Bug 1048982 - Nodejs from EPEL won't install on CentOS <6.5
Summary: Nodejs from EPEL won't install on CentOS <6.5
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: nodejs
Version: el6
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: T.C. Hollingsworth
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2014-01-06 17:05 UTC by Cristian Magherusan-Stanciu
Modified: 2014-01-06 17:37 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-01-06 17:37:15 UTC
Type: Bug

Attachments (Terms of Use)

Description Cristian Magherusan-Stanciu 2014-01-06 17:05:03 UTC
Description of problem:
The nodejs version from EPEL won't install on CentOS versions < 6.5 due to missing dependency on openssl >=1.0.1e.

Version-Release number of selected component (if applicable):
nodejs 0.24-1

Steps to Reproduce:
1. Attempt to install nodejs from EPEL on a CentOS 6.4 installation

Actual results:
Error: Package: nodejs-0.10.24-1.el6.x86_64 (epel)
           Requires: libssl.so.10(libssl.so.10)(64bit)
Error: Package: nodejs-0.10.24-1.el6.x86_64 (epel)
           Requires: libcrypto.so.10(libcrypto.so.10)(64bit)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

Expected results:
The package would install 

Additional info:
As a workaround, we had to install openssl-1.0.1e-16.el6_5.1.x86_64 from the CentOS 6.5 updates repository as we can't afford to update the entire system to 6.5 just yet, then nodejs installed fine.

The previous nodejs package compatible with older CentOS releases was deleted from EPEL immediately after the update.

Comment 1 Stephen Gallagher 2014-01-06 17:37:15 UTC
Node.js picks up a dependency based on the version of openssl that is in the buildroot when the build happens. This is actually to the good, because Node.js compiled against openssl 1.0.0 was known to have certain limitations. (Specifically, Node.js technically relied on several patches that were only included in OpenSSL 1.0.1). When we originally build Node.js for EPEL 6, we opted for a "see what breaks" approach. We knew that certain TLS interactions would have trouble, but we decided to forge ahead and hope things didn't collapse (we were lucky, and apparently no one hit the limitations).

So here's the summary: we can't actually go back to supporting 6.4 and earlier for the following reasons.
1) We can only build against what's available in the buildroot, and because EPEL's buildroot always contains the latest stable version of RHEL, it's impossible for us to go back.

2) The old version was known to be broken in certain situations that we were just lucky no one hit. This version is not susceptible to those same limitations.

Finally, as you noted, it's possible to update only the openssl package from 6.5+ and retain the desired behavior, so there's a fairly simple workaround.

Note You need to log in before you can comment on or make changes to this bug.