ruby-net-smtp-0.3.3 fails to build

  • Done
  • quality assurance status badge
Details
4 participants
  • Christopher Baines
  • Tobias Geerinckx-Rice
  • Javier Olaechea
  • Tomás Ortín
Owner
unassigned
Submitted by
Tomás Ortín
Severity
normal

Debbugs page

Tomás Ortín wrote 6 months ago
(address . bug-guix@gnu.org)
ddea93e4-8caf-7461-8d7c-57e505d163ef@mailbox.org
`ruby-net-smtp` fails to build during the `check` phase, apparently due
to an expired certificate. The certificate seems to be bundled with the
package, so I suppose this means the package needs to be updated.

```
Error: test_enable_starttls(Net::TestSSLContext):
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0
peeraddr=empty-path-AF_UNIX-sockaddr state=error: certificate verify
failed (certificate has expired)
```
Tobias Geerinckx-Rice wrote 6 months ago
AA11D6B6-689C-4D6E-8577-FA4442F985F2@tobias.gr
Hi Tomás,

Unfortunately, updating the package to a version with a renewed certificate is not a solution. It merely resets the same 'time bomb' to explode later down the road. It's bad enough that nobody will be able to build a tested ruby-net-smtp@0.3.3 again, at least until Linux can virtualise a wall clock.

Fortunately, it appears that upstream has since added the exact commands needed to regenerate the certificates: https://github.com/ruby/net-smtp/blob/master/test/net/fixtures/Makefile. We can generate new ones at build time.

I only wonder whether openssl would stall on build machines with insufficient entropy available, or whether that's not an issue.

Kind regards,

T G-R

Sent on the go. Excuse or enjoy my brevity.
Javier Olaechea wrote 6 months ago
[PATCH] gnu: ruby-net-smtp: Fix tests
(address . 73155@debbugs.gnu.org)
CAFVS=zB=veeV35O5nA3vn2b-FMzQ23Amb9_TZxo093MByJq-oQ@mail.gmail.com
Attached is a patch to fix the build by regenerating the certificates. Note
that a Makefile to update the certificates was introduced in the version
that updated the certificates. In those versions we can simplify the
before-check hook to be:

(with-directory "test/net/fixtures"
(invoke "make" "regen_certificates"))

Another question, we are packaging a ~2 year old version. When updating the
version, should we drop the before-check lambda? Or should we keep it in
case someone wants to build ruby-net-smtp in the year 2034?

Cheers
--
"I object to doing things that computers can do." — Olin Shivers
Attachment: file
From 1df4a966abce35fc8841843e45c942682dc153f5 Mon Sep 17 00:00:00 2001
Message-ID: <1df4a966abce35fc8841843e45c942682dc153f5.1726007239.git.pirata@gmail.com>
From: Javier Olaechea <pirata@gmail.com>
Date: Tue, 10 Sep 2024 17:10:09 -0500
Subject: [PATCH] gnu: ruby-net-smtp: Fix tests

* gnu/packages/ruby.scm (ruby-net-smpt): Fix check phase.

The tests where failing due to the SSL certificate being used
expired. Regenerate the certificate running the check phase.

Change-Id: I8bd72f2e929f496996f6fd88b13a4d95837273da
---
gnu/packages/ruby.scm | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)

Toggle diff (42 lines)
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 5af1bb1cef..c401a8eab3 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -102,6 +102,7 @@ (define-module (gnu packages ruby)
#:use-module (guix modules)
#:use-module (guix utils)
#:use-module (guix build-system gnu)
+ #:use-module ((guix build utils) #:select (with-directory-excursion))
#:use-module (gnu packages xml)
#:use-module (gnu packages web)
#:use-module (guix build-system ruby)
@@ -4722,6 +4723,25 @@ (define-public ruby-net-smtp
(base32
"0ca2wh45xvc09rv6v6sz3vbnkzrjzk5c4l6dk50zk4dwxvghma8r"))))
(build-system ruby-build-system)
+ (arguments
+ '(#:phases
+ (modify-phases %standard-phases
+ (add-before 'check 'regenerate-certificate
+ ;; On version 0.5.0 a Makefile was introduced to regenerated the
+ ;; certificates, and instead of calling openssl directory we could
+ ;; do (with-directory-excursion "test/net/fixtures" (invoke "make"
+ ;; "regen_certs"). However the certificate is expired versions before 0.5.0 as well.
+ (lambda _
+ (with-directory-excursion "test/net/fixtures"
+ (invoke "openssl" "req" "-new" "-key" "server.key" "-out" "server.csr" "-subj"
+ "/C=JP/ST=Shimane/O=Ruby Core Team/OU=Ruby Test/CN=localhost")
+ (invoke "openssl" "req" "-new" "-x509" "-days" "3650" "-key" "server.key" "-out" "cacert.pem" "-subj"
+ "/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=security@ruby-lang.org")
+ (invoke "openssl" "x509" "-days" "3650" "-CA" "cacert.pem" "-CAkey"
+ "server.key" "-set_serial" "00" "-in" "server.csr" "-req" "-out" "server.crt")
+ (invoke "rm" "server.csr"))
+)))))
+ (inputs (list openssl))
(propagated-inputs (list ruby-net-protocol))
(synopsis "Simple Mail Transfer Protocol client library for Ruby")
(description "This library provides functionality to send Internet mail

base-commit: 7f05b73d90f740c6a139f0e706b717d3174f6321
--
2.45.2
Javier Olaechea wrote 4 months ago
[PATCH v2] gnu: ruby-net-smtp: Fix tests
(address . 73155@debbugs.gnu.org)
CAFVS=zBruWXn7JiRrJAjFRtjs+Rp+LS_9aySAmNQ4Nx79RgU=Q@mail.gmail.com
Attached is a revised version of the patch following the feedback received
in the november Guix social meetup

--
"I object to doing things that computers can do." — Olin Shivers
Attachment: file
From 1fe2dff60511b2278c6230c12dd635d33de6cb07 Mon Sep 17 00:00:00 2001
Message-ID: <1fe2dff60511b2278c6230c12dd635d33de6cb07.1732303354.git.pirata@gmail.com>
From: Javier Olaechea <pirata@gmail.com>
Date: Tue, 10 Sep 2024 17:10:09 -0500
Subject: [PATCH v2] gnu: ruby-net-smtp: Fix tests

* gnu/packages/ruby.scm (ruby-net-smtp): Fix check phase.

The tests where failing due to the SSL certificate being used
expired. Regenerate the certificate running the check phase.

Change-Id: I8bd72f2e929f496996f6fd88b13a4d95837273da
---
gnu/packages/ruby.scm | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)

Toggle diff (42 lines)
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 12c439b3a9..bd1aa11f7d 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -4730,6 +4730,33 @@ (define-public ruby-net-smtp
(base32
"0ca2wh45xvc09rv6v6sz3vbnkzrjzk5c4l6dk50zk4dwxvghma8r"))))
(build-system ruby-build-system)
+ (arguments
+ (list
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-before 'check 'regenerate-certificate
+ ;; On version 0.5.0 a Makefile was introduced to regenerated
+ ;; the certificates, and instead of calling openssl directory
+ ;; we could do (with-directory-excursion "test/net/fixtures"
+ ;; (invoke "make" "regen_certs"). However the certificate is
+ ;; expired versions before 0.5.0 as well.
+ (lambda _
+ (with-directory-excursion "test/net/fixtures"
+ (invoke
+ "openssl" "req" "-new" "-key" "server.key" "-out"
+ "server.csr" "-subj"
+ "/C=JP/ST=Shimane/O=Ruby Core Team/OU=Ruby Test/CN=localhost")
+ (invoke "openssl" "req" "-new" "-x509" "-days" "3650"
+ "-key" "server.key" "-out" "cacert.pem" "-subj"
+ (string-append
+ "/C=JP/ST=Shimane/L=Matz-e city/O=Ruby "
+ "Core Team/CN=Ruby"
+ " Test "
+ "CA/emailAddress=security@ruby-lang.org"))
+ (invoke "openssl" "x509" "-days" "3650" "-CA" "cacert.pem"
+ "-CAkey" "server.key" "-set_serial" "00" "-in"
+ "server.csr" "-req" "-out" "server.crt")))))))
+ (native-inputs (list openssl))
(propagated-inputs (list ruby-net-protocol))
(synopsis "Simple Mail Transfer Protocol client library for Ruby")
(description "This library provides functionality to send Internet mail

base-commit: 043f02462766a913080723ad286028a288b79373
--
2.46.0
Christopher Baines wrote 4 months ago
(name . Javier Olaechea)(address . pirata@gmail.com)(address . 73155-done@debbugs.gnu.org)
8734jjdj4h.fsf@cbaines.net
Javier Olaechea <pirata@gmail.com> writes:

Toggle quote (2 lines)
> Attached is a revised version of the patch following the feedback received in the november Guix social meetup

Thanks, I've pushed this to master as
eabdad1ad5144487a1606fb35afa11c1bb6dc720.

Chris
-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmdA/u5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9XfaPg/+L4jeBuaS+PG8IdljD3HUZk82bqyCwkIP
OJR6tf3J2DNow0+tiN37E1trbSm/Msuv8j2k/KVdsj8zqI7omhcw3HrTJZCIK4yD
zqv+aQwpmsKnAgnwadaUmNtR/Ernc56fzdPvCK45rFcN8Ed1HOGLOM9USO/Gqjga
paI0riKR5J5D7l8GRiHOB4pKxQ4F4+BwRERsvsC9h2K3ORnTifbqAw2yDb85ZKg9
Jh0PHXZNKXqAjXOZqTSnN9JgCkk4wchPUn83vYxY/AJdjhlIxDvsDbXso1e6mOsW
BySeFr0gjFRDHCwqH/cFL8mD7rHYV0XmS7u+Vei2XUvHlKFE8UkbbYd7yCfCRnuT
7xM8oAG2dtb2VJwuHQEUc1GvT1bLEE0joodedvf4JJDoxMyAvzt4jVqmlxIl6rEb
obMe1acN4QwFp2ZjUToUghmUKAJLQd176NqH3VwzLuYVKkAQVADY82PNRNwRlCX0
/KEe3GLg7XmaM058tqPCIYCqq/bkUCuwBpeSDTh7oBCfVV1ZW048x5YC81Z4GIdC
rEV8oYu8yqtLeGIR5Njy2yTJQMj7KEEqMR7Df800sjEcFWFmlraobWEA3tOH74ba
Z9gLD4fiPoWVv4PDN9s5c0Zo8yLk28p1LcnKjounDLGLON8G+jJdxM3Dc+WFN7QF
Tkdnb7eqWbM=
=QlXe
-----END PGP SIGNATURE-----

Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 73155@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 73155
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help