/usr/bin/cmake: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory

Hello all. Cmake on Rawhide x86_64 tries to load legacy OpenSSL 1.1 with libcrypto.so.1.1 and fails: + /usr/bin/cmake -S . -B redhat-linux-build -DCMAKE_C_FLAGS_RELEASE:STRING=-DNDEBUG -DCMAKE_CXX_FLAGS_RELEASE:STRING=-DNDEBUG -DCMAKE_Fortran_FLAGS_RELEASE:STRING=-DNDEBUG -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DCMAKE_INSTALL_DO_STRIP:BOOL=OFF -DCMAKE_INSTALL_PREFIX:PATH=/usr -DINCLUDE_INSTALL_DIR:PATH=/usr/include -DLIB_INSTALL_DIR:PATH=/usr/lib64 -DSYSCONF_INSTALL_DIR:PATH=/etc -DSHARE_INSTALL_PREFIX:PATH=/usr/share -DLIB_SUFFIX=64 -DBUILD_SHARED_LIBS:BOOL=ON -G Ninja -DCMAKE_BUILD_TYPE=Release RPM build errors: /usr/bin/cmake: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory error: Bad exit status from /var/tmp/rpm-tmp.y6BkQ1 (%build) Bad exit status from /var/tmp/rpm-tmp.y6BkQ1 (%build) Child return code was: 1 Affected Koji build: https://koji.fedoraproject.org/koji/taskinfo?taskID=79545927

On 03. 12. 21 15:45, Kamil Dudka wrote: > On Friday, December 3, 2021 2:58:24 PM CET Vitaly Zaitsev via devel wrote: >> Hello all. >> >> Cmake on Rawhide x86_64 tries to load legacy OpenSSL 1.1 with >> libcrypto.so.1.1 and fails: >> >> + /usr/bin/cmake -S . -B redhat-linux-build >> -DCMAKE_C_FLAGS_RELEASE:STRING=-DNDEBUG >> -DCMAKE_CXX_FLAGS_RELEASE:STRING=-DNDEBUG >> -DCMAKE_Fortran_FLAGS_RELEASE:STRING=-DNDEBUG >> -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DCMAKE_INSTALL_DO_STRIP:BOOL=OFF >> -DCMAKE_INSTALL_PREFIX:PATH=/usr -DINCLUDE_INSTALL_DIR:PATH=/usr/include >> -DLIB_INSTALL_DIR:PATH=/usr/lib64 -DSYSCONF_INSTALL_DIR:PATH=/etc >> -DSHARE_INSTALL_PREFIX:PATH=/usr/share -DLIB_SUFFIX=64 >> -DBUILD_SHARED_LIBS:BOOL=ON -G Ninja -DCMAKE_BUILD_TYPE=Release >> RPM build errors: >> /usr/bin/cmake: error while loading shared libraries: libcrypto.so.1.1: >> cannot open shared object file: No such file or directory >> error: Bad exit status from /var/tmp/rpm-tmp.y6BkQ1 (%build) >>       Bad exit status from /var/tmp/rpm-tmp.y6BkQ1 (%build) >> Child return code was: 1 >> >> Affected Koji build: >> https://koji.fedoraproject.org/koji/taskinfo?taskID=79545927 > > Same issue with my build of cswrap.  It is weird that it happens on x86_64 only: > >      https://koji.fedoraproject.org/koji/taskinfo?taskID=79545725 This has surfaced by the last package in the default buildroot dropping the dependency on openssl1.1: https://bugzilla.redhat.com/show_bug.cgi?id=2022026#c7 I see more apps affected: <mock-chroot> sh-5.1$ cmake --help cmake: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory <mock-chroot> sh-5.1$ appstream-util --help appstream-util: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory It seems that something still pulls in openssl1.1 on other architectures, e.g. in this build: https://koschei.fedoraproject.org/build/11634367 Both aarch64 and ppc64le have openssl1.1 in the root.log

On 03. 12. 21 15:59, Miro Hrončok wrote: > On 03. 12. 21 15:49, Miro Hrončok wrote: >> On 03. 12. 21 15:45, Kamil Dudka wrote: >>> On Friday, December 3, 2021 2:58:24 PM CET Vitaly Zaitsev via devel wrote: >>>> Hello all. >>>> >>>> Cmake on Rawhide x86_64 tries to load legacy OpenSSL 1.1 with >>>> libcrypto.so.1.1 and fails: >>>> >>>> + /usr/bin/cmake -S . -B redhat-linux-build >>>> -DCMAKE_C_FLAGS_RELEASE:STRING=-DNDEBUG >>>> -DCMAKE_CXX_FLAGS_RELEASE:STRING=-DNDEBUG >>>> -DCMAKE_Fortran_FLAGS_RELEASE:STRING=-DNDEBUG >>>> -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DCMAKE_INSTALL_DO_STRIP:BOOL=OFF >>>> -DCMAKE_INSTALL_PREFIX:PATH=/usr -DINCLUDE_INSTALL_DIR:PATH=/usr/include >>>> -DLIB_INSTALL_DIR:PATH=/usr/lib64 -DSYSCONF_INSTALL_DIR:PATH=/etc >>>> -DSHARE_INSTALL_PREFIX:PATH=/usr/share -DLIB_SUFFIX=64 >>>> -DBUILD_SHARED_LIBS:BOOL=ON -G Ninja -DCMAKE_BUILD_TYPE=Release >>>> RPM build errors: >>>> /usr/bin/cmake: error while loading shared libraries: libcrypto.so.1.1: >>>> cannot open shared object file: No such file or directory >>>> error: Bad exit status from /var/tmp/rpm-tmp.y6BkQ1 (%build) >>>>       Bad exit status from /var/tmp/rpm-tmp.y6BkQ1 (%build) >>>> Child return code was: 1 >>>> >>>> Affected Koji build: >>>> https://koji.fedoraproject.org/koji/taskinfo?taskID=79545927 >>> >>> Same issue with my build of cswrap.  It is weird that it happens on x86_64 >>> only: >>> >>>      https://koji.fedoraproject.org/koji/taskinfo?taskID=79545725 >> >> This has surfaced by the last package in the default buildroot dropping the >> dependency on openssl1.1: >> >> https://bugzilla.redhat.com/show_bug.cgi?id=2022026#c7 >> >> >> I see more apps affected: >> >> <mock-chroot> sh-5.1$ cmake --help >> cmake: error while loading shared libraries: libcrypto.so.1.1: cannot open >> shared object file: No such file or directory >> >> <mock-chroot> sh-5.1$ appstream-util --help >> appstream-util: error while loading shared libraries: libcrypto.so.1.1: >> cannot open shared object file: No such file or directory >> >> It seems that something still pulls in openssl1.1 on other architectures, >> e.g. in this build: >> >> https://koschei.fedoraproject.org/build/11634367 >> >> Both aarch64 and ppc64le have openssl1.1 in the root.log > > It seems that libarchive still requires libcrypto.so.1.1()(64bit) > > But on x86_64, opae-devel provides that with: > > ExclusiveArch:  x86_64 > > I'll report that. https://bugzilla.redhat.com/show_bug.cgi?id=2028852

On 03/12/2021 17:41, Miro Hrončok wrote: > The bundled openssl in opae worries me still, but that's not causing > issues in dependency resolution any more. I think FESCo should create a strict policy on bundling cryptographic libraries.

On 03/12/2021 17:16, Vitaly Zaitsev via devel wrote: > On 03/12/2021 17:41, Miro Hrončok wrote: > > > The bundled openssl in opae worries me still, but that's not causing > > issues in dependency resolution any more. > > I think FESCo should create a strict policy on bundling cryptographic > libraries. Well bundling a binary from upstream is already against policy so I don't see how that helps. The problem isn't a lack of policy, it's that the packager didn't notice those files or didn't realise they weren't allowed.

Tom -- Tom Hughes (tom(a)compton.nu) http://compton.nu/ _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

On 03/12/2021 17:48, Simo Sorce wrote: > On Fri, 2021-12-03 at 17:25 +0000, Tom Hughes via devel wrote: >> On 03/12/2021 17:16, Vitaly Zaitsev via devel wrote: >>> On 03/12/2021 17:41, Miro Hrončok wrote: >>> >>>> The bundled openssl in opae worries me still, but that's not causing >>>> issues in dependency resolution any more. >>> >>> I think FESCo should create a strict policy on bundling cryptographic >>> libraries. >> >> Well bundling a binary from upstream is already against policy >> so I don't see how that helps. >> >> The problem isn't a lack of policy, it's that the packager didn't >> notice those files or didn't realise they weren't allowed. > > So the opae-2.0.0 tarball has libcrypto embedded-in what is the process > now ? > > This stuff is used for a Python tool that is used to sign some binary, > almost certainly there is absolutely no reason to bundle libcrypto, the > tool should probably be unbundled and turned into a regular python > module opae depends on. It has an openssl.py that dlopen's the so:   def _find_openssl_so(self, version, *paths):     candidates = list(paths)     crypto = util.find_library('crypto')     if crypto:       candidates.insert(0, crypto)     for c in candidates:       dll = CDLL(c) So that might already find the system one if you have it but probably only if you have openssl-devel installed to get the .so link with no version. But dropping the binaries and doing a relatively minor patch to that is likely all that is needed.

> Do we know who is the current maintainer? > The changelog seem to imply Intel dropped it into Fedora and never > maintained it after Sep 17 2020 ... Well src.fpo says trix aka Tom Rix is the maintainer. Tom

On 03. 12. 21 16:06, Miro Hrončok wrote: > On 03. 12. 21 15:59, Miro Hrončok wrote: > > On 03. 12. 21 15:49, Miro Hrončok wrote: > > > On 03. 12. 21 15:45, Kamil Dudka wrote: > > > > On Friday, December 3, 2021 2:58:24 PM CET Vitaly Zaitsev via devel wrote: > > > > It seems that libarchive still requires libcrypto.so.1.1()(64bit) > > > > But on x86_64, opae-devel provides that with: > > > > ExclusiveArch:  x86_64 > > > > I'll report that. > > https://bugzilla.redhat.com/show_bug.cgi?id=2028852 The problem is now fixed. The bundled openssl in opae worries me still, but that's not causing issues in dependency resolution any more.