Update to alpine 3.17 breaks several libraries reliant on openSSL 1.1

[jmarianski-kogifi]

Environment

• Platform: Linux amd64
• Docker Version: 20.10.22 (any)
• Node.js Version: v16
• Image Tag: latest (though it got the node-16 on alpine 3.17)

Expected Behavior

Current node modules that rely on openSSL implementation (like Prisma) to continue working on this setup

Current Behavior

Prisma library complains about corrupted installation and build process.

Possible Solution

Add a line to image that convinces node libraries that everything stays the same, eg. RUN apk add openssl-dev && cd /usr/lib && ln -s libssl.so libssl.so.1.1 && ln -s libcrypto.so libcrypto.so.1.1 && cd /app

Steps to Reproduce

Download nest.js and prisma, run "npx nest build" inside docker container.

Additional Information

Release notes of alpine 3.17

Nest.js instructions for downloading prisma

Error after build (if you use build on host and transfer files to image):

PrismaClientInitializationError: Unable to load Node-API Library from /app/node_modules/.prisma/client/libquery_engine-linux-musl.so.node, Library may be corrupt
    at DefaultLibraryLoader.loadLibrary (/app/node_modules/@prisma/client/runtime/index.js:30018:17)
    at async LibraryEngine.loadEngine (/app/node_modules/@prisma/client/runtime/index.js:30328:24)
    at async LibraryEngine.instantiateLibrary (/app/node_modules/@prisma/client/runtime/index.js:30286:5) {
  clientVersion: '4.6.1',
  errorCode: undefined
}

Error during build:

Error: Unable to establish a connection to query-engine-node-api library. It seems there is a problem with your OpenSSL installation!
Details: Unable to require(`/app/node_modules/prisma/libquery_engine-linux-musl.so.node`)
 Error loading shared library libssl.so.1.1: No such file or directory (needed by /app/node_modules/prisma/libquery_engine-linux-musl.so.node)
[Context: getDmmf]

Prisma CLI Version : 4.6.1

[yosifkit]

The node:16-alpine3.16 image is still available with openssl 1.1 as the default and will still be kept up-to-date. I'm not exactly sure on when the Alpine 3.16 images would be deprecated here in the node images, but I would guess in around the next ~6 months (the time of the next Alpine release) or maybe until the end of Node 16 (2023-09-11). 🤷

---

Side note: Please do not symlink openssl 3 as openssl 1.1 ❗🔥⚠️. That will not work as they are very unlikely to be ABI compatible.

ln -s libssl.so libssl.so.1.1 && ln -s libcrypto.so libcrypto.so.1.1

[jmarianski-kogifi]

The node:16-alpine3.16 image is still available with openssl 1.1 as the default and will still be kept up-to-date. I'm not exactly sure on when the Alpine 3.16 images would be deprecated here in the node images, but I would guess in around the next ~6 months (the time of the next Alpine release) or maybe until the end of Node 16 (2023-09-11). 🤷

Well, that's definitely an easy workaround. However, not the finest, since it essentially breaks the standalone "latest" in favor of newer alpine. I'd love to receive at least a warning that

Side note: Please do not symlink openssl 3 as openssl 1.1 ❗🔥⚠️. That will not work as they are very unlikely to be ABI compatible.

ln -s libssl.so libssl.so.1.1 && ln -s libcrypto.so libcrypto.so.1.1

Works for prisma 🤷 I'm aware it's a weak workaround, but in case of quick fixes it was the easiest one. Downgrading version of node is going to be the second on my list.

Regarding the version compatibility, I have no idea what version was installed in previous step (apk add openssl-dev) but it might be a lower version of ssl package. Not sure which one is installed on node version, assuming this one, but open-ssl seems to be 1.0.2 version which makes it work, albeit not ideally.

Perhaps a node package should have openssl-dev installed as a basis, and Prisma should be notified about the fact that they should update their executables to use better version of openSSL / detect installed versions.

[nschonni]

#1821 (comment)