You will need a macOS computer running High Sierra or higher with administrative access and an internet connection. Step 1 — Using the macOS Terminal. To access the command line interface on your Mac, you’ll use the Terminal application provided by macOS. Additionally, SUMO provides native macOS application bundles for its graphical applications, so they can be added to the macOS dock. There is a separate brew cask that will copy these bundles to the Applications folder: brew cask install sumo-gui.
You can install cryptography
with pip
:
If this does not work please upgrade your pip first, as that is thesingle most common cause of installation problems.
Supported platforms¶
Currently we test cryptography
on Python 3.6+ and PyPy3 7.3.1 on theseoperating systems.
- x86-64 & AArch64 CentOS 8.x
- x86-64 Fedora (latest)
- x86-64 macOS 10.15 Catalina
- x86-64 & AArch64 Ubuntu 18.04, 20.04
- x86-64 Ubuntu rolling
- x86-64 Debian Stretch (9.x), Buster (10.x), Bullseye (11.x), and Sid(unstable)
- x86-64 Alpine (latest)
- 32-bit and 64-bit Python on 64-bit Windows Server 2019
We test compiling with clang
as well as gcc
and use the followingOpenSSL releases:
OpenSSL1.1.0-latest
OpenSSL1.1.1-latest
Building cryptography on Windows¶
The wheel package on Windows is a statically linked build (as of 0.5) so alldependencies are included. To install cryptography
, you will typicallyjust run
If you prefer to compile it yourself you’ll need to have OpenSSL installed.You can compile OpenSSL yourself as well or use a binary distribution.Be sure to download the proper version for your architecture and Python(VC2015 is required for 3.6 and above). Wherever you place your copy of OpenSSLyou’ll need to set the LIB
and INCLUDE
environment variables to includethe proper locations. For example:
As of OpenSSL 1.1.0 the library names have changed from libeay32
andssleay32
to libcrypto
and libssl
(matching their names on all otherplatforms). cryptography
links against the new 1.1.0 names by default. Ifyou need to compile cryptography
against an older version then you mustset CRYPTOGRAPHY_WINDOWS_LINK_LEGACY_OPENSSL
or else installation will fail.
You will also need to have Rust installed andavailable.
If you need to rebuild cryptography
for any reason be sure to clear thelocal wheel cache.
Building cryptography on Linux¶
Note
If you are on RHEL/CentOS/Fedora/Debian/Ubuntu or another distributionderived from the preceding list, then you should upgrade pip andattempt to install cryptography
again before following the instructionsto compile it below. These platforms will receive a binary wheel andrequire no compiler if you have an updated pip
!
cryptography
ships manylinux
wheels (as of 2.0) so all dependenciesare included. For users on pip 19.0 or above running on a manylinux2010
(or greater) compatible distribution (almost everything except Alpine) allyou should need to do is:
If you are on Alpine or just want to compile it yourself thencryptography
requires a C compiler, a Rust compiler, headers for Python (ifyou’re not using pypy
), and headers for the OpenSSL and libffi
librariesavailable on your system.
On all Linux distributions you will need to have Rust installed andavailable.
Alpine¶
Warning
The Rust available by default in Alpine < 3.12 is older than the minimumsupported version. See the Rust installation instructions for information about installing a newer Rust.
If you get an error with openssl-dev
you may have to use libressl-dev
.
Debian/Ubuntu¶
Warning
The Rust available in current Debian stable and some Ubuntu versions isolder than the minimum supported version. Ubuntu 18.04 and 20.04 aresufficiently new, but otherwise please see theRust installation instructions for informationabout installing a newer Rust.
Fedora/RHEL 8/CentOS 8¶
Warning
For RHEL and CentOS you must be on version 8.3 or newer for the commandbelow to install a sufficiently new Rust. If your Rust is less than 1.41.0please see the Rust installation instructionsfor information about installing a newer Rust.
RHEL 7/CentOS 7¶
Warning
You must install Rust using the Rust installation instructions. cryptography
requires a Rust version newer thanwhat is provided in the distribution packages.
Building¶
You should now be able to build and install cryptography. To avoid gettingthe pre-built wheel on manylinux
compatible distributions you’ll need touse --no-binary
.
Using your own OpenSSL on Linux¶
Python links to OpenSSL for its own purposes and this can sometimes causeproblems when you wish to use a different version of OpenSSL with cryptography.If you want to use cryptography with your own build of OpenSSL you will need tomake sure that the build is configured correctly so that your version ofOpenSSL doesn’t conflict with Python’s.
The options you need to add allow the linker to identify every symbol correctlyeven when multiple versions of the library are linked into the same program. Ifyou are using your distribution’s source packages these will probably bepatched in for you already, otherwise you’ll need to use options something likethis when configuring OpenSSL:
Static Wheels¶
Cryptography ships statically-linked wheels for macOS, Windows, and Linux (viamanylinux
). This allows compatible environments to use the most recentOpenSSL, regardless of what is shipped by default on those platforms. SomeLinux distributions (most notably Alpine) are not manylinux
compatible sowe cannot distribute wheels for them.
However, you can build your own statically-linked wheels that will work on yourown systems. This will allow you to continue to use relatively old Linuxdistributions (such as LTS releases), while making sure you have the mostrecent OpenSSL available to your Python programs.
To do so, you should find yourself a machine that is as similar as possible toyour target environment (e.g. your production environment): for example, spinup a new cloud server running your target Linux distribution. On this machine,install the Cryptography dependencies as mentioned in Building cryptography on Linux.Please also make sure you have virtualenv installed: this should beavailable from your system package manager.
Then, paste the following into a shell script. You’ll need to populate theOPENSSL_VERSION
variable. To do that, visit openssl.org and find thelatest non-FIPS release version number, then set the string appropriately. Forexample, for OpenSSL 1.0.2k, use OPENSSL_VERSION='1.0.2k'
.
When this shell script is complete, you’ll find a collection of wheel files ina directory called wheelhouse
. These wheels can be installed by asufficiently-recent version of pip
. The Cryptography wheel in thisdirectory contains a statically-linked OpenSSL binding, which ensures that youhave access to the most-recent OpenSSL releases without corrupting your systemdependencies.
Building cryptography on macOS¶
Note
If installation gives a fatalerror:'openssl/aes.h'filenotfound
see the FAQ for information about how to fix this issue.
The wheel package on macOS is a statically linked build (as of 1.0.1) so forusers with pip 8 or above you only need one step:
If you want to build cryptography yourself or are on an older macOS version,cryptography requires the presence of a C compiler, development headers, andthe proper libraries. On macOS much of this is provided by Apple’s Xcodedevelopment tools. To install the Xcode command line tools (on macOS 10.10+)open a terminal window and run:
This will install a compiler (clang) along with (most of) the requireddevelopment headers.
You will also need to have Rust installed andavailable, which can be obtained from Homebrew,MacPorts, or directly from the Rust website.
Finally you need OpenSSL, which you can obtain from Homebrew or MacPorts.Cryptography does not support the OpenSSL/LibreSSL libraries Apple shipsin its base operating system.
To build cryptography and dynamically link it:
MacPorts:
You can also build cryptography statically:
MacPorts:
If you need to rebuild cryptography
for any reason be sure to clear thelocal wheel cache.
Rust¶
Note
If you are on RHEL/CentOS/Fedora/Debian/Ubuntu or another distributionderived from the preceding list, then you should upgrade pip (ina virtual environment!) and attempt to install cryptography
againbefore trying to install the Rust toolchain. These platforms will receivea binary wheel and require no compiler if you have an updated pip
!
Building cryptography
requires having a working Rust toolchain. The currentminimum supported Rust version is 1.41.0. This is newer than the Rust mostpackage managers ship, so users will likely need to install with theinstructions below.
Instructions for installing Rust can be found on the Rust Project’s website.We recommend installing Rust with rustup
(as documented by the RustProject) in order to ensure you have a recent version.
Rust is only required when building cryptography
, meaning that you mayinstall it for the duration of your pipinstall
command and then remove itfrom a system. A Rust toolchain is not required to usecryptography
. Indeployments such as docker
, you may use a multi-stage Dockerfile
whereyou install Rust during the build phase but do not install it in the runtimeimage. This is the same as the C compiler toolchain which is also required tobuild cryptography
, but not afterwards.
First part in a multi-part blog series for Mac developers
Part 1: macOS 11.0 Big Sur Web Development Environment
Developing web applications on macOS is a real joy. There are plenty of options for setting up your development environments, including the ever-popular MAMP Pro that provides a nice UI on top of Apache, PHP and MySQL. However, there are times when MAMP Pro has slow downs, or out of date versions, or is simply behaving badly due to its restrictive system of configuration templates and non-standard builds.
It is times like these that people often look for an alternative approach, and luckily there is one, and it is relatively straight-forward to setup.
In this blog post, we will walk you through setting up and configuring Apache 2.4 and multiple PHP versions. In the second blog post in this two-post series, we will cover MySQL, Apache virtual hosts, APC caching, and Xdebug installation.
11/27/2019 Updated to add some information on PHP 8.0
11/13/2020 Updated to reflect the release of macOS 11.0 Big Sur
12/02/2019 Updated to reflect the latest release of PHP 7.4 and the removal of PHP 7.1 from Official tap
12/02/2019 Updated to reflect the latest release of PHP 7.4 and the removal of PHP 7.1 from Official tap
10/08/2019 Updated to reflect the release of macOS 10.5 Catalina
01/10/2019 Updated to add back PHP 5.6 and PHP 7.0 from and external deprecated keg
12/12/2018 Updated to reflect the latest release of PHP 7.3 and the removal of PHP 7.0 from Brew.
If you have followed this guide in the past with the Homebrew/php
tap, and are looking to upgrade to the new Homebrew/core
approach, then you should first clean-up your current installation by following our new Upgrading Homebrew.
This guide is intended for experienced web developers. If you are a beginner developer, you will be better served using MAMP or MAMP Pro.
If you don't already have XCode installed, it's best to first install the command line tools as these will be used by homebrew:
This process relies heavily on the macOS package manager called Homebrew. Using the brew
command you can easily add powerful functionality to your mac, but first we have to install it. This is a simple process, but you need to launch your Terminal (/Applications/Utilities/Terminal
) application and then enter:
Just follow the terminal prompts and enter your password where required. This may take a few minutes, but when complete, a quick way to ensure you have installed brew
correctly, simply type:
You should probably also run the following command to ensure everything is configured correctly:
It will instruct you if you need to correct anything.
Big Sur Required Libraries
When installing fresh on Big Sur, I ran into a few libraries that were missing when completing all the steps below. To make things easier, please simply run this now:
aaThe latest macOS 11.0 Big Sur comes with Apache 2.4 pre-installed, however, it is no longer a simple task to use this version with Homebrew because Apple has removed some required scripts in this release. However, the solution is to install Apache 2.4 via Homebrew and then configure it to run on the standard ports (80/443).
If you already have the built-in Apache running, it will need to be shutdown first, and any auto-loading scripts removed. It really doesn't hurt to just run all these commands in order - even if it's a fresh installation:
Now we need to install the new version provided by Brew:
Without options, httpd
won't need to be built from source, so it installs pretty quickly. Upon completion you should see a message like:
Now we just need to configure things so that our new Apache server is auto-started
You now have installed Homebrew's Apache, and configured it to auto-start with a privileged account. It should already be running, so you can try to reach your server in a browser by pointing it at http://localhost:8080
, you should see a simple header that says 'It works!'.
Troubleshooting Tips
If you get a message that the browser can't connect to the server, first check to ensure the server is up.
You should see a few httpd processes if Apache is up and running.
Try to restart Apache with:
You can watch the Apache error log in a new Terminal tab/window during a restart to see if anything is invalid or causing a problem:
Apache is controlled via the brew services
command so some useful commands to use are:
Visual Studio Code
In past guides, I've always provided instructions to edit files using the default TextEdit
application that comes pre-installed. However, this is not what I use myself as it's a terrible editor and when testing my guide for Big Sur, I kept running into problems with encoding, finding line numbers etc. The better solution is to simply install a better editor. So please install the amazingly versatile yet, 100% free, Visual Studio Code. It's available on Mac, Windows, and Linux, but right now we only care about the mac version.
Go to the Visual Studio Code site and click Download for Mac
Once downloaded, drag the application to your preffered Applications location. Next, you want to install the command line tools, so follow the official step-by-step instructions so that you can use the code
command from the Terminal.
Apache Configuration
Now that we have a working web server, we will want to do is make some configuration changes so it works better as a local development server.
In the latest version of Brew, you have to manually set the listen port from the default of 8080
to 80
, so we will need to edit Apache's configuration file /usr/local/etc/httpd/httpd.conf
.
If you followed the instructions above you should be able to use Visual Studio Code to edit your files using the code
Terminal command. However, if you want to use the default TextEditor application to perform edits, you can use the open -e
command followed by the path to the file.
Find the line that says
and change it to 80
:
Next we'll configure it to use the to change the document root for Apache. This is the folder where Apache looks to serve file from. By default, the document root is configured as /usr/local/var/www
. As this is a development machine, let's assume we want to change the document root to point to a folder in our own home directory.
Search for the term DocumentRoot
, and you should see the following line:
Change this to point to your user directory where your_user
is the name of your user account:
You also need to change the <Directory>
tag reference right below the DocumentRoot line. This should also be changed to point to your new document root also:
We removed the optional quotes around the directory paths as TextEdit will probably try to convert those to smart-quotes and that will result in a Syntax error when you try to restart Apache. Even if you edit around the quotes and leave them where they are, saving the document may result in their conversion and cause an error.
In that same <Directory>
block you will find an AllowOverride
setting, this should be changed as follows:
Also we should now enable mod_rewrite which is commented out by default. Search for mod_rewrite.so
and uncomment the line by removing the leading #
by pushing ⌘
+ /
on the line (this is a quick way to uncomment and comment a single or multiple lines:
User & Group
Now we have the Apache configuration pointing to a Sites
folder in our home directory. One problem still exists, however. By default, apache runs as the user daemon
and group daemon
. This will cause permission problems when trying to access files in our home directory. About a third of the way down the httpd.conf
file there are two settings to set the User
and Group
Apache will run under. Change these to match your user account (replace your_user
with your real username), with a group of staff
:
Servername
Apache likes to have a server name in the configuration, but this is disabled by default, so search for:
and replace it with:
Sites Folder
Now, you need to create a Sites
folder in the root of your home directory. You can do this in your terminal, or in Finder. In this new Sites
folder create a simple index.html
and put some dummy content in it like: <h1>My User Web Root</h1>
.
Restart apache to ensure your configuration changes have taken effect:
If you receive an error upon restarting Apache, try removing the quotes around the DocumentRoot and Directory designations we set up earlier.
Pointing your browser to http://localhost
should display your new message. If you have that working, we can move on!
Makes sure you remove the :8080
port we used earlier. Also, you might need to Shift
+ Reload
to clear the browser cache and pick up the new file.
Troubleshooting Non-Sudo httpd Services Start
I will be updating this section with more tips and things to try as I find solutions to common problems. Please hop on our #macos Discord Chat to get some 'live' help.
This year, with macOS Big Sur, I've switched from using sudo
to launch httpd
with root (even though it ran as the user/group defined in httpd.conf
), and for people who have upgraded from that version to this, there have been problems.
I ran into some problems myself but was able to get it working pretty easily, but others have reported more wide-spread problems. Please try these steps if your Apache is not starting when you use brew services start httpd
.
First, try to start apache directly with:
This bypasses the brew services command and often prints out specific issues. If you have issues reported about not being able to write to log files, try removing all the current log httpd log files:
Then try starting again.
If you have see a message saying something like Address already in use: AH00072: make_sock: could not bind to address
, try changing the Listen
config in httpd.conf
to:
If you have existing PHP installations via Brew, you need to first cleanup your setup with our Upgrading Homebrew guide before continuing with this section.
Up until the end of March 2018, all PHP related brews were handled by Homebrew/php
tab, but that has been deprecated, so now we use what's available in the Homebrew/core
package. This should be a better maintained, but is a much less complete, set of packages.
PHP 5.6, PHP 7.0, and PHP 7.1 have been deprecated and removed from Brew because they are out of support, and while it's not recommended for production, there are legitimate reasons to test these unsupported versions in a development environment. These versions also need to 'built from source' in order to use the latest versions of icu4c
and openssl
.
Remember only PHP 7.2 through 7.4 are officially supported by Brew, but these also have to be built which is pretty slow. For the latest version of our guide we will use the new tap from @shivammahtur as there are many versions (including PHP 8.0 builds) pre-built.
PHP 8.0 has just been released and you are able to install it, but it might take some time for compatible PHP modules are fully available.
We will proceed by installing various versions of PHP and using a simple script to switch between them as we need. Feel free to exclude any versions you don't want to install.
Also, you may have the need to tweak configuration settings of PHP to your needs. A common thing to change is the memory setting, or the date.timezone
configuration. The php.ini
files for each version of PHP are located in the following directories:
At this point, I strongly recommend closing ALL your terminal tabs and windows. This will mean opening a new terminal to continue with the next step. This is strongly recommended because some really strange path issues can arise with existing terminals (trust me, I have seen it!).
We have installed but not linked these PHP versions. To switch to PHP 5.6
for example we can type:
Quick test that we're in the correct version:
and to switch to to 7.4
:
And check that it's changed correctly:
Apache PHP Setup - Part 1
You have successfully installed your PHP versions, but we need to tell Apache to use them. You will again need to edit the /usr/local/etc/httpd/httpd.conf
file scroll to the bottom of the LoadModule
entries.
Brew For Macos Catalina 10.15
If you have been following this guide correctly, the last entry should be your mod_rewrite
module:
Below this add the following libphp
modules:
We can only have one module processing PHP at a time, so for now, so we have left our php@5.6
entry uncommented while all the others are commented out. This will tell Apache to use PHP 5.6 to handle PHP requests. (We will add the ability to switch PHP versions later).
Also you must set the Directory Indexes for PHP explicitly, so search for this block:
and replace it with this:
Save the file and stop Apache then start again, now that we have installed PHP:
Validating PHP Installation
The best way to test if PHP is installed and running as expected is to make use of phpinfo(). This is not something you want to leave on a production machine, but it's invaluable in a development environment.
Simply create a file called info.php
in your Sites/
folder you created earlier with this one-liner.
Point your browser to http://localhost/info.php
and you should see a shiny PHP information page:
If you see a similar phpinfo result, congratulations! You now have Apache and PHP running successfully. You can test the other PHP versions by commenting the LoadModule ... php@5.6 ...
entry and uncommenting one of the other ones. Then simply restart apache and reload the same page.
PHP Switcher Script
We hard-coded Apache to use PHP 5.6, but we really want to be able to switch between versions. Luckily, some industrious individuals have already done the hard work for us and written a very handy little PHP switcher script.
This sphp
script has been updated to support PHP 8.0. If you want to use that version, please repeat the process below to get the latest version.
We will install the sphp
script into brew's standard /usr/local/bin
:
Check Your Path
Homebrew should have added its preferred /usr/local/bin
and /usr/local/sbin
to your path as part of its installation process. Quickly test this by typing:
If you don't see this, first try closing your terminal and restarting it. If that doesn't work, check that you have /usr/local/bin
before /usr/bin
and /usr/local/sbin
before /usr/sbin
in the path definition of your ~/.zshrc
file. You can do it temporarily in the shell by typing:
Testing the PHP Switching
After you have completed these steps, you should be able to switch your PHP version by using the command sphp
followed by a two digit value for the PHP version:
You will probably have to enter your administrator password, and it should give you some feedback:
Test to see if your Apache is now running PHP 7.4 by again pointing your browser to http://localhost/info.php
. With a little luck, you should see something like this:
Troubleshooting PHP Switching
If you have upgraded from a previous version of this guide and have installed PHP8, you may see message like: Unknown version of PHP. PHP Switcher can only handle arguments of: 5.6,7.0,7.1,7.2,7.3,7.4
, then you need to reinstall the sphp
script which has been updated.
If you get a message about conflicting PHP versions, then you probably have a conflict of taps. You will need to uninstall your previous PHP versions, then remove the old tap, then add the new tap, and then reinstall PHP versions using the syntax above. For example:
Test Your Setup with Grav CMS!
What better way to test your new powerful setup than to quickly install and test Grav. The best flat-file CMS in the world 😆! We can do this with just a couple of quick terminal commands:
Then just extract the zip file:
This will extract the zip into a ~/Sites/grav-admin
folder. Then simply point your browser at this directory http://localhost/grav-admin
:
Fill in the relevant information to create a new administator user, and simply click Create User to get into the admin. No other steps needed.
All done!!!!
Updating PHP and other Brew Packages
Brew makes it super easy to update PHP and the other packages you install. The first step is to update Brew so that it gets a list of available updates:
This will spit out a list of available updates, and any deleted formulas. To upgrade the packages simply type:
You will need to switch to each of your installed PHP versions and run update again to get updates for each PHP version and ensure you are running the version of PHP you intend.
Activating Specific/Latest PHP Versions
Due to the way our PHP linking is set up, only one version of PHP is linked at a time, only the current active version of PHP will be updated to the latest version. You can see the current active version by typing:
And you can see the specific versions of a PHP package by typing:
OK, that wraps up Part 1 of this 3 part series You now have a fully functional Apache 2.4 installation with a quick-and-easy way to toggle between PHP 5.6, 7.0, 7.1, 7.2, 7.3, 7.4, and 8.0. Check out Part 2 to find out how to setup your environment with MySQL, Virtual Hosts, APC caching, YAML, and Xdebug. Also take a gander at Part 3 to find out how to setup SSL for your Apache Virtual Hosts.