Ubuntu 20.04 should I downgrade libssl1.1 to libssl1.0 to install npm?

package-management 20.04 lts nodejs npm

9,674

Solution 1

It looks like you have libssl installed through a PPA rather than the usual Ubuntu sources. If you do apt search --names-only libssl it should confirm that. The suggestion is to downgrade from g to f, not from 1.1 to 1.0: the changes between those versions are listed here and seem to me to fairly minor:

Changes between 1.1.1f and 1.1.1g [21 Apr 2020]

*) Fixed segmentation fault in SSL_check_chain()
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. (CVE-2020-1967) [Benjamin Kaduk]

*) Added AES consttime code for no-asm configurations
an optional constant time support for AES was added when building openssl for no-asm. Enable with: ./config no-asm -DOPENSSL_AES_CONST_TIME Disable with: ./config no-asm -DOPENSSL_NO_AES_CONST_TIME At this time this feature is by default disabled. It will be enabled by default in 3.0. [Bernd Edlinger]

Whether you're willing to accept that degraded capability for npm is up to you.

Solution 2

It is a dependency issue

Since npm depends on node-gyp which depends on libnode-dev which depends on libssl-dev and here is the issue, libssl-dev depends on libssl1.1 versoin 1.1.1f-1ubuntu2 while you have a newer version libssl1.1 version 1.1.1g-1+ubuntu18.04.1+deb.sury.org+1

So as workaround, you can go with Dan Scally's suggestion by downgrade from g to f as below

 sudo apt install libssl1.1=1.1.1f-1ubuntu2

Then you should be able to install npm

 sudo apt install npm

It is worked with me without issues.

9,674

Author by

Alex

Updated on September 18, 2022

Comments

Alex over 1 year

I'm trying to install npm and I found this solution. I run aptitude install npm and the suggested solution is

The following packages have unmet dependencies:
 libssl-dev : Depends: libssl1.1 (= 1.1.1f-1ubuntu2) 
but 1.1.1g-1+ubuntu18.04.1+deb.sury.org+1 is installed

     Keep the following packages at their current version:
1)     libnode-dev [Not Installed]                        
2)     libssl-dev [Not Installed]                         
3)     node-gyp [Not Installed]                           
4)     npm [Not Installed]                                



Accept this solution? [Y/n/q/?]

It's basically suggesting to downgrade, but what impact would that have on my system if I downgrade libssl1.1 to libssl1.0?

Edit: this problem resulted after upgrading Ubuntu 18.04 to 20.04. Dan Scally's solution works and I also provided another option in the comments from launchpad where it's a bit more detailed for my particular situation.