Conversation

Notices

1. Embed this notice
   Nick Briggs (nhbriggs@mastodon.social)'s status on Wednesday, 02-Apr-2025 12:31:40 JST Nick Briggs

   • Alan Coopersmith

   @alanc Might I ask a favor? Is there a way to recover from having installed openssl-3 on a personal Solaris 11.4 system which seems to have broken everything relying on openssl 1.0.x -- including "sudo" and the "pkg" system? I haven't been able to find any discussion in the regular places.

   • Embed this notice
     Alan Coopersmith (alanc@fosstodon.org)'s status on Wednesday, 02-Apr-2025 12:31:36 JST Alan Coopersmith

     in reply to

     @nhbriggs oh yeah, the OpenSSL 1.0.2 removal changeset requires changes to the core OS packages to stop depending on that version- it wasn’t intended to be installed without them. We’re working on the paperwork now to get an update to the CBE out later this year to cover things like that.

     feld likes this.
   • Embed this notice
     Nick Briggs (nhbriggs@mastodon.social)'s status on Wednesday, 02-Apr-2025 12:31:38 JST Nick Briggs

     in reply to

     • Alan Coopersmith

     @alanc Good idea. There were a lot of things I couldn't do even with root, because some system python modules still depend on libcrypto 1.0.0 (ref: no recent updates to CBE) -- I think these are things I can't update because they're not part of userland. I tracked down what burned me - the openssl-3 package got updated, 16e0fabcd61e, "PSARC/2024/024 EOF OpenSSL 1.0.2, 35041813 EOF of openssl-1.0.2 library: Removal" and it replaced openssl@1.0.2 with openssl@3.0.16 removing libcrypto.1.0.0

   • Embed this notice
     Nick Briggs (nhbriggs@mastodon.social)'s status on Wednesday, 02-Apr-2025 12:31:39 JST Nick Briggs

     in reply to

     • Alan Coopersmith

     @alanc Success. Since I still had an unprivileged session active (and nobody else did), got someone with role=root to share their password. Normally I can sudo for admin, but couldn't when libcrypto.so.1.0.0 was not locatable. I recompiled a 1.0.2t openssl, and with su thatuser and su root put libcrypto.so.1.0.0 into the expected place. Everything is back to normal. Now to figure how I screwed it up.

   • Embed this notice
     Alan Coopersmith (alanc@fosstodon.org)'s status on Wednesday, 02-Apr-2025 12:31:39 JST Alan Coopersmith

     in reply to

     @nhbriggs oh, once you had root access, you shouldn't need to recompile, just mount the previous BE and copy the file from there. At this point you probably want to run at least "pkg verify" to see what else was changed, and possibly "pkg fix" to fix it.

   • Embed this notice
     Alan Coopersmith (alanc@fosstodon.org)'s status on Wednesday, 02-Apr-2025 12:31:40 JST Alan Coopersmith

     in reply to

     @nhbriggs installing OpenSSL 3 alongside OpenSSL 1 shouldn't have broken anything - that's the default state of Solaris 11.4.42 through 11.4.80 while we worked through converting all the software that used OpenSSL 1 to use 3 instead. But drop-in replacement can't work as they're not compatible (hence the change of major version number) - if you've done something like that, booting from a previous BE is probably your best choice, since the pkg system depends on OpenSSL.

   • Embed this notice
     Nick Briggs (nhbriggs@mastodon.social)'s status on Wednesday, 02-Apr-2025 12:31:40 JST Nick Briggs

     in reply to

     • Alan Coopersmith

     @alanc Thanks. I think the previous BE will be the only option. I didn't intend to do a drop-in replacement. I think instead of setting mediators (apparently incorrectly, such that it immediately switched to 3) I should have removed the links that the Userland openssl3 was trying to make for /usr/lib/libcrypto.so that conflicted with the openssl-1.x. Yeah, I've borked the pkg system. Wish Oracle would release Userland compiled packages to those of us with personal machines.