'Re: openssl 1.1 development conflicts with compat-openssl (1.0)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-devel-list
Subject:    Re: openssl 1.1 development conflicts with compat-openssl (1.0)
From:       Igor Gnatenko <ignatenkobrain () fedoraproject ! org>
Date:       2018-09-06 22:05:30
Message-ID: CAFMg4WAU+PLi0jJ4LPABQ1phvrDCtZyhz80+RQsS6G0ELAh0NA () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


If you depend on pkgconfig one, then depending on environment you can get
different results ... Is there this what you are looking for?

On Thu, Sep 6, 2018, 22:05 Stephen Gallagher <sgallagh@redhat.com> wrote:

>
>
> On Thu, Sep 6, 2018 at 3:31 PM Przemek Klosowski <
> przemek.klosowski@nist.gov> wrote:
>
>> On 09/05/2018 02:01 PM, Przemek Klosowski wrote:
>> > On 09/05/2018 01:10 PM, Adam Williamson wrote:
>> >> On Wed, 2018-09-05 at 12:17 -0400, Przemek Klosowski wrote:
>> >>> Recent updates on f27 are blocked because openssl-devel (1.1)
>> conflicts
>> >>> with compat-openssl10-devel (1.0). [...]
>> >>> I don't know if it's a real conflict or a packaging artifact that
>> could
>> >>> be reverted.
>> >> AIUI it's usually a real conflict. -devel packages for different
>> >> versions of the same library are allowed and usually expected to
>> >> conflict (for one thing, they both likely want to own the unversioned
>> >> .so for the libraries themselves - e.g. /usr/lib64/libcrypto.so . It's
>> >> only really a bug if the non-development library packages conflict.
>> >>
>> >> Is there a particular reason you need both -devel packages installed at
>> >> the same time? Are you saying you only have one installed, but
>> >> upgrading is trying to add the other for some reason?
>> > I had both -devel packages installed previously and they apparently
>> > started to conflict very recently.
>> Correction: I had openssl-devel installed, which satisfied the
>> requirement for openssl devel because the requires specify both
>> openssl-devel and compat-openssl10-devel:
>>
>> dnf repoquery  --deplist libssh2-devel-1.8.0-5.fc27.x86_64
>>
>> dependency: pkgconfig(libssl)
>>     provider: compat-openssl10-devel-1:1.0.2o-1.fc27.i686
>>     provider: compat-openssl10-devel-1:1.0.2o-1.fc27.x86_64
>>     provider: openssl-devel-1:1.1.0h-3.fc27.i686
>>     provider: openssl-devel-1:1.1.0h-3.fc27.x86_64
>>
>> I think recently some packages started requiring specifically
>> compat-openssl10-devel, e.g.
>>
>> dnf repoquery  --deplist nodejs-devel
>>
>> dependency: compat-openssl10-devel(x86-64)
>>     provider: compat-openssl10-devel-1:1.0.2o-1.fc27.x86_64
>>
>> causing the conflict.
>>
>
>
> So, that's been a bone of contention for a while. nodejs-devel doesn't
> *strictly* require compat-openssl10-devel for all usages, but if someone is
> using the SSL/TLS features in it and openssl-devel is installed instead,
> unfortunate things happen.
>
> I've been thinking it might be better to make it a Recommends: though,
> especially if it's causing issues like this. I just really don't like the
> idea that a build might work or not work depending on which packages you
> happen to have installed. I prefer hard dependencies for that reason.
>
> I keep going back and forth on what the right course of action is here.
> I'm mostly just hoping that Node.js upstream unbreaks its OpenSSL 1.1
> compatibility on the 8.x LTS stream and I can switch back to using that...
> I had to building against 1.0 because 1.1 broke a bunch of things.
> _______________________________________________
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
>
-- 

-Igor Gnatenko

[Attachment #5 (text/html)]

If you depend on pkgconfig one, then depending on environment you can get different \
results ... Is there this what you are looking for?<br><br><div \
class="gmail_quote"><div dir="ltr">On Thu, Sep 6, 2018, 22:05 Stephen Gallagher \
&lt;<a href="mailto:sgallagh@redhat.com">sgallagh@redhat.com</a>&gt; \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><br><div \
class="gmail_quote"></div></div><div dir="ltr"><div class="gmail_quote"><div \
dir="ltr">On Thu, Sep 6, 2018 at 3:31 PM Przemek Klosowski &lt;<a \
href="mailto:przemek.klosowski@nist.gov" \
target="_blank">przemek.klosowski@nist.gov</a>&gt; wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">On 09/05/2018 02:01 PM, Przemek Klosowski wrote:<br> &gt; On \
09/05/2018 01:10 PM, Adam Williamson wrote:<br> &gt;&gt; On Wed, 2018-09-05 at 12:17 \
-0400, Przemek Klosowski wrote:<br> &gt;&gt;&gt; Recent updates on f27 are blocked \
because openssl-devel (1.1) conflicts<br> &gt;&gt;&gt; with compat-openssl10-devel \
(1.0). [...]<br> &gt;&gt;&gt; I don&#39;t know if it&#39;s a real conflict or a \
packaging artifact that could<br> &gt;&gt;&gt; be reverted.<br>
&gt;&gt; AIUI it&#39;s usually a real conflict. -devel packages for different<br>
&gt;&gt; versions of the same library are allowed and usually expected to<br>
&gt;&gt; conflict (for one thing, they both likely want to own the unversioned<br>
&gt;&gt; .so for the libraries themselves - e.g. /usr/lib64/libcrypto.so . \
It&#39;s<br> &gt;&gt; only really a bug if the non-development library packages \
conflict.<br> &gt;&gt;<br>
&gt;&gt; Is there a particular reason you need both -devel packages installed at<br>
&gt;&gt; the same time? Are you saying you only have one installed, but<br>
&gt;&gt; upgrading is trying to add the other for some reason?<br>
&gt; I had both -devel packages installed previously and they apparently <br>
&gt; started to conflict very recently.<br>
Correction: I had openssl-devel installed, which satisfied the <br>
requirement for openssl devel because the requires specify both <br>
openssl-devel and compat-openssl10-devel:<br>
<br>
dnf repoquery   --deplist libssh2-devel-1.8.0-5.fc27.x86_64<br>
<br>
dependency: pkgconfig(libssl)<br>
       provider: compat-openssl10-devel-1:1.0.2o-1.fc27.i686<br>
       provider: compat-openssl10-devel-1:1.0.2o-1.fc27.x86_64<br>
       provider: openssl-devel-1:1.1.0h-3.fc27.i686<br>
       provider: openssl-devel-1:1.1.0h-3.fc27.x86_64<br>
<br>
I think recently some packages started requiring specifically <br>
compat-openssl10-devel, e.g.<br>
<br>
dnf repoquery   --deplist nodejs-devel<br>
<br>
dependency: compat-openssl10-devel(x86-64)<br>
       provider: compat-openssl10-devel-1:1.0.2o-1.fc27.x86_64<br>
<br>
causing the conflict.<br></blockquote><div><br></div><div><br></div></div></div><div \
dir="ltr"><div class="gmail_quote"><div>So, that&#39;s been a bone of contention for \
a while. nodejs-devel doesn&#39;t *strictly* require compat-openssl10-devel for all \
usages, but if someone is using the SSL/TLS features in it and openssl-devel is \
installed instead, unfortunate things happen.</div><div><br></div><div>I&#39;ve been \
thinking it might be better to make it a Recommends: though, especially if it&#39;s \
causing issues like this. I just really don&#39;t like the idea that a build might \
work or not work depending on which packages you happen to have installed. I prefer \
hard dependencies for that reason.</div><div><br></div><div>I keep going back and \
forth on what the right course of action is here. I&#39;m mostly just hoping that \
Node.js upstream unbreaks its OpenSSL 1.1 compatibility on the 8.x LTS stream and I \
can switch back to using that... I had to building against 1.0 because 1.1 broke a \
bunch of things.</div></div></div> \
_______________________________________________<br> devel mailing list -- <a \
href="mailto:devel@lists.fedoraproject.org" \
target="_blank">devel@lists.fedoraproject.org</a><br> To unsubscribe send an email to \
<a href="mailto:devel-leave@lists.fedoraproject.org" \
target="_blank">devel-leave@lists.fedoraproject.org</a><br> Fedora Code of Conduct: \
<a href="https://getfedora.org/code-of-conduct.html" rel="noreferrer" \
target="_blank">https://getfedora.org/code-of-conduct.html</a><br> List Guidelines: \
<a href="https://fedoraproject.org/wiki/Mailing_list_guidelines" rel="noreferrer" \
target="_blank">https://fedoraproject.org/wiki/Mailing_list_guidelines</a><br> List \
Archives: <a href="https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org" \
rel="noreferrer" target="_blank">https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org</a><br>
 </blockquote></div>-- <br><div dir="ltr" class="gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><p dir="ltr">-Igor Gnatenko</p> \
</div></div>


[Attachment #6 (text/plain)]

_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic