4

Following an update of Homebrew using

brew update
brew upgrade --all

that results in the updating of Python to 2.7.10_2, pip (and many other scripts) fails with 

cffi.ffiplatform.VerificationError: importing '/usr/local/lib/python2.7/site-packages/cryptography/_Cryptography_cffi_a269d620xd5c405b7.so': dlopen(/usr/local/lib/python2.7/site-packages/cryptography/_Cryptography_cffi_a269d620xd5c405b7.so, 2): Library not loaded: /usr/local/lib/libssl.1.0.0.dylib
  Referenced from: /usr/local/lib/python2.7/site-packages/cryptography/_Cryptography_cffi_a269d620xd5c405b7.so
  Reason: image not found

What can I do to restore or adjust my Python configuration so that it works again? What did Homebrew do that destroyed it?

Traceback (most recent call last):
  File "/usr/local/bin/eb", line 7, in <module>
    from ebcli.core.ebcore import main
  File "/usr/local/lib/python2.7/site-packages/ebcli/core/ebcore.py", line 43, in <module>
    from . import globals, base, io, hooks
  File "/usr/local/lib/python2.7/site-packages/ebcli/core/hooks.py", line 20, in <module>
    from ..lib import aws
  File "/usr/local/lib/python2.7/site-packages/ebcli/lib/aws.py", line 19, in <module>
    import botocore.session
  File "/usr/local/lib/python2.7/site-packages/ebcli/bundled/botocore/session.py", line 27, in <module>
    import botocore.credentials
  File "/usr/local/lib/python2.7/site-packages/ebcli/bundled/botocore/credentials.py", line 30, in <module>
    from botocore.utils import InstanceMetadataFetcher, parse_key_val_file
  File "/usr/local/lib/python2.7/site-packages/ebcli/bundled/botocore/utils.py", line 25, in <module>
    from botocore.vendored import requests
  File "/usr/local/lib/python2.7/site-packages/ebcli/bundled/botocore/vendored/requests/__init__.py", line 53, in <module>
    from .packages.urllib3.contrib import pyopenssl
  File "/usr/local/lib/python2.7/site-packages/ebcli/bundled/botocore/vendored/requests/packages/urllib3/contrib/pyopenssl.py", line 55, in <module>
    import OpenSSL.SSL
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/rand.py", line 11, in <module>
    from OpenSSL._util import (
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/_util.py", line 7, in <module>
    binding = Binding()
  File "/usr/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 114, in __init__
    self._ensure_ffi_initialized()
  File "/usr/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 126, in _ensure_ffi_initialized
    cls._modules,
  File "/usr/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/utils.py", line 31, in load_library_for_binding
    lib = ffi.verifier.load_library()
  File "/usr/local/lib/python2.7/site-packages/cffi/verifier.py", line 97, in load_library
    return self._load_library()
  File "/usr/local/lib/python2.7/site-packages/cffi/verifier.py", line 207, in _load_library
    return self._vengine.load_library()
  File "/usr/local/lib/python2.7/site-packages/cffi/vengine_cpy.py", line 155, in load_library
    raise ffiplatform.VerificationError(error)
cffi.ffiplatform.VerificationError: importing '/usr/local/lib/python2.7/site-packages/cryptography/_Cryptography_cffi_a269d620xd5c405b7.so': dlopen(/usr/local/lib/python2.7/site-packages/cryptography/_Cryptography_cffi_a269d620xd5c405b7.so, 2): Library not loaded: /usr/local/lib/libssl.1.0.0.dylib
  Referenced from: /usr/local/lib/python2.7/site-packages/cryptography/_Cryptography_cffi_a269d620xd5c405b7.so
  Reason: image not found

OSX 10.10.4; Homebrew 0.9.5

orome
  • 45,163
  • 57
  • 202
  • 418
  • As a stab in the dark, I've tried [this solution](http://stackoverflow.com/a/20946142/656912), but to no avail. – orome Jul 14 '15 at 12:12
  • [This (adding the unlinking and relinking)](http://stackoverflow.com/a/23945292/656912) seems to work (at least for pip); but I'm at a loss to why. Can someone explain why this happens? WillI now need to do this every time Python is updated by Homebrew (which I thought was a package manager, not a package *mangler*)? – orome Jul 14 '15 at 12:19
  • 1
    Or (calmly now) will it be safe (and advisable) to simply add `brew install --upgrade openssl; brew unlink openssl && brew link openssl --force` at the end of my Homebrew update script to perform this additional step whenever I update brew? – orome Jul 14 '15 at 12:21

2 Answers2

5

Tim Smith's answer is correct (he's a homebrew maintainer!) but it didn't provide the actual fix. After combing through these issues https://github.com/Homebrew/homebrew/issues/41613 and https://github.com/pyca/cryptography/issues/2138 the following should get your python/pip working with openssl again

brew link openssl --force
pip uninstall cryptography
pip install cryptography --no-use-wheel
brew unlink openssl

The first link fixes pip temporarily. Cryptography is the library that needs to be rebuilt. And finally unlinking openssl again.

Kevin Xu
  • 126
  • 1
  • 6
  • These steps (except `pip install cryptography --upgrade --force-reinstall --no-use-wheel`) are unnecessary if, like the OP, you are using Homebrew's python. – Tim Smith Aug 20 '15 at 03:28
1

This is a one-time error which resulted from 1) our decision to remove OpenSSL's "keg-only" designation and then 2) our subsequent retreat from that decision after we discovered that it created significant incompatibilities. If you built anything from source against openssl during the period that OpenSSL was not keg-only, it needs to be rebuilt. This is because the install_names for normal packages are relative to HOMEBREW_PREFIX and keg-only packages are not linked into HOMEBREW_PREFIX. (Keg-only packages have install_names which point to a private prefix.) I'm sorry for the inconvenience.

Tim Smith
  • 6,127
  • 1
  • 26
  • 32