Cryptography: AttributeError: 'EntryPoint' object has no attribute 'resolve'

Rolling back to cryptography==1.2.1 fixed the issue.

This is occurring because you have an old setuptools in your environment. Upgrade it and the issue should go away.

I think you should reopen this. I'm seeing the same issue on El Capitan, with the latest setuptools==1.1.6 and the latest cryptography==1.3.1: https://travis-ci.org/mozilla/sops/jobs/118283251#L195

The latest setuptools is definitely not 1.1.6, but rather 20.3.1. Our minimum version is 11.3 (https://github.com/pyca/cryptography/blob/master/setup.py#L40)

I'm no python expert, so maybe Python has some concept of versions I don't understand here, but this is what I see.

$ pip install --user setuptools==20.3.1
Collecting setuptools==20.3.1
  Using cached setuptools-20.3.1-py2.py3-none-any.whl
Installing collected packages: setuptools
Successfully installed setuptools-1.1.6

$ pip freeze --all |grep setuptools
setuptools==1.1.6

using the --user flag means it will install into site.USER_BASE (see Python docs for information about where that is) and is not necessarily automatically injected into the PYTHONPATH. You'll have better success just creating a virtualenv and pip install -U setuptools without the --user invocation.

I should add that, following this pip install --user setuptools==20.3.1, I can reproduce the AttributeError: 'EntryPoint' object has no attribute 'resolve' error with cryptography==1.3.1 but not with 1.2.1.

cc @dstufft on the fact that when installing with --user pip will potentially say it successfully installed a completely different version.

Thanks for the help! Indeed if I change my python path to $ export PYTHONPATH=$HOME/Library/Python/2.7/lib/python/site-packages/:$PYTHONPATH, it all works fine.

I saw this when I installed on debian from testing using apt-get -t testing install letsencrypt python-letsencrypt-apache (e.g., as described at https://www.rootatwc.com/blog/article/4).

Thanks to the info above (i.e. that this is caused by setuptools), I was able to resolve this with apt-get -t testing install python-setuptools.

I think it's also related to https://github.com/pypa/pip/issues/988

That issue suggests that pip will only honour the first dependency that it encounters. Which in this case is setuptools from:

• https://github.com/zopefoundation/zope.interface/blob/3e0b584b084815a3601e6efcf77976f19e84c417/setup.py#L98

install_requires = ['setuptools'],

Later, you'll see

Collecting cryptography==1.3.2 (from -r /tmp/workspace/ClusterHQ-flocker/dependencies-FLOC-4408/_run_trial_for_gce_storage_driver_on_CentOS_7_flocker.node.agents.functional/requirements/flocker.txt (line 50))
  Using cached cryptography-1.3.2.tar.gz

And then:

Requirement already satisfied (use --upgrade to upgrade): setuptools in /tmp/venv-richardw-6/lib/python2.7/site-packages (from zope.interface==4.1.3->-r /tmp/workspace/ClusterHQ-flocker/dependencies-FLOC-4408/_run_trial_for_gce_storage_driver_on_CentOS_7_flocker.node.agents.functional/requirements/flocker.txt (line 43))

(venv-richardw-1)[jenkins@jenkins-centos7-slave-1 ~]$ /tmp/29280/bin/python
Python 2.7.5 (default, Nov 20 2015, 02:00:19) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from flocker.provision._ssh import _conch
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/tmp/workspace/ClusterHQ-flocker/dependencies-FLOC-4408/_run_trial_for_gce_storage_driver_on_CentOS_7_flocker.node.agents.functional/flocker/provision/__init__.py", line 8, in <module>
    from ._install import (
  File "/tmp/workspace/ClusterHQ-flocker/dependencies-FLOC-4408/_run_trial_for_gce_storage_driver_on_CentOS_7_flocker.node.agents.functional/flocker/provision/_install.py", line 35, in <module>
    from ._ssh._conch import make_dispatcher
  File "/tmp/workspace/ClusterHQ-flocker/dependencies-FLOC-4408/_run_trial_for_gce_storage_driver_on_CentOS_7_flocker.node.agents.functional/flocker/provision/_ssh/_conch.py", line 17, in <module>
    from twisted.conch.endpoints import (
  File "/tmp/29280/lib/python2.7/site-packages/twisted/conch/endpoints.py", line 27, in <module>
    from twisted.conch.ssh.transport import SSHClientTransport
  File "/tmp/29280/lib/python2.7/site-packages/twisted/conch/ssh/transport.py", line 338, in <module>
    class SSHTransportBase(protocol.Protocol):
  File "/tmp/29280/lib/python2.7/site-packages/twisted/conch/ssh/transport.py", line 462, in SSHTransportBase
    supportedCiphers = _getSupportedCiphers()
  File "/tmp/29280/lib/python2.7/site-packages/twisted/conch/ssh/transport.py", line 328, in _getSupportedCiphers
    backend=default_backend(),
  File "/tmp/29280/lib/python2.7/site-packages/cryptography/hazmat/backends/__init__.py", line 35, in default_backend
    _default_backend = MultiBackend(_available_backends())
  File "/tmp/29280/lib/python2.7/site-packages/cryptography/hazmat/backends/__init__.py", line 22, in _available_backends
    "cryptography.backends"
AttributeError: 'EntryPoint' object has no attribute 'resolve'
>>> 
(venv-richardw-1)[jenkins@jenkins-centos7-slave-1 ~]$ /tmp/29280/bin/pip install --upgrade setuptools
Collecting setuptools
  Downloading setuptools-21.2.1-py2.py3-none-any.whl (509kB)
    100% |████████████████████████████████| 512kB 2.2MB/s 
Installing collected packages: setuptools
  Found existing installation: setuptools 0.9.8
    Uninstalling setuptools-0.9.8:
      Successfully uninstalled setuptools-0.9.8
Successfully installed setuptools-21.2.1
(venv-richardw-1)[jenkins@jenkins-centos7-slave-1 ~]$ /tmp/29280/bin/python
Python 2.7.5 (default, Nov 20 2015, 02:00:19) 

Solution for freebsd.
Update all python modules:
pip freeze --local | grep -v '^-e' | cut -d = -f 1 | xargs -n1 pip install -U

after update - "certbot certonly --webroot ..." work fine.

cryptography==1.2.3 will also works,

This issue happens in El Capitan.

I am experiencing this problem in Debian 8. Tried to install python-setuptools from testing as suggested in the Debian bug report but same result.

This is what I get:

$ sudo certbot renew
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/vader.sargue.net.conf
-------------------------------------------------------------------------------
2016-09-23 09:54:57,923:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/vader.sargue.net.conf produced an unexpected error: 'EntryPoint' object has no attribute 'resolve'. Skipping.

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/vader.sargue.net/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

Package versions:

ii  certbot                     0.8.1-2~bpo8+1     all                automatically configure HTTPS using Let's Encrypt
ii  python-certbot-apache       0.8.1-1~bpo8+1     all                Apache plugin for Certbot
ii  python-setuptools           27.1.2-1           all                Python Distutils Enhancements

@sargue See if this link can help: https://github.com/pyca/cryptography/issues/3149

@naveensinghal Thanks for the link. It doesn't seem to be the same case. I think I don't haveany virtualenv. I don't even have pip installed. I've tried the command to list all resources but everything points to standard Debian locations (/usr, lib...)

How did you install cryptography?

Ops, just saw I've commented on this issue but I wanted to do it on the certbot project. Sorry about that.

BTW, @dstufft, I didn't install cryptography per se. I just installed certbot which pulled the relevant python packages.

How did you do that?

I first followed the official instructions:

$ sudo apt-get install python-certbot-apache -t jessie-backports

It worked for a time. Eventually (some upgrade in between I guess) it started to complain. The certbot renew is executed from cron and it only tries to renew certificates near expiration.

When I got the error I did some research and I saw the suggestion to upgrade python-setuptools. I managed to update it to testing but the error remains.

@sargue what version of python-pkg-resources is installed?

27.1.2-1

BTW, I found a workaround. You were right about the virtual env. I installed, some time ago, the letsencrypt-wrapper which creates a virtual environtment. More details at certbot#3140.