Skip to content

Migrating Packages to Jammy Jellyfish

Cloud Foundry's upcoming stemcells will be based on Ubuntu's Jammy Jellyfish release, which may cause compilation and deployment errors in packages built for earlier stemcells. This document provides guidance on how to address the most common errors that BOSH release authors may encounter. There are three broad categories to address:

Discussion Slack channel is here.

GCC 11

Here's a typical error during compilation phase (multiple definition of ...):

/bin/ld: src/protocol.o:/var/vcap/data/compile/haproxy/haproxy-1.8.13/include/common/chunk.h:39: multiple definition of `pool_head_trash'; src/ev_poll.o:/var/vcap/data/compile/haproxy/haproxy-1.8.13/include/common/chunk.h:39: first defined here
collect2: error: ld returned 1 exit status

This is caused by a change in GCC 10: it switched the default compilation to -fno-common, which means that if the header is included by several files it results in multiple definitions of the same variable and results in a linker error. The easiest way to fix this is to pass the -fcommon flag, which reverts to the earlier behavior (warning but no error). Read more about it in the Porting to GCC 10 guide.

Here's a proposed change for the garden-runc-release's xfs-progs job's packaging script:

# gcc 10+ changed the default to "-fno-common"; we change it back to build properly
export CFLAGS="${CFLAGS} -fcommon"

Here's another fix from the routing-release's haproxy job's packaging script:

# gcc 10+ changed the default to "-fno-common"; we change it back to build properly
make TARGET=linux2628 USE_OPENSSL=1 TARGET_CFLAGS=-fcommon

OpenSSL 3

OpenSSL 3 is a "is a major release and not fully backwards compatible with the previous release". Jammy includes OpenSSL 3. Although it's unlikely that your package directly uses OpenSSL 3, it's quite possible that one of your package's dependencies do. Bump to a newer version of the dependency which supports OpenSSL 3, for example Ruby 2.7 → 3.1, nginx 1.20.1 → 1.21.6, HAProxy 1.8.13 → 2.5.1. Here are typical failures:

When Compiling Ruby 2.7.2
ossl_pkey_rsa.c:877:58: error: 'RSA_SSLV23_PADDING' undeclared (first use in this function); did you mean 'RSA_NO_PADDING'?
make[2]: *** [Makefile:313: ossl_pkey_rsa.o] Error 1
make[1]: *** [ ext/openssl/all] Error 2
make: *** [ build-ext] Error 2

Bump the dependency to a version of Ruby that includes OpenSSL 3 support: Ruby 3.1. If you're using BOSH packages, here's how:

pushd ~/workspace/ruby-release
git pull -r
bosh vendor-package ruby-3.1.0-r0.82.0 ~/workspace/ruby-release
nvim packages/*/spec # update Ruby dependencies to include the new version

Note: bumping Ruby versions on any but the most trivial codebases is a significant effort.

When Compiling nginx 1.20.1
src/event/ngx_event_openssl.c:5354:5: error: 'ENGINE_free' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
 5354 |     ENGINE_free(engine);
      |     ^~~~~~~~~~~
In file included from src/event/ngx_event_openssl.h:22,
                 from src/core/ngx_core.h:84,
                 from src/event/ngx_event_openssl.c:9:
/usr/include/openssl/engine.h:493:27: note: declared here
  493 | OSSL_DEPRECATEDIN_3_0 int ENGINE_free(ENGINE *e);
      |                           ^~~~~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [objs/Makefile:853: objs/src/event/ngx_event_openssl.o] Error 1
make: *** [Makefile:10: build] Error 2

Bump to nginx 1.21.6 to fix.

When Compiling HAProxy 1.8.13:
make: *** [Makefile:909: src/ssl_sock.o] Error 1

Bump to HAProxy 2.5.1 to fix.

When Using keytool with OpenJDK 8/11:
keytool error: keystore password was incorrect

Use openssl pkcs12's -legacy flag when creating the Java keystore.

Addons (Runtime Configurations)

If you restrict your addons to certain stemcells, be sure to include Jammy in your list of stemcells (if you intend your addon to run on Jammy). The following is the updated stemcell list for cf-deployment's manifest:

- name: loggregator_agent
    - os: ubuntu-xenial
    - os: ubuntu-bionic
    - os: ubuntu-jammy