Domoticz upcoming beta/release and OpenSSL 3.0

[gizmocuz]

Hi there!

[This post can be ignored for users running Domoticz via Docker (Compose) as it does not involve them]

As you are probably well aware, the latest Debian Bookworm is using OpenSSL version 3.
Prior Debian versions (Buster/Bullseye) is using OpenSSL version 1.

Unfortunately OpenSSL is not backwards compatible, and this means we have to move to OpenSSL version 3 if we want to keep running the latest Debian versions (and why not!)

As many users where still running on a older Debian version (Buster/Bullseye) the last release was done with using OpenSSL 1, but from now on, we will be using OpenSSL 3

This means, to keep running the latest Domoticz versions, you have to upgrade your system.

To check if your system has OpenSSL version 3 support, you can issue the below command:

Code: Select all

openssl version

At the moment, all build platforms are being converted to Debian Bookworm, and from the 14th of May, we will be using OpenSSL 3

There has been a new beta released that has a modification in the updatebeta script that checks for OpenSSL 3.
If you update now, you will not be able to upgrade to a newer version until you meet the new system requirements (see it as a safety net)

I won't expect a new OpenSSL version (4) for the next 5 years

-------------

I found this great guide to update your system from Debian 11 (Bullseye) to Bookworm.
If you are running an older version (Debian 10, Buster), I recommend to upgrade first to Bullseye (11) and then to Bookworm


https://www.cyberciti.biz/faq/update-up ... 2-bookworm

[waltervl]

On what version is the Linux x86_64 build on, 24.04?
On Ubuntu 22.04.5 LTS I get an error on beta:

Code: Select all

./domoticz: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.36' not found (required by ./domoticz)

My openssl version on Ubuntu 22.04.5 LTS is:
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

[janpep]

For your information.
On my test system Ubuntu 24.04 LTS I have
OpenSSL 3.0.13 30 Jan 2024

Upgraded from GUI. Did not save the error message it gave. (something mentioning check your internet connection.)
But upgrade to beta seems to be OK.
In Log:

Code: Select all

2025-05-16 16:46:42.650 Status: Domoticz V2025.1 (build 16695) (c)2012-2025 GizMoCuz
2025-05-16 16:46:42.650 Status: Build Hash: 14ad98012, Date: 2025-05-16 11:00:11

Webserver SSL started. I am able to log in. Do not see any problems so far.

[gizmocuz]

Walter has a very old LTS system (22.04), which is fine, but it should be used by an old Domoticz

Debian bookworm/Ubunto 24.04 has no problems running the latest beta version.

[electrofunk]

Hi,

If you are running an older version (Debian 10, Buster), I recommend to upgrade first to Bullseye (11) and then to Bookworm

OK but Bookworm no longer supports SysFS GPIO access which is still the recomended (only?) method for Domoticz to access GPIO. How are we supposed to do when we need GPIO access?

Thank you.

[solarboy]

What about installing openssl 3 on bullseye/buster ?

[gizmocuz]

There is still native GPIO support in Domoticz
SysFS has been deprecated for years

What are you controlling?!Can this be done via an ESP or a Zigbee device?

[Thuis]

Aha, so latest Domoticz beta let's us do:

Spoiler: show

New release '24.04.2 LTS' available.
Run 'do-release-upgrade' to upgrade to it.

Or is that a wrong assumption?

[waltervl]

Aha, so latest Domoticz beta let's us do:

Spoiler: show

New release '24.04.2 LTS' available.
Run 'do-release-upgrade' to upgrade to it.

Or is that a wrong assumption?

To run latest beta you have to indeed upgrade Ubuntu to 24.04

[Thuis]

Thank you !

[JayDotR]

So just for my understanding :
a) starting 15.05.2025, the UpdateBeta script added a test on OpenSSL Version 3 as mandatory prerequisite to fullfill under raspbian OS
b) when installing Domoticz, I prefer to run it on https-only, and I know that running domoticz on the http port (without ssl) is possible
c) I am aware about the possibility to install on bullseye the backport-packages
d) before someone tries to explain to me : I also know how to install from source a software and do a compilation
e) of course, updating OS from bullseye to bookworm is still another option ... but as my RPI is running more than only Domoticz, an OS Upgrade will require me to do first a clone of the SD Card and to make a dry-run-upgrade on a second Raspberry (non-regression testing the rest is unfortunately a mandatory topic ...)

Indeed, without OpenSSL3, when starting the new Beta you get the error message below

Code: Select all

May 21 20:27:33 raspberry-development domoticz.sh[6948]: /srv/domoticz/domoticz: error while loading shared libraries: libssl.so.3: cannot open shared object file: No such file or directory

But my question towards one of the development team :
- if I am omitting the usage of SSL for the Webserver (start it on http port 8080 or similar only), is there any way to run the Beta (and later on the stable) without having OpenSSL 3.x installed on the OS, or are there potentially plugins and other dependencies that won't start due to the OpenSSL Version 1.1.x installed ?

I'm asking, but mentally I know I will need to go the step e) sooner or later ...

[waltervl]

Use a docker container to run Domoticz beta.

[Varazir]

I thought I had to upgrade to newer rasbian OS so I started to update to bookworm.
The update halted with file not found and the PI account locked so I think I need to reinstall, oh well.
the db for domoticz is backuped on my nas and I have downloaded conf for both zigbee and zwave.

I can still access using web gui but ssh fail and I guess reboot will just break it.

Already running both the zigbee and zwave as docker not sure if it can handle domoticz as well.
I like to have Domoticz so I can get my hold of all settings and files.

Not your fault me messing up my system

[waltervl]

If you are already running zigbee2mqtt and Zwave-JS-UI (and probably mosquitto) as docker containers it s only a small step to also run Domoticz in a Docker container.
https://wiki.domoticz.com/Docker

[JayDotR]

Use a docker container to run Domoticz beta.

also a doable option for domoticz as application. However in mid-term and long-term, an OS Upgrade with going from python 3.9 to 3.11/3.12 with more recent packages for almost everything is globally the more secure option

Nevertheless, thanks for your idea which I did not consider till you mentioned it

[waltervl]

Use a docker container to run Domoticz beta.

also a doable option for domoticz as application. However in mid-term and long-term, an OS Upgrade with going from python 3.9 to 3.11/3.12 with more recent packages for almost everything is globally the more secure option

Nevertheless, thanks for your idea which I did not consider till you mentioned it

You had a lot of reasons not to update on the short term so I just gave you an option for the short term. On the long term you can still update the OS and keep Domoticz running in the same Docker container....

[akamming]

If you are already running zigbee2mqtt and Zwave-JS-UI (and probably mosquitto) as docker containers it s only a small step to also run Domoticz in a Docker container.
https://wiki.domoticz.com/Docker

just an idea:
- Since Domoticz is more and more depending on other software (zigbee2mqtt, zwave js ui, mosquitto, etc...)
- and there are these library issues every now and then.. (everytime a OS update is forced, a lot of users complaining)

wouldn't it be better to make "dummy" install script for most users which
- installs docker and several containers (including domoticz)
- creates a directory structure for the data dirs for these dockers, including default configs which make the docker containers work together
- and have some ease scripts to update, start and stop the containters

and only use the native OS installs as an advanced method?

BTW: migrating an existing domoticz install to docker is not as easy as described here. I tried, but ran into trouble
- i have scripts which require perl modules, and installing them in docker is a lot more difficult than doing that natively
- you have make manual changes to compose scripts to make the p1 meter work
- my scripts for updating the certicates for my domain need to be updated
- have not yet found a way yet to access gpio without have the container run in gpio mode
- etc.etc..

so for me it was too much of a hassle.

[janpep]

Indeed. For the average interested party without too much IT knowledge it is absolutely no longer possible to do.
It may be to much off topic and to much to place here, but I just made an install document for my son in which a description of all the steps to install Rapbian bookworm with Domoticz, zwave-js-ui, zigbee2mqtt, MQTT on a Raspberry pi (3B+).
Then I created one (325 line) script to be able to add the last 4 as docker containers with options for dz, mq, zb and zw to create, start, restart, stop, remove, rerun, upgrade the containers. All behind iptables firewall (only local network allowed)
A. No use of yaml files, because I did not see the advantage above the script I already made.
B. At the end, I left out Domoticz, because very confusing (DzVents script templates did not appear and I read a lot about things that still had to be installed inside the container because of plugins.) So for my son, I finally installed Domoticz the normal way, but the option is still in the script.
C. Disadvantage you will keep: When you want to deviate on one of the components you still have a problem to realize that, if you do not have the necessary skills. The same goes for maintenance.
Maybe a new topic?

[akamming]

Indeed. For the average interested party without too much IT knowledge it is absolutely no longer possible to do.
It may be to much off topic and to much to place here, but I just made an install document for my son in which a description of all the steps to install Rapbian bookworm with Domoticz, zwave-js-ui, zigbee2mqtt, MQTT on a Raspberry pi (3B+).
Then I created one (325 line) script to be able to add the last 4 as docker containers with options for dz, mq, zb and zw to create, start, restart, stop, remove, rerun, upgrade the containers. All behind iptables firewall (only local network allowed)
A. No use of yaml files, because I did not see the advantage above the script I already made.
B. At the end, I left out Domoticz, because very confusing (DzVents script templates did not appear and I read a lot about things that still had to be installed inside the container because of plugins.) So for my son, I finally installed Domoticz the normal way, but the option is still in the script.
C. Disadvantage you will keep: When you want to deviate on one of the components you still have a problem to realize that, if you do not have the necessary skills. The same goes for maintenance.
Maybe a new topic?

i think you are right. (although if dzvents script do not appear, maybe report an issue in the repo of the docker container?)

also offtopic (so my last remark about it here...), playing around a bit i am puzzled by the differences in memory usage of the different containers: e.g. zwave js uses 114 MB. Home Assistant uses 450 MB (!). Domoticz only 12MB...

[Varazir]

If you are already running zigbee2mqtt and Zwave-JS-UI (and probably mosquitto) as docker containers it s only a small step to also run Domoticz in a Docker container.
https://wiki.domoticz.com/Docker

Only it will be more resource heavy on the system with another container.
Then I would like my systems to have central update like running sudo apt update && sudo apt upgrade
With Docker I need to google the commands how to update the docker as well.

I created a bash script to update all my github plugins before I started to use docker.