[Bug 1794589] Re: libssl1.0-dev conflicts libssl-dev

kapouer 1794589 at bugs.launchpad.net
Fri Nov 2 18:05:36 UTC 2018 

Le ven. 2 nov. 2018 à 18:41, Steve Langasek <steve.langasek at canonical.com>
a écrit :

> This is expected behavior.  These two stacks are incompatible, and while
> they use symbol versions so will not cause overt ABI problems when
> loaded into the same namespace, there are still some opaque structures
> that could be problems when passed between two libraries that each
> depend on different versions of openssl.  So the value of making the
> -dev packages coinstallable is small from the perspective of the
> distribution, the costs large given that relocating one or the other
> library means reverse-dependencies would also need updating to be able
> to find it at build time, and the risks of anything built against both
> versions of libssl significant.


Hi,

i've just dug into that matter, and here are my conclusions:
- it is quite easy to build and use embedded copy of openssl, and since
Node is doing its own security tracking, it might be a realistic solution
to just do that.
- upstream is developing openssl 1.1.1 compatibility, tests pass on linux,
see https://github.com/nodejs/node/issues/18770, in which case this is
needed to pass tests without heavily patching the test suite:
https://salsa.debian.org/js-team/nodejs/commit/60488253f26c6585a816e292a742fca40afee192
- breaking ABI is now covered by
https://github.com/nodejs/node/blob/master/BUILDING.md#note-for-downstream-distributors-of-nodejs,
so i opened an issue here for debian. I suppose ubuntu could use same
versions: https://github.com/nodejs/TSC/issues/621
- nodejs 10.13 is waiting in NEW/experimental. As soon as it is accepted
i'll backport the work on nodejs 8 branch, in case nodejs 10 doesn't make
it before debian freeze.

Jérémy

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl1.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1794589

Title:
  libssl1.0-dev conflicts libssl-dev

Status in nodejs package in Ubuntu:
  Invalid
Status in openssl1.0 package in Ubuntu:
  Won't Fix
Status in nodejs source package in Bionic:
  Invalid
Status in openssl1.0 source package in Bionic:
  Won't Fix
Status in nodejs source package in Cosmic:
  Invalid
Status in openssl1.0 source package in Cosmic:
  Won't Fix

Bug description:
  [impact]

  The libssl1.0-dev package conflicts with the libssl-dev package, so
  this leads to all packages that depend on libssl1.0-dev to conflict
  with all packages that depend on libssl-dev; as well as all packages
  that depend on those packages (and so on).

  [test case]

  On a Bionic system (or Cosmic), install libssl-dev, and/or any package that depends on it:
  http://qa.ubuntuwire.org/rdepends/v1/bionic/any/libssl-dev

  Then, try to install libssl1.0-dev, or any package that depends on it:
  http://qa.ubuntuwire.org/rdepends/v1/bionic/any/libssl1.0-dev

  see comment 15 for an example of some packages that are force-removed
  when installing libssl1.0-dev, due to conflict.

  [regression potential]

  TBD after fix is determined

  [other info]

  Original description:

  ---

  The fix for https://bugs.launchpad.net/ubuntu/+source/nodejs/+bug/1779863
  is, not surprisingly, somewhat traumatic for some users.

  In my case, installing libssl1.0-dev causes libcurl4-openssl-dev,
  libssh-dev, and libssl-dev to be uninstalled, which makes some of our
  internal packages fail to build.

  Commenting out universe from bionic-updates in /etc/apt/sources.list
  would work around this, but that's not going to fly for everybody.

  nodejs appears to be the tail wagging the dog now, and that's rather
  uncomfortable.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: nodejs-dev (not installed)
  ProcVersionSignature: Ubuntu 4.15.0-34.37-generic 4.15.18
  Uname: Linux 4.15.0-34-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.3
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Sep 26 11:03:51 2018
  SourcePackage: nodejs
  UpgradeStatus: Upgraded to bionic on 2018-04-30 (148 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nodejs/+bug/1794589/+subscriptions

More information about the foundations-bugs mailing list