Your message dated Mon, 29 Jun 2026 00:16:15 +0000
with message-id <[email protected]>
and subject line Bug#1140972: fixed in certipy 0.2.3-1
has caused the Debian Bug report #1140972,
regarding certipy: FTBFS: E TypeError: cannot create
'cryptography.hazmat.primitives._serialization.Encoding' instances
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1140972: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1140972
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: src:certipy
Version: 0.2.2-1
Severity: serious
Tags: ftbfs forky sid
Dear maintainer:
During a rebuild of all packages in unstable, this package failed to build.
Below you will find the last part of the build log (probably the most
relevant part, but not necessarily). If required, the full build log
is available here:
https://people.debian.org/~sanvila/build-logs/202606/
About the archive rebuild: The build was made on virtual machines from AWS,
using sbuild and a reduced chroot with only build-essential packages.
If you cannot reproduce the bug please contact me privately, as I
am willing to provide ssh access to a virtual machine where the bug is
fully reproducible.
If this is really a bug in one of the build-depends, please use
reassign and add an affects on src:certipy, so that this is still
visible in the BTS web page for this package.
Thanks.
--------------------------------------------------------------------------------
[...]
debian/rules clean
dh clean --buildsystem=pybuild
dh_auto_clean -O--buildsystem=pybuild
dh_autoreconf_clean -O--buildsystem=pybuild
dh_clean -O--buildsystem=pybuild
debian/rules binary
dh binary --buildsystem=pybuild
dh_update_autotools_config -O--buildsystem=pybuild
dh_autoreconf -O--buildsystem=pybuild
dh_auto_configure -O--buildsystem=pybuild
dh_auto_build -O--buildsystem=pybuild
I: pybuild plugin_pyproject:142: Building wheel for python3.13 with "build"
module
I: pybuild base:385: python3.13 -m build --skip-dependency-check --no-isolation
--wheel --outdir /<<PKGBUILDDIR>>/.pybuild/cpython3_3.13
* Building wheel...
/usr/lib/python3/dist-packages/setuptools/config/_apply_pyprojecttoml.py:82:
SetuptoolsDeprecationWarning: `project.license` as a TOML table is deprecated
[... snipped ...]
self.file_path = file_path
self.containing_dir = os.path.dirname(self.file_path)
> self.encoding = serialization.Encoding(encoding)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
E TypeError: cannot create
'cryptography.hazmat.primitives._serialization.Encoding' instances
certipy/certipy.py:171: TypeError
_________________________________ test_certipy _________________________________
def test_certipy():
# FIXME: unfortunately similar names...either separate tests or rename
with TemporaryDirectory() as td:
# create a CA
ca_name = "foo"
certipy = Certipy(store_dir=td)
> ca_record = certipy.create_ca(ca_name, pathlen=None)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
test/test_certipy.py:238:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
certipy/certipy.py:864: in create_ca
self.store.add_files(
certipy/certipy.py:480: in add_files
bundle = TLSFileBundle(
certipy/certipy.py:281: in __init__
self._setup_tls_files(files)
certipy/certipy.py:290: in _setup_tls_files
setattr(self, file_type.value, TLSFile(file_path, file_type=file_type))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <certipy.certipy.TLSFile object at 0x7f5283139e00>
file_path = '/tmp/tmp57onkvc0/foo/foo.key', encoding = Encoding.PEM
file_type = <TLSFileType.KEY: 'key'>, x509 = None
def __init__(
self,
file_path,
encoding=serialization.Encoding.PEM,
file_type=TLSFileType.CERT,
x509=None,
):
if isinstance(encoding, int):
warnings.warn(
"OpenSSL.crypto.TYPE_* encoding arguments are deprecated. Use
cryptography.hazmat.primitives.serialization.Encoding enum or string 'PEM'",
DeprecationWarning,
stacklevel=2,
)
# match values in OpenSSL.crypto
if encoding == 1:
# PEM
encoding = serialization.Encoding.PEM
elif encoding == 2:
# ASN / DER
encoding = serialization.Encoding.DER
self.file_path = file_path
self.containing_dir = os.path.dirname(self.file_path)
> self.encoding = serialization.Encoding(encoding)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
E TypeError: cannot create
'cryptography.hazmat.primitives._serialization.Encoding' instances
certipy/certipy.py:171: TypeError
___________________________ test_certipy_trust_graph ___________________________
self = <certipy.certipy.CertStore object at 0x7f528317f890>, common_name = 'baz'
def get_record(self, common_name):
"""Return the record associated with this common name
In most cases, all that's really needed to use an existing cert are
the file paths to the files that make up that cert. This method
returns just that and doesn't bother loading the associated files.
"""
try:
> record = self.store[common_name]
^^^^^^^^^^^^^^^^^^^^^^^
E KeyError: 'baz'
certipy/certipy.py:386: KeyError
During handling of the above exception, another exception occurred:
self = <certipy.certipy.Certipy object at 0x7f528317fb10>
graph = {'foo': ['foo', 'bar'], 'bar': ['foo'], 'baz': ['bar']}
def trust_from_graph(self, graph):
"""Create a set of trust bundles from a relationship graph.
Components in this sense are defined by unique CAs. This method assists
in setting up complicated trust between various components that need
to do TLS auth.
Arguments: graph - dict component:list(components)
Returns: dict component:trust bundle file path
"""
# Ensure there are CAs backing all graph components
def distinct_components(graph):
"""Return a set of components from the provided graph."""
components = set(graph.keys())
for trusts in graph.values():
components |= set(trusts)
return components
# Default to creating a CA (incapable of signing intermediaries) to
# identify a component not known to Certipy
for component in distinct_components(graph):
try:
> self.store.get_record(component)
certipy/certipy.py:755:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <certipy.certipy.CertStore object at 0x7f528317f890>, common_name = 'baz'
def get_record(self, common_name):
"""Return the record associated with this common name
In most cases, all that's really needed to use an existing cert are
the file paths to the files that make up that cert. This method
returns just that and doesn't bother loading the associated files.
"""
try:
record = self.store[common_name]
return record
except KeyError as e:
> raise CertNotFoundError(
"Unable to find record of {name}".format(name=common_name),
errors=e
)
E certipy.certipy.CertNotFoundError: Unable to find record of baz
certipy/certipy.py:389: CertNotFoundError
During handling of the above exception, another exception occurred:
def test_certipy_trust_graph():
trust_graph = {
"foo": ["foo", "bar"],
"bar": ["foo"],
"baz": ["bar"],
}
def distinct_components(graph):
"""Return a set of components from the provided graph."""
components = set(graph.keys())
for trusts in graph.values():
components |= set(trusts)
return components
with TemporaryDirectory() as td:
certipy = Certipy(store_dir=td)
# after this, all components in the graph should exist in certipy
> trust_files = certipy.trust_from_graph(trust_graph)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
test/test_certipy.py:337:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
certipy/certipy.py:757: in trust_from_graph
self.create_ca(component)
certipy/certipy.py:864: in create_ca
self.store.add_files(
certipy/certipy.py:480: in add_files
bundle = TLSFileBundle(
certipy/certipy.py:281: in __init__
self._setup_tls_files(files)
certipy/certipy.py:290: in _setup_tls_files
setattr(self, file_type.value, TLSFile(file_path, file_type=file_type))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <certipy.certipy.TLSFile object at 0x7f528313ba80>
file_path = '/tmp/tmpq2ttedgq/baz/baz.key', encoding = Encoding.PEM
file_type = <TLSFileType.KEY: 'key'>, x509 = None
def __init__(
self,
file_path,
encoding=serialization.Encoding.PEM,
file_type=TLSFileType.CERT,
x509=None,
):
if isinstance(encoding, int):
warnings.warn(
"OpenSSL.crypto.TYPE_* encoding arguments are deprecated. Use
cryptography.hazmat.primitives.serialization.Encoding enum or string 'PEM'",
DeprecationWarning,
stacklevel=2,
)
# match values in OpenSSL.crypto
if encoding == 1:
# PEM
encoding = serialization.Encoding.PEM
elif encoding == 2:
# ASN / DER
encoding = serialization.Encoding.DER
self.file_path = file_path
self.containing_dir = os.path.dirname(self.file_path)
> self.encoding = serialization.Encoding(encoding)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
E TypeError: cannot create
'cryptography.hazmat.primitives._serialization.Encoding' instances
certipy/certipy.py:171: TypeError
__________________________________ test_certs __________________________________
def test_certs():
with TemporaryDirectory() as td:
# Setup
ca_name = "foo"
certipy = Certipy(store_dir=td)
> ca_record = certipy.create_ca(ca_name, pathlen=-1)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
test/test_certipy.py:364:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
certipy/certipy.py:864: in create_ca
self.store.add_files(
certipy/certipy.py:480: in add_files
bundle = TLSFileBundle(
certipy/certipy.py:281: in __init__
self._setup_tls_files(files)
certipy/certipy.py:290: in _setup_tls_files
setattr(self, file_type.value, TLSFile(file_path, file_type=file_type))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <certipy.certipy.TLSFile object at 0x7f528308d910>
file_path = '/tmp/tmp97hpqsth/foo/foo.key', encoding = Encoding.PEM
file_type = <TLSFileType.KEY: 'key'>, x509 = None
def __init__(
self,
file_path,
encoding=serialization.Encoding.PEM,
file_type=TLSFileType.CERT,
x509=None,
):
if isinstance(encoding, int):
warnings.warn(
"OpenSSL.crypto.TYPE_* encoding arguments are deprecated. Use
cryptography.hazmat.primitives.serialization.Encoding enum or string 'PEM'",
DeprecationWarning,
stacklevel=2,
)
# match values in OpenSSL.crypto
if encoding == 1:
# PEM
encoding = serialization.Encoding.PEM
elif encoding == 2:
# ASN / DER
encoding = serialization.Encoding.DER
self.file_path = file_path
self.containing_dir = os.path.dirname(self.file_path)
> self.encoding = serialization.Encoding(encoding)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
E TypeError: cannot create
'cryptography.hazmat.primitives._serialization.Encoding' instances
certipy/certipy.py:171: TypeError
=============================== warnings summary ===============================
.pybuild/cpython3_3.14/build/test/test_certipy.py::test_certs
/<<PKGBUILDDIR>>/.pybuild/cpython3_3.14/build/test/test_certipy.py:364:
DeprecationWarning: negative pathlen is deprecated. Use pathlen=None
ca_record = certipy.create_ca(ca_name, pathlen=-1)
-- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html
=========================== short test summary info ============================
FAILED test/test_certipy.py::test_tls_file - TypeError: cannot create 'crypto...
FAILED test/test_certipy.py::test_tls_file_bundle - TypeError: cannot create ...
FAILED test/test_certipy.py::test_certipy_store - TypeError: cannot create 'c...
FAILED test/test_certipy.py::test_certipy - TypeError: cannot create 'cryptog...
FAILED test/test_certipy.py::test_certipy_trust_graph - TypeError: cannot cre...
FAILED test/test_certipy.py::test_certs - TypeError: cannot create 'cryptogra...
==================== 6 failed, 1 passed, 1 warning in 0.40s ====================
E: pybuild pybuild:485: test: plugin pyproject failed with: exit code=1: cd
/<<PKGBUILDDIR>>/.pybuild/cpython3_3.14/build; python3.14 -m pytest
dh_auto_test: error: pybuild --test --test-pytest -i python{version} -p "3.13
3.14" --parallel=2 returned exit code 13
make: *** [debian/rules:6: binary] Error 25
dpkg-buildpackage: error: debian/rules binary subprocess failed with exit
status 2
--------------------------------------------------------------------------------
--- End Message ---
--- Begin Message ---
Source: certipy
Source-Version: 0.2.3-1
Done: Colin Watson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
certipy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <[email protected]> (supplier of updated certipy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 29 Jun 2026 00:50:51 +0100
Source: certipy
Architecture: source
Version: 0.2.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Colin Watson <[email protected]>
Closes: 1140972
Changes:
certipy (0.2.3-1) unstable; urgency=medium
.
* Team upload.
* New upstream release:
- cryptography: serialization.Encoding is no longer a standard Enum
(closes: #1140972).
Checksums-Sha1:
e62077e06a4baba244964b47127ed57f361f3aac 2173 certipy_0.2.3-1.dsc
4053580c7cb5e47d7025f69829dbe700dac47360 20650 certipy_0.2.3.orig.tar.gz
314ec3cc5fbba4f23935e7f61979a6672579448b 3340 certipy_0.2.3-1.debian.tar.xz
Checksums-Sha256:
eb5d6abea88309cf80ed74a4c641b1507f0aca0c664dc603543e3a6963ce9c64 2173
certipy_0.2.3-1.dsc
4e8701e6a2f281e7a154c2f368cff4edf374009084d29788cbe8c3838897784f 20650
certipy_0.2.3.orig.tar.gz
024eb8a6f7e84301438ef18c7a608e56488ca60e909dbcc9c8abfd7316f01f07 3340
certipy_0.2.3-1.debian.tar.xz
Files:
8b4430a8edbfb0d9d889fff0098fae67 2173 python optional certipy_0.2.3-1.dsc
964e2f96c77c50c6861d98491403a2e4 20650 python optional
certipy_0.2.3.orig.tar.gz
528838572f3cafc3d4019a673fd38bc2 3340 python optional
certipy_0.2.3-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmpBtDgACgkQOTWH2X2G
UAsOhRAAplBWE/+ESskoxB9/NehFs3G0w35H9IzOhaUt3LXk13Yczm7XLj9Krt8B
Za/vCnORvTnW5N9s9m23iZq1gUVkXvDv77UPCXz53l/N3c/vqIs9oSN0jJ5nATc9
e4teN1wZW3AGiL3f2tpGyt2iAF/tOVo3lUDmTxnwU6Fni57kD2HhSGDl2X6gflcB
M86D3YjUN680dSsLI9vfGTYnTzfuUrogYtWHdWdOYmfJvUxJltPRrPUknSkBbo2B
FQwUFpZIBPCzIORzBQ58Vr5ZcDzNExEOzsAjoG2k8kJOtrwNk4Q6qpcevRz9ikz6
0nXA/nDfrSGmo6mjGjRpLjK6Gs9lkTEFfD+pxkhLslA8V3qzpWQqQXBafhMxv5ji
0cTW+t0ahXNzA9uizBh5Ou8H927zWVdK9Hv2465f/kI5Q4j+sPDMolxcg8pHK1QC
gp51XZrz54dYJXY6PI5DmZGGVDCfe0y01vlXEocBk4E6MeHXhclTl1JuWkvVHEkH
Pre0o70sca0CpZEP6cyHT3DB+oSzTk4Pc2Q73neVrRJBEM5WhhpiEE2r1l3wgVOH
6C4FAvUxGKQdu86w3TZQWWWRtOhRw2zJX6Ovb1Os3gb9YkbYBY0WwN6Atw/rerEi
SLWPmjY1wpq0SVWwiaIQeJ8vIE361qJ4eDRqmgaWCFR1OqzZFEE=
=btQ3
-----END PGP SIGNATURE-----
pgpvnBiRPk2Pt.pgp
Description: PGP signature
--- End Message ---