Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support manylinux wheel for WSL (Windows Subsystem for Linux) #3993

Closed
mhils opened this issue Oct 23, 2017 · 6 comments
Closed

Support manylinux wheel for WSL (Windows Subsystem for Linux) #3993

mhils opened this issue Oct 23, 2017 · 6 comments
Labels
security-hardening
Milestone
Twenty second rel...

Comments

@mhils
Copy link
Member

mhils commented Oct 23, 2017
edited
Loading

The cryptography manylinux wheel currently fail under the Windows Subsystem for Linux:

$ pip3 install cryptography
$ python3 -c "import OpenSSL"
  File "/home/user/venv/lib/python3.5/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/home/user/venv/lib/python3.5/site-packages/OpenSSL/crypto.py", line 16, in <module>
    from OpenSSL._util import (
  File "/home/user/venv/lib/python3.5/site-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
  File "/home/user/venv/lib/python3.5/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 13, in <module>
    from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: /home/user/venv/lib/python3.5/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: 
cannot enable executable stack as shared object requires: Invalid argument

The reason for this seems to be that _openssl.abi3.so has the executable stack flag bit set, which WSL does not support.

There are some good news: If I just clear that bit (execstac -c _openssl.abi3.so), I can successfully import OpenSSL. Skipping the manylinux wheel on WSL (pip3 install cryptography --no-binary cryptography) also works fine, as the resulting .so file does not have the execstack bit set.

Looking at what said bit enables, it looks like a good idea to have execstack disabled in any case. The nice side effect would be to fix WSL installations along the way. 😃

See also: microsoft/WSL#286, microsoft/WSL#916
@alex
Copy link
Member

alex commented Oct 23, 2017

Why the fuck does anything ever get built with executable stack? Are we trying to make life easy for attackers?

What upstream do I need to complain to to fix this, gcc?

@alex alex added this to the Twenty second release milestone Oct 23, 2017
@alex
Copy link
Member

alex commented Oct 23, 2017

(Also yes, in the meantime we should fix this in our build process; and IMO we should issue a release with it ASAP)

@alex alex mentioned this issue Oct 23, 2017
Closed
@alex
Copy link
Member

alex commented Oct 23, 2017

Filed openssl/openssl#4575 with OpenSSL, which appears to be the cause of the issue.

In teh meantime we should pass the correct incanation like the linux distros do when we build OpenSSL

@reaperhulk
Copy link
Member

2.1.2 is now released and resolves this.

@alex
Copy link
Member

alex commented Oct 24, 2017

Done in our 2.1.2 release.

@mhils
Copy link
Member Author

mhils commented Oct 24, 2017

Wow, that was quick - thanks so much! 😃

@koczkatamas koczkatamas mentioned this issue Jan 26, 2018
Closed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 6, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
security-hardening
Milestone
Twenty second release
Development

No branches or pull requests
3 participants
@alex @reaperhulk @mhils