Gem fails to install under JRuby

[jcharaoui]

The addition of openssl as a dependency is causing the gem to fail to install in the JRuby environment:

``` autopkgtest [17:21:35]: test jgem: [----------------------- installing diff-lcs gem into jruby ... installing minitest gem into jruby ... installing power_assert gem into jruby ... installing rake gem into jruby ... installing rspec gem into jruby ... installing rspec-core gem into jruby ... installing rspec-expectations gem into jruby ... installing rspec-mocks gem into jruby ... installing rspec-support gem into jruby ... installing test-unit gem into jruby ... json (default: 2.5.1 java) Successfully installed sshkey-2.0.0 Building native extensions. This could take a while... ERROR: Error installing trocla: ERROR: Failed to build gem native extension. current directory: /tmp/jruby_gems/gems/openssl-3.1.0/ext/openssl /usr/share/jruby/bin/jruby -I /usr/share/jruby/lib/ruby/stdlib -r ./siteconf20230104-3459-i4yqmk.rb extconf.rb checking for rb_io_maybe_wait(0, Qnil, Qnil, Qnil) in ruby/io.h... *** extconf.rb failed *** Could not create Makefile due to some reason, probably lack of necessary libraries and/or headers. Check the mkmf.log file for more details. You may need configuration options. Provided configuration options: --with-opt-dir --without-opt-dir --with-opt-include --without-opt-include=${opt-dir}/include --with-opt-lib --without-opt-lib=${opt-dir}/lib --with-make-prog --without-make-prog --srcdir=. --curdir --ruby=/usr/share/jruby/bin/jruby --with-openssl-dir --without-openssl-dir --with-openssl-include --without-openssl-include=${openssl-dir}/include --with-openssl-lib --without-openssl-lib=${openssl-dir}/lib --with-kerberos-dir --without-kerberos-dir --with-kerberos-include --without-kerberos-include=${kerberos-dir}/include --with-kerberos-lib --without-kerberos-lib=${kerberos-dir}/lib --with-debug --without-debug --enable-debug --disable-debug RuntimeError: The compiler failed to generate an executable file. You have to install development tools first. try_do at /usr/share/jruby/lib/ruby/stdlib/mkmf.rb:456 try_link0 at /usr/share/jruby/lib/ruby/stdlib/mkmf.rb:541 try_link at /usr/share/jruby/lib/ruby/stdlib/mkmf.rb:556 try_func at /usr/share/jruby/lib/ruby/stdlib/mkmf.rb:772 have_func at /usr/share/jruby/lib/ruby/stdlib/mkmf.rb:1051 checking_for at /usr/share/jruby/lib/ruby/stdlib/mkmf.rb:942 postpone at /usr/share/jruby/lib/ruby/stdlib/mkmf.rb:350 open at /usr/share/jruby/lib/ruby/stdlib/mkmf.rb:320 postpone at /usr/share/jruby/lib/ruby/stdlib/mkmf.rb:350 open at /usr/share/jruby/lib/ruby/stdlib/mkmf.rb:320 postpone at /usr/share/jruby/lib/ruby/stdlib/mkmf.rb:346 checking_for at /usr/share/jruby/lib/ruby/stdlib/mkmf.rb:941 have_func at /usr/share/jruby/lib/ruby/stdlib/mkmf.rb:1050

at extconf.rb:30 To see why this extension failed to compile, please check the mkmf.log which can be found here: /tmp/jruby_gems/extensions/universal-java-17/2.6.0/openssl-3.1.0/mkmf.log extconf failed, exit code 1 Gem files will remain installed in /tmp/jruby_gems/gems/openssl-3.1.0 for inspection. Results logged to /tmp/jruby_gems/extensions/universal-java-17/2.6.0/openssl-3.1.0/gem_make.out autopkgtest [17:21:45]: test jgem: -----------------------] autopkgtest [17:21:45]: test jgem: - - - - - - - - - - results - - - - - - - - - - jgem FAIL non-zero exit status 1 ``` There's already a

This is because the openssl gem will try (and fail) to build its native C extension. However the Gemfile already brings in jruby-openssl so it should work to only add the openssl dependency when not using JRuby.

[headius]

This can be changed by trocla removing the openssl dependency (or releasing a -java version of the gem that uses jruby-openssl), or it will have to wait until we can get the openssl gem maintainer to release a no-op version for JRuby that installs jruby-openssl.

[duritong]

I am just a bit confused how that slipped in.

It did when I updated the gemspec, but I wonder why....

[duritong]

Ah it came in through #69 - that explains it.

[duritong]

So it looks like we do not need the OpenSSL gem at all.

BUT I tried to make sure we don't regress into a broken jruby variant (since it is important for puppet-server) by re-adding jruby to the CI: https://github.com/duritong/trocla/pull/76

BUT it fails on jruby as all code that relates to SecureRandom, which seems not to be random at all.

Jruby CI runs fine locally though.

I have a simple reproducer that shows that SecureRandom.random_number(10) is always 0 if executed in github actions. It again runs fine locally.

See here: https://github.com/duritong/ruby-actions-test/actions/runs/3859056296

@headius since we somehow have your attention here: why do we have that issue?

I am not sure where to open an issue for that over at jruby, ruby/setup-ruby or github (where???)

[duritong]

I decided to report it to ruby/setup-ruby as a first try: https://github.com/ruby/setup-ruby/issues/448

[jcharaoui]

FWIW Puppet Server's JRuby is currently pegged at 9.3.9.0 (via jruby-utils), while your CI is using nightly snapshot of JRuby. Are you seeing the same issue with that version of JRuby?

[mouchymouchy]

Hi I have the same issue when trying to install trocla gem within puppetserver ruby context. I'm blocked by openssl installation on jruby because there is no ruby source available.

=== OpenSSL for Ruby configurator ===
=== Checking for system dependent stuff... ===
" -o conftest -I/include/universal-java11 -Iuri:classloader:/META-INF/jruby.home/lib/ruby/include/ruby/backward -Iuri:classloader:/META-INF/jruby.home/lib/ruby/include -I.     -fno-omit-frame-pointer -fno-strict-aliasing  -fexceptions  conftest.c  -L. -Luri:classloader:/META-INF/jruby.home/lib    -m64      "
checked program was:
/* begin */
1: #include "ruby.h"
2: 
3: #include <ruby.h>
4: int main(int argc, char **argv)
5: {
6:   return 0;
7: }
/* end */

@jcharaoui did you find a workaround to install trocla 0.5.0 in jruby ?

[jcharaoui]

@jcharaoui did you find a workaround to install trocla 0.5.0 in jruby ?

Currently the easiest method is to just install trocla 0.4.0... If you're on Debian bookworm/sid, you can install the trocla package which is version 0.5.0, but with the openssl dependency patched out. You can then symlink it (and its dependencies) gem and specifications directories to Puppetserver JRuby's jruby-gem-home.

[mouchymouchy]

I use actually 0.4.0 and I want feature that are available on 0.5.0 release :( All my puppserver are on centos, I can't use debian package but thanks for the tips.

[headius]

Following up here: the SecureRandom issue in 9.4.0.0 is fixed on master and will be released in 9.4.1.0 early next week. The JRuby team is here to help make sure this gem runs green in CI or answer any questions!

[duritong]

@headius thank you for the infos.

The gem is already green on jruby-head, as soon as we have it as well on latest jruby (according to you next week), I'll make a new release that addresses this issue fully.

[jcharaoui]

@duritong Does that mean the upcoming version of trocla require JRuby 9.4 and above? Because as I mentioned above, Puppet Server currently pegs its integrated JRuby at 9.3.9.0, and it's also the version of JRuby being shipped with the upcoming Debian stable (bookworm). Would it be possible to ensure trocla works with this version as well? Thanks.

[headius]

If we can get a version of the openssl gem released for JRuby that just depends on jruby-openssl, it should be installable on all supported JRuby versions.

The SecureRandom issue was only in 9.4.0.

[jcharaoui]

FTR this work appears to be currently tracked in https://github.com/ruby/openssl/issues/20

[duritong]

fixed with bf52792bb90343e3765c1205598421cbf5e7d662

[duritong]

so 0.5.1 was released that does not depend on the openssl gem anymore and passes on all supported ruby versions.