Gem::Exception OpenSSL is not available error in base image using Ruby 3.3.5

[LeviLong01]

In our CI pipelines, we use the public.ecr.aws/sam/build-ruby3.3:latest image.

A few days ago we started getting an error around OpenSSL causing our CI pipelines to fail for merge requests on our lambda project.

Full Error: Gem::Exception OpenSSL is not available. Install OpenSSL and rebuild Ruby (preferred) or use non-HTTPS sources

The last successful build from this image was from the following SHA: public.ecr.aws/sam/build-ruby3.3@sha256:94e72d39197164fc9e8cd0dd1c3ed04b62e18e6e5f9c26bd495ba9818807e4ae

Looking at that the ruby version used, it is ruby 3.3.4.

The failing builds are using the following SHA: public.ecr.aws/sam/build-ruby3.3@sha256:7550bbd53ff6bd0eb0feb1fcb713bac18791526b4fc0c8fc33dea93e05861c10

Looking at the ruby version used, it is ruby 3.3.5.

I'm not sure exactly what would cause this issue, but appears to be when going to this version from AWS.

[LeviLong01]

I saw that new images went out for the ruby base.

New SHA: public.ecr.aws/sam/build-ruby3.3@sha256:5259e548a1dab49f8a28ea43aa860c97b9306a8cfd4214e0ef5a9a7a2157bcf0

Using the above SHA, this now allows for 2/3 of the CI jobs to pass and we no longer receive the original error of Gem::Exception OpenSSL is not available. Install OpenSSL and rebuild Ruby (preferred) or use non-HTTPS sources.

The CI jobs (originally all jobs failed):

• building a gem cache (now passes)

• rspec (fails)
  There is a new error here, still centered around openssl.
  Error: RuntimeError: OPENSSL_init_ssl

Failure/Error: require "webmock/rspec"
RuntimeError:
  OPENSSL_init_ssl
# ./vendor/bundle/ruby/3.3.0/gems/net-http-0.4.1/lib/net/https.rb:23:in `<top (required)>'
# ./vendor/bundle/ruby/3.3.0/gems/webmock-3.24.0/lib/webmock/http_lib_adapters/net_http.rb:4:in `<top (required)>'
# ./vendor/bundle/ruby/3.3.0/gems/webmock-3.24.0/lib/webmock.rb:50:in `require_relative'
# ./vendor/bundle/ruby/3.3.0/gems/webmock-3.24.0/lib/webmock.rb:[50][omitted]:in `<top (required)>'
# ./vendor/bundle/ruby/3.3.0/gems/webmock-3.24.0/lib/webmock/rspec.rb:3:in `<top (required)>'
# ./spec/spec_helper.rb:3:in `<top (required)>'
# ./spec/function_spec.rb:1:in `<top (required)>'

• linters (now passes)

---

If I run which openssl in the job it results in which: no openssl in (/var/lang/bin:/usr/local/bin:/usr/bin/:/bin:/opt/bin:/usr/local/opt/lambda-builders/bin).

I've tried manually installing openssl with dnf update -y && dnf install -y openssl.
Running which openssl gives me /usr/bin/openssl.
However, running openssl version results in FATAL: Startup failure (dev note: apps_startup()) for openssl.

---

I'm able to confirm that by setting our ruby image explicitly to public.ecr.aws/sam/build-ruby3.3@sha256:94e72d39197164fc9e8cd0dd1c3ed04b62e18e6e5f9c26bd495ba9818807e4ae, all CI jobs pass. This can be a workaround for us right now.

[LeviLong01]

Using this sha: public.ecr.aws/sam/build-ruby3.3@sha256:5259e548a1dab49f8a28ea43aa860c97b9306a8cfd4214e0ef5a9a7a2157bcf0

We are now getting the original error we had and all CI jobs fail.
Gem::Exception: OpenSSL is not available. Install OpenSSL and rebuild Ruby (preferred) or use non-HTTPS sources

We are still getting around the issue by having our project pinned to public.ecr.aws/sam/build-ruby3.3@sha256:94e72d39197164fc9e8cd0dd1c3ed04b62e18e6e5f9c26bd495ba9818807e4ae

[LeviLong01]

We are still receiving the error (OPENSSL_init_ssl ) on this image: public.ecr.aws/sam/build-ruby3.3@sha256:6e5eb24de8d8ec527e1d8a78ceb0c0c6d4917a2a4729f27ba9e42ea5487a1103.

[trivenay]

Hey @LeviLong01 I was able to successfully import webmock/rspec in the latest sam-build image for ruby3.3

(24-12-02 11:11:35) <0> [~] docker run --rm -it --entrypoint bash public.ecr.aws/sam/build-ruby3.3
bash-5.2# gem install webmock
Fetching webmock-3.24.0.gem
Fetching public_suffix-6.0.1.gem
Fetching hashdiff-1.1.2.gem
Fetching addressable-2.8.7.gem
Fetching crack-1.0.0.gem
Successfully installed hashdiff-1.1.2
Successfully installed crack-1.0.0
Successfully installed public_suffix-6.0.1
Successfully installed addressable-2.8.7
Successfully installed webmock-3.24.0
Parsing documentation for hashdiff-1.1.2
Installing ri documentation for hashdiff-1.1.2
Parsing documentation for crack-1.0.0
Installing ri documentation for crack-1.0.0
Parsing documentation for public_suffix-6.0.1
Installing ri documentation for public_suffix-6.0.1
Parsing documentation for addressable-2.8.7
Installing ri documentation for addressable-2.8.7
Parsing documentation for webmock-3.24.0
Installing ri documentation for webmock-3.24.0
Done installing documentation for hashdiff, crack, public_suffix, addressable, webmock after 1 seconds
5 gems installed
bash-5.2# gem install rspec
Fetching rspec-3.13.0.gem
Fetching rspec-expectations-3.13.3.gem
Fetching diff-lcs-1.5.1.gem
Fetching rspec-mocks-3.13.2.gem
Fetching rspec-support-3.13.1.gem
Fetching rspec-core-3.13.2.gem
Successfully installed rspec-support-3.13.1
Successfully installed diff-lcs-1.5.1
Successfully installed rspec-mocks-3.13.2
Successfully installed rspec-expectations-3.13.3
Successfully installed rspec-core-3.13.2
Successfully installed rspec-3.13.0
Parsing documentation for rspec-support-3.13.1
Installing ri documentation for rspec-support-3.13.1
Parsing documentation for diff-lcs-1.5.1
Installing ri documentation for diff-lcs-1.5.1
Parsing documentation for rspec-mocks-3.13.2
Installing ri documentation for rspec-mocks-3.13.2
Parsing documentation for rspec-expectations-3.13.3
Installing ri documentation for rspec-expectations-3.13.3
Parsing documentation for rspec-core-3.13.2
Installing ri documentation for rspec-core-3.13.2
Parsing documentation for rspec-3.13.0
Installing ri documentation for rspec-3.13.0
Done installing documentation for rspec-support, diff-lcs, rspec-mocks, rspec-expectations, rspec-core, rspec after 3 seconds
6 gems installed
bash-5.2# irb
irb(main):001> require "webmock/rspec"
=> true
irb(main):002>

For reference, this repository pertains to Lambda base images: Lambda Ruby Base Images.
If you have additional questions or need clarification, feel free to create an issue here: AWS SAM Build Images Issues