[Yum] Yum does not respect RPM dependency version constraints

James Antill james-yum at and.org
Tue Dec 16 15:29:32 UTC 2014

Fabien Crespel <fabien at crespel.net> writes:

> Hello all,
> I'm having issues with Yum dependency resolving with regards to dependent
> package version constraints, on RHEL 6.5 with Yum 3.2.29.
> In a PKG1 spec file, I have something like :
> Requires: PKG2 >= 1.1.2-1
> Requires: PKG2 < 1.2.0
> In a Yum repo, PKG2 exists in several versions, among which 1.1.2-1 and
> 1.4.0-2, and PKG1 is in version 1.1.2-7
> Here is what I see when running "yum install PKG1" :
> --> Running transaction check
> ---> Package PKG1.noarch 0:1.1.2-7 will be installed
> --> Processing Dependency: PKG2 < 1.2.0 for package: PKG1-1.1.2-7.noarch
> --> Processing Dependency: PKG2 >= 1.1.2-1 for package: PKG1-1.1.2-7.noarch
> --> Running transaction check
> ---> Package PKG2.x86_64 0:1.4.0-2 will be installed
> --> Finished Dependency Resolution
> Yum installs PKG2 1.4.0-2 instead of 1.1.2-1, thus does not respect the
> "Requires" from PKG1.
> I also tried with "Requires: PKG2 = 1.1.2-1" in PKG1, with the same
> incorrect result.
> Am I doing/understanding something wrong or is it a bug in Yum?

 Using two requires to specify a range isn't used much, as there are a
lot of problems with it ... but it should work, and we do have tests
for it. However the second thing "X = ver" is used a _lot_, so if
that's not working then it's very likely that the requires/provides
aren't what you think they are.
 The first thing I'd look at is to make sure the package being
installed doesn't also provide something more than the simple
<name = version> you get by default. After that the next culprit is
probably epochs.

James Antill -- james at and.org

More information about the Yum mailing list