This request is superseded by
request 950776
(Show diff)
You're not reviewing the full diff of
request 950470
, but the diff to the superseded
request 949761
(Show full diff)
Overview
Request 950470 superseded
No description set
- Created by pmonrealgonzalez
- In state superseded
- Supersedes 949761
- Superseded by 950776
-
Open review for
opensuse-review-team
- Open review for openSUSE:Factory:Staging:adi:53
Loading...
reviewer
found conflict of libopenssl-3-devel-3.0.1-1.2.x86_64 with libressl-devel-3.4.2-1.1.x86_64 /usr/include/openssl/idea.h found conflict of openssl-1_1-1.1.1m-1.2.x86_64 with openssl-3-3.0.1-1.2.x86_64 /etc/ssl/ct_log_list.cnf /etc/ssl/ct_log_list.cnf.dist
Login required, please
login
in order to comment
Request History
pmonrealgonzalez created request
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
dimstar_suse added as a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:adi:53"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:adi:53"
One conflict left:
We renamed the openssl.cnf config file to openssl3.cnf but the ct_log_list.cnf can be used by both openssl versions. I guess we could keep them in conflict but I'm not sure how could we do that better...
'keep in conflict' meaning 'ignore'? then the answer is 'no'
adding Conflicts: openssl(cli) to openssl-3 is an option, but somewhat defeats the purpose of the entire renaming, which seems to aim at parallel installability
A way out could be the files /etc/ssl/ct_log_list.cnf{,.dist} out into a openssl-1_1-ct_log_cnf (in openssl 1.1) and openssl-3-ct_log_cnf (in openssl-3), have them both provide openssl(ct_log_cnf) and also Conflicts: openssl(ct_log_cnf); openssl-1_1 and openssl-3 would then both require openssl(ct_log_cnf) (not sure about the content of tile files, are they identical? Can openss 1.1 work with the files from openssl 3 and vice-versa? In this case I'd add Suggests: openssl-1_1-ct_log_cnf in openssl-1_1 (and respective -3 version for openssl3); this would mostly result to have the 1_1 installed by default on all installs (as openssl-1_1 is basically there in all cases, until we switch to openssl 3
(hope that rambling makes sense - otherwise ping me on slack)
Would it make sense then to remove these two files from openssl-3? As openssl-1_1 is always installed. They would be readded when we switch to openssl 3.
This requires one less change to openssl in Factory and SLE.
That's an opion - but it would technically ask for a Requires: openssl in openssl-3 to make sure this is true in all cases
Otherwise a simple install of openssl-3 into a clean container would not bring openssl 1.1 with it
zypper requires openssl (it's required by libzypp specifically) though, so openssl 1.1 should already be installed in almost all cases, if I have understood correctly.
EDIT: This means that adding the
Requires: opensslin openssl-3 wouldn't actually add any new package, it could be added safely.zypper is no requirement for containers - and zypper would depend on libopenssl1_1, not openssl(cli) which carries those files
> rpm -e openssl openssl-1_1 error: Failed dependencies: openssl is needed by (installed) perl-Crypt-SSLeay-0.72-4.13.x86_64 openssl is needed by (installed) mokutil-0.5.0-1.3.x86_64 openssl = 1.1.1m is needed by (installed) libopenssl-devel-1.1.1m-1.1.noarch openssl is needed by (installed) pesign-obs-integration-10.2+git20210804.ff18da1-2.1.x86_64 openssl(cli) is needed by (installed) xorg-x11-Xvnc-1.10.1-20.6.x86_64 openssl(cli) is needed by (installed) xorg-x11-Xvnc-1.10.1-20.6.x86_64On my machine I could get rid of openssl almost without problems