On 09/05/2018 02:01 PM, Przemek Klosowski wrote:
On 09/05/2018 01:10 PM, Adam Williamson wrote:
> On Wed, 2018-09-05 at 12:17 -0400, Przemek Klosowski wrote:
>> Recent updates on f27 are blocked because openssl-devel (1.1) conflicts
>> with compat-openssl10-devel (1.0). [...]
>> I don't know if it's a real conflict or a packaging artifact that could
>> be reverted.
> AIUI it's usually a real conflict. -devel packages for different
> versions of the same library are allowed and usually expected to
> conflict (for one thing, they both likely want to own the unversioned
> .so for the libraries themselves - e.g. /usr/lib64/libcrypto.so . It's
> only really a bug if the non-development library packages conflict.
>
> Is there a particular reason you need both -devel packages installed at
> the same time? Are you saying you only have one installed, but
> upgrading is trying to add the other for some reason?
I had both -devel packages installed previously and they apparently
started to conflict very recently.
Correction: I had openssl-devel installed, which
satisfied the
requirement for openssl devel because the requires specify both
openssl-devel and compat-openssl10-devel:
dnf repoquery --deplist libssh2-devel-1.8.0-5.fc27.x86_64
dependency: pkgconfig(libssl)
provider: compat-openssl10-devel-1:1.0.2o-1.fc27.i686
provider: compat-openssl10-devel-1:1.0.2o-1.fc27.x86_64
provider: openssl-devel-1:1.1.0h-3.fc27.i686
provider: openssl-devel-1:1.1.0h-3.fc27.x86_64
I think recently some packages started requiring specifically
compat-openssl10-devel, e.g.
dnf repoquery --deplist nodejs-devel
dependency: compat-openssl10-devel(x86-64)
provider: compat-openssl10-devel-1:1.0.2o-1.fc27.x86_64
causing the conflict.
Normally I have -devel packages either because they were pulled in as
dependencies, or because I was compiling something else that required
their .h files or something like that.
I don't remember which one was the case here, but please note that
1040 packages require openssl-devel and 265 packages require
compat-openssl10-devel as reported by "dnf repoquery --whatrequires
xxxxxx". I believe that most of those dependencies are specified as
'one or another' which is why this situation can be resolved by
allowing erase of openssl-devel.
This is actually suspicious---I think it DOES matter which openssl
version we're compiling/linking against, and applications have to be
ported, if ever so slightly, from 1.0 to 1.1... but I don't really
know the situation here.