '22 14:05 madeline-os