iotedge won't install on Debian9 because of libssl

[spaderkung]

I made a Debian 9 automatically from our Azure portal. Followed the official guide to install curl, moby and so on: https://docs.microsoft.com/en-us/azure/iot-edge/how-to-install-iot-edge-linux

But when it comes here it fails and says iotedge depends on libssl1.0.0. But Debian9 has libssl1.0.2 and it does not seem to be downgradable: sudo apt-get install iotedge

Hmm, I see it's the same as #130. But there are only workarounds presented on that. Meaning anything and everything may fail unexpectedly when using iotedge after that. Isnt't there an easy fix just to say iotedgeshould use libssl 1.0.2?

[arsing]

For 1.0.8 the packages were built only once, so all the Debian family of distros have to use the same package, and this package depends on libssl1.0.0. If you build the package yourself from source on a Debian 9 host, then it should end up depending on libssl1.0.2 as you require.

The packaging was revamped in 1.0.9 to fix this issue by building multiple different packages. That's why https://github.com/Azure/azure-iotedge/releases/tag/1.0.9-rc1-2 has _debian9_ packages, and these are marked to depend on libssl1.1. I'm not sure if we'll be releasing these packages via the packages.microsoft.com repo (since none of the Debians are tier 1), but you will be able to get them from that GitHub page if you don't want to build them yourself.

[arsing]

To avoid confusion, I should clarify that my previous comment is about amd64 packages specifically.

For 1.0.8 the packages were built only once, so all the Debian family of distros have to use the same package, and this package depends on libssl1.0.0.

This is true of the amd64 packages. The Debian 9 armhf package for 1.0.8 does depend on libssl1.0.2, for Raspbian 9's sake. And in 1.0.9 it will depend on libssl1.1 instead.

I'm not sure if we'll be releasing these packages via the packages.microsoft.com repo (since none of the Debians are tier 1), but you will be able to get them from that GitHub page if you don't want to build them yourself.

Again, this is referring to the Debian 9 amd64 package. Debian 9 armhf packages will be published to packages.microsoft.com as they are today, for Raspbian 9's sake.

[cima]

is there going to be any update on Debian amd64 releases? I have tried today and slipped into hacking of package repositories and one by one package installing. Either narrow set of supported linux versions or release iotedge for amd64 architecture with modern dependencies via packages.microsoft.com. Namely libssl1.1.

My journey

• Based on Azure IoT Edge supported systems I have installed libssl1.0.2 from Debian 9 amd64 (Stretch) which went fine.
• I have also added source to Microsoft packeges for Ubuntu 18.04 and install libiothsm-std package.
• Then I have moved on to installing iotedge package which failed with the very same complaint as in @lokijota case in https://github.com/MicrosoftDocs/azure-docs/issues/43196#issuecomment-652311506

I suspect that iotedge from Microsoft's Ubuntu 18.04 repository does reference libssl1.0.0 version 1.0.2~beta3 which is a name of the package and thus differ from avilable library libssl1.0.2 version 1.0.2u-1~deb9u1 or even libssl1.1 any version.

Installing libssl1.0.0 from Debian 8 (Jessie) is really not a clean solution. Moreover from Jessie's official repo there is a version 1.0.1t-1+deb8u12 while iotedge explicitly references . It is a dependency hell that must be resolved by releasing iotedge with modern dependencies.

[arsing]

This comment explains how to get the libssl1.1-linking package for Debian 9 amd64.

[cima]

This comment explains how to get the libssl1.1-linking package for Debian 9 amd64.

Many thnaks @arsing that is actually how I have managed the IoT edge working for now. However finding the debian package at Github release page is not common practice for Linux adminstration and it is not mentioned in the documentation of IoT edge. For better adoption by users I suggest to either release packages to packages.microsoft.com regularly or to put some disclaimers to documentation so Debian adopters go straight to Github release page and use dpkg command.

[arsing]

We only put packages for supported distros on packages.microsoft.com, which is not the case for any of the Debians. (This might change in 1.1 )