azure-cli: `az artifacts universal publish` Ubuntu 22.04 libssl error

Description

We upgraded our docker image to ubuntu 22.04 from 20.04. Now az artifacts universal publish fails due to a No usable version of libssl was found error. If we install the libssl version 1.1.* we end up with another error.

On the Ubuntu 20.04 docker image, all worked great.

Versions

Docker image: ubuntu:22.04
libssl: 3.0.* / 1.1.*
Azure-Devops Extension: 0.25.0
Azure-CLI: 2.36.0

Logs

Error with libssl 1.1.*

The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
 ---> System.TypeInitializationException: The type initializer for 'SslMethods' threw an exception.
 ---> System.TypeInitializationException: The type initializer for 'Ssl' threw an exception.
 ---> System.TypeInitializationException: The type initializer for 'SslInitializer' threw an exception.
 ---> Interop+Crypto+OpenSslCryptographicException: error:0E076071:configuration file routines:module_run:unknown module name
   at Interop.SslInitializer..cctor()
   --- End of inner exception stack trace ---
   at Interop.Ssl..cctor()
   --- End of inner exception stack trace ---
   at Interop.Ssl.SslV2_3Method()
   at Interop.Ssl.SslMethods..cctor()
   --- End of inner exception stack trace ---
   at Interop.OpenSsl.AllocateSslContext(SslProtocols protocols, SafeX509Handle certHandle, SafeEvpPKeyHandle certKeyHandle, EncryptionPolicy policy, SslAuthenticationOptions sslAuthenticationOptions)
   at System.Net.Security.SafeDeleteSslContext..ctor(SafeFreeSslCredentials credential, SslAuthenticationOptions sslAuthenticationOptions)
   at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, ArraySegment`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
   --- End of inner exception stack trace ---
   at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessAuthentication(LazyAsyncResult lazyResult, CancellationToken cancellationToken)
   at System.Net.Security.SslStream.BeginAuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken, AsyncCallback asyncCallback, Object asyncState)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_0(SslClientAuthenticationOptions arg1, CancellationToken arg2, AsyncCallback callback, Object state)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl[TArg1,TArg2](Func`5 beginMethod, Func`2 endFunction, Action`1 endAction, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
   at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
   at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state)
   at System.Net.Security.SslStream.AuthenticateAsClientAsync(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync(HttpRequestMessage message, HttpCompletionOption completionOption, Object userState, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync[T](HttpRequestMessage message, Object userState, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.GetConnectionDataAsync(ConnectOptions connectOptions, Int64 lastChangeId, CancellationToken cancellationToken, Object userState)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.GetConnectionDataAsync(ConnectOptions connectOptions, Int32 lastChangeId, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.ConnectAsync(ConnectOptions connectOptions, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.EnsureConnectedAsync(ConnectOptions optionsNeeded, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.GetInstanceIdAsync(CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.Location.LocationService.GetLocationDataAsync(Guid locationAreaIdentifier, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.VssConnection.GetClientInstanceAsync(Type managedType, Guid serviceIdentifier, CancellationToken cancellationToken, VssHttpRequestSettings settings, DelegatingHandler[] handlers)
   at Microsoft.VisualStudio.Services.WebApi.VssConnection.GetClientServiceImplAsync(Type requestedType, Guid serviceIdentifier, Func`4 getInstanceAsync, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.VssConnection.GetClientAsync[T](CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Content.Common.AsyncHttpRetryHelper`1.InvokeAsync(CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Content.Common.ExceptionExtensions.ReThrow(Exception ex)
   at Microsoft.VisualStudio.Services.Content.Common.AsyncHttpRetryHelper`1.InvokeAsync(CancellationToken cancellationToken)
   at ArtifactTool.DedupManifestArtifactClientProvider.GetDedupManifestArtifactClientAsync(String serviceUrl, String patVar, ILogger commandBaseLogger, IAppTraceSource tracer, String cacheDirectory, Boolean cacheWriteAllowed, CancellationToken cancellationToken) in D:\\a\\1\\s\\src\\ArtifactTool\\Providers\\DedupManifestArtifactClient\\DedupManifestArtifactClientProvider.cs:line 57
   at ArtifactTool.Commands.UPackPublishCommand.ExecuteAsync() in D:\\a\\1\\s\\src\\ArtifactTool\\Commands\\UPack\\UPackPublishCommand.cs:line 51
   at ArtifactTool.Commands.CommandBase.OnExecuteAsync() in D:\\a\\1\\s\\src\\ArtifactTool\\Commands\\CommandBase.cs:line 105
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.InvokeAsync(MethodInfo method, Object instance, Object[] arguments) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\Conventions\\ExecuteMethodConvention.cs:line 77
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.OnExecute(ConventionContext context) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\Conventions\\ExecuteMethodConvention.cs:line 62
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.<>c__DisplayClass0_0.<<Apply>b__0>d.MoveNext() in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\Conventions\\ExecuteMethodConvention.cs:line 25
--- End of stack trace from previous location where exception was thrown ---
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.<>c__DisplayClass126_0.<OnExecute>b__0() in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\CommandLineApplication.cs:line 505
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.Execute(String[] args) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\CommandLineApplication.cs:line 611
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.Execute[TApp](CommandLineContext context) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\CommandLineApplication.Execute.cs:line 57
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](CommandLineContext context) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\CommandLineApplication.Execute.cs:line 145
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](IConsole console, String[] args) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\CommandLineApplication.Execute.cs:line 130
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](String[] args) in C:\\projects\\commandlineutils\\src\\CommandLineUtils\\CommandLineApplication.Execute.cs:line 112

Error with libssl 3.0.*

WARNING: Failed to parse structured output from Universal Packages tooling (ArtifactTool)\nWARNING: Exception: Expecting value: line 1 column 1 (char 0)\nWARNING: Log line: No usable version of libssl was found\nWARNING: Failed to parse structured output from Universal Packages tooling (ArtifactTool)\nWARNING: Exception: Expecting value: line 1 column 1 (char 0)\nWARNING: Log line: qemu: uncaught target signal 6 (Aborted) - core dumped

Az extension versions

[
  {
    "experimental": false,
    "extensionType": "whl",
    "name": "azure-devops",
    "path": "/root/.azure/cliextensions/azure-devops",
    "preview": false,
    "version": "0.25.0"
  },
  {
    "experimental": false,
    "extensionType": "whl",
    "name": "azure-iot",
    "path": "/root/.azure/cliextensions/azure-iot",
    "preview": false,
    "version": "0.14.0"
  },
  {
    "experimental": false,
    "extensionType": "whl",
    "name": "ml",
    "path": "/root/.azure/cliextensions/ml",
    "preview": true,
    "version": "2.3.1"
  }
]

Azure cli version

azure-cli                         2.36.0
core                              2.36.0
telemetry                          1.0.6

Extensions:
azure-devops                      0.25.0
azure-iot                         0.14.0
ml                                 2.3.1

Dependencies:
msal                              1.17.0
azure-mgmt-resource               20.0.0

Python location '/opt/miniconda/bin/python'
Extensions directory '/root/.azure/cliextensions'

Python (Linux) 3.8.11 (default, Aug  3 2021, 15:09:35)
[GCC 7.5.0]

Legal docs and information: aka.ms/AzureCliLegal


Your CLI is up-to-date.

OS version

cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04 (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

Update: Manual reproduction

docker run -it ubuntu:22.04
# inside docker
apt update && apt install curl
curl -sL https://aka.ms/InstallAzureCLIDeb | bash
export DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
az login
mkdir test && cd test && echo "hello world" >> world.txt
az artifacts universal publish --organization <organization> --project="<project>" --scope project --feed <feed> --name my-first-package --version 0.0.1 --description "Welcome to Universal Packages" --path .

About this issue

Original URL
State: closed
Created 2 years ago
Reactions: 18
Comments: 52 (1 by maintainers)

Most upvoted comments

This is also broken on the latest container 2.46.0.

You must understand that this is a major issue and it is not fixed after almost a year. We are considering moving to an alternative artifact platform capable of storing the build and universal artifacts so that developers and testers may download them without hitting this problem.

I’d like to ask you MS Devs to please fix it, with as much urgency as possible.

+19

inversus on Mar 7, 2023

Hey guys,

Did a quick investigation, and this is issues within the ArtifactTool.exe .NET application that is downloaded while running az artifacts universal download or az artifacts universal publish. Tldr this app uses EOL version of .NET (Core 3.1), which is no longer supported. Additionally,

Unfortunately as this is Microsoft closed-source tool, instead of relying on Github team to fix it here, this needs to be raised on Developer Community. There is a slight chance that updating that tool to latest supported LTS version of .NET may resolve this issue - there is ticket open for it already. I think the best approach would be to make some noise there, so perhaps someone from development team of that tool would spend some effort to make it working with current Linux stack.

I already noticed that Microsoft has a pretty nasty tendency there to close tickets related to this tool with “not enough information” or “workaround provided. install libssl 1.x”, so keep in mind that we really need to escalate it properly.

Azkel on Apr 26, 2023

I am having exactly the same issue as well

wvmcastro on May 4, 2022

Is there a timeline when /if the feature is planned?

dhildesheim on Feb 8, 2023

Yes let’s please close this issue as it’s been solved. Thanks.

kysucix on Aug 7, 2023

It looks like latest azure-cli doesn’t need the workaround anymore.

Can someone else confirm as well?

kysucix on Jun 1, 2023

any updates??

rodrigovb96 on Jan 23, 2023

Thanks @Azkel ! Great investigation! Thank you also for the last advice 😉

emibcn on Apr 26, 2023

Any chance this will get fixed? Looks a bit weird that such a mainstream distro is not supported, even more than one year after its release.

@yonzhan / @SatishBoddu-MSFT this ticket got moved around a few times but has never actually been worked on, right? can you please reconsider it?

lorenzo-biava on Apr 14, 2023

Put this into your .bashrc. It works in some, but not all cases, you will have to try…

function az () {
    docker run -it -u $UID:$GID --entrypoint="" -v "$(pwd)":/build --workdir="/build" -v "${HOME}"/.azure:/.azure:rw -v "${HOME}"/.azure-devops:/.azure-devops:rw mcr.microsoft.com/azure-cli az "$@"
}
export -f az

PS 14.04.2023: The docker image is broken, too. It is already for a few weeks. Don’t bother with this solution

dhildesheim on Apr 14, 2023

I agree, it’s a pain to maintain the workaround suggested above.

laurioma on Jan 16, 2023

Please fix this m$…

jaapcrezee on May 19, 2023

May 2023, commenting for exposure.

Experiencing the same issue, would love a better solution than using an outdated vulnerable ssl library.

HI dear Microsoft, can you please fix this issue?

The libssl version changed the new working commands are: wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb && sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb && rm libssl1.1_1.1.1f-1ubuntu2_amd64.deb

sed -i 's/openssl_conf = openssl_init/#openssl_conf = openssl_init/g' /etc/ssl/openssl.cnf

This fix worked for me.

adrian-patt on May 18, 2023

HI dear Microsoft, can you please fix this issue?

The libssl version changed the new working commands are: wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb && sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb && rm libssl1.1_1.1.1f-1ubuntu2_amd64.deb

sudo sed -i 's/openssl_conf = openssl_init/#openssl_conf = openssl_init/g' /etc/ssl/openssl.cnf

zioalex on May 25, 2023

Yes, we need support for OpenSSL 3.0.

zmfdan on Jan 16, 2023

@SatishBoddu-MSFT @yonzhan Is any update on this?

Looks like updating az cli .NET core to latest 2.1 version should work: https://dev.to/n3wt0n/no-usable-version-of-the-libssl-was-found-solved-2ffa

The post you linked talks about missing 1.0. In our case, it’s complaining about missing 1.1, not 1.0. We need it to support 3.0.

gravufo on Jan 3, 2023

Hello @bweben We are routing this to Service Teams Attention for further action!

SatishBoddu-MSFT on May 2, 2022