From 46c96e18494806f1ae003ed0103df25b63a1f7f0 Mon Sep 17 00:00:00 2001
From: Jun Aruga <jaruga@redhat.com>
Date: Dec 22 2022 15:37:54 +0000
Subject: Fix the broken SSL tests with MariaDB 10.5.18.


This commit fixes the broken SSL tests below.

The rubygem-mysql2 build started to fail with the error below by the `mysql`
that can't connect to the MariaDB server, when a dependency mariadb was upgraded
from the version 3:10.5.16-3.fc37 to 3:10.5.18-1.fc38.
https://koschei.fedoraproject.org/build/14086115

build.log
~~~
+ /usr/libexec/mysqld --datadir=/builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.5.4/data --log-error=/builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.5.4/mysql.log --socket=/builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.5.4/mysql.sock --pid-file=/builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.5.4/mysql.pid --port=13471 --ssl
++ seq 10
+ for i in $(seq 10)
+ sleep 1
2022-11-17 11:20:48 0 [Note] /usr/libexec/mysqld (mysqld 10.5.18-MariaDB) starting as process 1297 ...
+ grep -q 'ready for connections.' /builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.5.4/mysql.log
+ echo 'Waiting connections... 1'
...
+ echo 'Waiting connections... 10'
Waiting connections... 10
+ mysql -u mockbuild -e 'ALTER USER '\''root'\''@'\''localhost'\'' IDENTIFIED VIA mysql_native_password USING PASSWORD('\'''\'')' -S /builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.5.4/mysql.sock -P 13471
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.' (2)
~~~

After Michal Schorm <mschorm@redhat.com>'s investigation (thanks!), we found
the error comes from the not appropriate SSL configurations.

It was reported that in Fedora, the MariaDB 10.5.16 used downstream OpenSSL 3
patch, and the MariaDB 10.5.18 started to use upstream OpenSSL 3 patch.
And there are some differences between these two patch files. And the difference
triggered this issue.

See also <https://github.com/brianmario/mysql2/pull/1290>.

I also applied a patch to use the SSL pem files in the spec directory directly
to run the SSL tests. Because we can't set up the files in the `/etc/mysql`.

See also <https://github.com/brianmario/mysql2/pull/1293>.

Resolves: rhbz#2144488

---

diff --git a/rubygem-mysql2-0.5.4-use-ssl-pem-files-in-repo.patch b/rubygem-mysql2-0.5.4-use-ssl-pem-files-in-repo.patch
new file mode 100644
index 0000000..f0c0084
--- /dev/null
+++ b/rubygem-mysql2-0.5.4-use-ssl-pem-files-in-repo.patch
@@ -0,0 +1,29 @@
+From 06512d47dc1491bf5686b2bd89a8555de9f2acc9 Mon Sep 17 00:00:00 2001
+From: Jun Aruga <jaruga@redhat.com>
+Date: Thu, 22 Dec 2022 16:14:39 +0100
+Subject: [PATCH] Use the SSL pem files in the Git repository.
+
+---
+ spec/mysql2/client_spec.rb | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/spec/mysql2/client_spec.rb b/spec/mysql2/client_spec.rb
+index 5861882..3f5cda8 100644
+--- a/spec/mysql2/client_spec.rb
++++ b/spec/mysql2/client_spec.rb
+@@ -153,9 +153,9 @@ RSpec.describe Mysql2::Client do # rubocop:disable Metrics/BlockLength
+     let(:option_overrides) do
+       {
+         'host'     => 'mysql2gem.example.com', # must match the certificates
+-        :sslkey    => '/etc/mysql/client-key.pem',
+-        :sslcert   => '/etc/mysql/client-cert.pem',
+-        :sslca     => '/etc/mysql/ca-cert.pem',
++        :sslkey    => 'spec/ssl/client-key.pem',
++        :sslcert   => 'spec/ssl/client-cert.pem',
++        :sslca     => 'spec/ssl/ca-cert.pem',
+         :sslcipher => 'DHE-RSA-AES256-SHA',
+         :sslverify => true,
+       }
+-- 
+2.38.1
+
diff --git a/rubygem-mysql2.spec b/rubygem-mysql2.spec
index 3192082..2e4ea6b 100644
--- a/rubygem-mysql2.spec
+++ b/rubygem-mysql2.spec
@@ -6,7 +6,7 @@
 
 Name: rubygem-%{gem_name}
 Version: 0.5.4
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: A simple, fast Mysql library for Ruby, binding to libmysql
 License: MIT
 URL: https://github.com/brianmario/mysql2
@@ -14,6 +14,9 @@ Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
 # git clone --no-checkout https://github.com/brianmario/mysql2.git
 # cd mysql2 && git archive -v -o mysql2-0.5.3-tests.txz 0.5.3 spec/
 Source1: %{gem_name}-%{version}-tests.txz
+# Use the SSL pem files in the upstream repositry for the SSL tests.
+# https://github.com/brianmario/mysql2/pull/1293
+Patch0: rubygem-mysql2-0.5.4-use-ssl-pem-files-in-repo.patch
 
 # Required in lib/mysql2.rb
 Requires: rubygem(bigdecimal)
@@ -50,6 +53,10 @@ Documentation for %{name}
 %prep
 %setup -q -n %{gem_name}-%{version} -b 1
 
+pushd %{_builddir}/spec
+%patch0 -p2
+popd
+
 %build
 gem build ../%{gem_name}-%{version}.gemspec
 %gem_install
@@ -75,6 +82,15 @@ pushd .%{gem_instdir}
 ln -s %{_builddir}/spec spec
 
 TOP_DIR=$(pwd)
+
+# See https://github.com/brianmario/mysql2/blob/master/ci/ssl.sh
+echo "
+[mysqld]
+ssl-ca=${TOP_DIR}/spec/ssl/ca-cert.pem
+ssl-cert=${TOP_DIR}/spec/ssl/server-cert.pem
+ssl-key=${TOP_DIR}/spec/ssl/server-key.pem
+" > ~/.my.cnf
+
 # Use testing port because the standard mysqld port 3306 is occupied.
 # Assign a random port to consider a case of multi builds in parallel in a host.
 # https://src.fedoraproject.org/rpms/rubygem-pg/pull-request/3
@@ -168,6 +184,10 @@ kill "$(cat "${MYSQL_TEST_PID_FILE}")"
 
 
 %changelog
+* Fri Dec 16 2022 Jun Aruga <jaruga@redhat.com> - 0.5.4-3
+- Fix the broken SSL tests with MariaDB 10.5.18.
+  Resolves: rhbz#2144488
+
 * Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.4-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild