Bug 2421797
| Summary: | openssl3-3.5.1-6.1.el8 introduces unresolvable dependency on fips-provider-so | ||
|---|---|---|---|
| Product: | [Fedora] Fedora EPEL | Reporter: | Daniel Wang <wangdan> |
| Component: | openssl3 | Assignee: | Michel Lind <michel> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | epel8 | CC: | david.baran, epel-packagers-sig, ilias, john.grawl, michel, miturria, mmielke, sstagnar, yuto |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | openssl3-3.5.1-6.2.el8 | Doc Type: | --- |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2025-12-24 01:32:58 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
For now I have just skipped the update of openssl3, until this is fixed. The openssl3 package was merged from CentOS stream, which includes a separate 'openssl-fips-provider' package https://rpmfind.net/linux/RPM/centos-stream/9/baseos/x86_64/openssl-fips-provider-3.5.1-5.el9.x86_64.html The centos package provides 'fips-provider-so' and contains /usr/lib64/ossl-modules/fips.so openssl3-fips-provider was never built or published for epel 8. Please build and publish openssl3-fips-provider for epel8. Saw the same issue here: Error: Problem 1: conflicting requests - nothing provides fips-provider-so needed by openssl3-libs-3.5.1-6.1.el8.x86_64 from epel Problem 2: package openssl3-devel-3.5.1-6.1.el8.x86_64 from epel requires openssl3-libs(x86-64) = 3.5.1-6.1.el8, but none of the providers can be installed - package openssl3-devel-3.5.1-6.1.el8.x86_64 from epel requires libcrypto.so.3()(64bit), but none of the providers can be installed - package openssl3-devel-3.5.1-6.1.el8.x86_64 from epel requires libssl.so.3()(64bit), but none of the providers can be installed - conflicting requests - nothing provides fips-provider-so needed by openssl3-libs-3.5.1-6.1.el8.x86_64 from epel Optional resolution/worksround: Build fips-provider-next package from RHEL9 src - https://access.cdn.redhat.com/content/origin/rpms/fips-provider-next/1.2.0/5.el9/fd431d51/fips-provider-next-1.2.0-5.el9.src.rpm? mv fips-provider-next-1.2.0-5.el9.src.rpm fips-provider-next-1.2.0-5.el8.src.rpm rpm -i fips-provider-next-1.2.0-5.el8.src.rpm vi SPEC/fips-provider-next.spec (comment out line 11 - #%bcond check 1 - which is in rpm 1.17.1 and later - but not 4.14.3) rpmbuild -bb SPEC/fips-provider-next.spec Verified: dnf upgrade openssl3-3.5.1-6.1.el8.x86_64.rpm openssl3-devel-3.5.1-6.1.el8.x86_64.rpm openssl3-libs-3.5.1-6.1.el8.x86_64.rpm /root/rpmbuild/RPMS/x86_64/fips-provider-next-1.2.0-5.el8.x86_64.rpm Dependencies resolved. ================================================================================================================================================================================================================================================== Package Architecture Version Repository Size ================================================================================================================================================================================================================================================== Upgrading: openssl3 x86_64 3.5.1-6.1.el8 @commandline 1.4 M openssl3-devel x86_64 3.5.1-6.1.el8 @commandline 2.8 M openssl3-libs x86_64 3.5.1-6.1.el8 @commandline 2.3 M Installing dependencies: fips-provider-next x86_64 1.2.0-5.el8 @commandline 2.2 M Transaction Summary ================================================================================================================================================================================================================================================== Install 1 Package Upgrade 3 Packages Ah, interesting. This package must be blocked somehow On the mock chroot I used for testing local builds: <mock-chroot> sh-4.4# rpm -q --provides openssl3-fips-provider fips-provider-so openssl3-fips-provider = 3.5.1-6.1.el8 openssl3-fips-provider(aarch-64) = 3.5.1-6.1.el8 But on a clean install Error: Problem: package openssl3-3.5.1-6.1.el8.aarch64 from epel requires openssl3-libs(aarch-64) = 3.5.1-6.1.el8, but none of the providers can be installed - package openssl3-3.5.1-6.1.el8.aarch64 from epel requires libcrypto.so.3()(64bit), but none of the providers can be installed - package openssl3-3.5.1-6.1.el8.aarch64 from epel requires libssl.so.3()(64bit), but none of the providers can be installed - package openssl3-3.5.1-6.1.el8.aarch64 from epel requires libcrypto.so.3(OPENSSL_3.0.0)(64bit), but none of the providers can be installed - package openssl3-3.5.1-6.1.el8.aarch64 from epel requires libssl.so.3(OPENSSL_3.0.0)(64bit), but none of the providers can be installed - package openssl3-3.5.1-6.1.el8.aarch64 from epel requires libcrypto.so.3(OPENSSL_3.0.1)(64bit), but none of the providers can be installed - package openssl3-3.5.1-6.1.el8.aarch64 from epel requires libcrypto.so.3(OPENSSL_3.0.9)(64bit), but none of the providers can be installed - package openssl3-3.5.1-6.1.el8.aarch64 from epel requires libcrypto.so.3(OPENSSL_3.2.0)(64bit), but none of the providers can be installed - package openssl3-3.5.1-6.1.el8.aarch64 from epel requires libcrypto.so.3(OPENSSL_3.3.0)(64bit), but none of the providers can be installed - package openssl3-3.5.1-6.1.el8.aarch64 from epel requires libcrypto.so.3(OPENSSL_3.4.0)(64bit), but none of the providers can be installed - package openssl3-3.5.1-6.1.el8.aarch64 from epel requires libcrypto.so.3(OPENSSL_3.5.0)(64bit), but none of the providers can be installed - package openssl3-3.5.1-6.1.el8.aarch64 from epel requires libssl.so.3(OPENSSL_3.2.0)(64bit), but none of the providers can be installed - package openssl3-3.5.1-6.1.el8.aarch64 from epel requires libssl.so.3(OPENSSL_3.4.0)(64bit), but none of the providers can be installed - conflicting requests - nothing provides fips-provider-so needed by openssl3-libs-3.5.1-6.1.el8.aarch64 from epel (try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages) I'll strip out fips-provider since it does not really make sense in EPEL anyway FEDORA-EPEL-2025-120a455170 (openssl3-3.5.1-6.2.el8) has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-120a455170 FEDORA-EPEL-2025-120a455170 has been pushed to the Fedora EPEL 8 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-120a455170 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-EPEL-2025-120a455170 (openssl3-3.5.1-6.2.el8) has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report. |
The recent release of openssl3{,-devel,-libs}-3.5.1-6.1.el8 to EPEL 8 adds an unresolvable dependency on fips-provider-so, which was introduced in RHEL 9. $ dnf install openssl3-libs Extra Packages for Enterprise Linux 8 - x86_64 11 MB/s | 14 MB 00:01 Last metadata expiration check: 0:00:04 ago on Fri Dec 12 17:30:59 2025. Error: Problem: conflicting requests - nothing provides fips-provider-so needed by openssl3-libs-3.5.1-6.1.el8.x86_64 from epel (try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)