qBittorrent-Enhanced-Edition
qBittorrent-Enhanced-Edition copied to clipboard
c0re100
Unable to start qbee 4.4.3.12 on Fedora 36 aarch64
qBittorrent & operating system versions
qBittorrent: qbittorrent-enhanced-nox_aarch64-linux-musl_static.zip v4.4.3.12 from releases page.
OS: Fedora 36 aarch64
What is the problem?
Jul 24 13:45:57 M4-RPi3 qbittorrent-nox[45007]: terminate called after throwing an instance of 'boost::wrapexcept<boost::system::system_error>'
Jul 24 13:45:57 M4-RPi3 qbittorrent-nox[45007]: what(): context: unknown option (digital envelope routines) [asio.ssl:50331817]
Unable to start qbee v4.4.3.12 using systemd. v4.4.1.10 works fine.
Steps to reproduce
No response
Additional context
No response
Log(s) & preferences file(s)
@maidmeow4 @Aileilaya Did https://github.com/userdocs/qbittorrent-nox-static work on your environment?
If it's still not working, that maybe an upstream issue.
And @Aileilaya qbittorrent-enhanced-nox-*-static was static linked all dependencies, so install external openssl no effect.
Seems this is an openssl config issue in Fedora, and it's working on Debian / Archlinux or the other Linux distros.
I try to remove /etc/ssl/openssl.cnf in Fedora and it's working now:
$ sudo mv /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf.bak
I don't know which setting caused this issue.
I think i have narrowed these offending packages which are both managed by crypto-policies-scripts-20220428-1.gitdfb10ea.fc36.noarch
crypto-policies
crypto-policies-script
https://fedora.pkgs.org/36/fedora-updates-x86_64/crypto-policies-scripts-20220428-1.gitdfb10ea.fc36.noarch.rpm.html
Can you please test a downgrade to the previous version using this command
sudo dnf install crypto-policies-scripts-20220203-2.git112f859.fc36.noarch
It will look like this, then try to run qbittorrent and see it if works.
[username@fedora ~]$ sudo dnf install crypto-policies-scripts-20220203-2.git112f859.fc36.noarch
Last metadata expiration check: 0:04:25 ago on Sun 31 Jul 2022 21:10:12 BST.
Dependencies resolved.
=============================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
=============================================================================================================================================================================================================================================================
Downgrading:
crypto-policies noarch 20220203-2.git112f859.fc36 fedora 58 k
crypto-policies-scripts noarch 20220203-2.git112f859.fc36 fedora 81 k
Transaction Summary
=============================================================================================================================================================================================================================================================
Downgrade 2 Packages
Run qbit again and test
You can upgrade again using this current version
sudo dnf install crypto-policies-scripts-20220428-1.gitdfb10ea.fc36.noarch
I believe these are the new changes that caused the problem.
Specifically this
[openssl_init]
alg_section = evp_properties # creates the setting section below
[evp_properties]
rh-allow-sha1-signatures = yes # this is the option causing the problem
If you edit the file with nano like this
nano /etc/crypto-policies/back-ends/opensslcnf.config
And comment out the line as shown
[openssl_init]
alg_section = evp_properties # creates the setting section below
[evp_properties]
#rh-allow-sha1-signatures = yes # this is the option causing the problem
QBittorrent will work.
This is the problem but I don't fully understand why yet. I think this is related.
https://github.com/openssl/openssl/issues/17662#issuecomment-1115191526
Ah no i see now, it's the other setting that is the cause.
[openssl_init]
alg_section = evp_properties # creates the setting section below
[evp_properties]
rh-allow-sha1-signatures = yes # this is the option causing the problem
So this works
[openssl_init]
alg_section = evp_properties # creates the setting section below
[evp_properties]
#rh-allow-sha1-signatures = yes # this is the option causing the problem
@abcfy2 ok, i think i understand the actual problem from here
This setting rh-allow-sha1-signatures = yes i think is from a custom patch unique to Redhat
https://gitlab.com/redhat/centos-stream/rpms/openssl/-/blob/c9s/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
We would have to apply it to our builds to fix this with no modifications from the user.
@maidmeow4 @Aileilaya Did https://github.com/userdocs/qbittorrent-nox-static work on your environment?
If it's still not working, that maybe an upstream issue.
And @Aileilaya
qbittorrent-enhanced-nox-*-staticwas static linked all dependencies, so install external openssl no effect.
Not working, this build gives the same error.
Some updates
I made a build to test the issue using the redhat patches you can find my patch here
I made these build that you can see will work with no issue on Fedora 36 even with the updated crypto-policy package.
https://github.com/userdocs/qbt_static_test/releases/tag/release-4.4.3.1_v2.0.7
I think this is something that should be fixed upstream, in openssl and I have commented as to why here
https://github.com/openssl/openssl/issues/17662#issuecomment-1201245477
But as it stands, this is the issue and that is the fix, I personally don't want to patch my builds for OS specific openssl stuff.