[sle-beta] Beta3 post install software installation

Joe Doupnik jrd at netlab1.net
Sun Nov 26 09:04:39 MST 2017

     I have run into two problems just after installation of beta 3.
     If I ask YaST to allow me to inspect and install further software 
then the process blocks with a popup which reduces to curl being unable 
to find the local issuer's SSL certificate, curl error 60. The 
repositories are those on SUSE, straight from the installation process.
     Directory /etc/ssl/private is empty, thus no self signed certs. 
Adding my proper certs into /etc/ssl/servercerts, and symlinking 
/etc/ssl/private to that same directory has not improved things. Then 
looking more carefully at /etc/ssl I find a large vacuum where CA certs 
ought to be, empty space populated by only a lonely file named openssl.cnf.
     Taking a space walk into that problem, I went into YaST | Software, 
asked about "certificate", got a list of installed candidates, chose 
ca-certificates, got a warning popup which says I must uninstall openssl 
v1.1 and install v1.0.2l. Hmmm, I had thought certificates were 
impervious to editions of openssl, being rather separate operations, but 
now we see them glued together. Not what I expected nor can use.
     Not to be stopped by mere failures, I told YaST to use option 3, 
break dependencies for the ca-certificates item. It responded with an 
error popup which said it could not contact SUSE to do this chore. At 
this point I have that "Catch-22" feeling. It starts with certificates 
being absent, and matters slide downhill from there.
     What might be acting in this case is I have selected to install 
OpenSSL v1.1 rather than the default v1.0.2. The SSL selection part also 
indicates awkwardness which needs attention. That is, YaST does not wish 
to allow me to install the SSL libraries for both versions of SSL, even 
though the libraries do cohabit on earlier SLES's. My normal drill is 
install two libraries, then when building things install the appropriate 
-devel version so that the desired SSL version headers are used.
     Tis a puzzle at this moment.
     Joe D.

More information about the sle-beta mailing list