Is libressl-devel a "drop-in" replacement for "openssl-devel" ?
Devs, Sometime recently, opensuse Tumbleweed changed to libressl. The new install of Tumbleweed I did has it. I didn't explicitly install it. The problem is it breaks package dependencies that require openssl-devel. E.g., Problem: 1: the to be installed kdelibs3-devel-3.5.10-276.1.x86_64 requires 'openssl-devel', but this requirement cannot be provided not installable providers: libopenssl-devel-3.2.4-2.1.noarch[download.opensuse.org-oss] Solution 1: Following actions will be done: do not install kdelibs3-devel-3.5.10-276.1.x86_64 do not install kdebase3-devel-3.5.10.1-385.1.x86_64 do not install kdesdk3-devel-3.5.10-85.8.x86_64 Solution 2: deinstallation of libressl-devel-4.0.0-1.2.x86_64 Solution 3: break kdelibs3-devel-3.5.10-276.1.x86_64 by ignoring some of its dependencies Choose from above solutions by number or cancel [1/2/3/c/d/?] (c): c Is the libressl-devel compatible with openssl-devel such that Yasuhiko can just update the .spec files for the kde3 -devel files to fix this problem or is much more required to work with libressl? If so, can we remove libressl and go with openssl -- or does that mess up the new "more secure" libressl refactor for selinux or the like? What's the best way to fix this? -- David C. Rankin, J.D.,P.E.
On 3/2/25 5:28 PM, Neal Gompa wrote:
We did not change to LibreSSL. I don't know how you have that.
Good! I can rip it out. I thought it was an intentional change because when I looked at the package information I got: $ rqi libressl-devel Name : libressl-devel Version : 4.0.0 Release : 1.2 Architecture: x86_64 Install Date: Thu 27 Feb 2025 07:31:02 PM CST Group : Development/Libraries/C and C++ Size : 1155787 License : OpenSSL Signature : RSA/SHA512, Thu 09 Jan 2025 07:43:33 PM CST, Key ID 35a2f86e29b700a4 Source RPM : libressl-4.0.0-1.2.src.rpm Build Date : Tue 15 Oct 2024 04:13:03 PM CDT Build Host : reproducible Packager : https://bugs.opensuse.org Vendor : openSUSE URL : https://www.libressl.org/ Summary : Development files for LibreSSL, an SSL/TLS protocol implementation Description : LibreSSL is an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It derives from OpenSSL, with the aim of refactoring the OpenSSL code so as to provide a more secure implementation. This subpackage contains libraries and header files for developing applications that want to make use of libressl. Distribution: openSUSE Tumbleweed -- David C. Rankin, J.D.,P.E.
On Monday 2025-03-03 00:28, Neal Gompa wrote:
zypper does not *change* from one provider to another unless explicitly requested by the user way of e.g. `zypper in -f libressl-devel`. libzypp may however propose its installation if you install something that desires libcrypto.pc, the system does not yet have libcrypto.pc(!), and if employing libressl-devel to provide libcrypto.pc makes for an algorithmically satisfiable installation request.
The problem here is kdelibs3-devel which - usually erroneously - forces the openssl.org implementation of libcrypto.pc.
On 3/2/25 6:31 PM, Jan Engelhardt wrote:
Thanks Jan, I don't see why the devel packages can't use either so long as they can get the base dependency they need. I've passed that along to Yasuhiko to see if the -devel packages can be updated. No clue how libressl-devel got installed. I did a minimal-X install of Tumbleweed, and that was about all I've done with that box (other than installing gcc/g++, autoconf, automake, libtools, nginx, php and postgresql) as I was fighting selinux and the i915 lspcon probe fail, dpms triggered reboot issue. Removing libressl-devel and replacing with libopenssl-devel made everything happy from a dependency standpoint. Now, if the i915 issue gets resolved as well, we will be in business with this box... -- David C. Rankin, J.D.,P.E.
On 3/3/25 12:31 PM, Axel Braun wrote:
kdelibs3? Ouch. Since how many decades is this outdated?
The biggest most beautiful desktop going and one heck of an asset for openSUSE to have the best maintained kde3 on the planet. Outdated? no. Mature? oh yes, and if you haven't tried it in a while, even on poor hardware, it is blisteringly fast. The original libressl-devel issue had nothing to do with kde3, it had to do with some optional/recommends in the Tumbleweed install of minimal-X that happened before I could get to /etc/zypp.conf and disable the recommends option. After restoring openssl, everything is fine. Why libressl is even there is more the question and what is triggering it's install as a recommends package? -- David C. Rankin, J.D.,P.E.
On Mon Mar 3, 2025 at 12:27 AM CET, David C. Rankin wrote:
No, we didn’t. And no, LibreSSL is not a drop-in or any replacement for OpenSSL. Best, Matěj -- http://matej.ceplovi.cz/blog/, @mcepl@en.osm.town GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 It is a rare mind indeed that can render the hitherto non-existent blindingly obvious. The cry “I could have thought of that” is a very popular and misleading one, for the fact is that they didn’t, and a very significant and revealing fact it is too. -- Douglas Adams, Dirk Gently’s Holistic Detective Agency
On 3/3/25 1:36 PM, Matěj Cepl wrote:
Yes, Thank you Matěj! It came down to some "recommends" pulling it in with a minimal-X install with lightdm and icewm. I also installed fluxbox, so that is a possibility. It happened before I disabled recommends in the zypper config file. I'd never even heard of libressl before. Now I know ... to stay away from it :) -- David C. Rankin, J.D.,P.E.
On Tue Mar 4, 2025 at 2:37 AM CET, David C. Rankin wrote:
Hmm, I found only: ~ $ LANG=en_GB sudo zypper se --recommends-pkg libressl Loading repository data... Reading installed packages... S | Name | Summary | Type ---+----------------------------------+--------------------------+-------- | patterns-devel-base-devel_kernel | Linux Kernel Development | package ~ $ which feels suspiciously like a bug. Best, Matěj -- http://matej.ceplovi.cz/blog/, @mcepl@en.osm.town GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 How many Bavarian Illuminati does it take to screw in a light bulb? Three: one to screw it in, and one to confuse the issue.
On Tue Mar 4, 2025 at 1:07 PM CET, Andrei Borzenkov wrote:
Was not it libressl-devel package?
The result is the same for that. Matěj -- http://matej.ceplovi.cz/blog/, @mcepl@en.osm.town GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Find the dependencies -- and eliminate them. -- according to http://is.gd/oeYpcI the motto of the MS Excel team
On 3/4/25 2:05 AM, Matěj Cepl wrote:
I load much of base-devel individually, but didn't load that pattern. The patterns that were pulled in were: $ rqa pattern patterns-base-base-20241218-3.1.x86_64 patterns-base-basic_desktop-20241218-3.1.x86_64 patterns-base-documentation-20241218-3.1.x86_64 patterns-base-enhanced_base-20241218-3.1.x86_64 patterns-base-minimal_base-20241218-3.1.x86_64 patterns-base-selinux-20241218-3.1.x86_64 patterns-base-sw_management-20241218-3.1.x86_64 patterns-base-x11-20241218-3.1.x86_64 patterns-base-x11_enhanced-20241218-3.1.x86_64 patterns-fonts-fonts-20170319-12.2.x86_64 patterns-fonts-fonts_opt-20170319-12.2.x86_64 patterns-glibc-hwcaps-x86_64_v3-20230201-3.4.x86_64 patterns-yast-x11_yast-20220411-1.8.x86_64 patterns-yast-yast2_basis-20220411-1.8.x86_64 patterns-yast-yast2_desktop-20220411-1.8.x86_64 Example of the packages: $ rqa 'gcc\|auto\|libtool' autoconf-2.72-2.2.noarch automake-1.17-1.2.noarch autoyast2-installation-5.0.4-1.1.noarch cross-arm-none-eabi-gcc14-14.2.0-1.34.x86_64 cross-arm-none-eabi-gcc14-c++-14.2.0-1.34.x86_64 cross-arm-none-eabi-gcc14-libstdc++-14.2.0-1.34.x86_64 cross-arm-none-eabi-gcc14-libstdc++-devel-14.2.0-1.34.x86_64 gcc-14-3.1.x86_64 gcc-c++-14-3.1.x86_64 gcc-fortran-14-3.1.x86_64 gcc-info-14-3.1.x86_64 gcc14-14.2.1+git11321-1.1.x86_64 gcc14-c++-14.2.1+git11321-1.1.x86_64 gcc14-fortran-14.2.1+git11321-1.1.x86_64 gcc14-info-14.2.1+git11321-1.1.noarch libgcc_s1-14.2.1+git11321-1.1.x86_64 libquadmath0-devel-gcc14-14.2.1+git11321-1.1.x86_64 libstdc++6-devel-gcc14-14.2.1+git11321-1.1.x86_64 libtool-2.4.7-3.10.x86_64 qml-autoreqprov-1.4.1-1.4.noarch selinux-autorelabel-4.0+git7-1.1.x86_64 Is there a zypper query I can run that would search for the recommends that pulled it in? Packages like cross-arm-none-eabi come from community repos, so there is an additional source. However, any packages installed not from the standard install repos would not have been installed until well after. Checking the zypper.log I can find where it was installed. I'm not sure if that solves the issue. Here is the log: # xzcat /var/log/zypper.log-20250302.xz | grep 'libressl' 2025-02-27 19:30:39 <1> niflheim(1902) [zypper++] Summary.cc(readPool):281 <install> U_Ts_(18892)libressl-devel-4.0.0-1.2.x86_64(download.opensuse.org-oss) 2025-02-27 19:30:59 <1> niflheim(1902) [zypp] PackageProvider.cc(providePackage):424 provide Package (18892)libressl-devel-4.0.0-1.2.x86_64(download.opensuse.org-oss) 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::media] RepoProvideFile.cc(provideFile):253 [1]./x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm{187.1 KiB|sha512-c37450d0bba144b6bea81f21561c4a724e75262bfcef70eacd5eb7222e628dc0ae3f92199699231acb986deaa73baa909c360c5f9a967c4763677d151cb6a6ee|} 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::fetcher++] MediaSetAccess.cc(provide):275 Going to try to provide file ./x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm from media number 1 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::media] MediaNetworkCommonHandler.cc(getFileUrl):83 Redirecting ./x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm request to geoip location. 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::media++] MediaMultiCurl.cc(doGetFileCopy):1510 dest: /var/tmp/AP_0xw5Ugay/x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::media++] MediaMultiCurl.cc(doGetFileCopy):1511 temp: /var/tmp/AP_0xw5Ugay/x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm.new.zypp.sSSLZP 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::media++] MediaCurl.cc(doGetFileCopyFile):1204 ./x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::media] MediaNetworkCommonHandler.cc(getFileUrl):83 Redirecting ./x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm request to geoip location. 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::media++] MediaCurl.cc(doGetFileCopyFile):1214 URL: http://cdn.opensuse.org/tumbleweed/repo/oss/x86_64/libressl-devel-4.0.0-1.2.... 2025-02-27 19:30:59 <1> niflheim(1902) [zypp-curl] metalinkparser.cc(parse):445 Parsed 10 mirrors from /var/tmp/AP_0xw5Ugay/x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm.new.zypp.sSSLZP 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::media] MediaNetworkCommonHandler.cc(getFileUrl):83 Redirecting ./x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm request to geoip location. 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::media] MediaNetworkCommonHandler.cc(getFileUrl):83 Redirecting ./x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm request to geoip location. 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::media] MediaCurl.cc(MediaCurl):357 MediaCurl::MediaCurl(http://mirror.umd.edu/opensuse/tumbleweed/repo/oss/x86_64/libressl-devel-4.0..., ) 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::media] MediaCurl.cc(MediaCurl):357 MediaCurl::MediaCurl(http://slc-mirror.opensuse.org/tumbleweed/repo/oss/x86_64/libressl-devel-4.0..., ) 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::media] MediaCurl.cc(MediaCurl):357 MediaCurl::MediaCurl(http://mirror.us.leaseweb.net/opensuse/tumbleweed/repo/oss/x86_64/libressl-d..., ) 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::media] MediaCurl.cc(MediaCurl):357 MediaCurl::MediaCurl(http://mirror.clarkson.edu/opensuse/opensuse/tumbleweed/repo/oss/x86_64/libr..., ) 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::media] MediaCurl.cc(MediaCurl):357 MediaCurl::MediaCurl(http://mirror.siena.edu/opensuse/tumbleweed/repo/oss/x86_64/libressl-devel-4..., ) 2025-02-27 19:30:59 <2> niflheim(1902) [zypp::media] MediaMultiCurl.cc(run):1358 #0: state: 3 received: 14181 url: http://mirror.umd.edu/opensuse/tumbleweed/repo/oss/x86_64/libressl-devel-4.0... 2025-02-27 19:30:59 <2> niflheim(1902) [zypp::media] MediaMultiCurl.cc(run):1358 #1: state: 4 received: 191604 url: http://slc-mirror.opensuse.org/tumbleweed/repo/oss/x86_64/libressl-devel-4.0... 2025-02-27 19:30:59 <2> niflheim(1902) [zypp::media] MediaMultiCurl.cc(run):1358 #2: state: 3 received: 0 url: http://mirror.us.leaseweb.net/opensuse/tumbleweed/repo/oss/x86_64/libressl-d... 2025-02-27 19:30:59 <2> niflheim(1902) [zypp::media] MediaMultiCurl.cc(run):1358 #3: state: 3 received: 0 url: http://mirror.clarkson.edu/opensuse/opensuse/tumbleweed/repo/oss/x86_64/libr... 2025-02-27 19:30:59 <2> niflheim(1902) [zypp::media] MediaMultiCurl.cc(run):1358 #4: state: 3 received: 13032 url: http://mirror.siena.edu/opensuse/tumbleweed/repo/oss/x86_64/libressl-devel-4... 2025-02-27 19:30:59 <1> niflheim(1902) [zypp-core] PathInfo.cc(rename):753 rename /var/tmp/AP_0xw5Ugay/x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm.new.zypp.sSSLZP -> /var/tmp/AP_0xw5Ugay/x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::media++] MediaMultiCurl.cc(doGetFileCopy):1713 done: /var/tmp/AP_0xw5Ugay/x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm{- 0644 0/0 size 191604} 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::media++] MediaHandler.cc(provideFile):977 provideFile([1]./x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm{187.1 KiB|sha512-c37450d0bba144b6bea81f21561c4a724e75262bfcef70eacd5eb7222e628dc0ae3f92199699231acb986deaa73baa909c360c5f9a967c4763677d151cb6a6ee|}) 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::fetcher] Fetcher.cc(validate):387 Checking job [/var/tmp/AP_0xw5Ugay/x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm] (2 checkers ) 2025-02-27 19:30:59 <1> niflheim(1902) [zypp-core] PathInfo.cc(hardlinkCopy):921 hardlinkCopy /var/tmp/AP_0xw5Ugay/x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm -> /var/cache/zypp/packages/download.opensuse.org-oss/x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::fetcher++] MediaSetAccess.cc(releaseFile):91 Going to release file ./x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm from media number 1 2025-02-27 19:30:59 <1> niflheim(1902) [zypp-core] PathInfo.cc(unlink):711 unlink /var/tmp/AP_0xw5Ugay/x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm 2025-02-27 19:30:59 <1> niflheim(1902) [zypp::media] RepoProvideFile.cc(provideFile):319 provideFile at /var/cache/zypp/packages/download.opensuse.org-oss/x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm 2025-02-27 19:30:59 <1> niflheim(1902) [zypp] PackageProvider.cc(providePackage):525 provided Package (18892)libressl-devel-4.0.0-1.2.x86_64(download.opensuse.org-oss) at /var/cache/zypp/packages/download.opensuse.org-oss/x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm 2025-02-27 19:31:02 <1> niflheim(1902) [zypp] RpmHeader.cc(readPackage):259 ReferenceCounted(@0x55c1c8043d40<=1){0x55c1cf9ee4f0}{libressl-devel-4.0.0-1.2} from /var/cache/zypp/packages/download.opensuse.org-oss/x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm 2025-02-27 19:31:02 <1> niflheim(1902) [librpmDb] RpmDb.cc(doInstallPackage):1671 RpmDb::installPackage(/var/cache/zypp/packages/download.opensuse.org-oss/x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm,0x0000000c) 2025-02-27 19:31:02 <1> niflheim(1902) [zypp::exec++] forkspawnengine.cc(start):274 Executing[C] 'rpm' '--root' '/' '--dbpath' '/usr/lib/sysimage/rpm' '--define' '_dump_posttrans 1' '-U' '--percent' '--noglob' '--force' '--nodeps' '--' '/var/cache/zypp/packages/download.opensuse.org-oss/x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm' 2025-02-27 19:31:02 <1> niflheim(1902) [Progress++] progressdata.cc(report):75 {#19|Installing: libressl-devel-4.0.0-1.2.x86_64} START 2025-02-27 19:31:02 <1> niflheim(1902) [Progress++] progressdata.cc(report):95 {#19|Installing: libressl-devel-4.0.0-1.2.x86_64} END 2025-02-27 19:31:02 <1> niflheim(1902) [zypp-core] PathInfo.cc(unlink):711 unlink /var/cache/zypp/packages/download.opensuse.org-oss/x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm If you want more from the log, just tell me what query you want and I'll run it and reply back. -- David C. Rankin, J.D.,P.E.
On 3/5/25 4:34 PM, Jan Engelhardt wrote:
Thanks Jan, Here are the next 100 lines from the log beginning with the last above. Looks like postgresql was the problem?: # xzcat /var/log/zypper.log-20250302.xz | sed -n 64003,64103p 2025-02-27 19:31:02 <1> niflheim(1902) [zypp-core] PathInfo.cc(unlink):711 unlink /var/cache/zypp/packages/download.opensuse.org-oss/x86_64/libressl-devel-4.0.0-1.2.x86_64.rpm 2025-02-27 19:31:02 <1> niflheim(1902) [zypp] RpmHeader.cc(readPackage):259 ReferenceCounted(@0x55c1cf9f9900<=1){0x55c1cfa0ab00}{postgresql17-devel-17.4-1.1} from /var/cache/zypp/packages/download.opensuse.org-oss/x86_64/postgresql17-devel-17.4-1.1.x86_64.rpm 2025-02-27 19:31:02 <1> niflheim(1902) [librpmDb] RpmDb.cc(doInstallPackage):1671 RpmDb::installPackage(/var/cache/zypp/packages/download.opensuse.org-oss/x86_64/postgresql17-devel-17.4-1.1.x86_64.rpm,0x0000000c) 2025-02-27 19:31:02 <1> niflheim(1902) [zypp::exec++] forkspawnengine.cc(start):274 Executing[C] 'rpm' '--root' '/' '--dbpath' '/usr/lib/sysimage/rpm' '--define' '_dump_posttrans 1' '-U' '--percent' '--noglob' '--force' '--nodeps' '--' '/var/cache/zypp/packages/download.opensuse.org-oss/x86_64/postgresql17-devel-17.4-1.1.x86_64.rpm' 2025-02-27 19:31:02 <1> niflheim(1902) [zypp::exec++] forkspawnengine.cc(start):427 pid 2240 launched 2025-02-27 19:31:02 <1> niflheim(1902) [Progress++] progressdata.cc(report):75 {#20|Installing: postgresql17-devel-17.4-1.1.x86_64} START 2025-02-27 19:31:02 <1> niflheim(1902) [zypp::exec++] abstractspawnengine.cc(checkStatus):189 Pid 2240 successfully completed 2025-02-27 19:31:02 <1> niflheim(1902) [zypp::posttrans] RpmPostTransCollector.cc(collectDumpPosttransLines):143 COLLECT 2 dump_posttrans lines 2025-02-27 19:31:02 <1> niflheim(1902) [Progress++] progressdata.cc(report):95 {#20|Installing: postgresql17-devel-17.4-1.1.x86_64} END 2025-02-27 19:31:02 <1> niflheim(1902) [zypp-core] PathInfo.cc(unlink):711 unlink /var/cache/zypp/packages/download.opensuse.org-oss/x86_64/postgresql17-devel-17.4-1.1.x86_64.rpm 2025-02-27 19:31:02 <1> niflheim(1902) [zypp] RpmHeader.cc(readPackage):259 ReferenceCounted(@0x55c1c8303d50<=1){0x55c1cfa0d630}{postgresql-devel-17-2.3} from /var/cache/zypp/packages/download.opensuse.org-oss/noarch/postgresql-devel-17-2.3.noarch.rpm 2025-02-27 19:31:02 <1> niflheim(1902) [librpmDb] RpmDb.cc(doInstallPackage):1671 RpmDb::installPackage(/var/cache/zypp/packages/download.opensuse.org-oss/noarch/postgresql-devel-17-2.3.noarch.rpm,0x0000000c) 2025-02-27 19:31:02 <1> niflheim(1902) [zypp::exec++] forkspawnengine.cc(start):274 Executing[C] 'rpm' '--root' '/' '--dbpath' '/usr/lib/sysimage/rpm' '--define' '_dump_posttrans 1' '-U' '--percent' '--noglob' '--force' '--nodeps' '--' '/var/cache/zypp/packages/download.opensuse.org-oss/noarch/postgresql-devel-17-2.3.noarch.rpm' 2025-02-27 19:31:02 <1> niflheim(1902) [zypp::exec++] forkspawnengine.cc(start):427 pid 2243 launched 2025-02-27 19:31:02 <1> niflheim(1902) [Progress++] progressdata.cc(report):75 {#21|Installing: postgresql-devel-17-2.3.noarch} START 2025-02-27 19:31:02 <1> niflheim(1902) [zypp::exec++] abstractspawnengine.cc(checkStatus):189 Pid 2243 successfully completed 2025-02-27 19:31:02 <1> niflheim(1902) [zypp::posttrans] RpmPostTransCollector.cc(collectDumpPosttransLines):143 COLLECT 2 dump_posttrans lines 2025-02-27 19:31:02 <1> niflheim(1902) [Progress++] progressdata.cc(report):95 {#21|Installing: postgresql-devel-17-2.3.noarch} END 2025-02-27 19:31:02 <1> niflheim(1902) [zypp-core] PathInfo.cc(unlink):711 unlink /var/cache/zypp/packages/download.opensuse.org-oss/noarch/postgresql-devel-17-2.3.noarch.rpm 2025-02-27 19:31:02 <1> niflheim(1902) [Progress++] progressdata.cc(report):75 {#40|Running post-transaction scripts} START 2025-02-27 19:31:02 <1> niflheim(1902) [librpmDb] RpmDb.cc(runposttrans):2011 RpmDb::runposttrans(/var/adm/update-scripts/posttransx3zXQg/dumpfileLFvoa6) 2025-02-27 19:31:02 <1> niflheim(1902) [zypp::exec++] forkspawnengine.cc(start):274 Executing[C] 'rpm' '--root' '/' '--dbpath' '/usr/lib/sysimage/rpm' '-vv' '--runposttrans' '/var/adm/update-scripts/posttransx3zXQg/dumpfileLFvoa6' 2025-02-27 19:31:02 <1> niflheim(1902) [zypp::exec++] forkspawnengine.cc(start):427 pid 2244 launched 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::exec++] abstractspawnengine.cc(checkStatus):189 Pid 2244 successfully completed 2025-02-27 19:31:04 <1> niflheim(1902) [Progress++] progressdata.cc(report):95 {#40|Running post-transaction scripts} END 2025-02-27 19:31:04 <1> niflheim(1902) [zypp] TargetImpl.cc(RunUpdateScripts):543 Looking for new update scripts in (/)/var/adm/update-scripts 2025-02-27 19:31:04 <1> niflheim(1902) [zypp-core] PathInfo.cc(dirForEachImpl):560 readdir /var/adm/update-scripts 2025-02-27 19:31:04 <1> niflheim(1902) [zypp] TargetImpl.cc(RunUpdateMessages):778 Looking for new update messages in (/)/var/adm/update-messages 2025-02-27 19:31:04 <1> niflheim(1902) [zypp-core] PathInfo.cc(dirForEachImpl):560 readdir /var/adm/update-messages 2025-02-27 19:31:04 <1> niflheim(1902) [zypp] TargetImpl.cc(RunUpdateMessages):807 Found update message mariadb-11.7.2-1.1-something 2025-02-27 19:31:04 <1> niflheim(1902) [zypp] TargetImpl.cc(sendNotification):658 Notification command is '' 2025-02-27 19:31:04 <1> niflheim(1902) [zypp-core] PathInfo.cc(recursive_rmdir):439 recursive_rmdir /var/adm/update-scripts/posttransx3zXQg 2025-02-27 19:31:04 <1> niflheim(1902) [zypp-core++] TmpPath.cc(~Impl):84 TmpPath cleaned up /var/adm/update-scripts/posttransx3zXQg{d 0700 0/0} 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::fetcher++] MediaSetAccess.cc(release):487 Releasing all media IDs held by this MediaSetAccess 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::media++] MediaManager.cc(release):516 release(id=9) 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::media++] MediaHandler.cc(release):714 Request to release attached media http<http://download.opensuse.org/tumbleweed/repo/oss/>, use count=1 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::media++] MediaHandler.cc(release):721 Releasing media http<http://download.opensuse.org/tumbleweed/repo/oss/> 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::media] MediaHandler.cc(disconnect):693 Disconnected: http://download.opensuse.org/tumbleweed/repo/oss/ attached; localRoot "/var/tmp/AP_0xw5Ugay" 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::media++] MediaHandler.cc(removeAttachPoint):150 MediaHandler - checking if to remove attach point 2025-02-27 19:31:04 <1> niflheim(1902) [zypp-core] PathInfo.cc(recursive_rmdir):439 recursive_rmdir /var/tmp/AP_0xw5Ugay 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::media] MediaHandler.cc(removeAttachPoint):162 Deleted default attach point /var/tmp/AP_0xw5Ugay 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::media] MediaHandler.cc(release):775 Released: http://download.opensuse.org/tumbleweed/repo/oss/ not attached; localRoot "" 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::media++] MediaManager.cc(close):357 Close to access handler using id 9 requested 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::media++] MediaHandler.cc(release):707 Request to release media - not attached; eject '' 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::media] MediaManager.cc(close):116 Close: http(http://download.opensuse.org/tumbleweed/repo/oss/ not attached; localRoot "") (OK) 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::media++] MediaHandler.cc(release):707 Request to release media - not attached; eject '' 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::media] MediaManager.cc(close):116 Close: http(http://download.opensuse.org/tumbleweed/repo/oss/ not attached; localRoot "") (OK) 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::media++] MediaHandler.cc(release):707 Request to release media - not attached; eject '' 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::media++] MediaHandler.cc(removeAttachPoint):150 MediaHandler - checking if to remove attach point 2025-02-27 19:31:04 <1> niflheim(1902) [zypp-core] PathInfo.cc(dirForEachImpl):560 readdir /etc/products.d 2025-02-27 19:31:04 <1> niflheim(1902) [zypp] TargetImpl.cc(buildCache):1028 Read cookie: /var/cache/zypp/solv/@System/cookie{- 0644 0/0 size 52} 2025-02-27 19:31:04 <1> niflheim(1902) [zypp] TargetImpl.cc(buildCache):1035 Read cookie: /var/cache/zypp/solv/@System/cookie says: outdated 2025-02-27 19:31:04 <1> niflheim(1902) [zypp-core] TmpPath.cc(Impl):53 /var/cache/zypp/solv/@System/solvCcGgZU 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::exec++] forkspawnengine.cc(start):274 Executing 'rpmdb2solv' '-r' '/' '-D' '/usr/lib/sysimage/rpm' '-X' '-p' '/etc/products.d' '/var/cache/zypp/solv/@System/solv' '-o' '/var/cache/zypp/solv/@System/solvCcGgZU' 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::exec++] forkspawnengine.cc(start):427 pid 2298 launched 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::exec++] abstractspawnengine.cc(checkStatus):189 Pid 2298 successfully completed 2025-02-27 19:31:04 <1> niflheim(1902) [zypp-core] PathInfo.cc(rename):753 rename /var/cache/zypp/solv/@System/solvCcGgZU -> /var/cache/zypp/solv/@System/solv 2025-02-27 19:31:04 <1> niflheim(1902) [zypp-core] PathInfo.cc(chmod):1103 chmod /var/cache/zypp/solv/@System/solv 00644 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::plugin++] PluginExecutor.cc(load):57 +++++++++++++++ load /usr/lib/zypp/plugins/system{d 0755 0/0} 2025-02-27 19:31:04 <1> niflheim(1902) [zypp-core] PathInfo.cc(dirForEachImpl):560 readdir /usr/lib/zypp/plugins/system 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::plugin++] PluginExecutor.cc(load):84 --------------- load /usr/lib/zypp/plugins/system{d 0755 0/0} 2025-02-27 19:31:04 <1> niflheim(1902) [zypp] TargetImpl.cc(commit):1591 TargetImpl::commit(<pool>, CommitPolicy( DownloadInAdvance )) returns: CommitResult (total 20, done 20, error 0, skipped 0, updateMessages 1) 2025-02-27 19:31:04 <1> niflheim(1902) [zypp-core] ShutdownLock.cc(~ShutdownLock):33 Terminate inhibitor lock: pid 2046 2025-02-27 19:31:04 <2> niflheim(1902) [zypp::exec] abstractspawnengine.cc(checkStatus):203 Pid 2046 was killed by signal 15 (Terminated) 2025-02-27 19:31:04 <1> niflheim(1902) [zypp++] ZYppImpl.cc(commit):240 unloading @System repo from pool 2025-02-27 19:31:04 <1> niflheim(1902) [zypp] Repository.cc(eraseFromPool):301 sat::repo(@System){prio -99.0, size 1546} removed from pool 2025-02-27 19:31:04 <1> niflheim(1902) [zypp::satpool] PoolImpl.cc(setDirty):259 _deleteRepo @System 2025-02-27 19:31:04 <1> niflheim(1902) [zypp] ZYppImpl.cc(commit):245 Commit (CommitPolicy( DownloadInAdvance )) returned: CommitResult (total 20, done 20, error 0, skipped 0, updateMessages 1) 2025-02-27 19:31:04 <1> niflheim(1902) [zypper] solve-commit.cc(solve_and_commit):975 2025-02-27 19:31:04 <1> niflheim(1902) [zypper] solve-commit.cc(solve_and_commit):975 DONE 2025-02-27 19:31:04 <1> niflheim(1902) [zypper] solve-commit.cc(show_update_messages):657 Received 1 update notification(s): 2025-02-27 19:31:04 <1> niflheim(1902) [zypper] solve-commit.cc(show_update_messages):662 - From mariadb-11.7.2-1.1.x86_64 in file /var/adm/update-messages/mariadb-11.7.2-1.1-something 2025-02-27 19:31:18 <1> niflheim(1902) [zypper] prompt.cc(get_prompt_reply):300 reply empty, returning the default: n (1) 2025-02-27 19:31:18 <2> niflheim(1902) [DEFINE_LOGGROUP] application.cc(setExitCode):79 setExitCode 0 2025-02-27 19:31:18 <1> niflheim(1902) [zypper] Zypper.cc(doCommand):691 Done 2025-02-27 19:31:18 <1> niflheim(1902) [zypper] Zypper.cc(cleanup):743 START 2025-02-27 19:31:18 <1> niflheim(1902) [zypp-core] PathInfo.cc(dirForEachImpl):560 readdir /usr/lib/zypp/plugins/appdata 2025-02-27 19:31:18 <1> niflheim(1902) [zypper] main.cc(~Bye):115 ===== Exiting main(0) ===== 2025-02-27 19:40:13 <1> niflheim(2367) [zypper] main.cc(main):142 ===== Hi, me zypper 1.14.84 2025-02-27 19:40:13 <1> niflheim(2367) [zypper] main.cc(main):143 ===== 'sudo' 'zypper' '-v' 'in' 'postfix' ===== 2025-02-27 19:40:13 <1> niflheim(2367) [zconfig] ZConfig.cc(_autodetectSystemArchitecture):146 Uname architecture is 'x86_64' 2025-02-27 19:40:13 <2> niflheim(2367) [zconfig] ZConfig.cc(_autodetectSystemArchitecture):159 CPU has 'x86_64': architecture upgraded to 'x86_64_v3' 2025-02-27 19:40:13 <1> niflheim(2367) [zconfig] ZConfig.cc(_autodetectTextLocale):301 Found LANG=en_US.UTF-8 2025-02-27 19:40:13 <1> niflheim(2367) [zconfig] ZConfig.cc(_autodetectTextLocale):308 Default text locale is 'en_US' 2025-02-27 19:40:13 <1> niflheim(2367) [zconfig] ZConfig.cc(Impl):511 libzypp: 17.36.2 2025-02-27 19:40:13 <1> niflheim(2367) [zypp-core] iniparser.cc(parse):86 Start parsing /etc/zypp/zypp.conf[g___] 2025-02-27 19:40:13 <1> niflheim(2367) [Progress++] progressdata.cc(report):75 {#1|/etc/zypp/zypp.conf} START 2025-02-27 19:40:13 <1> niflheim(2367) [zypp-core] iniparser.cc(parse):140 Done parsing /etc/zypp/zypp.conf[_eF_] 2025-02-27 19:40:13 <1> niflheim(2367) [Progress++] progressdata.cc(report):95 {#1|/etc/zypp/zypp.conf} END 2025-02-27 19:40:13 <1> niflheim(2367) [zconfig] ZConfig.cc(Impl):723 ZConfig singleton created. 2025-02-27 19:40:13 <1> niflheim(2367) [zconfig] ZConfig.cc(ZConfig):939 libzypp: 17.36.2 2025-02-27 19:40:13 <1> niflheim(2367) [zconfig] ZConfig.cc(ZConfig):939 libsolv: 0.7.31 2025-02-27 19:40:13 <1> niflheim(2367) [zconfig] ZConfig.cc(ZConfig):939 zypp.conf: '/etc/zypp/zypp.conf' 2025-02-27 19:40:13 <1> niflheim(2367) [zconfig] ZConfig.cc(ZConfig):939 TextLocale: 'en_US' (en_US) 2025-02-27 19:40:13 <1> niflheim(2367) [zconfig] ZConfig.cc(ZConfig):939 SystemArchitecture: 'x86_64_v3' (x86_64_v3) 2025-02-27 19:40:13 <1> niflheim(2367) [zypp-core] TmpPath.cc(Impl):53 /var/tmp/zypp.j487tp 2025-02-27 19:40:13 <1> niflheim(2367) [zypp-core] PathInfo.cc(assert_dir):358 mkdir /var/tmp/zypp.j487tp/zypper 00755 2025-02-27 19:40:13 <1> niflheim(2367) [zypper] Zypper.cc(Zypper):185 Zypper instance created. 2025-02-27 19:40:13 <1> niflheim(2367) [zypper] media.h(MediaCallbacks):201 Set media callbacks.. 2025-02-27 19:40:13 <1> niflheim(2367) [zypper] Zypper.cc(processGlobalOptions):302 START 2025-02-27 19:40:13 <5> niflheim(2367) [Measure] Measure.cc(log):184 START MEASURE(ReadConfig) -- David C. Rankin, J.D.,P.E.
On Thursday 2025-03-06 00:07, David C. Rankin wrote:
Yeah so, that's it then. You installed postgresql-devel (or something even further down the line), and since postgresql (nor something else) cared about the particular implementation, libressl was chosen, likely because it simply comes first in an alphabetical sorting.
On Thu, Mar 6, 2025 at 10:40 AM Jan Engelhardt <ej@inai.de> wrote:
andrei@tumbleweed:~> zypper info --requires postgresql17-devel | grep crypto pkgconfig(libcrypto) andrei@tumbleweed:~> zypper se --provides -x 'pkgconfig(libcrypto)' Loading repository data... Reading installed packages... S | Name | Summary | Type ---+--------------------+--------------------------------------------------------------------+-------- | libopenssl-3-devel | Development files for OpenSSL | package | libopenssl-devel | Include Files and Libraries mandatory for Development | package | libressl-devel | Development files for LibreSSL, an SSL/TLS protocol implementation | package andrei@tumbleweed:~> I guess this deserves a bug report. As long OpenSSL and LibreSSL are not compatible, OpenSSL should probably be preferred on the distribution level (Suggests: libopenssl-deve in openSUSE-release). I still wonder where this dependency comes from because postgres17.spec only has %package -n %pgname-%devel ... Requires: %libecpg >= %version Requires: %libpq >= %version Requires: postgresql-devel-noarch >= %pgmajor
On Thu, Mar 6, 2025 at 11:04 AM Jan Engelhardt <ej@inai.de> wrote:
Tumbleweed is on OpenSSL 3.0. https://github.com/libressl/portable: --><-- LibreSSL provides much of the OpenSSL 1.1 API. The OpenSSL 3 API is not currently supported. --><--
On Thursday 2025-03-06 09:16, Andrei Borzenkov wrote:
libressl certainly has the openssl3 api (or at least, significant parts of it), such as the `EVP_CIPHER_CTX_new` and `EVP_MD_CTX_new` functions since version 2.7.0, released sometime in early 2018. Apparently people just forgot to update the readme, considering https://github.com/libressl/portable has no real source and is, in summary, merely a wrapper to create libressl tarballs from the openbsd-src git repository located elsewhere. commit fcd881a003531dbaf7bd91a0ad45e0a940b45a90 Author: jsing <jsing@openbsd.org> Date: Sat Feb 17 14:55:31 2018 +0000 ^^^^^^^^ Provide EVP_MD_CTX_new(), EVP_MD_CTX_free() and EVP_MD_CTX_reset(). diff --git lib/libcrypto/Symbols.list lib/libcrypto/Symbols.list index 1da0493c73e..d633575397f 100644 --- lib/libcrypto/Symbols.list +++ lib/libcrypto/Symbols.list @@ -1274,8 +1274,11 @@ EVP_MD_CTX_copy_ex EVP_MD_CTX_create EVP_MD_CTX_ctrl EVP_MD_CTX_destroy +EVP_MD_CTX_free EVP_MD_CTX_init EVP_MD_CTX_md +EVP_MD_CTX_new +EVP_MD_CTX_reset EVP_MD_CTX_set_flags EVP_MD_CTX_test_flags EVP_MD_block_size
On Thu Mar 6, 2025 at 9:05 AM CET, Jan Engelhardt wrote:
1) LibreSSL forked from an older version of OpenSSL and since then keeping bug-for-bug compatbility with OpenSSL was not the highest goal of LibreSSL maintainers. 2) OpenSSL has changed since then rather substantially. “LibreSSL provides much of the OpenSSL 1.1 API. The OpenSSL 3 API is not currently supported.” https://github.com/libressl/portable/blob/master/README.md Matěj -- http://matej.ceplovi.cz/blog/, @mcepl@en.osm.town GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Responsibility reveals the man. -- Demosthenes, Exordia, Dem. Ex. 48.2 (quoting Sophocles, Soph. Ant. 175-190, and it seems it is a source of often misquoted statement often mistakenly attributed to Plato “The measure of a man is what he does with power.”)
If you wat to know the reason for introducing LibreSSL: https://www.internetsociety.org/blog/2014/06/heartbleed-libressl-and-the-imp... The BSD Community was unhappy about the Heartbleed Bug and then Developers thought about a fork with an improved reimplementation. I know it in such details, because one of my former colleagues was involved in these discussions as part of the BSD Community. Best regards, Sarah
On Thu Mar 6, 2025 at 4:17 PM CET, Sarah Julia Kriesch via openSUSE Factory wrote:
If you wat to know the reason for introducing LibreSSL: https://www.internetsociety.org/blog/2014/06/heartbleed-libressl-and-the-imp...
I know more about it than I ever wish to know. Tomáš Mráz (then at Red Hat, one of few actually heroically fighting with the monster of OpenSSL, now OpenSSL Foundation) was my close colleague. One, historically completely unimportant consequence of the whole debacle was that I have finally decided to take all those patches we, Red Hat, had over the dead body of M2Crypto, the oldest and then the most complete Python bindings for OpenSSL, and make an upstream for it, now at https://sr.ht/~mcepl/m2crypto/, adding patches from all other distros, and porting whole monster to Python 3. What I also remember was that LibreSSL first claimed that any programmer can maintain OpenSSL if they are not complete morons, promising complete API compatibility, then sliding more and more from that position. I had periodically annoying demands on the M2Crypto issue tracker demanding switch to supporting LibreSSL. Whenever I suggested that a patch making M2Crypto build with LibreSSL would be considered, if they promised to maintain it, I have never heard from them since. I still believe that making such a patch would not be out of question, if anybody wish to making it and maintaining it, but nobody did, and now probably anybody reasonable should care more about Cryptography (more modern Python binding) anyway. Best, Matěj -- http://matej.ceplovi.cz/blog/, @mcepl@en.osm.town GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Home is where ~/.profile is. -- from Usenet
On Thu, Mar 6, 2025 at 11:01 AM Andrei Borzenkov <arvidjaar@gmail.com> wrote:
Hmm ... so far libsolv took the first matching package in alphabetical order. Which means, zypper should still have picked libopenssl-devel. There must be something else that affects this decision. Or something changed in libsolv.
On 3/6/25 2:26 AM, Andrei Borzenkov wrote:
I've got no other ideas. I really just went through my normal install. Then started loading a few additional packages and configuring, e.g. webserver, php, databases. Then rpmtools, osc, arm-none-eabi. Then was surprised when the solver started showing issues that led to discovering libressl-devel had been installed. I'm happy to dump more of the logs or send them to you if you like. I'm just glad to have openssl back and the solver happy again. -- David C. Rankin, J.D.,P.E.
On 3/2/25 5:28 PM, Neal Gompa wrote:
We did not change to LibreSSL. I don't know how you have that.
Good! I can rip it out. I thought it was an intentional change because when I looked at the package information I got: $ rqi libressl-devel Name : libressl-devel Version : 4.0.0 Release : 1.2 Architecture: x86_64 Install Date: Thu 27 Feb 2025 07:31:02 PM CST Group : Development/Libraries/C and C++ Size : 1155787 License : OpenSSL Signature : RSA/SHA512, Thu 09 Jan 2025 07:43:33 PM CST, Key ID 35a2f86e29b700a4 Source RPM : libressl-4.0.0-1.2.src.rpm Build Date : Tue 15 Oct 2024 04:13:03 PM CDT Build Host : reproducible Packager : https://bugs.opensuse.org Vendor : openSUSE URL : https://www.libressl.org/ Summary : Development files for LibreSSL, an SSL/TLS protocol implementation Description : LibreSSL is an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It derives from OpenSSL, with the aim of refactoring the OpenSSL code so as to provide a more secure implementation. This subpackage contains libraries and header files for developing applications that want to make use of libressl. Distribution: openSUSE Tumbleweed -- David C. Rankin, J.D.,P.E.
On Monday 2025-03-03 00:28, Neal Gompa wrote:
zypper does not *change* from one provider to another unless explicitly requested by the user way of e.g. `zypper in -f libressl-devel`. libzypp may however propose its installation if you install something that desires libcrypto.pc, the system does not yet have libcrypto.pc(!), and if employing libressl-devel to provide libcrypto.pc makes for an algorithmically satisfiable installation request.
The problem here is kdelibs3-devel which - usually erroneously - forces the openssl.org implementation of libcrypto.pc.
On 3/2/25 6:31 PM, Jan Engelhardt wrote:
Thanks Jan, I don't see why the devel packages can't use either so long as they can get the base dependency they need. I've passed that along to Yasuhiko to see if the -devel packages can be updated. No clue how libressl-devel got installed. I did a minimal-X install of Tumbleweed, and that was about all I've done with that box (other than installing gcc/g++, autoconf, automake, libtools, nginx, php and postgresql) as I was fighting selinux and the i915 lspcon probe fail, dpms triggered reboot issue. Removing libressl-devel and replacing with libopenssl-devel made everything happy from a dependency standpoint. Now, if the i915 issue gets resolved as well, we will be in business with this box... -- David C. Rankin, J.D.,P.E.
participants (8)
-
Andrei Borzenkov -
Axel Braun -
Carlos E. R. -
David C. Rankin -
Jan Engelhardt -
Matěj Cepl -
Neal Gompa -
Sarah Julia Kriesch