Upgrade openssl to 1.1.1g on ubuntu1804_sharedlibs_openssl111_x64

[bnoordhuis]

Refs: nodejs/node#33981 (comment) - this CI run specifically

I'm 90% sure that's caused by that buildbot using openssl 1.1.1b in /opt/openssl-1.1.1b. Can it be upgraded to 1.1.1g?

Alternatively, Ubuntu 18.04 has a security back-port of 1.1.1 according to https://launchpad.net/ubuntu/bionic/+source/openssl and that gets us closer to testing what the distros link against.

[richardlau]

Yes, it can. Relevant lines in ansible are

build/ansible/roles/docker/templates/ubuntu1804_sharedlibs.Dockerfile.j2

Lines 57 to 65 in d4b074c

	ENV OPENSSL111DIR /opt/openssl-1.1.1b
	RUN mkdir -p /tmp/openssl_1.1.1b && \
	cd /tmp/openssl_1.1.1b && \
	curl -sL https://www.openssl.org/source/openssl-1.1.1b.tar.gz | tar zxv --strip=1 && \
	./config --prefix=$OPENSSL111DIR && \
	make -j 6 && \
	make install && \
	rm -rf /tmp/openssl_1.1.1b

PR's welcome 😄.

[richardlau]

(To clarify, the ansible template will first need to be updated and then one of https://github.com/nodejs/build#jenkins-admins will need to reansible the sharedlib containers.)

[rvagg]

I'll do it. May as well do Alpine 3.12 while I'm there.

[rvagg]

Upgraded to 1.1.1g, see #2364, but seeing failures on test-crypto-authenticated-stream on master, https://ci.nodejs.org/job/node-test-commit-linux-containered/nodes=ubuntu1804_sharedlibs_openssl111_x64/20939/, so I don't think the problem is in nodejs/node#33981, it's on master already.