Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Created attachment 1897450[details]
Ruby failing tests output
Description of problem:
Hello from Rocky Linux!
I know there is a ruby-3.1 module coming out of C9S, so I don't know if the older ruby-3.0 line is maintained anymore, but:
Ruby appears to fail its test suite when built against the latest openssl. My results show that the tests succeed against openssl-3.0.1-5.el9, but fail against 3.0.1-20 and newer versions.
I'm completely out of my element with the Ruby codebase, but I suspect it has something to do with openssl's deprecation of certain aging algorithms.
I've attached the relevant chunk of my build's testing output here for review. This is against a current CentOS 9 Stream's buildroot with the latest openssl-3.0.1-37.
Version-Release number of selected component (if applicable):
ruby-3.0.3-159.el9
How reproducible:
Always
Steps to Reproduce:
1. mock -v -r ~/centos9-x86_64.cfg --resultdir ./ --isolation simple ../src/ruby-3.0.3-159.el9.src.rpm
Actual results:
See attached output - tests fail with OpenSSL related errors
Expected results:
Clean build + tests
Additional info:
Works when building against openssl-3.0.1-5.el9
Hi Skip from Rocky Linux!
> I know there is a ruby-3.1 module coming out of C9S, so I don't know if the older ruby-3.0 line is maintained anymore, but:
We maintain it! We are working on the PR below. You can watch it.
Rebase Ruby 3.0 to Ruby 3.0.4
https://gitlab.com/redhat/centos-stream/rpms/ruby/-/merge_requests/13
> Hello from Rocky Linux!
Hi right back!
As Jun said, we do maintain Ruby 3.0.
Long story short: SHA1 is disabled and builds before probably didn't have that, so now they're failing because the ruby OpenSSL test suite uses SHA1 on quite a few places.
Longer explanation:
I guess that the system-wide crypto policy got tightened since the last Ruby 3.0 build we did.
There is already rebase in progress (however, no set date for release as of yet). Basically, most of the OpenSSL-related patches are from the Ruby 3.1 branch, as the errors mostly share a common root issue in both Ruby versions: SHA1 usage in tests (note that SHA1 has been disabled by default for security reasons in RHEL 9).
As noted, the Rebase PR: https://gitlab.com/redhat/centos-stream/rpms/ruby/-/merge_requests/13
It is still WIP, as I want to validate the included work and that I did not forget anything :).
Note that I disabled a bunch of security policy RubyGems tests: https://gitlab.com/redhat/centos-stream/rpms/ruby/-/merge_requests/13/diffs?commit_id=534e18ed59e97428cc3e93ad81438c9f04036755#dc88304e542a25a95fd9f3eca725bd42172c77d5_983_993
I didn't have cycles yet to dig deeper into what causes the failures of the disabled RubyGems tests or what fixes them (apart from setting system-wide crypto settings to LEGACY, which is more of a workaround). My current theory is that somewhere in the testing certificates, SHA1 or other disabled digest is used, which makes the tests fail with a somewhat cryptic message: "certificate /CN=nobody/DC=example was not issued by /CN=nobody/DC=example", which seems weird, considering that with the LEGACY crypto setting this kind of test passes.
I'll assign this to myself for the time being, as this is part of the Ruby 3.0.4 Rebase.
Created attachment 1897450 [details] Ruby failing tests output Description of problem: Hello from Rocky Linux! I know there is a ruby-3.1 module coming out of C9S, so I don't know if the older ruby-3.0 line is maintained anymore, but: Ruby appears to fail its test suite when built against the latest openssl. My results show that the tests succeed against openssl-3.0.1-5.el9, but fail against 3.0.1-20 and newer versions. I'm completely out of my element with the Ruby codebase, but I suspect it has something to do with openssl's deprecation of certain aging algorithms. I've attached the relevant chunk of my build's testing output here for review. This is against a current CentOS 9 Stream's buildroot with the latest openssl-3.0.1-37. Version-Release number of selected component (if applicable): ruby-3.0.3-159.el9 How reproducible: Always Steps to Reproduce: 1. mock -v -r ~/centos9-x86_64.cfg --resultdir ./ --isolation simple ../src/ruby-3.0.3-159.el9.src.rpm Actual results: See attached output - tests fail with OpenSSL related errors Expected results: Clean build + tests Additional info: Works when building against openssl-3.0.1-5.el9