Page MenuHomePhabricator

cergen CI fails to run on Debian Stretch because cryptography dependency cannot be built against newer openssl version
Open, MediumPublic


I couldn't find a project for cergen, so putting this in Operations.

When I switched cergen's CI to run on Debian Stretch it started to fail building because of cryptography and the newer openssl version.

The full log is

For now I've kept cergen CI on Debian Jessie, but that isn't a long-term sustainable solution.

Event Timeline

Legoktm created this task.Dec 20 2018, 6:26 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 20 2018, 6:26 AM
hashar added a subscriber: hashar.Dec 20 2018, 7:53 AM

That is due to:


Introduced by @ottomatta with comment:

Require cryptography to be < 2 for use on Debian

And we also have:


Which I have done via dc4ad6a2ffedebdc285849ff57f4390087760f10

I guess cryptography has an upper limit due to libssl-dev.

This is a bug in python-cryptography which gets exposed since the release of

There's a fixed package at, I'll build that and upload to stretch-wikimedia.

The CI job does not use the Debian package python-cryptography, it is installed via pip:

Collecting cryptography<2.0.0,>=1.7.0 (from cergen==0.2.3)
00:00:44.899   Downloading (409kB)

And I guess cryptography 1.x are no more maintained.

Could the CI job use the debian package? I guess not?

MoritzMuehlenhoff removed MoritzMuehlenhoff as the assignee of this task.Jan 22 2020, 10:02 AM
MoritzMuehlenhoff triaged this task as Medium priority.Jan 23 2020, 8:24 AM

This task is from 2018, is that still an issue?