Commit Graph

703 Commits

Author SHA1 Message Date
Jun Aruga
8d5b538747 ssl: use ffdhe2048 from RFC 7919 as the default DH group parameter
When the dependant openssl-libs was upgraded from 1:3.1.1-4.fc40 to
1:3.1.4-1.fc40, Fedora rawhide started to fail on Koschei.

This commit fixes the following failures in OpenSSL FIPS.

```
+ make -C redhat-linux-build runruby 'TESTRUN_SCRIPT=   -I/builddir/build/BUILD/ruby-3.2.2/tool/lib --enable-gems   /builddir/build/SOURCES/test_openssl_fips.rb /builddir/build/BUILD/ruby-3.2.2 --verbose'
...
  1) Failure:
OpenSSL::TestFIPS#test_fips_mode_get_with_fips_mode_set [/builddir/build/BUILD/ruby-3.2.2/test/openssl/test_fips.rb:38]:
assert_separately failed with error message
pid 93968 exit 1
| /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `initialize': could not parse pkey (OpenSSL::PKey::DHError)
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `new'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `new'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:37:in `<class:SSLContext>'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:23:in `<module:SSL>'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:22:in `<module:OpenSSL>'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:21:in `<top (required)>'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in `require_relative'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in `<top (required)>'
| >-from -:in `require'
  2) Failure:
OpenSSL::TestFIPS#test_fips_mode_get_is_true_on_fips_mode_enabled [/builddir/build/BUILD/ruby-3.2.2/test/openssl/test_fips.rb:12]:
assert_separately failed with error message
pid 93969 exit 1
| /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `initialize': could not parse pkey (OpenSSL::PKey::DHError)
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `new'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `new'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:37:in `<class:SSLContext>'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:23:in `<module:SSL>'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:22:in `<module:OpenSSL>'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:21:in `<top (required)>'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in `require_relative'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in `<top (required)>'
| >-from -:in `require'
Finished tests in 0.166449s, 72.0941 tests/s, 342.4468 assertions/s.
12 tests, 57 assertions, 2 failures, 0 errors, 1 skips
```

The commit was ported from CentOS Stream rpms/ruby stream-ruby-3.1-rhel-9.4.0 branch:
<59242d8ce8>.
2023-11-09 17:58:10 +01:00
Vít Ondruch
5fd12c42e7 Cache Gem.default_dir
RubyGems do internally the same \[[1]\]. This should help with:

1) Performance (not tested)
2) Running RubyGems test suite (main motivation), which actually
   overrides the `@default_dir` \[[2]\] to be able to place test content
   into dedicated directory.

[1]: f8e87eba76/lib/rubygems/defaults.rb (L38)
[2]: f8e87eba76/test/rubygems/helper.rb (L372)
2023-11-03 17:12:13 +01:00
Vít Ondruch
d432c95c15 Remove spaces from changelog NVR. 2023-11-03 12:24:38 +01:00
Jarek Prokop
393e74f1e0 Fix bundled provide net-http-persistent typo. 2023-11-02 16:06:07 +01:00
Jun Aruga
1f35109c5e Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. 2023-09-22 12:54:53 +02:00
Fedora Release Engineering
64dc6dd3e4 Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-07-21 17:14:32 +00:00
Jarek Prokop
814eaf5324 Re-enable FFI related tests.
libffi since NVR libffi-3.4.4-3.fc39 builds with static trampolines
enabled. This fixes the failures which were the reason for disabling
the tests.

Since it recently landed in Rawhide, we can re-enable the tests.
2023-07-12 10:30:51 +02:00
Pavel Valena
da8822cd33 Use new %patch macro
instead of %patchN, as advised by warning:

%patchN is deprecated (11 usages found), use %patch N (or %patch -P N)
2023-05-03 11:11:47 +02:00
Vít Ondruch
9e39fd242a Upgrade to Ruby 3.2.2.
Resolves: rhbz#2183284
2023-03-31 15:27:47 +02:00
Vít Ondruch
31778c5ebd Use %{_fileattsdir} for RPM macro generator. 2023-03-08 13:11:49 +01:00
Vít Ondruch
8f9fe41ba6 Use %{_rpmmacrodir} for RPM macros. 2023-03-08 13:09:30 +01:00
Vít Ondruch
59f62d6bc9 Upgrade to Ruby 3.2.1.
Resolves: rhbz#2168292
2023-02-10 10:45:13 +01:00
Vít Ondruch
65acd291de yaml and libffi sources are not bundled anymore.
https://bugs.ruby-lang.org/issues/18571
2023-02-09 14:22:39 +01:00
Miro Hrončok
9c8400d99a Don't Suggest rubypick when built without rubypick 2023-01-25 12:06:23 +01:00
Fedora Release Engineering
d46ef9bbf3 Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-20 20:05:46 +00:00
Vít Ondruch
ff0f48acd6 Fix ELN FTBFS due to stronger crypto settings. 2023-01-05 10:30:24 +01:00
Vít Ondruch
22597b6039 Fix compatibilty with rpmlint 2.0+
Revert "ruby.rpmlintrc: Add a filter for "E: shared-lib-without-dependency-information"."

This reverts commit aee17a2180.

This is not needed anymore, because Zuul runs rpmlint 2.0+ already.
2023-01-02 18:20:46 +01:00
Vít Ondruch
c4043528c1 The missing-call-to-chdir-with-chroot test was removed in rpmlint 2.0
83f915a54d
2023-01-02 18:16:58 +01:00
Vít Ondruch
be9fcec798 gem.build_complete is corectly recognized by rpmlint 2.0+ 2023-01-02 18:13:01 +01:00
Vít Ondruch
f2899ee090 Upgrade to Ruby 3.2.0.
For details of the evolution please check `private-ruby-3.2` branch.
2023-01-02 18:09:09 +01:00
Yaakov Selkowitz
25858e766a Add upstream patches to avoid SHA1 usage in ossl 2022-12-22 11:37:52 -05:00
Vít Ondruch
f8ef5964d0 Fix for tzdata-2022g. 2022-12-21 16:11:40 +01:00
Vít Ondruch
b1748af87f Fix CGI causing issue with leading '.' in domain names.
The original issue broke rubygem-actionpack:

https://github.com/rails/rails/issues/46578
https://github.com/rails/rails/pull/46595

rubygem-rack:

https://github.com/rack/rack/pull/1988

And rack-test (where I have not checked details).
2022-12-08 18:06:47 +01:00
Vít Ondruch
2cdb051166 Disable MJIT test cases on i686 due to issues with PCH. 2022-12-08 18:06:11 +01:00
Vít Ondruch
9819174c8d Use --enable-mkmf-verbose configuration opiton instead of patch.
https://github.com/ruby/ruby/pull/5879
2022-11-28 12:20:25 +01:00
Vít Ondruch
649a6e3083 Upgrade to Ruby 3.1.3. 2022-11-28 12:20:25 +01:00
Vít Ondruch
1d0c071aeb Revert "Re-enable package notes."
This reverts commit 588a4ae9f0, because it
causes additional issues:

https://bugzilla.redhat.com/show_bug.cgi?id=2043092#c67
2022-11-22 18:24:53 +01:00
Jun Aruga
79d75fdcdd Bypass git submodule test failure on Git >= 2.38.1. 2022-11-03 10:59:34 +01:00
Vít Ondruch
588a4ae9f0 Re-enable package notes.
The rhbz#2043092 is not resolved. Nevertheless, the generation of
package notes should not break builds of rubygem- packages anymore.
Nevertheless, the additional linker options will keep making issues for
`gem install`ed gems. Nothing new here unfortunately.
2022-09-29 09:27:19 +02:00
Jarek Prokop
c2026da175 Disable Fiddle test cases making use of FFI closure.
Fiddle::Closure object is making use of FFI closure
from libffi. When such object is created (instantiated) in Ruby,
and then the process forks on an SELinux-enabled system, the memory
will become corrupted. That is usually not a problem until the
The garbage collector sweeps the object and tries to free it, in which case the
Ruby process will fail with signal SIGABRT.

Tests in test/fiddle/test_closure.rb, test/fiddle/test_func.rb,
and test/fiddle/test_function.rb use the `Fiddle::Closure` class
directly and fiddle/test_import.rb use the class indirectly through
`bind_function` method, therefore they are disabled to prevent
introducing the problematic object into the Ruby GC during test suite
execution instead of relying on that fork and subsequent
garbage collection will not happen.

If an FFI closure object is allocated in Ruby
and the `fork` function is used afterward, the memory
pointing to the closure gets corrupted, and if Ruby GC
tries to collect the object in that state, a SIGABRT
error occurs.

The minimal Ruby reproducer for the issue is the following:
~~~
$ cat fiddle_fork.rb
require 'fiddle/closure'
require 'fiddle/struct'

Fiddle::Closure.new(Fiddle::TYPE_VOID, [])

fork { }

GC.start
~~~

We allocate an unused Closure object,
so it is free for the GC to pick up. Before we call `GC.start`
we fork the process as that corrupts the memory.

Running this with ruby-3.1.2-167.fc37.x86_64 on SELinux enabled system:
~~~
$ ruby fiddle_fork.rb
Aborted (core dumped)
~~~

Such issues may appear at random (depending on the use of forking and GC)
in larger applications that use Fiddle::Closure but can be spotted by the
following functions appearing in the coredump backtrace:
~~~
0x00007f6284d3e5b3 in dlfree (mem=<optimized out>) at ../src/dlmalloc.c:4350
0x00007f6284d6d0b1 in dealloc () from /usr/lib64/ruby/fiddle.so
0x00007f6295e432ec in finalize_list () from /lib64/libruby.so.3.1
0x00007f6295e43420 in finalize_deferred.lto_priv () from /lib64/libruby.so.3.1
0x00007f6295e4ff1c in gc_start_internal.lto_priv () from /lib64/libruby.so.3.1
~~~

Possible solutions to prevent Ruby from crashing:
* Do not use Fiddle::Closure.
* Use the Fiddle::Closure object only in isolated subprocess that
  will not fork further.
* Enable static trampolines in libffi as noted in bugzilla comment:
  <https://bugzilla.redhat.com/show_bug.cgi?id=2040380#c9>

See related discussion on
<https://bugzilla.redhat.com/show_bug.cgi?id=2040380>

Ruby upstream ticket:
<https://bugs.ruby-lang.org/issues/18914>

Ruby Fiddle ticket:
<https://github.com/ruby/fiddle/issues/102>
2022-09-02 14:54:35 +02:00
Jun Aruga
3f106c188e Add IRB to ruby-bundled-gems recommends.
Resolves: rhbz#2120562
2022-08-29 15:11:15 +02:00
Jun Aruga
bf921512e2 Make RDoc soft dependnecy in IRB.
Resolves: rhbz#2119964
2022-08-29 15:05:44 +02:00
Jun Aruga
ad7f78b5c8 Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b.
Resolves: rhbz#2120354
2022-08-24 15:58:40 +02:00
Jarek Prokop
f93afdebdd Fix Ruby build failing due to unremovable tmp subdirectory.
RPM 4.18.0-beta1 or later versions remove the build directory
automatically, the build fails on removing temporary directories with
the missing 'w' bit.

RubyGems contain this patch since version 3.3.8.
This was merged to ruby_3_1 branch in upstream ruby, but it is not
included in the v3_1_2 tag, so new Ruby 3.1 release should contain this
change.

Relevant RPM upstream PR: https://github.com/rpm-software-management/rpm/pull/2080
Relevant bug: https://bugzilla.redhat.com/show_bug.cgi?id=2105393
2022-07-25 11:55:57 +02:00
Fedora Release Engineering
e2951e6856 Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-23 01:10:40 +00:00
Jarek Prokop
ca94aff023 Define the GC compaction support during run time.
Previous commit changed GC compaction methods to not be implemented
when not supported. However, that commit only does compile time checks,
but there are additional compaction support checks during run time.

This commit changes it so that GC compaction methods aren't defined
also during run time if the platform does not support GC compaction.

The patch is manually backported from following change set:
https://github.com/ruby/ruby/pull/6019
2c19086323

To apply the patch included with this commit,
first apply `ruby-3.2.0-define-unsupported-gc-compaction-methods-as-rb_f_notimplement.patch`
and then apply the `ruby-3.2.0-detect_compaction_support_during_runtime.patch`.

Related upstream issue: https://bugs.ruby-lang.org/issues/18829
2022-06-24 14:09:42 +02:00
Jarek Prokop
b7b5473796 Define compaction methods as rb_f_notimplement on unsupported platforms.
The patch implements the methods as rb_f_notimplement.
To test for compaction users can now use `GC.respond_to?(:compact)`.

The upstream patch relies on the macro `GC_COMPACTION_SUPPORTED`
that is defined when the `__wasi__` is false. The define is defined by
an arch conditional in the specfile, which is not optimal but works in our case.
663833b08f
https://bugs.ruby-lang.org/issues/18829

This also requires regenerating the gc.rbinc and miniprelude.c
since the patch touches gc.rb. This patch is available in
ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch.

To regenerate the gc.rbinc and miniprelude.c files patch:
~~~
tar -Jxvf ./ruby-3.1.2.tar.xz
git clone https://github.com/ruby/ruby.git
cd ruby && git checkout v3_1_2
patch -p1 < ../ruby-3.2.0-define-unsupported-gc-compaction-methods-as-rb_f_notimplement.patch
./autogen.sh && ./configure
make gc.rbinc miniprelude.c
cd ..
diff -u {ruby-3.1.2,ruby}/gc.rbinc > ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch
diff -u {ruby-3.1.2,ruby}/miniprelude.c >> ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch
~~~

Uptream bug: https://bugs.ruby-lang.org/issues/18779
Upstream PR: https://github.com/ruby/ruby/pull/5934
2022-06-14 12:59:25 +02:00
Jun Aruga
2c91b113bb Update a comment about make verbose option, dropping Q= explanation.
According to the <https://bugs.ruby-lang.org/issues/18756>, the `Q=` is not
recommended. The `V=1` is recommended to output for the verbose mode.
The `make V=1` suppresses some logs that `make` without `V=1` outputs rather
than just adding verbose logs.

While the `V=1 ECHO0=echo` is more equivalent with `Q=`, the
`make V=1 ECHO0=echo` doesn't really output meaningful logs additionally.
So, the `make V=1` is the best option for us to check the compiler flags.
2022-05-12 11:50:01 +02:00
Jun Aruga
03e8cec9fe Drop Q= in make options.
Because the `%make_build` macro includes the `V=1`. Note there is no actual
difference of build.log between before and after this commit.

```
$ rpm --eval %make_build
/usr/bin/make -O -j8 V=1 VERBOSE=1
```
2022-04-29 16:01:56 +02:00
Vít Ondruch
c2061af620 Use upstream patch for correct build of gem extensions. 2022-04-14 13:50:23 +02:00
Vít Ondruch
09d0e79c2b Upgrade to Ruby 3.1.2. 2022-04-14 13:50:23 +02:00
Vít Ondruch
22d91a0910 Properly build binary gem extensions.
Because the gem extensions were built in `%{buildroot}` they referred
`BUILDROOT` directory, which would be under normal circumstances
reported by RPM, but there was a bug in RPM due to changes in grep:

https://github.com/rpm-software-management/rpm/issues/1968
2022-04-04 12:30:05 +02:00
Jun Aruga
796a198176 Add Bundler tests.
* Add `make test-bundler-parallel` executed on the upstream CI.
  See <41a48535d1/.github/workflows/ubuntu.yml (L22)>.
* The tests are disabled as a default, as it requires the internet.
  Run the Bundler tests as follows.
  ```
  $ mock --with bundler_tests ruby-3.1.0-161.fc37.src.rpm
  ```
* Fix a test for `bin/bundle update --bundler` in `make test-bundler`.
2022-03-22 19:10:01 +01:00
Jun Aruga
aee17a2180 ruby.rpmlintrc: Add a filter for "E: shared-lib-without-dependency-information".
Add a filter for "E: shared-lib-without-dependency-information" for
rpmlint 1.11 compatibility in Zuul CI.
2022-03-15 23:15:53 +01:00
Jun Aruga
df8cc89df4 ruby.rpmlintrc: Recover the filter to ignore a false positive missing-call-to-chdir-with-chroot error.
The filter was deleted at the b0ce095f6d . But it
is still needed to pass Zuul CI.
2022-03-15 23:15:49 +01:00
Jun Aruga
9e774fba70 ruby.rpmlintrc: Ignore zero-length error for gem.build_complete file.
This error is gone as false positive in rpmlint 2.0+. However the rpmlint
version on Zuul CI running on the Fedora 34 container is still 1.11. After Zuul
CI is upgraded to Fedora 35+ container, and uses the rpmlint 2, we can notice
this filter is not used by "E: unused-rpmlintrc-filter" error, and remove it.
2022-03-15 23:15:44 +01:00
Vít Ondruch
74983bcd56 Upgrade to Ruby 3.1.1. 2022-03-15 13:26:14 +01:00
Jun Aruga
67d5a7b3c6 Revert "Remove colon from load call."
This is for a compatibility of Zuul CI still using RPM 4.16 on F34.

This reverts commit 46ee70614f.
2022-03-14 11:28:52 +01:00
Vít Ondruch
204bab4f7f Prevent segfaults running with SystemTap. 2022-02-10 14:14:12 +01:00
Vít Ondruch
8157cd4820 Revert "Temporary bump rubygem-json release."
This reverts commit 1ff09bed2b.
2022-01-26 15:33:43 +01:00