linuxdeployqt icon indicating copy to clipboard operation
linuxdeployqt copied to clipboard

Published 20 hours ago verified publisher icon probonopd

Is it possible to bundle openssl to my package

Open TianTXie opened this issue 4 years ago • 5 comments

I have a qt application which is required to support multiple linux platforms. One of them has openssl1.1.1 installed by default, the others are openssl1.0.2. I currently use Qt5.12.1 to build my application with openssl1.0.2. If I run my application on the platform that has openssl1.1.1 installed, it'll prompt the error: TLS initialization failed. So I want to bundle openssl1.0.* in my package so that the application always search for the openssl inside the package. Is it possible to use linuxdeployqt to do that?

Thanks

TianTXie avatar Mar 11 '20 22:03 TianTXie

Welcome @TianTXie.

The OpenSSL issue is indeed very annoying. We have not found a good solution for it so far.

Some distributions come with 1.0, other distributions come with 1.1. The problem is that OpenSSL 1.1 cannot run applications that need OpenSSL 1.0.

Theoretically we could ship a private copy of OpenSSL but that would create its own set of issues: https://github.com/probonopd/linuxdeployqt/issues/209#issuecomment-504765970. We would have to ship not only the OpenSSL library but also find a good way to make sure that it can find the certificates, which different Linux distributions seem to put in different places for no good reason. One way would be to also ship the certificates inside the AppImage, but then they will not get updated by the operating system, which may not be desirable.

Which version of Qt are you using? I have heard that using Qt 5.10 or later seems to contain some workaround. Can you give it a try please?

References:

  • https://github.com/openssl/openssl/issues/7481
  • https://github.com/Qv2ray/Qv2ray/issues/65
  • https://github.com/probonopd/linuxdeployqt/issues/391

probonopd avatar Mar 14 '20 09:03 probonopd

The easiest way may be to inform the user to install OpenSSL 1.0?

probonopd avatar Mar 14 '20 09:03 probonopd

Hi, I have the same problem.

Binary is compiled on Ubuntu Xenial (VM from osboxes.org). Qt is 5.14 from https://launchpad.net/~beineri. So, it's per #391. It doesn't work with modern Qt versions (maybe it works only with Qt 5.10).

The easiest way may be to inform the user to install OpenSSL 1.0?

For example, I have a user with a recent Linux Mint. It looks like he will need to build it from sources. It's not what is expected as a simple installation procedure.

As there is no easy way to bundle this inside package (due to dependence on certificate files in different places), I plan to build my app on top of Ubuntu 18.04 LTS. If I will have users that require old glibc (from Ubuntu 16.04) most probably they will use old openssl. So, looks like 2 packages should be built for this case:

  • Default: openssl 1.1.x, glibc 2.27+ (builds on Ubuntu 18.04)
  • Legacy Linux: openssl 1.0.x, glibc 2.23+ (builds on Ubuntu 16.04)

stepin avatar Jun 25 '20 08:06 stepin

Making 2 AppImages is a valid option, although not exactly beautiful.

probonopd avatar Jul 30 '20 11:07 probonopd

FYI: I tried to get some information from Qt in this bug report but I'm not sure what to make of it: https://bugreports.qt.io/browse/QTBUG-115146

julianoes avatar Jul 17 '23 05:07 julianoes