Fabre

#1140972 certipy: FTBFS: E TypeError: cannot create 'cryptography.hazmat.primitives._serialization.Encoding' instances #1140972

Package:: src:certipy

Source:: src:certipy

Submitter:: Santiago Vila

Date:: 2026-06-29 00:17:02 UTC

Severity:: normal

Tags:

#1140972#5

Date:: 2026-06-28 20:50:55 UTC

From:

To:

Dear maintainer:

During a rebuild of all packages in unstable, this package failed to build.

Below you will find the last part of the build log (probably the most
relevant part, but not necessarily). If required, the full build log
is available here:

https://people.debian.org/~sanvila/build-logs/202606/

About the archive rebuild: The build was made on virtual machines from AWS,
using sbuild and a reduced chroot with only build-essential packages.

If you cannot reproduce the bug please contact me privately, as I
am willing to provide ssh access to a virtual machine where the bug is
fully reproducible.

If this is really a bug in one of the build-depends, please use
reassign and add an affects on src:certipy, so that this is still
visible in the BTS web page for this package.

Thanks.
--------------------------------------------------------------------------------
[...]
 debian/rules clean
dh clean --buildsystem=pybuild
   dh_auto_clean -O--buildsystem=pybuild
   dh_autoreconf_clean -O--buildsystem=pybuild
   dh_clean -O--buildsystem=pybuild
 debian/rules binary
dh binary --buildsystem=pybuild
   dh_update_autotools_config -O--buildsystem=pybuild
   dh_autoreconf -O--buildsystem=pybuild
   dh_auto_configure -O--buildsystem=pybuild
   dh_auto_build -O--buildsystem=pybuild
I: pybuild plugin_pyproject:142: Building wheel for python3.13 with "build" module
I: pybuild base:385: python3.13 -m build --skip-dependency-check --no-isolation --wheel --outdir /<<PKGBUILDDIR>>/.pybuild/cpython3_3.13
* Building wheel...
/usr/lib/python3/dist-packages/setuptools/config/_apply_pyprojecttoml.py:82: SetuptoolsDeprecationWarning: `project.license` as a TOML table is deprecated

[... snipped ...]


        self.file_path = file_path
        self.containing_dir = os.path.dirname(self.file_path)
certipy/certipy.py:171: TypeError
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

test/test_certipy.py:238:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
certipy/certipy.py:864: in create_ca
    self.store.add_files(
certipy/certipy.py:480: in add_files
    bundle = TLSFileBundle(
certipy/certipy.py:281: in __init__
    self._setup_tls_files(files)
certipy/certipy.py:290: in _setup_tls_files
    setattr(self, file_type.value, TLSFile(file_path, file_type=file_type))
                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <certipy.certipy.TLSFile object at 0x7f5283139e00>
file_path = '/tmp/tmp57onkvc0/foo/foo.key', encoding = Encoding.PEM
file_type = <TLSFileType.KEY: 'key'>, x509 = None

    def __init__(
        self,
        file_path,
        encoding=serialization.Encoding.PEM,
        file_type=TLSFileType.CERT,
        x509=None,
    ):
        if isinstance(encoding, int):
            warnings.warn(
                "OpenSSL.crypto.TYPE_* encoding arguments are deprecated. Use cryptography.hazmat.primitives.serialization.Encoding enum or string 'PEM'",
                DeprecationWarning,
                stacklevel=2,
            )
            # match values in OpenSSL.crypto
            if encoding == 1:
                # PEM
                encoding = serialization.Encoding.PEM
            elif encoding == 2:
                # ASN / DER
                encoding = serialization.Encoding.DER

        self.file_path = file_path
        self.containing_dir = os.path.dirname(self.file_path)
certipy/certipy.py:171: TypeError
certipy/certipy.py:386: KeyError

During handling of the above exception, another exception occurred:

self = <certipy.certipy.Certipy object at 0x7f528317fb10>
graph = {'foo': ['foo', 'bar'], 'bar': ['foo'], 'baz': ['bar']}

    def trust_from_graph(self, graph):
        """Create a set of trust bundles from a relationship graph.

        Components in this sense are defined by unique CAs. This method assists
        in setting up complicated trust between various components that need
        to do TLS auth.
        Arguments: graph - dict component:list(components)
        Returns:   dict component:trust bundle file path
        """

        # Ensure there are CAs backing all graph components
        def distinct_components(graph):
            """Return a set of components from the provided graph."""
            components = set(graph.keys())
            for trusts in graph.values():
                components |= set(trusts)
            return components

        # Default to creating a CA (incapable of signing intermediaries) to
        # identify a component not known to Certipy
        for component in distinct_components(graph):
            try:

certipy/certipy.py:755:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <certipy.certipy.CertStore object at 0x7f528317f890>, common_name = 'baz'

    def get_record(self, common_name):
        """Return the record associated with this common name

        In most cases, all that's really needed to use an existing cert are
        the file paths to the files that make up that cert. This method
        returns just that and doesn't bother loading the associated files.
        """

        try:
            record = self.store[common_name]
            return record
        except KeyError as e:
certipy/certipy.py:389: CertNotFoundError

During handling of the above exception, another exception occurred:

    def test_certipy_trust_graph():
        trust_graph = {
            "foo": ["foo", "bar"],
            "bar": ["foo"],
            "baz": ["bar"],
        }

        def distinct_components(graph):
            """Return a set of components from the provided graph."""
            components = set(graph.keys())
            for trusts in graph.values():
                components |= set(trusts)
            return components

        with TemporaryDirectory() as td:
            certipy = Certipy(store_dir=td)
            # after this, all components in the graph should exist in certipy
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

test/test_certipy.py:337:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
certipy/certipy.py:757: in trust_from_graph
    self.create_ca(component)
certipy/certipy.py:864: in create_ca
    self.store.add_files(
certipy/certipy.py:480: in add_files
    bundle = TLSFileBundle(
certipy/certipy.py:281: in __init__
    self._setup_tls_files(files)
certipy/certipy.py:290: in _setup_tls_files
    setattr(self, file_type.value, TLSFile(file_path, file_type=file_type))
                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <certipy.certipy.TLSFile object at 0x7f528313ba80>
file_path = '/tmp/tmpq2ttedgq/baz/baz.key', encoding = Encoding.PEM
file_type = <TLSFileType.KEY: 'key'>, x509 = None

    def __init__(
        self,
        file_path,
        encoding=serialization.Encoding.PEM,
        file_type=TLSFileType.CERT,
        x509=None,
    ):
        if isinstance(encoding, int):
            warnings.warn(
                "OpenSSL.crypto.TYPE_* encoding arguments are deprecated. Use cryptography.hazmat.primitives.serialization.Encoding enum or string 'PEM'",
                DeprecationWarning,
                stacklevel=2,
            )
            # match values in OpenSSL.crypto
            if encoding == 1:
                # PEM
                encoding = serialization.Encoding.PEM
            elif encoding == 2:
                # ASN / DER
                encoding = serialization.Encoding.DER

        self.file_path = file_path
        self.containing_dir = os.path.dirname(self.file_path)
certipy/certipy.py:171: TypeError
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

test/test_certipy.py:364:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
certipy/certipy.py:864: in create_ca
    self.store.add_files(
certipy/certipy.py:480: in add_files
    bundle = TLSFileBundle(
certipy/certipy.py:281: in __init__
    self._setup_tls_files(files)
certipy/certipy.py:290: in _setup_tls_files
    setattr(self, file_type.value, TLSFile(file_path, file_type=file_type))
                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <certipy.certipy.TLSFile object at 0x7f528308d910>
file_path = '/tmp/tmp97hpqsth/foo/foo.key', encoding = Encoding.PEM
file_type = <TLSFileType.KEY: 'key'>, x509 = None

    def __init__(
        self,
        file_path,
        encoding=serialization.Encoding.PEM,
        file_type=TLSFileType.CERT,
        x509=None,
    ):
        if isinstance(encoding, int):
            warnings.warn(
                "OpenSSL.crypto.TYPE_* encoding arguments are deprecated. Use cryptography.hazmat.primitives.serialization.Encoding enum or string 'PEM'",
                DeprecationWarning,
                stacklevel=2,
            )
            # match values in OpenSSL.crypto
            if encoding == 1:
                # PEM
                encoding = serialization.Encoding.PEM
            elif encoding == 2:
                # ASN / DER
                encoding = serialization.Encoding.DER

        self.file_path = file_path
        self.containing_dir = os.path.dirname(self.file_path)
certipy/certipy.py:171: TypeError
=============================== warnings summary ===============================
.pybuild/cpython3_3.14/build/test/test_certipy.py::test_certs
  /<<PKGBUILDDIR>>/.pybuild/cpython3_3.14/build/test/test_certipy.py:364: DeprecationWarning: negative pathlen is deprecated. Use pathlen=None
    ca_record = certipy.create_ca(ca_name, pathlen=-1)

#1140972#8

Date:: 2026-06-28 23:54:43 UTC

From:

To:

Hello,

Bug #1140972 in certipy reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/python-team/packages/certipy/-/commit/7bf1d4612d0792f8b3d6e305b6b04d5e7f8f5bc4
------------------------------------------------------------------------
Update upstream source from tag 'upstream/0.2.3'

Update to upstream version '0.2.3'
with Debian dir 75d13f1a1ca35d2e39b2c6682fdd2767de61dd22

Closes: #1140972
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1140972

#1140972#15

Date:: 2026-06-29 00:16:15 UTC

From:

To:

We believe that the bug you reported is fixed in the latest version of
certipy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1140972@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated certipy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Mon, 29 Jun 2026 00:50:51 +0100
Source: certipy
Architecture: source
Version: 0.2.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 1140972
Changes:
 certipy (0.2.3-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release:
     - cryptography: serialization.Encoding is no longer a standard Enum
       (closes: #1140972).
Checksums-Sha1:
 e62077e06a4baba244964b47127ed57f361f3aac 2173 certipy_0.2.3-1.dsc
 4053580c7cb5e47d7025f69829dbe700dac47360 20650 certipy_0.2.3.orig.tar.gz
 314ec3cc5fbba4f23935e7f61979a6672579448b 3340 certipy_0.2.3-1.debian.tar.xz
Checksums-Sha256:
 eb5d6abea88309cf80ed74a4c641b1507f0aca0c664dc603543e3a6963ce9c64 2173 certipy_0.2.3-1.dsc
 4e8701e6a2f281e7a154c2f368cff4edf374009084d29788cbe8c3838897784f 20650 certipy_0.2.3.orig.tar.gz
 024eb8a6f7e84301438ef18c7a608e56488ca60e909dbcc9c8abfd7316f01f07 3340 certipy_0.2.3-1.debian.tar.xz
Files:
 8b4430a8edbfb0d9d889fff0098fae67 2173 python optional certipy_0.2.3-1.dsc
 964e2f96c77c50c6861d98491403a2e4 20650 python optional certipy_0.2.3.orig.tar.gz
 528838572f3cafc3d4019a673fd38bc2 3340 python optional certipy_0.2.3-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmpBtDgACgkQOTWH2X2G
UAsOhRAAplBWE/+ESskoxB9/NehFs3G0w35H9IzOhaUt3LXk13Yczm7XLj9Krt8B
Za/vCnORvTnW5N9s9m23iZq1gUVkXvDv77UPCXz53l/N3c/vqIs9oSN0jJ5nATc9
e4teN1wZW3AGiL3f2tpGyt2iAF/tOVo3lUDmTxnwU6Fni57kD2HhSGDl2X6gflcB
M86D3YjUN680dSsLI9vfGTYnTzfuUrogYtWHdWdOYmfJvUxJltPRrPUknSkBbo2B
FQwUFpZIBPCzIORzBQ58Vr5ZcDzNExEOzsAjoG2k8kJOtrwNk4Q6qpcevRz9ikz6
0nXA/nDfrSGmo6mjGjRpLjK6Gs9lkTEFfD+pxkhLslA8V3qzpWQqQXBafhMxv5ji
0cTW+t0ahXNzA9uizBh5Ou8H927zWVdK9Hv2465f/kI5Q4j+sPDMolxcg8pHK1QC
gp51XZrz54dYJXY6PI5DmZGGVDCfe0y01vlXEocBk4E6MeHXhclTl1JuWkvVHEkH
Pre0o70sca0CpZEP6cyHT3DB+oSzTk4Pc2Q73neVrRJBEM5WhhpiEE2r1l3wgVOH
6C4FAvUxGKQdu86w3TZQWWWRtOhRw2zJX6Ovb1Os3gb9YkbYBY0WwN6Atw/rerEi
SLWPmjY1wpq0SVWwiaIQeJ8vIE361qJ4eDRqmgaWCFR1OqzZFEE=
=btQ3
-----END PGP SIGNATURE-----

#1140972 certipy: FTBFS: E TypeError: cannot create 'cryptography.hazmat.primitives._serialization.Encoding' instances #1140972

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)