GithubHelp home page GithubHelp logo

Upgrade to Openssl 3.0 or higher about emqx HOT 7 CLOSED

TxMat avatar TxMat commented on June 20, 2024
Upgrade to Openssl 3.0 or higher

from emqx.

Comments (7)

zmstone avatar zmstone commented on June 20, 2024 3

EMQX's el8 package is built on rocky linux 8.
The default OpenSSL version for rocky linux is derived from the default (latest) openssl and openssl-devel packages.
https://github.com/emqx/emqx-builder/blob/68b4a1107b4ae4c75e8c1851cc9d009e70ba0521/el8/Dockerfile#L15-L16
The build log shows:

#9 19.76  openssl-libs             x86_64   1:1.1.1k-12.el8_9             baseos   1.5 M
#9 19.76  platform-python          x86_64   3.6.8-56.el8_9.3.rocky.0      baseos    86 k

And confirmed:

> docker run --hostname el8  --rm -it ghcr.io/emqx/emqx-builder/5.3-6:1.15.7-26.2.1-2-el8 bash
[root@el8 /]# ldd ./usr/local/lib/erlang/lib/crypto-5.4/priv/lib/crypto.so
        linux-vdso.so.1 (0x00007ffe997de000)
        libcrypto.so.1.1 => /usr/lib64/libcrypto.so.1.1 (0x00007fe4e9aca000)
        libc.so.6 => /usr/lib64/libc.so.6 (0x00007fe4e9705000)
        libz.so.1 => /usr/lib64/libz.so.1 (0x00007fe4e94ed000)
        libdl.so.2 => /usr/lib64/libdl.so.2 (0x00007fe4e92e9000)
        libpthread.so.0 => /usr/lib64/libpthread.so.0 (0x00007fe4e90c9000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fe4ea1d7000)

For Fedora 40, I am not sure how exactly it maps to RHEL compatibility-wise, but if you are looking for a distribution which comes with OpenSSL 3.0 by default, you should be using el9 instead.

> docker run --hostname el9  --rm -it ghcr.io/emqx/emqx-builder/5.3-6:1.15.7-26.2.1-2-el9 bash
[root@el9 /]# ldd ./usr/local/lib/erlang/lib/crypto-5.4/priv/lib/crypto.so
        linux-vdso.so.1 (0x00007ffd0ca84000)
        libcrypto.so.3 => /usr/lib64/libcrypto.so.3 (0x00007f00b958d000)
        libc.so.6 => /usr/lib64/libc.so.6 (0x00007f00b9384000)
        libz.so.1 => /usr/lib64/libz.so.1 (0x00007f00b9368000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f00b99e7000)

from emqx.

zmstone avatar zmstone commented on June 20, 2024 1

@TxMat Thank you for letting us know. It's being added.

from emqx.

ieQu1 avatar ieQu1 commented on June 20, 2024

According to the build scripts, openssl11 is only supposed to be a dependency for the RHEL 7 RPM. What version of EMQX are you trying to install, and what is the exact name/URL for the RPM?

from emqx.

ieQu1 avatar ieQu1 commented on June 20, 2024

I've checked the 5.6 packages and indeed only emqx-5.6.1-el7-amd64.rpm has openssl11 as a dependency:

$ rpm -qR tmp/emqx-5.6.1-el7-amd64.rpm 
openssl11
libatomic
...

The rest of packages (e.g. amzn2023) don't have it:

rpm -qR tmp/emqx-5.6.1-amzn2023-amd64.rpm 
/bin/sh
/bin/sh
/bin/sh
/bin/sh
findutils
libatomic
ncurses
procps
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(PayloadIsZstd) <= 5.4.18-1
shadow-utils
util-linux
which

You downloaded a wrong package.

from emqx.

TxMat avatar TxMat commented on June 20, 2024

I used the download procedure from https://www.emqx.io/downloads?os=CentOS

image

as you can see emqx refuses to start saying it need libcrypto.so.1.1 wich seem to point towards OpenSSL 1.1.

image

Openssl and Openssl-Devel are installed on the host machine

image

emqx-5.6.1-el8-amd64.rpm indeed does not need openssl11 as a dependecy but still need to start

image

from emqx.

ieQu1 avatar ieQu1 commented on June 20, 2024

Thanks for the answer.
@id Do you have a quick answer for this?

from emqx.

TxMat avatar TxMat commented on June 20, 2024

@zmstone Beware that the emqx website does not let you choose el9
image

i had to search in the raw download page under https://www.emqx.com/en/downloads/broker/v5.6.1 to find the correct package

image

from emqx.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.