Bug 1460516 - dnf shouldn't allow you to remove its dependencies [NEEDINFO]
dnf shouldn't allow you to remove its dependencies
Product: Fedora
Classification: Fedora
Component: openssl (Show other bugs)
x86_64 Linux
unspecified Severity urgent
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2017-06-11 14:23 EDT by Randy Barlow
Modified: 2017-12-14 10:12 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-12-14 10:12:24 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
tmraz: needinfo? (randy)

Attachments (Terms of Use)
coredumpctl info (5.92 KB, text/plain)
2017-06-11 14:23 EDT, Randy Barlow
no flags Details
debugdata folder (6.52 MB, application/x-bzip)
2017-06-23 16:52 EDT, Randy Barlow
no flags Details
dnf output (3.08 KB, text/plain)
2017-06-23 16:53 EDT, Randy Barlow
no flags Details

  None (edit)
Description Randy Barlow 2017-06-11 14:23:54 EDT
Created attachment 1286848 [details]
coredumpctl info

Description of problem:
Today I used dnf to install some build dependencies for erlang. After I installed those dependencies, dnf segfaults.

Version-Release number of selected component (if applicable):

How reproducible:
Every time.

Steps to Reproduce:
1. Run dnf

Actual results:
$ dnf
Segmentation fault (core dumped)

Expected results:
dnf should not segfault.

Additional info:
I am attaching coredump info.
Comment 1 Randy Barlow 2017-06-11 14:29:04 EDT
I believe this may be connected to dnf having wanted to install compat-openssl10-devel-1:1.0.2j-6.fc26.x86_64 instead of openssl-devel. Since it was a devel library, I used the --allowerasing option. Ever since that replacement was made, dnf does not work (which is surprising, given that it is a devel package).
Comment 2 Randy Barlow 2017-06-11 14:40:05 EDT
I was able to use rpm to get my system working again:

$ sudo rpm -e compat-openssl10-devel && sudo rpm -U https://kojipkgs.fedoraproject.org//packages/openssl/1.1.0f/2.fc27/x86_64/openssl-libs-1.1.0f-2.fc27.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/openssl/1.1.0f/2.fc27/x86_64/openssl-devel-1.1.0f-2.fc27.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/openssl/1.1.0f/2.fc27/x86_64/openssl-1.1.0f-2.fc27.x86_64.rpm

It might be good to have dnf disallow removing libraries that it depends on itself.
Comment 3 Randy Barlow 2017-06-11 14:48:38 EDT
Or alternatively, dnf could at least warn you that you are removing its dependencies with some kind of "are you sure?" prompt. Also, it's curious that dnf allowed me to remove openssl without it removing dnf itself too.
Comment 4 Igor Gnatenko 2017-06-12 01:51:27 EDT
That sounds like a packaging problem...
Comment 5 Igor Gnatenko 2017-06-14 07:30:20 EDT
Can you reproduce this? If yes, please re-run with --debugsolver and attach debugdata directory... Then I can take a look why it broke DNF...

if not, please close this bug as NOTABUG.
Comment 6 Randy Barlow 2017-06-23 16:52:19 EDT
Hi Igor!

I can reproduce it, but only by using --allowerasing. Here's some reproducer steps:

0. fedpkg clone erlang
1. sudo dnf builddep erlang.spec --debugsolver

I'll attach the folder and a file with the output of dnf.
Comment 7 Randy Barlow 2017-06-23 16:52 EDT
Created attachment 1291276 [details]
debugdata folder
Comment 8 Randy Barlow 2017-06-23 16:53 EDT
Created attachment 1291277 [details]
dnf output
Comment 9 Igor Gnatenko 2017-07-01 13:29:48 EDT
Well, swapping devel subpackages should be completely fine... If that breaks system, that's packaging fault but not DNF...

I have suspicion that something tries to dlopen unversioned libcrypto and after transaction version mismatches and everything just explodes.

Reassigning to openssl for additional help.

Try to build such packages in mock, btw.
Comment 10 Tomas Mraz 2017-07-10 07:33:31 EDT
Can you please provide full stack trace from the crash? The original stack trace attached is not much helpful as there is no libcrypto mentioned at all.

And yes, if something opens libcrypto by unversioned .so this needs to be fixed. But we need to find what does it. If you remove both compat-openssl10-devel and openssl-devel does dnf still crash?
Comment 11 Jan Kurik 2017-08-15 02:57:16 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 27 development cycle.
Changing version to '27'.

Note You need to log in before you can comment on or make changes to this bug.