From c33b1cff596b301b49c76f4307ab87390c681f30 Mon Sep 17 00:00:00 2001 From: Jun Aruga Date: Dec 23 2022 17:25:12 +0000 Subject: Fix the broken SSL tests with MariaDB 10.5.18. This commit fixes the broken SSL tests below. The rubygem-mysql2 build started to fail with the error below by the `mysql` that can't connect to the MariaDB server, when a dependency mariadb was upgraded from the version 3:10.5.16-3.fc37 to 3:10.5.18-1.fc38. https://koschei.fedoraproject.org/build/14086115 build.log ~~~ + /usr/libexec/mysqld --datadir=/builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.5.4/data --log-error=/builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.5.4/mysql.log --socket=/builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.5.4/mysql.sock --pid-file=/builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.5.4/mysql.pid --port=13471 --ssl ++ seq 10 + for i in $(seq 10) + sleep 1 2022-11-17 11:20:48 0 [Note] /usr/libexec/mysqld (mysqld 10.5.18-MariaDB) starting as process 1297 ... + grep -q 'ready for connections.' /builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.5.4/mysql.log + echo 'Waiting connections... 1' ... + echo 'Waiting connections... 10' Waiting connections... 10 + mysql -u mockbuild -e 'ALTER USER '\''root'\''@'\''localhost'\'' IDENTIFIED VIA mysql_native_password USING PASSWORD('\'''\'')' -S /builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.5.4/mysql.sock -P 13471 ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/builddir/build/BUILD/mysql2-0.5.4/usr/share/gems/gems/mysql2-0.' (2) ~~~ After Michal Schorm 's investigation (thanks!), we found the error comes from the not appropriate SSL configurations. It was reported that in Fedora, the MariaDB 10.5.16 used downstream OpenSSL 3 patch, and the MariaDB 10.5.18 started to use upstream OpenSSL 3 patch. And there are some differences between these two patch files. And the difference triggered this issue. See also . I also applied a patch to use the SSL pem files in the spec directory directly to run the SSL tests. Because we can't set up the files in the `/etc/mysql`. See also . I also regenerated the SSL certification files from the localhost. It requires openssl as a build dependency. This is a temporary workaround. It is expected that the certification files are managed in the upstream repository. See also . Resolves: rhbz#2144488 --- diff --git a/rubygem-mysql2-0.5.4-use-ssl-pem-files-in-repo.patch b/rubygem-mysql2-0.5.4-use-ssl-pem-files-in-repo.patch new file mode 100644 index 0000000..f0c0084 --- /dev/null +++ b/rubygem-mysql2-0.5.4-use-ssl-pem-files-in-repo.patch @@ -0,0 +1,29 @@ +From 06512d47dc1491bf5686b2bd89a8555de9f2acc9 Mon Sep 17 00:00:00 2001 +From: Jun Aruga +Date: Thu, 22 Dec 2022 16:14:39 +0100 +Subject: [PATCH] Use the SSL pem files in the Git repository. + +--- + spec/mysql2/client_spec.rb | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/spec/mysql2/client_spec.rb b/spec/mysql2/client_spec.rb +index 5861882..3f5cda8 100644 +--- a/spec/mysql2/client_spec.rb ++++ b/spec/mysql2/client_spec.rb +@@ -153,9 +153,9 @@ RSpec.describe Mysql2::Client do # rubocop:disable Metrics/BlockLength + let(:option_overrides) do + { + 'host' => 'mysql2gem.example.com', # must match the certificates +- :sslkey => '/etc/mysql/client-key.pem', +- :sslcert => '/etc/mysql/client-cert.pem', +- :sslca => '/etc/mysql/ca-cert.pem', ++ :sslkey => 'spec/ssl/client-key.pem', ++ :sslcert => 'spec/ssl/client-cert.pem', ++ :sslca => 'spec/ssl/ca-cert.pem', + :sslcipher => 'DHE-RSA-AES256-SHA', + :sslverify => true, + } +-- +2.38.1 + diff --git a/rubygem-mysql2.spec b/rubygem-mysql2.spec index 3192082..ae6b3ab 100644 --- a/rubygem-mysql2.spec +++ b/rubygem-mysql2.spec @@ -6,7 +6,7 @@ Name: rubygem-%{gem_name} Version: 0.5.4 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A simple, fast Mysql library for Ruby, binding to libmysql License: MIT URL: https://github.com/brianmario/mysql2 @@ -14,6 +14,9 @@ Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem # git clone --no-checkout https://github.com/brianmario/mysql2.git # cd mysql2 && git archive -v -o mysql2-0.5.3-tests.txz 0.5.3 spec/ Source1: %{gem_name}-%{version}-tests.txz +# Use the SSL pem files in the upstream repositry for the SSL tests. +# https://github.com/brianmario/mysql2/pull/1293 +Patch0: rubygem-mysql2-0.5.4-use-ssl-pem-files-in-repo.patch # Required in lib/mysql2.rb Requires: rubygem(bigdecimal) @@ -30,6 +33,8 @@ BuildRequires: %{_bindir}/hostname BuildRequires: rubygem(bigdecimal) # Used in spec/em/em_spec.rb BuildRequires: rubygem(eventmachine) +# Used in spec/ssl/gen_certs.sh +BuildRequires: %{_bindir}/openssl %endif %description @@ -50,6 +55,10 @@ Documentation for %{name} %prep %setup -q -n %{gem_name}-%{version} -b 1 +pushd %{_builddir}/spec +%patch0 -p2 +popd + %build gem build ../%{gem_name}-%{version}.gemspec %gem_install @@ -75,6 +84,24 @@ pushd .%{gem_instdir} ln -s %{_builddir}/spec spec TOP_DIR=$(pwd) + +# Regenerate the SSL certification files from the localhost, as we cannot set +# the host mysql2gem.example.com required for the SSL tests. +# https://github.com/brianmario/mysql2/pull/1296 +sed -i '/host/ s/mysql2gem\.example\.com/localhost/' spec/mysql2/client_spec.rb +sed -i '/commonName_default/ s/mysql2gem\.example\.com/localhost/' spec/ssl/gen_certs.sh +pushd spec/ssl +bash gen_certs.sh +popd + +# See https://github.com/brianmario/mysql2/blob/master/ci/ssl.sh +echo " +[mysqld] +ssl-ca=${TOP_DIR}/spec/ssl/ca-cert.pem +ssl-cert=${TOP_DIR}/spec/ssl/server-cert.pem +ssl-key=${TOP_DIR}/spec/ssl/server-key.pem +" > ~/.my.cnf + # Use testing port because the standard mysqld port 3306 is occupied. # Assign a random port to consider a case of multi builds in parallel in a host. # https://src.fedoraproject.org/rpms/rubygem-pg/pull-request/3 @@ -168,6 +195,10 @@ kill "$(cat "${MYSQL_TEST_PID_FILE}")" %changelog +* Fri Dec 16 2022 Jun Aruga - 0.5.4-3 +- Fix the broken SSL tests with MariaDB 10.5.18. + Resolves: rhbz#2144488 + * Sat Jul 23 2022 Fedora Release Engineering - 0.5.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild