Bug 1213176

Summary: Unable to build kanidm when openssl3 is a hard requirement
Product: [openSUSE] openSUSE Distribution Reporter: William Brown <william.brown>
Component: MaintenanceAssignee: Mr Maintenance <maintenance>
Status: NEW --- QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: meissner
Version: Leap 15.5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description William Brown 2023-07-10 08:59:43 UTC 
OBS with leap 15.5 is unable to build packages when they have a hard requirement of openssl-3 (such as kanidm).

This is visible in our pre-release build project here https://build.opensuse.org/project/monitor/home:firstyear:kanidm?arch_x86_64=1&defaults=0&repo_15_5=1&unresolvable=1

There appears to be no way for me as a packager to resolve this from my view :(
Comment 1 Marcus Meissner 2023-07-10 13:00:48 UTC 
libopenssl-1_1-devel is dragged in by anohter devel packcage.

currently testing a 

#!BuildIgnore: libopenssl-1_1-devel

build.
Comment 2 Marcus Meissner 2023-07-10 13:13:13 UTC 
Index: kanidm.spec
===================================================================
--- kanidm.spec (revision 100)
+++ kanidm.spec (revision 2)
@@ -34,6 +34,7 @@
 BuildRequires:  rust >= 1.64.0
 BuildRequires:  sqlite-devel
 BuildRequires:  tpm2-0-tss-devel
+#!BuildIgnore: libopenssl-1_1-devel
 # BuildRequires:  tpm2-openssl


has built here.

this is a bit unwieldy i have to admit.
Comment 3 William Brown 2023-07-11 00:09:37 UTC 
(In reply to Marcus Meissner from comment #2)
> Index: kanidm.spec
> ===================================================================
> --- kanidm.spec (revision 100)
> +++ kanidm.spec (revision 2)
> @@ -34,6 +34,7 @@
>  BuildRequires:  rust >= 1.64.0
>  BuildRequires:  sqlite-devel
>  BuildRequires:  tpm2-0-tss-devel
> +#!BuildIgnore: libopenssl-1_1-devel
>  # BuildRequires:  tpm2-openssl
> 
> 
> has built here.
> 
> this is a bit unwieldy i have to admit.

Yeah. We require tpm2-0-tss for future tpm binding of client hashes - but we also need openssl3 for webaithn to work correctly.

But if tpm2-0-tss is dragging in openssl-1 won't there be issues later at run time because we can only have openssl 1 or 3?