Peep install error when running letsencrypt-auto #2588

Closed
singlow opened this Issue Mar 2, 2016 · 9 comments

Comments

Projects
None yet
6 participants

singlow commented Mar 2, 2016

Just cloned the repo and tried to run in an Ubuntu 14.04 VPS. Using master f205d15

peep: (3, 1, 1)
python: '2.7.6 (default, Jun 22 2015, 17:58:13) 
[GCC 4.8.2]'
pip: '1.5.4'
Command line:  ['/tmp/tmp.zrzkeazK61/peep.py', 'install', '-r', '/tmp/tmp.zrzkeazK61/letsencrypt-auto-requirements.txt']
Traceback (most recent call last):
  File "/tmp/tmp.zrzkeazK61/peep.py", line 967, in <module>
    exit(main())
  File "/tmp/tmp.zrzkeazK61/peep.py", line 939, in main
    return commands[argv[1]](argv[2:])
  File "/tmp/tmp.zrzkeazK61/peep.py", line 884, in peep_install
    req.install()
  File "/tmp/tmp.zrzkeazK61/peep.py", line 652, in install
    run_pip(['install'] + other_args + ['--no-deps', '-U', archive_path])
  File "/tmp/tmp.zrzkeazK61/peep.py", line 206, in run_pip
    status_code = pip.main(initial_args)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/__init__.py", line 185, in main
    return command.main(cmd_args)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/basecommand.py", line 161, in main
    text = '
'.join(complete_log)
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 79: ordinal not in range(128)```

singlow commented Mar 2, 2016

More info. Looks like it may be related to a recent openssl update in Ubuntu. I see that openssl updated today on my all my systems and this brand new vm has the latest openssl. The message below hints that it is related to openssl. So this probably isn't anything you can do anything about.

generating cffi module 'build/temp.linux-x86_64-2.7/_constant_time.c'

generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'

building '_openssl' extension

creating build/temp.linux-x86_64-2.7/build

creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7

x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o

build/temp.linux-x86_64-2.7/_openssl.c:710:6: error: conflicting types for ‘BIO_new_mem_buf’

 BIO *BIO_new_mem_buf(void *, int);

      ^

In file included from /usr/include/openssl/asn1.h:65:0,

                 from build/temp.linux-x86_64-2.7/_openssl.c:426:

/usr/include/openssl/bio.h:692:6: note: previous declaration of ‘BIO_new_mem_buf’ was here

 BIO *BIO_new_mem_buf(const void *buf, int len);

      ^

error: command 'x86_64-linux-gnu-gcc' failed with exit status 1

----------------------------------------
Cleaning up...
Command /root/.local/share/letsencrypt/bin/python -c "import setuptools, tokenize;__file__='/tmp/pip-sS7QAO-build/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('
', '
'), __file__, 'exec'))" install --record /tmp/pip-Ee8cI9-record/install-record.txt --single-version-externally-managed --compile --install-headers /root/.local/share/letsencrypt/include/site/python2.7 failed with error code 1 in /tmp/pip-sS7QAO-build

singlow commented Mar 2, 2016

I came up with a temporary workaround for Ubuntu 14.04:

# downgrade and hold the openssl and libssl packages
# this makes you vulnerable to DROWN if you have SSLv2 enabled
apt-get install openssl=1.0.1f-1ubuntu2.18 libssl-dev=1.0.1f-1ubuntu2.18
apt-mark hold libssl-dev openssl

Then edit letsencrypt-auto to add --no-upgrade to prevent it from trying to upgrade libssl-dev which would break because it stops when the warning appears:

  $SUDO apt-get install -y --no-install-recommends --no-upgrade \
    python \
    python-dev \
    $virtualenv \
    gcc \
    dialog \
    $augeas_pkg \
    libssl-dev \
    libffi-dev \
    ca-certificates \

Then you can run letsencrypt-auto and get the certificate. Then upgrade openssl and libssl-dev when the certificate is installed. This will probably be resolved before it needs to renew.

apt-mark unhold libssl-dev openssl
apt-get upgrade

Your solution worked for me. And looks like the issue has been resolved at pyca/cryptography#2750

@simdol simdol referenced this issue in erikrose/peep Mar 2, 2016

Closed

UnicodeDecodeError 0xe2 in letsencrypt-auto #127

ccovey added a commit to ccovey/letsencrypt that referenced this issue Mar 2, 2016

Collaborator

erikrose commented Mar 2, 2016

It looks like you're having 2 problems: that cryptography one and then another that's likely a pip 1.5.4 bug, also seen in many other instances:

erikrose/peep#129
erikrose/peep#128
erikrose/peep#127
erikrose/peep#125

That version of pip is 2 years old, so we're going to see about doing an isolated upgrade in those cases.

s7anley commented Mar 2, 2016

Thanks @singlow!

@bmw bmw added this to the 0.4.2 milestone Mar 3, 2016

@bmw bmw closed this in #2594 Mar 3, 2016

xzitlou commented May 14, 2016

I tried @singlow 's solution on ubuntu 16.04 but it doesnt work, this issue shows up every time I try to run pip install -r requirements.txt
openssl_issue

Contributor

bmw commented May 16, 2016

@xzitlou, there are letsencrypt packages available on 16.04. Using these packages should be preferred in most cases instead of installing Certbot through pip.

If you still want to try to install through pip, however, did you also install Certbot's OS dependencies with apt? The easiest way to do this is to is to use to run certbot-auto --os-packages-only.

xzitlou commented May 16, 2016

@bmw I had to clear the $PATH and re install python and pip, I also remove cryptography from my requirements.txt and I installed manually, this fix the issue.

Thanks anyway.

@chenweisomebody126 chenweisomebody126 referenced this issue in istresearch/scrapy-cluster Mar 21, 2017

Closed

Error in installing requirements.txt #102

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment