Re: [Python-Dev] dynamic linking, libssl.1.0.0.dylib, libcrypto.1.0.0.dylib and Mac OS X
> On 24 Dec 2015, at 14:40, Chris Withers wrote: > Hi Cory, > > I'm not not sure, _ssl included in a Python distribution works and does the > right thing, it's third party packages built on the machines that appear to > have the problem. > > How does Python itself "get it right" and how could psycopg2 and cryptography > mirror that? > > This feels like a dynamic linking problem rather than something ssl-specific. Chris, Nope, it’s SSL-specific. OS X El Capitan ships a version of OpenSSL (specifically, OpenSSL 0.9.8zg). The library for this is where you’d expect to find it (/usr/lib/libssl.dylib): however, it ships without header files (that is, there is no /usr/include/ssl directory). Python distributions from python.org get around this problem by compiling and linking against, and including in the distribution, their own copy of libssl. This in principle works fine. Cryptography ordinarily does this too. If you use a remotely modern pip, ‘pip install cryptography’ on OS X will install a Python wheel. The wheel is a binary distribution, and it too includes a compiled copy of libssl. For this reason, I’d argue that cryptography *does* get it right, in the mainline case: a modern Python installation should get a perfectly functional copy of cryptography without requiring a compiler or encountering any problems like the one you’re discussing. The situations where it can go wrong are where cryptography is installed as a source distribution. This will require compilation on install, and here things start to get really tricky. The basic upshot of it, though, is that the OpenSSL shipped with OS X itself is simply not supported by cryptography: it’s ancient, and Apple doesn’t want people to use it, as shown by the fact that they don’t ship development headers for it. If you insist on installing cryptography from source, you’ll need to follow their installation instructions to do that: https://cryptography.io/en/latest/installation/#building-cryptography-on-os-x The TL;DR is: for cryptography on OS X, you either need a modern enough Python to support wheels, or you need to provide your own OpenSSL. Cory signature.asc Description: Message signed with OpenPGP using GPGMail ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
[Python-Dev] dynamic linking, libssl.1.0.0.dylib, libcrypto.1.0.0.dylib and Mac OS X
Hi All, I hit this every time I install packages on Mac OS X that use libssl, it looks like extensions are built linking to .dylib's that are not resolveable when the library is actually used: >>> from OpenSSL import SSL Traceback (most recent call last): File "", line 1, in File "python2.7/site-packages/OpenSSL/__init__.py", line 8, in from OpenSSL import rand, crypto, SSL File "python2.7/site-packages/OpenSSL/rand.py", line 11, in from OpenSSL._util import ( File "python2.7/site-packages/OpenSSL/_util.py", line 6, in from cryptography.hazmat.bindings.openssl.binding import Binding File "python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 13, in from cryptography.hazmat.bindings._openssl import ffi, lib ImportError: dlopen(python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so, 2): Library not loaded: libssl.1.0.0.dylib Referenced from: python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so Reason: image not found Looking at what this links to, I see: $ otool -L lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0) Whereas the functional _ssl that ships with Python distributions on Mac OS X look like this: $ otool -L .../lib/python2.7/lib-dynload/_ssl.so .../lib/python2.7/lib-dynload/_ssl.so: @loader_path/../../libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0) What's going wrong here and what can be done differently to have 'pip install package_using_libssl' build a usable binary installation? Here's a couple of examples of this problem in the wild: https://github.com/alekstorm/backports.ssl/issues/9 http://stackoverflow.com/questions/32978365/how-do-i-run-psycopg2-on-el-capitan-without-hitting-a-libssl-error https://github.com/psycopg/psycopg2/issues/385 I'm well out of my depth here, I just want to use these libraries, but I'm happy to try and do the work to make the world a better place for Mac users of these libraries... Chris ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] dynamic linking, libssl.1.0.0.dylib, libcrypto.1.0.0.dylib and Mac OS X
On 24/12/2015 14:36, Cory Benfield wrote: On 24 Dec 2015, at 11:17, Chris Withers wrote: Here's a couple of examples of this problem in the wild: https://github.com/alekstorm/backports.ssl/issues/9 http://stackoverflow.com/questions/32978365/how-do-i-run-psycopg2-on-el-capitan-without-hitting-a-libssl-error https://github.com/psycopg/psycopg2/issues/385 I'm well out of my depth here, I just want to use these libraries, but I'm happy to try and do the work to make the world a better place for Mac users of these libraries... I think this is actually nothing to do with Python itself, and everything to do with Mac OS X and the neutered way it ships OpenSSL. Given that the library you’re actually having difficulty with is cryptography, I recommend using their mailing list[0] to ask your question again. I happen to know that there have been a few problems with OS X and OpenSSL since El Capitan, so you’re probably not the first to encounter them. Hi Cory, I'm not not sure, _ssl included in a Python distribution works and does the right thing, it's third party packages built on the machines that appear to have the problem. How does Python itself "get it right" and how could psycopg2 and cryptography mirror that? This feels like a dynamic linking problem rather than something ssl-specific. cheers, Chris ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] dynamic linking, libssl.1.0.0.dylib, libcrypto.1.0.0.dylib and Mac OS X
> On 24 Dec 2015, at 11:17, Chris Withers wrote: > > Hi All, > > Here's a couple of examples of this problem in the wild: > > https://github.com/alekstorm/backports.ssl/issues/9 > http://stackoverflow.com/questions/32978365/how-do-i-run-psycopg2-on-el-capitan-without-hitting-a-libssl-error > https://github.com/psycopg/psycopg2/issues/385 > > I'm well out of my depth here, I just want to use these libraries, but I'm > happy to try and do the work to make the world a better place for Mac users > of these libraries... > > Chris Chris, I think this is actually nothing to do with Python itself, and everything to do with Mac OS X and the neutered way it ships OpenSSL. Given that the library you’re actually having difficulty with is cryptography, I recommend using their mailing list[0] to ask your question again. I happen to know that there have been a few problems with OS X and OpenSSL since El Capitan, so you’re probably not the first to encounter them. Cory [0]: https://mail.python.org/mailman/listinfo/cryptography-dev signature.asc Description: Message signed with OpenPGP using GPGMail ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
[Python-Dev] dynamic linking, libssl.1.0.0.dylib, libcrypto.1.0.0.dylib and Mac OS X
Hi All, I hit this every time I install packages on Mac OS X that use libssl, it looks like extensions are built linking to .dylib's that are not resolveable when the library is actually used: from OpenSSL import SSL Traceback (most recent call last): File "", line 1, in File "python2.7/site-packages/OpenSSL/__init__.py", line 8, in from OpenSSL import rand, crypto, SSL File "python2.7/site-packages/OpenSSL/rand.py", line 11, in from OpenSSL._util import ( File "python2.7/site-packages/OpenSSL/_util.py", line 6, in from cryptography.hazmat.bindings.openssl.binding import Binding File "python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 13, in from cryptography.hazmat.bindings._openssl import ffi, lib ImportError: dlopen(python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so, 2): Library not loaded: libssl.1.0.0.dylib Referenced from: python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so Reason: image not found Looking at what this links to, I see: $ otool -L lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0) Whereas the functional _ssl that ships with Python distributions on Mac OS X look like this: $ otool -L .../lib/python2.7/lib-dynload/_ssl.so .../lib/python2.7/lib-dynload/_ssl.so: @loader_path/../../libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0) What's going wrong here and what can be done differently to have 'pip install package_using_libssl' build a usable binary installation? Here's a couple of examples of this problem in the wild: https://github.com/alekstorm/backports.ssl/issues/9 http://stackoverflow.com/questions/32978365/how-do-i-run-psycopg2-on-el-capitan-without-hitting-a-libssl-error https://github.com/psycopg/psycopg2/issues/385 I'm well out of my depth here, I just want to use these libraries, but I'm happy to try and do the work to make the world a better place for Mac users of these libraries... Chris ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
