Your message dated Tue, 23 Jun 2026 14:35:47 +0000
with message-id <[email protected]>
and subject line Bug#1139227: fixed in ceph 20.2.2+ds-2
has caused the Debian Bug report #1139227,
regarding ceph: FTBFS with openssl 4.0
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1139227: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139227
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ceph
Version: 18.2.8+ds-1
Severity: normal
Tags: sid patch
control: affects -1 src:openssl
User: [email protected]
Usertags: openssl-4.0
OpenSSL 4.0 is in experimental. This package fails to build against it:
| CMake Error at src/pybind/CMakeLists.txt:74 (message):
| Python and Ceph link to different OpenSSL versions: 3.6.0
|
| vs 4.0.0
|
|
| -- Configuring incomplete, errors occurred!
Full buildlog
https://breakpoint.cc/openssl-rebuild/logs-4/attempted/ceph_18.2.8+ds-1_amd64-2026-04-19T10:26:57Z
This because the major version is different between python and system.
If we ignore this one, then it complains about the usage engine.
And if we ignore this one, then it complains about the openssl usage in boost:
| [ 57%] Building CXX object
src/librbd/CMakeFiles/rbd_internal.dir/migration/HttpClient.cc.o
| cd /build/reproducible-path/ceph-18.2.8+ds/obj-x86_64-linux-gnu/src/librbd &&
/usr/bin/c++ -DBOOST_ASIO_DISABLE_THREAD_KEYWORD_EXTENSION
-DBOOST_ASIO_USE_TS_EXECUTOR_AS_DEFAULT -DBOOST_ATOMI C_DYN_LINK
-DBOOST_ATOMIC_NO_LIB -DBOOST_DATE_TIME_DYN_LINK -DBOOST_DATE_TIME_NO_LIB
-DBOOST_IOSTREAMS_DYN_LINK -DBOOST_IOSTREAMS_NO_LIB
-DBOOST_PROGRAM_OPTIONS_DYN_LINK -DBOOST_PROGRAM_OPTI ONS_NO_LIB
-DBOOST_RANDOM_DYN_LINK -DBOOST_RANDOM_NO_LIB -DBOOST_SYSTEM_DYN_LINK
-DBOOST_SYSTEM_NO_LIB -DBOOST_THREAD_DYN_LINK -DBOOST_THREAD_NO_LIB
-DHAVE_CONFIG_H -D_FILE_OFFSET_BITS=64 -D _FORTIFY_SOURCE=2 -D_GNU_SOURCE
-D_REENTRANT -D_THREAD_SAFE -D__CEPH__ -D__STDC_FORMAT_MACROS -D__linux__
-I/build/reproducible-path/ceph-18.2.8+ds/obj-x86_64-linux-gnu/src/include
-I/build/ reproducible-path/ceph-18.2.8+ds/src -isystem
/build/reproducible-path/ceph-18.2.8+ds/obj-x86_64-linux-gnu/include -isystem
/build/reproducible-path/ceph-18.2.8+ds/src/xxHash -g -O2 -ffile-p
refix-map=/build/reproducible-path/ceph-18.2.8+ds=. -fstack-protector-strong
-fstack-clash-protection -Wformat -Werror=format-security -fcf-protection
-DFMT_DEPRECATED_OSTREAM -fpermissive - Wdate-time -D_FORTIFY_SOURCE=2 -g -O2
-ffile-prefix-map=/build/reproducible-path/ceph-18.2.8+ds=.
-fstack-protector-strong -fstack-clash-protection -Wformat
-Werror=format-security -fcf-prot ection -DFMT_DEPRECATED_OSTREAM -fpermissive
-std=c++20 -fPIC -U_FORTIFY_SOURCE -fno-builtin-malloc -fno-builtin-calloc
-fno-builtin-realloc -fno-builtin-free -Wall -fno-strict-aliasing -f
signed-char -Wtype-limits -Wignored-qualifiers -Wpointer-arith
-Werror=format-security -Winit-self -Wno-unknown-pragmas -Wnon-virtual-dtor
-Wno-ignored-qualifiers -ftemplate-depth-1024 -Wpes simizing-move
-Wredundant-move -Wstrict-null-sentinel -Woverloaded-virtual
-fstack-protector-strong -fdiagnostics-color=auto -MD -MT
src/librbd/CMakeFiles/rbd_internal.dir/migration/HttpClie nt.cc.o -MF
CMakeFiles/rbd_internal.dir/migration/HttpClient.cc.o.d -o
CMakeFiles/rbd_internal.dir/migration/HttpClient.cc.o -c
/build/reproducible-path/ceph-18.2.8+ds/src/librbd/migration/H ttpClient.cc
| In file included from
/build/reproducible-path/ceph-18.2.8+ds/src/common/dout.h:29,
| from
/build/reproducible-path/ceph-18.2.8+ds/src/librbd/migration/HttpClient.cc:5:
| /build/reproducible-path/ceph-18.2.8+ds/src/common/ceph_context.h: In member
function ‘void ceph::common::CephContext::set_mon_addrs(const
std::vector<entity_addrvec_t>&)’:
| /build/reproducible-path/ceph-18.2.8+ds/src/common/ceph_context.h:285:26:
warning: ‘void std::atomic_store_explicit(shared_ptr<_Tp>*, shared_ptr<_Tp>,
memory_order) [with _Tp = vector<entity _addrvec_t>]’ is deprecated: use
'std::atomic<std::shared_ptr<T>>' instead [-Wdeprecated-declarations]
| 285 | atomic_store_explicit(&_mon_addrs, std::move(ptr),
std::memory_order_relaxed);
| |
~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| In file included from /usr/include/c++/15/memory:83,
| from
/build/reproducible-path/ceph-18.2.8+ds/src/include/rados/buffer.h:44,
| from
/build/reproducible-path/ceph-18.2.8+ds/src/include/rados/rados_types.hpp:10,
| from
/build/reproducible-path/ceph-18.2.8+ds/src/librbd/io/Types.h:8,
| from
/build/reproducible-path/ceph-18.2.8+ds/src/librbd/migration/HttpClient.h:9,
| from
/build/reproducible-path/ceph-18.2.8+ds/src/librbd/migration/HttpClient.cc:4:
| /usr/include/c++/15/bits/shared_ptr_atomic.h:173:5: note: declared here
| 173 | atomic_store_explicit(shared_ptr<_Tp>* __p, shared_ptr<_Tp> __r,
| | ^~~~~~~~~~~~~~~~~~~~~
| /build/reproducible-path/ceph-18.2.8+ds/src/common/ceph_context.h: In member
function ‘std::shared_ptr<std::vector<entity_addrvec_t> >
ceph::common::CephContext::get_mon_addrs() const’:
| /build/reproducible-path/ceph-18.2.8+ds/src/common/ceph_context.h:288:36:
warning: ‘std::shared_ptr<_Tp> std::atomic_load_explicit(const
shared_ptr<_Tp>*, memory_order) [with _Tp = vector<en tity_addrvec_t>]’ is
deprecated: use 'std::atomic<std::shared_ptr<T>>' instead
[-Wdeprecated-declarations]
| 288 | auto ptr = atomic_load_explicit(&_mon_addrs,
std::memory_order_relaxed);
| |
~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| /usr/include/c++/15/bits/shared_ptr_atomic.h:133:5: note: declared here
| 133 | atomic_load_explicit(const shared_ptr<_Tp>* __p, memory_order)
| | ^~~~~~~~~~~~~~~~~~~~
| In file included from /usr/include/boost/asio/ssl/rfc2818_verification.hpp:95,
| from /usr/include/boost/asio/ssl.hpp:21,
| from
/build/reproducible-path/ceph-18.2.8+ds/src/librbd/migration/HttpClient.cc:18:
| /usr/include/boost/asio/ssl/impl/rfc2818_verification.ipp: In member function
‘bool boost::asio::ssl::rfc2818_verification::operator()(bool,
boost::asio::ssl::verify_context&) const’:
| /usr/include/boost/asio/ssl/impl/rfc2818_verification.ipp:66:17: error:
invalid use of incomplete type ‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
| 66 | if (domain->type == V_ASN1_IA5STRING && domain->data &&
domain->length)
| | ^~
| In file included from /usr/include/openssl/crypto.h:38,
| from /usr/include/openssl/bio.h:32,
| from /usr/include/openssl/conf.h:26,
| from /usr/include/boost/asio/ssl/detail/openssl_types.hpp:23,
| from /usr/include/boost/asio/ssl/context_base.hpp:19,
| from /usr/include/boost/asio/ssl/context.hpp:23,
| from
/build/reproducible-path/ceph-18.2.8+ds/src/librbd/migration/HttpClient.h:15:
| /usr/include/openssl/types.h:57:16: note: forward declaration of
‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
| 57 | typedef struct asn1_string_st ASN1_INTEGER;
| | ^~~~~~~~~~~~~~
| /usr/include/boost/asio/ssl/impl/rfc2818_verification.ipp:66:53: error:
invalid use of incomplete type ‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
| 66 | if (domain->type == V_ASN1_IA5STRING && domain->data &&
domain->length)
| | ^~
| /usr/include/openssl/types.h:57:16: note: forward declaration of
‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
| 57 | typedef struct asn1_string_st ASN1_INTEGER;
| | ^~~~~~~~~~~~~~
| /usr/include/boost/asio/ssl/impl/rfc2818_verification.ipp:66:69: error:
invalid use of incomplete type ‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
| /usr/include/boost/asio/ssl/impl/rfc2818_verification.ipp:66:69: error:
invalid use of incomplete type ‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
| 66 | if (domain->type == V_ASN1_IA5STRING && domain->data &&
domain->length)
| | ^~
| /usr/include/openssl/types.h:57:16: note: forward declaration of
‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
| 57 | typedef struct asn1_string_st ASN1_INTEGER;
| | ^~~~~~~~~~~~~~
| /usr/include/boost/asio/ssl/impl/rfc2818_verification.ipp:68:67: error:
invalid use of incomplete type ‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
| 68 | const char* pattern = reinterpret_cast<const
char*>(domain->data);
| | ^~
| /usr/include/openssl/types.h:57:16: note: forward declaration of
‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
| 57 | typedef struct asn1_string_st ASN1_INTEGER;
| | ^~~~~~~~~~~~~~
| /usr/include/boost/asio/ssl/impl/rfc2818_verification.ipp:69:44: error:
invalid use of incomplete type ‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
| 69 | std::size_t pattern_length = domain->length;
| | ^~
…
| make[4]: *** [src/librbd/CMakeFiles/rbd_internal.dir/build.make:1706:
src/librbd/CMakeFiles/rbd_internal.dir/migration/HttpClient.cc.o] Error 1
I am attaching a patch against the engine usage and am going fill a bug
against boost and hope this is it…
Looking at (boost) upstream repository, this file
(rfc2818_verification.ipp) is gone as of commit 995eeab56906a ("Remove
deprecated class ssl::rfc2818_verification.") which is part of
boost-1.87.0.beta1.
Sebastian
From: Sebastian Andrzej Siewior <[email protected]>
Date: Sun, 7 Jun 2026 12:14:02 +0200
Subject: [PATCH] Skip engines usage on OpenSSL 4.0+
The concept/ usage of engines has been removed from OpenSSL 4.0. A
replacement technology are "providers".
Don't use ENGINE_load_builtin_engines() on OpenSSL 4.0.
Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
---
src/common/openssl_opts_handler.cc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/common/openssl_opts_handler.cc b/src/common/openssl_opts_handler.cc
index 81d0c478651a..2191d4bba1f5 100644
--- a/src/common/openssl_opts_handler.cc
+++ b/src/common/openssl_opts_handler.cc
@@ -118,7 +118,9 @@ void load_module(const string &engine_conf)
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+#if OPENSSL_VERSION_MAJOR < 4
ENGINE_load_builtin_engines();
+#endif
#pragma clang diagnostic pop
#pragma GCC diagnostic pop
@@ -131,12 +133,14 @@ void load_module(const string &engine_conf)
void init_engine()
{
+#if OPENSSL_VERSION_MAJOR < 4
string opts = g_ceph_context->_conf->openssl_engine_opts;
if (opts.empty()) {
return;
}
string engine_conf = construct_engine_conf(opts);
load_module(engine_conf);
+#endif
}
void ceph::crypto::init_openssl_engine_once()
--
2.53.0
--- End Message ---
--- Begin Message ---
Source: ceph
Source-Version: 20.2.2+ds-2
Done: Thomas Goirand <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ceph, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated ceph package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 23 Jun 2026 09:21:52 +0200
Source: ceph
Architecture: source
Version: 20.2.2+ds-2
Distribution: experimental
Urgency: medium
Maintainer: Ceph Packaging Team <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 1092838 1139227
Changes:
ceph (20.2.2+ds-2) experimental; urgency=medium
.
* Make it work with -DWITH_SYSTEM_BOOST=ON.
* Also set -DWITH_SYSTEM_ARROW=ON.
* Also set:
- -DWITH_SYSTEM_ZSTD=ON
- -DWITH_SYSTEM_JERASURE=ON
- -DWITH_SYSTEM_QATLIB=ON
- -DWITH_SYSTEM_QATZIP=ON
* Set -DWITH_UADK=OFF to avoid download at build time on ARM.
* Add 0039-fix-MarkupSafe-cephadm-pinning.patch.
* Run cephadm unittests before build.
* Add 0040-fix-mock-import.patch.
* d/copyright: added full text of APSL as per suggestion from DFSG team.
* Add 0041-accept-any-openssl-version.patch (Closes: #1139227).
* Checked: this version builds properly with libfmt 11.1 (Closes: #1092838).
Checksums-Sha1:
20a4da57090f00f35cd9ef39a36c9176d9216703 8909 ceph_20.2.2+ds-2.dsc
da7f9208a920ed3d269721e441e1ca96de78a316 144164 ceph_20.2.2+ds-2.debian.tar.xz
abc294e118eddd9dfef05056129f42121f93940f 48209 ceph_20.2.2+ds-2_amd64.buildinfo
Checksums-Sha256:
7704bee93d6c605a5b2bdf5e33439fdb30df9dd8b33dddeaf7654efc33dff829 8909
ceph_20.2.2+ds-2.dsc
61e1e3a710939ec512de4204baaaec0ce71b5bc11868b59fe33035e33a5656dd 144164
ceph_20.2.2+ds-2.debian.tar.xz
8987739ba764c04ea8ec3f23348303d74da32c4bd93956f9cfc1dec702a51224 48209
ceph_20.2.2+ds-2_amd64.buildinfo
Files:
8a9f65efa538e1a66d8df93b0346c1b9 8909 admin optional ceph_20.2.2+ds-2.dsc
cad58bba6b17ba2299f6c93155ea4278 144164 admin optional
ceph_20.2.2+ds-2.debian.tar.xz
dcc11ea62e2e4e1b4e54e8adc537019d 48209 admin optional
ceph_20.2.2+ds-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmo6kvYACgkQ1BatFaxr
Q/6P5Q/+LBYI/zpnGo6eO39dlyRQKkSVS/Qvd7tsrcfqc5nTFjKAFwYkehZ+yqPh
SUEU3DHGuXHW266tbKzYXOHTIIwbCZ4YXr9g9sZqe0p/1hTA4DlvOqPU2ohWkOVw
iXb/0Ip54Znka//up4qhN0HLfepitsdhA568CMt7Yw4AUq8TOMQ2hPtPDjjVO4tt
BIf+6mAFyUQZw8GnsgmH2EBG/H8bvOyAY6Gk5fwubpTYowNvFwSEdJl+SElcOsO/
vO2Gsq2LGBS3Q73R6tr5laCt8Hs4qiTrq0ptBnHGcb+5ivLymYXpyQ3xrNZpXEtd
uD6klZlQy7Nlvpqma2IK+3BboBZV87mEJM6iZMRwUE77DqstRt+JHyqwS6h5WRFE
bk/Rlkv2sl1SRfvtLigU/g21L6ajoTKp44mpZ9EiJbPAaFXZnFQmCtTJR/msb94J
2F10x6YLwGB4A6oSYHeVgegAIc4hA0k9Heua8t2W5nGcOLHnTIdSrMirQf/sGf18
QjZj3ns4bmpGIQHTTzlQKgqLpODVnRgCBC3aNxmTjOcXQv16Nq2CyJPMaNCU9460
YZd6AJlcsWdkM8OgVr2MwZzvYmM3FVRHPo9z0VWrGniEowfLoj7F2kEQ7d0lXLDH
9Bt47xYstgBK0Nd24SdbMOYzc0a7QqrZth62mERz1DwvRdZEXLE=
=nO1j
-----END PGP SIGNATURE-----
pgpF3JMTDXrSW.pgp
Description: PGP signature
--- End Message ---
