Not sure where to file this. I'm using the provided.al2 image as a base, and I'm trying to add a few packages to it.
Repro Dockerfile
# syntax = docker/dockerfile:1
ARG IMGTAG=al2
FROM public.ecr.aws/lambda/provided:${IMGTAG}
RUN yum install -y perl-LWP-Protocol-https
RUN amazon-linux-extras install -y epel && \
yum install -y perl-REST-Client \
perl-Net-GitHub
docker buildx build --platform linux/amd64 \
-f Dockerfile -t repro:latest
These packages seem to have a dependency on a newer openssl that conflicts with an existing SSL library in the provided.al2 image.
.... lots of output
#9 10.02 --> Processing Conflict: 1:openssl-snapsafe-libs-1.0.2k-24.amzn2.0.14.x86_64 conflicts openssl-libs
#9 10.09 --> Finished Dependency Resolution
#9 10.10 Error: openssl-snapsafe-libs conflicts with 1:openssl-libs-1.0.2k-24.amzn2.0.15.x86_64
#9 10.10 You could try using --skip-broken to work around the problem
#9 10.19 You could try running: rpm -Va --nofiles --nodigest
As a note, I also tried several versions of the al2 image :
#ARG IMGTAG=al2.2025.02.28.06
#ARG IMGTAG=al2.2025.02.25.16
#ARG IMGTAG=al2.2025.01.14.16
This was working a week or two ago, so I assume some new packages were published.
This seems like an issue with the newly published :
rpm -qip openssl-1.0.2k-24.amzn2.0.15.x86_64.rpm
Name : openssl
Epoch : 1
Version : 1.0.2k
Release : 24.amzn2.0.15
Architecture: x86_64
Install Date: (not installed)
Group : System Environment/Libraries
Size : 850020
License : OpenSSL
Signature : RSA/SHA512, Tue 25 Feb 2025 07:17:49 PM UTC, Key ID 11cf1f95c87f5b1a
Source RPM : openssl-1.0.2k-24.amzn2.0.15.src.rpm
Build Date : Tue 25 Feb 2025 07:14:44 PM UTC
Build Host : build.amazon.com
Relocations : (not relocatable)
Packager : Amazon Linux
Vendor : Amazon Linux
...
As the version from last year does not have this issue.
rpm -qip openssl-1.0.2k-24.amzn2.0.14.x86_64.rpm
Name : openssl
Epoch : 1
Version : 1.0.2k
Release : 24.amzn2.0.14
...
Build Date : Mon 21 Oct 2024 07:01:00 PM UTC
Installing "openssl-1.0.2k-24.amzn2.0.14" ahead of the packages above seem to fulfill the dependencies and do not show the error.
edit : as a note (final?) the openssl-snapsafe-libs and openssl-libs packages seems to be almost file identical. So perhaps when the new -15 release was made in regards to https://alas.aws.amazon.com/AL2/ALAS-2025-2780.html -- the openssl-snapsafe-libs not being made as part of that set was an oversight. The "provides" section of openssl-snapsafe-libs shows that :
openssl-libs = 1:1.0.2k-24.amzn2.0.14
openssl-libs(x86-64) = 1:1.0.2k-24.amzn2.0.14
openssl-snapsafe-libs = 1:1.0.2k-24.amzn2.0.14
openssl-snapsafe-libs(x86-64) = 1:1.0.2k-24.amzn2.0.14
So this package is supposed to provide openssl-libs.
Not sure where to file this. I'm using the provided.al2 image as a base, and I'm trying to add a few packages to it.
Repro Dockerfile
These packages seem to have a dependency on a newer openssl that conflicts with an existing SSL library in the provided.al2 image.
As a note, I also tried several versions of the al2 image :
This was working a week or two ago, so I assume some new packages were published.
This seems like an issue with the newly published :
As the version from last year does not have this issue.
Installing "openssl-1.0.2k-24.amzn2.0.14" ahead of the packages above seem to fulfill the dependencies and do not show the error.
edit : as a note (final?) the openssl-snapsafe-libs and openssl-libs packages seems to be almost file identical. So perhaps when the new -15 release was made in regards to https://alas.aws.amazon.com/AL2/ALAS-2025-2780.html -- the openssl-snapsafe-libs not being made as part of that set was an oversight. The "provides" section of openssl-snapsafe-libs shows that :
So this package is supposed to provide openssl-libs.