[SOLVED] pacman and curl - package upgrade catch 22

rokor · 2018-10-03 10:58:14

Dear Arch Linuxers,

I caused a sort of Catch 22 on my server system, and I am now wondering how to leave the trap in a most consistent way. For other reasons, I had a "IgnorePkg=openssl" in my pacman.conf, and today when upgrading, I received the latest curl, which refuses to work with the older OpenSSL. Currently installed PKG are:

openssl-1.1.0.i-1-x86_64.pkg.tar.xz
pacman-5.1.1-1-x86_64.pkg.tar.xz
curl-7.61.1-3-x86_64.pkg.tar.xz

pacman-contrib-1.1.0-1-x86_64.pkg.tar.xz
pacman-mirrorlist-20180912-1-any.pkg.tar.xz

The current situation is:

[rokor@server ~]$ curl https://archlinux.org
curl: /usr/lib/libssl.so.1.1: version `OPENSSL_1_1_1' not found (required by /usr/lib/libcurl.so.4)
[rokor@server ~]$ pacman -Qi pacman
pacman: /usr/lib/libssl.so.1.1: version `OPENSSL_1_1_1' not found (required by /usr/lib/libcurl.so.4)
[rokor@server ~]$

I tried to remove anything in pacman.conf, which should help to avoid curl in pacman, but the error stays there:

XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
SigLevel    = Never
LocalFileSigLevel = Never

Did I miss something in trying to avoid curl. Seems so, but what?

I tried to convince curl to use the a.m. openssl, but no success yet. The newer openssl-1.1.1-1-x86_64.pkg.tar.xz would be in the server's cache, but I did not try a stunt like bypassing pacman using tar.

What is the best way to leave this trap? Thank you in advance.

rokor

Last edited by rokor (2018-10-03 13:51:09)

V1del · 2018-10-03 11:26:59

If the newer openssl package is in the cache, extract it to some temporary location and change LD_LIBRARY_PATH on pacman invocation so that it loads the corresponding libraries from there.

Last edited by V1del (2018-10-03 11:29:50)

eschwartz · 2018-10-03 13:16:27

XferCommand won't help as pacman itself uses libcurl inside, completely independent of XferCommand. This is because the default downloader is an internal one based on libcurl. You can opt out of using it, but you cannot opt out of loading it.

You *need* to bypass pacman for this, and more generally, you need to not IgnorePkg things unless you've got a very good reason.
But, one thing that can help you in the specific case where pacman is broken, is to install pacman-static from the AUR. This will give you an emergency fallback method of using pacman to restore your system. Note, that this does not help if you break e.g. your bash login shell...

rokor · 2018-10-03 13:49:34

Thanks a lot @Eschwartz and @V1del for the prompt reply.

I chose the approach using tar and LD_LIBRARY_PATH to downgrade curl (using also the information from here, and learned about ldd), having now curl and openssl in the IgnorePkg.

But don't panic, lesson learned: I use this flag quite a while for explicitly installed packages, and this works fine. But it is a stupid idea for implicitly installed packages, and especially openssl, which is buried so deep in the system. Got it, I will repair this asap.

Thanks again.

rokor

PS The reason for the downgrade of openssl was ejabberd, which had troubles with the new openssl and old clients.
PPS I will also have a look at pacman-static.

Last edited by rokor (2018-10-03 13:49:56)

Trilby · 2018-10-03 13:58:34

rokor wrote:

I use this flag quite a while for explicitly installed packages, and this works fine. But it is a stupid idea for implicitly installed packages...

What does this mean? Why would you attempt to explicitly install a package that you had already explicitly set to Ignore? Or do you mean you ignore updates to an explicitly installed package one it is installed? This is still just as dangerous. It really doesn't matter if a package is explicit or implicitly installed - if any other package depends on it, you cannot ignore the package. If it is truly a 'leaf' package with nothing depending on it, then ignoring updates is still a partial upgrade and not supported, but the worst that could happen is the package you are ignoring updates on would fail.

But this really seems like a burried X-Y problem. Why are you ignoring packages at all?

Last edited by Trilby (2018-10-03 13:59:50)

rokor · 2018-10-03 17:23:42

@ Trilby In this case, the thing is related to ejabberd, just look at the bugs #59795 and #60154 mentioned with it: So I kept ejabberd at 18.06-2. 18.06-3 is crashing, 18.09-1 not tested yet, but comments there are not very promising. Furthermore, when openssl-1.1.1 came in, some - partially older - clients could not connect to the server any more. A downgrade to openssl-1.1.0 did the trick, but fooled me with the topic discussed here. That is, what I learned today: Do this IgnorePkg stuff only with 'leaf' packages, as you called it (better described than explicit/implicit, however, that is what I meant).

You are right in that a clean system is preferable, however, it is not a value by itself to me. The server and ejabberd have to work. And to be clear: I do not blame anybody for the bugs mentioned above. sergej and all the others like you do excellent work, that is why I like Arch Linux. But accidents happen...

rokor

Trilby · 2018-10-03 22:50:53

An openssl 1.0 is in the repos just for the purposes you note:

https://www.archlinux.org/packages/core … enssl-1.0/

ooXei1sh · 2018-10-16 01:41:37

I had almost the exact issue described here after foolishly downgrading OpenSSL 1.1.1 to 1.1.0.

Here's how I fixed it:

First I booted from usb stick with a recent arch iso: https://www.archlinux.org/download/

lsblk -f

mount /dev/<root partition> /mnt
mount /dev/<boot partition> /mnt/boot
mount /dev/<home partition> /mnt/home

I dunno if I needed to mount all those but I did. Then I just ran this:

pacman -U /mnt/var/cache/pacman/pkg/openssl-1.1.1-1-x86_64.pkg.tar.xz --root /mnt

Last edited by ooXei1sh (2018-10-16 04:09:52)

Arch Linux

#1 2018-10-03 10:58:14

[SOLVED] pacman and curl - package upgrade catch 22

#2 2018-10-03 11:26:59

Re: [SOLVED] pacman and curl - package upgrade catch 22

#3 2018-10-03 13:16:27

Re: [SOLVED] pacman and curl - package upgrade catch 22

#4 2018-10-03 13:49:34

Re: [SOLVED] pacman and curl - package upgrade catch 22

#5 2018-10-03 13:58:34

Re: [SOLVED] pacman and curl - package upgrade catch 22

#6 2018-10-03 17:23:42

Re: [SOLVED] pacman and curl - package upgrade catch 22

#7 2018-10-03 22:50:53

Re: [SOLVED] pacman and curl - package upgrade catch 22

#8 2018-10-16 01:41:37

Re: [SOLVED] pacman and curl - package upgrade catch 22

Board footer