Arvados

It looks the main issue is that it's getting the musl build rather than the glibc one. I'm guessing this a new target that nokogiri has started publishing between these versions. Why bundle/gem is picking the wrong target for us is an open question.

Well, hrm. When I run the build, it gets the glibc version. That's… aggravating that it's not consistent. But then I still get the same core error:

Because every version of rails depends on actionpack = 7.1.3.4
  and every version of actionpack depends on rails-html-sanitizer ~> 1.6,
  every version of rails requires rails-html-sanitizer ~> 1.6.
And because every version of rails-html-sanitizer depends on nokogiri >= 1.15.7,
!= 1.16.0.rc1, != 1.16.0, != 1.16.1, != 1.16.2, != 1.16.3, != 1.16.4, != 1.16.5,
!= 1.16.6, != 1.16.7,
every version of rails requires nokogiri >= 1.15.7, != 1.16.0.rc1, != 1.16.0,
!= 1.16.1, != 1.16.2, != 1.16.3, != 1.16.4, != 1.16.5, != 1.16.6, != 1.16.7.
So, because nokogiri >= 1.15.7, != 1.16.0.rc1, != 1.16.0, != 1.16.1, != 1.16.2,
!= 1.16.3, != 1.16.4, != 1.16.5, != 1.16.6, != 1.16.7 could not be found in
cached gems or installed locally for any resolution platforms (ruby)
  and Gemfile depends on rails ~> 7.1.3.4,
  version solving has failed.

The source contains the following gems matching 'nokogiri (>= 1.15.7, !=
1.16.0.rc1, != 1.16.0, != 1.16.1, != 1.16.2, != 1.16.3, != 1.16.4, != 1.16.5, !=
1.16.6, != 1.16.7)':
  * nokogiri-1.15.7-x86_64-linux
  * nokogiri-1.18.8-x86_64-linux
ERROR: arvados-api-server package prep failed

Note older distros have the more usual error:

22:17:56 nokogiri-1.18.8 requires ruby version >= 3.1.0, which is incompatible with the
22:17:56 current version, 2.7.0

22998-gem-fetch-fixes @ cea78daa8414f7fb9eb9e01b28717a9e975b1f30

build-packages-ubuntu2004: #2243 - Was failing on the Ruby 2.7 error, now passing

build-packages-ubuntu2204: #766 - Was failing on the "not found for any resolution platforms" error, now passing

I am going to go ahead and just merge this, because it is basically just three tiny changes:

• Revert the nokogiri upgrade to restore Ruby 2.7 support.
• Pin nokogiri to prevent a repeat of this problem.
• Run our gem fetch during the package build with some parallelism as a minor optimization. I thought the real fix was here in an earlier version of the branch so I did this while I was at it. I have left a comment noting that the parallelism factor is arbitrary and eminently bikesheddable.

Note the CVEs CVE-2025-24855 & CVE-2024-55549 are actually in libxslt. If needed, we could mitigate this issue by arranging to build Nokogiri from source and dynamically linking to the ditro-provided libxslt. Then as long as the distro got a security update, we would be fine too.

Filed #23000 with the platform error. We will probably need to deal with that sooner or later, but since this ticket ended up reverting Nokogiri anyway for Ruby 2.7 compatibility, it did not need to be solved here.