Fix ELN FTBFS due to stronger crypto settings.
This commit is contained in:
Vít Ondruch
parent
22597b6039
commit
ff0f48acd6
39
ruby-3.2.0-Use-SHA256-instead-of-SHA1.patch
Normal file
39
ruby-3.2.0-Use-SHA256-instead-of-SHA1.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From 9b9825d6cdda053fea49eb2f613bc62bde465e89 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
|
||||
Date: Wed, 4 Jan 2023 17:23:35 +0100
|
||||
Subject: [PATCH] Use SHA256 instead of SHA1
|
||||
|
||||
Systems such as CentOS 9 / RHEL 9 are moving away from SHA1 disabling it
|
||||
by default via a system-wide crypto policy. This replaces SHA1 with
|
||||
SHA256 in similar way as [[1]].
|
||||
|
||||
[1]: https://github.com/ruby/openssl/pull/554
|
||||
---
|
||||
spec/ruby/library/openssl/x509/name/verify_spec.rb | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/spec/ruby/library/openssl/x509/name/verify_spec.rb b/spec/ruby/library/openssl/x509/name/verify_spec.rb
|
||||
index a8bf865bd..6dcfc9946 100644
|
||||
--- a/spec/ruby/library/openssl/x509/name/verify_spec.rb
|
||||
+++ b/spec/ruby/library/openssl/x509/name/verify_spec.rb
|
||||
@@ -12,7 +12,7 @@ describe "OpenSSL::X509::Name.verify" do
|
||||
cert.public_key = key.public_key
|
||||
cert.not_before = Time.now - 10
|
||||
cert.not_after = cert.not_before + 365 * 24 * 60 * 60
|
||||
- cert.sign key, OpenSSL::Digest.new('SHA1')
|
||||
+ cert.sign key, OpenSSL::Digest.new('SHA256')
|
||||
store = OpenSSL::X509::Store.new
|
||||
store.add_cert(cert)
|
||||
[store.verify(cert), store.error, store.error_string].should == [true, 0, "ok"]
|
||||
@@ -28,7 +28,7 @@ describe "OpenSSL::X509::Name.verify" do
|
||||
cert.public_key = key.public_key
|
||||
cert.not_before = Time.now - 10
|
||||
cert.not_after = Time.now - 5
|
||||
- cert.sign key, OpenSSL::Digest.new('SHA1')
|
||||
+ cert.sign key, OpenSSL::Digest.new('SHA256')
|
||||
store = OpenSSL::X509::Store.new
|
||||
store.add_cert(cert)
|
||||
store.verify(cert).should == false
|
||||
--
|
||||
2.38.1
|
||||
|
||||
13
ruby.spec
13
ruby.spec
@ -101,7 +101,7 @@
|
||||
Summary: An interpreter of object-oriented scripting language
|
||||
Name: ruby
|
||||
Version: %{ruby_version}%{?development_release}
|
||||
Release: 176%{?dist}
|
||||
Release: 177%{?dist}
|
||||
# BSD-3-Clause: missing/{crypt,mt19937,setproctitle}.c
|
||||
# ISC: missing/strl{cat,cpy}.c
|
||||
# Public Domain for example for: include/ruby/st.h, strftime.c, missing/*, ...
|
||||
@ -169,6 +169,13 @@ Patch8: ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch
|
||||
# https://bugs.ruby-lang.org/issues/19297
|
||||
Patch9: ruby-3.2.0-Revert-Fix-test-syntax-suggest-order.patch
|
||||
Patch10: ruby-3.2.0-Revert-Test-syntax_suggest-by-make-check.patch
|
||||
# Fix `OpenSSL::X509::CertificateError: invalid digest` errors on ELN. This
|
||||
# also might help Fedor, if/when
|
||||
# https://fedoraproject.org/wiki/Changes/StrongCryptoSettings3Forewarning2
|
||||
# is accepted.
|
||||
# https://github.com/ruby/spec/pull/990
|
||||
# https://bugs.ruby-lang.org/issues/19307
|
||||
Patch11: ruby-3.2.0-Use-SHA256-instead-of-SHA1.patch
|
||||
|
||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
Suggests: rubypick
|
||||
@ -642,6 +649,7 @@ rm -rf ext/fiddle/libffi*
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
|
||||
# Provide an example of usage of the tapset:
|
||||
cp -a %{SOURCE3} .
|
||||
@ -1568,6 +1576,9 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/TestGCCompact#test_moving_objects_between_siz
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Jan 05 2023 Vít Ondruch <vondruch@redhat.com> - 3.2.0-177
|
||||
- Fix ELN FTBFS due to stronger crypto settings.
|
||||
|
||||
* Mon Jan 02 2023 Vít Ondruch <vondruch@redhat.com> - 3.2.0-176
|
||||
- Upgrade to Ruby 3.2.0.
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user