openssl: pin versions of libcrypto3 and libssl3 for CLI package #33210
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If a Wolfi image already has an older version of the
libcrypto3
and/orlibssl3
package installed, and theopenssl
CLI is installed at runtime (or as say adocker build
step), theopenssl
package will install correctly but will crash when used:This is because the
openssl
CLI must use the exact same version (or at least the same<major>.<minor>.<patch>
) oflibcrypto3
andlibssl3
that theopenssl
CLI was built with.Currently, the relationship between
openssl
andlibcrypto3
andlibssl3
is picked up automatically by melange's SCA:However, this dependency will be satisfied by any version of
libcrypto3
andlibssl3
.This PR adds an explicit dependency on the matching versions which should prevent the installation (or force an upgrade) of the
openssl
CLI if the already installedlibcrypto3
and/orlibssl3
versions mismatch.