| Message ID | 20220913093452.47839-1-mikko.rapeli@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | python3-cryptography: workaround broken native functionality | expand |
On Tue, 2022-09-13 at 12:34 +0300, Mikko Rapeli wrote: > The python3-cryptography-native builds work but are functionally broken > on Ubuntu 18.04 build host since the update from 3.3.2 in > meta-openembedded/meta-python. If recipe needs and DEPENDS on > python3-cryptography-native for signing use cases, loading > the python modules fails: > > $ python3 -c "from OpenSSL import crypto" > Traceback (most recent call last): > File "<string>", line 1, in <module> > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/__init__.py", line 8, in <module> > from OpenSSL import crypto, SSL > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/crypto.py", line 11, in <module> > from OpenSSL._util import ( > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/_util.py", line 5, in <module> > from cryptography.hazmat.bindings.openssl.binding import Binding > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 228, in <module> > Binding.init_static_locks() > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 188, in init_static_locks > cls._ensure_ffi_initialized() > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 176, in _ensure_ffi_initialized > _openssl_assert( > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 90, in _openssl_assert > raise InternalError( > cryptography.exceptions.InternalError: Unknown OpenSSL error. This error is commonly encountered when another library is not cleaning up the OpenSSL error stack. If you are using cryptography with another library that uses OpenSSL try disabling it before reporting a bug. Otherwise please file an issue at https://github.com/pyca/cryptography/issues with information on how to reproduce this. ([_OpenSSLErrorWithText(code=310378599, lib=37, reason=103, reason_text=b'error:12800067:DSO support routines::could not load the shared library'), _OpenSSLErrorWithText(code=310378599, lib=37, reason=103, reason_text=b'error:12800067:DSO support routines::could not load the shared library'), _OpenSSLErrorWithText(code=126615813, lib=15, reason=786693, reason_text=b'error:078C0105:common libcrypto routines::init fail')]) > > This hacky patch enables enough functionality in > python3-cryptography-native to work so that basic secure boot > signing use cases work again. > > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> > --- > ...3-cryptography_hack_to_remove_legacy.patch | 54 +++++++++++++++++++ > .../python/python3-cryptography_37.0.4.bb | 5 ++ > 2 files changed, 59 insertions(+) > create mode 100644 meta/recipes-devtools/python/python3-cryptography/python3-cryptography_hack_to_remove_legacy.patch I'm very nervous about taking a patch like this as it would be near impossible to tell when we still need it or not and it has zero chance of making it upstream. Do we know how the openssl library is breaking internally? Is this some kind of glibc or loader mismatch? Is it mixing up our sysroot ssl library with the host one somehow? Cheers, Richard
Hi, On Tue, 13 Sept 2022 at 13:01, Richard Purdie <richard.purdie@linuxfoundation.org> wrote: > > On Tue, 2022-09-13 at 12:34 +0300, Mikko Rapeli wrote: > > The python3-cryptography-native builds work but are functionally broken > > on Ubuntu 18.04 build host since the update from 3.3.2 in > > meta-openembedded/meta-python. If recipe needs and DEPENDS on > > python3-cryptography-native for signing use cases, loading > > the python modules fails: > > > > $ python3 -c "from OpenSSL import crypto" > > Traceback (most recent call last): > > File "<string>", line 1, in <module> > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/__init__.py", line 8, in <module> > > from OpenSSL import crypto, SSL > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/crypto.py", line 11, in <module> > > from OpenSSL._util import ( > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/_util.py", line 5, in <module> > > from cryptography.hazmat.bindings.openssl.binding import Binding > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 228, in <module> > > Binding.init_static_locks() > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 188, in init_static_locks > > cls._ensure_ffi_initialized() > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 176, in _ensure_ffi_initialized > > _openssl_assert( > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 90, in _openssl_assert > > raise InternalError( > > cryptography.exceptions.InternalError: Unknown OpenSSL error. This error is commonly encountered when another library is not cleaning up the OpenSSL error stack. If you are using cryptography with another library that uses OpenSSL try disabling it before reporting a bug. Otherwise please file an issue at https://github.com/pyca/cryptography/issues with information on how to reproduce this. ([_OpenSSLErrorWithText(code=310378599, lib=37, reason=103, reason_text=b'error:12800067:DSO support routines::could not load the shared library'), _OpenSSLErrorWithText(code=310378599, lib=37, reason=103, reason_text=b'error:12800067:DSO support routines::could not load the shared library'), _OpenSSLErrorWithText(code=126615813, lib=15, reason=786693, reason_text=b'error:078C0105:common libcrypto routines::init fail')]) > > > > This hacky patch enables enough functionality in > > python3-cryptography-native to work so that basic secure boot > > signing use cases work again. > > > > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> > > --- > > ...3-cryptography_hack_to_remove_legacy.patch | 54 +++++++++++++++++++ > > .../python/python3-cryptography_37.0.4.bb | 5 ++ > > 2 files changed, 59 insertions(+) > > create mode 100644 meta/recipes-devtools/python/python3-cryptography/python3-cryptography_hack_to_remove_legacy.patch > > I'm very nervous about taking a patch like this as it would be near > impossible to tell when we still need it or not and it has zero chance > of making it upstream. > > Do we know how the openssl library is breaking internally? Is this some > kind of glibc or loader mismatch? Is it mixing up our sysroot ssl > library with the host one somehow? I could not see what exactly was wrong. python3 is taken correctly from recipe-sysroot-native path, same for all shared libraries like openssl, cffi etc. I went through strace output of the test case and could not see what exactly is wrong there. All binaries are openat()'ed from the native sysroot, part from libc, pthreads and a few others which AFAIK are normal. The openssl.cnf file is not found in native sysroot, which is another small bug, but that did not seem to fix this (I just hacked it to work, some absolute build openssl-native env path leaks into the openssl-native binaries). The old version 3.3.2 version of python3-cryptography from meta-openembedded/meta-python works without any problems. It's just the new versions 35, 36 and 37 which have this issue. On my Ubuntu 18.04 machine, python3-cryptography-native 35 and later don't work at all without this workaround. Would be nice to know if others can reproduce this on other host distributions. I was testing with busybox changes: meta/recipes-core/busybox/busybox_1.35.0.bb @@ -54,3 +54,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ SRC_URI:append:libc-musl = " file://musl.cfg " SRC_URI[tarball.sha256sum] = "faeeb244c35a348a334f4a59e44626ee870fb07b6884d68c10ae8bc19f83a694" + +inherit python3native + +DEPENDS += "python3-pyopenssl-native" And then in bitbake -c devshell busybox: # python3 -c "from OpenSSL import crypto" I guess there is no way to add a test like that for python3-cryptography-native? Cheers, -Mikko On Tue, 13 Sept 2022 at 13:01, Richard Purdie <richard.purdie@linuxfoundation.org> wrote: > > On Tue, 2022-09-13 at 12:34 +0300, Mikko Rapeli wrote: > > The python3-cryptography-native builds work but are functionally broken > > on Ubuntu 18.04 build host since the update from 3.3.2 in > > meta-openembedded/meta-python. If recipe needs and DEPENDS on > > python3-cryptography-native for signing use cases, loading > > the python modules fails: > > > > $ python3 -c "from OpenSSL import crypto" > > Traceback (most recent call last): > > File "<string>", line 1, in <module> > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/__init__.py", line 8, in <module> > > from OpenSSL import crypto, SSL > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/crypto.py", line 11, in <module> > > from OpenSSL._util import ( > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/_util.py", line 5, in <module> > > from cryptography.hazmat.bindings.openssl.binding import Binding > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 228, in <module> > > Binding.init_static_locks() > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 188, in init_static_locks > > cls._ensure_ffi_initialized() > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 176, in _ensure_ffi_initialized > > _openssl_assert( > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 90, in _openssl_assert > > raise InternalError( > > cryptography.exceptions.InternalError: Unknown OpenSSL error. This error is commonly encountered when another library is not cleaning up the OpenSSL error stack. If you are using cryptography with another library that uses OpenSSL try disabling it before reporting a bug. Otherwise please file an issue at https://github.com/pyca/cryptography/issues with information on how to reproduce this. ([_OpenSSLErrorWithText(code=310378599, lib=37, reason=103, reason_text=b'error:12800067:DSO support routines::could not load the shared library'), _OpenSSLErrorWithText(code=310378599, lib=37, reason=103, reason_text=b'error:12800067:DSO support routines::could not load the shared library'), _OpenSSLErrorWithText(code=126615813, lib=15, reason=786693, reason_text=b'error:078C0105:common libcrypto routines::init fail')]) > > > > This hacky patch enables enough functionality in > > python3-cryptography-native to work so that basic secure boot > > signing use cases work again. > > > > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> > > --- > > ...3-cryptography_hack_to_remove_legacy.patch | 54 +++++++++++++++++++ > > .../python/python3-cryptography_37.0.4.bb | 5 ++ > > 2 files changed, 59 insertions(+) > > create mode 100644 meta/recipes-devtools/python/python3-cryptography/python3-cryptography_hack_to_remove_legacy.patch > > I'm very nervous about taking a patch like this as it would be near > impossible to tell when we still need it or not and it has zero chance > of making it upstream. > > Do we know how the openssl library is breaking internally? Is this some > kind of glibc or loader mismatch? Is it mixing up our sysroot ssl > library with the host one somehow? > > Cheers, > > Richard
On Tue, 2022-09-13 at 13:29 +0300, Mikko Rapeli wrote: > Hi, > > On Tue, 13 Sept 2022 at 13:01, Richard Purdie > <richard.purdie@linuxfoundation.org> wrote: > > > > On Tue, 2022-09-13 at 12:34 +0300, Mikko Rapeli wrote: > > > The python3-cryptography-native builds work but are functionally broken > > > on Ubuntu 18.04 build host since the update from 3.3.2 in > > > meta-openembedded/meta-python. If recipe needs and DEPENDS on > > > python3-cryptography-native for signing use cases, loading > > > the python modules fails: > > > > > > $ python3 -c "from OpenSSL import crypto" > > > Traceback (most recent call last): > > > File "<string>", line 1, in <module> > > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/__init__.py", line 8, in <module> > > > from OpenSSL import crypto, SSL > > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/crypto.py", line 11, in <module> > > > from OpenSSL._util import ( > > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/_util.py", line 5, in <module> > > > from cryptography.hazmat.bindings.openssl.binding import Binding > > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 228, in <module> > > > Binding.init_static_locks() > > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 188, in init_static_locks > > > cls._ensure_ffi_initialized() > > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 176, in _ensure_ffi_initialized > > > _openssl_assert( > > > File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 90, in _openssl_assert > > > raise InternalError( > > > cryptography.exceptions.InternalError: Unknown OpenSSL error. This error is commonly encountered when another library is not cleaning up the OpenSSL error stack. If you are using cryptography with another library that uses OpenSSL try disabling it before reporting a bug. Otherwise please file an issue at https://github.com/pyca/cryptography/issues with information on how to reproduce this. ([_OpenSSLErrorWithText(code=310378599, lib=37, reason=103, reason_text=b'error:12800067:DSO support routines::could not load the shared library'), _OpenSSLErrorWithText(code=310378599, lib=37, reason=103, reason_text=b'error:12800067:DSO support routines::could not load the shared library'), _OpenSSLErrorWithText(code=126615813, lib=15, reason=786693, reason_text=b'error:078C0105:common libcrypto routines::init fail')]) > > > > > > This hacky patch enables enough functionality in > > > python3-cryptography-native to work so that basic secure boot > > > signing use cases work again. > > > > > > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> > > > --- > > > ...3-cryptography_hack_to_remove_legacy.patch | 54 +++++++++++++++++++ > > > .../python/python3-cryptography_37.0.4.bb | 5 ++ > > > 2 files changed, 59 insertions(+) > > > create mode 100644 meta/recipes-devtools/python/python3-cryptography/python3-cryptography_hack_to_remove_legacy.patch > > > > I'm very nervous about taking a patch like this as it would be near > > impossible to tell when we still need it or not and it has zero chance > > of making it upstream. > > > > Do we know how the openssl library is breaking internally? Is this some > > kind of glibc or loader mismatch? Is it mixing up our sysroot ssl > > library with the host one somehow? > > I could not see what exactly was wrong. > > python3 is taken correctly from recipe-sysroot-native path, same for > all shared libraries like openssl, cffi etc. > I went through strace output of the test case and could not see what > exactly is wrong there. All binaries are openat()'ed from > the native sysroot, part from libc, pthreads and a few others which > AFAIK are normal. Are you using uninative? I'd have expected glibc and pthreads to come from there rather than the host. > The openssl.cnf file > is not found in native sysroot, which is another small bug, but that > did not seem to fix this (I just hacked it to work, some > absolute build openssl-native env path leaks into the openssl-native binaries). > > The old version 3.3.2 version of python3-cryptography from > meta-openembedded/meta-python works without any problems. > It's just the new versions 35, 36 and 37 which have this issue. > > On my Ubuntu 18.04 machine, python3-cryptography-native 35 and later > don't work at all without this workaround. > Would be nice to know if others can reproduce this on other host distributions. > > I was testing with busybox changes: > > meta/recipes-core/busybox/busybox_1.35.0.bb > @@ -54,3 +54,7 @@ SRC_URI = > "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ > SRC_URI:append:libc-musl = " file://musl.cfg " > > SRC_URI[tarball.sha256sum] = > "faeeb244c35a348a334f4a59e44626ee870fb07b6884d68c10ae8bc19f83a694" > + > +inherit python3native > + > +DEPENDS += "python3-pyopenssl-native" > > And then in bitbake -c devshell busybox: > > # python3 -c "from OpenSSL import crypto" > > I guess there is no way to add a test like that for python3-cryptography-native? You could probably put that in do_configure to test it? Cheers, Richard
On Tue, 13 Sept 2022 at 13:34, Richard Purdie <richard.purdie@linuxfoundation.org> wrote: > Are you using uninative? I'd have expected glibc and pthreads to come > from there rather than the host. Yes, using uninative, not host libc, sorry. Added full list of openat()'d files to the end of this email, from master branch with this patch applied. Delta to without this patch is just a few python modules. I can't see anything wrong in that list. > > And then in bitbake -c devshell busybox: > > > > # python3 -c "from OpenSSL import crypto" > > > > I guess there is no way to add a test like that for python3-cryptography-native? > > You could probably put that in do_configure to test it? Yes, on my layer and recipes I can do this. But I'd rather upstream the test to python3-cryprography-native or somewhere else but I guess native recipes don't have selftests or similar. -Mikko list of files opened by python3 when using python3-cryptography, failed attempts filtered as so many paths get tried: # strace -f -f -v -v -v -s 99999 python3 -c "from OpenSSL import crypto" 2>&1 | grep ^openat|grep -v -- "-1 ENOENT" openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/sysroots-components/x86_64/pseudo-native/usr/lib/pseudo/lib64/libpseudo.so", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/bin/python3-native/../../lib/libpython3.10.so.1.0", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/sysroots-uninative/x86_64-linux/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/sysroots-uninative/x86_64-linux/lib/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/sysroots-uninative/x86_64-linux/lib/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/sysroots-uninative/x86_64-linux/lib/libutil.so.1", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/sysroots-uninative/x86_64-linux/lib/libm.so.6", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/sysroots-components/x86_64/pseudo-native/usr", O_RDONLY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/pseudo/", O_RDONLY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/sysroots-uninative/x86_64-linux/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/sysroots-uninative/x86_64-linux/usr/lib/gconv/gconv-modules", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/sysroots-uninative/x86_64-linux/usr/lib/gconv/gconv-modules.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/sysroots-uninative/x86_64-linux/usr/lib/gconv/gconv-modules.d/gconv-modules-extra.conf", O_RDONLY|O_CLOEXEC) = 4 openat(AT_FDCWD, ".", O_RDONLY) = 3 openat(AT_FDCWD, "/home/builder/poky/bitbake/lib", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/busybox-1.35.0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/encodings/__pycache__/__init__.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/codecs.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/encodings", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/encodings/__pycache__/aliases.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/encodings/__pycache__/utf_8.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/io.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/abc.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/site.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/os.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/stat.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/_collections_abc.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/posixpath.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/genericpath.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/_sitebuiltins.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/distutils-precedence.pth", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/lib-dynload", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/_distutils_hack/__pycache__/__init__.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 4 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/__pycache__/__init__.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/__init__.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/__pycache__/crypto.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/crypto.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/calendar.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/datetime.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/lib-dynload/math.cpython-310-x86_64-linux-gnu.so", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/operator.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/lib-dynload/_datetime.cpython-310-x86_64-linux-gnu.so", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/locale.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/re.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/enum.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/types.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/sre_compile.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/sre_parse.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/sre_constants.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/functools.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/collections/__pycache__/__init__.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/keyword.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/reprlib.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/copyreg.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/base64.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/struct.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/lib-dynload/_struct.cpython-310-x86_64-linux-gnu.so", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/lib-dynload/binascii.cpython-310-x86_64-linux-gnu.so", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/lib-dynload/../../libz.so.1", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/__pycache__/__init__.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/__init__.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/warnings.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/__pycache__/__about__.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/__about__.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/__pycache__/utils.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/utils.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/inspect.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/ast.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/contextlib.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/dis.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/opcode.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/lib-dynload/_opcode.cpython-310-x86_64-linux-gnu.so", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/collections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/collections/__pycache__/abc.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/importlib/__pycache__/__init__.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/importlib", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/importlib/__pycache__/machinery.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/linecache.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/tokenize.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/token.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/typing.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/x509/__pycache__/__init__.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/x509/__init__.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/x509", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/x509/__pycache__/certificate_transparency.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/x509/certificate_transparency.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/__pycache__/__init__.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/__init__.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/__pycache__/__init__.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/__init__.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust.abi3.so", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/sysroots-uninative/x86_64-linux/lib/libgcc_s.so.1", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/sysroots-uninative/x86_64-linux/lib/librt.so.1", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/x509/__pycache__/base.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/x509/base.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/__pycache__/__init__.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/__init__.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/__pycache__/hashes.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/hashes.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/__pycache__/exceptions.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/exceptions.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/serialization/__pycache__/__init__.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/serialization/__init__.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/__pycache__/_serialization.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/_serialization.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/serialization", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/serialization/__pycache__/base.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/serialization/base.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/__pycache__/__init__.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/__init__.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/__pycache__/dh.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/dh.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/__pycache__/types.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/types.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/__pycache__/dsa.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/dsa.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/__pycache__/utils.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/utils.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/__pycache__/ec.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ec.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/__pycache__/_oid.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/_oid.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/__pycache__/ed25519.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed25519.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/__pycache__/ed448.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed448.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/__pycache__/rsa.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/__pycache__/_asymmetric.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/_asymmetric.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/__pycache__/x25519.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x25519.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/__pycache__/x448.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x448.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/serialization/__pycache__/ssh.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/serialization/ssh.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/ciphers/__pycache__/__init__.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/ciphers/__init__.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/__pycache__/_cipheralgorithm.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/_cipheralgorithm.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/ciphers", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/ciphers/__pycache__/base.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/ciphers/base.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/ciphers/__pycache__/modes.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/ciphers/modes.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/ciphers/__pycache__/algorithms.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/ciphers/algorithms.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/x509/__pycache__/extensions.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/x509/extensions.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/hashlib.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/lib-dynload/_hashlib.cpython-310-x86_64-linux-gnu.so", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/lib-dynload/../../libcrypto.so.3", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/lib-dynload/_blake2.cpython-310-x86_64-linux-gnu.so", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/ipaddress.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/__pycache__/constant_time.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/constant_time.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/hmac.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/x509/__pycache__/general_name.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/x509/general_name.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/email/__pycache__/__init__.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/email", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/email/__pycache__/utils.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/random.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/bisect.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/lib-dynload/_bisect.cpython-310-x86_64-linux-gnu.so", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/lib-dynload/_random.cpython-310-x86_64-linux-gnu.so", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/lib-dynload/_sha512.cpython-310-x86_64-linux-gnu.so", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/socket.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/lib-dynload/_socket.cpython-310-x86_64-linux-gnu.so", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/selectors.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/lib-dynload/select.cpython-310-x86_64-linux-gnu.so", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/lib-dynload/array.cpython-310-x86_64-linux-gnu.so", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/urllib/__pycache__/__init__.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/urllib", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/urllib/__pycache__/parse.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/email/__pycache__/_parseaddr.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/email/__pycache__/charset.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/email/__pycache__/base64mime.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/email/__pycache__/quoprimime.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/string.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/email/__pycache__/errors.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/email/__pycache__/encoders.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/quopri.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/x509/__pycache__/name.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/x509/name.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/x509/__pycache__/oid.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/x509/oid.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/__pycache__/_util.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/_util.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/__pycache__/__init__.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/__init__.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/__pycache__/binding.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/threading.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/_weakrefset.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/../../../../../libssl.so.3", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/_cffi_backend.cpython-310-x86_64-linux-gnu.so", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/../../libffi.so.8", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/__pycache__/_conditional.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/_conditional.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/__pycache__/SSL.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/SSL.py", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/__pycache__/weakref.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/__pycache__/version.cpython-310.pyc", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/version.py", O_RDONLY|O_CLOEXEC) = 3
On Tue, 2022-09-13 at 14:13 +0300, Mikko Rapeli wrote: > On Tue, 13 Sept 2022 at 13:34, Richard Purdie > <richard.purdie@linuxfoundation.org> wrote: > > Are you using uninative? I'd have expected glibc and pthreads to come > > from there rather than the host. > > Yes, using uninative, not host libc, sorry. Added full list of > openat()'d files to the end of this email, from master branch with > this patch applied. > Delta to without this patch is just a few python modules. I can't see > anything wrong in that list. It looks correct to me too. It is weird it is ubuntu 18.04 as we had a lot of problems with the rust SDK work specifically on that platform. The problem there was rust running things with LD_LIBRARY_PATH set which meant host tools tried to use the SDK sysroot libs which then broke in interesting ways. It was specific to the form of the version mismatch on 18.04. I have no idea if there is a connection, your strace output certainly suggests not. > > > > And then in bitbake -c devshell busybox: > > > > > > # python3 -c "from OpenSSL import crypto" > > > > > > I guess there is no way to add a test like that for python3-cryptography-native? > > > > You could probably put that in do_configure to test it? > > Yes, on my layer and recipes I can do this. But I'd rather upstream > the test to python3-cryprography-native or somewhere else but I guess > native recipes don't have selftests or similar. I was wondering about putting something into upstream recipe... We do somehow need to get more information about what is breaking here :/. Cheers, Richard
Hi,
Found the root cause. As suggested on #pyco too maybe native openssl
was mising legacy support.
It wasn't but loading the on purpose hidden openssl legacy.so was
failing. It is located in
recipe-sysroot-native/usr/lib/ossl-modules/legacy.so and only found
via OPENSSL_MODULES
variable which wasn't set for python3-native users. These custom
variables are set in the native openssl
wrapper script and this also fixes the not found openssl.cnf. Now I
could send a patch which sets
the OPENSSL_CONF, OPENSSL_ENGINES and OPENSSL_MODULES paths for python3
users via python3native.bbclass:
--- a/meta/classes-recipe/python3native.bbclass
+++ b/meta/classes-recipe/python3native.bbclass
@@ -28,3 +28,10 @@ export PYTHONNOUSERSITE = "1"
# autoconf macros will use their internal default preference otherwise
export PYTHON
+
+# find openssl under python, see openssl native wrapper
+export OPENSSL_CONF="${STAGING_LIBDIR_NATIVE}/ssl-3/openssl.cnf"
+export SSL_CERT_DIR="${STAGING_LIBDIR_NATIVE}/ssl-3/certs"
+export SSL_CERT_FILE="${STAGING_LIBDIR_NATIVE}/ssl-3/cert.pem"
+export OPENSSL_ENGINES="${STAGING_LIBDIR_NATIVE}/engines-3"
+export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
but that is still a copy of those variables which openssl recipe owns,
and other users of openssl may
have similar issues. Is there a way to export these for everyone who
depends directly or indirectly
from openssl-native?
Cheers,
-Mikko
On Tue, 13 Sept 2022 at 15:24, Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> On Tue, 2022-09-13 at 14:13 +0300, Mikko Rapeli wrote:
> > On Tue, 13 Sept 2022 at 13:34, Richard Purdie
> > <richard.purdie@linuxfoundation.org> wrote:
> > > Are you using uninative? I'd have expected glibc and pthreads to come
> > > from there rather than the host.
> >
> > Yes, using uninative, not host libc, sorry. Added full list of
> > openat()'d files to the end of this email, from master branch with
> > this patch applied.
> > Delta to without this patch is just a few python modules. I can't see
> > anything wrong in that list.
>
> It looks correct to me too.
>
> It is weird it is ubuntu 18.04 as we had a lot of problems with the
> rust SDK work specifically on that platform. The problem there was rust
> running things with LD_LIBRARY_PATH set which meant host tools tried to
> use the SDK sysroot libs which then broke in interesting ways. It was
> specific to the form of the version mismatch on 18.04.
>
> I have no idea if there is a connection, your strace output certainly
> suggests not.
> >
> > > > And then in bitbake -c devshell busybox:
> > > >
> > > > # python3 -c "from OpenSSL import crypto"
> > > >
> > > > I guess there is no way to add a test like that for python3-cryptography-native?
> > >
> > > You could probably put that in do_configure to test it?
> >
> > Yes, on my layer and recipes I can do this. But I'd rather upstream
> > the test to python3-cryprography-native or somewhere else but I guess
> > native recipes don't have selftests or similar.
>
> I was wondering about putting something into upstream recipe...
>
> We do somehow need to get more information about what is breaking here
> :/.
>
> Cheers,
>
> Richard
I can only think of patching openssl to pick up a oe-specific environment variable pointing to staging_libdir_native - making a wrapper for every native binary that sets those variables doesn't seem feasible. Alex On Wed, 14 Sept 2022 at 10:09, Mikko Rapeli <mikko.rapeli@linaro.org> wrote: > > Hi, > > Found the root cause. As suggested on #pyco too maybe native openssl > was mising legacy support. > It wasn't but loading the on purpose hidden openssl legacy.so was > failing. It is located in > recipe-sysroot-native/usr/lib/ossl-modules/legacy.so and only found > via OPENSSL_MODULES > variable which wasn't set for python3-native users. These custom > variables are set in the native openssl > wrapper script and this also fixes the not found openssl.cnf. Now I > could send a patch which sets > the OPENSSL_CONF, OPENSSL_ENGINES and OPENSSL_MODULES paths for python3 > users via python3native.bbclass: > > --- a/meta/classes-recipe/python3native.bbclass > +++ b/meta/classes-recipe/python3native.bbclass > @@ -28,3 +28,10 @@ export PYTHONNOUSERSITE = "1" > > # autoconf macros will use their internal default preference otherwise > export PYTHON > + > +# find openssl under python, see openssl native wrapper > +export OPENSSL_CONF="${STAGING_LIBDIR_NATIVE}/ssl-3/openssl.cnf" > +export SSL_CERT_DIR="${STAGING_LIBDIR_NATIVE}/ssl-3/certs" > +export SSL_CERT_FILE="${STAGING_LIBDIR_NATIVE}/ssl-3/cert.pem" > +export OPENSSL_ENGINES="${STAGING_LIBDIR_NATIVE}/engines-3" > +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" > > but that is still a copy of those variables which openssl recipe owns, > and other users of openssl may > have similar issues. Is there a way to export these for everyone who > depends directly or indirectly > from openssl-native? > > Cheers, > > -Mikko > > On Tue, 13 Sept 2022 at 15:24, Richard Purdie > <richard.purdie@linuxfoundation.org> wrote: > > > > On Tue, 2022-09-13 at 14:13 +0300, Mikko Rapeli wrote: > > > On Tue, 13 Sept 2022 at 13:34, Richard Purdie > > > <richard.purdie@linuxfoundation.org> wrote: > > > > Are you using uninative? I'd have expected glibc and pthreads to come > > > > from there rather than the host. > > > > > > Yes, using uninative, not host libc, sorry. Added full list of > > > openat()'d files to the end of this email, from master branch with > > > this patch applied. > > > Delta to without this patch is just a few python modules. I can't see > > > anything wrong in that list. > > > > It looks correct to me too. > > > > It is weird it is ubuntu 18.04 as we had a lot of problems with the > > rust SDK work specifically on that platform. The problem there was rust > > running things with LD_LIBRARY_PATH set which meant host tools tried to > > use the SDK sysroot libs which then broke in interesting ways. It was > > specific to the form of the version mismatch on 18.04. > > > > I have no idea if there is a connection, your strace output certainly > > suggests not. > > > > > > > > And then in bitbake -c devshell busybox: > > > > > > > > > > # python3 -c "from OpenSSL import crypto" > > > > > > > > > > I guess there is no way to add a test like that for python3-cryptography-native? > > > > > > > > You could probably put that in do_configure to test it? > > > > > > Yes, on my layer and recipes I can do this. But I'd rather upstream > > > the test to python3-cryprography-native or somewhere else but I guess > > > native recipes don't have selftests or similar. > > > > I was wondering about putting something into upstream recipe... > > > > We do somehow need to get more information about what is breaking here > > :/. > > > > Cheers, > > > > Richard > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#170640): https://lists.openembedded.org/g/openembedded-core/message/170640 > Mute This Topic: https://lists.openembedded.org/mt/93651845/1686489 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On Wed, 14 Sept 2022 at 11:19, Alexander Kanavin <alex.kanavin@gmail.com> wrote: > I can only think of patching openssl to pick up a oe-specific > environment variable pointing to staging_libdir_native - making a > wrapper for every native binary that sets those variables doesn't seem > feasible. Hmm. I'm a bit worried that things like git, subversion, http clients using openssl shared libraries are not configured correctly to check certificates. The default use cases in shared library work, only the legacy module is tricky to find. But config and certificate store are tricky. Basically without the cert paths TLS connections don't verify verify: # OPENSSL_CONF="" OPENSSL_ENGINES="" OPENSSL_MODULES="" SSL_CERT_DIR="" SSL_CERT_FILE="" openssl.real s_client -connect www.google.com:443 < /dev/null | grep ^Verification depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1 verify error:num=20:unable to get local issuer certificate verify return:1 depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 verify return:1 depth=0 CN = www.google.com verify return:1 DONE Verification error: unable to get local issuer certificate With the openssl wrapper and if those variables are set correcty for the native sysroot paths, then certs get verified: # openssl s_client -connect www.google.com:443 < /dev/null | grep ^Verification depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1 verify return:1 depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 verify return:1 depth=0 CN = www.google.com verify return:1 DONE Verification: OK For example subversion-native doesn't work without the certs and hangs on the question: # OPENSSL_CONF="" OPENSSL_ENGINES="" OPENSSL_MODULES="" SSL_CERT_DIR="" SSL_CERT_FILE="" svn co https://www.google.com Error validating server certificate for 'https://www.google.com:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! Certificate information: - Hostname: www.google.com - Valid: from Aug 29 08:20:19 2022 GMT until Nov 21 08:20:18 2022 GMT - Issuer: GTS CA 1C3, Google Trust Services LLC, US - Fingerprint: BB:17:2A:6B:F5:43:2C:2B:53:D6:EC:11:21:D3:54:EF:9A:95:19:33 (R)eject, accept (t)emporarily or accept (p)ermanently? If the openssl variables are set it works: # set|grep SSL OPENSSL_CONF=/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/ssl-3/openssl.cnf OPENSSL_ENGINES=/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/engines-3 OPENSSL_MODULES=/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/ossl-modules SSL_CERT_DIR=/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/ssl-3/certs SSL_CERT_FILE=/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/ssl-3/cert.pem # svn co https://www.google.com svn: E170013: Unable to connect to a repository at URL 'https://www.google.com' svn: E175015: The HTTP method 'OPTIONS' is not allowed on '/' Wrappers here and there doesn't seem like a good idea.. Cheers, -Mikko
But I'm not asking to make wrappers. I'm asking to patch openssl code itself to check for an oe-specific environment variable where it's making the decision where these things should be looked for. We already do this with native python. Alex On Wed, 14 Sept 2022 at 10:43, Mikko Rapeli <mikko.rapeli@linaro.org> wrote: > > On Wed, 14 Sept 2022 at 11:19, Alexander Kanavin <alex.kanavin@gmail.com> wrote: > > I can only think of patching openssl to pick up a oe-specific > > environment variable pointing to staging_libdir_native - making a > > wrapper for every native binary that sets those variables doesn't seem > > feasible. > > Hmm. I'm a bit worried that things like git, subversion, http clients > using openssl shared libraries are > not configured correctly to check certificates. > > The default use cases in shared library work, only the legacy module > is tricky to find. But config > and certificate store are tricky. > > Basically without the cert paths TLS connections don't verify verify: > > # OPENSSL_CONF="" OPENSSL_ENGINES="" OPENSSL_MODULES="" > SSL_CERT_DIR="" SSL_CERT_FILE="" openssl.real s_client -connect > www.google.com:443 < /dev/null | grep ^Verification > depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1 > verify error:num=20:unable to get local issuer certificate > verify return:1 > depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 > verify return:1 > depth=0 CN = www.google.com > verify return:1 > DONE > Verification error: unable to get local issuer certificate > > With the openssl wrapper and if those variables are set correcty for > the native sysroot paths, then certs get verified: > > # openssl s_client -connect www.google.com:443 < /dev/null | grep ^Verification > depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1 > verify return:1 > depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 > verify return:1 > depth=0 CN = www.google.com > verify return:1 > DONE > Verification: OK > > For example subversion-native doesn't work without the certs and hangs > on the question: > > # OPENSSL_CONF="" OPENSSL_ENGINES="" OPENSSL_MODULES="" > SSL_CERT_DIR="" SSL_CERT_FILE="" svn co https://www.google.com > Error validating server certificate for 'https://www.google.com:443': > - The certificate is not issued by a trusted authority. Use the > fingerprint to validate the certificate manually! > Certificate information: > - Hostname: www.google.com > - Valid: from Aug 29 08:20:19 2022 GMT until Nov 21 08:20:18 2022 GMT > - Issuer: GTS CA 1C3, Google Trust Services LLC, US > - Fingerprint: BB:17:2A:6B:F5:43:2C:2B:53:D6:EC:11:21:D3:54:EF:9A:95:19:33 > (R)eject, accept (t)emporarily or accept (p)ermanently? > > If the openssl variables are set it works: > > # set|grep SSL > OPENSSL_CONF=/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/ssl-3/openssl.cnf > OPENSSL_ENGINES=/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/engines-3 > OPENSSL_MODULES=/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/ossl-modules > SSL_CERT_DIR=/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/ssl-3/certs > SSL_CERT_FILE=/home/builder/poky/build_master/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/ssl-3/cert.pem > # svn co https://www.google.com > svn: E170013: Unable to connect to a repository at URL 'https://www.google.com' > svn: E175015: The HTTP method 'OPTIONS' is not allowed on '/' > > Wrappers here and there doesn't seem like a good idea.. > > Cheers, > > -Mikko
On Wed, 14 Sept 2022 at 11:45, Alexander Kanavin <alex.kanavin@gmail.com> wrote: > But I'm not asking to make wrappers. I'm asking to patch openssl code > itself to check for an oe-specific environment variable where it's > making the decision where these things should be looked for. We > already do this with native python. Yes, I got this. Was just thinking out loud over email while checking these details. Was there some discussion in the past with openssl upstream about how to find config files, modules etc, or was there some alignment with e.g. Debian package? -Mikko
On Wed, 14 Sept 2022 at 10:51, Mikko Rapeli <mikko.rapeli@linaro.org> wrote: > Was there some discussion in the past with openssl upstream about how > to find config > files, modules etc, or was there some alignment with e.g. Debian package? I'm not aware of any such. Please open a ticket, and link to it in any proposed oe-core patch. Alex
On Wed, 2022-09-14 at 11:09 +0300, Mikko Rapeli wrote: > Hi, > > Found the root cause. As suggested on #pyco too maybe native openssl > was mising legacy support. > It wasn't but loading the on purpose hidden openssl legacy.so was > failing. It is located in > recipe-sysroot-native/usr/lib/ossl-modules/legacy.so and only found > via OPENSSL_MODULES > variable which wasn't set for python3-native users. These custom > variables are set in the native openssl > wrapper script and this also fixes the not found openssl.cnf. Now I > could send a patch which sets > the OPENSSL_CONF, OPENSSL_ENGINES and OPENSSL_MODULES paths for python3 > users via python3native.bbclass: > > --- a/meta/classes-recipe/python3native.bbclass > +++ b/meta/classes-recipe/python3native.bbclass > @@ -28,3 +28,10 @@ export PYTHONNOUSERSITE = "1" > > # autoconf macros will use their internal default preference otherwise > export PYTHON > + > +# find openssl under python, see openssl native wrapper > +export OPENSSL_CONF="${STAGING_LIBDIR_NATIVE}/ssl-3/openssl.cnf" > +export SSL_CERT_DIR="${STAGING_LIBDIR_NATIVE}/ssl-3/certs" > +export SSL_CERT_FILE="${STAGING_LIBDIR_NATIVE}/ssl-3/cert.pem" > +export OPENSSL_ENGINES="${STAGING_LIBDIR_NATIVE}/engines-3" > +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" > > but that is still a copy of those variables which openssl recipe owns, > and other users of openssl may > have similar issues. Is there a way to export these for everyone who > depends directly or indirectly > from openssl-native? Thanks for finding the root cause, this definitely helps a lot. I'm extremely reluctant to add global exports to the system, they have nasty effects on sstate checksum files and add overhead I'd prefer not to have. I wondered if we could patch openssl to code/find the location of these files relative to the main library? Presumably that code knows where the library itself is located so searching a relative path from there might be something upstream might consider? It is a generic approach which would work for al the variables too. It is a patch we'd probably consider carrying if necessary but if there were upstream buyin, that would obviously be much better. Cheers, Richard
On 14 Sep 2022, at 09:09, Mikko Rapeli via lists.openembedded.org <mikko.rapeli=linaro.org@lists.openembedded.org> wrote: > Found the root cause. As suggested on #pyco too maybe native openssl > was mising legacy support. > It wasn't but loading the on purpose hidden openssl legacy.so was > failing. It is located in > recipe-sysroot-native/usr/lib/ossl-modules/legacy.so and only found > via OPENSSL_MODULES > variable which wasn't set for python3-native users. These custom > variables are set in the native openssl > wrapper script and this also fixes the not found openssl.cnf. Now I > could send a patch which sets > the OPENSSL_CONF, OPENSSL_ENGINES and OPENSSL_MODULES paths for python3 > users via python3native.bbclass: I’m glad this was root-caused before it was merged, because yes, this is the ‘correct’ (best known) fix right now: ~/Yocto/meta-arm % git grep "export OPENSSL_MODULES" meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb:export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb:export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" meta-arm/recipes-security/optee/optee.inc:export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules” A better solution is needed for sure. At least when the certificates can’t be found you get somewhat understandable errors, the python3-crypto error is opaque at best. OpenSSL supporting runtime-relocation with a single variable would be nice, but iirc from glancing at the source code previously not a trivial change. That said it does cause sufficient pain that maybe we just have to carry the patch. Alternatively, we extend the magic relocation to native recipes. Even less trivial… Ross
Hi, On Thu, 15 Sept 2022 at 14:18, Ross Burton <Ross.Burton@arm.com> wrote: > > On 14 Sep 2022, at 09:09, Mikko Rapeli via lists.openembedded.org <mikko.rapeli=linaro.org@lists.openembedded.org> wrote: > > Found the root cause. As suggested on #pyco too maybe native openssl > > was mising legacy support. > > It wasn't but loading the on purpose hidden openssl legacy.so was > > failing. It is located in > > recipe-sysroot-native/usr/lib/ossl-modules/legacy.so and only found > > via OPENSSL_MODULES > > variable which wasn't set for python3-native users. These custom > > variables are set in the native openssl > > wrapper script and this also fixes the not found openssl.cnf. Now I > > could send a patch which sets > > the OPENSSL_CONF, OPENSSL_ENGINES and OPENSSL_MODULES paths for python3 > > users via python3native.bbclass: > > I’m glad this was root-caused before it was merged, because yes, this is the ‘correct’ (best known) fix right now: > > ~/Yocto/meta-arm % git grep "export OPENSSL_MODULES" > meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb:export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" > meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb:export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" > meta-arm/recipes-security/optee/optee.inc:export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules” > > A better solution is needed for sure. At least when the certificates can’t be found you get somewhat understandable errors, the python3-crypto error is opaque at best. > > OpenSSL supporting runtime-relocation with a single variable would be nice, but iirc from glancing at the source code previously not a trivial change. That said it does cause sufficient pain that maybe we just have to carry the patch. > > Alternatively, we extend the magic relocation to native recipes. Even less trivial… I'm working on the relocation patches but they are quite ugly, as are the various code paths inside openssl which handle these env variables and which fall back to compile time defaults. Though I suspect that openssl developers may not want see the patches resolving "OpenSSL_version" symbol at runtime for finding the config file paths... But it's still better than exporting these environment variables everywhere to get relocation working. Cheers, -Mikko
FWIW: nodejs error when it fails to load openssl errors is also a bit confusing and needs OPENSSL_MODULES export: https://lists.openembedded.org/g/openembedded-devel/message/96799 On Thu, Sep 15, 2022 at 1:26 PM Mikko Rapeli <mikko.rapeli@linaro.org> wrote: > Hi, > > On Thu, 15 Sept 2022 at 14:18, Ross Burton <Ross.Burton@arm.com> wrote: > > > > On 14 Sep 2022, at 09:09, Mikko Rapeli via lists.openembedded.org > <mikko.rapeli=linaro.org@lists.openembedded.org> wrote: > > > Found the root cause. As suggested on #pyco too maybe native openssl > > > was mising legacy support. > > > It wasn't but loading the on purpose hidden openssl legacy.so was > > > failing. It is located in > > > recipe-sysroot-native/usr/lib/ossl-modules/legacy.so and only found > > > via OPENSSL_MODULES > > > variable which wasn't set for python3-native users. These custom > > > variables are set in the native openssl > > > wrapper script and this also fixes the not found openssl.cnf. Now I > > > could send a patch which sets > > > the OPENSSL_CONF, OPENSSL_ENGINES and OPENSSL_MODULES paths for python3 > > > users via python3native.bbclass: > > > > I’m glad this was root-caused before it was merged, because yes, this is > the ‘correct’ (best known) fix right now: > > > > ~/Yocto/meta-arm % git grep "export OPENSSL_MODULES" > > meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb:export > OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" > > meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb:export > OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" > > meta-arm/recipes-security/optee/optee.inc:export > OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules” > > > > A better solution is needed for sure. At least when the certificates > can’t be found you get somewhat understandable errors, the python3-crypto > error is opaque at best. > > > > OpenSSL supporting runtime-relocation with a single variable would be > nice, but iirc from glancing at the source code previously not a trivial > change. That said it does cause sufficient pain that maybe we just have to > carry the patch. > > > > Alternatively, we extend the magic relocation to native recipes. Even > less trivial… > > I'm working on the relocation patches but they are quite ugly, as are > the various code paths inside openssl > which handle these env variables and which fall back to compile time > defaults. > > Though I suspect that openssl developers may not want see the patches > resolving "OpenSSL_version" symbol > at runtime for finding the config file paths... But it's still better > than exporting these environment variables everywhere > to get relocation working. > > Cheers, > > -Mikko > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#170691): > https://lists.openembedded.org/g/openembedded-core/message/170691 > Mute This Topic: https://lists.openembedded.org/mt/93651845/3617156 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > Martin.Jansa@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
Hi,
I created an issue in openssl about this:
https://github.com/openssl/openssl/issues/19242
Then I have the openssl patches in:
https://github.com/openssl/openssl/compare/master...mikkorapeli-linaro:openssl:relative_paths
The feedback so far is cold in upstream. Yes, the patches are a bit
ugly too, but IMO so are the original code paths in openssl.
I'll follow-up on openssl side if there is anything that could be
improved. Comments and more feedback is welcome.
So what should we do now on oe side? python3-cryptography is
completely broken and users really need to export at least
export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
or apply https://github.com/openssl/openssl/commit/a10a6c298878cf438cc8c13f5878d97f476eb0d0
to openssl-native.
But that still leaves config files, engines and certificate paths broken.
Cheers,
-Mikko
On Tue, 2022-09-20 at 13:20 +0300, Mikko Rapeli wrote: > Hi, > > I created an issue in openssl about this: > > https://github.com/openssl/openssl/issues/19242 > > Then I have the openssl patches in: > > https://github.com/openssl/openssl/compare/master...mikkorapeli-linaro:openssl:relative_paths > > The feedback so far is cold in upstream. Yes, the patches are a bit > ugly too, but IMO so are the original code paths in openssl. > I'll follow-up on openssl side if there is anything that could be > improved. Comments and more feedback is welcome. > > So what should we do now on oe side? python3-cryptography is > completely broken and users really need to export at least > > export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" > > or apply https://github.com/openssl/openssl/commit/a10a6c298878cf438cc8c13f5878d97f476eb0d0 > to openssl-native. > But that still leaves config files, engines and certificate paths broken. Are there any other ways we could patch the code? Some ideas offhand are: a) the paths could be relative to the main library location? b) the paths could have a token in them with is replaced with the library path (a bit like $ORIGIN in RPATH)? That might be more acceptable to upstream and be a bit less invasive? Cheers, Richard
diff --git a/meta/recipes-devtools/python/python3-cryptography/python3-cryptography_hack_to_remove_legacy.patch b/meta/recipes-devtools/python/python3-cryptography/python3-cryptography_hack_to_remove_legacy.patch new file mode 100644 index 0000000000..74b1cff248 --- /dev/null +++ b/meta/recipes-devtools/python/python3-cryptography/python3-cryptography_hack_to_remove_legacy.patch @@ -0,0 +1,54 @@ +python3-cryptography: ignore broken legacy providers + +These are broken on python3-cryptography-native builds +since update from python3-cryptography 3.3.2 in meta-openembedded/meta-python +to the new rust based versions 35 and newer. + +Test case on Ubuntu 18.04 build host, a recipe which needs +python3-cryptography-native for e.g. signing secure boot binaries: + +# python3 -c "from OpenSSL import crypto" +Traceback (most recent call last): + File "<string>", line 1, in <module> + File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/__init__.py", line 8, in <module> + from OpenSSL import crypto, SSL + File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/crypto.py", line 11, in <module> + from OpenSSL._util import ( + File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/_util.py", line 5, in <module> + from cryptography.hazmat.bindings.openssl.binding import Binding + File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 228, in <module> + Binding.init_static_locks() + File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 188, in init_static_locks + cls._ensure_ffi_initialized() + File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 176, in _ensure_ffi_initialized + _openssl_assert( + File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 90, in _openssl_assert + raise InternalError( +cryptography.exceptions.InternalError: Unknown OpenSSL error. This error is commonly encountered when another library is not cleaning up the OpenSSL error stack. If you are using cryptography with another library that uses OpenSSL try disabling it before reporting a bug. Otherwise please file an issue at https://github.com/pyca/cryptography/issues with information on how to reproduce this. ([_OpenSSLErrorWithText(code=310378599, lib=37, reason=103, reason_text=b'error:12800067:DSO support routines::could not load the shared library'), _OpenSSLErrorWithText(code=310378599, lib=37, reason=103, reason_text=b'error:12800067:DSO support routines::could not load the shared library'), _OpenSSLErrorWithText(code=126615813, lib=15, reason=786693, reason_text=b'error:078C0105:common libcrypto routines::init fail')]) + +With this hacky patch, the needed signing functions of +python3-cryptography-native still work. + +Upstream-Status: Inappropriate + +Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> + +diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py +index a6fbc94..fffb669 100644 +--- a/src/cryptography/hazmat/bindings/openssl/binding.py ++++ b/src/cryptography/hazmat/bindings/openssl/binding.py +@@ -173,9 +173,11 @@ class Binding: + cls._legacy_provider = cls.lib.OSSL_PROVIDER_load( + cls.ffi.NULL, b"legacy" + ) +- _openssl_assert( +- cls.lib, cls._legacy_provider != cls.ffi.NULL +- ) ++ # HACK: for some reason this check is failing on native ++ # but maybe it doesn't harm to break old, broken ciphers ++ #_openssl_assert( ++ # cls.lib, cls._legacy_provider != cls.ffi.NULL ++ #) + cls._default_provider = cls.lib.OSSL_PROVIDER_load( + cls.ffi.NULL, b"default" + ) diff --git a/meta/recipes-devtools/python/python3-cryptography_37.0.4.bb b/meta/recipes-devtools/python/python3-cryptography_37.0.4.bb index c91a8c7771..116871cd0b 100644 --- a/meta/recipes-devtools/python/python3-cryptography_37.0.4.bb +++ b/meta/recipes-devtools/python/python3-cryptography_37.0.4.bb @@ -63,6 +63,11 @@ SRC_URI += "file://run-ptest \ crate://crates.io/winapi/0.3.9 \ " +# workaround for native builds to get some of the signing functions working +SRC_URI:append:class-native = " \ + file://python3-cryptography_hack_to_remove_legacy.patch \ +" + inherit pypi python_setuptools3_rust DEPENDS += " \
The python3-cryptography-native builds work but are functionally broken on Ubuntu 18.04 build host since the update from 3.3.2 in meta-openembedded/meta-python. If recipe needs and DEPENDS on python3-cryptography-native for signing use cases, loading the python modules fails: $ python3 -c "from OpenSSL import crypto" Traceback (most recent call last): File "<string>", line 1, in <module> File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import crypto, SSL File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/crypto.py", line 11, in <module> from OpenSSL._util import ( File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/OpenSSL/_util.py", line 5, in <module> from cryptography.hazmat.bindings.openssl.binding import Binding File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 228, in <module> Binding.init_static_locks() File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 188, in init_static_locks cls._ensure_ffi_initialized() File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 176, in _ensure_ffi_initialized _openssl_assert( File "/home/builder/poky/build_kirkstone/tmp/work/core2-64-poky-linux/busybox/1.35.0-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 90, in _openssl_assert raise InternalError( cryptography.exceptions.InternalError: Unknown OpenSSL error. This error is commonly encountered when another library is not cleaning up the OpenSSL error stack. If you are using cryptography with another library that uses OpenSSL try disabling it before reporting a bug. Otherwise please file an issue at https://github.com/pyca/cryptography/issues with information on how to reproduce this. ([_OpenSSLErrorWithText(code=310378599, lib=37, reason=103, reason_text=b'error:12800067:DSO support routines::could not load the shared library'), _OpenSSLErrorWithText(code=310378599, lib=37, reason=103, reason_text=b'error:12800067:DSO support routines::could not load the shared library'), _OpenSSLErrorWithText(code=126615813, lib=15, reason=786693, reason_text=b'error:078C0105:common libcrypto routines::init fail')]) This hacky patch enables enough functionality in python3-cryptography-native to work so that basic secure boot signing use cases work again. Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> --- ...3-cryptography_hack_to_remove_legacy.patch | 54 +++++++++++++++++++ .../python/python3-cryptography_37.0.4.bb | 5 ++ 2 files changed, 59 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-cryptography/python3-cryptography_hack_to_remove_legacy.patch