Debian bookworm package depends on nonexistent libcrypto.so
mpounsett opened this issue · 8 comments
The Debian 12 packages at https://download.opensuse.org/repositories/home:/rapier1/Debian_12/amd64/ depend on libcrypto.so.1.1 which doesn't exist in Debian 12. The Bookworm libss3 package contains /usr/lib/x86_64-linux-gnu/libcrypto.so.3 intead.
There's no README in the above directory indicating the whereabouts of other required packages.
I attempted install by manually downloading the following files and using dpkg -i to install them.
- hpnssh-client_9.6p1-hpn18.3.1-1ubuntu1_amd64.deb
- hpnssh-server_9.6p1-hpn18.3.1-1ubuntu1_amd64.deb
- hpnssh-sftp-server_9.6p1-hpn18.3.1-1ubuntu1_amd64.deb
Could you send me the output of what happens when you try to install those? I've tried installing the arm64 packages on a new VM and it worked. I don't have easy access to a x64 box to try that specific package on directly. I'll try to install bookworm on a spare system tomorrow but it's a short day for me and I won't be able to get back to it before next Monday.
rapier@debian-gnu-linux-11:~$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
rapier@debian-gnu-linux-11:~$ sudo dpkg -i hpnssh-client_9.6p1-hpn18.3.1-1ubuntu1_arm64.deb
[sudo] password for rapier:
(Reading database ... 232664 files and directories currently installed.)
Preparing to unpack hpnssh-client_9.6p1-hpn18.3.1-1ubuntu1_arm64.deb ...
Unpacking hpnssh-client (1:9.6p1-hpn18.3.1-1ubuntu1) over (1:9.6p1-hpn18.3.0-1ubuntu3) ...
Setting up hpnssh-client (1:9.6p1-hpn18.3.1-1ubuntu1) ...
Processing triggers for man-db (2.11.2-2) ...
rapier@debian-gnu-linux-11:~/$ hpnssh -V
OpenSSH_9.6p1-hpn18.3.1 Debian-1ubuntu1, OpenSSL 3.0.11 19 Sep 2023
Sure, no problem:
% cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
% uname -a
Linux capture01.sjc.dns-oarc.net 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64 GNU/Linux
% ls
hpnssh-client_9.6p1-hpn18.3.1-1ubuntu1_amd64.deb
hpnssh-server_9.6p1-hpn18.3.1-1ubuntu1_amd64.deb
hpnssh-sftp-server_9.6p1-hpn18.3.1-1ubuntu1_amd64.deb
% sudo dpkg -i hpnssh-*
(Reading database ... 66667 files and directories currently installed.)
Preparing to unpack hpnssh-client_9.6p1-hpn18.3.1-1ubuntu1_amd64.deb ...
Unpacking hpnssh-client (1:9.6p1-hpn18.3.1-1ubuntu1) over (1:9.6p1-hpn18.3.1-1ubuntu1) ...
Preparing to unpack hpnssh-server_9.6p1-hpn18.3.1-1ubuntu1_amd64.deb ...
Unpacking hpnssh-server (1:9.6p1-hpn18.3.1-1ubuntu1) over (1:9.6p1-hpn18.3.1-1ubuntu1) ...
Preparing to unpack hpnssh-sftp-server_9.6p1-hpn18.3.1-1ubuntu1_amd64.deb ...
Unpacking hpnssh-sftp-server (1:9.6p1-hpn18.3.1-1ubuntu1) over (1:9.6p1-hpn18.3.1-1ubuntu1) ...
Setting up hpnssh-client (1:9.6p1-hpn18.3.1-1ubuntu1) ...
Setting up hpnssh-sftp-server (1:9.6p1-hpn18.3.1-1ubuntu1) ...
Setting up hpnssh-server (1:9.6p1-hpn18.3.1-1ubuntu1) ...
Creating SSH2 RSA key; this may take some time ...hpnssh-keygen: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory
dpkg: error processing package hpnssh-server (--install):
installed hpnssh-server package post-installation script subprocess returned error exit status 127
Processing triggers for man-db (2.11.2-2) ...
Errors were encountered while processing:
hpnssh-serverThis is odd. Those packages are built using Suse's factory build process and it should be using the default OpenSSL libraries for Debian. I'll look at the build logs and see if something jumps out at me.
This is really odd - from the build log for Debian 12, x86_64
[ 107s] checking OpenSSL header version... 300000b0 (OpenSSL 3.0.11 19 Sep 2023)
[ 108s] checking for OpenSSL_version... yes
[ 108s] checking for OpenSSL_version_num... yes
[ 108s] checking OpenSSL library version... 300000b0 (OpenSSL 3.0.11 19 Sep 2023)
So it should have been built with OpenSSL 3. I'll need to install Debian on a x86_64 platform to look into this more closely. Sorry about the delay on fixing this problem.
Thanks for looking into it.
I note that the package doesn't actually list that dependency, it's just what hpnssh-keygen is linked to... that might be something incorrectly hardcoded somewhere? I'm just speculating though.. I haven't had time to dig into the package contents.
I tried recreating this today using a clean install of Debian Bookworm on an x86 platform and I wasn't able to recreate it. hpnssh-keygen worked without a problem. ldd showed a link to libcrypto but it was the correct version. Is there any chance you could spin up a clean VM and try it? I'm not going to close this ticket because you are having a problem and I'd like to help you get to the bottom of it.
Argh! This was a dumb error on my part. An install on a clean system worked fine, so I did some more digging...
There were some old hpnssh-* binaries hanging around in /usr/local/bin from a previous hand-compiled install. It looks like the post-install step in the Debian package was finding the hpnssh-keygen there, and that one was linked against an older OpenSSL from before the Bookworm update.
Sorry to generate a bunch of work for you. I really should have checked that first.