Description of problem: There are pretty good chances that x86_64 installation has both openssl.x86_64 and openssl.i686 present due to dependency requirements of other packages. An attempt to update that to openssl-1.0.1-0.2.beta3 packages bumps into "protected multilib" errors because a corresponding version of openssl.i686 is no longer available. At least in those cases where I looked missing dependencies would be provided by openssl-libs.i686 but there is nothing which would cause that switch and yum gives up and abandons the whole transaction which would include mulitilib openssl updates. It is possible to work around that "manually" but that is beyond GUI tools capabilities. I am not sure how anaconda would handle that on distro upgrades. Most likely this will be a serious obstacle with 'yum distro-sync ....'. Is there a reasonable way to help yum to deal with the issue? Maybe to make openssl-libs to obsolete older versions of openssl? If openssl itself would be needed due to dependencies it will be updated anyway, I would think. Hm, with a new version of openssl for a given architecture available it would get updated anyway, no? Version-Release number of selected component (if applicable): openssl-1.0.1-0.2.beta3
I suppose that yum update (without explicit specification of a single package) on a repository that contains both updated x86_64 and i686 packages would work correctly. However you're right that if you ask explicitly 'yum update openssl' this will not work. I'll try it with adding the obsoletes, perhaps it will help.
(In reply to comment #1) > I suppose that yum update (without explicit specification of a single package) > on a repository that contains both updated x86_64 and i686 packages would work > correctly. Well, no, it does not. At least not in the current state. I bumped into that running a rawhide update with a lot of packages in it and the whole transaction was blocked due to this "protected multilib". That despite that openssl-libs.x86_64 and openssl-libs.i686 were available in repositories. I checked. Still yum attempted to get openssl.i686 in updates, failed to find a version corresponding to an update of openssl.x86_64 and chocked on the whole transaction. A presence of '--skip-broken' was, not surprisingly, of no help. This was rawhide so the simplest workaround was 'yum remove openssl.i686' with had no serious side-effects. A more subtle approach woule need 'yum shell'. > However you're right that if you ask explicitly 'yum update openssl' > this will not work. That will not work too.
(In reply to comment #1) > I'll try it with adding the obsoletes, perhaps it will help. It looks to me that it does help. My test was limited to '--force' installing openssl-1.0.1-0.1.beta2.fc17.i686.rpm on an x86_64 setup. With openssl-libs which now have "openssl < 1:1.0.1-0.3.beta3" in obsoletes I got in yum: Installing: openssl-libs i686 1:1.0.1-0.3.beta3.fc18 rawhide 821 k replacing openssl.i686 1.0.1-0.1.beta2.fc17 openssl-libs x86_64 1:1.0.1-0.3.beta3.fc18 rawhide 826 k replacing openssl.i686 1.0.1-0.1.beta2.fc17 replacing openssl.x86_64 1:1.0.1-0.2.beta3.fc18 and openssl.x86_64 was installed too due to dependencies. This appears to be a desired outcome.
That's great.