[arch-general] Ssl no more :(
I was wondering why I was not able to login to a remote arch server. Openvpn is still working and luckily also webmin, so I logged in and I saw this: --8<---------------cut here---------------start------------->8---
/etc/rc.d/sshd restart :: Stopping Secure Shell Daemon [BUSY] [FAIL] :: Starting Secure Shell Daemon [BUSY] /usr/sbin/sshd: error while loading shared libraries: libcrypto.so.0.9.8: cannot open shared object file: No such file or directory [FAIL] --8<---------------cut here---------------end--------------->8---
--8<---------------cut here---------------start------------->8--- pacman -S --noconfirm openssh pacman: error while loading shared libraries: libssl.so.0.9.8: cannot open shared object file: No such file or directory --8<---------------cut here---------------end--------------->8--- Fantastic, so pacman is not working anymore! I don't know how it could have happened, last thing I did was a "pacman -Suy" which normally doesn't have such disastrous effects... Any idea how to fix this?
Am 20.04.2010 11:35, schrieb Andrea Crotti:
I don't know how it could have happened, last thing I did was a "pacman -Suy" which normally doesn't have such disastrous effects...
If you had -Syu'd and your pacman database was clean, you would have pulled updates to libfetch and openssh which would have prevented these errors. For clarification, please post the pacman.log excerpt from the last update.
Any idea how to fix this?
Short-term: ln -s /usr/lib/libssl.so.1.0.0 /usr/lib/libssl.so.0.9.8 (same for libcrypto), then -Syu, make sure libfetch and openssh are also updated (Don't try to pull updates via https or any SSL-secured connection, as this will most likely cause errors in openssl due to ABI incompatibility). Then delete the lib{ssl,crypto}.so.0.9.8 symlinks again! If pacman doesn't try to pull libfetch and openssh updates, then your pacman database is most likely broken.
Thomas Bächler <thomas@archlinux.org> writes:
Am 20.04.2010 11:35, schrieb Andrea Crotti:
I don't know how it could have happened, last thing I did was a "pacman -Suy" which normally doesn't have such disastrous effects...
If you had -Syu'd and your pacman database was clean, you would have pulled updates to libfetch and openssh which would have prevented these errors. For clarification, please post the pacman.log excerpt from the last update.
Here it is --8<---------------cut here---------------start------------->8--- [2010-04-16 13:12] synchronizing package lists [2010-04-16 13:13] upgraded pacman (3.3.3-1 -> 3.3.3-5) [2010-04-16 13:13] synchronizing package lists [2010-04-16 13:13] starting full system upgrade [2010-04-16 13:24] synchronizing package lists [2010-04-16 13:24] starting full system upgrade [2010-04-16 13:43] synchronizing package lists [2010-04-16 13:43] starting full system upgrade [2010-04-16 14:19] removed policykit-gnome (0.9.2-5) [2010-04-16 14:19] removed devicekit-power (013-1) [2010-04-16 14:19] removed devicekit-disks (009-5) [2010-04-16 14:19] removed policykit (0.9-9) [2010-04-16 14:19] upgraded acl (2.2.48-1 -> 2.2.49-1) [2010-04-16 14:20] upgraded linux-api-headers (2.6.32.5-2 -> 2.6.33.1-1) [2010-04-16 14:20] upgraded tzdata (2010b-1 -> 2010h-1) [2010-04-16 14:20] Generating locales... [2010-04-16 14:20] en_US.UTF-8... done [2010-04-16 14:20] en_US.ISO-8859-1... done [2010-04-16 14:20] it_IT.UTF-8... done [2010-04-16 14:20] it_IT.ISO-8859-1... done [2010-04-16 14:20] it_IT.ISO-8859-15@euro... done [2010-04-16 14:20] Generation complete. [2010-04-16 14:20] upgraded glibc (2.11.1-1 -> 2.11.1-2) [2010-04-16 14:20] upgraded bash (4.1.002-2 -> 4.1.005-1) [2010-04-16 14:20] upgraded zlib (1.2.3.9-1 -> 1.2.4-1) [2010-04-16 14:20] upgraded util-linux-ng (2.17.1-1 -> 2.17.2-1) [2010-04-16 14:20] upgraded apr (1.3.9-1 -> 1.4.2-1) [2010-04-16 14:20] upgraded gcc-libs (4.4.3-1 -> 4.4.3-2) [2010-04-16 14:20] upgraded db (4.8.26-1 -> 4.8.26-2) [2010-04-16 14:20] upgraded gdbm (1.8.3-6 -> 1.8.3-7) [2010-04-16 14:20] warning: /etc/ssl/openssl.cnf installed as /etc/ssl/openssl.cnf.pacnew [2010-04-16 14:20] upgraded openssl (0.9.8m-2 -> 1.0.0-2) [2010-04-16 14:20] upgraded libldap (2.4.21-1 -> 2.4.21-2) [2010-04-16 14:21] upgraded apr-util (1.3.9-3 -> 1.3.9-4) [2010-04-16 14:21] upgraded pcre (8.01-1 -> 8.02-1) [2010-04-16 14:21] warning: /etc/httpd/conf/httpd.conf installed as /etc/httpd/conf/httpd.conf.pacnew [2010-04-16 14:21] upgraded apache (2.2.14-3 -> 2.2.15-2) --8<---------------cut here---------------end--------------->8--- Looks clean to me.
Short-term: ln -s /usr/lib/libssl.so.1.0.0 /usr/lib/libssl.so.0.9.8 (same for libcrypto), then -Syu, make sure libfetch and openssh are also updated (Don't try to pull updates via https or any SSL-secured connection, as this will most likely cause errors in openssl due to ABI incompatibility). Then delete the lib{ssl,crypto}.so.0.9.8 symlinks again!
If pacman doesn't try to pull libfetch and openssh updates, then your pacman database is most likely broken.
Ok thanks I'll try
On Tue, 20 Apr 2010 11:59:32 +0200, Andrea Crotti <andrea.crotti.0@gmail.com> wrote:
Here it is --8<---------------cut here---------------start------------->8--- [2010-04-16 13:12] synchronizing package lists [2010-04-16 13:13] upgraded pacman (3.3.3-1 -> 3.3.3-5) [2010-04-16 13:13] synchronizing package lists [2010-04-16 13:13] starting full system upgrade [2010-04-16 13:24] synchronizing package lists [2010-04-16 13:24] starting full system upgrade [2010-04-16 13:43] synchronizing package lists [2010-04-16 13:43] starting full system upgrade [2010-04-16 14:19] removed policykit-gnome (0.9.2-5) [2010-04-16 14:19] removed devicekit-power (013-1) [2010-04-16 14:19] removed devicekit-disks (009-5) [2010-04-16 14:19] removed policykit (0.9-9) [2010-04-16 14:19] upgraded acl (2.2.48-1 -> 2.2.49-1) [2010-04-16 14:20] upgraded linux-api-headers (2.6.32.5-2 -> 2.6.33.1-1) [2010-04-16 14:20] upgraded tzdata (2010b-1 -> 2010h-1) [2010-04-16 14:20] Generating locales... [2010-04-16 14:20] en_US.UTF-8... done [2010-04-16 14:20] en_US.ISO-8859-1... done [2010-04-16 14:20] it_IT.UTF-8... done [2010-04-16 14:20] it_IT.ISO-8859-1... done [2010-04-16 14:20] it_IT.ISO-8859-15@euro... done [2010-04-16 14:20] Generation complete. [2010-04-16 14:20] upgraded glibc (2.11.1-1 -> 2.11.1-2) [2010-04-16 14:20] upgraded bash (4.1.002-2 -> 4.1.005-1) [2010-04-16 14:20] upgraded zlib (1.2.3.9-1 -> 1.2.4-1) [2010-04-16 14:20] upgraded util-linux-ng (2.17.1-1 -> 2.17.2-1) [2010-04-16 14:20] upgraded apr (1.3.9-1 -> 1.4.2-1) [2010-04-16 14:20] upgraded gcc-libs (4.4.3-1 -> 4.4.3-2) [2010-04-16 14:20] upgraded db (4.8.26-1 -> 4.8.26-2) [2010-04-16 14:20] upgraded gdbm (1.8.3-6 -> 1.8.3-7) [2010-04-16 14:20] warning: /etc/ssl/openssl.cnf installed as /etc/ssl/openssl.cnf.pacnew [2010-04-16 14:20] upgraded openssl (0.9.8m-2 -> 1.0.0-2) [2010-04-16 14:20] upgraded libldap (2.4.21-1 -> 2.4.21-2) [2010-04-16 14:21] upgraded apr-util (1.3.9-3 -> 1.3.9-4) [2010-04-16 14:21] upgraded pcre (8.01-1 -> 8.02-1) [2010-04-16 14:21] warning: /etc/httpd/conf/httpd.conf installed as /etc/httpd/conf/httpd.conf.pacnew [2010-04-16 14:21] upgraded apache (2.2.14-3 -> 2.2.15-2) --8<---------------cut here---------------end--------------->8---
Looks clean to me.
Not for me. Looks more like pacman was interrupted during the transaction. At least libfetch and libarchive are missing. (and I guess a lot of other stuff like openssh) Could you add more of the log before and after what you already posted. Andy what is about the system update after the pacman update which did not pull in any new packages. Did you switch mirrors? Did you anything else to pacman you didn't tell us so far? ;-) -- Pierre Schmitz, https://users.archlinux.de/~pierre
Pierre Schmitz <pierre@archlinux.de> writes:
Not for me. Looks more like pacman was interrupted during the transaction. At least libfetch and libarchive are missing. (and I guess a lot of other stuff like openssh) Could you add more of the log before and after what you already posted. Andy what is about the system update after the pacman update which did not pull in any new packages. Did you switch mirrors? Did you anything else to pacman you didn't tell us so far? ;-)
I don't remember but yes probably I launched it without screen and I disconnect from ssh, that's why... Anyway now ssh is back to life :) Thanks to some symlinking and reinstalling it works again, but I see that some are still using the old lib. In general reinstalling them solve the problem right? --8<---------------cut here---------------start------------->8--- syslog-ng 1751 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 syslog-ng 1752 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 ntpd 1925 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 smbd 1932 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 nmbd 1935 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 smbd 1957 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 master 2025 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 monit 2083 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 qmgr 2588 postfix DEL REG 253,6 28226710 /usr/lib/libcrypto.so.0.9.8 openvpn 5029 root DEL REG 253,6 28226710 /usr/lib/libcrypto.so.0.9.8 openvpn 5032 root DEL REG 253,6 28226710 /usr/lib/libcrypto.so.0.9.8 clock-app 20157 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 pickup 25888 postfix DEL REG 253,6 28018408 /usr/lib/libcrypto.so.1.0.0 sshd 27887 root DEL REG 253,6 28949237 /usr/lib/libcrypto.so.1.0.0 sshd 27889 root DEL REG 253,6 28949237 /usr/lib/libcrypto.so.1.0.0 --8<---------------cut here---------------end--------------->8---
Am 20.04.2010 12:19, schrieb Andrea Crotti:
Thanks to some symlinking and reinstalling it works again, but I see that some are still using the old lib. In general reinstalling them solve the problem right?
--8<---------------cut here---------------start------------->8--- syslog-ng 1751 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 syslog-ng 1752 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 ntpd 1925 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 smbd 1932 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 nmbd 1935 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 smbd 1957 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 master 2025 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 monit 2083 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 qmgr 2588 postfix DEL REG 253,6 28226710 /usr/lib/libcrypto.so.0.9.8 openvpn 5029 root DEL REG 253,6 28226710 /usr/lib/libcrypto.so.0.9.8 openvpn 5032 root DEL REG 253,6 28226710 /usr/lib/libcrypto.so.0.9.8 clock-app 20157 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 pickup 25888 postfix DEL REG 253,6 28018408 /usr/lib/libcrypto.so.1.0.0 sshd 27887 root DEL REG 253,6 28949237 /usr/lib/libcrypto.so.1.0.0 sshd 27889 root DEL REG 253,6 28949237 /usr/lib/libcrypto.so.1.0.0 --8<---------------cut here---------------end--------------->8---
You probably didn't restart these processes since the update.
On 20/04/10 13:19, Andrea Crotti wrote:
--8<---------------cut here---------------start------------->8--- syslog-ng 1751 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 syslog-ng 1752 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 ntpd 1925 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 smbd 1932 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 nmbd 1935 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 smbd 1957 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 master 2025 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 monit 2083 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 qmgr 2588 postfix DEL REG 253,6 28226710 /usr/lib/libcrypto.so.0.9.8 openvpn 5029 root DEL REG 253,6 28226710 /usr/lib/libcrypto.so.0.9.8 openvpn 5032 root DEL REG 253,6 28226710 /usr/lib/libcrypto.so.0.9.8 clock-app 20157 root DEL REG 253,6 25250370 /usr/lib/libcrypto.so.0.9.8 pickup 25888 postfix DEL REG 253,6 28018408 /usr/lib/libcrypto.so.1.0.0 sshd 27887 root DEL REG 253,6 28949237 /usr/lib/libcrypto.so.1.0.0 sshd 27889 root DEL REG 253,6 28949237 /usr/lib/libcrypto.so.1.0.0 --8<---------------cut here---------------end--------------->8---
How did you produce that output? :)
Evangelos Foutras <foutrelis@gmail.com> writes:
How did you produce that output? :)
lsof | grep libcrypt a great tool ;) Restarting the services made the trick, thanks everyone
participants (5)
-
Andrea Crotti
-
Damjan Georgievski
-
Evangelos Foutras
-
Pierre Schmitz
-
Thomas Bächler