Tag Archives: cryptography

ERROR: dev-python/cryptography-1.1.2::gentoo failed (compile phase)

Latest

emerge --sync
emerge --update --deep --newuse @world

broke “dev-python/cryptography” on my development “server”. By server I mean Intel Celeron at 400Mhz with 768Mb of RAM. Currently running MySQL, Apache, Apache Tomcat, Samba and Deluge.

i686-pc-linux-gnu-gcc -O2 -march=pentium2 -pipe -fomit-frame-pointer -fno-ident -fPIC -I/usr/include/python2.7 -c /var/tmp/portage/dev-python/cryptography-1.1.2/work/cryptography-1.1.2-python2_7/temp.linux-i686-2.7/_openssl.c -o /var/tmp/portage/dev-python/cryptography-1.1.2/work/cryptography-1.1.2-python2_7/temp.linux-i686-2.7/var/tmp/portage/dev-python/cryptography-1.1.2/work/cryptography-1.1.2-python2_7/temp.linux-i686-2.7/_openssl.o
/var/tmp/portage/dev-python/cryptography-1.1.2/work/cryptography-1.1.2-python2_7/temp.linux-i686-2.7/_openssl.c:2096:15: error: ‘SSLv2_method’ redeclared as different kind of symbol
 SSL_METHOD* (*SSLv2_method)(void) = NULL;

As the build error says dev-python/cryptography is looking for SSLv2. Doing

equery u openssl
[ Legend : U - final flag setting for installation]
[        : I - package is installed with flag     ]
[ Colors : set, unset                             ]
 * Found these USE flags for dev-libs/openssl-1.0.2h-r2:
 U I
 + + asm                : Support assembly hand optimized crypto functions (i.e. faster run time)
 + + bindist            : Disable EC algorithms (as they seem to be patented) -- note: changes the ABI
 - - cpu_flags_x86_sse2 : Use the SSE2 instruction set
 - - gmp                : Add support for dev-libs/gmp (GNU MP library)
 - - kerberos           : Add kerberos support
 - - rfc3779            : Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)
 - - sctp               : Support for Stream Control Transmission Protocol
 - - sslv2              : Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https
 + + sslv3              : Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https
 - - static-libs        : Build static versions of dynamic libraries as well
 - - test               : Workaround to pull in packages needed to run with FEATURES=test. Portage-2.1.2 handles this internally, so don't set it in
                          make.conf/package.use anymore
 + + tls-heartbeat      : Enable the Heartbeat Extension in TLS and DTLS
 - - vanilla            : Do not add extra patches which change default behaviour; DO NOT USE THIS ON A GLOBAL SCALE as the severity of the meaning changes
                          drastically
 + + zlib               : Add support for zlib (de)compression

Reveled that OpenSSL is build with ought SSLv2 suport. Adding sslv2 use flag for OpenSSL and rebuilding resolved the problem.

echo "dev-libs/openssl sslv2" > /etc/portage/package.use/openssl

According to me, this is a bug in “dev-python/cryptography“. The ebuild should do some kind of checking if sslv2 use flag is enabled, or it should introduce use flags controlling the version of ssl used.