Dne 09. 11. 23 v 16:41 Jun Aruga (he / him) napsal(a):
On Thu, Nov 9, 2023 at 10:03 AM Vít Ondruch <vondr...@redhat.com> wrote:Dne 08. 11. 23 v 18:31 Jun Aruga (he / him) napsal(a):Hello folks in Ruby SIG. I just want to share that right now rpms/ruby started to fail in Fedora rawhide after the dependent openssl version was upgraded from openssl 1:3.1.1-4.fc40 to 1:3.1.4-1.fc40. https://koschei.fedoraproject.org/package/ruby?collection=f40 ``` 1) Failure: OpenSSL::TestFIPS#test_fips_mode_get_is_true_on_fips_mode_enabled [/builddir/build/BUILD/ruby-3.2.2/test/openssl/test_fips.rb:12]: assert_separately failed with error message pid 93922 exit 1 | /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `initialize': could not parse pkey (OpenSSL::PKey::DHError) | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `new' | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `new' | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:37:in `<class:SSLContext>' | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:23:in `<module:SSL>' | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:22:in `<module:OpenSSL>' | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:21:in `<top (required)>' | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in `require_relative' | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in `<top (required)>' | from -:in `require' 2) Failure: OpenSSL::TestFIPS#test_fips_mode_get_with_fips_mode_set [/builddir/build/BUILD/ruby-3.2.2/test/openssl/test_fips.rb:38]: assert_separately failed with error message pid 93924 exit 1 | /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `initialize': could not parse pkey (OpenSSL::PKey::DHError) | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `new' | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `new' | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:37:in `<class:SSLContext>' | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:23:in `<module:SSL>' | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:22:in `<module:OpenSSL>' | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:21:in `<top (required)>' | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in `require_relative' | from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in `<top (required)>' | from -:in `require' ``` It seems that we need to apply the following patch that I applied to CentOS 9 stream and RHEL 9 into Fedora too. I will work on it to pass the tests on the current rawhide. https://gitlab.com/redhat/centos-stream/rpms/ruby/-/commit/59242d8ce8261a9759dfb2bd8db673e55061a28bThx!As a note, we can remove this patch after upgrading Ruby to 3.3.0.BTW could you also please check the patch was backported into upstream Ruby 3.2 or older? That way we could eventually drop it from everywhere. Thx.I sent the PR. I need to test it by myself. But please review. https://src.fedoraproject.org/rpms/ruby/pull-request/163 Yes, the patch is already upstream below. I expect that the patch is included in Ruby 3.3.0. https://github.com/ruby/ruby/commit/b6d7cdc2bad0eadbca73f3486917f0ec7a475814
But my question was if the patch was backported for Ruby 3.2 and possibly older. That would eventually allowed us to remove the Patch from Fedora/c9s. Checking the repo [1], it does not seems to be the case. Not sure if there is backport request opened somewhere.
Vít[1] https://github.com/ruby/ruby/commits/ruby_3_2/ext/openssl/lib/openssl/ssl.rb
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ ruby-sig mailing list -- ruby-sig@lists.fedoraproject.org To unsubscribe send an email to ruby-sig-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/ruby-sig@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
