Red Hat Bugzilla – Bug 1460516
dnf shouldn't allow you to remove its dependencies
Last modified: 2017-12-14 10:12:24 EST
Created attachment 1286848 [details]
Description of problem:
Today I used dnf to install some build dependencies for erlang. After I installed those dependencies, dnf segfaults.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Run dnf
Segmentation fault (core dumped)
dnf should not segfault.
I am attaching coredump info.
I believe this may be connected to dnf having wanted to install compat-openssl10-devel-1:1.0.2j-6.fc26.x86_64 instead of openssl-devel. Since it was a devel library, I used the --allowerasing option. Ever since that replacement was made, dnf does not work (which is surprising, given that it is a devel package).
I was able to use rpm to get my system working again:
$ sudo rpm -e compat-openssl10-devel && sudo rpm -U https://kojipkgs.fedoraproject.org//packages/openssl/1.1.0f/2.fc27/x86_64/openssl-libs-1.1.0f-2.fc27.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/openssl/1.1.0f/2.fc27/x86_64/openssl-devel-1.1.0f-2.fc27.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/openssl/1.1.0f/2.fc27/x86_64/openssl-1.1.0f-2.fc27.x86_64.rpm
It might be good to have dnf disallow removing libraries that it depends on itself.
Or alternatively, dnf could at least warn you that you are removing its dependencies with some kind of "are you sure?" prompt. Also, it's curious that dnf allowed me to remove openssl without it removing dnf itself too.
That sounds like a packaging problem...
Can you reproduce this? If yes, please re-run with --debugsolver and attach debugdata directory... Then I can take a look why it broke DNF...
if not, please close this bug as NOTABUG.
I can reproduce it, but only by using --allowerasing. Here's some reproducer steps:
0. fedpkg clone erlang
1. sudo dnf builddep erlang.spec --debugsolver
I'll attach the folder and a file with the output of dnf.
Created attachment 1291276 [details]
Created attachment 1291277 [details]
Well, swapping devel subpackages should be completely fine... If that breaks system, that's packaging fault but not DNF...
I have suspicion that something tries to dlopen unversioned libcrypto and after transaction version mismatches and everything just explodes.
Reassigning to openssl for additional help.
Try to build such packages in mock, btw.
Can you please provide full stack trace from the crash? The original stack trace attached is not much helpful as there is no libcrypto mentioned at all.
And yes, if something opens libcrypto by unversioned .so this needs to be fixed. But we need to find what does it. If you remove both compat-openssl10-devel and openssl-devel does dnf still crash?
This bug appears to have been reported against 'rawhide' during the Fedora 27 development cycle.
Changing version to '27'.