[Bug 1794589] Re: libssl1.0-dev conflicts libssl-dev

[Steve Langasek]

On Fri, Nov 02, 2018 at 08:01:23PM -0000, Dan Kegel wrote:
> The following packages have unmet dependencies:
>  nodejs-dev : Depends: libssl1.0-dev (>= 1.0.2) but it is not going to be installed
> E: Unable to correct problems, you have held broken packages.

> In other words, the current nodejs-dev does not fit into the Ubuntu
> 18.04 ecosystem.

I understand that these packages are not coinstallable.  That is not per se
a requirement for -dev packages in Ubuntu.

What is your use case for these packages being installed together?

If it's to provide a single host environment where separate software
components build-depending on each of nodejs-dev and libssl-dev can be
built, that is not sufficient rationale for changing the current behavior. 
The workaround is for each software component to be built in its own
separate environment with the -dev packages that it requires.

If you have a single software component which you are trying to build, which
is implemented in node and uses libssl, then it should be built against
libssl1.0-dev since that is the version compatible with nodejs-dev in
bionic.

If you have a single software component which is implemented in node and
also must build against another library which depends on libssl-dev, then
and only then should we evaluate changes to the -dev packages to support
this.

In our analysis of the archive for the previous SRU, we did not identify
any packages in the Ubuntu archive which fell into this last category, but
there may be some other software out there which wasn't found in our search.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl1.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1794589

Title:
  libssl1.0-dev conflicts libssl-dev

Status in nodejs package in Ubuntu:
  Invalid
Status in openssl1.0 package in Ubuntu:
  Won't Fix
Status in nodejs source package in Bionic:
  Invalid
Status in openssl1.0 source package in Bionic:
  Won't Fix
Status in nodejs source package in Cosmic:
  Invalid
Status in openssl1.0 source package in Cosmic:
  Won't Fix

Bug description:
  [impact]

  The libssl1.0-dev package conflicts with the libssl-dev package, so
  this leads to all packages that depend on libssl1.0-dev to conflict
  with all packages that depend on libssl-dev; as well as all packages
  that depend on those packages (and so on).

  [test case]

  On a Bionic system (or Cosmic), install libssl-dev, and/or any package that depends on it:
  http://qa.ubuntuwire.org/rdepends/v1/bionic/any/libssl-dev

  Then, try to install libssl1.0-dev, or any package that depends on it:
  http://qa.ubuntuwire.org/rdepends/v1/bionic/any/libssl1.0-dev

  see comment 15 for an example of some packages that are force-removed
  when installing libssl1.0-dev, due to conflict.

  [regression potential]

  TBD after fix is determined

  [other info]

  Original description:

  ---

  The fix for https://bugs.launchpad.net/ubuntu/+source/nodejs/+bug/1779863
  is, not surprisingly, somewhat traumatic for some users.

  In my case, installing libssl1.0-dev causes libcurl4-openssl-dev,
  libssh-dev, and libssl-dev to be uninstalled, which makes some of our
  internal packages fail to build.

  Commenting out universe from bionic-updates in /etc/apt/sources.list
  would work around this, but that's not going to fly for everybody.

  nodejs appears to be the tail wagging the dog now, and that's rather
  uncomfortable.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: nodejs-dev (not installed)
  ProcVersionSignature: Ubuntu 4.15.0-34.37-generic 4.15.18
  Uname: Linux 4.15.0-34-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.3
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Sep 26 11:03:51 2018
  SourcePackage: nodejs
  UpgradeStatus: Upgraded to bionic on 2018-04-30 (148 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nodejs/+bug/1794589/+subscriptions