search

sous-chefs / postgresql

Development repository for the postgresql cookbook
https://supermarket.chef.io/cookbooks/postgresql
Apache License 2.0
358 stars 563 forks source link

When attempting to install the `pg` gem, the local extensions won't build on EL9 #774

Open dschlenk opened 5 hours ago

dschlenk commented 5 hours ago

:speaking_head: Foreword

Thank for taking the time to fill this bug report fully. Without it we may not be able to fix the bug, and the issue may be closed without resolution.

:ghost: Brief Description

When attempting to use the postgresql_user resource, which requires the pg gem, the gem installation fails while building local extensions:

have_library: checking for PQconnectdb() in -lpq... -------------------- no
 "gcc -o conftest -I/opt/cinc/embedded/include/ruby-3.1.0/x86_64-linux -I/opt/cinc/embedded/include/ruby-3.1.0/ruby/backward -I/opt/cinc/embedded/include/ruby-3.1.0 -I. -I/usr/include -I/opt/cinc/embedded/include -O3 -D_FORTIFY_SOURCE=2 -fstack-protector -O3 -g -pipe -I/opt/cinc/embedded/include   -I/opt/cinc/embedded/include -O3 -D_FORTIFY_SOURCE=2 -fstack-protector -O3 -g -pipe -fPIC conftest.c  -L. -L/opt/cinc/embedded/lib -Wl,-rpath,/opt/cinc/embedded/lib -L/usr/lib64 -Wl,-rpath,/usr/lib64 -L/opt/cinc/embedded/lib -Wl,-rpath,/opt/cinc/embedded/lib -L. -Wl,-rpath,/opt/cinc/embedded/lib -L/opt/cinc/embedded/lib -fstack-protector-strong -L/opt/cinc/embedded/lib  -Wl,-rpath,/opt/cinc/embedded/lib -rdynamic -Wl,-export-dynamic -Wl,--no-as-needed     -Wl,-rpath,/opt/cinc/embedded/lib -L/opt/cinc/embedded/lib -lruby -lpq  -lm  -lc"
/bin/ld: /usr/lib64/libldap.so.2: undefined reference to `EVP_md2@OPENSSL_3.0.0'
collect2: error: ld returned 1 exit status
checked program was:
/* begin */
 1: #include "ruby.h"
 2:
 3: #include <libpq-fe.h>
 4:
 5: /*top*/
 6: extern int t(void);
 7: int main(int argc, char **argv)
 8: {
 9:   if (argc > 1000000) {
10:     int (* volatile tp)(void)=(int (*)(void))&t;
11:     printf("%d", (*tp)());
12:   }
13:
14:   return !!argv[argc];
15: }
16: int t(void) { void ((*volatile p)()); p = (void ((*)()))PQconnectdb; return !p; }
/* end */

This occurs whether using repo or os as the installation source.

:pancakes: Cookbook version

11.10.3

:woman_cook: Chef-Infra Version

18.5.0

:tophat: Platform details

EL 9 x86_64, specifically oracle but also tested on centos stream 9 Using cinc-workstation 24.8.1068

Steps To Reproduce

Steps to reproduce the behavior:

  1. Attempt to converge a recipe in a cookbook that depends on postgresql that contains: 
    
postgresql_install 'postgres' do
source 'os'
action %i(install init_server)
end

%w(127.0.0.1/32 ::1/128).each do |h| postgresql_access "postgresql #{h} host access" do type 'host' database 'all' user 'all' address h auth_method 'md5' end end

postgresql_service 'postgresql' do action %i(enable start) end

postgresql_user user do unencrypted_password 'one2three' end


3. Attempt to converge
4. See error when the `pg` gem attempts to build native extensions

## :police_car: Expected behavior

The `pg` gem installs successfully.

## :heavy_plus_sign: Additional context

I tracked it back to the `openldap` package in el9 building with MD2 support even though it isn't provided by `libcrypto.so.3(OPENSSL_3.0.0)` anymore and filed [RHEL-59715](https://issues.redhat.com/browse/RHEL-59715) / [MR26](https://gitlab.com/redhat/centos-stream/rpms/openldap/-/merge_requests/26) but I guess I'm curious if anyone has any ideas for a workaround while waiting for errata? The `pg` gem will install in the system ruby but I assume that's due to some of the many, many patches they do to the `openssl` gem that their ruby comes with.
dschlenk commented 4 hours ago

ah, I didn't realize chef/cinc shipped its own libcrypto.so.3, which seems to be built without MD2, so this would be more of a chef bug I guess. I'll file a bug there also.