On Thu, Nov 9, 2023 at 10:03 AM Vít Ondruch <vondruch(a)redhat.com> wrote:
Dne 08. 11. 23 v 18:31 Jun Aruga (he / him) napsal(a):
> Hello folks in Ruby SIG.
>
> I just want to share that right now rpms/ruby started to fail in
> Fedora rawhide after the dependent openssl version was upgraded from
> openssl 1:3.1.1-4.fc40 to 1:3.1.4-1.fc40.
>
https://koschei.fedoraproject.org/package/ruby?collection=f40
>
> ```
> 1) Failure:
> OpenSSL::TestFIPS#test_fips_mode_get_is_true_on_fips_mode_enabled
> [/builddir/build/BUILD/ruby-3.2.2/test/openssl/test_fips.rb:12]:
> assert_separately failed with error message
> pid 93922 exit 1
> |
/builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in
> `initialize': could not parse pkey (OpenSSL::PKey::DHError)
> | from
/builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in
> `new'
> | from
/builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in
> `new'
> | from
/builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:37:in
> `<class:SSLContext>'
> | from
/builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:23:in
> `<module:SSL>'
> | from
/builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:22:in
> `<module:OpenSSL>'
> | from
/builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:21:in
> `<top (required)>'
> | from
/builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in
> `require_relative'
> | from
/builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in
> `<top (required)>'
> | from -:in `require'
> 2) Failure:
> OpenSSL::TestFIPS#test_fips_mode_get_with_fips_mode_set
> [/builddir/build/BUILD/ruby-3.2.2/test/openssl/test_fips.rb:38]:
> assert_separately failed with error message
> pid 93924 exit 1
> |
/builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in
> `initialize': could not parse pkey (OpenSSL::PKey::DHError)
> | from
/builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in
> `new'
> | from
/builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in
> `new'
> | from
/builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:37:in
> `<class:SSLContext>'
> | from
/builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:23:in
> `<module:SSL>'
> | from
/builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:22:in
> `<module:OpenSSL>'
> | from
/builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:21:in
> `<top (required)>'
> | from
/builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in
> `require_relative'
> | from
/builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in
> `<top (required)>'
> | from -:in `require'
> ```
>
> It seems that we need to apply the following patch that I applied to
> CentOS 9 stream and RHEL 9 into Fedora too. I will work on it to pass
> the tests on the current rawhide.
>
https://gitlab.com/redhat/centos-stream/rpms/ruby/-/commit/59242d8ce8261a...
Thx!
>
> As a note, we can remove this patch after upgrading Ruby to 3.3.0.
BTW could you also please check the patch was backported into upstream
Ruby 3.2 or older? That way we could eventually drop it from everywhere.
Thx.
I sent the PR. I need to test it by myself. But please review.
https://src.fedoraproject.org/rpms/ruby/pull-request/163
Yes, the patch is already upstream below. I expect that the patch is
included in Ruby 3.3.0.
https://github.com/ruby/ruby/commit/b6d7cdc2bad0eadbca73f3486917f0ec7a475814
--
Jun | He - Him | Timezone: UTC+1 or 2, Czech Republic
See <
https://www.worldtimebuddy.com/czech-republic-prague-to-utc> for
the timezone.