Fix ELN FTBFS due to stronger crypto settings.
This commit is contained in:
parent
22597b6039
commit
ff0f48acd6
39
ruby-3.2.0-Use-SHA256-instead-of-SHA1.patch
Normal file
39
ruby-3.2.0-Use-SHA256-instead-of-SHA1.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
From 9b9825d6cdda053fea49eb2f613bc62bde465e89 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
|
||||||
|
Date: Wed, 4 Jan 2023 17:23:35 +0100
|
||||||
|
Subject: [PATCH] Use SHA256 instead of SHA1
|
||||||
|
|
||||||
|
Systems such as CentOS 9 / RHEL 9 are moving away from SHA1 disabling it
|
||||||
|
by default via a system-wide crypto policy. This replaces SHA1 with
|
||||||
|
SHA256 in similar way as [[1]].
|
||||||
|
|
||||||
|
[1]: https://github.com/ruby/openssl/pull/554
|
||||||
|
---
|
||||||
|
spec/ruby/library/openssl/x509/name/verify_spec.rb | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/spec/ruby/library/openssl/x509/name/verify_spec.rb b/spec/ruby/library/openssl/x509/name/verify_spec.rb
|
||||||
|
index a8bf865bd..6dcfc9946 100644
|
||||||
|
--- a/spec/ruby/library/openssl/x509/name/verify_spec.rb
|
||||||
|
+++ b/spec/ruby/library/openssl/x509/name/verify_spec.rb
|
||||||
|
@@ -12,7 +12,7 @@ describe "OpenSSL::X509::Name.verify" do
|
||||||
|
cert.public_key = key.public_key
|
||||||
|
cert.not_before = Time.now - 10
|
||||||
|
cert.not_after = cert.not_before + 365 * 24 * 60 * 60
|
||||||
|
- cert.sign key, OpenSSL::Digest.new('SHA1')
|
||||||
|
+ cert.sign key, OpenSSL::Digest.new('SHA256')
|
||||||
|
store = OpenSSL::X509::Store.new
|
||||||
|
store.add_cert(cert)
|
||||||
|
[store.verify(cert), store.error, store.error_string].should == [true, 0, "ok"]
|
||||||
|
@@ -28,7 +28,7 @@ describe "OpenSSL::X509::Name.verify" do
|
||||||
|
cert.public_key = key.public_key
|
||||||
|
cert.not_before = Time.now - 10
|
||||||
|
cert.not_after = Time.now - 5
|
||||||
|
- cert.sign key, OpenSSL::Digest.new('SHA1')
|
||||||
|
+ cert.sign key, OpenSSL::Digest.new('SHA256')
|
||||||
|
store = OpenSSL::X509::Store.new
|
||||||
|
store.add_cert(cert)
|
||||||
|
store.verify(cert).should == false
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
13
ruby.spec
13
ruby.spec
@ -101,7 +101,7 @@
|
|||||||
Summary: An interpreter of object-oriented scripting language
|
Summary: An interpreter of object-oriented scripting language
|
||||||
Name: ruby
|
Name: ruby
|
||||||
Version: %{ruby_version}%{?development_release}
|
Version: %{ruby_version}%{?development_release}
|
||||||
Release: 176%{?dist}
|
Release: 177%{?dist}
|
||||||
# BSD-3-Clause: missing/{crypt,mt19937,setproctitle}.c
|
# BSD-3-Clause: missing/{crypt,mt19937,setproctitle}.c
|
||||||
# ISC: missing/strl{cat,cpy}.c
|
# ISC: missing/strl{cat,cpy}.c
|
||||||
# Public Domain for example for: include/ruby/st.h, strftime.c, missing/*, ...
|
# Public Domain for example for: include/ruby/st.h, strftime.c, missing/*, ...
|
||||||
@ -169,6 +169,13 @@ Patch8: ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch
|
|||||||
# https://bugs.ruby-lang.org/issues/19297
|
# https://bugs.ruby-lang.org/issues/19297
|
||||||
Patch9: ruby-3.2.0-Revert-Fix-test-syntax-suggest-order.patch
|
Patch9: ruby-3.2.0-Revert-Fix-test-syntax-suggest-order.patch
|
||||||
Patch10: ruby-3.2.0-Revert-Test-syntax_suggest-by-make-check.patch
|
Patch10: ruby-3.2.0-Revert-Test-syntax_suggest-by-make-check.patch
|
||||||
|
# Fix `OpenSSL::X509::CertificateError: invalid digest` errors on ELN. This
|
||||||
|
# also might help Fedor, if/when
|
||||||
|
# https://fedoraproject.org/wiki/Changes/StrongCryptoSettings3Forewarning2
|
||||||
|
# is accepted.
|
||||||
|
# https://github.com/ruby/spec/pull/990
|
||||||
|
# https://bugs.ruby-lang.org/issues/19307
|
||||||
|
Patch11: ruby-3.2.0-Use-SHA256-instead-of-SHA1.patch
|
||||||
|
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Suggests: rubypick
|
Suggests: rubypick
|
||||||
@ -642,6 +649,7 @@ rm -rf ext/fiddle/libffi*
|
|||||||
%patch8 -p1
|
%patch8 -p1
|
||||||
%patch9 -p1
|
%patch9 -p1
|
||||||
%patch10 -p1
|
%patch10 -p1
|
||||||
|
%patch11 -p1
|
||||||
|
|
||||||
# Provide an example of usage of the tapset:
|
# Provide an example of usage of the tapset:
|
||||||
cp -a %{SOURCE3} .
|
cp -a %{SOURCE3} .
|
||||||
@ -1568,6 +1576,9 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/TestGCCompact#test_moving_objects_between_siz
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jan 05 2023 Vít Ondruch <vondruch@redhat.com> - 3.2.0-177
|
||||||
|
- Fix ELN FTBFS due to stronger crypto settings.
|
||||||
|
|
||||||
* Mon Jan 02 2023 Vít Ondruch <vondruch@redhat.com> - 3.2.0-176
|
* Mon Jan 02 2023 Vít Ondruch <vondruch@redhat.com> - 3.2.0-176
|
||||||
- Upgrade to Ruby 3.2.0.
|
- Upgrade to Ruby 3.2.0.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user