Chef_gem curb "broken" on rhel platforms


#1

We are primarily an ubuntu shop and have been using a inhouse ruby library that requires the curb gem for gssapi authentication.

Installing the curb gem in the Chef version of ruby on ubuntu is as simple as installing the libcurl4-nss-dev package and calling the chef_gem curb resource.

We have recently, for a reason that I would like not to go into, tried to get most of our environment working on the rhel/centos platform.

We have come across the situation where we can not compile curb using the the chef_gem curb resource because of a small but important difference in the curl-config scripts that exist on the debian vs rhel platforms.

On debian/ubuntu the ruby gem make process calls curl-config --libs and gets back -lcurl and all is well with the world. It just so happens that this works because on debian curl-config does not use pkg-config to determine libs.

On rhel/centos this whole process breaks down because curl-config --libs on these platforms uses pkg-config which uses /opt/chef/embedded/bin/pkg-config because of the system PATH that is set when chef_gem curb is used to compile the extension. This leads to -lcurb not being set and the extension gets built but not linked to some really key underlying libraries. See below.

So I understand what the problem is - what I do not know is a way that I can fix it. I have no problem either (1) adding options to the chef_gem resource call. I just can not see to find the correct one or (2) performing some evil hack that works but may turn out to be fragile. All help in this area is greatly appreciated.

For the time being I am just running /opt/chef/embedded/bin/gem install curb in a shell which causes things to run with the system pkg-config which leads to a correct LIBS during the compile.

Thanks!

##
## WITH THE "INCORRECT" pkg-config
##

SYSTEM_PATH:
     - /opt/chef/embedded/bin
     - /usr/local/sbin
     - /usr/local/bin
     - /usr/sbin
     - /usr/bin
     - /sbin
     - /bin

LIBS = $(LIBRUBYARG_SHARED)  -lpthread -ldl -lcrypt -lm   -lc 

-bash-4.2# ldd lib/curb_core.so 
        linux-vdso.so.1 =>  (0x00007fff6c9e6000)
        libruby.so.2.5 => /opt/chef/embedded/lib/libruby.so.2.5 (0x00007f6d14fc6000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f6d14da6000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f6d14b9e000)
        libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f6d14966000)
        libm.so.6 => /lib64/libm.so.6 (0x00007f6d1465e000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f6d1428e000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f6d1571e000)
        libfreebl3.so => /lib64/libfreebl3.so (0x00007f6d14086000)


##
## WITH THE "CORRECT" pkg-config
##

SYSTEM_PATH:
     - /usr/local/sbin
     - /usr/local/bin
     - /usr/sbin
     - /usr/bin
     - /sbin
     - /bin

LIBS = $(LIBRUBYARG_SHARED)  -lpthread -ldl -lcrypt -lm   -lc -lcurl

-bash-4.2# ldd lib/curb_core.so 
        linux-vdso.so.1 =>  (0x00007ffdf697e000)
        libruby.so.2.5 => /opt/chef/embedded/lib/libruby.so.2.5 (0x00007f13f9cd6000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f13f9ab6000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f13f98ae000)
        libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f13f9676000)
        libm.so.6 => /lib64/libm.so.6 (0x00007f13f936e000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f13f8f9e000)
        libcurl.so.4 => /lib64/libcurl.so.4 (0x00007f13f8d2e000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f13fa42e000)
        libfreebl3.so => /lib64/libfreebl3.so (0x00007f13f8b26000)
        libidn.so.11 => /lib64/libidn.so.11 (0x00007f13f88ee000)
        libssh2.so.1 => /lib64/libssh2.so.1 (0x00007f13f86be000)
        libssl3.so => /lib64/libssl3.so (0x00007f13f8466000)
        libsmime3.so => /lib64/libsmime3.so (0x00007f13f823e000)
        libnss3.so => /lib64/libnss3.so (0x00007f13f7f0e000)
        libnssutil3.so => /lib64/libnssutil3.so (0x00007f13f7cde000)
        libplds4.so => /lib64/libplds4.so (0x00007f13f7ad6000)
        libplc4.so => /lib64/libplc4.so (0x00007f13f78ce000)
        libnspr4.so => /lib64/libnspr4.so (0x00007f13f768e000)
        libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f13f743e000)
        libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f13f7156000)
        libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f13f6f1e000)
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f13f6d16000)
        liblber-2.4.so.2 => /lib64/liblber-2.4.so.2 (0x00007f13f6b06000)
        libldap-2.4.so.2 => /lib64/libldap-2.4.so.2 (0x00007f13f68ae000)
        libz.so.1 => /opt/chef/embedded/lib/libz.so.1 (0x00007f13f6696000)
        libssl.so.10 => /lib64/libssl.so.10 (0x00007f13f641e000)
        libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f13f5fb6000)
        librt.so.1 => /lib64/librt.so.1 (0x00007f13f5dae000)
        libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f13f5b9e000)
        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f13f5996000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f13f5776000)
        libsasl2.so.3 => /lib64/libsasl2.so.3 (0x00007f13f5556000)
        libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f13f532e000)
        libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f13f50c6000)

#2

I would still like to know if anyone has any other suggestions on how to fix this but here is my evil hack work around. This does actually work.

# Crazy eveil hack for centos 7 systems. See README.md
if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 7
  directory "/opt/chef/embedded/bin/pkgconfig" do
    owner "root"
    group "root"
    mode "0755"
    action :nothing
  end.run_action :create
  
  link "/opt/chef/embedded/bin/pkgconfig/libcurl.pc" do
    to "/usr/lib64/pkgconfig/libcurl.pc"
    action :nothing
  end.run_action :create
end