Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

.deb inside of oqsprovider-linux-x64.zip 0.5.3 does not work & prevents OpenSSL from loading #339

Closed
catharsis71 opened this issue Jan 19, 2024 · 8 comments · Fixed by #377
Closed

.deb inside of oqsprovider-linux-x64.zip 0.5.3 does not work & prevents OpenSSL from loading #339

catharsis71 opened this issue Jan 19, 2024 · 8 comments · Fixed by #377
Labels
bug Something isn't working

Comments

@catharsis71
Copy link

catharsis71 commented Jan 19, 2024
edited
Loading

Describe the bug

Installing this .deb deleted my existing /usr/lib/x86_64-linux-gnu/ossl-modules/oqsprovider.so (from an older .deb) from all my servers and did not replace it, instead it dumped a bunch of files into a /__w/ directory which appears to be in error:

# find /__w/
/__w/
/__w/oqs-provider
/__w/oqs-provider/oqs-provider
/__w/oqs-provider/oqs-provider/.local
/__w/oqs-provider/oqs-provider/.local/lib
/__w/oqs-provider/oqs-provider/.local/lib/ossl-modules
/__w/oqs-provider/oqs-provider/.local/lib/ossl-modules/oqsprovider.so

This caused all my OpenSSL-linked services (Apache etc) to be unable to start and caused me to be unable to run curl and other programs

also causes OpenSSL commands to fail:

# openssl list -signature-algorithms -provider oqsprovider
list: unable to load provider oqsprovider
Hint: use -provider-path option or OPENSSL_MODULES environment variable.
40D717FE7F7F0000:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:../crypto/dso/dso_dlfcn.c:118:filename(/usr/lib/x86_64-linux-gnu/ossl-modules/oqsprovider.so): /usr/lib/x86_64-linux-gnu/ossl-modules/oqsprovider.so: cannot open shared object file: No such file or directory
40D717FE7F7F0000:error:12800067:DSO support routines:DSO_load:could not load the shared library:../crypto/dso/dso_lib.c:152:
40D717FE7F7F0000:error:078C0105:common libcrypto routines:provider_init:init fail:../crypto/provider_core.c:910:name=oqsprovider
@catharsis71 catharsis71 added the bug Something isn't working label Jan 19, 2024
@catharsis71
Copy link
Author

Downloaded 0.5.3.zip source... rebuilt .deb with make package and it works fine

seems like it's just the uploaded .debs which are corrupt

@baentsch
Copy link
Member

Thanks for the report and your tests: This is definitely a bug. The binaries have been taken from the CI run(s) on the released branch, so we'll need to investigate what went wrong in that process...

@catharsis71
Copy link
Author

Thank you, also, just out of curiosity, are you planning on providing .debs for liboqs as well? Having pre-built debs for provider is of limited benefit when you still have to compile liboqs manually

@baentsch
Copy link
Member

Thank you, also, just out of curiosity, are you planning on providing .debs for liboqs as well? Having pre-built debs for provider is of limited benefit when you still have to compile liboqs manually

The liboqs project doesn't (or at least didn't) want to make binaries available (maybe worthwhile reconsidering, @dstebila ?). Thus, the oqsprovider .deb indeed was meant for folks that have liboqs deployed by other means (e.g., downstream packaging).

But your question correctly points to other setups. Would you think a .deb oqsprovider statically containing liboqs would be a good addition, @catharsis71 ?

@catharsis71
Copy link
Author

A statically-linked .deb would be great. I run this on my home PC and 6 servers. I normally only have compiler/library/build-tool stuff installed on my home PC. I've been compiling / building .debs there and then copying to 5 of the 6 servers. But one server is ARM64 and I couldn't figure out if cross-compiling was possible so I had to install all the build stuff & libraries on that server too.

@dstebila
Copy link
Member

Thank you, also, just out of curiosity, are you planning on providing .debs for liboqs as well? Having pre-built debs for provider is of limited benefit when you still have to compile liboqs manually

The liboqs project doesn't (or at least didn't) want to make binaries available (maybe worthwhile reconsidering, @dstebila ?). Thus, the oqsprovider .deb indeed was meant for folks that have liboqs deployed by other means (e.g., downstream packaging).

For the short-term, would it be more straightforward to have two binaries for oqs-provider: one without liboqs (like now), one with liboqs? If the two binaries are bundled together with oqs-provider, less risk of mismatches.

@baentsch
Copy link
Member

The idea would not be to bundle two binaries but to statically link liboqs into oqsprovider, thus resulting in another single, large shared lib that OpenSSL Van load. Need to try this.

@dstebila
Copy link
Member

The idea would not be to bundle two binaries but to statically link liboqs into oqsprovider, thus resulting in another single, large shared lib that OpenSSL Van load. Need to try this.

That makes sense too.

@ghost ghost self-assigned this Mar 19, 2024
@ghost ghost mentioned this issue Mar 19, 2024
Merged
@ghost ghost closed this as completed in #377 Mar 19, 2024
ghost pushed a commit that referenced this issue Mar 19, 2024
Fix #338 and #339: output a valid aarch64 debian package with a valid…
37769c9 
… directory layout. (#377)

This commit aims to fix #338 and #339.

It fixes #338 by setting [`CPACK_DEBIAN_PACKAGE_ARCHITECTURE`] to the architecture
used by CMake. To do so, we inspect the value of [`CMAKE_SYSTEM_PROCESSOR`], which
tells us the target architecture.

A test has been added to ensure that the target architecture of the output .deb
is `arm64`.


This commit also fixes #339 by creating a configuration called `DebPack` which
sets the right file paths for `cpack`.

When `cpack` is invoked with `-C DebPack`, `lib/ossl-modules`, `lib` and `include/oqs-provider`
are being used as destination directories.

[`CPACK_DEBIAN_PACKAGE_ARCHITECTURE`]: https://cmake.org/cmake/help/latest/cpack_gen/deb.html#variable:CPACK_DEBIAN_PACKAGE_ARCHITECTURE
[`CMAKE_SYSTEM_PROCESSOR`]: https://cmake.org/cmake/help/latest/variable/CMAKE_SYSTEM_PROCESSOR.html#variable:CMAKE_SYSTEM_PROCESSOR

Signed-off-by: thb-sb <[email protected]>
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix #338 and #339: output a valid aarch64 debian package with a valid directory layout.
3 participants
@dstebila @baentsch @catharsis71