[SOLVED] Gnu TLS 3.8.9 breaks virt-manager on start

fredbezies · 2025-02-08 20:01:47

Hello.

I wasn't able to report the bug on the bug tracker so I report it here. After I upgraded gnutls to its version 3.8.9, Virt-Manager crashes on start with this error log:

Traceback (most recent call last):
  File "/usr/lib/python3.13/site-packages/libvirt.py", line 16, in <module>
    import cygvirtmod as libvirtmod  # type: ignore
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ModuleNotFoundError: No module named 'cygvirtmod'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/virt-manager", line 6, in <module>
    from virtManager import virtmanager
  File "/usr/share/virt-manager/virtManager/virtmanager.py", line 19, in <module>
    from virtinst import BuildConfig
  File "/usr/share/virt-manager/virtinst/__init__.py", line 43, in <module>
    _set_libvirt_error_handler()
    ~~~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/share/virt-manager/virtinst/__init__.py", line 33, in _set_libvirt_error_handler
    import libvirt
  File "/usr/lib/python3.13/site-packages/libvirt.py", line 19, in <module>
    raise lib_e
  File "/usr/lib/python3.13/site-packages/libvirt.py", line 13, in <module>
    import libvirtmod  # type: ignore
    ^^^^^^^^^^^^^^^^^
ImportError: libleancrypto.so.1: l'objet partagé ne peut pas être ouvert via dlopen()

The last line can be translated by: ImportError: libleancrypto.so.1: shared object cannot be opened via dlopen()

Current fix? Downgrading gnutls to 3.8.8.

Last edited by fredbezies (2025-02-09 13:31:04)

loqs · 2025-02-08 22:38:49

pacman -Qikk leancrypto gnutls
pacman -Qo /usr/lib/libleancrypto.so.1

fredbezies · 2025-02-08 22:46:32

loqs wrote:

pacman -Qikk leancrypto gnutls
pacman -Qo /usr/lib/libleancrypto.so.1

First line:

pacman -Qikk leancrypto gnutls
Name            : leancrypto
Version         : 1.2.0-1
Description     : Lean cryptographic library usable for bare-metal environments
Architecture    : x86_64
URL             : https://leancrypto.org
Licenses        : GPL-2.0-or-later  LicenseRef-BSDvariant
                  LicenseRef-leancrypto
Groups          : None
Provides        : None
Depends On      : glibc
Optional Deps   : None
Required By     : gnutls
Optional For    : None
Conflicts With  : None
Replaces        : None
Installed Size  : 2,40 MiB
Packager        : Andreas Radke <andyrtr@archlinux.org>
Build Date      : sam. 08 f
Install Date    : sam. 08 f
Install Reason  : Installed as a dependency for another package
Install Script  : No
Validated By    : Signature

leancrypto: 95 total files, 0 altered files
Name            : gnutls
Version         : 3.8.9-1
Description     : A library which provides a secure layer over a reliable
                  transport layer
Architecture    : x86_64
URL             : https://www.gnutls.org/
Licenses        : GPL-3.0-or-later AND LGPL-2.1-or-later
Groups          : None
Provides        : None
Depends On      : glibc  gcc-libs  gmp  libtasn1  zlib  nettle  leancrypto
                  libp11-kit  libidn2  zstd  libidn2.so=0-64  libunistring
                  brotli
Optional Deps   : tpm2-tss: support for TPM2 wrapped keys [installed]
Required By     : aria2  cups  ffmpeg  fwupd  gcr-4  glib-networking
                  gnome-control-center  gnupg  gtk-vnc  libcamera  libcups
                  libcurl-gnutls  libjcat  libmicrohttpd  libnbd  libnfs
                  libngtcp2  libnice  libvirt  libvncserver  libzip  pan
                  passim  pkcs11-helper  qemu-img  qemu-system-x86  qpdf
                  rtmpdump  samba  smbclient  swtpm  tigervnc  vte3  vte4  wget
                  xmlsec  zeromq
Optional For    : systemd
Conflicts With  : None
Replaces        : None
Installed Size  : 8,00 MiB
Packager        : Andreas Radke <andyrtr@archlinux.org>
Build Date      : sam. 08 f
Install Date    : sam. 08 f
Install Reason  : Installed as a dependency for another package
Install Script  : No
Validated By    : Signature

gnutls: 1342 total files, 0 altered files

Line 2:

pacman -Qo /usr/lib/libleancrypto.so.1
/usr/lib/libleancrypto.so.1 is owned by leancrypto 1.2.0-1

loqs · 2025-02-08 22:58:36

From the top of /usr/lib/python3.13/site-packages/libvirt.py

try:
    import libvirtmod  # type: ignore
except ImportError as lib_e:
    try:
        import cygvirtmod as libvirtmod  # type: ignore
    except ImportError as cyg_e:
        if "No module named" in str(cyg_e):
            raise lib_e

What if you manually in python:

import libvirtmod

The libvirtmod python module is provided by libvirt-python so the import should not fail and the except block never performed.

dom1nic · 2025-02-08 23:45:47

Python 3.13.2 (main, Feb  5 2025, 08:05:21) [GCC 14.2.1 20250128] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import libvirtmod
Traceback (most recent call last):
  File "<python-input-0>", line 1, in <module>
    import libvirtmod
ImportError: libleancrypto.so.1: shared object cannot be dlopen()ed
>>>
KeyboardInterrupt
>>>

Scimmia · 2025-02-08 23:58:34

I wonder if this is an execstack issue. Can you try

patchelf --clear-execstack /usr/lib/libleancrypto.so.1

and see if it works? If not, just reinstall the leancrypto package to undo the potential changes

loqs · 2025-02-09 00:01:25

b884307 add additional hardening compiler flags stipulated by openssf.org includes `-Wl,-z,nodlopen` which blocks the library being loaded by dlopen.

Scimmia · 2025-02-09 00:05:58

Oh nice, I wonder if anyone's let gnutls know

AndyRTR · 2025-02-09 07:38:14

https://gitlab.com/gnutls/gnutls/-/issues

metak · 2025-02-09 08:17:06

kf.coreaddons: "Could not load plugin from /usr/lib/qt6/plugins/kf6/thumbcreator/ffmpegthumbs.so: Cannot load library /usr/lib/qt6/plugins/kf6/thumbcreator/ffmpegthumbs.so: libleancrypto.so.1: shared object cannot be dlopen()ed"
kf.coreaddons: "Could not load plugin from /usr/lib/qt6/plugins/kf6/thumbcreator/ffmpegthumbs.so: Cannot load library /usr/lib/qt6/plugins/kf6/thumbcreator/ffmpegthumbs.so: libleancrypto.so.1: shared object cannot be dlopen()ed"

Same issue with dolphin/ffmpegthumbs after this update and my workaround was to rebuild leancrypto without `nodlopen` in meson.build.

fredbezies · 2025-02-09 13:30:47

Leancrypto 1.2.0-2 works for me. Thanks for the fix!

Arch Linux

#1 2025-02-08 20:01:47

[SOLVED] Gnu TLS 3.8.9 breaks virt-manager on start

#2 2025-02-08 22:38:49

Re: [SOLVED] Gnu TLS 3.8.9 breaks virt-manager on start

#3 2025-02-08 22:46:32

Re: [SOLVED] Gnu TLS 3.8.9 breaks virt-manager on start

#4 2025-02-08 22:58:36

Re: [SOLVED] Gnu TLS 3.8.9 breaks virt-manager on start

#5 2025-02-08 23:45:47

Re: [SOLVED] Gnu TLS 3.8.9 breaks virt-manager on start

#6 2025-02-08 23:58:34

Re: [SOLVED] Gnu TLS 3.8.9 breaks virt-manager on start

#7 2025-02-09 00:01:25

Re: [SOLVED] Gnu TLS 3.8.9 breaks virt-manager on start

#8 2025-02-09 00:05:58

Re: [SOLVED] Gnu TLS 3.8.9 breaks virt-manager on start

#9 2025-02-09 07:38:14

Re: [SOLVED] Gnu TLS 3.8.9 breaks virt-manager on start

#10 2025-02-09 08:17:06

Re: [SOLVED] Gnu TLS 3.8.9 breaks virt-manager on start

#11 2025-02-09 13:30:47

Re: [SOLVED] Gnu TLS 3.8.9 breaks virt-manager on start

Board footer