-
Notifications
You must be signed in to change notification settings - Fork 421
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AppImage built with lnuxdeployqt can't get work SSL connection #621
Comments
Thanks for reporting this @app4soft. |
Related OpenSSL issue: @probonopd, is there a way to setup AppImage build to not bundle any connection related libs at all and set AppImage to use all the connection related libs from the system? (not only SSL). I mean, is there a way to exclude Qt 6 networking module from AppImage and set it to use Same way as AppImage already did for the core Linux libs, which are not included, but used from the system. |
I think that would crash badly as soon as the target system has even a slightly different Qt version installed locally than what is in the bundle. |
Here is a solution used in FreeCAD's AppImage: AppRun entry code: ...
# SSL
# https://forum.freecadweb.org/viewtopic.php?f=4&t=34873&start=20#p327416
export SSL_CERT_FILE=$PREFIX/ssl/cacert.pem
# https://github.com/FreeCAD/FreeCAD-AppImage/pull/20
export GIT_SSL_CAINFO=$HERE/usr/ssl/cacert.pem
... I tried it with LeoCAD's AppImages, but it does not solves the issue: $ export SSL_CERT_FILE=$PREFIX/ssl/cacert.pem
$ ~/AppImages/LeoCAD*.AppImage
qt.network.ssl: QSslSocket: cannot resolve EVP_PKEY_base_id
qt.network.ssl: QSslSocket: cannot resolve SSL_get_peer_certificate
qt.network.ssl: QSslSocket: cannot call unresolved function SSL_get_peer_certificate Is it due to If so, how to workaround this solution and make it universal for Qt5/Qt6 apps AppImages? REFERENCE
|
I have the same issue before. I found linuxdeployqt does not bundle ssl plugin for some reason. So I have to add this_dir="\$(readlink -f "\$(dirname "\$0")")"
export XDG_DATA_DIRS="\${this_dir}/usr/share:\${XDG_DATA_DIRS}:/usr/share:/usr/local/share"
export QT_QPA_PLATFORMTHEME=gtk3
unset QT_STYLE_OVERRIDE
# Force set openssl config directory to an invalid directory to fallback to use default openssl config.
# This can avoid some distributions (mainly Fedora) having some strange patches or configurations
# for openssl that make the libssl in Appimage bundle unavailable.
export OPENSSL_CONF="\${this_dir}"
# Find the system certificates location
# https://gitlab.com/probono/platformissues/blob/master/README.md#certificates
possible_locations=(
"/etc/ssl/certs/ca-certificates.crt" # Debian/Ubuntu/Gentoo etc.
"/etc/pki/tls/certs/ca-bundle.crt" # Fedora/RHEL
"/etc/ssl/ca-bundle.pem" # OpenSUSE
"/etc/pki/tls/cacert.pem" # OpenELEC
"/etc/ssl/certs" # SLES10/SLES11, https://golang.org/issue/12139
"/usr/share/ca-certs/.prebuilt-store/" # Clear Linux OS; https://github.com/knapsu/plex-media-player-appimage/issues/17#issuecomment-437710032
"/system/etc/security/cacerts" # Android
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" # CentOS/RHEL 7
"/etc/ssl/cert.pem" # Alpine Linux
)
for location in "\${possible_locations[@]}"; do
if [ -r "\${location}" ]; then
export SSL_CERT_FILE="\${location}"
break
fi
done Full script can be found: https://github.com/c0re100/qBittorrent-Enhanced-Edition/blob/v5_0_x/.github/workflows/build_appimage.sh#L343 |
@abcfy2, Thanks. Could you point me how/where to insert your solution into LeoCAD's YAML? |
@app4soft Try to modify these lines: https://github.com/leozide/leocad/blob/bf3f1d5db8ae0eecf194ac5178a5a12db5d3808b/appveyor.yml#L92-L95 before: - ./linuxdeployqt*.AppImage ./AppDir/usr/share/applications/*.desktop -bundle-non-qt-libs
- ./linuxdeployqt*.AppImage --appimage-extract
- export PATH=$(readlink -f ./squashfs-root/usr/bin/):$PATH
- ./squashfs-root/usr/bin/appimagetool AppDir/ after: - |
cat > AppDir/AppRun <<EOF
#!/bin/bash -e
this_dir="\$(readlink -f "\$(dirname "\$0")")"
export XDG_DATA_DIRS="\${this_dir}/usr/share:\${XDG_DATA_DIRS}:/usr/share:/usr/local/share"
export QT_QPA_PLATFORMTHEME=gtk3
unset QT_STYLE_OVERRIDE
# Find the system certificates location
# https://gitlab.com/probono/platformissues/blob/master/README.md#certificates
possible_locations=(
"/etc/ssl/certs/ca-certificates.crt" # Debian/Ubuntu/Gentoo etc.
"/etc/pki/tls/certs/ca-bundle.crt" # Fedora/RHEL
"/etc/ssl/ca-bundle.pem" # OpenSUSE
"/etc/pki/tls/cacert.pem" # OpenELEC
"/etc/ssl/certs" # SLES10/SLES11, https://golang.org/issue/12139
"/usr/share/ca-certs/.prebuilt-store/" # Clear Linux OS; https://github.com/knapsu/plex-media-player-appimage/issues/17#issuecomment-437710032
"/system/etc/security/cacerts" # Android
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" # CentOS/RHEL 7
"/etc/ssl/cert.pem" # Alpine Linux
)
for location in "\${possible_locations[@]}"; do
if [ -r "\${location}" ]; then
export SSL_CERT_FILE="\${location}"
break
fi
done
exec "\${this_dir}/usr/bin/leocad" "\$@"
EOF
- ./linuxdeployqt*.AppImage ./AppDir/usr/share/applications/*.desktop -appimage -always-overwrite -extra-plugins=tls -no-copy-copyright-files Key points:
|
@abcfy2, Thanks. |
Here are a few missed considerations regarding the LeoCAD correction: On Appveyor, LeoCAD is built on Qt5 - see
The TLS plugin was introduced in Qt 6.2 so using the
It is not necessary to remove the appveyor.yml lines suggested above. Simply copy your AppRun file to AppDir before running linuxdeployqt - it will be preserved. Here is the linuxdeployqt source code that creates the AppRun link - if a file does not already exist: QFile appRun(appDirPath + "/AppRun");
if(appRun.exists()){
qDebug() << "Keeping existing AppRun";
} else {
if (!QFile::link(relativeBinPath, appDirPath + "/AppRun")) {
LogError() << "Could not create AppRun link";
}
} In the end the only modification to the LeoCAD appveyor.yml is to copy your AppRun file to the AppDir folder before calling linuxdeployqt. The - cp tools/setup/AppRun AppDir Be careful about cutting and pasting. Cheers, |
LeoCAD uses
linuxdeployqt
for AppImage builds, but resulted AppImages can't work with SSL:Error output when trying to connect:
How to solve it in YAML?
Note: there was the same issue described for other AppImages built with
linuxdeploy/linuxdeploy
:The text was updated successfully, but these errors were encountered: