Ubuntu 20.04 should I downgrade libssl1.1 to libssl1.0 to install npm?
Solution 1
It looks like you have libssl installed through a PPA rather than the usual Ubuntu sources. If you do apt search --names-only libssl
it should confirm that. The suggestion is to downgrade from g to f, not from 1.1 to 1.0: the changes between those versions are listed here and seem to me to fairly minor:
Changes between 1.1.1f and 1.1.1g [21 Apr 2020]
*) Fixed segmentation fault in SSL_check_chain()
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. (CVE-2020-1967) [Benjamin Kaduk]*) Added AES consttime code for no-asm configurations
an optional constant time support for AES was added when building openssl for no-asm. Enable with: ./config no-asm -DOPENSSL_AES_CONST_TIME Disable with: ./config no-asm -DOPENSSL_NO_AES_CONST_TIME At this time this feature is by default disabled. It will be enabled by default in 3.0. [Bernd Edlinger]
Whether you're willing to accept that degraded capability for npm is up to you.
Solution 2
It is a dependency issue
Since npm
depends on node-gyp which depends on libnode-dev which depends on libssl-dev and here is the issue, libssl-dev
depends on libssl1.1 versoin 1.1.1f-1ubuntu2
while you have a newer version libssl1.1 version 1.1.1g-1+ubuntu18.04.1+deb.sury.org+1
So as workaround, you can go with Dan Scally's suggestion by downgrade from g to f as below
sudo apt install libssl1.1=1.1.1f-1ubuntu2
Then you should be able to install npm
sudo apt install npm
It is worked with me without issues.
Alex
Updated on September 18, 2022Comments
-
Alex over 1 year
I'm trying to install npm and I found this solution. I run
aptitude install npm
and the suggested solution isThe following packages have unmet dependencies: libssl-dev : Depends: libssl1.1 (= 1.1.1f-1ubuntu2) but 1.1.1g-1+ubuntu18.04.1+deb.sury.org+1 is installed Keep the following packages at their current version: 1) libnode-dev [Not Installed] 2) libssl-dev [Not Installed] 3) node-gyp [Not Installed] 4) npm [Not Installed] Accept this solution? [Y/n/q/?]
It's basically suggesting to downgrade, but what impact would that have on my system if I downgrade libssl1.1 to libssl1.0?
Edit: this problem resulted after upgrading Ubuntu 18.04 to 20.04. Dan Scally's solution works and I also provided another option in the comments from launchpad where it's a bit more detailed for my particular situation.
-
Alex almost 4 yearsThanks, I found a solution here answers.launchpad.net/ubuntu/+source/openssl/+question/691863