11:17 a.m.
Recent updates on f27 are blocked because openssl-devel (1.1) conflicts
with compat-openssl10-devel (1.0). A large number of packages depends on
1.0, so the only way to upgrade is to --allowerasing, which deletes
openssl 1.1 devel packages (
https://bugzilla.redhat.com/show_bug.cgi?id=1625440 ). Those packages
used to coexist peacefully up until recently.
I understand that we want to move to openssl 1.1 but the current reality
is that it's pushed off the system. Maybe it's not a big deal because
apparently it can be uninstalled with no ill effects.
I don't know if it's a real conflict or a packaging artifact that could
be reverted. The current situation where the upgrade is blocked unless
we --allowerasing is not very good: using it blindly is a bad idea that
can result in unusable systems (e.g.
https://bugzilla.redhat.com/show_bug.cgi?id=1601724 ).
Actually, the issue of 1.0 vs. 1.1 dependency is a little confusing
because, even though the update erased openssl-devel without errors,
dnf repoquery --whatrequires openssl-devel | wc
returns 1040, when a similar count for compat-openssl10-devel comes out
at 265. I think that's because many packages (e.g. libssh2-devel) have
dependencies that are satisfied by either openssl-devel or
compat-openssl10-devel.
FWIW, a lot of packages need to be converted to 1.1; repoquery shows 196
packages requiring openssl (v1.1), while 322 require compat-openssl10
(v1.0).
12:10 p.m.
On Wed, 2018-09-05 at 12:17 -0400, Przemek Klosowski wrote:
Recent updates on f27 are blocked because openssl-devel (1.1)
conflicts
with compat-openssl10-devel (1.0). A large number of packages depends on
1.0, so the only way to upgrade is to --allowerasing, which deletes
openssl 1.1 devel packages (
https://bugzilla.redhat.com/show_bug.cgi?id=1625440 ). Those packages
used to coexist peacefully up until recently.
I understand that we want to move to openssl 1.1 but the current reality
is that it's pushed off the system. Maybe it's not a big deal because
apparently it can be uninstalled with no ill effects.
I don't know if it's a real conflict or a packaging artifact that could
be reverted.
AIUI it's usually a real conflict. -devel packages for different
versions of the same library are allowed and usually expected to
conflict (for one thing, they both likely want to own the unversioned
.so for the libraries themselves - e.g. /usr/lib64/libcrypto.so . It's
only really a bug if the non-development library packages conflict.
Is there a particular reason you need both -devel packages installed at
the same time? Are you saying you only have one installed, but
upgrading is trying to add the other for some reason?
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
1:01 p.m.
On 09/05/2018 01:10 PM, Adam Williamson wrote:
On Wed, 2018-09-05 at 12:17 -0400, Przemek Klosowski wrote:
> Recent updates on f27 are blocked because openssl-devel (1.1) conflicts
> with compat-openssl10-devel (1.0). [...]
> I don't know if it's a real conflict or a packaging artifact that could
> be reverted.
AIUI it's usually a real conflict. -devel packages for different
versions of the same library are allowed and usually expected to
conflict (for one thing, they both likely want to own the unversioned
.so for the libraries themselves - e.g. /usr/lib64/libcrypto.so . It's
only really a bug if the non-development library packages conflict.
Is there a particular reason you need both -devel packages installed at
the same time? Are you saying you only have one installed, but
upgrading is trying to add the other for some reason?
I had both -devel packages
installed previously and they apparently
started to conflict very recently.
Normally I have -devel packages either because they were pulled in as
dependencies, or because I was compiling something else that required
their .h files or something like that.
I don't remember which one was the case here, but please note that 1040
packages require openssl-devel and 265 packages require
compat-openssl10-devel as reported by "dnf repoquery --whatrequires
xxxxxx". I believe that most of those dependencies are specified as 'one
or another' which is why this situation can be resolved by allowing
erase of openssl-devel.
This is actually suspicious---I think it DOES matter which openssl
version we're compiling/linking against, and applications have to be
ported, if ever so slightly, from 1.0 to 1.1... but I don't really know
the situation here.
2:29 p.m.
On 09/05/2018 02:01 PM, Przemek Klosowski wrote:
On 09/05/2018 01:10 PM, Adam Williamson wrote:
> On Wed, 2018-09-05 at 12:17 -0400, Przemek Klosowski wrote:
>> Recent updates on f27 are blocked because openssl-devel (1.1) conflicts
>> with compat-openssl10-devel (1.0). [...]
>> I don't know if it's a real conflict or a packaging artifact that could
>> be reverted.
> AIUI it's usually a real conflict. -devel packages for different
> versions of the same library are allowed and usually expected to
> conflict (for one thing, they both likely want to own the unversioned
> .so for the libraries themselves - e.g. /usr/lib64/libcrypto.so . It's
> only really a bug if the non-development library packages conflict.
>
> Is there a particular reason you need both -devel packages installed at
> the same time? Are you saying you only have one installed, but
> upgrading is trying to add the other for some reason?
I had both -devel packages installed previously and they apparently
started to conflict very recently.
Correction: I had openssl-devel installed, which
satisfied the
requirement for openssl devel because the requires specify both
openssl-devel and compat-openssl10-devel:
dnf repoquery --deplist libssh2-devel-1.8.0-5.fc27.x86_64
dependency: pkgconfig(libssl)
provider: compat-openssl10-devel-1:1.0.2o-1.fc27.i686
provider: compat-openssl10-devel-1:1.0.2o-1.fc27.x86_64
provider: openssl-devel-1:1.1.0h-3.fc27.i686
provider: openssl-devel-1:1.1.0h-3.fc27.x86_64
I think recently some packages started requiring specifically
compat-openssl10-devel, e.g.
dnf repoquery --deplist nodejs-devel
dependency: compat-openssl10-devel(x86-64)
provider: compat-openssl10-devel-1:1.0.2o-1.fc27.x86_64
causing the conflict.
Normally I have -devel packages either because they were pulled in as
dependencies, or because I was compiling something else that required
their .h files or something like that.
I don't remember which one was the case here, but please note that
1040 packages require openssl-devel and 265 packages require
compat-openssl10-devel as reported by "dnf repoquery --whatrequires
xxxxxx". I believe that most of those dependencies are specified as
'one or another' which is why this situation can be resolved by
allowing erase of openssl-devel.
This is actually suspicious---I think it DOES matter which openssl
version we're compiling/linking against, and applications have to be
ported, if ever so slightly, from 1.0 to 1.1... but I don't really
know the situation here.
2:56 p.m.
On Thu, Sep 6, 2018 at 3:31 PM Przemek Klosowski <przemek.klosowski(a)nist.gov>
wrote:
On 09/05/2018 02:01 PM, Przemek Klosowski wrote:
> On 09/05/2018 01:10 PM, Adam Williamson wrote:
>> On Wed, 2018-09-05 at 12:17 -0400, Przemek Klosowski wrote:
>>> Recent updates on f27 are blocked because openssl-devel (1.1) conflicts
>>> with compat-openssl10-devel (1.0). [...]
>>> I don't know if it's a real conflict or a packaging artifact that
could
>>> be reverted.
>> AIUI it's usually a real conflict. -devel packages for different
>> versions of the same library are allowed and usually expected to
>> conflict (for one thing, they both likely want to own the unversioned
>> .so for the libraries themselves - e.g. /usr/lib64/libcrypto.so . It's
>> only really a bug if the non-development library packages conflict.
>>
>> Is there a particular reason you need both -devel packages installed at
>> the same time? Are you saying you only have one installed, but
>> upgrading is trying to add the other for some reason?
> I had both -devel packages installed previously and they apparently
> started to conflict very recently.
Correction: I had openssl-devel installed, which satisfied the
requirement for openssl devel because the requires specify both
openssl-devel and compat-openssl10-devel:
dnf repoquery --deplist libssh2-devel-1.8.0-5.fc27.x86_64
dependency: pkgconfig(libssl)
provider: compat-openssl10-devel-1:1.0.2o-1.fc27.i686
provider: compat-openssl10-devel-1:1.0.2o-1.fc27.x86_64
provider: openssl-devel-1:1.1.0h-3.fc27.i686
provider: openssl-devel-1:1.1.0h-3.fc27.x86_64
I think recently some packages started requiring specifically
compat-openssl10-devel, e.g.
dnf repoquery --deplist nodejs-devel
dependency: compat-openssl10-devel(x86-64)
provider: compat-openssl10-devel-1:1.0.2o-1.fc27.x86_64
causing the conflict.
So, that's been a bone of contention for a while. nodejs-devel doesn't
*strictly* require compat-openssl10-devel for all usages, but if someone is
using the SSL/TLS features in it and openssl-devel is installed instead,
unfortunate things happen.
I've been thinking it might be better to make it a Recommends: though,
especially if it's causing issues like this. I just really don't like the
idea that a build might work or not work depending on which packages you
happen to have installed. I prefer hard dependencies for that reason.
I keep going back and forth on what the right course of action is here. I'm
mostly just hoping that Node.js upstream unbreaks its OpenSSL 1.1
compatibility on the 8.x LTS stream and I can switch back to using that...
I had to building against 1.0 because 1.1 broke a bunch of things.
5:05 p.m.
If you depend on pkgconfig one, then depending on environment you can get
different results ... Is there this what you are looking for?
On Thu, Sep 6, 2018, 22:05 Stephen Gallagher <sgallagh(a)redhat.com> wrote:
On Thu, Sep 6, 2018 at 3:31 PM Przemek Klosowski <
przemek.klosowski(a)nist.gov> wrote:
> On 09/05/2018 02:01 PM, Przemek Klosowski wrote:
> > On 09/05/2018 01:10 PM, Adam Williamson wrote:
> >> On Wed, 2018-09-05 at 12:17 -0400, Przemek Klosowski wrote:
> >>> Recent updates on f27 are blocked because openssl-devel (1.1)
> conflicts
> >>> with compat-openssl10-devel (1.0). [...]
> >>> I don't know if it's a real conflict or a packaging artifact
that
> could
> >>> be reverted.
> >> AIUI it's usually a real conflict. -devel packages for different
> >> versions of the same library are allowed and usually expected to
> >> conflict (for one thing, they both likely want to own the unversioned
> >> .so for the libraries themselves - e.g. /usr/lib64/libcrypto.so . It's
> >> only really a bug if the non-development library packages conflict.
> >>
> >> Is there a particular reason you need both -devel packages installed at
> >> the same time? Are you saying you only have one installed, but
> >> upgrading is trying to add the other for some reason?
> > I had both -devel packages installed previously and they apparently
> > started to conflict very recently.
> Correction: I had openssl-devel installed, which satisfied the
> requirement for openssl devel because the requires specify both
> openssl-devel and compat-openssl10-devel:
>
> dnf repoquery --deplist libssh2-devel-1.8.0-5.fc27.x86_64
>
> dependency: pkgconfig(libssl)
> provider: compat-openssl10-devel-1:1.0.2o-1.fc27.i686
> provider: compat-openssl10-devel-1:1.0.2o-1.fc27.x86_64
> provider: openssl-devel-1:1.1.0h-3.fc27.i686
> provider: openssl-devel-1:1.1.0h-3.fc27.x86_64
>
> I think recently some packages started requiring specifically
> compat-openssl10-devel, e.g.
>
> dnf repoquery --deplist nodejs-devel
>
> dependency: compat-openssl10-devel(x86-64)
> provider: compat-openssl10-devel-1:1.0.2o-1.fc27.x86_64
>
> causing the conflict.
>
So, that's been a bone of contention for a while. nodejs-devel doesn't
*strictly* require compat-openssl10-devel for all usages, but if someone is
using the SSL/TLS features in it and openssl-devel is installed instead,
unfortunate things happen.
I've been thinking it might be better to make it a Recommends: though,
especially if it's causing issues like this. I just really don't like the
idea that a build might work or not work depending on which packages you
happen to have installed. I prefer hard dependencies for that reason.
I keep going back and forth on what the right course of action is here.
I'm mostly just hoping that Node.js upstream unbreaks its OpenSSL 1.1
compatibility on the 8.x LTS stream and I can switch back to using that...
I had to building against 1.0 because 1.1 broke a bunch of things.
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
--
-Igor Gnatenko
6:04 p.m.
On Thu, Sep 6, 2018 at 6:34 PM Igor Gnatenko <
ignatenkobrain(a)fedoraproject.org> wrote:
If you depend on pkgconfig one, then depending on environment you can
get
different results ... Is there this what you are looking for?
No idea, as I can’t parse the sentence, sorry :-(
Could you try to explain what you mean in greater depth, please?
On Thu, Sep 6, 2018, 22:05 Stephen Gallagher
<sgallagh(a)redhat.com> wrote:
>
>
> On Thu, Sep 6, 2018 at 3:31 PM Przemek Klosowski <
> przemek.klosowski(a)nist.gov> wrote:
>
>> On 09/05/2018 02:01 PM, Przemek Klosowski wrote:
>> > On 09/05/2018 01:10 PM, Adam Williamson wrote:
>> >> On Wed, 2018-09-05 at 12:17 -0400, Przemek Klosowski wrote:
>> >>> Recent updates on f27 are blocked because openssl-devel (1.1)
>> conflicts
>> >>> with compat-openssl10-devel (1.0). [...]
>> >>> I don't know if it's a real conflict or a packaging artifact
that
>> could
>> >>> be reverted.
>> >> AIUI it's usually a real conflict. -devel packages for different
>> >> versions of the same library are allowed and usually expected to
>> >> conflict (for one thing, they both likely want to own the unversioned
>> >> .so for the libraries themselves - e.g. /usr/lib64/libcrypto.so .
It's
>> >> only really a bug if the non-development library packages conflict.
>> >>
>> >> Is there a particular reason you need both -devel packages installed
>> at
>> >> the same time? Are you saying you only have one installed, but
>> >> upgrading is trying to add the other for some reason?
>> > I had both -devel packages installed previously and they apparently
>> > started to conflict very recently.
>> Correction: I had openssl-devel installed, which satisfied the
>> requirement for openssl devel because the requires specify both
>> openssl-devel and compat-openssl10-devel:
>>
>> dnf repoquery --deplist libssh2-devel-1.8.0-5.fc27.x86_64
>>
>> dependency: pkgconfig(libssl)
>> provider: compat-openssl10-devel-1:1.0.2o-1.fc27.i686
>> provider: compat-openssl10-devel-1:1.0.2o-1.fc27.x86_64
>> provider: openssl-devel-1:1.1.0h-3.fc27.i686
>> provider: openssl-devel-1:1.1.0h-3.fc27.x86_64
>>
>> I think recently some packages started requiring specifically
>> compat-openssl10-devel, e.g.
>>
>> dnf repoquery --deplist nodejs-devel
>>
>> dependency: compat-openssl10-devel(x86-64)
>> provider: compat-openssl10-devel-1:1.0.2o-1.fc27.x86_64
>>
>> causing the conflict.
>>
>
>
> So, that's been a bone of contention for a while. nodejs-devel doesn't
> *strictly* require compat-openssl10-devel for all usages, but if someone is
> using the SSL/TLS features in it and openssl-devel is installed instead,
> unfortunate things happen.
>
> I've been thinking it might be better to make it a Recommends: though,
> especially if it's causing issues like this. I just really don't like the
> idea that a build might work or not work depending on which packages you
> happen to have installed. I prefer hard dependencies for that reason.
>
> I keep going back and forth on what the right course of action is here.
> I'm mostly just hoping that Node.js upstream unbreaks its OpenSSL 1.1
> compatibility on the 8.x LTS stream and I can switch back to using that...
> I had to building against 1.0 because 1.1 broke a bunch of things.
> _______________________________________________
> devel mailing list -- devel(a)lists.fedoraproject.org
> To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
>
--
-Igor Gnatenko
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
4:10 p.m.
Przemek Klosowski wrote:
Recent updates on f27 are blocked because openssl-devel (1.1)
conflicts
with compat-openssl10-devel (1.0). A large number of packages depends on
1.0, so the only way to upgrade is to --allowerasing, which deletes
openssl 1.1 devel packages (
https://bugzilla.redhat.com/show_bug.cgi?id=1625440 ). Those packages
used to coexist peacefully up until recently.
They never coexisted, compat-openssl10-devel has always conflicted with
openssl-devel-1.1+ since it was introduced.
-- Rex
2056
days inactive
2057
days old
7 comments
5 participants
participants (5)
-
Adam Williamson -
Igor Gnatenko -
Przemek Klosowski -
Rex Dieter -
Stephen Gallagher