Troubleshooting python-jose Installation

Introduction

The JavaScript Object Signing and Encryption (JOSE) technologies – JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), and JSON Web Algorithms (JWA) – collectively can be used to encrypt and/or sign content using a variety of algorithms.

Installation

$ pip install python-jose

Troubleshooting

When I tried to install python-jose on my Mac running Mac OS Sierra (MacOS 10.12.6), I was getting a RuntimeError: autoconf error.

To get around this issue, I had to run the following command.

$ xcode-select --install

This command pops up a window asking your permission to install xcode compiler. Once the compiler install went through, the pip install worked without issue.

Full details of error below:

(newpython3) srini-macbookpro:aws-auth0-auth skarlekar$ (newpython3) srini-macbookpro:aws-auth0-auth skarlekar$ pip install python-jose The directory ‘/Users/skarlekar/Library/Caches/pip/http’ or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo’s -H flag. The directory ‘/Users/skarlekar/Library/Caches/pip’ or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo’s -H flag. Collecting python-jose
Downloading python_jose-1.4.0-py2.py3-none-any.whl Collecting ecdsa<1.0 (from python-jose) Downloading ecdsa-0.13-py2.py3-none-any.whl (86kB) 100% |████████████████████████████████| 92kB 3.6MB/s Collecting six<2.0 (from python-jose) Downloading six-1.11.0-py2.py3-none-any.whl Collecting future<1.0 (from python-jose) Downloading future-0.16.0.tar.gz (824kB) 100% |████████████████████████████████| 829kB 941kB/s Collecting pycrypto<2.7.0,>=2.6.0 (from python-jose) Downloading pycrypto-2.6.1.tar.gz (446kB) 100% |████████████████████████████████| 450kB 1.6MB/s Installing collected packages: ecdsa, six, future, pycrypto, python-jose
Running setup.py install for future … done Running setup.py install for pycrypto … error Complete output from command /Users/skarlekar/anaconda/envs/newpython3/bin/python -u -c “import setuptools, tokenize;file=’/private/var/folders/zh/54fz82bn0tb4cgv0bdjcffqw0000gn/T/pip-build-spygzevz/pycrypto/setup.py’;f=getattr(tokenize, ‘open’, open)(file);code=f.read().replace(‘\r\n’, ‘\n’);f.close();exec(compile(code, file, ‘exec’))” install –record /var/folders/zh/54fz82bn0tb4cgv0bdjcffqw0000gn/T/pip-y3p2qipv-record/install-record.txt –single-version-externally-managed –compile: running install running build running build_py creating build creating build/lib.macosx-10.7-x86_64-3.6 creating build/lib.macosx-10.7-x86_64-3.6/Crypto copying lib/Crypto/init.py -> build/lib.macosx-10.7-x86_64-3.6/Crypto copying lib/Crypto/pct_warnings.py -> build/lib.macosx-10.7-x86_64-3.6/Crypto creating build/lib.macosx-10.7-x86_64-3.6/Crypto/Hash copying lib/Crypto/Hash/init.py -> build/lib.macosx-10.7-x86_64-3.6/Crypto/Hash copying lib/Crypto/Hash/hashalgo.py -> build/lib.macosx-10.7-x86_64-3.6/Crypto/Hash … … (snipped for brevity) … Skipping optional fixer: buffer Skipping optional fixer: idioms Skipping optional fixer: set_literal Skipping optional fixer: ws_comma running build_ext running build_configure checking for gcc… gcc checking whether the C compiler works… yes checking for C compiler default output file name… a.out checking for suffix of executables… checking whether we are cross compiling… configure: error: in /private/var/folders/zh/54fz82bn0tb4cgv0bdjcffqw0000gn/T/pip-build-spygzevz/pycrypto':
configure: error: cannot run C compiled programs.
If you meant to cross compile, use
–host’. See `config.log’ for more details Traceback (most recent call last): File ““, line 1, in File “/private/var/folders/zh/54fz82bn0tb4cgv0bdjcffqw0000gn/T/pip-build-spygzevz/pycrypto/setup.py”, line 456, in core.setup(**kw) File “/Users/skarlekar/anaconda/envs/newpython3/lib/python3.6/distutils/core.py”, line 148, in setup dist.run_commands() File “/Users/skarlekar/anaconda/envs/newpython3/lib/python3.6/distutils/dist.py”, line 955, in run_commands self.run_command(cmd) File “/Users/skarlekar/anaconda/envs/newpython3/lib/python3.6/distutils/dist.py”, line 974, in run_command cmd_obj.run() File “/Users/skarlekar/anaconda/envs/newpython3/lib/python3.6/site-packages/setuptools/command/install.py”, line 61, in run return orig.install.run(self) File “/Users/skarlekar/anaconda/envs/newpython3/lib/python3.6/distutils/command/install.py”, line 545, in run self.run_command(‘build’) File “/Users/skarlekar/anaconda/envs/newpython3/lib/python3.6/distutils/cmd.py”, line 313, in run_command self.distribution.run_command(command) File “/Users/skarlekar/anaconda/envs/newpython3/lib/python3.6/distutils/dist.py”, line 974, in run_command cmd_obj.run() File “/Users/skarlekar/anaconda/envs/newpython3/lib/python3.6/distutils/command/build.py”, line 135, in run self.run_command(cmd_name) File “/Users/skarlekar/anaconda/envs/newpython3/lib/python3.6/distutils/cmd.py”, line 313, in run_command self.distribution.run_command(command) File “/Users/skarlekar/anaconda/envs/newpython3/lib/python3.6/distutils/dist.py”, line 974, in run_command cmd_obj.run() File “/private/var/folders/zh/54fz82bn0tb4cgv0bdjcffqw0000gn/T/pip-build-spygzevz/pycrypto/setup.py”, line 251, in run self.run_command(cmd_name) File “/Users/skarlekar/anaconda/envs/newpython3/lib/python3.6/distutils/cmd.py”, line 313, in run_command self.distribution.run_command(command) File “/Users/skarlekar/anaconda/envs/newpython3/lib/python3.6/distutils/dist.py”, line 974, in run_command cmd_obj.run() File “/private/var/folders/zh/54fz82bn0tb4cgv0bdjcffqw0000gn/T/pip-build-spygzevz/pycrypto/setup.py”, line 278, in run raise RuntimeError(“autoconf error”) RuntimeError: autoconf error
-—————————————

Authenticating to GitHub using SSH

You can use SSH to connect and authenticate to GitHub. This allows you to check-in your artifacts to GitHub from the CLI without having to provide your username and password during every git push. Here are some notes on how to enable SSH for GitHub.

Generating a new SSH key

Open Terminal.

Paste the text below, substituting in your GitHub email address.

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

This creates a new ssh key, using the provided email as a label.

Generating public/private rsa key pair.

When you’re prompted to Enter a file in which to save the key, press Enter. This accepts the default file location.

 Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]

At the prompt, type a secure passphrase.

Enter passphrase (empty for no passphrase): [Type a passphrase]
Enter same passphrase again: [Type passphrase again]

Adding your SSH key to the ssh-agent

Before adding a new SSH key to the ssh-agent to manage your keys, you should have checked for existing SSH keys and generated a new SSH key. When adding your SSH key to the agent, use the default macOS ssh-add command, and not an application installed by macports, homebrew, or some other external source.

Start the ssh-agent in the background.

eval "$(ssh-agent -s)"
Agent pid 4356

If you’re using macOS Sierra 10.12.2 or later, you will need to modify your ~/.ssh/config file to automatically load keys into the ssh-agent and store passphrases in your keychain.

Host *
 AddKeysToAgent yes
 UseKeychain yes
 IdentityFile ~/.ssh/id_rsa

Add your SSH private key to the ssh-agent and store your passphrase in the keychain. If you created your key with a different name, or if you are adding an existing key that has a different name, replace id_rsa in the command with the name of your private key file.

$ ssh-add -K ~/.ssh/id_rsa

Add the SSH key to your GitHub account

Copy the SSH key to your clipboard.

If your SSH key file has a different name than the example code, modify the filename to match your current setup. When copying your key, don’t add any newlines or whitespace.

$ pbcopy < ~/.ssh/id_rsa.pub
# Copies the contents of the id_rsa.pub file to your clipboard

Tip: If pbcopy isn’t working, you can locate the hidden .ssh folder, open the file in your favorite text editor, and copy it to your clipboard.

Now login to your GitHub account in a browser. In the upper-right corner of any page, click your profile photo, then click Settings.

In the user settings sidebar, click SSH and GPG keys.

Click New SSH key or Add SSH key.

In the Title field, add a descriptive label for the new key. For example, if you’re using a Mac, you might call this key “My Mac”. Paste your key into the “Key” field.

Click Add SSH key.

If prompted, confirm your GitHub password.


Switching remote URLs from HTTPS to SSH

Open Terminal.

Change the current working directory to your local project.

List your existing remotes in order to get the name of the remote you want to change.

git remote -v
origin  https://github.com/USERNAME/REPOSITORY.git (fetch)
origin  https://github.com/USERNAME/REPOSITORY.git (push)

Change your remote’s URL from HTTPS to SSH with the git remote set-url command.

git remote set-url origin git@github.com:USERNAME/REPOSITORY.git

Verify that the remote URL has changed.

git remote -v
# Verify new remote URL
origin  git@github.com:USERNAME/REPOSITORY.git (fetch)
origin  git@github.com:USERNAME/REPOSITORY.git (push)

What is AWS Shared Responsibility Model?

Security and Compliance is a shared responsibility on the cloud between AWS and its customers. Where Amazon is responsible for “the security OF the cloud”, the customer is responsible for “the security IN the cloud”.

Security of the Cloud – AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and physical security at the facilities that run the AWS Cloud services.

Security in the Cloud – The customer responsibility is determined by the AWS Cloud services that a customer selects. This translates to the amount of configuration work the customer must perform as part of their security responsibilities. For example, services such as Amazon Elastic Compute Cloud (Amazon EC2), Amazon Virtual Private Cloud (Amazon VPC), and Amazon S3 are categorized as Infrastructure as a Service (IaaS) and, as such, require the customer to perform all of the necessary security configuration and management tasks. If a customer deploys an Amazon EC2 instance, they are responsible for management of the guest operating system including updates and security patches, any application software or utilities installed by the customer on the instances, and the configuration of the AWS-provided firewall such as security group on each instance.

This short animation succinctly drives the message.