[Pkg-openssl-devel] [Pkg-salt-team] Bug#844503: Acknowledgement (salt-call fails with libcrypto.so.1.1: undefined symbol: OPENSSL_no_config)

Emilio Pozuelo Monfort pochu at debian.org
Wed Nov 23 19:56:43 UTC 2016


Control: tags -1 fixed-upstream

On 23/11/16 18:09, Emilio Pozuelo Monfort wrote:
> On Fri, 18 Nov 2016 15:22:07 +0100 Benjamin Drung
> <benjamin.drung at profitbricks.com> wrote:
>> tags 844503 upstream
>> forwarded 844503 https://github.com/saltstack/salt/pull/37772
>> thanks
>>
>> Am Donnerstag, den 17.11.2016, 21:50 +0100 schrieb Sebastian Andrzej
>> Siewior:
>>> control: tags -1 patch
>>>
>>> On 2016-11-16 12:14:43 [+0100], Filip Pytloun wrote:
>>>> To reproduce the issue simply install salt-master and run salt-
>>>> call:
>>>>
>>>> Â Â Â Â apt-get install salt-master
>>>> Â Â Â Â salt-call
>>>>
>>>> Following exception will occur:
>>>>
>>>> Traceback (most recent call last):
>>>> Â  File "/usr/bin/salt-call", line 11, in <module>
>>>> Â Â Â Â salt_call()
>>>
>>> …
>>>> Â  File "/usr/lib/python2.7/dist-packages/salt/utils/rsax931.py",
>>>> line 63, in _init_libcrypto
>>>> Â Â Â Â libcrypto.OPENSSL_no_config()
>>>> Â  File "/usr/lib/python2.7/ctypes/__init__.py", line 375, in
>>>> __getattr__
>>>> Â Â Â Â func = self.__getitem__(name)
>>>> Â  File "/usr/lib/python2.7/ctypes/__init__.py", line 380, in
>>>> __getitem__
>>>> Â Â Â Â func = self._FuncPtr((name_or_ordinal, self))
>>>> AttributeError: /lib/x86_64-linux-gnu/libcrypto.so.1.1: undefined
>>>> symbol: OPENSSL_no_config
>>>
>>> the problem is that salt/rsax931.py loads the library manually and
>>> expects certain symbols which are no longer available in OpenSSL
>>> 1.1.0.
>>> And it loads the first libcrypto it finds plus has no dependency on
>>> openssl.
>>
>> Instead of forcing salt to use OpenSSL 1.0, let's try to make it work
>> with OpenSSL 1.1. Adjusting the initialization to work with OpenSSL 1.1
>> was quite easy. I forwarded the patch upstream to
>> https://github.com/saltstack/salt/pull/37772 to get it reviewed and
>> accepted.
> 
> Nice.
> 
> Do you want to wait for upstream before uploading this? It is going to block
> openssl 1.1 from entering testing due to the Breaks that it got, which in turn
> is blocking quite a bunch of stuff. So it'd be good to get this fixed soon.

Just realised this is merged upstream.

So, can you upload it asap? :)

Thanks,
Emilio



More information about the Pkg-openssl-devel mailing list