Upgrading 12SP5 with openssl1.1.1
Hi, I have below requirement. I have 12SP5 that is having default Openssl1.0.2-fips. Now due to some CVS, we need to upgrade to Openssl1.1.1. In suse manager i can see the version 1.1.1d and in our config file, we mentioned only openssl1.1.1d versions. But after we get the image, I see both rpms of 1.0.2 and 1.1.1d are available and two packages with openssl and openssl-1_1 are avail under /usr/bin folder. To make it 1.1.1d version i have renamed openssl1.1.1d as openssl so thats taken care now. But I see both openssl versions are available. I want to know even if I forced to pull only 1.1.1d version, why is it pulling both the versions? I am quite new here. Could someone give an idea as what could be done to get only 1.1.1d rpms.?
Thanks,
Comments
@Ramakrishna Hi and welcome to the Forum
Can you show the output from
zypper se -si sslAFAIK you should be able to remove the old version?Thanks Lewis. But am not able to delete still.
zypper se -si ssl
Download (curl) error for 'https://localhost/srsupdates/repodata/repomd.xml?ssl_verify=no':
Error code: Connection failed
Error message: Failed to connect to localhost port 443: Connection refused
Abort, retry, ignore? [a/r/i/...? shows all options] (a): a
Error building the cache:
[srs_ve_x86_64-Updates|https://localhost/srsupdates/?ssl_verify=no] Valid metadata not found at specified URL
Warning: Skipping repository 'srs_ve_x86_64-Updates' because of the above error.
Some of the repositories have not been refreshed because of an error.
Loading repository data...
Reading installed packages...
S | Name | Type | Version | Arch | Repository
---+------------------------+---------+---------------+--------+------------------
i | libopenssl-1_0_0-devel | package | 1.0.2p-3.30.1 | x86_64 | (System Packages)
i+ | libopenssl-devel | package | 1.0.2p-1.13 | noarch | (System Packages)
i | libopenssl1_0_0 | package | 1.0.2p-3.30.1 | x86_64 | (System Packages)
i | libopenssl1_0_0-32bit | package | 1.0.2p-3.30.1 | x86_64 | (System Packages)
i+ | libopenssl1_1 | package | 1.1.1d-2.27.1 | x86_64 | (System Packages)
i+ | libopenssl1_1-32bit | package | 1.1.1d-2.27.1 | x86_64 | (System Packages)
i | libxmlsec1-openssl1 | package | 1.2.28-2.12.1 | x86_64 | (System Packages)
i | openssl | package | 1.0.2p-1.13 | noarch | (System Packages)
i | openssl-1_0_0 | package | 1.0.2p-3.30.1 | x86_64 | (System Packages)
i+ | openssl-1_1 | package | 1.1.1d-2.27.1 | x86_64 | (System Packages)
Sorry..Pls ignore the older post..When I search the packages with the command u mentioned above i see this
S | Name | Type | Version | Arch | Repository
---+------------------------+---------+---------------+--------+------------------
i | libopenssl-1_0_0-devel | package | 1.0.2p-3.30.1 | x86_64 | (System Packages)
i+ | libopenssl-devel | package | 1.0.2p-1.13 | noarch | (System Packages)
i | libopenssl1_0_0 | package | 1.0.2p-3.30.1 | x86_64 | (System Packages)
i | libopenssl1_0_0-32bit | package | 1.0.2p-3.30.1 | x86_64 | (System Packages)
i+ | libopenssl1_1 | package | 1.1.1d-2.27.1 | x86_64 | (System Packages)
i+ | libopenssl1_1-32bit | package | 1.1.1d-2.27.1 | x86_64 | (System Packages)
i | libxmlsec1-openssl1 | package | 1.2.28-2.12.1 | x86_64 | (System Packages)
i | openssl | package | 1.0.2p-1.13 | noarch | (System Packages)
i | openssl-1_0_0 | package | 1.0.2p-3.30.1 | x86_64 | (System Packages)
i+ | openssl-1_1 | package | 1.1.1d-2.27.1 | x86_64 | (System Packages)
@Ramakrishna Hi, so if you try to remove the old libraries what happens?
zypper rm libopenssl-1_0_0-devel libopenssl-devel libopenssl1_0_0 libopenssl1_0_0-32bit openssl openssl-1_0_0@malcolmlewis If I am removing them manually, its removing all the other rpms in my image. There are about 260rpms that are dependent and are getting removed.
zypper rm libopenssl-1_0_0-devel libopenssl-devel libopenssl1_0_0 libopenssl1_0_0-32bit openssl openssl-1_0_0
Loading repository data...
Warning: No repositories defined. Operating only with the installed resolvables. Nothing can be installed.
Reading installed packages...
Resolving package dependencies...
The following 262 packages are going to be REMOVED:
@Ramakrishna Hi and ouch! I suspect since you have no online repositories enabled, the packages that would have rebuilt with the later version of openssl and installed at the same time are causing the issues.
@malcolmlewis Not really Lewis. Actually we have a config xml file that pulls the rpms from suse manager, during our image creation. and this will be done by our devops team. It does have a repo. But the my precise question is as following:
But this in turn is pulling 1.0.2 as well. and then after deployment of my image i see the default version as 1.0.2. As mentioned earlier to make it 1.1.1 I need rename the package of openssl-1_1 to default.
I have specifically mentioned in my config file to pull rpm related to 1.1.1 only ...
I was going through forum posts , i see similar issue but that was also not fully solved.
https://forums.suse.com/discussion/comment/61207#Comment_61207
@Ramakrishna Hi, Ahh, ok, then you should be able to set a version string, or (I'm assuming an update repo?), then set the priority of the repo, org just get rid of the old version of the SuMA instance....