[ckujau]

In lieu of a bug tracker for ArchLinux/ARM, this goes here: after the last update of nrpe (from nrpe-3.0.1-4 to nrpe-3.1.0-2), it appears nrpe is now linked to a different OpenSSL version:

$this->bbcode_second_pass_code('', '
$ pacman -Q -o `which nrpe`
/usr/bin/nrpe is owned by nrpe 3.1.0-2

$ ldd /usr/bin/nrpe
/usr/bin/nrpe: /usr/lib/libssl.so.1.0.0: version `OPENSSL_1.0.2d' not found (required by /usr/bin/nrpe)
/usr/bin/nrpe: /usr/lib/libcrypto.so.1.0.0: version `OPENSSL_1.0.2d' not found (required by /usr/bin/nrpe)
linux-vdso.so.1 (0x0000fffc860a0000)
libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x0000fffc86010000)
libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x0000fffc85e40000)
libc.so.6 => /usr/lib/libc.so.6 (0x0000fffc85ce0000)
/lib/ld-linux-aarch64.so.1 (0x0000fffc860b0000)
libdl.so.2 => /usr/lib/libdl.so.2 (0x0000fffc85cc0000)
')

Interestingly, there are two OpenSSL versions installed on my system and trying to remove the old version would break (or uninstall) nrpe:

$this->bbcode_second_pass_code('', '
$ pacman -Q | grep ssl
openssl 1.1.0.f-1
openssl-1.0 1.0.2.l-1

$ pacman -R openssl-1.0
checking dependencies...
error: failed to prepare transaction (could not satisfy dependencies)
:: nrpe: removing openssl-1.0 breaks dependency 'openssl-1.0'
')

As a workaround, I compiled nrpe from source now (against the installed openssl 1.1.0.f-1 version) and it's working - I was just wondering if this is known to whoever packages nrpe and only of temporary nature until the switch to OpenSSL 1.1 is completed?

Thanks.

[WarheadsSE]

Interesting.

Well, `nrpe` is built straight from the upstream PKGBUILD (ABS)
$this->bbcode_second_pass_code('', '
[armv7] [abs] community/nrpe (3.1.0-3|3.1.0-3): done, build time: 2m36s, last built: Fri May 26 16:14:46 2017
')

And `openssl-1.0` has a git overlay, meaning it comes from ALARM's PKGBUILD repository.
$this->bbcode_second_pass_code('', '[armv7] [git] extra/openssl-1.0 (1.0.2.l-1|1.0.2.l-1): done, build time: 6m16s, last built: Thu May 25 12:19:31 2017')

As you can see, it does appear that at least as of 3.1.0-3 of `npre` was built after that last rebuild of `openssl-1.0`, and thus should have little to no issue.

Please make sure your system is fully up to date.

[ckujau]

Indeed, another update today just pulled `nrpe-3.1.0-3` in, which is still linked to openssl-1.0 (and thus still cannot be uninstalled) but at least the SSL version number is the same now and the binary works on this armv8 (aarch64) system:

$this->bbcode_second_pass_code('', '
$ ldd `which nrpe`
linux-vdso.so.1 (0x0000fffd6d770000)
libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x0000fffd6d6e0000)
libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x0000fffd6d510000)
libc.so.6 => /usr/lib/libc.so.6 (0x0000fffd6d3b0000)
/lib/ld-linux-aarch64.so.1 (0x0000fffd6d780000)
libdl.so.2 => /usr/lib/libdl.so.2 (0x0000fffd6d390000)

$ strings /usr/bin/nrpe | grep OPENSSL_
OPENSSL_1.0.0
OPENSSL_1.0.1

$ strings /usr/lib/libssl.so.1.0.0 | grep ^OPENSSL_1
OPENSSL_1.0.0
OPENSSL_1.0.1
OPENSSL_1.0.1d
OPENSSL_1.0.1s
OPENSSL_1.0.2
OPENSSL_1.0.1s

$ pacman -Q -o /usr/lib/libssl.so.1.0.0
/usr/lib/libssl.so.1.0.0 is owned by openssl-1.0 1.0.2.l-1
')
So, I'm glad to see this was just of temporary nature. Still, I'd like it for nrpe to be built against the current "openssl" package (v1.1.x) eventually, so the old "openssl-1.0" package can be removed.

[WarheadsSE]

That's a decisions that was made by upstream Arch Linux, not ALARM.

[ckujau]

I see; thanks for clearing that up, and thanks for responding!