Re: ld-elf.so.1: Shared object "libssl.so.111" not found, required by "pkg" and others

[Tomoaki AOKI]

On Sun, 02 Jul 2023 14:41:55 +0900 (JST)
Yasuhiro Kimura <y...@freebsd.org> wrote:

> From: Nuno Teixeira <edua...@freebsd.org>
> Subject: ld-elf.so.1: Shared object "libssl.so.111" not found, required by 
> "pkg" and others
> Date: Sun, 2 Jul 2023 06:22:48 +0100
> 
> > Hello all,
> > 
> > I'm returning to current and installed from 
> > 20230622-b95d2237af40-263748-bootonly.iso and upgraded to cab2d43b83b 
> > (amd64).
> > 
> > Did a magnific delete-old and delete-old-libs and now a lot of packages 
> > complain about "ld-elf.so.1: Shared object "libssl.so.111" not found,
> > required by..."
> > 
> > To fix it I rebooted with BE from first instalation since I used 
> > beinstall.sh for upgrade.
> > 
> > I know that a lot of things happened in the last days with llvm15->llvm16, 
> > openssl3, etc.
> > 
> > My question is when can I do a delete-old{-libs}?
> > I'm thinking building pkgs with a updated current on poudriere and then 
> > clean up libs?
> > 
> > Thanks,
> 
> The source of the issue is the migration from OpenSSL 1.1.1 to 3.0.
> 
> So if you use packages built by yourself (e,g. by using poudriere,
> portmaster, porupgrade, etc. or simply 'make install'), then you
> should rebuild and reinstall all packages and then should do
> `make delete-old-libs`.
> 
> If you use official binary packages, then you should wait until all
> packages are built with OpenSSL 3.0.
> 
> HTH.
> 
> ---
> Yasuhiro Kimura

FYI:
I basically never `make delete-old-libs` blindly.

First, run `make check-old-libs` and record the result.
Then, create an ad-hoc script to check for affected ports installed and
generate updating script.
Then, look into the temporary list generated (or generated script) if
any port should be actually rebuilt.
Run the generated script if needed.

Attached is the quick and ugly ad-hoc script I used this time.
Beware! This generates updating script requiring ports-mgmt/pkg_replace.
Edit it to use whatever you want.


If you're using poudriere[-devel], it should rebuild everything.
I don't use poudriere on main, as it should force me tooo many full
rebuilds than on stable/* branches.

If letting poudriere to rebuild everything and configured local repo,
`pkg upgrade` would do the right thing, maybe.


-- 
Tomoaki AOKI    <junch...@dec.sakura.ne.jp>

#!/bin/sh

#Posted Feb.25,2015 to FreeBSD-current ML by Mark Millard
#Modified by Tomoaki AOKI to generate upgrading script for portupgrade.

# Define files to (temporarily) generate.
OLDLIB="base_openssl"
CHECKPREFIX1="/lib/libcrypto"
CHECKFORRE1="${CHECKPREFIX1}[^ ]*\.so\.111"
CHECKPREFIX2="/usr/lib/libssl"
CHECKFORRE2="${CHECKPREFIX2}[^ ]*\.so\.111"
CHECKPREFIX3="/usr/lib32/libcrypto"
CHECKFORRE3="${CHECKPREFIX3}[^ ]*\.so\.111"
CHECKPREFIX4="/usr/lib32/libssl"
CHECKFORRE4="${CHECKPREFIX4}[^ ]*\.so\.111"
DETECTED="/tmp/${OLDLIB}deps0"
NeedUpdate="/tmp/${OLDLIB}deps"
ActualScript="/tmp/rebuild_${OLDLIB}_deps.sh"

# echo CHECKFORRE is ${CHECKFORRE}

# Define pre processing procedure if needed (optional).
PreUpdate="CurDir=\`pwd\`"

# Define port updating program of your choice.
UpdateProgram="pkg_replace -l /usr/ports/${OLDLIB}_deps-\`date \"+%Y%m%d%H%M%S\"\`.log -c -m 'WITH+=NVIDIA,NVIDIA_GL DISABLE_VULNERABILITIES=yes' -v -W -w -b -f"

# Define post processing procedure if needed (optional).
PostUpdate="cd \${CurDir} && portsclean -C"

if [ -f ${DETECTED} ] ; then
	rm ${DETECTED}
fi

if [ -f ${NeedUpdate} ] ; then
	rm ${NeedUpdate}
fi

# find /usr/local/*bin* /usr/local/lib* -type f \
# | xargs ldd -f '%p %A\n' 2>&1 | grep "^/lib/libncurses[^ ]*\.so\.8" | cut -w -f2 \
# | xargs ldd -a | egrep '(^/.*:$| /lib/libncurses[^ ]*\.so\.8 )' \
# | grep -B1 " /lib/libncurses" | grep "^/.*:$" | sed -e's;:$;;' \
# | xargs pkg which -q -o | sort -u

## Unfortunetely, this didn't work if second ldd includes shell variable.
## Always edit it manually as CHECKFORRE.
#
#find /usr/local/*bin* /usr/local/lib* -type f \
#| xargs ldd -f '%p %A\n' 2>&1 | grep "^${CHECKFORRE}" | cut -w -f2 \
#| xargs ldd -a | egrep '(^/.*:$| /lib/libncurses[^ ]*\.so\.8 )' \
#| grep -B1 " ${CHECKPREFIX}" | grep "^/.*:$" | sed -e's;:$;;' \
#| xargs pkg which -q -o | sort -u > ${NeedUpdate}

## Replacing single quotes with double quotes for egrep allowed using shell variable.
find /usr/local/*bin* /usr/local/lib* -type f \
| xargs ldd -f '%p %A\n' 2>&1 | grep "^${CHECKFORRE1}" | cut -w -f2 \
| xargs ldd -a | egrep "(^/.*:$| ${CHECKFORRE1} )" \
| grep -B1 " ${CHECKPREFIX1}" | grep "^/.*:$" | sed -e's;:$;;' \
| xargs pkg which -q -o | sort -u > ${DETECTED}
find /usr/local/*bin* /usr/local/lib* -type f \
| xargs ldd -f '%p %A\n' 2>&1 | grep "^${CHECKFORRE2}" | cut -w -f2 \
| xargs ldd -a | egrep "(^/.*:$| ${CHECKFORRE2} )" \
| grep -B1 " ${CHECKPREFIX2}" | grep "^/.*:$" | sed -e's;:$;;' \
| xargs pkg which -q -o | sort -u >> ${DETECTED}
find /usr/local/*bin* /usr/local/lib* -type f \
| xargs ldd -f '%p %A\n' 2>&1 | grep "^${CHECKFORRE3}" | cut -w -f2 \
| xargs ldd -a | egrep "(^/.*:$| ${CHECKFORRE3} )" \
| grep -B1 " ${CHECKPREFIX3}" | grep "^/.*:$" | sed -e's;:$;;' \
| xargs pkg which -q -o | sort -u >> ${DETECTED}
find /usr/local/*bin* /usr/local/lib* -type f \
| xargs ldd -f '%p %A\n' 2>&1 | grep "^${CHECKFORRE4}" | cut -w -f2 \
| xargs ldd -a | egrep "(^/.*:$| ${CHECKFORRE4} )" \
| grep -B1 " ${CHECKPREFIX4}" | grep "^/.*:$" | sed -e's;:$;;' \
| xargs pkg which -q -o | sort -u >> ${DETECTED}

# Remove duplicate.
cat ${DETECTED} | sort | uniq > ${NeedUpdate}

# Remove now-unneeded temporary.
# Intentionally keep ${NeedUpdate} list for ease of confirmation.
# Note that the line containing only "the" means that no port origin is detected.
# rm ${DETECTED}

# Generate actual script. if you want other options, other update tool, rewrite as you like.
echo "#!/bin/sh" > ${ActualScript}

echo ${PreUpdate} >> ${ActualScript}

echo -n ${UpdateProgram} >> ${ActualScript}

cat ${NeedUpdate} | while read TARGET
do
	# The line containing only "the" means that no port origin is detected.
	if [ "the" = ${TARGET} ] ; then
		continue
	fi

	echo -n " " >> ${ActualScript}
	echo -n ${TARGET} >> ${ActualScript}
done

echo "" >> ${ActualScript}

echo ${PostUpdate} >> ${ActualScript}

chmod 754 ${ActualScript}

echo "The actual script is generated as ${ActualScript}."
echo "If you don\'t want huge port like libreoffice, chromium etc., manually remove"
echo "them from generated script."
echo "Intentionally kept temporary file ${NeedUpdate} for ease of confirmation."
echo "Note that the line containing only \"the\" means that no port origin is detected"
echo "for any of binaries."