Giters

google / grr

GRR Rapid Response: remote live forensics for incident response

Home Page:https://grr-doc.readthedocs.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Need to update `cryptography` module version for running on Apple Silicon M1 architecture.

digitalisx opened this issue · comments

commented

Environment

  • How did you install GRR? : git clone from source
  • What GRR version are you running?: 3.4.5.1
  • What operating system does the GRR server run on? : macOS Monterey (12.3.1) - Apple Silicon M1

Describe the issue

Hello, everyone in the community. 🙂
The issue is derived from the dftimewolf project associated with the GRR project.
To enable and debug dftimewolf, you must install grr_api_client for dependencies.

Referring to the code below, grr_api_client is forcing the version of cryptography you use (2.9.2)
(The comments in the code also state TODO that you need to upgrade.)

grr/api_client/python/setup.py

Line 69 in 7c9ac0c

"cryptography==2.9.2",

However, in an Apple Silicon M1 environment, that version is experiencing errors, and this requires that the cryptography version be kept at least 3.3.1 or higher.

Since the grr_api_client forced the cryptographic version, it is difficult to resolve the error in "dftimewolf".
If possible, we need to upgrade the version or allow the version above it.

Error logs

> pip3 install -r requirements.txt
               ^
      build/temp.macosx-10.14-arm64-cpython-38/_openssl.c:20782:10: note: did you mean 'ERR_GET_LIB'?
      /opt/homebrew/opt/openssl@3/include/openssl/err.h:241:36: note: 'ERR_GET_LIB' declared here
      static ossl_unused ossl_inline int ERR_GET_LIB(unsigned long errcode)
                                         ^
      build/temp.macosx-10.14-arm64-cpython-38/_openssl.c:20798:14: error: implicit declaration of function 'ERR_GET_FUNC' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
        { result = ERR_GET_FUNC(x0); }
                   ^
      build/temp.macosx-10.14-arm64-cpython-38/_openssl.c:25342:10: error: implicit declaration of function 'FIPS_mode' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
        return FIPS_mode();
               ^
      build/temp.macosx-10.14-arm64-cpython-38/_openssl.c:25353:14: error: implicit declaration of function 'FIPS_mode' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
        { result = FIPS_mode(); }
                   ^
      build/temp.macosx-10.14-arm64-cpython-38/_openssl.c:25368:10: error: implicit declaration of function 'FIPS_mode_set' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
        return FIPS_mode_set(x0);
               ^
      fatal error: too many errors emitted, stopping now [-ferror-limit=]
      4 warnings and 20 errors generated.
      error: command '/usr/bin/clang' failed with exit code 1
      [end of output]

  note: This error originates from a subprocess, and is likely not a problem with pip.
  ERROR: Failed building wheel for cryptography
Failed to build cryptography
ERROR: Could not build wheels for cryptography, which is required to install pyproject.toml-based projects

Additional context
If there is any other reason or solution for this error, please feel free to leave a thread. I'll try to solve it.

commented

Thanks for the detailed bug report - pointing out the source line, TODO comment and required fix really helps us to fix this.

The TODO comment mentions AppVeyor as reason preventing the upgrade, which is a service we no longer use. If you have some time and want to contribute to GRR, please send a pull requests that upgrades the cryptography library to "cryptography==3.3.2" specifically.

The library is pinned in the file you linked grr/api_client/python/setup.py as core/setup.py. Please update both and feel free to remove the AppVeyor TODO comment.

If you don't have the time or the update breaks tests or has other complications, I'll look into it next week.

commented

Hello, @max-vogler 🙂
Thank you for reviewing my issue!

As you said, I will submit the PR related to the version upgrade within this week.

I'd appreciate it if you could pay attention until the problem is solved.
And Feel free to leave a thread if there are other ways to solve this issue!

commented

A release for PyPi is required for normal application and use of the patch in other DFIR projects.
When I looked at the Release and Github Actions, Merge does not mean Release, so We need to review it.

commented

@digitalisx - we'll update the PyPi grr-api-client packages as part of the current GRR release. Can't give you a precise ETA, but should happen within 2 weeks or so.

commented

Thank you for your comments @mbushkov,
I think the release time is purely up to Maintainers' authority and decision!
I was just recording the things that I needed to check to solve this problem correctly.
Please do it whenever you have time :)