Compile fails on ubuntu 18.04

We have been using confd on Ubuntu 16.04 for a while. On Ubuntu 18.04 I get this error:


gcc -DHAVE_DYNAMIC_CRYPTO_LIB -g -I. -Wall -fpic -O2   -c crypto.c
crypto.c:110:10: fatal error: openssl/chacha.h: No such file or directory
#include 
^~~~~~~~~~~~~~~~~~
compilation terminated.
../src/include.mk:49: recipe for target 'crypto.o' failed

libssl-dev is installed, but apparently chacha.h has been removed. Has anyone compiled it for Ubuntu 18.04 using openssl 1.1?

similar issue – url munged to get around the “new users can only post 2 links” error from the web site :frowning:

https :// github.com/asdf-vm/asdf/issues/195#issuecomment-301354356

On Ubuntu 18.04 try:
apt-get update && apt-get install -y libssl-dev libssl1.0.0

Getting just the libssl-dev package does not work with Ubuntu anymore since the 1.0.0 version is not shipped with that package nowadays. Only the 1.1 version is included. Hence you need to add the libssl1.0.0 package too.

Well, you can definitely use OpenSSL up to and including version 1.0.2 with current ConfD releases, which enables a few additional cipher suites for SSL/TLS compared to 1.0.0. However OpenSSL-1.1.x has many non-backward-compatible API changes from 1.0.x, and thus cannot be used by the Erlang/OTP version (18 - predates OpenSSL-1.1.0) that is included in current ConfD. At some point ConfD will of course start shipping with a newer version of Erlang/OTP, that does support the use of OpenSSL-1.1.x.

Thanks. That worked.

Well, it kind of works. Now the rest of the build is borked because (for instance) python3 xmlsec needs package xmlsec1 which needs libssl-dev 1.1

I understand that I can have both libraries at runtime, but now I need two development environments … one for confd and one for everything else. Not a big deal for CI, but a real pain for developers.

How do I go about making an official request that they upgrade to 1.1 ?

As far as I am know if you on Ubuntu 18.04 run:
apt-get update && apt-get install -y libssl-dev libssl1.0.0
libssl-dev will install openssl 1.1.0g for you while libssl1.0.0 will install openssl 1.0.2n.
Hence you will then have both 1.1 and 1.0 installed and everyone should be happy.

For an official request of a feature, if you have ConfD Premium, you make feature requests through your Tail-f support account.

no, I need libssl1.0-dev to compile confd. otherwise I get

crypto.c:110:10: fatal error: openssl/chacha.h: No such file or directory
 #include <openssl/chacha.h>
          ^~~~~~~~~~~~~~~~~~
compilation terminated.
../src/include.mk:49: recipe for target 'crypto.o' failed
make[8]: *** [crypto.o] Error 1

There should be no need to rebuild crypto.so or libconfd.so / libconfd.a after installing the “libssl1.0.0” package.

thank you, thank you. I had no idea that the crypto module was optional. I guess at some point we needed it, so it was coded in our CMake files. Sorry I was so slow figuring this out.