M2Crypto 0.20.1 won't build on Red Hat Linux

Discussion in 'Python' started by John Nagle, Sep 30, 2009.

  1. John Nagle

    John Nagle Guest

    M2Crypto, from

    http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-0.20.1.tar.gz

    won't build on Red Hat Linux / 386. The error is

    swig -python -I/usr/local/include/python2.5 -I/usr/include -includeall -o
    SWIG/_m2crypto_wrap.c

    SWIG/_m2crypto.i
    /usr/include/openssl/opensslconf.h:27: Error: CPP #error ""This openssl-devel
    package does not work your architecture?"".
    Use the -cpperraswarn option to continue swig processing.
    error: command 'swig' failed with exit status 1

    It's some incompatibility between Red Hat include file packaging and M2Crypto.

    There was at one time a note on how to deal with this problem, but it's been
    deleted. It's still in Google's cache, though.
    http://74.125.155.132/search?q=cach...s/ M2Crypto building&cd=2&hl=en&ct=clnk&gl=us

    I think I went through this mess two years ago, building M2Crypto 0.17. But
    I've forgotten the solution.

    What's current thinking on this?

    (I know, Python 2.6 has new SSL support, but MySQLdb doesn't support
    Python 2.6, so I can't convert yet.)

    John Nagle
     
    John Nagle, Sep 30, 2009
    #1
    1. Advertising

  2. John Nagle wrote:
    > M2Crypto, from
    >
    > http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-0.20.1.tar.gz
    >
    > won't build on Red Hat Linux / 386. The error is
    >
    > It's some incompatibility between Red Hat include file packaging and
    > M2Crypto.


    Yup, all Fedora Core-based systems actually.

    > There was at one time a note on how to deal with this problem, but it's
    > been deleted. It's still in Google's cache, though.


    Not deleted, but my hosting provider made some changes that put my blog
    and a number of sites down, without advance notice, while I was on
    vacation :( Blog is back up, so the URL works again:
    http://www.heikkitoivonen.net/blog/...-wrapper-for-fedora-core-based-distributions/

    I've also added this to the FAQ:
    http://chandlerproject.org/Projects/MeTooCrypto#Code

    --
    Heikki Toivonen - http://heikkitoivonen.net
     
    Heikki Toivonen, Oct 1, 2009
    #2
    1. Advertising

  3. John Nagle

    John Nagle Guest

    Heikki Toivonen wrote:
    > John Nagle wrote:
    >> M2Crypto, from
    >>
    >> http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-0.20.1.tar.gz
    >>
    >> won't build on Red Hat Linux / 386. The error is
    >>
    >> It's some incompatibility between Red Hat include file packaging and
    >> M2Crypto.

    >
    > Yup, all Fedora Core-based systems actually.
    >
    >
    > I've also added this to the FAQ:
    > http://chandlerproject.org/Projects/MeTooCrypto#Code


    OK, did that. The build is now failing with

    -bash-3.1$ ./fedora-setup.sh build
    running build
    running build_py
    creating build
    ....
    building 'M2Crypto.__m2crypto' extension
    swigging SWIG/_m2crypto.i to SWIG/_m2crypto_wrap.c
    swig -python -I/usr/local/include/python2.5 -I/usr/include -includeall -o
    SWIG/_m2crypto_wrap.c SWIG/_m2crypto.i
    SWIG/_evp.i:9: Error: Unable to find 'openssl/opensslconf-i686.h'
    SWIG/_ec.i:7: Error: Unable to find 'openssl/opensslconf-i686.h'
    error: command 'swig' failed with exit status 1
    -bash-3.1$


    Installed OpenSSL is "OpenSSL 0.9.8a 11 Oct 2005", and it doesn't
    have an "openssl/opensslconf-i686.h". It has an "openssl/opensslconf-i386.h".

    M2Crypto documentation says:
    0.20.1:
    * OpenSSL 0.9.7 or newer
    o Some optional new features will require OpenSSL 0.9.8 or newer

    so that's current.

    The problem, of course, is that using "uname -m" is asking the wrong question.
    It prints "i686" on CPUs that are 64-bit capable, even when they are running
    a 32-bit version of Linux. This is running on a 64-bit capable server.

    The right question is "uname --hardware-platform". That returns "i386" if
    running on something emulating a 386, even it it's 64-bit capable.

    With that change, the build runs to completion and and the regression tests
    mostly run. Test failure occurred at:

    ======================================================================
    FAIL: test_cipher_ok (tests.test_ssl.MiscSSLClientTestCase)
    ----------------------------------------------------------------------
    Traceback (most recent call last):
    File
    "/var/www/vhosts/sitetruth.com/private/downloads/M2Crypto/M2Crypto-0.20.1/tests/test_ssl.py",
    line 485, in test_cipher_ok
    assert s.get_cipher().name() == 'AES128-SHA', s.get_cipher().name()
    AssertionError: AES256-SHA

    ----------------------------------------------------------------------
    Ran 226 tests in 91.672s

    Is 'AES128-SHA' a cypher that Fedora Core doesn't support, or what?


    John Nagle
     
    John Nagle, Oct 1, 2009
    #3
  4. John Nagle wrote:
    > The right question is "uname --hardware-platform". That returns "i386" if
    > running on something emulating a 386, even it it's 64-bit capable.


    Thanks, I'll make a note that I'll need to clarify that part.

    > With that change, the build runs to completion and and the regression tests
    > mostly run. Test failure occurred at:
    >
    > ======================================================================
    > FAIL: test_cipher_ok (tests.test_ssl.MiscSSLClientTestCase)
    > ----------------------------------------------------------------------
    > Traceback (most recent call last):
    > File
    > "/var/www/vhosts/sitetruth.com/private/downloads/M2Crypto/M2Crypto-0.20.1/tests/test_ssl.py",
    > line 485, in test_cipher_ok
    > assert s.get_cipher().name() == 'AES128-SHA', s.get_cipher().name()
    > AssertionError: AES256-SHA
    >
    > ----------------------------------------------------------------------
    > Ran 226 tests in 91.672s
    >
    > Is 'AES128-SHA' a cypher that Fedora Core doesn't support, or what?


    That seems strange. OpenSSL does allow fine tuning what ciphers to build
    and operate with, but this is the first I hear AES128-SHA might not be
    turned on anymore. And even stranger still is that the test is
    explicitly asking for 128 yet it is getting 256 back. Could you rerun
    the test again just to make sure you can repeat it, and if so, let me
    know the fedora core, openssl, swig and python versions?

    --
    Heikki Toivonen - http://heikkitoivonen.net
     
    Heikki Toivonen, Oct 2, 2009
    #4
  5. John Nagle

    John Nagle Guest

    Heikki Toivonen wrote:
    > John Nagle wrote:
    >> The right question is "uname --hardware-platform". That returns "i386" if
    >> running on something emulating a 386, even it it's 64-bit capable.

    >
    > Thanks, I'll make a note that I'll need to clarify that part.
    >
    >> With that change, the build runs to completion and and the regression tests
    >> mostly run. Test failure occurred at:
    >>
    >> ======================================================================
    >> FAIL: test_cipher_ok (tests.test_ssl.MiscSSLClientTestCase)
    >> ----------------------------------------------------------------------
    >> Traceback (most recent call last):
    >> File
    >> "/var/www/vhosts/sitetruth.com/private/downloads/M2Crypto/M2Crypto-0.20.1/tests/test_ssl.py",
    >> line 485, in test_cipher_ok
    >> assert s.get_cipher().name() == 'AES128-SHA', s.get_cipher().name()
    >> AssertionError: AES256-SHA
    >>
    >> ----------------------------------------------------------------------
    >> Ran 226 tests in 91.672s
    >>
    >> Is 'AES128-SHA' a cypher that Fedora Core doesn't support, or what?

    >
    > That seems strange. OpenSSL does allow fine tuning what ciphers to build
    > and operate with, but this is the first I hear AES128-SHA might not be
    > turned on anymore. And even stranger still is that the test is
    > explicitly asking for 128 yet it is getting 256 back. Could you rerun
    > the test again just to make sure you can repeat it, and if so, let me
    > know the fedora core, openssl, swig and python versions?


    Ran it again. Same error.

    python setup.py test
    ....
    test_blocking0 (tests.test_ssl.MiscSSLClientTestCase) ... ok
    test_blocking1 (tests.test_ssl.MiscSSLClientTestCase) ... ok
    test_cipher_mismatch (tests.test_ssl.MiscSSLClientTestCase) ... ok
    test_cipher_ok (tests.test_ssl.MiscSSLClientTestCase) ... FAIL
    test_info_callback (tests.test_ssl.MiscSSLClientTestCase) ... LOOP: SSL connect:
    before/connect initialization
    LOOP: SSL connect: SSLv2/v3 write client hello A
    ....
    test_26_compat (tests.test_ssl.FtpslibTestCase) ... ok

    ======================================================================
    FAIL: test_cipher_ok (tests.test_ssl.MiscSSLClientTestCase)
    ----------------------------------------------------------------------
    Traceback (most recent call last):
    File
    "/var/www/vhosts/sitetruth.com/private/downloads/M2Crypto/M2Crypto-0.20.1/tests/test_ssl.py",
    line 485, in test_cipher_ok
    assert s.get_cipher().name() == 'AES128-SHA', s.get_cipher().name()
    AssertionError: AES256-SHA

    ----------------------------------------------------------------------
    Ran 226 tests in 166.875s

    FAILED (failures=1)

    System info:

    -bash-3.1$ uname -r -v
    2.6.18-1.2239.fc5smp #1 SMP Fri Nov 10 13:22:44 EST 2006

    -bash-3.1$ python --version
    Python 2.5

    -bash-3.1$ swig -version

    SWIG Version 1.3.31

    Compiled with i386-redhat-linux-g++ [i386-redhat-linux-gnu]
    Please see http://www.swig.org for reporting bugs and further information

    -bash-3.1$ openssl
    OpenSSL> version
    OpenSSL 0.9.8a 11 Oct 2005
    OpenSSL>

    So, per "http://chandlerproject.org/bin/view/Projects/MeTooCrypto":

    Required Python version: 2.4 or newer. Using Python 2.5. REQUIREMENT MET.
    Required SWIG version: 1.3.30 or newer. Using SWIG 1.3.31 REQUIREMENT MET.
    Required OpenSSL version: 0.9.8 or newer: Using OpenSSL 0.9.8a. REQUIREMENT MET.

    John Nagle
     
    John Nagle, Oct 2, 2009
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AJ
    Replies:
    0
    Views:
    376
  2. Replies:
    2
    Views:
    3,237
    Malte
    Sep 1, 2005
  3. Avalon1178
    Replies:
    3
    Views:
    614
    Martin Honnen
    Sep 3, 2005
  4. Dave In Redmond

    Re: Update to Python 2.3 on Red Hat Linux 9

    Dave In Redmond, Aug 29, 2003, in forum: Python
    Replies:
    1
    Views:
    404
    Jay Bromley
    Aug 30, 2003
  5. Bengt Richter
    Replies:
    4
    Views:
    334
    Bengt Richter
    Sep 1, 2003
Loading...

Share This Page