From 3abe948f63fb21c322b24193fb660230f6975335 Mon Sep 17 00:00:00 2001 From: Jun Aruga Date: Wed, 10 Jun 2026 18:52:23 +0100 Subject: [PATCH] bundler: Test bundle config set --local ssl_ca_cert * Install bundler from junaruga/rubygems fork branch wip/bundler-fix-bundle-config-set-ssl_ca_cert in all CI jobs * Use bundle config set --local ssl_ca_cert instead of SSL_CERT_FILE * Workaround for https://github.com/ruby/rubygems/pull/9610 Assisted-by: Claude Code --- .github/workflows/bundler.yml | 27 +++++++++++++++++++++++++++ bundler/script/run_client.sh | 20 ++++++++++---------- 2 files changed, 37 insertions(+), 10 deletions(-) diff --git a/.github/workflows/bundler.yml b/.github/workflows/bundler.yml index 3a29402..37e6c42 100644 --- a/.github/workflows/bundler.yml +++ b/.github/workflows/bundler.yml @@ -31,6 +31,17 @@ jobs: - name: Setup run: ../rubygems/script/setup.sh + # Workaround to use `bundle config set ssl_ca_cert`. + # https://github.com/ruby/rubygems/pull/9610 + - &install-bundler-from-fork + name: Install bundler from fork + run: | + git clone -b wip/bundler-fix-bundle-config-set-ssl_ca_cert --depth 1 \ + https://github.com/junaruga/rubygems.git ~/git/junaruga/rubygems + cd ~/git/junaruga/rubygems/bundler + gem build bundler.gemspec + gem install bundler-*.gem --no-document + - name: Run HTTPS server and client run: | ../rubygems/script/run_https_server.rb & @@ -55,6 +66,8 @@ jobs: - name: Setup run: ../rubygems/script/setup.sh + - *install-bundler-from-fork + - &clone-rubygems-server name: Clone rubygems-server (workaround for ruby-head) if: matrix.ruby-version == 'head' @@ -86,6 +99,8 @@ jobs: - name: Setup run: ../rubygems/script/setup_nginx.sh + - *install-bundler-from-fork + - *clone-rubygems-server - name: Run HTTP server, Nginx TLS proxy, and client @@ -114,6 +129,8 @@ jobs: - name: Setup run: ../rubygems/script/setup.sh + - *install-bundler-from-fork + - name: Run PQC single HTTPS server and client run: | ../rubygems/script/run_https_server.rb -s & @@ -138,6 +155,8 @@ jobs: - name: Setup run: ../rubygems/script/setup.sh + - *install-bundler-from-fork + - *clone-rubygems-server - name: Run HTTP server, PQC single TLS proxy, and client @@ -166,6 +185,8 @@ jobs: - name: Setup run: ../rubygems/script/setup_nginx.sh + - *install-bundler-from-fork + - *clone-rubygems-server - name: Run HTTP server, PQC single Nginx TLS proxy, and client @@ -194,6 +215,8 @@ jobs: - name: Setup run: ../rubygems/script/setup.sh + - *install-bundler-from-fork + - name: Run PQC dual HTTPS server and client run: | ../rubygems/script/run_https_server.rb -d & @@ -218,6 +241,8 @@ jobs: - name: Setup run: ../rubygems/script/setup.sh + - *install-bundler-from-fork + - *clone-rubygems-server - name: Run HTTP server, PQC dual TLS proxy, and client @@ -246,6 +271,8 @@ jobs: - name: Setup run: ../rubygems/script/setup_nginx.sh + - *install-bundler-from-fork + - *clone-rubygems-server - name: Run HTTP server, PQC dual Nginx TLS proxy, and client diff --git a/bundler/script/run_client.sh b/bundler/script/run_client.sh index e72b362..809cf17 100755 --- a/bundler/script/run_client.sh +++ b/bundler/script/run_client.sh @@ -74,8 +74,8 @@ if [[ "${PQC_DUAL}" = true ]]; then "(equivalent to ctx.sigalgs = 'mldsa65') ===" # FIXME: The `bundle config set ssl_ca_cert` command doesn't work. # https://bundler.io/man/bundle-config.1.html - ssl_ca_cert - # bundle config set --local ssl_ca_cert "${SSL_DIR}/mldsa65-1.crt" - export SSL_CERT_FILE="${SSL_DIR}/mldsa65-1.crt" + bundle config set --local ssl_ca_cert "${SSL_DIR}/mldsa65-1.crt" + # export SSL_CERT_FILE="${SSL_DIR}/mldsa65-1.crt" export OPENSSL_CONF="${SSL_DIR}/mldsa65-client.cnf" bundle config set --local \ mirror.https://localhost:${PORT_HTTPS_NON_PQC} \ @@ -104,8 +104,8 @@ if [[ "${PQC_DUAL}" = true ]]; then "(equivalent to ctx.sigalgs = 'rsa_pss_rsae_sha256') ===" # FIXME: The `bundle config set ssl_ca_cert` command doesn't work. # https://bundler.io/man/bundle-config.1.html - ssl_ca_cert - # bundle config set --local ssl_ca_cert "${SSL_DIR}/rsa-1.crt" - export SSL_CERT_FILE="${SSL_DIR}/rsa-1.crt" + bundle config set --local ssl_ca_cert "${SSL_DIR}/rsa-1.crt" + # export SSL_CERT_FILE="${SSL_DIR}/rsa-1.crt" export OPENSSL_CONF="${SSL_DIR}/rsa-client.cnf" bundle config set --local \ mirror.https://localhost:${PORT_HTTPS_NON_PQC} \ @@ -127,8 +127,8 @@ elif [[ "${PQC_SINGLE}" = true ]]; then "to port ${PORT_HTTPS} ===" # FIXME: The `bundle config set ssl_ca_cert` command doesn't work. # https://bundler.io/man/bundle-config.1.html - ssl_ca_cert - # bundle config set --local ssl_ca_cert "${SSL_DIR}/mldsa65-1.crt" - export SSL_CERT_FILE="${SSL_DIR}/mldsa65-1.crt" + bundle config set --local ssl_ca_cert "${SSL_DIR}/mldsa65-1.crt" + # export SSL_CERT_FILE="${SSL_DIR}/mldsa65-1.crt" bundle config set --local \ mirror.https://localhost:${PORT_HTTPS_NON_PQC} \ https://localhost:${PORT_HTTPS} @@ -155,8 +155,8 @@ elif [[ "${PQC_SINGLE}" = true ]]; then "to port ${PORT_HTTPS_NON_PQC} ===" # FIXME: The `bundle config set ssl_ca_cert` command doesn't work. # https://bundler.io/man/bundle-config.1.html - ssl_ca_cert - # bundle config set --local ssl_ca_cert "${SSL_DIR}/rsa-1.crt" - export SSL_CERT_FILE="${SSL_DIR}/rsa-1.crt" + bundle config set --local ssl_ca_cert "${SSL_DIR}/rsa-1.crt" + # export SSL_CERT_FILE="${SSL_DIR}/rsa-1.crt" bundle config set --local path vendor/bundle bundle config list cp -p "${TOP_DIR}/client/Gemfile.1" Gemfile @@ -172,8 +172,8 @@ else # FIXME: The `bundle config set ssl_ca_cert` command doesn't work. # https://bundler.io/man/bundle-config.1.html - ssl_ca_cert - # bundle config set --local ssl_ca_cert "${SSL_DIR}/rsa-1.crt" - export SSL_CERT_FILE="${SSL_DIR}/rsa-1.crt" + bundle config set --local ssl_ca_cert "${SSL_DIR}/rsa-1.crt" + # export SSL_CERT_FILE="${SSL_DIR}/rsa-1.crt" bundle config set --local \ mirror.https://localhost:${PORT_HTTPS_NON_PQC} \ https://localhost:${PORT_HTTPS}