Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ship a private copy of OpenSSL for pre Qt 5.10 applications #391

Closed
claell opened this issue Sep 9, 2019 · 10 comments
Closed

Ship a private copy of OpenSSL for pre Qt 5.10 applications #391

claell opened this issue Sep 9, 2019 · 10 comments

Comments

@claell
Copy link

claell commented Sep 9, 2019

Should fix #209 thought I'd create a separate issue for it in case further discussion is needed.
@probonopd
Copy link
Owner

Thanks @ciaeli. Do you know what they did in 5.10 to make this unnecessary?

probonopd added a commit that referenced this issue Sep 10, 2019
@probonopd
Document to use Qt. 5.10 due to #391
3f30997
@probonopd
Copy link
Owner

Maybe we should add an error message in case someone attempts to bundle an application that requires OpenSSL but is using Qt 5 below 5.10?

@claell
Copy link
Author

claell commented Sep 10, 2019

Do you know what they did in 5.10 to make this unnecessary?

I think I do. The description of #209 says that Qt 5.10 uses OpenSSL 1.1, while older versions probably still rely on version 1.0, which is no longer available on most distributions:

Arch Linux has switched to Qt 5.10, which now depends on OpenSSL 1.1 [1], and now OpenSSL 1.0 is not installed by default. See [2] for packages still depending on version 1.0, but there are not many left.

Maybe we should add an error message

Some hint would be good indeed indicating that one should try to switch to Qt 5.10 or later.

However, there are probably cases where that is not easily possible. So I think there should also be the option to continue building and include a private copy of OpenSSL.

As you said on #209 this should be up to linuxdeployqt, not the person actually using it to build software.
So I'd suggest also adding that functionality of automatically bundling a private copy of OpenSSL to linuxdeployqt, not only an error message.

@probonopd
Copy link
Owner

probonopd commented Sep 12, 2019
edited
Loading

The description of #209 says that Qt 5.10 uses OpenSSL 1.1, while older versions probably still rely on version 1.0, which is no longer available on most distributions

How does that work for distributions that use OpenSSL 1.0?

Thanks @claell for doing the investigations and for proposing this solution. For now we have updated the documentation to recommend a newer version of Qt, which should be sufficient in most cases to address this issue. Please feel free to reopen if you run into a concrete situation where this is not sufficient.

@claell
Copy link
Author

claell commented Sep 13, 2019
edited
Loading

How does that work for distributions that use OpenSSL 1.0?

Good question. I assume there is either a fallback to OpenSSL 1.0 or it won't work for these distributions in that case. But I did not look into this.

which should be sufficient in most cases to address this issue

To address this issue it is probably perfectly sufficient. But there might be other restrictions that keep developers from switching to 5.10. But also here that is just an assumption, I am not developing such applications, but am only a user of one which is affected by this. So maybe @RobertKrajewski and @nurupo can shed some light on this. Both are using older Qt versions and ran into this issue. So is there a reason you did not change to Qt 5.10?

Also ping to @antony-jr @sudden6 @tux3

@nurupo
Copy link

nurupo commented Sep 13, 2019

It's as simple as qTox AppImage being based on Debian Stretch, which packages Qt 5.7.1.

@claell
Copy link
Author

claell commented Sep 13, 2019

Ah ok, did not get it the first time you wrote that.

Is there a reason to use Debian Stretch (like stability or being backwards compatible)? Also would adding Qt 5.10 from a PPA work?

@antony-jr
Copy link

antony-jr commented Sep 13, 2019
edited
Loading

For the most part, shipping the version of OpenSSL that was used to build Qt will fix any problem related to OpenSSL and Qt. And to adjust the LD_LIBRARY_PATH variable because that's what the official documentation says. I think AppRun automatically sets the LD_LIBRARY_PATH ?

So shipping a private copy into the AppImage may not work properly. The OpenSSL version has to be compatible with the Qt version you are bundling. So copying it from the host system is the only choice.

@claell
Copy link
Author

claell commented Sep 13, 2019

So copying it from the host system is the only choice.

Thanks for clarification. So basically the only option how to implement this in linuxdeployqt would be to grab it from the host system when bundling.

However currently that is not planned to be done, at least if there are no projects that need to rely on pre Qt 5.10. So I am currently trying to investigate whether your project is depending on pre Qt 5.10 or could also switch to Qt 5.10 in order to fix this problem.

@probonopd
Copy link
Owner

I'd recommend to compile on Ubuntu xenial with Qt 5.10+ from https://launchpad.net/~beineri.

@probonopd probonopd mentioned this issue Mar 14, 2020
Open
@ragnar-lodbrok ragnar-lodbrok mentioned this issue Nov 14, 2020
Closed
adazem009 added a commit to Open-Typer/Open-Typer that referenced this issue Jul 18, 2022
@adazem009
build: Ubuntu: Remove custom Qt install steps
0af3836 
* we need Qt >= 5.10 for OpenSSL to link properly
* can be removed after Ubuntu 18.04 reaches EOL (will switch to 20.04, which uses Qt 5.12.8)
* see probonopd/linuxdeployqt#391
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nurupo @probonopd @claell @antony-jr