Hi all,
I am suffering several issues with aliases after installing OPsense 25.7.1_1 in a top of FreeBSD 14.3-RELEASE using opensense-bootstrap script. Process goes well but every time I try to save aliases it shows successful and shows up in list but shows 0 under loaded#. Several email messages are sent to root showing an error with process configd.py:
Traceback (most recent call last):
File "/usr/local/opnsense/scripts/filter/update_tables.py", line 39, in <module>
from lib.alias import AliasParser
File "/usr/local/opnsense/scripts/filter/lib/__init__.py", line 27, in <module>
import dns.resolver
File "/usr/local/lib/python3.11/site-packages/dns/resolver.py", line 30, in <module>
import dns._ddr
File "/usr/local/lib/python3.11/site-packages/dns/_ddr.py", line 12, in <module>
import dns.nameserver
File "/usr/local/lib/python3.11/site-packages/dns/nameserver.py", line 5, in <module>
import dns.asyncquery
File "/usr/local/lib/python3.11/site-packages/dns/asyncquery.py", line 34, in <module>
import dns.quic
File "/usr/local/lib/python3.11/site-packages/dns/quic/__init__.py", line 9, in <module>
import aioquic.quic.configuration # type: ignore
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/aioquic/quic/configuration.py", line 6, in <module>
from ..tls import (
File "/usr/local/lib/python3.11/site-packages/aioquic/tls.py", line 26, in <module>
import service_identity
File "/usr/local/lib/python3.11/site-packages/service_identity/__init__.py", line 5, in <module>
from . import cryptography, hazmat, pyopenssl
File "/usr/local/lib/python3.11/site-packages/service_identity/cryptography.py", line 11, in <module>
from cryptography.x509 import (
File "/usr/local/lib/python3.11/site-packages/cryptography/x509/__init__.py", line 7, in <module>
from cryptography.x509 import certificate_transparency, verification
File "/usr/local/lib/python3.11/site-packages/cryptography/x509/verification.py", line 24, in <module>
VerifiedClient = rust_x509.VerifiedClient
^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: module 'x509' has no attribute 'VerifiedClient'
How can I fix this? Or is it a bug?
https://bugs.freebsd.org/bugzilla/show_bug.cgi?format=multiple&id=287267
It appears to be related to the DoQ feature (that aioquic module is pulled in conditionally). At least just importing the libraries works fine here:
>>> import aioquic.quic.configuration
>>> from cryptography.x509 import certificate_transparency, verification
>>> verification.VerifiedClient
<class 'cryptography.hazmat.bindings._rust.x509.VerifiedClient'>
That dependency is pulled in via py311-cryptography-44.0.3_2,1 for me.
# pkg which /usr/local/lib/python3.11/site-packages/cryptography/x509/verification.py
/usr/local/lib/python3.11/site-packages/cryptography/x509/verification.py was installed by package py311-cryptography-44.0.3_2,1
Uhmm... package py311-cryptography is already installed:
root@ip-172-19-10-11:~ # pkg install py311-cryptography
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed