Re: rpms/ruby rawhide starting to fail on OpenSSL related failure

Dne 08. 11. 23 v 18:31 Jun Aruga (he / him) napsal(a): > Hello folks in Ruby SIG. > > I just want to share that right now rpms/ruby started to fail in > Fedora rawhide after the dependent openssl version was upgraded from > openssl 1:3.1.1-4.fc40 to 1:3.1.4-1.fc40. > https://koschei.fedoraproject.org/package/ruby?collection=f40 > > ``` > 1) Failure: > OpenSSL::TestFIPS#test_fips_mode_get_is_true_on_fips_mode_enabled > [/builddir/build/BUILD/ruby-3.2.2/test/openssl/test_fips.rb:12]: > assert_separately failed with error message > pid 93922 exit 1 > | /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in > `initialize': could not parse pkey (OpenSSL::PKey::DHError) > | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in > `new' > | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in > `new' > | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:37:in > `<class:SSLContext>' > | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:23:in > `<module:SSL>' > | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:22:in > `<module:OpenSSL>' > | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:21:in > `<top (required)>' > | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in > `require_relative' > | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in > `<top (required)>' > | from -:in `require' > 2) Failure: > OpenSSL::TestFIPS#test_fips_mode_get_with_fips_mode_set > [/builddir/build/BUILD/ruby-3.2.2/test/openssl/test_fips.rb:38]: > assert_separately failed with error message > pid 93924 exit 1 > | /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in > `initialize': could not parse pkey (OpenSSL::PKey::DHError) > | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in > `new' > | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in > `new' > | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:37:in > `<class:SSLContext>' > | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:23:in > `<module:SSL>' > | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:22:in > `<module:OpenSSL>' > | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:21:in > `<top (required)>' > | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in > `require_relative' > | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in > `<top (required)>' > | from -:in `require' > ``` > > It seems that we need to apply the following patch that I applied to > CentOS 9 stream and RHEL 9 into Fedora too. I will work on it to pass > the tests on the current rawhide. > https://gitlab.com/redhat/centos-stream/rpms/ruby/-/commit/59242d8ce8261a... Thx! > > As a note, we can remove this patch after upgrading Ruby to 3.3.0. BTW could you also please check the patch was backported into upstream Ruby 3.2 or older? That way we could eventually drop it from everywhere. Thx.