Openssl 3 rebuild #156
Labels
No Label
blocked upstream
bug
build-failure
duplicate
enhancement
help wanted
informational
invalid
invalid/corrupt package
packaging issue
priority: high
question
support
wontfix
No Milestone
No project
No Assignees
10 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: ALHP/ALHP.GO#156
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
So, I updated my system and lots of errors popped up.
Errors seem to come from
systemd
,bat
,kitty
(python
has something to do with it) andflatpak
but I've already seen that some other famous ones don't start up either, specifically electron-based ones.Ah yes,
sudo
andpacman
broke as well.Yes, I also got some problems including a kernel panic because of openssl not updating correctly. In the meantime you can install openssl-1.1 to avoid these problems.
Source: https://unix.stackexchange.com/questions/723616/how-to-fix-missing-libcrypto-so-1-1
But yes, openssl version on ALHP is still 1.1.1 when in upstream is 3.0.7
ALHP builds packages after they are release in Archs Source Repo. Since the
openssl
rebuild includes quite a lot of packages, this is going to take a while. You have to be a little patient, we sadly do not have all the computing power needed to provide "realtime" updates. In the meantime, deps can break if you try to upgrade packages coming from the official repos while ALHP is still not caught up. This can only be fixed by providing these packages from ALHP as well, but that would mean providing all packages Arch offers, even the ones that do not benefit from recompiling at all and would increase repo-size and repo-compiletime even more. (and would essentially make us a fully blown distro instead of just user-repos). Sadly this is simply not possible with the current build-server, as its not providing enough cpu-power to build some of the larger packages (especially the ones currently blacklisted because they clog up the build process) in a timely manner.Then we will wait patiently! Thanks!😉
If anyone is here wondering how to fix their system, here's what worked for me
pacman-static
installed (most probably not), download a binary usingwget https://pkgbuild.com/~morganamilo/pacman-static/x86_64/bin/pacman-static
chmod +x pacman-static
./pacman-static -S core/openssl core/openssl-1.1
This way you'll have both versions of openssl installed, once every package will be updated and linked with openssl v3 you'll be able to
pacman -R openssl-1.1
(I personally recommend to do so also for security reasons)ALHP is around half-way through. ~300 packages left.
22:35 UTC: ~80 left.
openssl
rebuild cycle has completed.I'll close this, please reopen if you still experience issues.
boinc, boinc-nox, and boinctui are still linked against openssl-1.1. The Arch official packages are fine.
Many packages need rebuild because of openssl updateto Openssl 3 rebuildWeird, that should not happen, since ALHP does check for up to date dependencies. Well, I requeued them while I'll have a look later why that is still possible.
I'm afraid it happens the same for nextcloud-client because when I don't have openssl-1.1 installed it throws:
And with openssl-1.1 it works.
Queued that as well. Hope not all ~500 packages are affected 😰.
grub-customizer 5.2.2-2.1, qbittorrent 4.4.5-2.1 is affected. Versions from official repos (x.x.x-2) not depend on ssl1.1. Open ssl 3.0.7-2.1 from ALHP repo's.
Thanks @yZibi, I queued them for rebuild.
mosh 1.4.0-2.1 is also still linked against OpenSSL 1.1 and needs a rebuild (which is interesting, as the community version built against OpenSSL 3.x is mosh 1.4.0-2).
Queued
mosh
.axel
is still built against openssl-1.1@N3k0-san Queued that, thanks!
Looks like
rustup
is linked against OpenSSL 1.1.@anonfunc It seems to still be linked against Openssl-1.1?
Or did it not rebuild yet? It still throws the ssl error when I use it :/
@N3k0-san Have you tried reinstalling it? ALHP has a bug where it sometimes does not increase the pkgrel correctly. You should get an invalid signature error, then you can redownload the rebuild one.
@Piroro-hs
rustup
does not seem to link directly to openssl. Maybe its just a dependency which is incorrectly linked? Can you postlddtree
?Ah, uninstalling it and reinstalling it did work; didn't expect to need to do that
Thanks
Sorry for late reply. I don't know why but
rustup
seems to link to OpenSSL 1.1 directly and to 3.0 via libcurl dependency.I guess that's also the root of the problem in regards to why ALHP has not recognized that out of date dependency situation. I'll need to add a recursive dependency version check so that ALHP can catch these cases.
I requeued it in the meantime.
I am using
x86-64-v2
, anddovecot
broke with ALHP.I decided to remove ALHP and stay on x86-64.
I had the error:
I requeued
dovecot
, thanks for the hint.@anonfunc Thanks! Any plans to fix it definitely as
openssl
is quite critical to Arch Linux?There is sadly no way to "fix" this elegantly (after the fact at least, besides rebuilding almost the whole repo, which is not practical). This should not have happened in the first place, since ALHP does check deps before building. I'm still not quite sure what went wrong, and I sadly have not that much time on hands at the moment to make the deep-dive necessary. We already caught quite a few packages, so I hope there are not that many left.
I checked if there is an option to check for missing shared libs via ldd(tree) or similar, but that would mean installing each package in a clean chroot and then parse ldd(tree) (or run something like
rebuild-detector
), since on a used system you could have the necessary dep by "accident".rebuild-detector
does these checks and more, but sadly does not do them in a clean chroot, so its more or less useless in this case. Furthermore, I can't estimate how many false positives there will be, but I imagine quite a few. We could have some logic that will rebuild these once, and if they still show up (with the same libs 'missing'), it's probably not a build issue. But that would only add to the time required adding such a feature, wich I currently have too little of on hand to implement. Besides, I think it would be wiser to invest time in making this not happen in the first place than spending all this time fixing the symptoms.iperf3, spice-gtk, and opusfile are also broken
EDIT: and dmg2img, libp11
@blorgymanblorg Thanks, requeued.
aws-c-cal (used by aws-cli-v2) is also broken.
Thank you
@Alpha3288 Thanks, fixed.
pam-u2f too. Thanks
Done.
I think we have probably caught all packages that were affected. Closing this. Feel free to reopen if you spot any more packages.
@anonfunc Spotted one:
partimage
Thanks, queued.