Mitigate new Rust compiler dependency on Linux via transitive cryptography dependency


cryptography is a transitive dependency of the synapseclient on Linux (keyring -> SecretStorage -> cryptography).

The recently released cryptography 3.4 requires a Rust compiler to compile from source. A Python interpreter on a Linux system without a Rust compiler that does not already have cryptography installed and that cannot install from one of the pre-compiled wheels (for example because it's using an old version of pip or because there is no wheel for the architecture) will raise an error when installing synapseclient.

docker run -ti ubuntu:16.04 /bin/bash

  1. downgrade pip to a version that doesn't won't be able to install from a wheel
    pip install pip==18.1

pip install synapseclient

running build_rust

=============================DEBUG ASSISTANCE=============================
If you are seeing a compilation error please try the following steps to
successfully install cryptography:
1) Upgrade to the latest pip and try again. This will fix errors for most
users. See:
2) Read for specific
instructions for your platform.
3) Check our frequently asked questions for more information:
4) Ensure you have a recent Rust toolchain installed:
5) If you are experiencing issues with Rust for this release only you may
set the environment variable `CRYPTOGRAPHY_DONT_BUILD_RUST=1`.
=============================DEBUG ASSISTANCE=============================

error: Can not find Rust compiler

Command "/usr/local/bin/python -u -c "import setuptools, tokenize;_file='/tmp/pip-install-szcg2p02/cryptography/';f=getattr(tokenize, 'open', open)(file_);'\r\n', '\n');f.close();exec(compile(code, _file_, 'exec'))" install --record /tmp/pip-record-mby_dibi/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-install-szcg2p02/cryptography/
You are using pip version 18.1, however version 21.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

This is an issue with synapser but can also affect a standalone Python installation as above.

A temporary workaround is to use the ```export CRYPTOGRAPHY_DONT_BUILD_RUST=true``` flag but this will not work past cyrptography 3.4.

We could pin 3.4 as a dependency of synapseclient on Linux, but preferably only if it's not already installed as if someone has a 3.4 version of cryptography we wouldn't want to downgrade them.


Linux with pip < 20


Jordan Kiang
March 3, 2021, 12:51 AM

This can be verified on a 20.04 ubuntu installation with a manually downgraded pip that won't support the cryptography wheels:

Current version fails after downgrading pip to 18.1:

RC installs successfully with the same pip version:



Jordan Kiang


Jordan Kiang





Development Area


Release Version History


Slack Channel


Fix versions

Affects versions