fix openssl CRL error #406
Conversation
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
Stromweld
added
the
Expeditor: Bump Version Minor
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
mixlib-install.gemspec
Outdated
| # Ruby 3.0-3.2 bundled openssl needs update to 3.1.2+ | ||
| # Ruby 3.3 bundled openssl needs update to 3.2.2+ | ||
| # Ruby 3.4 bundled openssl needs update to 3.3.1+ | ||
| if RUBY_VERSION < "2.7.0" |
There was a problem hiding this comment.
Gemspecs don't work like this. They get interpreted and turned into JSON so this only really parses the deps based on the system where the gemspec is uploaded
There was a problem hiding this comment.
Indeed, these have to go into the Gemfile.
There was a problem hiding this comment.
OK I was running out the door when I wrote that as was being very dumb.
Gemfile of course also will not work.
After much discussion with @Stromweld I think the only way to continue to support old versions of ruby that Mac's still have, is to branch this per ruby era, and have different major-versions of mixlib-install per ruby era.
This will get simpler as Mac is the only real reason we have to support ancient Rubies, and they're going to be dropping Ruby altogether, and then as older versions of Mac get EOLd, which happens pretty frequently, we can stop caring.
So I'm thinking something like:
- keep 3.x as ruby < 2.7
- branch a 4.x for ruby >=2.7, < 3.3
- branch a 5.x for ruby >=3.3, < 3.4
- branch a 6.x for ruby >=3.4, < 4.0
- main becomes 7.x for 4.0+
So Order of operations here is something like:
- adapt Ci to move all stuff to GHA instead of BK
- branch and lock versions
- fix openssl on each branch
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
Stromweld
force-pushed
the
fix-openssl-CRL-error
branch
from
135ecae to
128e634
Compare
Signed-off-by: Stromweld <hemminger@hotmail.com>
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
Signed-off-by: Corey Hemminger <hemminger@hotmail.com>
|
Description
Bundled version of ruby has a known CRL check issue. latest releases of openssl gem have this fixed.
Also added GHA workflows and proper linting/unit/integration tests with supporting configuration files for the new jobs
Types of changes
Checklist:
Gemfile.lockhas changed, I have used--conservativeto do it and included the full output in the Description above.