ERROR: dev-python/cryptography-1.1.2::gentoo failed (compile phase)


emerge --sync
emerge --update --deep --newuse @world

broke “dev-python/cryptography” on my development “server”. By server I mean Intel Celeron at 400Mhz with 768Mb of RAM. Currently running MySQL, Apache, Apache Tomcat, Samba and Deluge.

i686-pc-linux-gnu-gcc -O2 -march=pentium2 -pipe -fomit-frame-pointer -fno-ident -fPIC -I/usr/include/python2.7 -c /var/tmp/portage/dev-python/cryptography-1.1.2/work/cryptography-1.1.2-python2_7/temp.linux-i686-2.7/_openssl.c -o /var/tmp/portage/dev-python/cryptography-1.1.2/work/cryptography-1.1.2-python2_7/temp.linux-i686-2.7/var/tmp/portage/dev-python/cryptography-1.1.2/work/cryptography-1.1.2-python2_7/temp.linux-i686-2.7/_openssl.o
/var/tmp/portage/dev-python/cryptography-1.1.2/work/cryptography-1.1.2-python2_7/temp.linux-i686-2.7/_openssl.c:2096:15: error: ‘SSLv2_method’ redeclared as different kind of symbol
 SSL_METHOD* (*SSLv2_method)(void) = NULL;

As the build error says dev-python/cryptography is looking for SSLv2. Doing

equery u openssl
[ Legend : U - final flag setting for installation]
[        : I - package is installed with flag     ]
[ Colors : set, unset                             ]
 * Found these USE flags for dev-libs/openssl-1.0.2h-r2:
 U I
 + + asm                : Support assembly hand optimized crypto functions (i.e. faster run time)
 + + bindist            : Disable EC algorithms (as they seem to be patented) -- note: changes the ABI
 - - cpu_flags_x86_sse2 : Use the SSE2 instruction set
 - - gmp                : Add support for dev-libs/gmp (GNU MP library)
 - - kerberos           : Add kerberos support
 - - rfc3779            : Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)
 - - sctp               : Support for Stream Control Transmission Protocol
 - - sslv2              : Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https
 + + sslv3              : Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https
 - - static-libs        : Build static versions of dynamic libraries as well
 - - test               : Workaround to pull in packages needed to run with FEATURES=test. Portage-2.1.2 handles this internally, so don't set it in
                          make.conf/package.use anymore
 + + tls-heartbeat      : Enable the Heartbeat Extension in TLS and DTLS
 - - vanilla            : Do not add extra patches which change default behaviour; DO NOT USE THIS ON A GLOBAL SCALE as the severity of the meaning changes
 + + zlib               : Add support for zlib (de)compression

Reveled that OpenSSL is build with ought SSLv2 suport. Adding sslv2 use flag for OpenSSL and rebuilding resolved the problem.

echo "dev-libs/openssl sslv2" > /etc/portage/package.use/openssl

According to me, this is a bug in “dev-python/cryptography“. The ebuild should do some kind of checking if sslv2 use flag is enabled, or it should introduce use flags controlling the version of ssl used.

If you liked this article and think it is useful use the buttons below.

Leave a Reply

Your email address will not be published. Required fields are marked *