[Bug 1822872] Re: Bionic: Luminous radosgw incompatible with libssl1.1

Eric Desrochers eric.desrochers at canonical.com
Tue Apr 2 19:55:56 UTC 2019 

Here's my thought process about this:

----
Package "2.2.11-0ubuntu0.18.04.1" uses: civetweb version "1.8"

Confirmation:
src/civetweb/include/civetweb.h:#define CIVETWEB_VERSION "1.8"
-----

While I'm sure that downgrading libssl as 'Build-Depends' works for that
particular case, I am concerned about what downgrading libssl may
introduce as potential regression in Ceph since Bionic Ceph has been
build/tested against libssl 1.1. We would need to be very careful if we
go that route IMHO.

For the moment, I see 3 options:
1) Downgrade libssl Build-Depends from 1.1 to 1.0 in order to make civetweb works, but possibly risk to introduce (or not) potential Ceph regression/ Ceph undesired behaviour change/ ... (tbd)
2) Upgrade civetweb to adapt to 1.1 by identifying the right commits/patchset :

>From what I read so far, it seems like there might be good potential candidates:
https://github.com/civetweb/civetweb/pull/384/commits
https://github.com/civetweb/civetweb/commit/adac9c916fa892ec5edce7b565803f1e62d304a2
https://github.com/civetweb/civetweb/commit/5d83900fd29fb6fa1cd604676cb0562dc984dcc9

3) Upgrade ceph' source pkg's civetweb version to a version where libssl
1.1 is fully supported. (if doable/compatible/...)

Currently, option 2) is definitely my favourite approach.

I don't fully ignore option 1), but I would prefer spending time to
investigate how feasible the backport of libssl 1.1 adaptation/fixes
patchset into 1.8 goes and/or evaluate an upgrade from v1.8 to
<RECENT_VERSION_INCLUDING_WHAT_IT_NEEDS> of civetweb into Ceph.

And of course, I would appreciate to have the Openstack team opinion
about my chain of thought here.

Regards,
Eric

** Bug watch added: github.com/civetweb/civetweb/issues #370
   https://github.com/civetweb/civetweb/issues/370

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to ceph in Ubuntu.
https://bugs.launchpad.net/bugs/1822872

Title:
  Bionic: Luminous radosgw incompatible with libssl1.1

Status in ceph package in Ubuntu:
  New
Status in ceph source package in Bionic:
  New

Bug description:
  Bionic's radosgw package (Version 12.2.11-0ubuntu0.18.04.1 ) can't run
  on Bionic, because the version of civetweb in Luminous is incompatible
  with libssl1.1, but it's built against libssl1.1.

  This has been known about upstream for a while now, and as noted in
  the bug-tracker (https://tracker.ceph.com/issues/20696), it can be
  fixed by building Luminous in an environment that has only libssl1.0
  available (or, in a more invasive manner, by incorporating a newer
  civetweb). A patch is in the tracker.ceph.com issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1822872/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list