You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In case it helps anyone, here's what I did to get things working again while I wait for a proper solution. Note that this is the first time I've ever had to compile my own OpenSSL version or build a Debian package, so this is just what worked for me. I probably should have shared this awhile ago, but I didn't realise how many other people were dealing with this.
Get the latest OpenSSL (LibreSSL probably works too, but I wanted to stick as closely as possible to my previous working environment before 22.04) source code for the 1.x line (seems to be 1.1.1o now, though was 1.1.1n when I did this, so I'll use 1.1.1n in the rest of the text), compile and install to a new prefix:
$ ./config --prefix=/opt/openssl-1.1.1n --openssldir=/opt/openssl-1.1.1n
$ make -j$(nproc)
$ sudo make install
Add OpenSSL shared libraries to the search path by creating a file at /etc/ld.so.conf.d/openssl-1.1.conf, containing:
/opt/openssl-1.1.1n/lib
Then run:
$ sudo ldconfig -v
To keep the same configuration as Ubuntu's existing package, add something like the following to /etc/apt/sources.list (note that mine is for New Zealand, so you will need to adapt the URL):
An issue I ran into here was that dpkg-buildpackage expects all shared libraries to be owned by dependencies. I guess that the most correct solution to this would be to package the custom OpenSSL 1.1 build and make it a runtime dependency, but as this is a one-off, it feels like unnecessary work, so you can bypass the check by adding the following to debian/rules:
In case it helps anyone, here's what I did to get things working again while I wait for a proper solution. Note that this is the first time I've ever had to compile my own OpenSSL version or build a Debian package, so this is just what worked for me. I probably should have shared this awhile ago, but I didn't realise how many other people were dealing with this.
Get the latest OpenSSL (LibreSSL probably works too, but I wanted to stick as closely as possible to my previous working environment before 22.04) source code for the 1.x line (seems to be 1.1.1o now, though was 1.1.1n when I did this, so I'll use 1.1.1n in the rest of the text), compile and install to a new prefix:
Add OpenSSL shared libraries to the search path by creating a file at /etc/ld.so.conf.d/openssl-1.1.conf, containing:
Then run:
To keep the same configuration as Ubuntu's existing package, add something like the following to /etc/apt/sources.list (note that mine is for New Zealand, so you will need to adapt the URL):
Fetch the package source:
Add extra configure script options to the debian/rules file:
I had to install a few extra packages in order to build the package:
An issue I ran into here was that dpkg-buildpackage expects all shared libraries to be owned by dependencies. I guess that the most correct solution to this would be to package the custom OpenSSL 1.1 build and make it a runtime dependency, but as this is a one-off, it feels like unnecessary work, so you can bypass the check by adding the following to debian/rules:
Note that the above indentation must be a tab character!
Finally the package built successfully with the following command:
The .deb file (and others) can be found in the parent directory.
The last thing to do is hold back upgrades for the package:
Once (if?) the issue is resolved properly, you should just be able to unhold the package and upgrade.
Phew. I did all this awhile ago so I'm just getting all this from the notes I wrote for myself at the time. I hope I didn't miss anything important.
Originally posted by @kj in OpenSMTPD/OpenSMTPD#1171 (comment)
The text was updated successfully, but these errors were encountered: