On Thu, Nov 9, 2023 at 5:01 PM Vít Ondruch <vondr...@redhat.com> wrote: > > > Dne 09. 11. 23 v 16:41 Jun Aruga (he / him) napsal(a): > > On Thu, Nov 9, 2023 at 10:03 AM Vít Ondruch <vondr...@redhat.com> wrote: > >> > >> Dne 08. 11. 23 v 18:31 Jun Aruga (he / him) napsal(a): > >>> Hello folks in Ruby SIG. > >>> > >>> I just want to share that right now rpms/ruby started to fail in > >>> Fedora rawhide after the dependent openssl version was upgraded from > >>> openssl 1:3.1.1-4.fc40 to 1:3.1.4-1.fc40. > >>> https://koschei.fedoraproject.org/package/ruby?collection=f40 > >>> > >>> ``` > >>> 1) Failure: > >>> OpenSSL::TestFIPS#test_fips_mode_get_is_true_on_fips_mode_enabled > >>> [/builddir/build/BUILD/ruby-3.2.2/test/openssl/test_fips.rb:12]: > >>> assert_separately failed with error message > >>> pid 93922 exit 1 > >>> | > >>> /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in > >>> `initialize': could not parse pkey (OpenSSL::PKey::DHError) > >>> | from > >>> /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in > >>> `new' > >>> | from > >>> /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in > >>> `new' > >>> | from > >>> /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:37:in > >>> `<class:SSLContext>' > >>> | from > >>> /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:23:in > >>> `<module:SSL>' > >>> | from > >>> /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:22:in > >>> `<module:OpenSSL>' > >>> | from > >>> /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:21:in > >>> `<top (required)>' > >>> | from > >>> /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in > >>> `require_relative' > >>> | from > >>> /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in > >>> `<top (required)>' > >>> | from -:in `require' > >>> 2) Failure: > >>> OpenSSL::TestFIPS#test_fips_mode_get_with_fips_mode_set > >>> [/builddir/build/BUILD/ruby-3.2.2/test/openssl/test_fips.rb:38]: > >>> assert_separately failed with error message > >>> pid 93924 exit 1 > >>> | > >>> /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in > >>> `initialize': could not parse pkey (OpenSSL::PKey::DHError) > >>> | from > >>> /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in > >>> `new' > >>> | from > >>> /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in > >>> `new' > >>> | from > >>> /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:37:in > >>> `<class:SSLContext>' > >>> | from > >>> /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:23:in > >>> `<module:SSL>' > >>> | from > >>> /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:22:in > >>> `<module:OpenSSL>' > >>> | from > >>> /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:21:in > >>> `<top (required)>' > >>> | from > >>> /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in > >>> `require_relative' > >>> | from > >>> /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in > >>> `<top (required)>' > >>> | from -:in `require' > >>> ``` > >>> > >>> It seems that we need to apply the following patch that I applied to > >>> CentOS 9 stream and RHEL 9 into Fedora too. I will work on it to pass > >>> the tests on the current rawhide. > >>> https://gitlab.com/redhat/centos-stream/rpms/ruby/-/commit/59242d8ce8261a9759dfb2bd8db673e55061a28b > >> > >> Thx! > >> > >> > >>> As a note, we can remove this patch after upgrading Ruby to 3.3.0. > >> > >> BTW could you also please check the patch was backported into upstream > >> Ruby 3.2 or older? That way we could eventually drop it from everywhere. > >> Thx. > > I sent the PR. I need to test it by myself. But please review. > > https://src.fedoraproject.org/rpms/ruby/pull-request/163 > > > > Yes, the patch is already upstream below. I expect that the patch is > > included in Ruby 3.3.0. > > https://github.com/ruby/ruby/commit/b6d7cdc2bad0eadbca73f3486917f0ec7a475814 > > > > But my question was if the patch was backported for Ruby 3.2 and > possibly older. That would eventually allowed us to remove the Patch > from Fedora/c9s. Checking the repo [1], it does not seems to be the > case. Not sure if there is backport request opened somewhere.
Ah, sorry I misunderstood your question. You are right. This patch and other patches to pass the FIPS tests are not backported to ruby/ruby ruby_3_2 branches. And there are no backport requests for that right now. OK. I will open the backport request ticket in the Ruby project. -- Jun | He - Him | Timezone: UTC+1 or 2, Czech Republic See <https://www.worldtimebuddy.com/czech-republic-prague-to-utc> for the timezone. _______________________________________________ ruby-sig mailing list -- ruby-sig@lists.fedoraproject.org To unsubscribe send an email to ruby-sig-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/ruby-sig@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
