Upgrading 12SP5 with openssl1.1.1

Hi, I have below requirement. I have 12SP5 that is having default Openssl1.0.2-fips. Now due to some CVS, we need to upgrade to Openssl1.1.1. In suse manager i can see the version 1.1.1d and in our config file, we mentioned only openssl1.1.1d versions. But after we get the image, I see both rpms of 1.0.2 and 1.1.1d are available and two packages with openssl and openssl-1_1 are avail under /usr/bin folder. To make it 1.1.1d version i have renamed openssl1.1.1d as openssl so thats taken care now. But I see both openssl versions are available. I want to know even if I forced to pull only 1.1.1d version, why is it pulling both the versions? I am quite new here. Could someone give an idea as what could be done to get only 1.1.1d rpms.?

Thanks,

Comments

  • malcolmlewismalcolmlewis Knowledge Partner

    @Ramakrishna Hi and welcome to the Forum :)
    Can you show the output from zypper se -si ssl AFAIK you should be able to remove the old version?

  • Thanks Lewis. But am not able to delete still.

    zypper se -si ssl
    Download (curl) error for 'https://localhost/srsupdates/repodata/repomd.xml?ssl_verify=no':
    Error code: Connection failed
    Error message: Failed to connect to localhost port 443: Connection refused

    Abort, retry, ignore? [a/r/i/...? shows all options] (a): a
    Error building the cache:
    [srs_ve_x86_64-Updates|https://localhost/srsupdates/?ssl_verify=no] Valid metadata not found at specified URL
    Warning: Skipping repository 'srs_ve_x86_64-Updates' because of the above error.
    Some of the repositories have not been refreshed because of an error.
    Loading repository data...
    Reading installed packages...

    S | Name | Type | Version | Arch | Repository
    ---+------------------------+---------+---------------+--------+------------------
    i | libopenssl-1_0_0-devel | package | 1.0.2p-3.30.1 | x86_64 | (System Packages)
    i+ | libopenssl-devel | package | 1.0.2p-1.13 | noarch | (System Packages)
    i | libopenssl1_0_0 | package | 1.0.2p-3.30.1 | x86_64 | (System Packages)
    i | libopenssl1_0_0-32bit | package | 1.0.2p-3.30.1 | x86_64 | (System Packages)
    i+ | libopenssl1_1 | package | 1.1.1d-2.27.1 | x86_64 | (System Packages)
    i+ | libopenssl1_1-32bit | package | 1.1.1d-2.27.1 | x86_64 | (System Packages)
    i | libxmlsec1-openssl1 | package | 1.2.28-2.12.1 | x86_64 | (System Packages)
    i | openssl | package | 1.0.2p-1.13 | noarch | (System Packages)
    i | openssl-1_0_0 | package | 1.0.2p-3.30.1 | x86_64 | (System Packages)
    i+ | openssl-1_1 | package | 1.1.1d-2.27.1 | x86_64 | (System Packages)

  • Sorry..Pls ignore the older post..When I search the packages with the command u mentioned above i see this
    S | Name | Type | Version | Arch | Repository
    ---+------------------------+---------+---------------+--------+------------------
    i | libopenssl-1_0_0-devel | package | 1.0.2p-3.30.1 | x86_64 | (System Packages)
    i+ | libopenssl-devel | package | 1.0.2p-1.13 | noarch | (System Packages)
    i | libopenssl1_0_0 | package | 1.0.2p-3.30.1 | x86_64 | (System Packages)
    i | libopenssl1_0_0-32bit | package | 1.0.2p-3.30.1 | x86_64 | (System Packages)
    i+ | libopenssl1_1 | package | 1.1.1d-2.27.1 | x86_64 | (System Packages)
    i+ | libopenssl1_1-32bit | package | 1.1.1d-2.27.1 | x86_64 | (System Packages)
    i | libxmlsec1-openssl1 | package | 1.2.28-2.12.1 | x86_64 | (System Packages)
    i | openssl | package | 1.0.2p-1.13 | noarch | (System Packages)
    i | openssl-1_0_0 | package | 1.0.2p-3.30.1 | x86_64 | (System Packages)
    i+ | openssl-1_1 | package | 1.1.1d-2.27.1 | x86_64 | (System Packages)

  • malcolmlewismalcolmlewis Knowledge Partner

    @Ramakrishna Hi, so if you try to remove the old libraries what happens?
    zypper rm libopenssl-1_0_0-devel libopenssl-devel libopenssl1_0_0 libopenssl1_0_0-32bit openssl openssl-1_0_0

  • @malcolmlewis If I am removing them manually, its removing all the other rpms in my image. There are about 260rpms that are dependent and are getting removed.
    zypper rm libopenssl-1_0_0-devel libopenssl-devel libopenssl1_0_0 libopenssl1_0_0-32bit openssl openssl-1_0_0
    Loading repository data...
    Warning: No repositories defined. Operating only with the installed resolvables. Nothing can be installed.
    Reading installed packages...
    Resolving package dependencies...

    The following 262 packages are going to be REMOVED:

  • malcolmlewismalcolmlewis Knowledge Partner

    @Ramakrishna Hi and ouch! I suspect since you have no online repositories enabled, the packages that would have rebuilt with the later version of openssl and installed at the same time are causing the issues.

  • edited January 13

    @malcolmlewis Not really Lewis. Actually we have a config xml file that pulls the rpms from suse manager, during our image creation. and this will be done by our devops team. It does have a repo. But the my precise question is as following:
    I have specifically mentioned in my config file to pull rpm related to 1.1.1 only ...
    But this in turn is pulling 1.0.2 as well. and then after deployment of my image i see the default version as 1.0.2. As mentioned earlier to make it 1.1.1 I need rename the package of openssl-1_1 to default.
    I was going through forum posts , i see similar issue but that was also not fully solved.
    https://forums.suse.com/discussion/comment/61207#Comment_61207

  • edited January 13

  • malcolmlewismalcolmlewis Knowledge Partner

    @Ramakrishna Hi, Ahh, ok, then you should be able to set a version string, or (I'm assuming an update repo?), then set the priority of the repo, org just get rid of the old version of the SuMA instance....

Sign In or Register to comment.