Fix the broken SSL tests with MariaDB 10.5.18.

This commit fixes the broken SSL tests below.

The rubygem-mysql2 build started to fail with the error below by the `mysql`
that can't connect to the MariaDB server, when a dependency mariadb was upgraded
from the version 3:10.5.16-3.fc37 to 3:10.5.18-1.fc38.
https://koschei.fedoraproject.org/build/14086115

build.log
~~~
+ /usr/libexec/mysqld --datadir=/builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.5.4/data --log-error=/builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.5.4/mysql.log --socket=/builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.5.4/mysql.sock --pid-file=/builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.5.4/mysql.pid --port=13471 --ssl
++ seq 10
+ for i in $(seq 10)
+ sleep 1
2022-11-17 11:20:48 0 [Note] /usr/libexec/mysqld (mysqld 10.5.18-MariaDB) starting as process 1297 ...
+ grep -q 'ready for connections.' /builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.5.4/mysql.log
+ echo 'Waiting connections... 1'
...
+ echo 'Waiting connections... 10'
Waiting connections... 10
+ mysql -u mockbuild -e 'ALTER USER '\''root'\''@'\''localhost'\'' IDENTIFIED VIA mysql_native_password USING PASSWORD('\'''\'')' -S /builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.5.4/mysql.sock -P 13471
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.' (2)
~~~

After Michal Schorm <mschorm@redhat.com>'s investigation (thanks!), we found
the error comes from the not appropriate SSL configurations.

It was reported that in Fedora, the MariaDB 10.5.16 used downstream OpenSSL 3
patch, and the MariaDB 10.5.18 started to use upstream OpenSSL 3 patch.
And there are some differences between these two patch files. And the difference
triggered this issue.
See also <https://github.com/brianmario/mysql2/pull/1290>.

I also applied a patch to use the SSL pem files in the spec directory directly
to run the SSL tests. Because we can't set up the files in the `/etc/mysql`.
See also <https://github.com/brianmario/mysql2/pull/1293>.

I also regenerated the SSL certification files from the localhost. It requires
openssl as a build dependency. This is a temporary workaround. It is expected
that the certification files are managed in the upstream repository.
See also <https://github.com/brianmario/mysql2/pull/1296>.

Resolves: rhbz#2144488
This commit is contained in:
Jun Aruga 2022-12-16 21:00:37 +01:00
parent fd43948e4e
commit c33b1cff59
2 changed files with 61 additions and 1 deletions

View File

@ -0,0 +1,29 @@
From 06512d47dc1491bf5686b2bd89a8555de9f2acc9 Mon Sep 17 00:00:00 2001
From: Jun Aruga <jaruga@redhat.com>
Date: Thu, 22 Dec 2022 16:14:39 +0100
Subject: [PATCH] Use the SSL pem files in the Git repository.
---
spec/mysql2/client_spec.rb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/spec/mysql2/client_spec.rb b/spec/mysql2/client_spec.rb
index 5861882..3f5cda8 100644
--- a/spec/mysql2/client_spec.rb
+++ b/spec/mysql2/client_spec.rb
@@ -153,9 +153,9 @@ RSpec.describe Mysql2::Client do # rubocop:disable Metrics/BlockLength
let(:option_overrides) do
{
'host' => 'mysql2gem.example.com', # must match the certificates
- :sslkey => '/etc/mysql/client-key.pem',
- :sslcert => '/etc/mysql/client-cert.pem',
- :sslca => '/etc/mysql/ca-cert.pem',
+ :sslkey => 'spec/ssl/client-key.pem',
+ :sslcert => 'spec/ssl/client-cert.pem',
+ :sslca => 'spec/ssl/ca-cert.pem',
:sslcipher => 'DHE-RSA-AES256-SHA',
:sslverify => true,
}
--
2.38.1

View File

@ -6,7 +6,7 @@
Name: rubygem-%{gem_name} Name: rubygem-%{gem_name}
Version: 0.5.4 Version: 0.5.4
Release: 2%{?dist} Release: 3%{?dist}
Summary: A simple, fast Mysql library for Ruby, binding to libmysql Summary: A simple, fast Mysql library for Ruby, binding to libmysql
License: MIT License: MIT
URL: https://github.com/brianmario/mysql2 URL: https://github.com/brianmario/mysql2
@ -14,6 +14,9 @@ Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
# git clone --no-checkout https://github.com/brianmario/mysql2.git # git clone --no-checkout https://github.com/brianmario/mysql2.git
# cd mysql2 && git archive -v -o mysql2-0.5.3-tests.txz 0.5.3 spec/ # cd mysql2 && git archive -v -o mysql2-0.5.3-tests.txz 0.5.3 spec/
Source1: %{gem_name}-%{version}-tests.txz Source1: %{gem_name}-%{version}-tests.txz
# Use the SSL pem files in the upstream repositry for the SSL tests.
# https://github.com/brianmario/mysql2/pull/1293
Patch0: rubygem-mysql2-0.5.4-use-ssl-pem-files-in-repo.patch
# Required in lib/mysql2.rb # Required in lib/mysql2.rb
Requires: rubygem(bigdecimal) Requires: rubygem(bigdecimal)
@ -30,6 +33,8 @@ BuildRequires: %{_bindir}/hostname
BuildRequires: rubygem(bigdecimal) BuildRequires: rubygem(bigdecimal)
# Used in spec/em/em_spec.rb # Used in spec/em/em_spec.rb
BuildRequires: rubygem(eventmachine) BuildRequires: rubygem(eventmachine)
# Used in spec/ssl/gen_certs.sh
BuildRequires: %{_bindir}/openssl
%endif %endif
%description %description
@ -50,6 +55,10 @@ Documentation for %{name}
%prep %prep
%setup -q -n %{gem_name}-%{version} -b 1 %setup -q -n %{gem_name}-%{version} -b 1
pushd %{_builddir}/spec
%patch0 -p2
popd
%build %build
gem build ../%{gem_name}-%{version}.gemspec gem build ../%{gem_name}-%{version}.gemspec
%gem_install %gem_install
@ -75,6 +84,24 @@ pushd .%{gem_instdir}
ln -s %{_builddir}/spec spec ln -s %{_builddir}/spec spec
TOP_DIR=$(pwd) TOP_DIR=$(pwd)
# Regenerate the SSL certification files from the localhost, as we cannot set
# the host mysql2gem.example.com required for the SSL tests.
# https://github.com/brianmario/mysql2/pull/1296
sed -i '/host/ s/mysql2gem\.example\.com/localhost/' spec/mysql2/client_spec.rb
sed -i '/commonName_default/ s/mysql2gem\.example\.com/localhost/' spec/ssl/gen_certs.sh
pushd spec/ssl
bash gen_certs.sh
popd
# See https://github.com/brianmario/mysql2/blob/master/ci/ssl.sh
echo "
[mysqld]
ssl-ca=${TOP_DIR}/spec/ssl/ca-cert.pem
ssl-cert=${TOP_DIR}/spec/ssl/server-cert.pem
ssl-key=${TOP_DIR}/spec/ssl/server-key.pem
" > ~/.my.cnf
# Use testing port because the standard mysqld port 3306 is occupied. # Use testing port because the standard mysqld port 3306 is occupied.
# Assign a random port to consider a case of multi builds in parallel in a host. # Assign a random port to consider a case of multi builds in parallel in a host.
# https://src.fedoraproject.org/rpms/rubygem-pg/pull-request/3 # https://src.fedoraproject.org/rpms/rubygem-pg/pull-request/3
@ -168,6 +195,10 @@ kill "$(cat "${MYSQL_TEST_PID_FILE}")"
%changelog %changelog
* Fri Dec 16 2022 Jun Aruga <jaruga@redhat.com> - 0.5.4-3
- Fix the broken SSL tests with MariaDB 10.5.18.
Resolves: rhbz#2144488
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.4-2 * Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild