| View previous topic :: View next topic |
| Author |
Message |
lostinspace2011
Apprentice
Joined: 09 Sep 2005
Posts: 230
|
 Posted: Thu Oct 12, 2023 1:43 pm Post subject: Upgrade OpenSSL v.3 |
 |
|
For a couple of days I have been getting the following advise:
| Code: | - dev-libs/openssl-1.1.1u::gentoo (masked by: package.mask)
/usr/portage/profiles/package.mask:
# Sam James <sam@gentoo.org> (2023-09-09)
# OpenSSL 1.1.x is EOL on 2023-09-11. Please upgrade immediately to >= OpenSSL 3.
# https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/
# https://www.openssl.org/blog/blog/2023/06/15/1.1.1-EOL-Reminder/
# Please run a full world upgrade, especially checking /etc/portage and your world file
# for old PHP or Ruby references.
|
However when trying to upgrade openssl using "emerge -uav openssl" a long list of dependencies prevent the upgrade.
| Code: | dev-libs/openssl:0
(dev-libs/openssl-3.0.11:0/3::gentoo, ebuild scheduled for merge) USE="asm -fips -ktls -rfc3779 -sctp -static-libs -test -tls-compression -vanilla -verify-sig -weak-ssl-ciphers" ABI_X86="(64) -32 (-x32)" CPU_FLAGS_X86="(sse2)" conflicts with
>=dev-libs/openssl-1.0.1h-r2:0/1.1=[abi_x86_64(-)] required by (dev-libs/libevent-2.1.12-r1:0/2.1-7::gentoo, installed) USE="clock-gettime ssl -debug -malloc-replacement -static-libs -test -verbose-debug -verify-sig" ABI_X86="(64) -32 (-x32)"
^^^^^^^
dev-libs/openssl:0/1.1=[-bindist(-)] required by (net-dns/bind-9.16.42:0/0::gentoo, installed) USE="berkdb caps dlz geoip postgres zlib -dnsrps -dnstap -doc -fixed-rrset -geoip2 -gssapi -json -ldap -lmdb -mysql -odbc -python (-selinux) -static-libs -test -xml" ABI_X86="(64)" PYTHON_TARGETS="python3_11 -python3_10"
^^^^^^^
dev-libs/openssl:0/1.1=[abi_x86_64(-)] required by (dev-db/mysql-connector-c-8.0.32-r1:0/21::gentoo, installed) USE="userland_GNU -ldap -static-libs" ABI_X86="(64) -32 (-x32)"
^^^^^^^
>=dev-libs/openssl-1.1.1:0/1.1= required by (mail-mta/postfix-3.8.1:0/0::gentoo, installed) USE="berkdb eai pam postgres sasl ssl -cdb -dovecot-sasl -ldap -ldap-bind -lmdb -mbox -memcached -mysql -nis (-selinux) -sqlite" ABI_X86="(64)"
^^^^^^^
dev-libs/openssl:0/1.1=[-bindist(-)] required by (net-analyzer/zabbix-6.4.6:0/6.4::gentoo, installed) USE="agent agent2 curl frontend ipv6 java openssl postgres server ssh -gnutls -ldap -libxml2 -mysql -odbc -openipmi -oracle -proxy (-selinux) -snmp -sqlite -static" ABI_X86="(64)"
^^^^^^^
>=dev-libs/openssl-0.9.6m:0/1.1= required by (net-analyzer/tcpdump-4.99.4-r1:0/0::gentoo, installed) USE="drop-root samba smi ssl -suid -test -verify-sig" ABI_X86="(64)"\
...
|
I tried looking for any existing posts on this subject, but didn't find anything useful yet. Any pointers on how I can upgrade openssl to version 3.0.X...
[Moderator edit: changed [quote] tags to [code] tags to preserve output layout. -Hu] |
|
| Back to top |
|
 |
fedeliallalinea
Administrator
Joined: 08 Mar 2003
Posts: 30996
Location: here
|
| Posted: Thu Oct 12, 2023 1:45 pm Post subject: |
|
|
Can you post full output?
_________________
Questions are guaranteed in life; Answers aren't. |
|
| Back to top |
|
|
grknight
Retired Dev
Joined: 20 Feb 2015
Posts: 1713
|
| Posted: Thu Oct 12, 2023 2:03 pm Post subject: Re: Upgrade OpenSSL v.3 |
|
|
| lostinspace2011 wrote: | However when trying to upgrade openssl using "emerge -uav openssl" a long list of dependencies prevent the upgrade.
I tried looking for any existing posts on this subject, but didn't find anything useful yet. Any pointers on how I can upgrade openssl to version 3.0.X... |
Do not do this individual to openssl. Instead, it is meant to be part of an entire world update. |
|
| Back to top |
|
|
lostinspace2011
Apprentice
Joined: 09 Sep 2005
Posts: 230
|
| Posted: Thu Oct 12, 2023 2:50 pm Post subject: |
|
|
Thanks for the great suggestions. When I try and update the world I don't get any updates
| Code: | emerge --ask --changed-use --deep @world
* IMPORTANT: 54 news items need reading for repository 'gentoo'.
* Use eselect news read to view new items.
These are the packages that would be merged, in order:
Calculating dependencies... done!
Dependency resolution took 19.51 s.
!!! The following updates are masked by LICENSE changes:
- net-analyzer/fping-5.1::gentoo (masked by: fping license(s))
A copy of the 'fping' license is located at '/usr/portage/licenses/fping'.
- app-arch/unrar-6.2.10::gentoo (masked by: unRAR license(s))
A copy of the 'unRAR' license is located at '/usr/portage/licenses/unRAR'.
- app-arch/lha-114i_p20201004::gentoo (masked by: lha license(s))
A copy of the 'lha' license is located at '/usr/portage/licenses/lha'.
For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.
!!! The following installed packages are masked:
- app-arch/lha-114i-r7::gentoo (masked by: lha license(s))
A copy of the 'lha' license is located at '/usr/portage/licenses/lha'.
- app-arch/unrar-5.7.4::gentoo (masked by: unRAR license(s))
A copy of the 'unRAR' license is located at '/usr/portage/licenses/unRAR'.
- dev-libs/openssl-1.1.1u::gentoo (masked by: package.mask)
/usr/portage/profiles/package.mask:
# Sam James <sam@gentoo.org> (2023-09-09)
# OpenSSL 1.1.x is EOL on 2023-09-11. Please upgrade immediately to >= OpenSSL 3.
# https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/
# https://www.openssl.org/blog/blog/2023/06/15/1.1.1-EOL-Reminder/
# Please run a full world upgrade, especially checking /etc/portage and your world file
# for old PHP or Ruby references.
For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.
Nothing to merge; quitting.
|
[Moderator edit: changed [quote] tags to [code] tags to preserve output layout. -Hu] |
|
| Back to top |
|
|
grknight
Retired Dev
Joined: 20 Feb 2015
Posts: 1713
|
| Posted: Thu Oct 12, 2023 3:28 pm Post subject: |
|
|
| lostinspace2011 wrote: | Thanks for the great suggestions. When I try and update the world I don't get any updates
| Code: | emerge --ask --changed-use --deep @world
!!! The following updates are masked by LICENSE changes:
- net-analyzer/fping-5.1::gentoo (masked by: fping license(s))
A copy of the 'fping' license is located at '/usr/portage/licenses/fping'.
- app-arch/unrar-6.2.10::gentoo (masked by: unRAR license(s))
A copy of the 'unRAR' license is located at '/usr/portage/licenses/unRAR'.
- app-arch/lha-114i_p20201004::gentoo (masked by: lha license(s))
A copy of the 'lha' license is located at '/usr/portage/licenses/lha'. |
|
It is a good idea to either remove these packages or accept their license in package.license.
| lostinspace2011 wrote: | | Code: | | Nothing to merge; quitting. |
|
Is there anything in /etc/portage regarding openssl? Show output of: grep -ri dev-libs/openssl /etc/portage |
|
| Back to top |
|
|
sam_
Developer
Joined: 14 Aug 2020
Posts: 1707
|
| Posted: Thu Oct 12, 2023 3:30 pm Post subject: |
|
|
| You didn't use --update? |
|
| Back to top |
|
|
lostinspace2011
Apprentice
Joined: 09 Sep 2005
Posts: 230
|
| Posted: Fri Oct 13, 2023 12:00 am Post subject: |
|
|
I added --updated and it installed 2 new packages, but not openssl
| Code: | emerge --update --newuse --deep @world
* IMPORTANT: 54 news items need reading for repository 'gentoo'.
* Use eselect news read to view new items.
Calculating dependencies... done!
Dependency resolution took 32.31 s.
!!! The following updates are masked by LICENSE changes:
- app-arch/unrar-6.2.10::gentoo (masked by: unRAR license(s))
A copy of the 'unRAR' license is located at '/usr/portage/licenses/unRAR'.
- app-arch/lha-114i_p20201004::gentoo (masked by: lha license(s))
A copy of the 'lha' license is located at '/usr/portage/licenses/lha'.
- net-analyzer/fping-5.1::gentoo (masked by: fping license(s))
A copy of the 'fping' license is located at '/usr/portage/licenses/fping'.
For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.
!!! The following installed packages are masked:
- dev-libs/openssl-1.1.1u::gentoo (masked by: package.mask)
/usr/portage/profiles/package.mask:
# Sam James <sam@gentoo.org> (2023-09-09)
# OpenSSL 1.1.x is EOL on 2023-09-11. Please upgrade immediately to >= OpenSSL 3.
# https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/
# https://www.openssl.org/blog/blog/2023/06/15/1.1.1-EOL-Reminder/
# Please run a full world upgrade, especially checking /etc/portage and your world file
# for old PHP or Ruby references.
- app-arch/lha-114i-r7::gentoo (masked by: lha license(s))
A copy of the 'lha' license is located at '/usr/portage/licenses/lha'.
- app-arch/unrar-5.7.4::gentoo (masked by: unRAR license(s))
A copy of the 'unRAR' license is located at '/usr/portage/licenses/unRAR'.
* dev-libs/openssl
Latest version available: 3.0.11
Latest version installed: 1.1.1u
Size of files: 14,843 KiB
Homepage: https://www.openssl.org/
Description: Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)
License: Apache-2.0
For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.
|
| Code: | * dev-libs/openssl
Latest version available: 3.0.11
Latest version installed: 1.1.1u
Size of files: 14,843 KiB
Homepage: https://www.openssl.org/
Description: Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)
License: Apache-2.0
|
[Moderator edit: changed [quote] tags to [code] tags to preserve output layout. -Hu] |
|
| Back to top |
|
|
lostinspace2011
Apprentice
Joined: 09 Sep 2005
Posts: 230
|
| Posted: Fri Oct 13, 2023 3:47 am Post subject: |
|
|
After removing some older packages (emerge --depclean) and adding the licenses I no only get the following warning
| Code: | emerge --update --newuse --deep @world
* IMPORTANT: 54 news items need reading for repository 'gentoo'.
* Use eselect news read to view new items.
Calculating dependencies... done!
Dependency resolution took 26.69 s.
!!! The following installed packages are masked:
- dev-libs/openssl-1.1.1u::gentoo (masked by: package.mask)
/usr/portage/profiles/package.mask:
# Sam James <sam@gentoo.org> (2023-09-09)
# OpenSSL 1.1.x is EOL on 2023-09-11. Please upgrade immediately to >= OpenSSL 3.
# https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/
# https://www.openssl.org/blog/blog/2023/06/15/1.1.1-EOL-Reminder/
# Please run a full world upgrade, especially checking /etc/portage and your world file
# for old PHP or Ruby references.
For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.
|
[Moderator edit: changed [quote] tags to [code] tags to preserve output layout. -Hu] |
|
| Back to top |
|
|
fedeliallalinea
Administrator
Joined: 08 Mar 2003
Posts: 30996
Location: here
|
| Posted: Fri Oct 13, 2023 5:15 am Post subject: |
|
|
What does the emerge -cp dev-libs/openssl command return?
_________________
Questions are guaranteed in life; Answers aren't. |
|
| Back to top |
|
|
lostinspace2011
Apprentice
Joined: 09 Sep 2005
Posts: 230
|
| Posted: Fri Oct 13, 2023 5:51 am Post subject: |
|
|
| Code: |
emerge -cp dev-libs/openssl
Calculating dependencies... done!
>>> No packages selected for removal by depclean
>>> To see reverse dependencies, use --verbose
Packages installed: 944
Packages in world: 97
Packages in system: 49
Required packages: 944
Number to remove: 0
emerge -cp --verbose dev-libs/openssl
Calculating dependencies... done!
dev-libs/openssl-1.1.1u pulled in by:
app-admin/apache-tools-2.4.57 requires dev-libs/openssl:0=, dev-libs/openssl:0/1.1=
app-admin/sudo-1.9.14_p3 requires dev-libs/openssl:0/1.1=, dev-libs/openssl:=
app-antivirus/clamav-1.1.0 requires dev-libs/openssl:0/1.1=, dev-libs/openssl:=
app-arch/libarchive-3.7.1 requires dev-libs/openssl:0/1.1=[abi_x86_64(-)], dev-libs/openssl:0=[abi_x86_64(-)]
app-crypt/acme-tiny-5.0.1-r1 requires dev-libs/openssl:0
app-crypt/mit-krb5-1.20.1 requires >=dev-libs/openssl-1.0.1h-r2:0/1.1=[abi_x86_64(-)], >=dev-libs/openssl-1.0.1h-r2:0=[abi_x86_64(-)]
app-crypt/rhash-1.4.3 requires dev-libs/openssl:0=[abi_x86_64(-)], dev-libs/openssl:0/1.1=[abi_x86_64(-)]
app-portage/portage-utils-0.96.1 requires dev-libs/openssl:=, dev-libs/openssl:0/1.1=
dev-db/mysql-8.0.32-r2 requires >=dev-libs/openssl-1.0.0:=, >=dev-libs/openssl-1.0.0:0/1.1=
dev-db/mysql-connector-c-8.0.32-r1 requires dev-libs/openssl:=[abi_x86_64(-)], dev-libs/openssl:0/1.1=[abi_x86_64(-)]
dev-db/postgresql-15.4 requires >=dev-libs/openssl-0.9.6-r1:0=, >=dev-libs/openssl-0.9.6-r1:0/1.1=
dev-lang/php-7.4.33-r5 requires <dev-libs/openssl-3.0:0/1.1=
dev-lang/php-8.1.20-r1 requires >=dev-libs/openssl-1.0.2:0=, >=dev-libs/openssl-1.0.2:0/1.1=
dev-lang/python-3.11.5 requires >=dev-libs/openssl-1.1.1:=, >=dev-libs/openssl-1.1.1:0/1.1=
dev-lang/rust-bin-1.71.1 requires dev-libs/openssl
dev-libs/cyrus-sasl-2.1.28-r4 requires >=dev-libs/openssl-1.0.1h-r2:0/1.1=[abi_x86_64(-)], >=dev-libs/openssl-1.0.1h-r2:0=[abi_x86_64(-)]
dev-libs/libevent-2.1.12-r1 requires >=dev-libs/openssl-1.0.1h-r2:0/1.1=[abi_x86_64(-)], >=dev-libs/openssl-1.0.1h-r2:0=[abi_x86_64(-)]
dev-libs/libzip-1.9.2 requires dev-libs/openssl:0=, dev-libs/openssl:0/1.1=
dev-perl/Crypt-OpenSSL-Bignum-0.90.0-r1 requires dev-libs/openssl:0=, dev-libs/openssl:0/1.1=
dev-perl/Crypt-OpenSSL-Guess-0.150.0 requires dev-libs/openssl:=, dev-libs/openssl:0/1.1=
dev-perl/Crypt-OpenSSL-RSA-0.330.0 requires dev-libs/openssl:0/1.1=, dev-libs/openssl:=
dev-perl/Crypt-OpenSSL-Random-0.150.0-r1 requires dev-libs/openssl:0=, dev-libs/openssl:0/1.1=
dev-perl/Net-DNS-SEC-1.210.0 requires dev-libs/openssl:=, dev-libs/openssl:0/1.1=
dev-perl/Net-SSLeay-1.920.0-r1 requires dev-libs/openssl:0/1.1=, dev-libs/openssl:=
dev-python/cryptography-41.0.3 requires >=dev-libs/openssl-1.0.2o-r6:0=, >=dev-libs/openssl-1.0.2o-r6:0/1.1=
dev-vcs/git-2.41.0 requires dev-libs/openssl:0/1.1=, dev-libs/openssl:=
mail-filter/spamassassin-4.0.0-r4 requires dev-libs/openssl:0/1.1=, dev-libs/openssl:0=
mail-mta/postfix-3.8.1 requires >=dev-libs/openssl-1.1.1:0=, >=dev-libs/openssl-1.1.1:0/1.1=
net-analyzer/net-snmp-5.9.3-r3 requires >=dev-libs/openssl-0.9.6d:0/1.1=, >=dev-libs/openssl-0.9.6d:0=
net-analyzer/nmap-7.94 requires dev-libs/openssl:=, dev-libs/openssl:0/1.1=
net-analyzer/tcpdump-4.99.4-r1 requires >=dev-libs/openssl-0.9.6m:0/1.1=, >=dev-libs/openssl-0.9.6m:=
net-analyzer/zabbix-6.4.6 requires dev-libs/openssl:0/1.1=[-bindist(-)], dev-libs/openssl:=[-bindist(-)]
net-dns/bind-9.16.42 requires dev-libs/openssl:0/1.1=[-bindist(-)], dev-libs/openssl:=[-bindist(-)]
net-dns/bind-tools-9.16.42 requires dev-libs/openssl:=, dev-libs/openssl:0/1.1=
net-libs/courier-authlib-0.72.0 requires dev-libs/openssl:0=, dev-libs/openssl:0/1.1=
net-libs/libssh2-1.11.0-r2 requires >=dev-libs/openssl-1.0.1h-r2:0/1.1=[abi_x86_64(-)], >=dev-libs/openssl-1.0.1h-r2:0=[abi_x86_64(-)]
net-mail/courier-imap-5.1.4 requires dev-libs/openssl:0=, dev-libs/openssl:0/1.1=
net-misc/curl-8.4.0 requires >=dev-libs/openssl-0.9.7:0/1.1=[-sslv3(-),abi_x86_64(-)], >=dev-libs/openssl-0.9.7:=[-sslv3(-),abi_x86_64(-)]
net-misc/memcached-1.6.21-r1 requires >=dev-libs/openssl-1.1.0g:=, >=dev-libs/openssl-1.1.0g:0/1.1=
net-misc/ntp-4.2.8_p17 requires dev-libs/openssl:0/1.1=, dev-libs/openssl:=
net-misc/openssh-9.4_p1 requires >=dev-libs/openssl-1.1.1l-r1:0=, >=dev-libs/openssl-1.1.1l-r1:0/1.1=
net-misc/rsync-3.2.7-r2 requires dev-libs/openssl:=, dev-libs/openssl:0/1.1=
net-misc/wget-1.21.4 requires dev-libs/openssl:=, dev-libs/openssl:0/1.1=
sys-apps/coreutils-9.3-r3 requires dev-libs/openssl:=, dev-libs/openssl:0/1.1=
www-servers/apache-2.4.57 requires dev-libs/openssl:0, >=dev-libs/openssl-1.0.2:0/1.1=, >=dev-libs/openssl-1.0.2:=
x11-base/xorg-server-21.1.8-r2 requires dev-libs/openssl:0=, dev-libs/openssl:0/1.1=
>>> No packages selected for removal by depclean
Packages installed: 944
Packages in world: 97
Packages in system: 49
Required packages: 944
Number to remove: 0
|
[Moderator edit: changed [quote] tags to [code] tags to preserve output layout. -Hu] |
|
| Back to top |
|
|
fedeliallalinea
Administrator
Joined: 08 Mar 2003
Posts: 30996
Location: here
|
| Posted: Fri Oct 13, 2023 6:11 am Post subject: |
|
|
Your problem is dev-lang/php-7.4.33-r5 that requires <dev-libs/openssl-3.0:0/1.1=.
This version of php is no longer supported, what package require php:7?
_________________
Questions are guaranteed in life; Answers aren't. |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 21842
|
| Posted: Fri Oct 13, 2023 12:22 pm Post subject: |
|
|
fedeliallalinea set you on the right path, but I want to add a few notes:- First, please use [code] tags for program output. This makes the output easier to read. I have edited these into your posts for you.
- Second, if Portage is not guessing to do what you want, you should tell it to do what you want. In this case, that means that one of the atoms on your command line would be '>=dev-libs/openssl-3', so that Portage would either update or tell you why not. This would be in addition to, rather than instead of @world, so it is slightly different from what you tried in your first post. In this case, I expect it would have printed a warning pointing you to php, without the need to use emerge --pretend --verbose --depclean dev-libs/openssl.
- Third, you should read your news. We sometimes need to remind people of this, but 54 unread news items is a record, I think. News items often advise you of upcoming important changes so you are prepared when they happen.
|
|
| Back to top |
|
|
tbc233
n00b
Joined: 03 May 2004
Posts: 11
|
| Posted: Tue Nov 21, 2023 10:34 am Post subject: |
|
|
Hello,
I am having more or less the same problem. When I update world it doesn't give me openssl-3. When I explicitely try to upgrade openssl, output is like this
| Code: |
emerge -uav openssl
These are the packages that would be merged, in order:
Calculating dependencies... done!
Dependency resolution took 4.87 s.
Total: 0 packages, Size of downloads: 0 KiB
WARNING: One or more updates/rebuilds have been skipped due to a dependency conflict:
dev-libs/openssl:0
(dev-libs/openssl-3.0.11:0/3::gentoo, ebuild scheduled for merge) USE="asm -fips -ktls -rfc3779 -sctp -static-libs -test -tls-compression -vanilla -verify-sig -weak-ssl-ciphers" ABI_X86="(64) -32 (-x32)" CP U_FLAGS_X86="(sse2)" conflicts with
>=dev-libs/openssl-1.0.2:0/1.1= required by (net-vpn/openvpn-2.6.4:0/0::gentoo, installed) USE="lz4 lzo openssl plugins -dco -down-root -examples -inotify -iproute2 -mbedtls -pam -pkcs11 (-selinux) -syste md -test" ABI_X86="(64)"
^^^^^^^
>=dev-libs/openssl-1.1.1:0/1.1= required by (dev-lang/python-3.10.13:3.10/3.10::gentoo, installed) USE="ensurepip gdbm ncurses readline sqlite ssl xml -bluetooth -build -debug -examples -libedit -lto -pgo -test -tk -valgrind -verify-sig" ABI_X86="(64)"
^^^^^^^
dev-libs/openssl:0/1.1= required by (net-misc/ntp-4.2.8_p17:0/0::gentoo, installed) USE="readline ssl threads -caps -debug -ipv6 -openntpd -parse-clocks -samba (-selinux) -snmp -vim-syntax -zeroconf" ABI_ X86="(64)"
^^^^^^^
dev-libs/openssl:0/1.1= required by (net-misc/stuntman-1.2.16:0/0::gentoo, installed) USE="userland_GNU" ABI_X86="(64)"
^^^^^^^
<dev-libs/openssl-3.0:0/1.1= required by (dev-lang/php-7.4.33-r5:7.4/7.4::gentoo, installed) USE="acl bcmath bzip2 calendar cgi cli ctype curl exif fileinfo filter flatfile gd gdbm gmp iconv imap inifile intl json mhash mysql mysqli nls opcache pcntl phar posix readline session simplexml soap ssl tokenizer truetype unicode xml xmlreader xmlwriter xslt zip zlib -apache2 -argon2 -berkdb -cdb -cjk (-coverage) -d ebug -embed -enchant -ffi (-firebird) -fpm -ftp -iodbc -ipv6 -jit -kerberos -ldap -ldap-sasl -libedit -lmdb -mssql -oci8-instant-client -odbc -pdo -phpdbg -postgres -qdbm (-selinux) -session-mm -sharedmem -sn mp -sockets -sodium -spell -sqlite -systemd -sysvipc -test -threads -tidy -tokyocabinet -webp -xmlrpc -xpm" ABI_X86="(64)"
^ ^^^^^^^^^^
>=dev-libs/openssl-1.0.2:0/1.1= required by (dev-lang/php-8.1.20-r1:8.1/8.1::gentoo, installed) USE="acl bcmath bzip2 calendar cgi cli ctype curl exif fileinfo filter flatfile gd gdbm gmp iconv imap inifi le intl mhash mysql mysqli nls opcache pcntl phar posix readline session simplexml soap ssl tokenizer truetype unicode xml xmlreader xmlwriter xslt zip zlib -apache2 -apparmor -argon2 -avif -berkdb -cdb -cjk (-coverage) -debug -embed -enchant -ffi (-firebird) -fpm -ftp -iodbc -ipv6 -jit -kerberos -ldap -ldap-sasl -libedit -lmdb -mssql -oci8-instant-client -odbc -pdo -phpdbg -postgres -qdbm (-selinux) -session-mm -sharedmem -snmp -sockets -sodium -spell -sqlite -systemd -sysvipc -test -threads -tidy -tokyocabinet -webp -xpm" ABI_X86="(64)"
^^^^^^^
>=dev-libs/openssl-1.0.0:0/1.1= required by (dev-db/mariadb-10.6.14:10.6/18::gentoo, installed) USE="backup latin1 odbc pam perl server -bindist -columnstore -cracklib -debug -extraengine -galera -innodb- lz4 -innodb-lzo -innodb-snappy -jdbc -jemalloc -kerberos (-mroonga) -numa -oqgraph -profiling -rocksdb -s3 (-selinux) -sphinx -sst-mariabackup -sst-rsync -static -systemd -systemtap -tcmalloc -test -xml -yass l" ABI_X86="(64)"
^^^^^^^
>=dev-libs/openssl-0.9.7:0/1.1= required by (www-servers/lighttpd-1.4.71:0/0::gentoo, installed) USE="brotli lua nettle pcre php ssl system-xxhash xattr zlib -dbi -gnutls -kerberos -ldap -maxminddb -mbedt ls -mmap -mysql -nss -postgres -rrdtool -sasl (-selinux) -sqlite -test -unwind -webdav -zstd" ABI_X86="(64)" LUA_SINGLE_TARGET="lua5-1 -lua5-3 -lua5-4"
^^^^^^^
<dev-libs/openssl-3.0 required by (dev-lang/php-8.0.29:8.0/8.0::gentoo, installed) USE="acl bcmath bzip2 calendar cgi cli ctype curl exif fileinfo filter flatfile gd gdbm gmp iconv imap inifile intl mhash mysql mysqli nls opcache pcntl phar posix readline session simplexml soap ssl tokenizer truetype unicode xml xmlreader xmlwriter xslt zip zlib -apache2 -apparmor -argon2 -berkdb -cdb -cjk (-coverage) -debug -embed -enchant -ffi (-firebird) -fpm -ftp -iodbc -ipv6 -jit -kerberos -ldap -ldap-sasl -libedit -lmdb -mssql -oci8-instant-client -odbc -pdo -phpdbg -postgres -qdbm (-selinux) -session-mm -sharedmem -snmp -s ockets -sodium -spell -sqlite -systemd -sysvipc -test -threads -tidy -tokyocabinet -webp -xpm" ABI_X86="(64)"
^ ^^^
>=dev-libs/openssl-1.1.1:0/1.1= required by (mail-mta/postfix-3.8.2:0/0::gentoo, installed) USE="berkdb eai pam sasl ssl -cdb -dovecot-sasl -ldap -ldap-bind -lmdb -mbox -memcached -mysql -nis -postgres (- selinux) -sqlite" ABI_X86="(64)"
^^^^^^^
>=dev-libs/openssl-1.1.1:0/1.1= required by (dev-lang/python-3.11.5:3.11/3.11::gentoo, installed) USE="ensurepip gdbm ncurses readline sqlite ssl -bluetooth -build -debug -examples -libedit -lto -pgo -tes t -tk -valgrind -verify-sig" ABI_X86="(64)"
^^^^^^^
dev-libs/openssl:0/1.1= required by (dev-lang/python-2.7.18_p16-r1:2.7/2.7::gentoo, installed) USE="gdbm hardened ncurses readline sqlite ssl userland_GNU xml (-berkdb) -bluetooth -build -examples -tk -va lgrind -verify-sig -wininst" ABI_X86="(64)"
^^^^^^^
>=dev-libs/openssl-0.9.7:0/1.1=[-sslv3(-),abi_x86_64(-)] required by (net-misc/curl-8.4.0:0/0::gentoo, installed) USE="adns alt-svc ftp hsts http2 imap openssl pop3 progress-meter smtp ssl tftp -brotli -g nutls -gopher -idn -kerberos -ldap -mbedtls (-nghttp3) -rtmp (-rustls) -samba -ssh (-sslv3) -static-libs -telnet -test -verify-sig -websockets -zstd" ABI_X86="(64) -32 (-x32)" CURL_SSL="openssl -gnutls -mbedt ls (-rustls)"
^^^^^^^
dev-libs/openssl:0/1.1= required by (net-libs/c-client-2007f_p7:0/0::gentoo, installed) USE="pam ssl userland_GNU -doc -ipv6 -kerberos -static-libs -topal" ABI_X86="(64)"
^^^^^^^
dev-libs/openssl:0/1.1=[abi_x86_64(-)] required by (app-arch/libarchive-3.7.1:0/13::gentoo, installed) USE="acl bzip2 e2fsprogs iconv lzma xattr -blake2 -expat -lz4 -lzo -nettle -static-libs -verify-sig - zstd" ABI_X86="(64) -32 (-x32)"
^^^^^^^
>=dev-libs/openssl-1.0.1h-r2:0/1.1=[abi_x86_64(-)] required by (dev-libs/cyrus-sasl-2.1.28-r4:2/2::gentoo, installed) USE="gdbm pam ssl userland_GNU -authdaemond -berkdb -kerberos -ldapdb -mysql -openldap -postgres -sample (-selinux) -sqlite -srp -static-libs -urandom" ABI_X86="(64) -32 (-x32)"
^^^^^^^
>=dev-libs/openssl-0.9.6m:0/1.1= required by (net-analyzer/tcpdump-4.99.4-r1:0/0::gentoo, installed) USE="drop-root samba smi ssl -suid -test -verify-sig" ABI_X86="(64)"
^^^^^^^
>=dev-libs/openssl-1.0.1:0/1.1= required by (dev-lang/php-8.0.29:8.0/8.0::gentoo, installed) USE="acl bcmath bzip2 calendar cgi cli ctype curl exif fileinfo filter flatfile gd gdbm gmp iconv imap inifile intl mhash mysql mysqli nls opcache pcntl phar posix readline session simplexml soap ssl tokenizer truetype unicode xml xmlreader xmlwriter xslt zip zlib -apache2 -apparmor -argon2 -berkdb -cdb -cjk (-coverag e) -debug -embed -enchant -ffi (-firebird) -fpm -ftp -iodbc -ipv6 -jit -kerberos -ldap -ldap-sasl -libedit -lmdb -mssql -oci8-instant-client -odbc -pdo -phpdbg -postgres -qdbm (-selinux) -session-mm -sharedme m -snmp -sockets -sodium -spell -sqlite -systemd -sysvipc -test -threads -tidy -tokyocabinet -webp -xpm" ABI_X86="(64)"
^^^^^^^
dev-libs/openssl:0/1.1= required by (net-misc/wget-1.21.4:0/0::gentoo, installed) USE="nls pcre (ssl) zlib -cookie-check -debug -gnutls -idn -ipv6 -metalink -ntlm -static -test -uuid -verify-sig" ABI_X86= "(64)"
^^^^^^^
dev-libs/openssl:0/1.1= required by (app-portage/portage-utils-0.96.1:0/0::gentoo, installed) USE="openmp qmanifest qtegrity -static" ABI_X86="(64)"
^^^^^^^
dev-libs/openssl:0/1.1= required by (app-admin/sudo-1.9.14_p3:0/0::gentoo, installed) USE="nls pam secure-path sendmail ssl -gcrypt -ldap -offensive -sasl (-selinux) -skey -sssd -verify-sig" ABI_X86="(64) "
^^^^^^^
>=dev-libs/openssl-1.1.1l-r1:0/1.1= required by (net-misc/openssh-9.4_p1-r1:0/0::gentoo, installed) USE="pam (pie) ssl -X -audit (-debug) -kerberos -ldns -libedit -livecd -security-key (-selinux) -static -test -verify-sig -xmss" ABI_X86="(64)"
^^^^^^^
dev-libs/openssl:0/1.1= required by (dev-libs/libzip-1.9.2:0/5::gentoo, installed) USE="bzip2 ssl userland_GNU -gnutls -lzma -mbedtls -static-libs -test -tools -zstd" ABI_X86="(64)"
^^^^^^^
dev-libs/openssl:0/1.1= required by (net-dns/bind-tools-9.16.42:0/0::gentoo, installed) USE="caps readline -doc -gssapi -idn -libedit -test -xml" ABI_X86="(64)"
^^^^^^^
>=dev-libs/openssl-1.0.1h-r2:0/1.1=[abi_x86_64(-)] required by (dev-libs/libevent-2.1.12-r1:0/2.1-7::gentoo, installed) USE="clock-gettime ssl userland_GNU -debug -malloc-replacement -static-libs -test -v erbose-debug" ABI_X86="(64) -32 (-x32)"
^^^^^^^
dev-libs/openssl:0/1.1= required by (dev-perl/Net-SSLeay-1.920.0-r1:0/0::gentoo, installed) USE="-examples -minimal -test" ABI_X86="(64)"
^^^^^^^
dev-libs/openssl:0/1.1=[abi_x86_64(-)] required by (dev-db/mysql-connector-c-8.0.32-r1:0/21::gentoo, installed) USE="userland_GNU -ldap -static-libs" ABI_X86="(64) -32 (-x32)"
^^^^^^^
dev-libs/openssl:0/1.1=[abi_x86_64(-)] required by (dev-db/mariadb-connector-c-3.2.7:0/3::gentoo, installed) USE="curl ssl -gnutls -kerberos -static-libs -test" ABI_X86="(64) -32 (-x32)"
^^^^^^^
dev-libs/openssl:0/1.1= required by (net-analyzer/nmap-7.94:0/0::gentoo, installed) USE="nls nse ssl -ipv6 -libssh2 -ncat -ndiff -nping -symlink -verify-sig -zenmap" ABI_X86="(64)" LUA_SINGLE_TARGET="lua5 -4" PYTHON_SINGLE_TARGET="python3_11 -python3_10"
^^^^^^^
dev-libs/openssl:0/1.1= required by (net-misc/rsync-3.2.7-r2:0/0::gentoo, installed) USE="acl iconv ssl userland_GNU xattr -examples -lz4 -rrsync -stunnel -system-zlib -verify-sig -xxhash -zstd" ABI_X86=" (64)" PYTHON_SINGLE_TARGET="python3_11 -python3_10"
^^^^^^^
dev-libs/openssl:0/1.1= required by (sys-apps/coreutils-9.3-r3:0/0::gentoo, installed) USE="acl nls openssl (split-usr) (xattr) -caps -gmp -hostname -kill -multicall (-selinux) -static -test -vanilla -ver ify-sig" ABI_X86="(64)"
^^^^^^^
dev-libs/openssl:0/1.1=[abi_x86_64(-)] required by (app-crypt/rhash-1.4.3:0/0::gentoo, installed) USE="nls ssl userland_GNU -debug -static-libs" ABI_X86="(64) -32 (-x32)"
^^^^^^^
dev-libs/openssl:0/1.1= required by (dev-util/maturin-1.3.1:0/0::gentoo, installed) USE="ssl -debug -doc -test" ABI_X86="(64)" PYTHON_TARGETS="python3_10 python3_11 (-pypy3) (-python3_12)"
^^^^^^^
|
I guess I could solve most of these things by recompiling. Except PHP-7 I guess. So I wonder: Is there even a correct way to keep PHP-7?
It's a local machine for testing purposes, so I know what I am doing. I would need to keep that php version at least a few months. |
|
| Back to top |
|
|
fedeliallalinea
Administrator
Joined: 08 Mar 2003
Posts: 30996
Location: here
|
| Posted: Tue Nov 21, 2023 10:58 am Post subject: |
|
|
Your problem is also php-8.0.x that not supporting openssl-3, you should migrate to 8.1.x
| tbc233 wrote: | | Except PHP-7 I guess. So I wonder: Is there even a correct way to keep PHP-7? |
The php-7.x is end of life so keep it isn't a good idea (no security bug fix).
| tbc233 wrote: | | It's a local machine for testing purposes, so I know what I am doing. I would need to keep that php version at least a few months. |
In these months ignore the warning message if you just can't do without php-7.
_________________
Questions are guaranteed in life; Answers aren't. |
|
| Back to top |
|
|
tbc233
n00b
Joined: 03 May 2004
Posts: 11
|
| Posted: Tue Nov 21, 2023 11:01 am Post subject: |
|
|
| Quote: | | In these months ignore the warning message if you just can't do without php-7. |
Yes, I was thinking about that. But that means that I can't upgrade openssl at all, right? As openssl-3 can't co-exist with openssl-1
I wish we hat slots for openssl. |
|
| Back to top |
|
|
fedeliallalinea
Administrator
Joined: 08 Mar 2003
Posts: 30996
Location: here
|
| Posted: Tue Nov 21, 2023 12:21 pm Post subject: |
|
|
| tbc233 wrote: | | Yes, I was thinking about that. But that means that I can't upgrade openssl at all, right? As openssl-3 can't co-exist with openssl-1. |
As runtime dependency can co-exist with dev-libs/openssl-compat but if it's needed for building phase no.
See also this topic.
You might also think about install php-7 in a docker container for example.
_________________
Questions are guaranteed in life; Answers aren't. |
|
| Back to top |
|
|
tbc233
n00b
Joined: 03 May 2004
Posts: 11
|
| Posted: Tue Nov 21, 2023 12:24 pm Post subject: |
|
|
| Thank you so much. I'll think about that. |
|
| Back to top |
|
|
rodia
n00b
Joined: 29 Dec 2005
Posts: 16
Location: 43° 36 North, 1° 26 West
|
| Posted: Mon Feb 19, 2024 11:50 am Post subject: Updating system with new openssl 3 |
|
|
@lostinspace2011 and @tbc233
I was having the same issues on several machines, exalted by the fact that my portage tree was 30 days to 90 days old.
I just wanted to share the ways I managed to get out of it without reinstalling the whole system (holding on!) 
Many thread are at this state where various pieces of info were exchanged but no clear solution is visible.
Because solution is scenario dependent what I kept important from wisdom is here that (thank you @fedeliallalinea @sam_ @grknight, you make my day everytime I read the forum):
 one needs to search issues around packages depending on OpenSSL
| Code: | | emerge -pcv openssl |
when installing or reinstalling things make sure you leave state as is for the world set, prevent from adding new things to the world set while they should be left as 'pulled' dependencies (from other things already in the world set): the world set is your gentoo auto-nav for package . That means using --oneshot
| Code: | | emerge -1av goddamn_old_package |
 Situation: my emerge -1auv dev-libs/openssl neither emerge -e | -auv world or emerge -auv system actually did not work. I had packages so old they strongly depended on "dev-libs/openssl:0/1.1=" and they were not in the updated portage tree.
 What I did to update my old systems: I guess that would even be easier/faster for more up to date ones, I first started with listing the dependencies of openssl.
knowing that I would be hitting the point of updating my whole python stack. And big problem is that I had installed package versions that were not available or masked in the current portage tree.
Step 1: detecting packages that depend on openssl
Step 2: removing non necessary packages (will reinstall them later)
Step 3: updating the rest of packages to latest known version, as much as possible
Step 4: finally trying to update openssl which would rebuild most previously updated packages
Used tools here:
- sys-apps/portage --> emerge
- (optional) app-portage/portage-utils --> qdepends (somehow faster version of emerge -pcv)
STEP 1
| Code: |
prompt ---> # emerge -pcv openssl
Calculating dependencies ... done!
dev-libs/openssl-1.1.1l pulled in by:
app-admin/syslog-ng-3.30.1-r2 requires dev-libs/openssl:0/1.1=
app-arch/libarchive-3.5.2 requires dev-libs/openssl:0/1.1=[abi_x86_64(-)]
app-crypt/rhash-1.3.6-r1 requires dev-libs/openssl:0/1.1=[abi_x86_64(-)]
app-portage/portage-utils-0.92 requires dev-libs/openssl:0/1.1=
dev-db/mysql-connector-c-8.0.25 requires dev-libs/openssl:0/1.1=[abi_x86_64(-)]
dev-lang/python-3.10.9 requires >=dev-libs/openssl-1.1.1:0/1.1=
dev-lang/python-3.11.5 requires >=dev-libs/openssl-1.1.1:0/1.1=
dev-lang/python-3.9.16 requires >=dev-libs/openssl-1.1.1:0/1.1=
dev-libs/libevent-2.1.11 requires >=dev-libs/openssl-1.0.1h-r2:0/1.1=[abi_x86_64(-)]
dev-libs/libzip-1.8.0 requires dev-libs/openssl:0/1.1=
dev-perl/Net-SSLeay-1.900.0 requires dev-libs/openssl:0=, dev-libs/openssl:0/1.1=
dev-python/cryptography-3.4.7-r2 requires >=dev-libs/openssl-1.0.2o-r6:0/1.1=
dev-vcs/git-2.32.0-r1 requires dev-libs/openssl:0/1.1=
net-libs/c-client-2007f-r7 requires dev-libs/openssl:0/1.1=
net-misc/curl-7.79.1 requires dev-libs/openssl:0/1.1=[-sslv3(-),abi_x86_64(-)]
net-misc/openssh-8.6_p1-r2 requires dev-libs/openssl:0/1.1=, >=dev-libs/openssl-1.1.0g:0[-bindist(-)]
net-misc/rsync-3.2.3-r4 requires dev-libs/openssl:0/1.1=
net-misc/wget-1.21.1 requires dev-libs/openssl:0/1.1=
www-client/lynx-2.9.0_pre6-r2 requires dev-libs/openssl:0/1.1=
>>> No packages selected for removal by depclean
Packages installed: 596
Packages in world: 287
Packages in system: 50
Required packages: 596
Number to remove: 0
|
To give you an idea syslog-log first available stable version is now 4.0.1 (most advanced 4.6.0). So that system wasnt updated for a while.
And unless you want to take that as a lesson you are maybe faster done reinstalling the base system.
The game is to help portage updating the system so having the unavailable packages available again, updating them to a version in the current portage tree.
STEP 2
Uninstalling all unnecessary packages. Because we are recompiling things so that we get their last versions up tied to installed openssl v1.
emerge -pcv atom is the reference, but qdepends -Q is faster and more verbose
so I looked at what depends on every if the packages (that depends on openssl) in the list above, for instance:
| Code: | # check them all as lynx example:
qdepends -Q www-client/lynx
|
If the list returned was empty or with other packages I knew I wouldn't need until i reinstall everything, then I would remove the package.
lynx is a console based web browser. not a system necessary app. So REMOVED!
Sometimes i had to call qdepends -Q several times on packages depending on the packages (like lynx) that depends on openssl.
To track down the possibility to remove all these dependencies all together.
Then for packages I found I would carefully call:
| Code: | # Safety check
emerge -pcv package1 package2 .... |
in order to check if I wasnt doing something terrible.
Once possible packages are removed, the dependencies calculation generally goes faster, less stuffs to update.
STEP 3
Update the rest of the list of non-removed packages that depends on openssl.
The goal here is to update these packages to higher versions that are at least "tracked" by the current portage tree.
Portage will then know how to managed them properly with regular emerge update/rebuild options.
You would update then, then later they would be rebuilt against the newest openssl.
How to update them yet without pulling the whole dependencies updates or wrongly adding it to the world set, you can use --oneshot -av (ask and verbose, --oneshot is also -1):
| Quote: | # Do that for all remaining packages like rhash in my case:
emerge -1av app-crypt/rhash
|
for the python fellows, i used the slot name, for instance:
| Code: | emerge -1av dev-lang/python:3.10
|
STEP 4
At some point I checked out the whole list and I could test if updating openssl worked out:
| Code: | emerge -auv dev-libs/openssl
|
Sometimes it would be necessary to update use flags because newer version of packages changed.
That's it
That worked for me. I hope this recap and eventually a bit more like a generalization, would help anyone falling on this good thread.
Happy to have your feedback if there is a magic emerge commands that do all that, I search around slot and unavailable package manipulation, but nothing was as straightforward as these four steps, although a bit tedious that helped me cleaning up my system of unnecessary packages.
NB: since 2014 (heartbleed) one can drop the ssl flag of OpenSSH so it does not need openssl.
I do not often post here but I have been going through various resolution of this in the last months and I spent the week end trying to streamline a generalized four step process.
Hope this works for all. Take care!
On X as @redotics
_________________
Having the choice is a choice that we do. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Installing Gentoo
