Fixing Prosody SSL after upgrade to Debian Jessie
When I upgraded my home server from Debian 7 (wheezy) to 8 (jessie), my installation of the Prosody Jabber chat server broke. Specifically, my chat client would no longer connect, saying SSL was not supported on the server, and prosody complained about SSL support not being available whenever I ran prosodyctl
. First I'll show the diagnostic information, then the fix and explanation (spoiler: downgrade lua-socket!), then the new diagnostic output.
Diagnostics
A very helpful person in the Prosody group chat room identified my problem and helped me fix it! Here's the output of the commands they had me run.
$ sudo prosodyctl about ************************** Prosody was unable to find LuaSec This package can be obtained in the following ways: Source: http://www.inf.puc-rio.br/~brunoos/luasec/ Debian/Ubuntu: http://prosody.im/download/start#debian_and_ubuntu luarocks: luarocks install luasec SSL/TLS support will not be available More help can be found on our website, at http://prosody.im/doc/depends ************************** Prosody 0.9.10 # Prosody directories Data directory: /var/lib/prosody Plugin directory: /usr/lib/prosody/modules/ Config directory: /etc/prosody Source directory: /usr/lib/prosody # Lua environment Lua version: Lua 5.1 Lua module search paths: /usr/lib/prosody/?.lua /usr/local/share/lua/5.1/?.lua /usr/local/share/lua/5.1/?/init.lua /usr/local/lib/lua/5.1/?.lua /usr/local/lib/lua/5.1/?/init.lua /usr/share/lua/5.1/?.lua /usr/share/lua/5.1/?/init.lua Lua C module search paths: /usr/lib/prosody/?.so /usr/local/lib/lua/5.1/?.so /usr/lib/arm-linux-gnueabihf/lua/5.1/?.so /usr/lib/lua/5.1/?.so /usr/local/lib/lua/5.1/loadall.so LuaRocks: Not installed # Lua module versions lfs: LuaFileSystem 1.6.2 lxp: LuaExpat 1.3.0 pposix: 0.3.6 socket: LuaSocket 3.0-rc1
That big warning at the top also shows up any time I start, stop, or query the status of the service. And here are the results of trying to load the Lua SSL module:
$ lua -lssl lua: error loading module 'ssl.core' from file '/usr/lib/arm-linux-gnueabihf/lua/5.1/ssl.so': liblua5.1-socket.so.2: cannot open shared object file: No such file or directory stack traceback: [C]: ? [C]: in function 'require' /usr/share/lua/5.1/ssl.lua:7: in main chunk [C]: ? [C]: ?
And finally, the kicker. I'd never heard of the policy subcommand, but I clearly need to familiarize myself with it:
$ apt-cache policy lua-socket lua-socket: Installed: 3.0-rc1-4~wheezy Candidate: 3.0-rc1-4~wheezy Version table: *** 3.0-rc1-4~wheezy 0 100 /var/lib/dpkg/status 3.0~rc1-3 0 500 http://mirrordirector.raspbian.org/raspbian/ jessie/main armhf Packages
Solution
The issue seems to be that their wheezy repo contained a newer version of lua-socket than the official Debian jessie repos, so it sticks around after an upgrade to jessie and causes a version mismatch. The answer is to downgrade to the official version:
$ sudo apt-get install lua-socket=3.0~rc1-3
No pinning is required because the package is no longer in any of my apt sources; I won't get asked to upgrade it the next time I check for updates.
Postdiagnostics
After the fix, the prosody output contains one additional line in the Lua modules section (ssl: 0.5.PR
) and no giant warning. Running lua -lssl
just prints a version string and drops me into a Lua shell. And the output of the apt policy command shows only one version:
$ apt-cache policy lua-socket lua-socket: Installed: 3.0~rc1-3 Candidate: 3.0~rc1-3 Version table: *** 3.0~rc1-3 0 500 http://mirrordirector.raspbian.org/raspbian/ jessie/main armhf Packages 100 /var/lib/dpkg/status
And, of course, Pidgin can now connect to my server!
Чаз says:
Thank you Tim, these instructions fixed the same problem I was experiencing.
cheers
Anex says:
Thank you very much! I'm going to read your blog from now on.
Matt says:
Tim, I owe you a beer. Thanks!