Missing crypto lib via db_connection, How to force mix use earlier version?

While running a docker-compose run --rm myapp migrate command. Ubuntu 18.04. It fails on this line in my release_tasks.ex:

Ecto.Migrator.run(repo, migrations_path, :up, all: true)

The deployment and migration succeeded many times before so I have no idea why this happened all of a sudden. I find this stack suspicious because db_connection was recently updated:

17:16:43.761 [warn] The on_load function for module crypto returned:
{:error, {:load_failed, 'Failed to load NIF library: \'Error loading shared library libcrypto.so.1.1: No such file or directory (needed by /app/lib/crypto-4.4/priv/lib/crypto.so)\''}}

17:16:43.774 [error] GenServer #PID<0.145.0> terminating
** (RuntimeError) connect raised UndefinedFunctionError exception.The exception details are hidden, as they may contain sensitive data such as database credentials. You may set :show_sensitive_data_on_connection_error to true if you wish to see all of the details
    (crypto) :crypto.hash/2
    (postgrex) lib/postgrex/protocol.ex:721: Postgrex.Protocol.auth_md5/4
    (postgrex) lib/postgrex/protocol.ex:576: Postgrex.Protocol.handshake/2
    (db_connection) lib/db_connection/connection.ex:66: DBConnection.Connection.connect/2
    (connection) lib/connection.ex:622: Connection.enter_connect/5
    (stdlib) proc_lib.erl:249: :proc_lib.init_p_do_apply/3
Last message: nil

I made a pristine Ubuntu 18.10 Digital Ocean droplet, installed Docker manually and attempted a deployment, which resulted in the same error.

So I attempted to override db_connection to use version 2.0.3, which is from November 28, 2018. But using {:db_connection, "~> 2.0.3", override: true}, in mix.exs doesn’t seem to guarantee that I will get that version because my mix.lock file appears to contain version 2.0.5:

  "db_connection": {:hex, :db_connection, "2.0.5", "ddb2ba6761a08b2bb9ca0e7d260e8f4dd39067426d835c24491a321b7f92a4da", [:mix], [{:connection, "~> 1.0.2", [hex: :connection, repo: "hexpm", optional: false]}], "hexpm"},

Any ideas of a workaround to force mix to use db_connection version 2.0.3?

Use == for the version constraint. ~> means “compatible with” and 2.0.5 is considered compatible to 2.0.3.

You can read more about version requirement specs at https://hexdocs.pm/elixir/Version.html#module-requirements

Double-check that you aren’t building your release on an image that ultimately starts on Alpine 3.9, but trying to run the release on Alpine 3.8.

I saw exactly this behavior under those conditions recently, and didn’t understand why I suddenly had 3.9 in the mix. It’s because the official Elixir base images have rebuilt and retagged nearly all historical versions in the last few weeks, and I didn’t go to the length to pin with @sha256:… syntax (until now).


The libssl is what catches my eye as Alpine 3.8->3.9 switched the SSL stack being used.


That was it. Man, I was stumped, thanks.

-FROM alpine:3.8 as runner
+FROM alpine:3.9 as runner
 RUN addgroup -g 1000 faithful_word && \
     adduser -D -h /app \
       -G faithful_word \
       -u 1000 \
-RUN apk add -U bash libssl1.0
+RUN apk add -U bash libssl1.1