Important issues with aliases

Started by clopmz, August 10, 2025, 11:54:58 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 10, 2025, 11:54:58 AM
Hi all,

I am suffering several issues with aliases after installing OPsense 25.7.1_1 in a top of FreeBSD 14.3-RELEASE using opensense-bootstrap script. Process goes well but every time I try to save aliases it shows successful and shows up in list but shows 0 under loaded#. Several email messages are sent to root showing an error with process configd.py:

Traceback (most recent call last):
  File "/usr/local/opnsense/scripts/filter/update_tables.py", line 39, in <module>
    from lib.alias import AliasParser
  File "/usr/local/opnsense/scripts/filter/lib/__init__.py", line 27, in <module>
    import dns.resolver
  File "/usr/local/lib/python3.11/site-packages/dns/resolver.py", line 30, in <module>
    import dns._ddr
  File "/usr/local/lib/python3.11/site-packages/dns/_ddr.py", line 12, in <module>
    import dns.nameserver
  File "/usr/local/lib/python3.11/site-packages/dns/nameserver.py", line 5, in <module>
    import dns.asyncquery
  File "/usr/local/lib/python3.11/site-packages/dns/asyncquery.py", line 34, in <module>
    import dns.quic
  File "/usr/local/lib/python3.11/site-packages/dns/quic/__init__.py", line 9, in <module>
    import aioquic.quic.configuration  # type: ignore
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/aioquic/quic/configuration.py", line 6, in <module>
    from ..tls import (
  File "/usr/local/lib/python3.11/site-packages/aioquic/tls.py", line 26, in <module>
    import service_identity
  File "/usr/local/lib/python3.11/site-packages/service_identity/__init__.py", line 5, in <module>
    from . import cryptography, hazmat, pyopenssl
  File "/usr/local/lib/python3.11/site-packages/service_identity/cryptography.py", line 11, in <module>
    from cryptography.x509 import (
  File "/usr/local/lib/python3.11/site-packages/cryptography/x509/__init__.py", line 7, in <module>
    from cryptography.x509 import certificate_transparency, verification
  File "/usr/local/lib/python3.11/site-packages/cryptography/x509/verification.py", line 24, in <module>
    VerifiedClient = rust_x509.VerifiedClient
                     ^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: module 'x509' has no attribute 'VerifiedClient'

How can I fix this? Or is it a bug?
August 10, 2025, 01:52:56 PM #1 Last Edit: August 10, 2025, 01:58:32 PM by frakkin64
https://bugs.freebsd.org/bugzilla/show_bug.cgi?format=multiple&id=287267

It appears to be related to the DoQ feature (that aioquic module is pulled in conditionally).  At least just importing the libraries works fine here:
>>> import aioquic.quic.configuration
>>> from cryptography.x509 import certificate_transparency, verification
>>> verification.VerifiedClient
<class 'cryptography.hazmat.bindings._rust.x509.VerifiedClient'>

That dependency is pulled in via py311-cryptography-44.0.3_2,1 for me.

# pkg which /usr/local/lib/python3.11/site-packages/cryptography/x509/verification.py
/usr/local/lib/python3.11/site-packages/cryptography/x509/verification.py was installed by package py311-cryptography-44.0.3_2,1

Topton N5105 | 16GB RAM | 128GB NVMe | 4x i226-V
August 11, 2025, 05:19:22 AM #2
Uhmm... package py311-cryptography is already installed:

root@ip-172-19-10-11:~ # pkg install py311-cryptography
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Print
Go Up Pages1
User actions