[SGVLUG] rpm hell

Jeff Carlson jeff at ultimateevil.org
Mon Nov 21 19:12:02 PST 2005 

Don Saxton wrote:
> Thanks.  I think you are asking the linux distro: redhat 8.0 and the rpm 
> for libmyswlclient is at 
> http://rpmseek.com/rpm-dl/libmysqlclient12-4.0.15-62447cl.i386.html?hl=com&cs=mysqlclient:PN:0:0:0:0:2294061 
> 
> the openssl I tried is at
> http://rpmseek.com/rpm-dl/openssl-0.9.7c-3mdk.i586.html?hl=com&cs=openssl:PN:0:0:0:0:1369281 
> 
> I think I have two holes in my knowledge : how rpm resolves dependencies 
> and how shared objects are versioned.
> 
> I am wondering  if I d/l the source for libssl and libcrypto and compile 
> whether that will be detected by an rpm install for  libmysqlclient.

Ouch.  No wonder it's not working for you.

First of all, RedHat 8.0 is old and unsupported.  Do you have a really 
good reason for failing to upgrade?  If you want the latest and 
greatest, get Fedora Core 4, it includes a fully working copy of 
everything you're trying to include here.  If you want long term support 
for your environment, get either RHEL 3 (costs money) or CentOS (free). 
  Notice I didn't use the word "stable?"  I believe misusing that term 
causes a misunderstanding that Fedora is somehow unstable.  It's not, 
but it won't be supported for very long, meaning you have to upgrade 
regularly.  (I don't mind this, some people do.)

Second, grabbing packages off rpmseek is kind of begging for trouble. 
Nobody really has to QA those packages.  Furthermore, you have the 
mysqlclient package from Connectiva Linux and OpenSSL from Mandrake. 
You might try grabbing the source RPMs for these and rebuilding them, 
but I wouldn't try it.  Again, just upgrade your box and it will be fine.

The discussion on how RPM records library versions and resolves 
dependencies is actually quite long.  Basically, every file installed 
via RPM is recorded along with which package it belongs to, its 
timestamp, size, checksum, whether or not that file is actually a 
directory or symlink, and some RPM specific meta data, like the fact the 
file is actually documentation (can be skipped with --excludedocs) or is 
a config file (checksum will change and will not be overwritten during 
an upgrade).

Every package also includes a list of known dependencies.  Most of these 
are discovered by the RPM packaging procedure which runs ldd on all the 
binaries included, or by the packager himself who includes this data in 
the packaging instructions.  During RPM install or upgrade, dependencies 
are checked and if any are missing, the RPM command will block the 
install.  This is why tools like yum were written, they can 
automatically download the dependencies and install them at the same time.

If you build the dependencies from source and then try to install the 
final package from RPM, it will fail.  The dependencies must exist in 
the RPM database, not just the file system.

Again, upgrading to the latest and greatest will give you what you want. 
  Or you can rebuild all of this from source and forgo using RPM. 
Basically, OpenSSL is used in so many other programs that attempting to 
swap it out is going to force you to replace so many corequisites that 
you might as well have upgraded anyway.  Either that or you will have to 
learn to build a compatibility package that provides what the old 
corequisites need, while providing the new functionality in a new 
package.  Upgrading is far easier.

More information about the SGVLUG mailing list