Fix ELN FTBFS due to stronger crypto settings.

This commit is contained in:
Vít Ondruch 2023-01-05 10:29:34 +01:00
parent 22597b6039
commit ff0f48acd6
2 changed files with 51 additions and 1 deletions

View File

@ -0,0 +1,39 @@
From 9b9825d6cdda053fea49eb2f613bc62bde465e89 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
Date: Wed, 4 Jan 2023 17:23:35 +0100
Subject: [PATCH] Use SHA256 instead of SHA1
Systems such as CentOS 9 / RHEL 9 are moving away from SHA1 disabling it
by default via a system-wide crypto policy. This replaces SHA1 with
SHA256 in similar way as [[1]].
[1]: https://github.com/ruby/openssl/pull/554
---
spec/ruby/library/openssl/x509/name/verify_spec.rb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/spec/ruby/library/openssl/x509/name/verify_spec.rb b/spec/ruby/library/openssl/x509/name/verify_spec.rb
index a8bf865bd..6dcfc9946 100644
--- a/spec/ruby/library/openssl/x509/name/verify_spec.rb
+++ b/spec/ruby/library/openssl/x509/name/verify_spec.rb
@@ -12,7 +12,7 @@ describe "OpenSSL::X509::Name.verify" do
cert.public_key = key.public_key
cert.not_before = Time.now - 10
cert.not_after = cert.not_before + 365 * 24 * 60 * 60
- cert.sign key, OpenSSL::Digest.new('SHA1')
+ cert.sign key, OpenSSL::Digest.new('SHA256')
store = OpenSSL::X509::Store.new
store.add_cert(cert)
[store.verify(cert), store.error, store.error_string].should == [true, 0, "ok"]
@@ -28,7 +28,7 @@ describe "OpenSSL::X509::Name.verify" do
cert.public_key = key.public_key
cert.not_before = Time.now - 10
cert.not_after = Time.now - 5
- cert.sign key, OpenSSL::Digest.new('SHA1')
+ cert.sign key, OpenSSL::Digest.new('SHA256')
store = OpenSSL::X509::Store.new
store.add_cert(cert)
store.verify(cert).should == false
--
2.38.1

View File

@ -101,7 +101,7 @@
Summary: An interpreter of object-oriented scripting language Summary: An interpreter of object-oriented scripting language
Name: ruby Name: ruby
Version: %{ruby_version}%{?development_release} Version: %{ruby_version}%{?development_release}
Release: 176%{?dist} Release: 177%{?dist}
# BSD-3-Clause: missing/{crypt,mt19937,setproctitle}.c # BSD-3-Clause: missing/{crypt,mt19937,setproctitle}.c
# ISC: missing/strl{cat,cpy}.c # ISC: missing/strl{cat,cpy}.c
# Public Domain for example for: include/ruby/st.h, strftime.c, missing/*, ... # Public Domain for example for: include/ruby/st.h, strftime.c, missing/*, ...
@ -169,6 +169,13 @@ Patch8: ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch
# https://bugs.ruby-lang.org/issues/19297 # https://bugs.ruby-lang.org/issues/19297
Patch9: ruby-3.2.0-Revert-Fix-test-syntax-suggest-order.patch Patch9: ruby-3.2.0-Revert-Fix-test-syntax-suggest-order.patch
Patch10: ruby-3.2.0-Revert-Test-syntax_suggest-by-make-check.patch Patch10: ruby-3.2.0-Revert-Test-syntax_suggest-by-make-check.patch
# Fix `OpenSSL::X509::CertificateError: invalid digest` errors on ELN. This
# also might help Fedor, if/when
# https://fedoraproject.org/wiki/Changes/StrongCryptoSettings3Forewarning2
# is accepted.
# https://github.com/ruby/spec/pull/990
# https://bugs.ruby-lang.org/issues/19307
Patch11: ruby-3.2.0-Use-SHA256-instead-of-SHA1.patch
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Suggests: rubypick Suggests: rubypick
@ -642,6 +649,7 @@ rm -rf ext/fiddle/libffi*
%patch8 -p1 %patch8 -p1
%patch9 -p1 %patch9 -p1
%patch10 -p1 %patch10 -p1
%patch11 -p1
# Provide an example of usage of the tapset: # Provide an example of usage of the tapset:
cp -a %{SOURCE3} . cp -a %{SOURCE3} .
@ -1568,6 +1576,9 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/TestGCCompact#test_moving_objects_between_siz
%changelog %changelog
* Thu Jan 05 2023 Vít Ondruch <vondruch@redhat.com> - 3.2.0-177
- Fix ELN FTBFS due to stronger crypto settings.
* Mon Jan 02 2023 Vít Ondruch <vondruch@redhat.com> - 3.2.0-176 * Mon Jan 02 2023 Vít Ondruch <vondruch@redhat.com> - 3.2.0-176
- Upgrade to Ruby 3.2.0. - Upgrade to Ruby 3.2.0.