fix(deps): build kerberos in RTLD mode for Linux executables MONGOSH-1628 #1751
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…1628 - Update the Kerberos addon to the latest version (2.1.0). - Build the Kerberos addon using RTLD for Linux mongosh executables (i.e. opening the system Kerberos libraries using `dlopen()` to avoid the symbol conflict with OpenSSL 3 on RHEL8). - Update the `.deb` definitions to account for the fact that the Kerberos system libraries are no longer a strict dependency of mongosh. - Include the Kerberos version in the `--build-info` output. - Make sure that if loading the Kerberos addon fails during a connection attempt, a meaningful error message gets passed to the user, instead of the driver’s default one (which swallows all information about the root cause). - As a drive-by, also do that for mongodb-client-encryption; we occasionally receive bug reports about CSFLE/QE not working on homebrew installations, and this may help with that.
addaleax
commented
Nov 24, 2023
| SHARED_OPENSSL_TAG === 'openssl11' ? ', libssl1.1' : | ||
| SHARED_OPENSSL_TAG === 'openssl3' ? ', libssl3' : '' | ||
| ), | ||
| debRecommends: 'libgssapi-krb5-2', |
There was a problem hiding this comment.
(Kerberos system libraries are no longer strictly a dependency for mongosh)
| // https://jira.mongodb.org/browse/MONGOSH-1628 | ||
| ...(process.platform === 'linux' && { | ||
| GYP_DEFINES: 'kerberos_use_rtld=true', | ||
| }), |
There was a problem hiding this comment.
^ This + the version bump are the entire fix, the rest is just testing/cleanup :)
gribnoysup
approved these changes
Nov 27, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fix(deps): build kerberos in RTLD mode for Linux executables MONGOSH-1628
(i.e. opening the system Kerberos libraries using
dlopen()to avoidthe symbol conflict with OpenSSL 3 on RHEL8).
.debdefinitions to account for the fact that theKerberos system libraries are no longer a strict dependency
of mongosh.
--build-infooutput.connection attempt, a meaningful error message gets passed
to the user, instead of the driver’s default one (which
swallows all information about the root cause).
occasionally receive bug reports about CSFLE/QE not working on
homebrew installations, and this may help with that.
fixup: add connectivity tests running against compiled executable