1

I would like to install OpenSSL 1.1.1a on a Debian stable server, which currently has OpenSSL 1.1.0j installed. So, I created the necessary files according to this answer in the /etc/apt/preferences.d folder: stable.pref and testing.pref. After that I added stable.list and testing.list to the /etc/apt/sources.list.d folder.

Now, when I try to install the newer OpenSSL with sudo apt install openssl/testing, it complains that is needs the newer version of libssl, which consequently need the newer version of libc6. apt prints the following message, which does not seems right:

eloy@cyber:~$ sudo apt install libc6/testing
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Selected version '2.28-2' (Debian:testing [amd64]) for 'libc6'
Selected version '2.0.5-1' (Debian:testing [amd64]) for 'libidn2-0' because of 'libc6'
The following packages were automatically installed and are no longer required:
  libpython3.5 linux-libc-dev python-all
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
  libidn2-0 libunistring2
Suggested packages:
  glibc-doc locales
The following packages will be REMOVED:
  build-essential cgmanager g++ g++-6 libc-bin libc-dev-bin libc6-dev libcgmanager0 libexpat1-dev libnih-dbus1 libnih1 libpython-all-dev libpython-dev libpython2.7-dev libpython3-dev
  libpython3.5-dev libstdc++-6-dev locales python-all-dev python-dev python2.7-dev python3-dev python3.5-dev systemd-shim
The following NEW packages will be installed:
  libunistring2
The following packages will be upgraded:
  libc6 libidn2-0
WARNING: The following essential packages will be removed.
This should NOT be done unless you know exactly what you are doing!
  libc-bin
2 upgraded, 1 newly installed, 24 to remove and 0 not upgraded.
Need to get 3,320 kB of archives.
After this operation, 165 MB disk space will be freed.
You are about to do something potentially harmful.
To continue type in the phrase 'Yes, do as I say!'
 ?]

How do I fix this and correctly install the newer version of OpenSSL from the Debian testing repository? Or is this right and should I just continue? I am afraid of breaking my server.

Eloy
  • 163
  • 9

1 Answers1

1

Fixed it, by using sudo apt-get -t testing install openssl

eloy@cyber:~$ openssl version
OpenSSL 1.1.1a  20 Nov 2018
Eloy
  • 163
  • 9
  • That only updates the command line tool, not the OpenSSL libraries. This is probably not what you were trying to accomplish. Or it just upgraded virtually your whole system to testing. Which is also probably not what you expected. – Michael Hampton Jan 08 '19 at 14:43
  • The never OpenSSL command line tool depends on LibSSL which is also updated. But you are right, I updated my system to testing with this. I removed the testing repo URLs to prevent this, so now it works as Debian stable, but I can't install any other testing apps anymore. – Eloy Jan 08 '19 at 16:09