[MONGOCRYPT-609] Publish libmongocrypt distribution package for Amazon Linux 2023 Created: 08/Dec/23  Updated: 13/Dec/23  Resolved: 13/Dec/23

Status: Closed
Project: Libmongocrypt
Component/s: Build
Affects Version/s: 1.8.0, 1.9.0, 1.8.1, 1.8.2
Fix Version/s: None

Type: Task Priority: Unknown
Reporter: Angus Ryer Assignee: Roberto Sanchez
Resolution: Works as Designed Votes: 0
Labels: platform-request
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to MONGOCRYPT-600 Cannot install mongodb-client-encrypt... Blocked
related to MONGOCRYPT-416 Publish libmongocrypt builds for Alpi... Backlog
related to SERVER-75282 Platform Support: Add support for Ama... Closed
related to SERVER-76235 Support for Amazon Linux 2023 Closed
related to MONGOCRYPT-580 Add package publication for missing o... Closed
Binding Changes: Not Needed

 Description   

A pre-built distribution package for `libmongocrypt` does not exist yet for Amazon Linux 2023.

Although platform support for the MongoDB server itself has been added for Amazon Linux 2023 via SERVER-75282, not all projects the Mongo server may depend on support AL2023 yet.

I discovered from my own situation that deployments of MongoDB that use the Node environment and client-side field-level encryption may fail on EC2 instances running AL2023. Mongo's Node bindings of `libmongocrypt` don't exist during `npm i mongodb-client-encryption`, so `libmongocrypt` must be installed.

The official documentation does not provide instructions for installing `libmongocrypt` on AL2023 (only AL2013.3 and AL2), and the repositories listed there for any `yum`-based distro don't even exist. All packages available in the usual location are for debian-based systems: https://libmongocrypt.s3.amazonaws.com/

Therefore we currently must compile this library from source directly on our EC2 instance, which is not desirable for CI deployments.

Unless I just haven't found the location of the repo and the official docs haven't been updated yet.

Sources:

  • AL2023 package publication was added as part of the PR coming out of MONGOCRYPT-580
  • This attempt (MONGOCRYPT-600) to install `mongodb-client-encryption` in Alpine fails for the same underlying reason.
  • kevin.albertson@mongodb.com mentions in MONGOCRYPT-416 that Alpine users' best bet is to compile `libmongocrypt` from source, which is also the case for AL2023 (in spite of it using a common Fedora-like flavoured kernel)
  • SERVER-76235 mentions "BUILD-16842" that I cannot access, but that presumably has a better history to the progress being made here, and a message from someone working with the AWS product team asking for a timeline. The link (https://repo.mongodb.com/yum/amazon/) mentioned there does not work for me.


 Comments   
Comment by Roberto Sanchez [ 13/Dec/23 ]

Thanks for confirming that this resolves the issue for you!

Comment by Angus Ryer [ 13/Dec/23 ]

roberto.sanchez@mongodb.com Thank you for clarifying. I didn't realize AWS would truncate the package list–good to know.

And yes, this effectively resolves this issue for me since you've provided a working location for a distribution package I can use, although the title of this may be misleading for others if they expect it to be referring to an official release.

Thank you!

Comment by Roberto Sanchez [ 13/Dec/23 ]

gus@ryer.io, we have been publishing libmongocrypt packages for AmazonLinux 2023 since commit ef5b0b54adaadf3b8a1a151aa31b91702bf17187. However, that commit only exists on the master branch. What that means is that there are no packages available from the "release" PPA. However, you are still able to get the latest (i.e., built from the most recent commit on master) by doing the following:

Create the file `/etc/yum.repos.d/libmongocrypt.repo` with contents:
 
[libmongocrypt]
name=libmongocrypt repository
baseurl=https://libmongocrypt.s3.amazonaws.com/yum/amazon/2023/libmongocrypt/development/x86_64
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/libmongocrypt.asc
 
Then install the libmongocrypt packages:
 
sudo yum install -y libmongocrypt

As of the next libmongocrypt release (1.8.3 or 1.9.0) the packages will also be available from the PPA by specifying 1.8 or 1.9 rather than development.

As to your comment "and the repositories listed there for any `yum`-based distro don't even exist. All packages available in the usual location are for debian-based systems:", this is actually not correct. It only appears that way because there are so many files in that bucket that AWS won't return an index enumerating all of them. If you follow the above steps you should find that you have the packages available to you on Amazon Linux 2023. Once the release is made then the official documentation will also include the necessary steps for installing release packages on Amazon Linux 2023.

Is this sufficient to resolve this issue from your perspective?

Comment by Kevin Albertson [ 12/Dec/23 ]

gus@ryer.io this is prioritized, but has not yet been started. Tentatively, I expect it may be included in the next patch release in early January.

Comment by Angus Ryer [ 12/Dec/23 ]

esha.bhargava@mongodb.com Our team is curious if there is an estimate for when this is scheduled to be released. Is that available? Thanks!

Comment by Angus Ryer [ 08/Dec/23 ]

Edit: The link mentioned in SERVER-76235 does work for me but contains only server packages, not libmongocrypt packages.

If you're building `libmongocrypt` from source on AL2023, you'll need to install the dev libs first: `yum install cmake openssl-devel openssl-libs` 

Generated at Thu Feb 08 09:09:05 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.