On 08/12/2018 12:32 AM, Stephen Gallagher wrote:
On Sun, Aug 12, 2018 at 4:39 AM Robert Marcano <robert@xxxxxxxxxxxxxxxxx
<mailto:robert@xxxxxxxxxxxxxxxxx>> wrote:
On Sat, Aug 11, 2018 at 8:07 PM Rex Dieter <rdieter@xxxxxxxxxxxx
<mailto:rdieter@xxxxxxxxxxxx>> wrote:
Robert Marcano wrote:
> For example, someone developing against krb5-devel for a
GSSAPI client,
> probably doesn't need openssl-devel installed, that they are
linking
> against Kerberos doesn't means they use the same crypto library
> directly, they could use nss for example.
I think you're most likely going to need to deal with this on a
case-by-case
basis. In this specific example, find out for sure if "probably
doesn't
need openssl-devel" is entirely accurate or not, and take
appropriate
measures.
Not sure a case-by-case basis will always work, for example I force
removed compat-openssl10-devel (rpm - e compat-openssl10-devel
--nodeps) that is pulled by nodejs-devel, and I am able to link
against NodeJS libraries, because the modules I need to build
doesn't use OpenSSL. So compat-openssl10-devel should not be a hard
dependency for nodejs-devel. Sadly the package maintainer think this
is fine [1].
A small packaging guideline change about reducing *-devel hard
dependencies when they aren't always required could help.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1613852
The problem is that if you build Node.js with OpenSSL 1.0 and then you
build a native NPM module with OpenSSL 1.1, you’re going to have a bad
day trying to run it. I’m pretty sure you’re going to have a symbol
conflict at runtime that will be hard to identify. (And will lead to me
getting BZs about it).
Don't take it wrong, I understand the decision to go back to OpenSSL
1.0, but at that time there was no concern of people already having
modules linked against 1.1 and suddenly 1.0 was loaded on NodeJS with an
update. (Note I personally build my node modules inside a bubblewrapped
process with no network so I can avoid those prebuilt binaries npm
packages tend to download, they are annoying) but that is off-topic to
this discussion
My problem with the dependency is that is is hard dependency with a
compat-*-devel package. After I forcefully removed
compat-openssl10-devel I could build non OpenSSL modules without problem.
# ldd ./node-sass/build/Release/obj.target/binding.node
sass/build/Release/obj.target/binding.node'
linux-vdso.so.1 (0x00007ffd73af4000)
libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007fadc0303000)
libm.so.6 => /lib64/libm.so.6 (0x00007fadbff6f000)
libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fadbfd57000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fadbfb38000)
libc.so.6 => /lib64/libc.so.6 (0x00007fadbf779000)
/lib64/ld-linux-x86-64.so.2 (0x00007fadc0b5d000)
That said, maybe this can be solved in a different way (and one that
could handle switching OpenSSL versions within a release if needed). We
might provide a macro in the nodejs-devel package (not nodejs-packaging)
that records which OpenSSL we compiled against and then put in the
guidelines that native NPMs that need OpenSSL must use that macro for
BuildRequires.
Thanks for thinking about it, but think about outside Fedsora rpm
building processes. I build my code (a mix of Java/C/Rust/JavaScript) on
a builder with preloaded dependencies, to make this work (without
forcefully removing dependencies) I will need to install nodejs-devel,
build the node modules, then remove nodejs-devel and reinstall
openssl-devel to build native code that links to OpenSSL.
The problem here is that compat-openssl10-devel conflicts with
openssl-devel, that I think this is intentional. What about a Recommends
instead of Requires, Fedora RPM builds do a clean install of
dependencies, so they will pull compat-openssl10-devel, but let
developers at their machines choose at their own expense, to remove it
without --nodeps hacks.
And thinking about it, a lot *-devel packages interdependencies should
be Recommends and not Requires. It would be great if running
dnf --setopt=install_weak_deps=False install <package-devel>
worked only pulling strictly required dependencies.
I’m about to head to the airport after Flock, but I’ll think about this
a bit in-transit and see what I come up with.
My workaround is --nodeps remove compat-openssl10-devel, so there is no
rush. But people that have openssl-devel and nodejs-devel installed and
do only graphical updates, will not notice their updates to nodejs are
broken.
Enjoy Flock
<https://bugzilla.redhat.com/show_bug.cgi?id=1613852>
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/5WZQVHPHCOJEHJYI7FK7O7YEEFC2RBP7/
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/3XE6B6PID4NRXOXWFUMNQ2CI4THRXNV6/
