bug#73155: ruby-net-smtp-0.3.3 fails to build

bug#73155: ruby-net-smtp-0.3.3 fails to build

[Tomás Ortín via Bug reports for GNU Guix]

`ruby-net-smtp` fails to build during the `check` phase, apparently due 
to an expired certificate. The certificate seems to be bundled with the 
package, so I suppose this means the package needs to be updated.

```
Error: test_enable_starttls(Net::TestSSLContext): 
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 
peeraddr=empty-path-AF_UNIX-sockaddr state=error: certificate verify 
failed (certificate has expired)
```

bug#73155: ruby-net-smtp-0.3.3 fails to build

[Tobias Geerinckx-Rice via Bug reports for GNU Guix]

Hi Tomás,

Unfortunately, updating the package to a version with a renewed certificate is not a solution.  It merely resets the same 'time bomb' to explode later down the road.  It's bad enough that nobody will be able to build a tested ruby-net-smtp@0.3.3 again, at least until Linux can virtualise a wall clock.

Fortunately, it appears that upstream has since added the exact commands needed to regenerate the certificates: <https://github.com/ruby/net-smtp/blob/master/test/net/fixtures/Makefile>.  We can generate new ones at build time.

I only wonder whether openssl would stall on build machines with insufficient entropy available, or whether that's not an issue.

Kind regards,

T G-R

Sent on the go.  Excuse or enjoy my brevity.

bug#73155: [PATCH] gnu: ruby-net-smtp: Fix tests

[Javier Olaechea]

[-- Attachment #1.1: Type: text/plain, Size: 624 bytes --]

Attached is a patch to fix the build by regenerating the certificates. Note
that a Makefile to update the certificates was introduced in the version
that updated the certificates. In those versions we can simplify the
before-check hook to be:

(with-directory "test/net/fixtures"
  (invoke "make" "regen_certificates"))

Another question, we are packaging a ~2 year old version. When updating the
version, should we drop the before-check lambda? Or should we keep it in
case someone wants to build ruby-net-smtp in the year 2034?

Cheers
-- 
"I object to doing things that computers can do." — Olin Shivers

[-- Attachment #1.2: Type: text/html, Size: 923 bytes --]

[-- Attachment #2: 0001-gnu-ruby-net-smtp-Fix-tests.patch --]
[-- Type: text/x-patch, Size: 2789 bytes --]

From 1df4a966abce35fc8841843e45c942682dc153f5 Mon Sep 17 00:00:00 2001
Message-ID: <1df4a966abce35fc8841843e45c942682dc153f5.1726007239.git.pirata@gmail.com>
From: Javier Olaechea <pirata@gmail.com>
Date: Tue, 10 Sep 2024 17:10:09 -0500
Subject: [PATCH] gnu: ruby-net-smtp: Fix tests

* gnu/packages/ruby.scm (ruby-net-smpt): Fix check phase.

The tests where failing due to the SSL certificate being used
expired. Regenerate the certificate running the check phase.

Change-Id: I8bd72f2e929f496996f6fd88b13a4d95837273da
---
 gnu/packages/ruby.scm | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 5af1bb1cef..c401a8eab3 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -102,6 +102,7 @@ (define-module (gnu packages ruby)
   #:use-module (guix modules)
   #:use-module (guix utils)
   #:use-module (guix build-system gnu)
+  #:use-module ((guix build utils) #:select (with-directory-excursion))
   #:use-module (gnu packages xml)
   #:use-module (gnu packages web)
   #:use-module (guix build-system ruby)
@@ -4722,6 +4723,25 @@ (define-public ruby-net-smtp
                (base32
                 "0ca2wh45xvc09rv6v6sz3vbnkzrjzk5c4l6dk50zk4dwxvghma8r"))))
     (build-system ruby-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-before 'check 'regenerate-certificate
+           ;; On version 0.5.0 a Makefile was introduced to regenerated the
+           ;; certificates, and instead of calling openssl directory we could
+           ;; do (with-directory-excursion "test/net/fixtures" (invoke "make"
+           ;; "regen_certs"). However the certificate is expired versions before 0.5.0 as well.
+           (lambda _
+             (with-directory-excursion "test/net/fixtures"
+               (invoke "openssl" "req" "-new" "-key" "server.key" "-out" "server.csr" "-subj"
+                       "/C=JP/ST=Shimane/O=Ruby Core Team/OU=Ruby Test/CN=localhost")
+               (invoke "openssl" "req" "-new" "-x509" "-days" "3650" "-key" "server.key" "-out" "cacert.pem" "-subj"
+                       "/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=security@ruby-lang.org")
+               (invoke "openssl" "x509" "-days" "3650" "-CA" "cacert.pem" "-CAkey"
+                       "server.key" "-set_serial" "00" "-in" "server.csr" "-req" "-out" "server.crt")
+               (invoke "rm" "server.csr"))
+)))))
+    (inputs (list openssl))
     (propagated-inputs (list ruby-net-protocol))
     (synopsis "Simple Mail Transfer Protocol client library for Ruby")
     (description "This library provides functionality to send Internet mail

base-commit: 7f05b73d90f740c6a139f0e706b717d3174f6321
-- 
2.45.2