On Sun, Aug 12, 2018 at 4:39 AM Robert Marcano <rob...@marcanoonline.com>

> On Sat, Aug 11, 2018 at 8:07 PM Rex Dieter <rdie...@math.unl.edu> wrote:
>> Robert Marcano wrote:
>> > For example, someone developing against krb5-devel for a GSSAPI client,
>> > probably doesn't need openssl-devel installed, that they are linking
>> > against Kerberos doesn't means they use the same crypto library
>> > directly, they could use nss for example.
>> I think you're most likely going to need to deal with this on a
>> case-by-case
>> basis.  In this specific example, find out for sure if "probably doesn't
>> need openssl-devel" is entirely accurate or not, and take appropriate
>> measures.
> Not sure a case-by-case basis will always work, for example I force
> removed compat-openssl10-devel (rpm - e compat-openssl10-devel --nodeps)
> that is pulled by nodejs-devel, and I am able to link against NodeJS
> libraries, because the modules I need to build doesn't use OpenSSL. So
> compat-openssl10-devel should not be a hard dependency for nodejs-devel.
> Sadly the package maintainer think this is fine [1].
> A small packaging guideline change about reducing *-devel hard
> dependencies when they aren't  always required could help.
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1613852

The problem is that if you build Node.js with OpenSSL 1.0 and then you
build a native NPM module with OpenSSL 1.1, you’re going to have a bad day
trying to run it. I’m pretty sure you’re going to have a symbol conflict at
runtime that will be hard to identify. (And will lead to me getting BZs
about it).

That said, maybe this can be solved in a different way (and one that could
handle switching OpenSSL versions within a release if needed). We might
provide a macro in the nodejs-devel package (not nodejs-packaging) that
records which OpenSSL we compiled against and then put in the guidelines
that native NPMs that need OpenSSL must use that macro for BuildRequires.

I’m about to head to the airport after Flock, but I’ll think about this a
bit in-transit and see what I come up with.

devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 

Reply via email to