Page MenuHomeSolus

Missing `perl` dependency for `openssl-11`
Open, HighPublic


The openssl-11 package includes a Perl script for updating the SSL certificates (/usr/bin/c_rehash). This script is required for updating the SSL certificates. This means that SSL can be broken if perl is not installed.

The issue can be reproduced on a clean install of 4.1 with (at least) perl removed. The output below is from a system containing only system.base:

# eopkg up -y
Updating repositories
 [✗] Updating SSL certificates                                           failed

A copy of the command output follows:

/usr/bin/env: ‘perl’: No such file or directory

# eopkg it -y ripgrep # or any other package
Following packages will be installed:
pcre2  ripgrep
Total size of package(s): 1.59 MB
Downloading 1 / 2
Package pcre2 found in repository Solus
Program terminated.
Could not fetch destination file "": [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Please use 'eopkg help' for general help.

Fixing this requires downloading gdbm and perl over HTTP:

# curl -s -o perl.eopkg ""
# curl -s -o gdbm.eopkg ""
# eopkg it gdbm.eopkg perl.eopkg
[✓] Updating SSL certificates                                          success

Event Timeline

silke created this task.Jul 26 2020, 11:36 AM
hashhsah added a subscriber: hashhsah.EditedJul 26 2020, 11:45 AM

alternatively, we could avoid the dependency on perl by replacing the call to c_rehash in ssl.toml (usysconf) by a small bash script.

an example of such replacement could be found at

silke added a comment.EditedJul 26 2020, 12:11 PM

The following script (based on the link by @hashhsah) works as a replacement for c_rehash:

#!/usr/bin/env bash
set -euo pipefail

if [ $# -ne 0 ]

for dir in "${dirs[@]}"
    for file in "${dir}"/*.pem
        ln -sf "${file}" "${dir}/$(openssl x509 -hash -noout -in "${file}")".0

Oh, and in case anyone was wondering what happens if you remove perl. It actually looks pretty safe from a clean install:

$ sudo eopkg rm perl
The following list of packages will be removed
in the respective order to satisfy dependencies:
hexchat sane-backends hplip-drivers net-snmp perl 
Do you want to continue? (yes/no)
ermo assigned this task to JoshStrobl.Jul 26 2020, 1:40 PM
ermo triaged this task as High priority.
ermo edited projects, added Plumbing; removed Lacks Project.
ermo added subscribers: JoshStrobl, ermo.

After discussing this with @silke in #Solus-dev, I'm assigning this to Josh with tentative Priority and Project Tags as he's the one who handles OpenSSL.

@JoshStrobl: Feel free to murder me if this was the wrong thing to do. I set the priority to High because removing perl (for whatever reason) seems fairly dangerous as things are now.