azure-cli
azure-cli copied to clipboard
Azure
`az artifacts universal publish` Ubuntu 22.04 libssl error
Description
We upgraded our docker image to ubuntu 22.04 from 20.04. Now az artifacts universal publish fails due to a No usable version of libssl was found error. If we install the libssl version 1.1.* we end up with another error.
On the Ubuntu 20.04 docker image, all worked great.
Versions
- Docker image: ubuntu:22.04
- libssl: 3.0.* / 1.1.*
- Azure-Devops Extension: 0.25.0
- Azure-CLI: 2.36.0
Logs
Error with libssl 1.1.*
The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> System.TypeInitializationException: The type initializer for 'SslMethods' threw an exception.
---> System.TypeInitializationException: The type initializer for 'Ssl' threw an exception.
---> System.TypeInitializationException: The type initializer for 'SslInitializer' threw an exception.
---> Interop+Crypto+OpenSslCryptographicException: error:0E076071:configuration file routines:module_run:unknown module name
at Interop.SslInitializer..cctor()
--- End of inner exception stack trace ---
at Interop.Ssl..cctor()
--- End of inner exception stack trace ---
at Interop.Ssl.SslV2_3Method()
at Interop.Ssl.SslMethods..cctor()
--- End of inner exception stack trace ---
at Interop.OpenSsl.AllocateSslContext(SslProtocols protocols, SafeX509Handle certHandle, SafeEvpPKeyHandle certKeyHandle, EncryptionPolicy policy, SslAuthenticationOptions sslAuthenticationOptions)
at System.Net.Security.SafeDeleteSslContext..ctor(SafeFreeSslCredentials credential, SslAuthenticationOptions sslAuthenticationOptions)
at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, ArraySegment`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessAuthentication(LazyAsyncResult lazyResult, CancellationToken cancellationToken)
at System.Net.Security.SslStream.BeginAuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken, AsyncCallback asyncCallback, Object asyncState)
at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_0(SslClientAuthenticationOptions arg1, CancellationToken arg2, AsyncCallback callback, Object state)
at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl[TArg1,TArg2](Func`5 beginMethod, Func`2 endFunction, Action`1 endAction, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state)
at System.Net.Security.SslStream.AuthenticateAsClientAsync(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken)
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync(HttpRequestMessage message, HttpCompletionOption completionOption, Object userState, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync[T](HttpRequestMessage message, Object userState, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.GetConnectionDataAsync(ConnectOptions connectOptions, Int64 lastChangeId, CancellationToken cancellationToken, Object userState)
at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.GetConnectionDataAsync(ConnectOptions connectOptions, Int32 lastChangeId, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.ConnectAsync(ConnectOptions connectOptions, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.EnsureConnectedAsync(ConnectOptions optionsNeeded, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.GetInstanceIdAsync(CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.Location.LocationService.GetLocationDataAsync(Guid locationAreaIdentifier, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.VssConnection.GetClientInstanceAsync(Type managedType, Guid serviceIdentifier, CancellationToken cancellationToken, VssHttpRequestSettings settings, DelegatingHandler[] handlers)
at Microsoft.VisualStudio.Services.WebApi.VssConnection.GetClientServiceImplAsync(Type requestedType, Guid serviceIdentifier, Func`4 getInstanceAsync, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.VssConnection.GetClientAsync[T](CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.Content.Common.AsyncHttpRetryHelper`1.InvokeAsync(CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.Content.Common.ExceptionExtensions.ReThrow(Exception ex)
at Microsoft.VisualStudio.Services.Content.Common.AsyncHttpRetryHelper`1.InvokeAsync(CancellationToken cancellationToken)
at ArtifactTool.DedupManifestArtifactClientProvider.GetDedupManifestArtifactClientAsync(String serviceUrl, String patVar, ILogger commandBaseLogger, IAppTraceSource tracer, String cacheDirectory, Boolean cacheWriteAllowed, CancellationToken cancellationToken) in D:\\a\\1\\s\\src\\ArtifactTool\\Providers\\DedupManifestArtifactClient\\DedupManifestArtifactClientProvider.cs:line 57
at ArtifactTool.Commands.UPackPublishCommand.ExecuteAsync() in D:\\a\\1\\s\\src\\ArtifactTool\\Commands\\UPack\\UPackPublishCommand.cs:line 51
at ArtifactTool.Commands.CommandBase.OnExecuteAsync() in D:\\a\\1\\s\\src\\ArtifactTool\\Commands\\CommandBase.cs:line 105
at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.InvokeAsync(MethodInfo method, Object instance, Object[] arguments) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\Conventions\\ExecuteMethodConvention.cs:line 77
at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.OnExecute(ConventionContext context) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\Conventions\\ExecuteMethodConvention.cs:line 62
at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.<>c__DisplayClass0_0.<<Apply>b__0>d.MoveNext() in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\Conventions\\ExecuteMethodConvention.cs:line 25
--- End of stack trace from previous location where exception was thrown ---
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.<>c__DisplayClass126_0.<OnExecute>b__0() in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\CommandLineApplication.cs:line 505
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.Execute(String[] args) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\CommandLineApplication.cs:line 611
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.Execute[TApp](CommandLineContext context) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\CommandLineApplication.Execute.cs:line 57
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](CommandLineContext context) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\CommandLineApplication.Execute.cs:line 145
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](IConsole console, String[] args) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\CommandLineApplication.Execute.cs:line 130
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](String[] args) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\CommandLineApplication.Execute.cs:line 112
Error with libssl 3.0.*
WARNING: Failed to parse structured output from Universal Packages tooling (ArtifactTool)\nWARNING: Exception: Expecting value: line 1 column 1 (char 0)\nWARNING: Log line: No usable version of libssl was found\nWARNING: Failed to parse structured output from Universal Packages tooling (ArtifactTool)\nWARNING: Exception: Expecting value: line 1 column 1 (char 0)\nWARNING: Log line: qemu: uncaught target signal 6 (Aborted) - core dumped
Az extension versions
[
{
"experimental": false,
"extensionType": "whl",
"name": "azure-devops",
"path": "/root/.azure/cliextensions/azure-devops",
"preview": false,
"version": "0.25.0"
},
{
"experimental": false,
"extensionType": "whl",
"name": "azure-iot",
"path": "/root/.azure/cliextensions/azure-iot",
"preview": false,
"version": "0.14.0"
},
{
"experimental": false,
"extensionType": "whl",
"name": "ml",
"path": "/root/.azure/cliextensions/ml",
"preview": true,
"version": "2.3.1"
}
]
Azure cli version
azure-cli 2.36.0
core 2.36.0
telemetry 1.0.6
Extensions:
azure-devops 0.25.0
azure-iot 0.14.0
ml 2.3.1
Dependencies:
msal 1.17.0
azure-mgmt-resource 20.0.0
Python location '/opt/miniconda/bin/python'
Extensions directory '/root/.azure/cliextensions'
Python (Linux) 3.8.11 (default, Aug 3 2021, 15:09:35)
[GCC 7.5.0]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
OS version
cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04 (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
Update: Manual reproduction
docker run -it ubuntu:22.04
# inside docker
apt update && apt install curl
curl -sL https://aka.ms/InstallAzureCLIDeb | bash
export DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
az login
mkdir test && cd test && echo "hello world" >> world.txt
az artifacts universal publish --organization <organization> --project="<project>" --scope project --feed <feed> --name my-first-package --version 0.0.1 --description "Welcome to Universal Packages" --path .
Thank you for your feedback. This has been routed to the support team for assistance.
Hello @bweben We are routing this to Service Teams Attention for further action!
I am also getting this libssl related error when I try any az command on Ubuntu 22.04. It can't run any az command at all.
Iast 're-routing' of this issue was over 2 weeks ago... any updates on whether this is being tracked / analyzed? @SatishBoddu-MSFT? @yonzhan
Same Problem for me
---> Interop+Crypto+OpenSslCryptographicException: error:0E076071:configuration file routines:module_run:unknown module name
Is there any possibility to get this working even without a new az version? This is quite a high priority issue for us. Or are there any other Microsoft support options available for the Azure CLI? I am sorry if this is the wrong channel to ask but if anyone has any answer to my questions I would be happy to hear them.
Same Problem for my ubuntu 22.04
No usable version of libssl was found
./config.sh:行 86: 1414825 已放弃 (核心已转储) ./bin/Agent.Listener configure "$@"
Come on - I know this is an open source project of Microsoft / Azure.. but no activity whatsoever in over a month? Are you serious?
The workaround for now is the following:
- Install an older version of libssl:
wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1l-1ubuntu1.6_amd64.deb && sudo dpkg -i libssl1.1_1.1.1l-1ubuntu1.6_amd64.deb && rm libssl1.1_1.1.1l-1ubuntu1.6_amd64.deb - Edit etc/ssl/openssl.cnf:
sed -i 's/openssl_conf = openssl_init/#openssl_conf = openssl_init/g' /etc/ssl/openssl.cnf
See https://github.com/microsoft/azure-pipelines-agent/issues/3834#issuecomment-1173182107
Hi @kysucix Thanks for the workaround... this is maybe a temporary solution, but libssl1 / openssl1 have serious CVEs! (https://security-tracker.debian.org/tracker/CVE-2022-1292 for example) I really hope libssl3 is soon going to work!
Hi, the vulnerability is fixed in latest version of libssl, see https://ubuntu.com/security/CVE-2022-1292
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @v-anvashist, @V-hmusukula.
Issue Details
Description
We upgraded our docker image to ubuntu 22.04 from 20.04. Now az artifacts universal publish fails due to a No usable version of libssl was found error. If we install the libssl version 1.1.* we end up with another error.
On the Ubuntu 20.04 docker image, all worked great.
Versions
- Docker image: ubuntu:22.04
- libssl: 3.0.* / 1.1.*
- Azure-Devops Extension: 0.25.0
- Azure-CLI: 2.36.0
Logs
Error with libssl 1.1.*
The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> System.TypeInitializationException: The type initializer for 'SslMethods' threw an exception.
---> System.TypeInitializationException: The type initializer for 'Ssl' threw an exception.
---> System.TypeInitializationException: The type initializer for 'SslInitializer' threw an exception.
---> Interop+Crypto+OpenSslCryptographicException: error:0E076071:configuration file routines:module_run:unknown module name
at Interop.SslInitializer..cctor()
--- End of inner exception stack trace ---
at Interop.Ssl..cctor()
--- End of inner exception stack trace ---
at Interop.Ssl.SslV2_3Method()
at Interop.Ssl.SslMethods..cctor()
--- End of inner exception stack trace ---
at Interop.OpenSsl.AllocateSslContext(SslProtocols protocols, SafeX509Handle certHandle, SafeEvpPKeyHandle certKeyHandle, EncryptionPolicy policy, SslAuthenticationOptions sslAuthenticationOptions)
at System.Net.Security.SafeDeleteSslContext..ctor(SafeFreeSslCredentials credential, SslAuthenticationOptions sslAuthenticationOptions)
at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, ArraySegment`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessAuthentication(LazyAsyncResult lazyResult, CancellationToken cancellationToken)
at System.Net.Security.SslStream.BeginAuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken, AsyncCallback asyncCallback, Object asyncState)
at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_0(SslClientAuthenticationOptions arg1, CancellationToken arg2, AsyncCallback callback, Object state)
at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl[TArg1,TArg2](Func`5 beginMethod, Func`2 endFunction, Action`1 endAction, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state)
at System.Net.Security.SslStream.AuthenticateAsClientAsync(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken)
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync(HttpRequestMessage message, HttpCompletionOption completionOption, Object userState, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync[T](HttpRequestMessage message, Object userState, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.GetConnectionDataAsync(ConnectOptions connectOptions, Int64 lastChangeId, CancellationToken cancellationToken, Object userState)
at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.GetConnectionDataAsync(ConnectOptions connectOptions, Int32 lastChangeId, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.ConnectAsync(ConnectOptions connectOptions, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.EnsureConnectedAsync(ConnectOptions optionsNeeded, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.GetInstanceIdAsync(CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.Location.LocationService.GetLocationDataAsync(Guid locationAreaIdentifier, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.VssConnection.GetClientInstanceAsync(Type managedType, Guid serviceIdentifier, CancellationToken cancellationToken, VssHttpRequestSettings settings, DelegatingHandler[] handlers)
at Microsoft.VisualStudio.Services.WebApi.VssConnection.GetClientServiceImplAsync(Type requestedType, Guid serviceIdentifier, Func`4 getInstanceAsync, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.VssConnection.GetClientAsync[T](CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.Content.Common.AsyncHttpRetryHelper`1.InvokeAsync(CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.Content.Common.ExceptionExtensions.ReThrow(Exception ex)
at Microsoft.VisualStudio.Services.Content.Common.AsyncHttpRetryHelper`1.InvokeAsync(CancellationToken cancellationToken)
at ArtifactTool.DedupManifestArtifactClientProvider.GetDedupManifestArtifactClientAsync(String serviceUrl, String patVar, ILogger commandBaseLogger, IAppTraceSource tracer, String cacheDirectory, Boolean cacheWriteAllowed, CancellationToken cancellationToken) in D:\\a\\1\\s\\src\\ArtifactTool\\Providers\\DedupManifestArtifactClient\\DedupManifestArtifactClientProvider.cs:line 57
at ArtifactTool.Commands.UPackPublishCommand.ExecuteAsync() in D:\\a\\1\\s\\src\\ArtifactTool\\Commands\\UPack\\UPackPublishCommand.cs:line 51
at ArtifactTool.Commands.CommandBase.OnExecuteAsync() in D:\\a\\1\\s\\src\\ArtifactTool\\Commands\\CommandBase.cs:line 105
at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.InvokeAsync(MethodInfo method, Object instance, Object[] arguments) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\Conventions\\ExecuteMethodConvention.cs:line 77
at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.OnExecute(ConventionContext context) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\Conventions\\ExecuteMethodConvention.cs:line 62
at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.<>c__DisplayClass0_0.<<Apply>b__0>d.MoveNext() in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\Conventions\\ExecuteMethodConvention.cs:line 25
--- End of stack trace from previous location where exception was thrown ---
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.<>c__DisplayClass126_0.<OnExecute>b__0() in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\CommandLineApplication.cs:line 505
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.Execute(String[] args) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\CommandLineApplication.cs:line 611
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.Execute[TApp](CommandLineContext context) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\CommandLineApplication.Execute.cs:line 57
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](CommandLineContext context) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\CommandLineApplication.Execute.cs:line 145
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](IConsole console, String[] args) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\CommandLineApplication.Execute.cs:line 130
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](String[] args) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\CommandLineApplication.Execute.cs:line 112
Error with libssl 3.0.*
WARNING: Failed to parse structured output from Universal Packages tooling (ArtifactTool)\nWARNING: Exception: Expecting value: line 1 column 1 (char 0)\nWARNING: Log line: No usable version of libssl was found\nWARNING: Failed to parse structured output from Universal Packages tooling (ArtifactTool)\nWARNING: Exception: Expecting value: line 1 column 1 (char 0)\nWARNING: Log line: qemu: uncaught target signal 6 (Aborted) - core dumped
Az extension versions
[
{
"experimental": false,
"extensionType": "whl",
"name": "azure-devops",
"path": "/root/.azure/cliextensions/azure-devops",
"preview": false,
"version": "0.25.0"
},
{
"experimental": false,
"extensionType": "whl",
"name": "azure-iot",
"path": "/root/.azure/cliextensions/azure-iot",
"preview": false,
"version": "0.14.0"
},
{
"experimental": false,
"extensionType": "whl",
"name": "ml",
"path": "/root/.azure/cliextensions/ml",
"preview": true,
"version": "2.3.1"
}
]
Azure cli version
azure-cli 2.36.0
core 2.36.0
telemetry 1.0.6
Extensions:
azure-devops 0.25.0
azure-iot 0.14.0
ml 2.3.1
Dependencies:
msal 1.17.0
azure-mgmt-resource 20.0.0
Python location '/opt/miniconda/bin/python'
Extensions directory '/root/.azure/cliextensions'
Python (Linux) 3.8.11 (default, Aug 3 2021, 15:09:35)
[GCC 7.5.0]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
OS version
cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04 (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
| Author: | bweben |
|---|---|
| Assignees: | - |
| Labels: |
|
| Milestone: | Backlog |
Hi, the vulnerability is fixed in latest version of libssl, see https://ubuntu.com/security/CVE-2022-1292
Yes, we found a patched version that we can use. Still we think that installing libssl1 on an os that comes with libssl3 is an ugly hack. Unfortunately it seems to be the only way right now to get az artifacts working on ubuntu 22.04.
The workaround for now is the following:
- Install an older version of libssl:
wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1l-1ubuntu1.6_amd64.deb && sudo dpkg -i libssl1.1_1.1.1l-1ubuntu1.6_amd64.deb && rm libssl1.1_1.1.1l-1ubuntu1.6_amd64.deb- Edit etc/ssl/openssl.cnf:
sed -i 's/openssl_conf = openssl_init/#openssl_conf = openssl_init/g' /etc/ssl/openssl.cnf
same same, az artifacts universal download also fails on ubuntu 22.04. workaround above works...
Issue reproduced on Win11/WSL2/Ubuntu 22.04 Workaround with installing http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1l-1ubuntu1.6_amd64.deb and commenting line in /etc/ssl/openssl.cnf openssl_conf = openssl_init Works fine
The link to the mentioned package did not work for me. I could however use http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1-1ubuntu2.1~18.04.20_amd64.deb to get it working. (Remember to edit the package name three (3) times in the command (wget, dpkg and rm))
This issue also seems to exist when running an azure pipeline agent locally
same here, i use ubuntu 22.04 and want to install azure pipeline agent, but get this error
+1. Oddly I have the agent Azure Dev Ops agent working on some of my Ubuntu 22.04 VMs but not others. Is there a fix for this yet?
Any news on this topic? I don't think that downgrading the lib is a good option for me
If you’re issue is with the ADO pipeline, they have updated the main bug being tracked here: https://github.com/microsoft/azure-pipelines-agent/issues/3834#issuecomment-1325638361
Good news, they have an update that will move to dotnet 6, so the issue will be resolved soon!
From an Ubuntu 22.04 docker container, I am getting the SSL error while running az artifacts universal download.
This was opened back in April. How is it still not fixed? I feel like the workaround is unacceptable, because people will end up installing a package that will never ever get updated and will probably forget to readjust their openssl config.
What is the timeline for a real fix?
@SatishBoddu-MSFT @yonzhan Is any update on this?
Looks like updating az cli .NET core to latest 2.1 version should work: https://dev.to/n3wt0n/no-usable-version-of-the-libssl-was-found-solved-2ffa
@SatishBoddu-MSFT @yonzhan Is any update on this?
Looks like updating az cli .NET core to latest 2.1 version should work: https://dev.to/n3wt0n/no-usable-version-of-the-libssl-was-found-solved-2ffa
The post you linked talks about missing 1.0. In our case, it's complaining about missing 1.1, not 1.0. We need it to support 3.0.