Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auto-upgrade of libopenssl fails when moving from version 1.1.1 to 3.0.x #730

Closed
spillner opened this issue Aug 26, 2023 · 1 comment
Closed

Auto-upgrade of libopenssl fails when moving from version 1.1.1 to 3.0.x #730

spillner opened this issue Aug 26, 2023 · 1 comment
Labels
bug Something isn't working install Installation scripts

Comments

@spillner
Copy link

spillner commented Aug 26, 2023
edited
Loading

Description:

Older versions of libopenssl do not support the TLS validation now running on https://bin.entware.net. This causes opkg upgrade libopenssl to fail. If the user runs opkg upgrade while both libopenssl and wget are marked as superseded, wget will be replaced with a version linked against libopenssl.so.3 even though libopenssl is not upgraded. This leaves wget in an unusable state, which complicates the use of opkg for further system repair.

To reproduce:

  1. On a system with libopenssl at a pre-3.0 version, run opkg update
  2. Run opkg upgrade
  3. Observe that most packages, including wget, update normally, but libopenssl fails with an error like:

Upgrading libopenssl on root from 1.1.1n-1 to 3.0.8-9...
Downloading https://bin.entware.net/armv7sf-k3.2/libopenssl_3.0.8-9_armv7-3.2.ipk
wget: note: TLS certificate validation not implemented
wget: TLS error from peer (alert code 80): 80
wget: error getting response: Connection reset by peer

  1. After the rest of the upgrade completes, observe the error messages

Collected errors:

  1. Run wget, or opkg commands that would invoke wget, and observe

wget: error while loading shared libraries: libssl.so.3: cannot open shared object file: No such file or directory

Expected behavior

Any failure to upgrade libopenssl should inhibit the upgrade of wget or other key packages that depend on libopenssl.

Steps to repair

  1. Download https://bin.entware.net/armv7sf-k3.2/libopenssl_3.0.8-9_armv7-3.2.ipk
  2. Download https://bin.entware.net/armv7sf-k3.2/libatomic_8.4.0-11_armv7-3.2.ipk
  3. Unpack both of these packages and copy the included libraries into /opt/lib
  4. Run wget to verify all shared library errors have been resolved.
  5. Verify you have no other key software depending on libopenssl 1.x
  6. Run opkg upgrade libatomic libopenssl to fully update the package database and remove the older versions

Device information

Remarkable 2, running kernel 5.4.70-v1.1.5-rm11x, opkg version d038e5b6d155784575f62a66a8bb7e874173e92e (2022-02-24).
@spillner spillner added bug Something isn't working install Installation scripts labels Aug 26, 2023
@Eeems
Copy link
Member

Eeems commented Aug 26, 2023

Duplicates #674

@Eeems Eeems closed this as completed Aug 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working install Installation scripts
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@spillner @Eeems