Virtual-environments: [macOS] Default OpenSSL will be switched to 1.1.1 and OpenSSL 1.0.2 will be removed on December, 14

Created on 18 Nov 2020 · 4Comments · Source: actions/virtual-environments

Breaking changes
We will switch default OpenSSL to 1.1.1 and will remove OpenSSL 1.0.2 from all macOS images.

Target date
Image deployment will start on December, 14 and will take 2-3 days.

The motivation for the changes
All versions under 1.1.1 have reached EOL and now out of support and should not be used.

Possible impact
If your library/project is not compatible with OpenSSL 1.1.1 and you build them based on default OpenSSL version - your workflow will be broken.

Virtual environments affected

[ ] Ubuntu 16.04
[ ] Ubuntu 18.04
[ ] Ubuntu 20.04
[x] macOS 10.13
[x] macOS 10.14
[x] macOS 10.15
[x] macOS 11.0
[ ] Windows Server 2016 R2
[ ] Windows Server 2019

Mitigation ways
The following code will install and set OpenSSL 1.0.2 as a default one in runtime:

brew tap-new --no-git local/openssl
FORMULA_PATH=$(brew extract openssl local/openssl | grep "Homebrew/Library/Taps")
brew install $FORMULA_PATH

# Set OpenSSL 1.0.2t as default
ln -sf /usr/local/Cellar/[email protected] /usr/local/Cellar/openssl
ln -sf /usr/local/Cellar/openssl/1.0.2t/bin/openssl /usr/local/bin/openssl
rm /usr/local/opt/openssl
ln -sf ../Cellar/openssl/1.0.2t /usr/local/opt/openssl

Announcement macOS

Source

AlenaSviridenko

Most helpful comment

Ideally this would be the suggested mitigation:

brew tap-new --no-git local/openssl
FORMULA_PATH=$(brew extract openssl local/openssl | grep "Homebrew/Library/Taps")
brew install $FORMULA_PATH

Otherwise, anything trying to build against OpenSSL 1.1 using Homebrew's locations will silently build against OpenSSL 1.0.2 instead and:

All older versions (including 1.1.0, 1.0.2, 1.0.0 and 0.9.8) are now out of support and should not be used.

https://www.openssl.org/source/

With the above mitigation this can still be done manually by referencing e.g. /usr/local/opt/[email protected]/bin instead of /usr/local/opt/openssl/bin

Thanks (from the Homebrew project leader and GitHub employee)!

MikeMcQuaid on 18 Nov 2020

👍4

All 4 comments

Ideally this would be the suggested mitigation:

brew tap-new --no-git local/openssl
FORMULA_PATH=$(brew extract openssl local/openssl | grep "Homebrew/Library/Taps")
brew install $FORMULA_PATH

Otherwise, anything trying to build against OpenSSL 1.1 using Homebrew's locations will silently build against OpenSSL 1.0.2 instead and:

All older versions (including 1.1.0, 1.0.2, 1.0.0 and 0.9.8) are now out of support and should not be used.

https://www.openssl.org/source/

With the above mitigation this can still be done manually by referencing e.g. /usr/local/opt/[email protected]/bin instead of /usr/local/opt/openssl/bin

Thanks (from the Homebrew project leader and GitHub employee)!

MikeMcQuaid on 18 Nov 2020

👍4

The new set of images has been deployed!

miketimofeev on 18 Dec 2020

🎉1

I have an issue since the 14th December on my dotnet unit test workflow running on MacOS :
The active test run was aborted. Reason: Test host process crashed : No usable version of libssl was found
This occurs on netcoreapp3.1 with SDK 3.1.404.

Current runner version: '2.275.1'
Operating System
  Mac OS X
  10.15.7
  19H15
Virtual Environment
  Environment: macos-10.15
  Version: 20201212.1

Is it related to this issue ? I assume dotnet is using OpenSsl 1.1.1.
@AlenaSviridenko ?

ycrumeyrolle on 22 Dec 2020

Hi @ycrumeyrolle,
this seems to be the issue with netcore, please, create issue in corresponding repository https://github.com/dotnet/core/issues and team will investigate it.
Meanwhile, could you please try the mitigation way provided in the comment above https://github.com/actions/virtual-environments/issues/2089#issuecomment-729756890 and see if it helps?

AlenaSviridenko on 23 Dec 2020

👍1

Was this page helpful?

0 / 5 - 0 ratings